jet creation failure
I am having difficulty getting through the Jet / Create action. The error reported is:
Problems encountered during plan run or preflight
The plan (or preflight) "/com/sun/n1osp/untyped/Jet-create" finished with 1 failed host(s). (017034)
The execNative step failed because the exit status "1" of the command did not match "0" for the command "/opt/SUNWn1sps/N1_Service_Provisioning_System_5.2/cli/bin/cr_cli -cmd fdb.f.lo -ID NM:/com/sun/n1osp/autogen-osprovisioner-jet/provision -s *****". (017068)
Is there one or many potential causes for this? Is there any way to get more error info?
Pete.
I apologize if this response is too remedial, but you can always check the stderr output of the command to see if more information is forthcoming. Go to the Run History link, find your plan, click on "Results" and "deployment". Find the step that failed, and drill down by clicking on details until you can view the stderr output.
Yes, it is remedial, shame to me :-) (I had stumbled across that while waiting for responses). Apparently my SSH is not set up right :
2006-12-15 17:19:51,015 ERROR [main] com.raplix.rolloutexpress.net.command.DatagramOutputStream (DatagramOutputStream.java:157) - Error sending data
Error writing the handshake string to the newly established connection. (022181)
Connection handshake failed, invalid handshake string. Ensure that the path to the N1 Service Provisioning System application is correct, the application is configured to accept ssh connections and that you can ssh to the machine without any prompts. |[Host key verification failed.](022138)
I am trying to get by with two physical hosts. One has the master on it (sps), and the other (osprovisioner) has the ra, and the virtual OSP host, and I am trying to create the JET on it as well.
From sps -> osprovsioner, I can ssh -A -t <ip> <command> and things work fine. When I go in the opposite direction (osprovisioner -> sps) I get prompted for a password.. Should this work?
The below is still somewhat of a mystery to me (the private key for the cli is added (ssh-add) from secure media into the master yet, ssh-agent is run on the JET !?!?:
Howto Configure SSH for the CLI ClientWith the
ssh-agent
Complete this task if you want to use SSH connectivity for the CLI Client with the ssh-agent.
Create a new operating system user account on the Master Server and the machine on which the CLI
Client is installed.
This account should be different from the account that you specified during the installation of the
Master Server, Local Distributor, or Remote Agent.
Log in to the Master Server as the new user that you created in the previous step.
Generate public and private keys for the new user by following the instructions in 揌ow to Generate
Key Pairs?on page 75.
Do not reuse the keys that you generated for communication between the Master Server, Local
Distributors, and Remote Agents.
On the Master Server, copy the private key file to a secure media.
% cp /User-home/.ssh/id_rsa path-to-file/.ssh/id_rsa
User-home is the home directory of the currently logged in user on the Master Server machine.
path-to-file/ is the path to the secure media where you want to save the private key file.
Delete the private key file from the local file system.
% rm /User-home/.ssh/id_rsa
On the Master Server, concatenate the public key to the /.ssh/authorized_keys2 file for that user.
% cat /User-home/.ssh/id_rsa.pub >> /HOME-MS/.ssh/authorized_keys2
User-home is the home directory on the Master Server machine.
5
6
7
8
1
2
3
4
5
6
Configuring SSH for the Applications
Sun N1 Service Provisioning System 5.2 Installation Guide 82 ?April 2006
Log in to the CLI Client machine as the new user that you created.
Start the ssh-agent.
% ssh-agent > /User-home/.ssh/agent_vars
User-home is the home directory of the currently logged in user on the CLI Client machine.
Add the following line to the .profile, the .cshrc, or the.bash_profile file.
. /User-home/.ssh/agent_vars
User-home is the home directory on the CLI Client machine.
Log out of the Master Server and log back in.
Upload the private key that you generated.
% ssh-add path-to-file/
> 2006-12-15 17:19:51,015 ERROR [main]
> com.raplix.rolloutexpress.net.command.DatagramOutputSt
> ream (DatagramOutputStream.java:157) - Error sending
> data
> Error writing the handshake string to the newly
> established connection. (022181)
> Connection handshake failed, invalid handshake
> string. Ensure that the path to the N1 Service
> Provisioning System application is correct, the
> application is configured to accept ssh connections
> and that you can ssh to the machine without any
> prompts. |[Host key verification failed.](022138)
There's more than one way this error can occur. Let me look into it a little bit and see if I can come up with something useful for you to check.
> I am trying to get by with two physical hosts. One
> has the master on it (sps), and the other
> (osprovisioner) has the ra, and the virtual OSP host,
> and I am trying to create the JET on it as well.
>
> From sps -> osprovsioner, I can ssh -A -t <ip>
> <command> and things work fine. When I go in the
> opposite direction (osprovisioner -> sps) I get
> prompted for a password.. Should this work?
I don't think this is necessary (being able to ssh from osprovisioner back to the MS host). Again, I will look into this in more detail and get back to you.
> The below is still somewhat of a mystery to me (the
> private key for the cli is added (ssh-add) from
> secure media into the master yet, ssh-agent is run on
> the JET !?!?:
Can you provide a specific list of actions you took for me to reproduce? That is, from an MS (what version?) you loaded such-and-such plugin, installed the CLI with ssh, etc. I'll try to figure out what you ened to do to get it going.
Let me just add some pointers. The way the OSP works is that it retargets to where the CLI is installed. So if the CLI is configured to run with SSH, then you need to be able to run the CLI and root from that machine and not the n1sps user. This is a bit poorly mentioned in the manuals, so I just hope this also helps a bit.
<P>
Cheers,
Peter
According to the docs, installing the CLI as root, but still specifiying some user account to own the install will give CLI root rights when it is executed on the machine it is install on. It appears from the logs that I am seeing a failure of the SSH negotiation, and not a "not root" rights issue.
What talks to what in the provisioning of JET? The SSH negotiation failure I am seeing above, is this from the OSP to JET? (which are the same physical host).From MS to JET appears to be working since I see that a SUNWjet directory now exists.
I think I can get my hands on another machine, do you think it would be easier to setup a separate machine for JET?
Pete
Hmm. I am just trying to run "cr_cli -cmd hdb.h.la" from the MS and I am getting the same error:
Error sending data:Error writing the handshake string to the newly established connection. (022181)
Connection handshake failed, invalid handshake string. Ensure that the path to the N1 Service Provisioning System application is correct, the application is configured to accept ssh connections and that you can ssh to the machine without any prompts.
Pete.
Still seems that SSH with CLI is not correctly configured as both N1SPS user but also root! The OSP plugin uses CLI as root user.
I would uninstall the CR_CLI and then re-install it again and just make sure to answer all the questions correctly. Also verify the configuration files for the cli that all the path's are correct.
Kind regards,
Peter
... What is up with this?:
bash-3.00# more N1SPSUninstaller.log.866
N1 SPS CLI Client Uninstaller Log.
Uninstall started on Tue Dec 19 16:16:01 GMT-5 2006
Attempting to remove: SUNWspscl SUNWspsc1
Removal of <SUNWspscl> was successful.
WARNING:
The <SUNWspsms> package depends on the package
currently being removed.
WARNING:
The <SUNWspsosp> package depends on the package
currently being removed.
Removal of <SUNWspsc1> was suspended (administration).
No changes were made to the system.
One says SUNWspsc1 and the other SUNWspscl ? What is spsc1 (number one not letter "L")
Pete.
Reinstalled, still have problem.
Here are the config files....
in config.properties at /opt/SUNWn1sps/N1_Service_Provisioning_System_5.2/server/config/proxy/config
# Information used to contact Master Server
net.client.nconn=1
net.client.type.1=raw
net.client.ip.1=127.0.0.1
net.client.port.1=1130
net.client.parms.1=none
net.ssl.trust.store.path=/should/not/exist
net.ssl.private.store.path=/should/not/exist
in config.properties at /opt/SUNWn1sps/N1_Service_Provisioning_System_5.2/cli/config
# N1 Service Provisioning System 5.2
# Command Line User Interface Properties File
#
net.client.nconn=1
net.client.type.1=ssh
net.client.ip.1=10.0.2.2
net.client.port.1=80001
net.client.parms.1=appType=proxy,cprefix=/opt/SUNWn1sps/N1_Service_Provisioning _System_5.2/server,appargs=-Drox_config_dir=/opt/SUNWn1sps/N1_Service_Provisioni ng_System_5.2/server/config/proxy/config
# Ssh options
# net.ssh.args=-o|BatchMode yes
# Java options for SPS proxy invoked via ssh
# net.ssh.java.args=-Xmx128m
ok, I think I have gotten further.
I changed my config.properites for cli (not the proxy one) for the IP address of the master. It was just set to the hostname. I changed it to 10.0.2.2.
I also tried to 'ssh 10.0.2.2 hostname' and it prompted to trust the host. I entered yes to trust it, and then ran it again to make sure no prompt. No prompt.
I then ran :cr_cli -cmd hdb.h.la and obtained a different error:
Interface is unavailable "com.raplix.rolloutexpress.systemmodel.userdb.SessionManager": Error with request - response layer when sending request / receiving response. (022059)
Error delivering datagram, details=Error Details:Error establishing connection to 127.0.0.1:1130. (022142)
Connection refusedConnection refused:Transport Failure@10.0.2.2:80001. (022001).
Ensure that the server is properly configured. (024006)
Does this mean I need to change the config of the server or server proxy away from raw to SSH?
Pete
Hi,
The install guide has a section on troubleshooting ssh connections. It should help resolve the connectivity issues that you are facing.
http://docs.sun.com/app/docs/doc/819-4445/6n6jk8vf1?a=view
I'd try the following command from the CLI machine to ensure that the ssh authentication is working
>ssh 10.0.2.2 date
If this command prompts you to accept keys etc. answer yes.
The key thing to ensure that ssh connectivity is setup correctly is to verify that you can make an ssh connection without any user interaction. For example by ensuring that the following command runs without any user interaction from the CLI machine
>ssh -o 'BatchMode yes' 10.0.2.2 date
If it doesn't then I'd recommend looking the ssh setup instructions in install guide to get ssh correctly setup.
http://docs.sun.com/app/docs/doc/819-4445/6n6jk8vct?a=view
-Aj
Thanks aj, I think my post snuck in just before yours. SSH is now behaving for me, but CLI is still fighting me. I am just trying to get CLI on the MS to talk with itself.Pete.
From the error message
> Error delivering datagram, details=Error Details:Error establishing connection to 127.0.0.1:1130. (022142)
>
> Connection refusedConnection refused:Transport Failure@10.0.2.2:80001. (022001).
> Ensure that the server is properly configured. (024006)
My best guess is that the proxy process on the MS was unable to connect to the MS at IP address 127.0.0.1 port 1130.
Are you able to verify if the MS is up and running and is listening at the interface 127.0.0.1:1130 through netstat -an
Aj
Can you do ssh localhost without a password, i.e. have copied the .ssh/id_rsa.pub to authorized_keys?<P>Rgds,Peter
Yikes, they are not listening. I forgot to start it up :-)Ok, started up... and 1130 is there but 80001 is not:
bash-3.00$ cr_server start
*** Starting database
*** Starting cr_server
bash-3.00$ netstat -an | grep 1130
127.0.0.1.1130 *.*00 491520 LISTEN
bash-3.00$ netstat -an | grep 80001
bash-3.00$
try it anyway again.....
Huh! this is new:
bash-3.00$ cr_cli -cmd hdb.h.la
This command requires a login/password or a session id. (029005)
The port 80001 is a high port used internally within the SSH communication. So only 1130 will be listening :) <P>Rgds,Peter
Pete, yes. But the address you use must be the same I found out as what is in the config.properties file (i.e - I connected as both my hostname and ip just to be sure, since you can accept to trust the key for say myhost, but then ssh as 10.0.2.2, and it will prompt also.)
So should things be working now? Why did it as for a session id or name/password instead of returning the hosts list?Pete.
Please do: cr_cli -cmd hdb.h.la -hThis get's the help page, and you always need to authenticate yourself for all commands issued.
Thanks Pete and everyone for hanging with me !!! (more Dukes coming...) Dukes for everyone !!! :-)
The hosts: HostArray
Formatters:
string raw *detail* sink serialized
bash-3.00$ cr_cli -cmd hdb.h.la -u xxxxxx -p xxxxx
||--|
|ID|Name|
||--|
|010010001024-0000000000000-00001-0000000005 |masterserver|
|137051083099-1165924589136-00376-1504337208 |osprovisioner|
|137051083099-1166033213201-00790-1953291407 |osprovisioner-osprovisioner|
||--|
Respondies, I have submitted a question to the Duke dollars folks to determine how to post more Dukes to each individual for the help in these topics. Don't be shy, if you know how to do this, informing me even if it is too remedial is fine with me, I don't care, thanks very much for every little bit of help.
pz
i got this or similar problem.
not using ssh. raw connection.
logging below
turns out, my config.properties had my master server hostname set correctly
# address of the master server application instance
hostdb.ms.ipaddress=MASTERHOSTNAME
but...the /etc/hosts had MASTERHOSTNAME adjacent to 127.0.0.1
so when you start up master server -- its bound to 127.0.0.1 and any external CLI cannot connect -because its only listening to the loopback.
to fix this, i fixed /etc/hosts with my host IP address next to MASTERHOSTNAME
then when sps master starts up - its bound/listening to the host IP...and everything works fine.
hope this helps.
[exec] 2007-05-16 23:11:24,027 ERROR [main] com.raplix.rolloutexpress.net.command.DatagramOutputStream (DatagramOutputStream.java:157) - Error sending data
[exec] Error establishing connection to 10.10.249.5:1130. (022142)
[exec] Connection refused
[exec]at com.raplix.rolloutexpress.net.transport.SocketClientConnectionHandler.setupConn ection(SocketClientConnectionHandler.java:42)
[exec]at com.raplix.rolloutexpress.net.transport.SocketClientConnectionHandler.setupConn ection(SocketClientConnectionHandler.java:56)
[exec]at com.raplix.rolloutexpress.net.transport.ClientConnectionManager.setupConnection To(ClientConnectionManager.java:97)
[exec]at com.raplix.rolloutexpress.net.transport.ConnectionManager.getConnectionTo(Conne ctionManager.java:191)
[exec]at com.raplix.rolloutexpress.net.transport.TransportManager.sendMessage(TransportM anager.java:460)
[exec]at com.raplix.rolloutexpress.net.transport.ProtocolManager.sendMessage(ProtocolMan ager.java:45)
[exec]at com.raplix.rolloutexpress.net.command.RequestReply.outputClosed(RequestReply.ja va:427)
[exec]at com.raplix.rolloutexpress.net.command.DatagramOutputStream.close(DatagramOutput Stream.java:155)
[exec]at java.io.ObjectOutputStream$BlockDataOutputStream.close(ObjectOutputStream.java: 1627)
[exec]at java.io.ObjectOutputStream.close(ObjectOutputStream.java:678)
[exec]at com.raplix.rolloutexpress.net.rpc.JavaSerializationProvider.marshall(JavaSerial izationProvider.java:56)
[exec]at com.raplix.rolloutexpress.net.rpc.RPCManager.invokeRemote(RPCManager.java:549)
[exec]at com.raplix.rolloutexpress.net.rpc.BaseStub.invoke(BaseStub.java:65)
[exec]at com.raplix.rolloutexpress.net.rpc.ProxyHandler.invoke(ProxyHandler.java:56)
[exec]at $Proxy0.isRegistered(Unknown Source)
[exec]at com.raplix.rolloutexpress.net.rpc.RPCManager.getService(RPCManager.java:234)
[exec]at com.raplix.rolloutexpress.net.rpc.RPCManager.getLocalService(RPCManager.java:27 2)
[exec]at com.raplix.rolloutexpress.systemmodel.userdb.RemoteSessionManager.<init>( RemoteSessionManager.java:27)
[exec]at com.raplix.rolloutexpress.systemmodel.userdb.RemoteUserDBSubsystem.getSessionMa nager(RemoteUserDBSubsystem.java:132)
[exec]at com.raplix.rolloutexpress.ui.Context$SessionManagerCreator.create(Context.java: 199)
[exec]at com.raplix.util.DelayedCreator.getValue(DelayedCreator.java:56)
[exec]at com.raplix.rolloutexpress.ui.Context.getSessionManager(Context.java:532)
[exec]at com.raplix.rolloutexpress.ui.userdb.commands.SessionBase.setPlaintextPassword(S essionBase.java:122)
[exec]at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[exec]at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
[exec]at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.ja va:25)
[exec]at java.lang.reflect.Method.invoke(Method.java:585)
[exec]at com.raplix.util.reflect.MethodUtil.invoke(MethodUtil.java:116)
[exec]at com.raplix.util.reflect.MethodUtil.invokeMember(MethodUtil.java:164)
[exec]at com.raplix.rolloutexpress.ui.commands.ArgumentDescriptorBase.set(ArgumentDescri ptorBase.java:71)
[exec]at com.raplix.rolloutexpress.ui.UISubsystem.setArguments(UISubsystem.java:283)
[exec]at com.raplix.rolloutexpress.ui.UISubsystem.execute(UISubsystem.java:351)
[exec]at com.raplix.rolloutexpress.ui.UISubsystem.execute(UISubsystem.java:320)
[exec]at com.raplix.rolloutexpress.ui.UISubsystem.execute(UISubsystem.java:455)
[exec]at com.raplix.rolloutexpress.ui.clui.CLUISubsystem.execute(CLUISubsystem.java:490)
[exec]at com.raplix.rolloutexpress.ui.clui.CLUI.main(CLUI.java:91)
[exec]at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[exec]at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
[exec]at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.ja va:25)
[exec]at java.lang.reflect.Method.invoke(Method.java:585)
[exec]at com.raplix.rolloutexpress.node.bootstrap.BootStrap.run(BootStrap.java:254)
[exec]at com.raplix.rolloutexpress.node.bootstrap.BootStrap.main(BootStrap.java:52)
[exec] :NestedTrace:
[exec] java.net.ConnectException: Connection refused
NOt firefox.... it was JaJah plugin on firefox !!!!geeeez.
