Friday, 2012-02-10

« Thursday, 2012-02-09 Index Saturday, 2012-02-11 »
ionepochhmm..00:00
ionepochmy paste got botched...00:00
ionepoch"/opt/WiKID/sbin/load_db.sh"00:00
ionepochthere we go..00:00
ionepochobviously proceed cautiously if your db is already setup...00:00
ionepochyou don't want to clobber anything00:00
ionepochlet me know if you can even get into your db using psql00:01
dystieok.  this is a production wikid server -- i would get yelled at a lot if I regenerated the cert.00:01
dystie'm gonna see if I can get the stored password00:01
ionepochyeah... don't do that.00:01
ionepochnutshell..00:02
ionepochmake sure you can connect to your db using psql00:02
ionepochthen make sure wikid can connect00:02
ionepochif not...00:02
ionepochyou'll need to update the pass that wikid uses to connect00:02
ionepoch... (i'm actually going to have to do that now... as i'm in the intial install I used a BS weak password for testing.. need to spruce it up)00:03
dystielol.  i keep meaning to set it up at home so i can be less pwn worthy.00:03
dystiefunny how lazy i get even being a securitygeek.00:03
*** perestre1ka has quit (Ping timeout: 252 seconds)00:04
ionepochlet me know if you find the file that wikid uses in it's settings to connect to the db...00:07
ionepoch(i'm looking for it now)00:07
*** perestrelka (~vladdy@194.242.5.47) has joined #wikid00:07
ionepochok...00:09
ionepochso00:09
*** dystie has quit (Ping timeout: 245 seconds)00:10
*** dystie (c7ff532e@gateway/web/freenode/ip.199.255.83.46) has joined #wikid00:23
dystiehi.  ack had to reboot00:23
ionepochok...00:23
ionepochso... trying to figure this out..00:23
ionepochit appears to me00:24
ionepochthat wikid during the setup phase needs postgres user's password to load the schema and add wikid users..00:24
ionepochthe passwords for the wikiduser appear to be defaults... and set in00:24
ionepoch"/opt/WiKID/conf/WikidCode.properties"00:24
ionepochwikid seems to have made the following users:00:25
ionepochtimecop00:25
ionepochtomcat00:25
ionepochwikid-sens00:25
ionepochwikidadmin00:25
ionepochwikidncserver00:25
ionepochwikidradserver00:25
ionepochin theory... wikid should have locked these down to local host... however... i need to double check this list00:26
ionepochhostallall127.0.0.1/24trust00:26
ionepochhostallall::1/128trust00:26
ionepochhosttemplate1all::1/128trust00:26
ionepochhosttemplate1all127.0.0.1/24trust00:27
ionepochhostwikidall::1/128trust00:27
ionepochhostwikidall127.0.0.1/24trust00:27
ionepochlocalallalltrust00:27
ionepochlocalpostgrespostgrestrust00:27
ionepochlocaltemplate1alltrust00:27
ionepochlocalwikidalltrust00:27
ionepochcat /etc/postgresql/8.4/main/pg_hba.conf00:27
ionepochso... i guess if you are having trouble connecting to the db00:27
ionepochfind your pg_hba.conf file on centos ...00:27
ionepochand make sure it has enteries for wikid00:27
ionepochif you have any error messages in ls /opt/WiKID/log/*.log  ... or /opt/WiKID/tomcat/logs/catalina.out00:30
ionepochpaste them here00:30
ionepoch(make sure to strip out any passwords in case the are in the error message (but i doubt it))00:30
dystiekk checking00:33
dystiei can't switch to the postgres user, there's no shell00:35
dystie(is dev/null00:35
dystie4j:ERROR Could not connect to remote log4j server at [localhost]. We will try again later. log4j:ERROR Could not connect to remote log4j server at [localhost]. We will try again later. log4j:ERROR Could not connect to remote log4j server at [localhost]. We will try again later. log4j:ERROR Could not connect to remote log4j server at [localhost]. We will try again later. log4j:ERROR Could not connect to remote log4j server at [localhost00:39
dystiewas in dbmigrations.log00:39
dystieException in thread "main" com.sampullara.db.MigrationException: Some other failure to connect: jdbc:postgresql://localhost/wikid, {package=com.wikidsystems.db.migrations, passwd (not providing)00:40
*** perestrelka has quit (Ping timeout: 248 seconds)00:40
dystieException in thread "main" com.sampullara.db.MigrationException: Some other failure to connect: jdbc:postgresql://localhost/wikid, {package=com.wikidsystems.db.migrations, user=postgres, password=REMOVED, url=jdbc:p00:40
dystieis full string00:40
*** perestrelka (~vladdy@194.242.5.47) has joined #wikid00:41
ionepochhmmm..00:48
ionepochthe log 4j error doesn't matter00:48
ionepochthat's just for loggin...00:48
ionepochbut..00:48
ionepochthe last error looks bad00:48
ionepoch...00:48
ionepochcan you find the pg_hba.conf on your server?00:48
ionepochyou should have a line like: local   postgres        postgres        trust00:49
ionepochtry this too:  psql -Upostgres00:50
dystiea bunch of java errors follow, let me know if you want stuff posted00:50
ionepochthat way you don't need a postgres00:51
ionepochtry this first00:51
ionepoch psql -Upostgres00:52
dystiefound the file00:52
dystiewhat user should it be run as?00:52
dystieit was whining when i tried to run as root.00:52
ionepochshouldn't matter00:52
ionepochhuh...00:52
ionepochk00:52
ionepochwell00:52
ionepochi ran it as root00:52
ionepochtry psql -Upostgres template100:52
ionepochie  launch psql as user:postgres connect to db template100:52
dystieonesec.00:53
ionepochthat's what psql -Upostgres template1 does00:53
dystie# psql -Upostgres template1 psql: could not connect to server: No such file or directory         Is the server running locally and accepting         connections on Unix domain socket "/tmp/.s.PGSQL.5432"?00:53
ionepochouch00:53
ionepochso00:53
ionepochyeah00:53
ionepochthat would be your first problem..00:54
ionepochtype .. ps ax | grep post00:54
ionepochi get .. 13825 ?        S      0:00 /usr/lib/postgresql/8.4/bin/postgres -D ..... more follows00:54
ionepochbasically ps ax just looks for running processes...00:54
ionepochlooks like your database isn't on00:54
dystieroot      4100  0.0  4.9 378044 25280 pts/0    Sl   19:38   0:00 /opt/java/bin/java -cp /opt/WiKID/lib/xstream-1.2.jar:/opt/WiKID/lib/xpp3_min-1.1.3.4.O.jar:/opt/WiKID/lib/xmlsec-1.4.0.jar:/opt/WiKID/lib/xml-apis.jar:/opt/WiKID/lib/xercesImpl.jar:/opt/WiKID/lib/wsdl4j-1.5.1.jar:/opt/WiKID/lib/wikid-server-enterprise-lib-3.4.87.jar:/opt/WiKID/lib/smtp.jar:/opt/WiKID/lib/shared-ldap-0.9.5.4.jar:/opt/WiKID/lib/saaj.jar:/opt/WiKID/lib/rads00:55
ionepochhmmm00:55
ionepochlet's make that more specific...00:55
ionepochps ax | grep postgres00:55
ionepochbasically... just looking to see if you db is running... doesn't look like it..00:56
ionepochhow about:00:56
ionepochroot@wikid:~# /etc/init.d/postgresql-8.4 status00:56
ionepochRunning clusters: 8.4/main00:56
dystie[root@noneya) data]# ps aux | grep postgres root      4100  0.0  4.9 378044 25280 pts/0    Sl   19:38   0:00 /opt/java/bin/java -cp /opt/WiKID/lib/xstream-1.2.jar:/opt/WiKID/lib/xpp3_min-1.1.3.4.O.jar:/opt/WiKID/lib/xmlsec-1.4.0.jar:/opt/WiKID/lib/xml-apis.jar:/opt/WiKID/lib/xercesImpl.jar:/opt/WiKID/lib/wsdl4j-1.5.1.jar:/opt/WiKID/lib/wikid-server-enterprise-lib-3.4.87.jar:/opt/WiKID/lib/smtp.jar:/opt/WiKID/lib/shared-ldap-0.9.5.4.jar00:56
dystierunning that now00:56
dystiepostmaster is stopped00:57
ionepochyeah...00:57
ionepochk00:57
ionepochso that's the biggy00:57
ionepoch...00:57
dystiestarting service failed00:57
ionepochk00:57
ionepochso looks like a problem with the db00:57
ionepochdo you know if any centos updates were applied...00:58
dystieyeah, imagine that we just patched the box00:58
dystiewe patched our other wikidboxes w/ (i think) the same patches.. and they're happy.00:58
ionepochshouldn't happen... but i guess it's possible that a patch could have caused the db tables to be upgraded... and perhaps the updates failed?00:58
ionepochthat's a little presumptuous on my part00:58
dystienah, is not presumptious.  i'm checking to see what patches we pushed.00:59
ionepochtail -1000 /var/log/postgresql/postgresql-8.4-main.log00:59
ionepochfind your postgres log01:00
ionepochsee if there are any errors in there01:00
dystiepgstartup.log?01:04
dystieFATAL:  lock file "postmaster.pid" already exists HINT:  Is another postmaster (PID 5323) running in data directory "/var/lib/pgsql/data"? LOG:  logger shutting down LOG:  logger shutting down LOG:  logger shutting down LOG:  logger shutting down LOG:  logger shutting down01:05
dystielooking for this pid file01:05
dystieno postgresql.pid in teh data directory01:08
dystiein the directory it was whining about.01:08
ionepochlook in /var/run01:08
ionepochor01:08
ionepochas a longshot01:09
ionepoch... /etc/init/postgres zap01:09
ionepoch(zap is supposed to delete pids)01:09
ionepoch(not your db)01:09
ionepochUsage: /etc/init.d/postgresql-8.4 {start|stop|restart|reload|force-reload|status|autovac-start|autovac-stop|autovac-restart}01:10
ionepochmaybe force-reload01:10
dystieforce reload ran w/no errors01:14
ionepochhmm01:14
ionepochcan you start it now?01:14
dystieno, did not start01:14
ionepochwhat's in the db error log?01:15
ionepochsame error?01:15
ionepochbasically we need to kill that pid file and get your db started01:15
dystieyeah and it's not where i'd think it'd be01:16
dystiejust cleared log to see current stuff.  waiting01:16
dystierunuser /dev/null -- permission denied is all that's logged01:16
ionepochhmm01:17
ionepochare you out of diskspace?01:17
ionepochdf -h01:17
ionepochand are you starting the db as root?01:17
dystienothing is running at 100%01:18
dystieyeah i'm in a root shell01:18
ionepochso01:18
dystieheh.  looks like postgres doesn't have a shell on the server that's cranky.  and does on the server in another env that isn't cranky.01:19
ionepochback to what you mentioned earlier...01:19
ionepochyes01:19
ionepochthat's what i'm thinking01:19
ionepochchange shell to bin/sh01:19
ionepochor something01:19
dystiechecking patching ticket to make sure i don't get yelled at.  onesec.  btw, you totally rock; if you're ever @ like.  shmoo or defcon i'll buy you a  beer.01:19
ionepochha!01:20
ionepochyes01:20
ionepochhang with shellfish at defcon in last years competition01:20
ionepochhttp://www.defcon.org/html/defcon-19/dc-19-contest-results.html01:22
dystie[root@chi-esx-v35:(chi-otp-01) pgsql]# rpm -qa | grep 'postgres' postgresql-libs-8.1.23-1.el5_6.1 postgresql-libs-8.1.23-1.el5_7.3 postgresql-jdbc-8.1.407-1jpp.4 postgresql-libs-8.1.23-1.el5_7.3 postgresql-8.1.23-1.el5_7.3 postgresql-8.1.23-1.el5_6.1 postgresql-server-8.1.23-1.el5_6.1 postgresql-pl-8.1.23-1.el5_6.1 postgresql-server-8.1.23-1.el5_7.3 postgresql-pl-8.1.23-1.el5_7.301:24
dystieack. dumb.01:24
dystieso that's what we got -- but on a working server in the other domain i have:01:24
dystie postgresql-jdbc-8.1.407-1jpp.4 postgresql-libs-8.1.23-1.el5_7.3 postgresql-libs-8.1.23-1.el5_7.3 postgresql-8.1.23-1.el5_7.3 postgresql-server-8.1.23-1.el5_7.3 postgresql-pl-8.1.23-1.el5_7.301:24
dystieschweet.  yeah, i spent most of my time in skytalks.  was quieter.01:25
ionepochhmm... is your db booting now?01:25
ionepochcan't tell from the patch string if your server is having issues or not01:25
ionepoch...01:25
ionepochjust looks like your 02 box has been around a bit longer?01:26
ionepochmigrated from 5.61 to 5.7301:26
dystieworking or not working?01:26
dystiei don't know which one got spun up first.  yeah, stuff was upgraded.01:27
dystielooks like on centos postgresql likes to live in /var/lib/pgsql01:27
ionepochahh01:27
ionepoch...01:27
ionepochit's booting though right?01:27
dystieand theoretically the lock file should be in /var/lib/pgsql/data but i'm not finding it01:27
ionepochall is well?01:27
dystienot so much01:29
dystiei'm changing the shell.  and hoping i don't get yelled at.01:29
ionepochwell... for the short term... i'd change it just to see if you can get the db to go... (pretty sure the init script needs it)...01:30
dystieno you're spot on01:30
ionepochif it works ... you can turn the shell off... and regroup with your team to discuss01:30
dystiechanging shell01:30
dystieStarting postgresql service:                               [  OK  ] Starting postgresql service:                               [  OK  ] Starting postgresql service:                               [  OK  ]01:34
dystiehappy.  k.01:34
ionepochheh01:34
ionepochcool01:34
ionepochnow to the rest... how's about your wikid01:34
dystielooks like it started -- reloading page01:35
dystiecool, fixing failover server.01:35
dystiei owe you like.  two beers.01:35
ionepochwe love beer :)01:36
dystieyus.  tasty tasty malty goodness01:36
ionepochwell, we plan to be at defcon competing again this year...01:36
dystiei plan on being there volunteering for skytalks (well at least some of the time.)01:36
ionepochso if you make it... stop by the competition and look for shellphish01:37
ionepochyou going to blackhat?01:37
dystienah, i want to blow my training budget on sans this year01:37
dystiei got promoted past my competence level, so i need to catch up01:37
ionepochcool! always room to rise to the occasion01:38
ionepochcheers... gonna try and wrap this up so i can head out... probably be in here tomorrow for a bit as well01:38
dystiecoolbeans01:40
dystieyeah, i'm happy stuff is working.  gonna go get some f00d.01:40
dystiewhere are you in the US?01:40
ionepochCali / westside01:40
dystiecoolios.  'm eastcost/virginia.01:41
dystienot as cool as cali.01:41
ionepochsorry to do this... but today was freaking amazing weather wise  (did i just lose a beer?)01:41
*** dystie has quit (Ping timeout: 245 seconds)01:45
*** mick_lap1op (~mick@mickweiss.com) has joined #wikid06:50
*** mick_laptop has quit (Read error: Connection reset by peer)06:50
*** ionepoch has quit (Ping timeout: 340 seconds)07:15
*** mick_lap1op has quit (*.net *.split)08:29
*** mick_laptop (~mick@mickweiss.com) has joined #wikid08:40
*** mick_laptop has quit (Remote host closed the connection)09:37
*** mick_laptop (~mick@mickweiss.com) has joined #wikid09:37
*** mick_laptop has quit (Read error: Connection reset by peer)10:06
*** mick_lap1op (~mick@mickweiss.com) has joined #wikid10:07
*** FlexyZ (3e74c0c6@gateway/web/freenode/ip.62.116.192.198) has joined #wikid13:24
FlexyZhey13:24
*** FlexyZ has quit (Ping timeout: 245 seconds)14:15
*** FlexyZ (3e74c0c6@gateway/web/freenode/ip.62.116.192.198) has joined #wikid14:33
FlexyZhi14:36
*** FlexyZ has quit (Ping timeout: 245 seconds)15:32
*** ionepoch (~ionepoch@wsip-98-173-30-75.sb.sd.cox.net) has joined #wikid17:18
ionepochbump... wondering if there is a way to disable the automatic redirect on port 80 to the wikidadmin17:18
ionepochalso wondering if anybody can try and preload themselves as a user to port 80....  (in other words... can i disable the ability for people to try and self pre-register?)17:20
ionepochbump18:26
ionepochanyone around18:26
ionepoch?18:26
ionepochhaving a bit of difficulty getting radius server included in the enterprise edition to return a group attirbute18:27
ionepochany pointers?18:27
« Thursday, 2012-02-09 Index Saturday, 2012-02-11 »

Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!