| *** nowen (~nowen@50-194-249-125-static.hfc.comcastbusiness.net) has joined #wikid | 12:56 | |
| *** kiran_ (7aac5eba@gateway/web/freenode/ip.122.172.94.186) has joined #wikid | 13:29 | |
| nowen | morning kiran_ | 13:29 |
|---|---|---|
| kiran_ | Hi | 13:29 |
| kiran_ | morning | 13:29 |
| kiran_ | I'm logging onto the server | 13:30 |
| nowen | ok | 13:30 |
| nowen | so, what's it's status? is this a fresh install? | 13:31 |
| kiran_ | let me erase the old install | 13:31 |
| nowen | ok | 13:31 |
| nowen | is it a vm? | 13:31 |
| kiran_ | no it's not a vm | 13:31 |
| kiran_ | this is installed wikid-server-enterprise-3.6.0.b1659-1 | 13:32 |
| kiran_ | one thing different that we do is we have an apache server proxy to the tomcat using ajp | 13:32 |
| nowen | hmm | 13:32 |
| nowen | what do you do to proxy port 80 and 443? | 13:33 |
| nowen | is apache on the same box? | 13:33 |
| kiran_ | yes it's on the same box | 13:33 |
| nowen | you know that wikid needs 80 and 443, right? | 13:33 |
| kiran_ | we make wikid run on 8009 and apache forwards the request to tomcat | 13:34 |
| kiran_ | we have not had an issue with that part | 13:34 |
| nowen | which port did you move to 8009? | 13:35 |
| kiran_ | in the tomcat/conf/server.xml we comment out the connector port 80 to 443 redirect and then define a ajp on port 8009 | 13:37 |
| nowen | that's not going to be enough | 13:37 |
| nowen | also, why? it would make more sense if apache was running on a different box on the DMZ, but why the same box? | 13:37 |
| nowen | it will potentially break with every upgrade too | 13:38 |
| kiran_ | It has been like that from before , I'm not sure why it was configured that way | 13:38 |
| nowen | where is the WiKID server located? in the dmz? | 13:38 |
| kiran_ | I am not sure but it looks like it is not in dmz | 13:40 |
| nowen | I think if you remove Apache and use the default wikid setup, it will work. | 13:40 |
| kiran_ | let me check | 13:41 |
| kiran_ | I had just changed the server.xml | 13:42 |
| kiran_ | ok did that , still getting the 404 error | 13:45 |
| nowen | is it a tomcat error or an apache error? | 13:46 |
| kiran_ | apache is stopped | 13:46 |
| kiran_ | it's a tomcat error | 13:47 |
| nowen | and the port is 443? | 13:47 |
| kiran_ | yes https | 13:48 |
| nowen | can you run 'netstat -anp | grep 443' | 13:48 |
| kiran_ | tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 10192/jsvc.exec | 13:49 |
| nowen | can you try just going to the http address and see if it redirects? | 13:49 |
| kiran_ | yes it does redirect | 13:50 |
| nowen | to a 404? | 13:50 |
| kiran_ | no I get the home page, we get a 404 only for some pages | 13:50 |
| nowen | ahh, that's right | 13:51 |
| nowen | so, those pages are all still 404? | 13:51 |
| kiran_ | yes those are still 404 | 13:51 |
| kiran_ | the others show up fine | 13:51 |
| nowen | did you install this via RPM or the ISO? | 13:51 |
| kiran_ | via the rpm | 13:51 |
| nowen | hmm | 13:53 |
| nowen | what's the OS? | 13:53 |
| kiran_ | redhat 5.6 | 13:53 |
| nowen | hmm | 13:54 |
| nowen | did you create a domain yet? | 13:54 |
| kiran_ | yes a domain is created | 13:55 |
| kiran_ | I can get to that page | 13:55 |
| nowen | can you get to the logs page? | 13:55 |
| kiran_ | no the logs page is 404 | 13:56 |
| kiran_ | I am not sure but maybe this started after I enabled the radius server | 13:56 |
| nowen | ok - stop the server and run 'killall -9 java'. | 13:57 |
| nowen | then can you to an 'rpm -Uvh --force wikid-*' on the rpms? | 13:57 |
| kiran_ | ok can erase the rpm's | 13:57 |
| nowen | yeah, that might be good idea. | 13:58 |
| nowen | I'm not sure what's going on here. | 13:58 |
| kiran_ | ok packages removed , do I need to start database and remove the wikid database ? | 14:01 |
| nowen | probably a good idea | 14:01 |
| kiran_ | ok removed from the database and stopped the database service | 14:02 |
| nowen | did the /opt/WiKID directory get cleaned? | 14:03 |
| kiran_ | no I removed it now | 14:03 |
| nowen | ok | 14:03 |
| nowen | so, you should be good to re-install. I assume you need to run 'service postgresql initdb'? | 14:04 |
| kiran_ | I did not remove postgres | 14:05 |
| kiran_ | but I can run the command | 14:05 |
| nowen | I wonder if the db is still there. | 14:05 |
| kiran_ | no I dropped the database wikid | 14:05 |
| nowen | oh, ok | 14:05 |
| kiran_ | do I run initdb | 14:06 |
| nowen | sure, it won't hurt | 14:06 |
| kiran_ | there is no initdb | 14:07 |
| nowen | ok | 14:07 |
| nowen | np. | 14:07 |
| nowen | I think you can re-install | 14:08 |
| kiran_ | ok | 14:08 |
| kiran_ | running command yum install --nogpg wikid-* | 14:09 |
| kiran_ | wikid-server-enterprise-3.6.0.b1659-1.noarch.rpmwikid-utilities-3.4.3-1.x86_64.rpm - these are the rpm's | 14:09 |
| nowen | yes - if you are on 64 bit | 14:09 |
| kiran_ | yes its a x86_64 | 14:09 |
| kiran_ | ok install complete | 14:11 |
| nowen | ok - run setup | 14:11 |
| kiran_ | got this error psql:/opt/WiKID/conf/database/db-data.sql:64: ERROR: relation "db_version" does not exist No previous configuration detected. Starting with factory default values. | 14:13 |
| nowen | that's ok | 14:13 |
| kiran_ | but asking for reconfigure network | 14:13 |
| nowen | just run through that and enter the current network info | 14:13 |
| kiran_ | do I use both eth0 and eth1 | 14:14 |
| nowen | up to you. | 14:14 |
| nowen | you can NAT the external traffic for the tokens if you want | 14:14 |
| nowen | or if the server is in the dmz, use one eth for external and one for internal | 14:15 |
| kiran_ | asking details for Tomcat keystore | 14:16 |
| nowen | yeah, that's for the SSL cert for the WiKIDAdmin | 14:16 |
| kiran_ | organizational unit is the short name GZ ? | 14:16 |
| nowen | it doesn't really matter. only the admins will see the cert and it's not trusted in the browser anyway | 14:17 |
| kiran_ | ok | 14:17 |
| kiran_ | it;s asking for replication info , we want to get this into replication later. | 14:19 |
| nowen | sure, just say N | 14:20 |
| kiran_ | ok setup is complete starting wikid | 14:20 |
| nowen | ok | 14:20 |
| kiran_ | we just get one error but rest succeded | 14:22 |
| nowen | what error? | 14:23 |
| kiran_ | chown: cannot access `/opt/WiKID/log/*.pid': No such file or directory | 14:24 |
| kiran_ | cat: /opt/WiKID/log/*.pid: No such file or directory | 14:24 |
| nowen | ok, that can probably be ignored too | 14:25 |
| kiran_ | looks like I'm unable to reach the server, we have 2 gateways I gave only one | 14:28 |
| kiran_ | can we go back and change the gateway info ? | 14:28 |
| nowen | sure, just re-run setup | 14:28 |
| kiran_ | I got logged out of the server and might have messed up the networking, I will need to get hold of my co-worker to fix this | 14:37 |
| kiran_ | I will email you once I am able to get back into the server | 14:37 |
| nowen | ok | 14:37 |
| kiran_ | are you there @nowen | 15:02 |
| nowen | yep | 15:02 |
| kiran_ | ok I was able to get back to the server | 15:03 |
| kiran_ | I guess I should run the setup again | 15:03 |
| nowen | yeah | 15:03 |
| kiran_ | Ok I got the webpage , will now go to configuration | 15:16 |
| nowen | ok\ | 15:16 |
| kiran_ | Installed the cert, now creating localhost certificate | 15:18 |
| kiran_ | ok so far so good, Now I want to enable the radius . things seem to be fine so far | 15:20 |
| kiran_ | shall I go ahead with enabling radius ? | 15:20 |
| nowen | sure | 15:21 |
| kiran_ | restarting wikid after enabling radius | 15:23 |
| kiran_ | ok it's come back up | 15:26 |
| nowen | can you get to all the pages? | 15:27 |
| kiran_ | yes users , groups and reports all seem to be coming up . Let me setup a domain and check | 15:28 |
| kiran_ | for the server code do we give ip of server ? | 15:32 |
| nowen | yes- the external IP - zero padded | 15:33 |
| kiran_ | hmm I do not think we can access this server directly from external Ip | 15:34 |
| nowen | is it nat'd? | 15:34 |
| kiran_ | I am not sure about how it is setup but server has the private network (eth0) and the public network (eth1) but there is some sort of address translation that happens for the public port | 15:36 |
| kiran_ | the external IP address is 67.192.141.189 but on the system the IP address is 10.241.118.241 | 15:37 |
| nowen | so use 067192141189 | 15:38 |
| kiran_ | Can I give anything for the domain name and device domain name ? | 15:39 |
| kiran_ | I went ahead and added a network-client , we use pam_auth to talk to wikid | 15:52 |
| nowen | pam radius? | 15:53 |
| kiran_ | yes pam radius | 15:53 |
| nowen | ok | 15:53 |
| kiran_ | I'm getting a sudo: pam_radius_auth: RADIUS server mgmt1.genares.net failed to respond | 15:53 |
| nowen | did you restart wikid service after adding the network client? | 15:54 |
| kiran_ | no I did not do that | 15:54 |
| kiran_ | doing it now | 15:54 |
| nowen | radius caches a bunch of stuff and restarting opens the port for the firewall for the NC | 15:54 |
| kiran_ | cool that looks like it fixed that | 15:58 |
| nowen | great | 15:58 |
| kiran_ | In our old wikid there were some additional settings configured | 15:59 |
| kiran_ | In configuration-> set parameters | 15:59 |
| kiran_ | ldap_wauth_server ldap_wauth_port and a bunch of other parameters | 16:00 |
| nowen | I recommend you don't change or add anything there until you know why they were changed. | 16:00 |
| kiran_ | ok | 16:00 |
| kiran_ | those params are here too | 16:00 |
| kiran_ | so now if we have to add replication do we need to start setup again ? | 16:01 |
| nowen | yes - is the 2nd box ready? | 16:02 |
| kiran_ | the 2nd box is running the old version | 16:03 |
| nowen | so, you'll need to update that first | 16:03 |
| kiran_ | I think we will need to erase the old install since the person maintaining it had added quiet a few hacks to run it as wikid user | 16:04 |
| nowen | yeah, I think same process as you did for this one exactly. even run 'wikidctl start' and make sure you can get to the WiKIDAdmin | 16:05 |
| nowen | then, re-run setup and select Y for replication and set it as the secondary | 16:05 |
| nowen | https://www.wikidsystems.com/support/wikid-support-center/installation-how-tos/how-to-configure-wikid-for-replication | 16:06 |
| nowen | note that you need 2 gigs of RAM on both boxes for replication | 16:06 |
| kiran_ | ok cool will check with the team and see how they want it configured | 16:06 |
| kiran_ | thanks for your help | 16:06 |
| nowen | no problem. not sure what happened before | 16:07 |
| kiran_ | yeah , I followed the same steps except for the server key | 16:07 |
| *** kiran_ has quit (Quit: Page closed) | 16:16 | |
| *** nowen has quit (Quit: Leaving.) | 20:02 | |
| *** joevano has quit (Quit: leaving) | 20:22 | |
| *** joevano (~joevano@bzflag/developer/JoeVano) has joined #wikid | 20:24 | |
| *** nowen (~nowen@99-174-92-191.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 23:14 | |
| *** nowen has quit (Client Quit) | 23:17 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!