By: David Avendasora user 27 Apr 2017 at 4:23 p.m. CDT

10 Responses
David Avendasora gravatar
**Summary:** When I try to access oxTrust using https://idp-test.mydomain.com I am redirected to https://idp-test.mydomain.com/identity/ which returns a `503 SERVICE UNAVAILABLE` response. I installed 3.0.1 on an 16GB AWS Ubuntu 16.04 instance using the official AWS- and Ubuntu-specific [instructions](https://gluu.org/docs/ce/3.0.1/installation-guide/install/). Here's the setup.properties file I passed to `setup.py`: ``` ### IDP Host Information ip=10.0.6.40 ### The hostname of the server hostname=idp-test.mydomain.com ### Self-signed Certificate Information orgName=My Organization countryCode=US city=Anytown state=OK ### Gluu Installation applicationsMaxRam=12288 installLdap=True installHttpd=True installOxAuth=True installOxTrust=True installSaml=False installAsimba=False installCas=False installOxAuthRP=False installPassport=False installJce=True ### Security Config ldapPass=•••••••••••••••••••• ``` I found the following errors in the `/opt/gluu/jetty/identity/logs/oxtrust.log` file: ``` ... 2017-04-27 20:05:39,477 INFO [main] [org.gluu.oxtrust.config.OxTrustConfiguration] (OxTrustConfiguration.java:111) - Creating oxTrustConfiguration 2017-04-27 20:05:39,478 INFO [main] [org.gluu.oxtrust.config.OxTrustConfiguration] (OxTrustConfiguration.java:295) - ########## ldapFileName = /etc/gluu/conf/ox-ldap.properties 2017-04-27 20:05:39,510 INFO [main] [org.gluu.oxtrust.config.OxTrustConfiguration] (OxTrustConfiguration.java:328) - ########## fileName = /etc/gluu/conf/ox-ldap.properties 2017-04-27 20:05:39,516 INFO [main] [org.gluu.oxtrust.config.OxTrustConfiguration] (OxTrustConfiguration.java:329) - ########## oxtrust_ConfigurationEntryDN = ou=oxtrust,ou=configuration,inum=@!813D.9FF0.8BA3.6B8E!0002!C615.B4DF,ou=appliances,o=gluu 2017-04-27 20:05:39,518 INFO [main] [org.gluu.oxtrust.config.OxTrustConfiguration] (OxTrustConfiguration.java:328) - ########## fileName = /etc/gluu/conf/salt 2017-04-27 20:05:39,518 INFO [main] [org.gluu.oxtrust.config.OxTrustConfiguration] (OxTrustConfiguration.java:329) - ########## oxtrust_ConfigurationEntryDN = null 2017-04-27 20:05:39,624 INFO [main] [org.xdi.oxauth.model.util.SecurityProviderUtility] (SecurityProviderUtility.java:23) - Adding Bouncy Castle Provider 2017-04-27 20:05:39,679 INFO [main] [org.gluu.oxtrust.ldap.service.AppInitializer] (AppInitializer.java:282) - Build date 2017-02-24 13:35. Code revision 7df83 on 24.02.2017 @ 07:18:11 EST. Build 824 2017-04-27 20:05:39,866 INFO [main] [org.gluu.oxtrust.config.OxTrustConfiguration] (OxTrustConfiguration.java:206) - Loading configuration from LDAP... 2017-04-27 20:05:39,880 ERROR [main] [org.gluu.oxtrust.config.OxTrustConfiguration] (OxTrustConfiguration.java:240) - Failed to load configuration from LDAP org.gluu.site.ldap.persistence.exception.EntryPersistenceException: Failed to find entry: ou=oxtrust,ou=configuration,inum=@!813D.9FF0.8BA3.6B8E!0002!C615.B4DF,ou=appliances,o=gluu at org.gluu.site.ldap.persistence.LdapEntryManager.find(LdapEntryManager.java:259) ~[oxLdap-3.0.1.jar:?] at org.gluu.site.ldap.persistence.AbstractEntryManager.find(AbstractEntryManager.java:429) ~[oxLdap-3.0.1.jar:?] at org.gluu.site.ldap.persistence.AbstractEntryManager.find(AbstractEntryManager.java:366) ~[oxLdap-3.0.1.jar:?] at org.gluu.oxtrust.config.OxTrustConfiguration.loadConfigurationFromLdap(OxTrustConfiguration.java:236) [classes/:?] at org.gluu.oxtrust.config.OxTrustConfiguration.createFromLdap(OxTrustConfiguration.java:208) [classes/:?] at org.gluu.oxtrust.config.OxTrustConfiguration.create(OxTrustConfiguration.java:129) [classes/:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_112] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_112] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_112] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_112] ...<snip>... at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_112] at org.eclipse.jetty.start.Main.invokeMain(Main.java:214) [start.jar:9.3.15.v20161220] at org.eclipse.jetty.start.Main.start(Main.java:457) [start.jar:9.3.15.v20161220] at org.eclipse.jetty.start.Main.main(Main.java:75) [start.jar:9.3.15.v20161220] Caused by: org.gluu.site.ldap.exception.ConnectionException: Failed to lookup entry --> null at org.gluu.site.ldap.OperationsFacade.lookup(OperationsFacade.java:461) ~[oxLdap-3.0.1.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.find(LdapEntryManager.java:253) ~[oxLdap-3.0.1.jar:?] ... 102 more Caused by: java.lang.NullPointerException at org.gluu.site.ldap.OperationsFacade.lookup(OperationsFacade.java:458) ~[oxLdap-3.0.1.jar:?] at org.gluu.site.ldap.persistence.LdapEntryManager.find(LdapEntryManager.java:253) ~[oxLdap-3.0.1.jar:?] ... 102 more 2017-04-27 20:05:39,884 WARN [main] [org.gluu.oxtrust.config.OxTrustConfiguration] (OxTrustConfiguration.java:221) - Unable to find configuration in LDAP, try to load configuration from file system... 2017-04-27 20:05:39,890 ERROR [main] [org.gluu.oxtrust.config.OxTrustConfiguration] (OxTrustConfiguration.java:288) - Failed to load configuration from /etc/gluu/conf/oxtrust-config.json java.io.FileNotFoundException: File '/etc/gluu/conf/oxtrust-config.json' does not exist at org.apache.commons.io.FileUtils.openInputStream(FileUtils.java:299) ~[commons-io-2.4.jar:2.4] at org.apache.commons.io.FileUtils.readFileToString(FileUtils.java:1711) ~[commons-io-2.4.jar:2.4] at org.apache.commons.io.FileUtils.readFileToString(FileUtils.java:1748) ~[commons-io-2.4.jar:2.4] at org.gluu.oxtrust.config.OxTrustConfiguration.loadAppConfFromFile(OxTrustConfiguration.java:283) [classes/:?] at org.gluu.oxtrust.config.OxTrustConfiguration.reloadAppConfFromFile(OxTrustConfiguration.java:269) [classes/:?] at org.gluu.oxtrust.config.OxTrustConfiguration.createFromFile(OxTrustConfiguration.java:263) [classes/:?] at org.gluu.oxtrust.config.OxTrustConfiguration.createFromLdap(OxTrustConfiguration.java:222) [classes/:?] at org.gluu.oxtrust.config.OxTrustConfiguration.create(OxTrustConfiguration.java:129) [classes/:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_112] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_112] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_112] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_112] ...<snip>... at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_112] at org.eclipse.jetty.start.Main.invokeMain(Main.java:214) [start.jar:9.3.15.v20161220] at org.eclipse.jetty.start.Main.start(Main.java:457) [start.jar:9.3.15.v20161220] at org.eclipse.jetty.start.Main.main(Main.java:75) [start.jar:9.3.15.v20161220] 2017-04-27 20:05:39,893 ERROR [main] [org.gluu.oxtrust.config.OxTrustConfiguration] (OxTrustConfiguration.java:275) - Failed to load application configuration from file: /etc/gluu/conf/oxtrust-config.json 2017-04-27 20:05:39,893 ERROR [main] [org.gluu.oxtrust.config.OxTrustConfiguration] (OxTrustConfiguration.java:130) - Failed to load configuration from LDAP. Please fix it!!!. ``` And the following in the `/opt/gluu/jetty/oxauth/logs/oxauth.log` file: ``` 2017-04-27 20:05:29,998 INFO [main] [org.xdi.oxauth.model.util.SecurityProviderUtility] (SecurityProviderUtility.java:23) - Adding Bouncy Castle Provider 2017-04-27 20:05:30,263 INFO [main] [org.xdi.oxauth.model.config.ConfigurationFactory] (ConfigurationFactory.java:292) - Loading configuration from LDAP... 2017-04-27 20:05:30,360 ERROR [main] [org.xdi.oxauth.model.config.ConfigurationFactory] (ConfigurationFactory.java:330) - Failed to find entry: ou=oxauth,ou=configuration,inum=@!813D.9FF0.8BA3.6B8E!0002!C615.B4DF,ou=appliances,o=gluu 2017-04-27 20:05:30,360 INFO [main] [org.xdi.oxauth.model.config.ConfigurationFactory] (ConfigurationFactory.java:312) - Unable to find configuration in LDAP, try to load configuration from file system... 2017-04-27 20:05:30,364 WARN [main] [org.xdi.oxauth.model.config.ConfigurationFactory] (ConfigurationFactory.java:451) - /etc/gluu/conf/oxauth-config.json (No such file or directory) java.io.FileNotFoundException: /etc/gluu/conf/oxauth-config.json (No such file or directory) at java.io.FileInputStream.open0(Native Method) ~[?:1.8.0_112] at java.io.FileInputStream.open(FileInputStream.java:195) ~[?:1.8.0_112] at java.io.FileInputStream.<init>(FileInputStream.java:138) ~[?:1.8.0_112] at org.codehaus.jackson.JsonFactory.createJsonParser(JsonFactory.java:504) ~[jackson-core-asl-1.9.11.jar:1.9.11] at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1817) ~[jackson-mapper-asl-1.9.11.jar:1.9.11] at org.xdi.oxauth.model.config.ConfigurationFactory.loadConfFromFile(ConfigurationFactory.java:449) [classes/:?] at org.xdi.oxauth.model.config.ConfigurationFactory.reloadConfFromFile(ConfigurationFactory.java:279) [classes/:?] at org.xdi.oxauth.model.config.ConfigurationFactory.createFromFile(ConfigurationFactory.java:233) [classes/:?] at org.xdi.oxauth.model.config.ConfigurationFactory.createFromLdap(ConfigurationFactory.java:313) [classes/:?] at org.xdi.oxauth.model.config.ConfigurationFactory.create(ConfigurationFactory.java:129) [classes/:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_112] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_112] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_112] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_112] ...<snip>... at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_112] at org.eclipse.jetty.start.Main.invokeMain(Main.java:214) [start.jar:9.3.15.v20161220] at org.eclipse.jetty.start.Main.start(Main.java:457) [start.jar:9.3.15.v20161220] at org.eclipse.jetty.start.Main.main(Main.java:75) [start.jar:9.3.15.v20161220] 2017-04-27 20:05:30,367 ERROR [main] [org.xdi.oxauth.model.config.ConfigurationFactory] (ConfigurationFactory.java:285) - Failed to load configuration from file: /etc/gluu/conf/oxauth-config.json 2017-04-27 20:05:30,367 ERROR [main] [org.xdi.oxauth.model.config.ConfigurationFactory] (ConfigurationFactory.java:130) - Failed to load configuration from LDAP. Please fix it!!!. ``` Here are some selected parts of the `/opt/gluu-server-3.0.1/install/community-edition-setup/setup.log` file: ``` 20:05:17 04/27/17 Running OpenLDAP Setup 20:05:17 04/27/17 Installing OpenLDAP from package 20:05:17 04/27/17 Found package '/opt/dist/symas/symas-openldap-gluu.amd64_2.4.44-20161020_amd64.deb' for install 20:05:17 04/27/17 Running: /usr/bin/dpkg --install /opt/dist/symas/symas-openldap-gluu.amd64_2.4.44-20161020_amd64.deb 20:05:18 04/27/17 Selecting previously unselected package symas-openldap-gluu. (Reading database ... 18075 files and directories currently installed.) Preparing to unpack .../symas-openldap-gluu.amd64_2.4.44-20161020_amd64.deb ... Unpacking symas-openldap-gluu (2.4.44-20161020) ... Setting up symas-openldap-gluu (2.4.44-20161020) ... Processing triggers for systemd (229-4ubuntu16) ... 20:05:18 04/27/17 Running in chroot, ignoring request. 20:05:18 04/27/17 Running: /bin/chmod -R 775 /var/symas/run 20:05:18 04/27/17 Running: /bin/chgrp -R ldap /var/symas/run 20:05:18 04/27/17 Configuring OpenLDAP 20:05:18 04/27/17 Rendering template ./output/slapd.conf 20:05:18 04/27/17 Rendering template ./output/symas-openldap.conf 20:05:18 04/27/17 Copied ./output/slapd.conf to /opt/symas/etc/openldap 20:05:18 04/27/17 Copied ./output/symas-openldap.conf to /opt/symas/etc/openldap 20:05:18 04/27/17 Created dir: /opt/gluu/schema/openldap 20:05:18 04/27/17 Copied ./static/openldap/gluu.schema to /opt/gluu/schema/openldap 20:05:18 04/27/17 Copied ./static/openldap/custom.schema to /opt/gluu/schema/openldap 20:05:18 04/27/17 Running: /bin/chown -R ldap:ldap /opt/gluu/data 20:05:18 04/27/17 Running: /bin/chmod -R a+rX /opt/gluu/schema 20:05:18 04/27/17 Running: /bin/chown -R ldap:ldap /opt/gluu/schema 20:05:18 04/27/17 Running: /bin/mkdir -p /var/log/openldap/ 20:05:18 04/27/17 Running: /bin/chown -R syslog:adm /var/log/openldap/ 20:05:18 04/27/17 Copied ./static/openldap/openldap-syslog.conf to /etc/rsyslog.d/ 20:05:18 04/27/17 Copied ./static/openldap/openldap_logrotate to /etc/logrotate.d/ 20:05:18 04/27/17 Importing LDIF files into OpenLDAP 20:05:18 04/27/17 Running: /bin/su ldap -c cd /install/community-edition-setup; /opt/symas/bin/slapadd -b o=gluu -f /opt/symas/etc/openldap/slapd.conf -l ./output/base.ldif 20:05:18 04/27/17 Running: /bin/su ldap -c cd /install/community-edition-setup; /opt/symas/bin/slapadd -b o=gluu -f /opt/symas/etc/openldap/slapd.conf -l ./output/appliance.ldif 20:05:18 04/27/17 Running: /bin/su ldap -c cd /install/community-edition-setup; /opt/symas/bin/slapadd -b o=gluu -f /opt/symas/etc/openldap/slapd.conf -l ./output/attributes.ldif 20:05:19 04/27/17 Running: /bin/su ldap -c cd /install/community-edition-setup; /opt/symas/bin/slapadd -b o=gluu -f /opt/symas/etc/openldap/slapd.conf -l ./output/scopes.ldif 20:05:19 04/27/17 Running: /bin/su ldap -c cd /install/community-edition-setup; /opt/symas/bin/slapadd -b o=gluu -f /opt/symas/etc/openldap/slapd.conf -l ./output/clients.ldif 20:05:19 04/27/17 Running: /bin/su ldap -c cd /install/community-edition-setup; /opt/symas/bin/slapadd -b o=gluu -f /opt/symas/etc/openldap/slapd.conf -l ./output/people.ldif 20:05:19 04/27/17 Running: /bin/su ldap -c cd /install/community-edition-setup; /opt/symas/bin/slapadd -b o=gluu -f /opt/symas/etc/openldap/slapd.conf -l ./output/groups.ldif 20:05:19 04/27/17 Running: /bin/su ldap -c cd /install/community-edition-setup; /opt/symas/bin/slapadd -b o=site -f /opt/symas/etc/openldap/slapd.conf -l ./static/cache-refresh/o_site.ldif 20:05:19 04/27/17 Running: /bin/su ldap -c cd /install/community-edition-setup; /opt/symas/bin/slapadd -b o=gluu -f /opt/symas/etc/openldap/slapd.conf -l ./output/scripts.ldif 20:05:19 04/27/17 Running: /bin/su ldap -c cd /install/community-edition-setup; /opt/symas/bin/slapadd -b o=gluu -f /opt/symas/etc/openldap/slapd.conf -l ./output/configuration.ldif 20:05:19 04/27/17 Running: /bin/su ldap -c cd /install/community-edition-setup; /opt/symas/bin/slapadd -b o=gluu -f /opt/symas/etc/openldap/slapd.conf -l ./output/scim.ldif 20:05:19 04/27/17 Running: /bin/su ldap -c cd /install/community-edition-setup; /opt/symas/bin/slapadd -b o=gluu -f /opt/symas/etc/openldap/slapd.conf -l ./output/asimba.ldif 20:05:19 04/27/17 Running: /bin/su ldap -c cd /install/community-edition-setup; /opt/symas/bin/slapadd -b o=gluu -f /opt/symas/etc/openldap/slapd.conf -l ./output/passport.ldif 20:05:19 04/27/17 Running: /bin/su ldap -c cd /install/community-edition-setup; /opt/symas/bin/slapadd -b o=gluu -f /opt/symas/etc/openldap/slapd.conf -l ./output/oxpassport-config.ldif 20:05:19 04/27/17 Running: /bin/su ldap -c cd /install/community-edition-setup; /opt/symas/bin/slapadd -b o=gluu -f /opt/symas/etc/openldap/slapd.conf -l ./output/oxidp.ldif 20:05:19 04/27/17 Copying rendered templates to final destination ...<snip>... 20:05:22 04/27/17 Running: /bin/chown -R jetty:jetty /opt/gluu/jetty/identity 20:05:22 04/27/17 Copied ./output/jetty/identity to /etc/default 20:05:22 04/27/17 Running: /bin/chown root:root /etc/default/identity 20:05:22 04/27/17 Copied ./output/jetty/identity_web_resources.xml to /opt/gluu/jetty/identity/webapps 20:05:22 04/27/17 Running: /bin/ln -sf /opt/jetty/bin/jetty.sh /etc/init.d/identity 20:05:22 04/27/17 Running: /usr/sbin/update-rc.d identity defaults 60 20 20:05:22 04/27/17 insserv: script identity: service jetty already provided! insserv: exiting now! update-rc.d: error: insserv rejected the script header ...<snip>... * Starting enhanced syslogd rsyslogd ...done. 20:05:23 04/27/17 Running: /usr/sbin/service solserver start 20:05:23 04/27/17 Symas OpenLDAP LDAP services slapd starting... done. 20:05:23 04/27/17 Running: /usr/sbin/service oxauth start 20:05:31 04/27/17 Run: /usr/sbin/service oxauth start with result code: 0 20:05:31 04/27/17 Running: /usr/sbin/service identity start 20:05:43 04/27/17 Run: /usr/sbin/service identity start with result code: 0 20:05:43 04/27/17 Saving properties to ./setup.properties.last ``` This is the output of `service --status-all` after logging in using `service gluu-server-3.0.1 login`: ``` root@idp-dev:~# service --status-all [ + ] apache-htcacheclean [ + ] apache2 [ - ] bootmisc.sh [ - ] checkfs.sh [ - ] checkroot-bootclean.sh [ - ] checkroot.sh [ + ] cron [ + ] dbus [ - ] hostname.sh [ ? ] hwclock.sh [ + ] identity [ - ] killprocs [ + ] memcached [ - ] mountall-bootclean.sh [ - ] mountall.sh [ - ] mountdevsubfs.sh [ - ] mountkernfs.sh [ - ] mountnfs-bootclean.sh [ - ] mountnfs.sh [ ? ] ondemand [ + ] oxauth [ - ] procps [ - ] rc.local [ - ] rsync [ + ] rsyslog [ - ] sendsigs [ + ] solserver [ - ] umountfs [ - ] umountnfs.sh [ - ] umountroot [ - ] urandom ``` And finally, the output from cURL: ``` curl -v --insecure "https://idp-test.mydomain.com/identity/" * Trying 52.44.135.79... * TCP_NODELAY set * Connected to idp-test.mydomain.com (52.44.135.79) port 443 (#0) * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 * Server certificate: idp-test.mydomain.com > GET /identity/ HTTP/1.1 > Host: idp-dev.reboundanalytics.com > User-Agent: curl/7.51.0 > Accept: */* > < HTTP/1.1 503 Service Unavailable < Date: Thu, 27 Apr 2017 21:17:03 GMT < Server: Jetty(9.3.15.v20161220) < X-Frame-Options: SAMEORIGIN < X-Xss-Protection: 1; mode=block < X-Content-Type-Options: nosniff < Strict-Transport-Security: max-age=31536000; includeSubDomains < Cache-Control: must-revalidate,no-cache,no-store < Content-Type: text/html;charset=iso-8859-1 < Content-Length: 336 < Connection: close < <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/> <title>Error 503 </title> </head> <body> <h2>HTTP ERROR: 503</h2> <p>Problem accessing /identity/. Reason: <pre> Service Unavailable</pre></p> <hr /><a href="http://eclipse.org/jetty">Powered by Jetty:// 9.3.15.v20161220</a><hr/> </body> </html> * Curl_http_done: called premature == 0 * Closing connection 0 ```

By William Lowe user 27 Apr 2017 at 4:35 p.m. CDT

William Lowe gravatar
Hi David, Looks like a similar issue to [this ticket](https://support.gluu.org/installation/3971/gluu-server-503-error/). Have you compared notes? Check [this search](https://support.gluu.org/search/?q=503&category=&status=&server_version=&os_version=) here on support, and sort by Newest. It looks like there are some similar community tickets already. Thanks, Will

By David Avendasora user 28 Apr 2017 at 6:58 a.m. CDT

David Avendasora gravatar
Hi Will, thanks for you time helping me figure this out. _(I posted this reply a few minutes ago, but realized the wording was a bit awkward, so I'm replacing it with this post)_ I did see that ticket, and several others documenting similar problems, but none of them seemed to help. The AWS Instance Type that I am trying to launch this on is a `t2.xlarge`, which has 4 "vCPUs" and 16GiB of Memory. As you can see in the properties file I'm using when running `setup.py`, I'm allocating 12,288 MB of the 16GiB to Gluu's applications. Unless I'm missing something fundamental about what a "vCPU" is, this should be plenty of power and memory for everything I selected to run. Here's the output of checking on the LDAP server: ``` root@idp-dev:~# netstat -antlp | grep 1636 | grep LISTEN tcp 0 0 127.0.0.1:1636 0.0.0.0:* LISTEN 4708/slapd ``` ``` root@idp-dev:~# ps -ef | grep slapd` ldap 4708 1 0 Apr27 ? 00:00:00 /opt/symas/lib64/slapd -u ldap -g ldap -h ldaps://127.0.0.1:1636/ root 6511 6246 0 11:33 pts/0 00:00:00 grep --color=auto slapd ``` So I tried restarting the services: ``` root@idp-dev:~# service oxauth stop Stopping Jetty: OK root@idp-dev:~# service identity stop Stopping Jetty: OK root@idp-dev:~# service oxauth start Starting Jetty: . OK Fri Apr 28 11:11:40 UTC 2017 root@idp-dev:~# service identity start Starting Jetty: . . OK Fri Apr 28 11:11:59 UTC 2017 ``` Unfortunately, I am still getting the `503 SERVICE UNAVAILABLE` response to the `/identity/` endpoint. `oxtrust.log` contains the same `Failed to load configuration from LDAP` message: ``` 2017-04-28 11:11:55,572 INFO [main] [org.gluu.oxtrust.config.OxTrustConfiguration] (OxTrustConfiguration.java:206) - Loading configuration from LDAP... 2017-04-28 11:11:55,586 ERROR [main] [org.gluu.oxtrust.config.OxTrustConfiguration] (OxTrustConfiguration.java:240) - Failed to load configuration from LDAP org.gluu.site.ldap.persistence.exception.EntryPersistenceException: Failed to find entry: ou=oxtrust,ou=configuration,inum=@!813D.9FF0.8BA3.6B8E!0002!C615.B4DF,ou=appliances,o=gluu at org.gluu.site.ldap.persistence.LdapEntryManager.find(LdapEntryManager.java:259) ~[oxLdap-3.0.1.jar:?] ```

By Aliaksandr Samuseu staff 28 Apr 2017 at 9:29 a.m. CDT

Aliaksandr Samuseu gravatar
Hi, David. Your issue is this: ``` 2017-04-27 20:05:30,367 ERROR [main] [org.xdi.oxauth.model.config.ConfigurationFactory] (ConfigurationFactory.java:130) - Failed to load configuration from LDAP. Please fix it!!!. ``` - Have you disabled SELinux on this host? - Do all services start when you start Gluu service? Try next: - What do `# netstat -nlpt` and `# ps -aux | grep -i -E 'java|slapd'` show inside container? - Do restart of the whole Gluu service, then, if you'll still see "cannot load configuration" errors in oxauth/identity logs, please try to restart oxauth and identity services in the container, wait for 10 minutes and check wheter you can access web UI now.

By David Avendasora user 28 Apr 2017 at 11:14 a.m. CDT

David Avendasora gravatar
Hi Aliaksandr, Yes, I know that the issue is that it isn't connecting to LDAP. Trying to figure out why. - I have not disabled/enabled SELinux. The EC2 instance is created and the download and install of Gluu is done immediately after the instance finishes starting up according to [these instructions](https://gluu.org/docs/ce/3.0.1/installation-guide/install/). - How do I tell what services start when I start the Gluu service? I've checked the logs for oxauth and identity. Is there a different way? - Here's the output of your requested commands. I ran them immediately after `setup.py` finished installing and confirming that `/identity/` still responded with a `503` - `# netstat -nlpt` ``` Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 3211/memcached tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1340/sshd tcp 0 0 127.0.0.1:1636 0.0.0.0:* LISTEN 4699/slapd tcp6 0 0 :::80 :::* LISTEN 4509/apache2 tcp6 0 0 127.0.0.1:8081 :::* LISTEN 4729/java tcp6 0 0 127.0.0.1:8082 :::* LISTEN 4805/java tcp6 0 0 :::22 :::* LISTEN 1340/sshd tcp6 0 0 :::443 :::* LISTEN 4509/apache2 ``` - `# ps -aux | grep -i -E 'java|slapd'` ``` ldap 4699 0.0 0.0 2310720 9020 ? Ssl 15:24 0:00 /opt/symas/lib64/slapd -u ldap -g ldap -h ldaps://127.0.0.1:1636/ jetty 4729 4.0 6.7 6021716 1111112 ? Sl 15:24 0:21 /opt/jre/bin/java -server -Xms256m -Xmx1843m -XX:+DisableExplicitGC -Dgluu.base=/etc/gluu -Dpython.home=/opt/jython -Dcatalina.base=/opt/gluu/jetty/oxauth -Djetty.logging.dir=/opt/gluu/jetty/oxauth/logs -Djetty.home=/opt/jetty -Djetty.base=/opt/gluu/jetty/oxauth -Djava.io.tmpdir=/opt/jetty-9.3/temp -jar /opt/jetty/start.jar jetty.http.host=localhost jetty.http.port=8081 jetty.state=/opt/gluu/jetty/oxauth/oxauth.state jetty-logging.xml jetty-started.xml start-log-file=/opt/gluu/jetty/oxauth/logs/start.log jetty 4805 4.8 7.2 5443148 1183168 ? Sl 15:25 0:26 /opt/jre/bin/java -server -Xms256m -Xmx1229m -XX:+DisableExplicitGC -Dgluu.base=/etc/gluu -Dcatalina.base=/opt/gluu/jetty/identity -Dpython.home=/opt/jython -Dorg.eclipse.jetty.server.Request.maxFormContentSize=50000000 -Djetty.logging.dir=/opt/gluu/jetty/identity/logs -Djetty.home=/opt/jetty -Djetty.base=/opt/gluu/jetty/identity -Djava.io.tmpdir=/opt/jetty-9.3/temp -jar /opt/jetty/start.jar jetty.http.host=localhost jetty.http.port=8082 jetty.state=/opt/gluu/jetty/identity/identity.state jetty-logging.xml jetty-started.xml start-log-file=/opt/gluu/jetty/identity/logs/start.log root 4867 0.0 0.0 11284 1036 pts/0 S+ 15:33 0:00 grep --color=auto -i -E java|slapd ``` I then did the following: 1. Ran `# service gluu-server-3.0.1 restart` 1. Ran `# curl -v --insecure "https://idp-test.mydomain.com/identity/"` - Response: `503` 1. Ran `# service gluu-server-3.0.1 login`, 1. Checked `oxauth.log` and `oxtrust.log` - Results: Both still show: ``` Failed to load configuration from LDAP. Please fix it!!!. ``` 1. Waited 10 minutes 1. Ran `# curl -v --insecure "https://idp-test.mydomain.com/identity/"` - Response: `503`

By David Avendasora user 28 Apr 2017 at 11:39 a.m. CDT

David Avendasora gravatar
Hi Will, Aliaksandr, #### I believe I fixed it! But I'm not sure _why_ what I did fixed it. While waiting the ten minutes Aliaksandr requested, I simplified my setup. Yeah, I know, I know. Originally I setup the EC2 instance with two Network Interfaces (and therefore two different external IP addresses). One for private SSH access and the other for public HTTPS connections. To simplify it, I changed the setup to only have one Network Interface (and therefore only one external IP address). I then recreated the instance from scratch and setup Gluu following the same exact steps as I did previously, only now oxAuth and oxTrust connected to the LDAP server without any problems! ``` (OxTrustConfiguration.java:133) - Configuration loaded successfully. ``` On another note, while trying to get this working, I created a AWS Cloud Formation template for creating and configuring a Gluu server. I think it could be helpful for others to use when setting up Gluu. I've put it in a [repository on GitHub](https://github.com/avendasora/GluuAWS). I've only really tested installing 3.0.1 with it, but it should be a good starting point for getting 2.4.4 and future versions installed as well.

By William Lowe user 28 Apr 2017 at 11:42 a.m. CDT

William Lowe gravatar
Very cool! We will review. Thanks for the update.

By Aliaksandr Samuseu staff 28 Apr 2017 at 12:37 p.m. CDT

Aliaksandr Samuseu gravatar
Thanks, Arsen. We may need to include multi-homed setups into our basic install tests, if it isn't done yet.

By David McWhinnie user 29 Apr 2017 at 1:02 a.m. CDT

David McWhinnie gravatar
David, are you sure it is fixed? Have you tried restarting? I am having the exact same issue. on first install and setup it works, but then after a restart it no longer works. I get the same errors about the missing json files ``` /etc/gluu/conf/oxauth-config.json (No such file or directory) ``` When looking at my /etc/gluu/conf folder, I only have a few items there. ``` root@gluu:~# cd /etc/gluu/conf/ root@gluu:/etc/gluu/conf# ls ox-ldap.properties oxTrustLogRotationConfiguration.xml passport-config.json salt ``` I'm also running same OS, on AWS

By Aliaksandr Samuseu staff 29 Apr 2017 at 5:57 a.m. CDT

Aliaksandr Samuseu gravatar
Hi, David. After you start/restart the whole Gluu service, or reboot your host, if you can't access web UI or/and see some errors in logs which say configuration couldn't be loaded from LDAP, it's worth trying to restart oxAuth, then oxTrust services: - `# service oxauth restart` - `# service identity restart` Then wait for 5-10 minutes and try to access it again. Sometimes those services may start before OpenLDAP is loaded completely, leading to an issue.

By David McWhinnie user 29 Apr 2017 at 9:22 a.m. CDT

David McWhinnie gravatar
thanks. that was it. restarted and all good now.