Identity shows 503 after installation

By: Michael Stoll user 27 Nov 2018 at 2:20 p.m. CST

6 Responses
Michael Stoll gravatar
Hey together, I'm very new to gluu. I've tried to install gluu server 3.1.4 in the OpenTelekomCloud, but after ./setup.py it shows me Error 503 Service Unavailable. My System setup is: 2 virtual CPUs, 8GB Ram, 60 disk, Ubuntu 16.04 (with ufw allow 443, 80, 22) Edit: Ports also opened in the security group in the OpenTelekomCloud After installation was complete i open auth.vereint.community with Chrome Browser. Please give me a short hint, if you need more information from me :) Thanks for the support ### Setup.py: ``` Enter IP Address [10.0.0.89] : 80.158.*.* Enter hostname [ecs-80-158-*-*.reverse.open-telekom-cloud.com] : auth.vereint.community Enter your city or locality : Pfullingen Enter your state or province two letter code : BW Enter two letter Country Code : DE Enter Organization Name : Vereint GBR Enter email address for support at your organization : info@vereint.community Enter maximum RAM for applications in MB [3072] : 6144 Optional: enter password for oxTrust and LDAP superuser [D9rVjCLbWZbP] : *** Install oxAuth OAuth2 Authorization Server? [Yes] : Install oxTrust Admin UI? [Yes] : Install LDAP Server? [Yes] : Install (1) Gluu OpenDj (2) OpenLDAP Gluu Edition [1|2] [1] : Install Apache HTTPD Server [Yes] : Install Shibboleth SAML IDP? [No] : Install oxAuth RP? [No] : Install Passport? [No] : Install Asimba SAML Proxy? [No] : Install JCE 1.8? [Yes] : You must accept the Oracle Binary Code License Agreement for the Java SE Platform Products to download this software. Accept License Agreement? [Yes] : hostname auth.vereint.community orgName Vereint GBR os ubuntu city Pfullingen state BW countryCode DE support email info@vereint.community Applications max ram 6144 Admin Pass *** Install oxAuth True Install oxTrust True Install LDAP True Install JCE 1.8 True Install Apache 2 web server True Install Shibboleth SAML IDP False Install Asimba SAML Proxy False Install oxAuth RP False Install Passport False Proceed with these values [Y|n] Y Installing [###################################] Completed Gluu Server installation successful! Point your browser to https://auth.vereint.community ``` ### Logs setup_error.logs ``` 19:18:44 11/27/18 Installing Gluu Server 19:23:40 11/27/18 Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /etc/certs/scim-rs.jks -destkeystore /etc/certs/scim-rs.jks -deststoretype pkcs12". 19:23:45 11/27/18 Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore ./output/scim-rp.jks -destkeystore ./output/scim-rp.jks -deststoretype pkcs12". 19:23:50 11/27/18 Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /etc/certs/passport-rs.jks -destkeystore /etc/certs/passport-rs.jks -deststoretype pkcs12". 19:23:56 11/27/18 Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /etc/certs/passport-rp.jks -destkeystore /etc/certs/passport-rp.jks -deststoretype pkcs12". 19:24:02 11/27/18 Generating RSA private key, 2048 bit long modulus ....................................+++ ..............................+++ e is 65537 (0x10001) 19:24:02 11/27/18 writing RSA key 19:24:02 11/27/18 Signature ok subject=/C=DE/ST=BW/L=Pfullingen/O=Vereint GBR/CN=auth.vereint.community/emailAddress=info@vereint.community Getting Private key 19:24:02 11/27/18 Certificate was added to keystore 19:24:02 11/27/18 Generating RSA private key, 2048 bit long modulus ...+++ ...................+++ e is 65537 (0x10001) 19:24:02 11/27/18 writing RSA key 19:24:02 11/27/18 Signature ok subject=/C=DE/ST=BW/L=Pfullingen/O=Vereint GBR/CN=auth.vereint.community/emailAddress=info@vereint.community Getting Private key 19:24:03 11/27/18 Certificate was added to keystore 19:24:03 11/27/18 Generating RSA private key, 2048 bit long modulus .............................................+++ .............................................................................................................................................................+++ e is 65537 (0x10001) 19:24:03 11/27/18 writing RSA key 19:24:03 11/27/18 Signature ok subject=/C=DE/ST=BW/L=Pfullingen/O=Vereint GBR/CN=auth.vereint.community/emailAddress=info@vereint.community Getting Private key 19:24:04 11/27/18 Certificate was added to keystore 19:24:04 11/27/18 Generating RSA private key, 2048 bit long modulus ...............................................................+++ ...........................................................................................+++ e is 65537 (0x10001) 19:24:04 11/27/18 writing RSA key 19:24:04 11/27/18 Signature ok subject=/C=DE/ST=BW/L=Pfullingen/O=Vereint GBR/CN=auth.vereint.community/emailAddress=info@vereint.community Getting Private key 19:24:05 11/27/18 Certificate was added to keystore 19:24:05 11/27/18 Generating RSA private key, 2048 bit long modulus .................................+++ ...........................................................................................+++ e is 65537 (0x10001) 19:24:05 11/27/18 writing RSA key 19:24:05 11/27/18 Signature ok subject=/C=DE/ST=BW/L=Pfullingen/O=Vereint GBR/CN=auth.vereint.community/emailAddress=info@vereint.community Getting Private key 19:24:06 11/27/18 Certificate was added to keystore 19:24:06 11/27/18 Generating RSA private key, 2048 bit long modulus ..................+++ .................+++ e is 65537 (0x10001) 19:24:06 11/27/18 writing RSA key 19:24:06 11/27/18 Signature ok subject=/C=DE/ST=BW/L=Pfullingen/O=Vereint GBR/CN=localhost/emailAddress=info@vereint.community Getting Private key 19:24:06 11/27/18 Certificate was added to keystore 19:24:07 11/27/18 Importing keystore /etc/certs/shibIDP.pkcs12 to /etc/certs/shibIDP.jks... Entry for alias auth.vereint.community successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /etc/certs/shibIDP.jks -destkeystore /etc/certs/shibIDP.jks -deststoretype pkcs12". 19:24:09 11/27/18 Importing keystore /etc/certs/asimba.pkcs12 to /etc/certs/asimbaIDP.jks... Entry for alias auth.vereint.community successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /etc/certs/asimbaIDP.jks -destkeystore /etc/certs/asimbaIDP.jks -deststoretype pkcs12". 19:24:09 11/27/18 Warning: The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /etc/certs/oxauth-keys.jks -destkeystore /etc/certs/oxauth-keys.jks -deststoretype pkcs12". 19:39:23 11/27/18 Unable to connect to the server at "localhost" on port 4444 19:39:26 11/27/18 Unable to connect to the server at "localhost" on port 4444 19:39:29 11/27/18 Unable to connect to the server at "localhost" on port 4444 19:39:31 11/27/18 Unable to connect to the server at "localhost" on port 4444 19:39:35 11/27/18 Unable to connect to the server at "localhost" on port 4444 19:39:37 11/27/18 Unable to connect to the server at "localhost" on port 4444 19:39:40 11/27/18 Unable to connect to the server at "localhost" on port 4444 19:39:43 11/27/18 Unable to connect to the server at "localhost" on port 4444 19:39:45 11/27/18 Unable to connect to the server at "localhost" on port 4444 19:39:48 11/27/18 Unable to connect to the server at "localhost" on port 4444 19:39:51 11/27/18 Unable to connect to the server at "localhost" on port 4444 19:39:54 11/27/18 Unable to connect to the server at "localhost" on port 4444 19:39:56 11/27/18 Unable to connect to the server at "localhost" on port 4444 19:39:59 11/27/18 Unable to connect to the server at "localhost" on port 4444 19:39:59 11/27/18 Certificate stored in file </etc/certs/opendj.crt> 19:40:00 11/27/18 Importing keystore /opt/opendj/config/truststore to /etc/certs/opendj.pkcs12... 19:40:00 11/27/18 Certificate was added to keystore 19:40:03 11/27/18 Unable to connect to the server at "localhost" on port 4444 ... (same as above only other timestamp) 19:41:31 11/27/18 Unable to connect to the server at "localhost" on port 4444 19:41:33 11/27/18 Connect Error Result Code: 91 (Connect Error) ... (same as above only other timestamp) 19:42:03 11/27/18 Connect Error Result Code: 91 (Connect Error) 19:42:06 11/27/18 INFO : webapp transitively enabled, ini template available with --add-to-start=webapp INFO : ext initialized in ${jetty.base}/start.ini INFO : server initialized in ${jetty.base}/start.ini INFO : mail transitively enabled INFO : servlet transitively enabled INFO : jsp initialized in ${jetty.base}/start.ini INFO : http-forwarded initialized in ${jetty.base}/start.ini INFO : annotations initialized in ${jetty.base}/start.ini INFO : resources initialized in ${jetty.base}/start.ini INFO : transactions transitively enabled INFO : threadpool transitively enabled, ini template available with --add-to-start=threadpool INFO : plus transitively enabled INFO : deploy initialized in ${jetty.base}/start.ini INFO : security transitively enabled INFO : apache-jsp transitively enabled INFO : websocket initialized in ${jetty.base}/start.ini INFO : jndi transitively enabled INFO : console-capture initialized in ${jetty.base}/start.ini INFO : http initialized in ${jetty.base}/start.ini INFO : client transitively enabled MKDIR : ${jetty.base}/resources MKDIR : ${jetty.base}/webapps MKDIR : ${jetty.base}/logs INFO : Base directory was modified 19:42:07 11/27/18 INFO : webapp transitively enabled, ini template available with --add-to-start=webapp INFO : ext initialized in ${jetty.base}/start.ini INFO : server initialized in ${jetty.base}/start.ini INFO : mail transitively enabled INFO : servlet transitively enabled INFO : jsp initialized in ${jetty.base}/start.ini INFO : http-forwarded initialized in ${jetty.base}/start.ini INFO : annotations initialized in ${jetty.base}/start.ini INFO : resources initialized in ${jetty.base}/start.ini INFO : transactions transitively enabled INFO : threadpool transitively enabled, ini template available with --add-to-start=threadpool INFO : plus transitively enabled INFO : deploy initialized in ${jetty.base}/start.ini INFO : security transitively enabled INFO : apache-jsp transitively enabled INFO : websocket initialized in ${jetty.base}/start.ini INFO : jndi transitively enabled INFO : console-capture initialized in ${jetty.base}/start.ini INFO : http initialized in ${jetty.base}/start.ini INFO : client transitively enabled MKDIR : ${jetty.base}/resources MKDIR : ${jetty.base}/webapps MKDIR : ${jetty.base}/logs INFO : Base directory was modified ```
Ubuntu 16.04
closed

Answers

By Mohib Zico staff 27 Nov 2018 at 2:45 p.m. CST

Copy
Mohib Zico gravatar
Hello Michael, Seems like problem is there with 'localhost:4444'. `4444` is the administrative port for OpenDJ. Generally in DigitalOcean or AWS / VMWare or VirtualBox; this port is being opened by Gluu Server installation script.

By Michael Stoll user 27 Nov 2018 at 3 p.m. CST

Copy
Michael Stoll gravatar
Thanks for your quick response! So i have to open this port manually? Can u tell me where (security group, ubuntu, gluu-server)? After i open the port, do i have the restart the complete gluu-server or just the services in the server? The netstat of gluu-server: ``` root@localhost:/# netstat -nlpt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1149/sshd tcp6 0 0 :::80 :::* LISTEN 5448/apache2 tcp6 0 0 127.0.0.1:8081 :::* LISTEN 5757/java tcp6 0 0 127.0.0.1:8082 :::* LISTEN 5953/java tcp6 0 0 :::22 :::* LISTEN 1149/sshd tcp6 0 0 :::443 :::* LISTEN 5448/apache2 ``` Ubuntu ufw: ``` sudo ufw status Status: active To Action From -- ------ ---- 22 ALLOW Anywhere 80 ALLOW Anywhere 443 ALLOW Anywhere 22 (v6) ALLOW Anywhere (v6) 80 (v6) ALLOW Anywhere (v6) 443 (v6) ALLOW Anywhere (v6) ``` Ubuntu: netstat: ``` netstat -nltp (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN - tcp6 0 0 :::80 :::* LISTEN - tcp6 0 0 127.0.0.1:8081 :::* LISTEN - tcp6 0 0 127.0.0.1:8082 :::* LISTEN - tcp6 0 0 :::22 :::* LISTEN - tcp6 0 0 :::443 :::* LISTEN - ```

By Mohib Zico staff 29 Nov 2018 at 8:06 a.m. CST

Copy
Mohib Zico gravatar
I would open it inside Gluu-server container, listening would be localhost.

By Michael Stoll user 29 Nov 2018 at 4 p.m. CST

Copy
Michael Stoll gravatar
Thanks for your help. I've searched here and on google how to open the port, but i can't find something that works, do you have a correct command? I just find some more informations that are maybe helpful(from setup.log): ``` 16:43:05 11/29/18 Running: /bin/su ldap -c cd /opt/opendj ; export OPENDJ_JAVA_HOME=/opt/jre ; /opt/opendj/setup --no-prompt --cli --propertiesFilePath /opt/opendj/opendj-setup.properties --acceptLicense 16:52:23 11/29/18 See /tmp/opendj-setup-689375819839093057.log for a detailed log of this operation. Configuring Directory Server ..... Done. Configuring Certificates ..... Done. Starting Directory Server ................................................................................................................................................................................... Done. To see basic server configuration status and configuration you can launch /opt/opendj/bin/status 16:52:23 11/29/18 Running: /bin/su ldap -c cd /opt/opendj/bin ; /opt/opendj/bin/dsjavaproperties 16:52:23 11/29/18 The operation was successful. The server commands will use the java arguments and java home specified in the properties file located in /opt/opendj/config/java.properties 16:52:23 11/29/18 Running: /bin/su ldap -c cd /opt/opendj/bin ; /opt/opendj/bin/stop-ds 16:54:33 11/29/18 Stopping Server... [29/Nov/2018:16:52:58 +0000] category=EXTENSIONS severity=WARNING msgID=org.opends.messages.core.113 msg=Worker Thread 0 was interrupted while waiting for new work: java.lang.InterruptedException. This should not happen, but the thread will resume waiting for new work so there should be no adverse effects [29/Nov/2018:16:52:58 +0000] category=EXTENSIONS severity=WARNING msgID=org.opends.messages.core.113 msg=Worker Thread 1 was interrupted while waiting for new work: java.lang.InterruptedException. This should not happen, but the thread will resume waiting for new work so there should be no adverse effects [29/Nov/2018:16:52:58 +0000] category=EXTENSIONS severity=WARNING msgID=org.opends.messages.core.113 msg=Worker Thread 3 was interrupted while waiting for new work: java.lang.InterruptedException. This should not happen, but the thread will resume waiting for new work so there should be no adverse effects [29/Nov/2018:16:52:58 +0000] category=EXTENSIONS severity=WARNING msgID=org.opends.messages.core.113 msg=Worker Thread 2 was interrupted while waiting for new work: java.lang.InterruptedException. This should not happen, but the thread will resume waiting for new work so there should be no adverse effects [29/Nov/2018:16:52:58 +0000] category=EXTENSIONS severity=WARNING msgID=org.opends.messages.core.113 msg=Worker Thread 4 was interrupted while waiting for new work: java.lang.InterruptedException. This should not happen, but the thread will resume waiting for new work so there should be no adverse effects [29/Nov/2018:16:52:58 +0000] category=EXTENSIONS severity=WARNING msgID=org.opends.messages.core.113 msg=Worker Thread 8 was interrupted while waiting for new work: java.lang.InterruptedException. This should not happen, but the thread will resume waiting for new work so there should be no adverse effects [29/Nov/2018:16:52:58 +0000] category=EXTENSIONS severity=WARNING msgID=org.opends.messages.core.113 msg=Worker Thread 6 was interrupted while waiting for new work: java.lang.InterruptedException. This should not happen, but the thread will resume waiting for new work so there should be no adverse effects [29/Nov/2018:16:52:58 +0000] category=EXTENSIONS severity=WARNING msgID=org.opends.messages.core.113 msg=Worker Thread 10 was interrupted while waiting for new work: java.lang.InterruptedException. This should not happen, but the thread will resume waiting for new work so there should be no adverse effects [29/Nov/2018:16:52:58 +0000] category=EXTENSIONS severity=WARNING msgID=org.opends.messages.core.113 msg=Worker Thread 7 was interrupted while waiting for new work: java.lang.InterruptedException. This should not happen, but the thread will resume waiting for new work so there should be no adverse effects [29/Nov/2018:16:52:58 +0000] category=EXTENSIONS severity=WARNING msgID=org.opends.messages.core.113 msg=Worker Thread 9 was interrupted while waiting for new work: java.lang.InterruptedException. This should not happen, but the thread will resume waiting for new work so there should be no adverse effects [29/Nov/2018:16:52:58 +0000] category=EXTENSIONS severity=WARNING msgID=org.opends.messages.core.113 msg=Worker Thread 5 was interrupted while waiting for new work: java.lang.InterruptedException. This should not happen, but the thread will resume waiting for new work so there should be no adverse effects [29/Nov/2018:16:52:58 +0000] category=EXTENSIONS severity=WARNING msgID=org.opends.messages.core.113 msg=Worker Thread 11 was interrupted while waiting for new work: java.lang.InterruptedException. This should not happen, but the thread will resume waiting for new work so there should be no adverse effects [29/Nov/2018:16:52:58 +0000] category=EXTENSIONS severity=WARNING msgID=org.opends.messages.core.113 msg=Worker Thread 12 was interrupted while waiting for new work: java.lang.InterruptedException. This should not happen, but the thread will resume waiting for new work so there should be no adverse effects [29/Nov/2018:16:52:58 +0000] category=EXTENSIONS severity=WARNING msgID=org.opends.messages.core.113 msg=Worker Thread 13 was interrupted while waiting for new work: java.lang.InterruptedException. This should not happen, but the thread will resume waiting for new work so there should be no adverse effects [29/Nov/2018:16:52:58 +0000] category=EXTENSIONS severity=WARNING msgID=org.opends.messages.core.113 msg=Worker Thread 15 was interrupted while waiting for new work: java.lang.InterruptedException. This should not happen, but the thread will resume waiting for new work so there should be no adverse effects [29/Nov/2018:16:52:58 +0000] category=EXTENSIONS severity=WARNING msgID=org.opends.messages.core.113 msg=Worker Thread 14 was interrupted while waiting for new work: java.lang.InterruptedException. This should not happen, but the thread will resume waiting for new work so there should be no adverse effects [29/Nov/2018:16:54:33 +0000] category=PLUGGABLE severity=NOTICE msgID=org.opends.messages.backend.370 msg=The backend userRoot is now taken offline [29/Nov/2018:16:54:33 +0000] category=CORE severity=NOTICE msgID=org.opends.messages.core.203 msg=The Directory Server is now stopped 16:54:33 11/29/18 Copying OpenDJ schema 16:54:33 11/29/18 Copied ./static/opendj/96-eduperson.ldif to /opt/opendj/config/schema 16:54:33 11/29/18 Copied ./static/opendj/101-ox.ldif to /opt/opendj/config/schema 16:54:33 11/29/18 Copied ./static/opendj/77-customAttributes.ldif to /opt/opendj/config/schema 16:54:33 11/29/18 Running: /bin/chmod -R a+rX /opt/opendj 16:54:33 11/29/18 Running: /bin/chown -R ldap:ldap /opt/opendj 16:54:34 11/29/18 Running: /opt/opendj/bin/create-rc-script --outputFile /etc/init.d/opendj --userName ldap 16:54:35 11/29/18 Running: /usr/sbin/update-rc.d opendj defaults start 40 30 16:54:35 11/29/18 Running: /usr/sbin/update-rc.d opendj enable 16:54:35 11/29/18 Running: /usr/sbin/service opendj start 16:58:00 11/29/18 The timeout of '200' seconds to start the server has been reached. You can use the argument '--timeout' to increase this timeout 16:58:00 11/29/18 Configuring OpenDJ 16:58:00 11/29/18 Running: /bin/su ldap -c cd /opt/opendj/bin ; /opt/opendj/bin/dsconfig --trustAll --no-prompt --hostname localhost --port 4444 --bindDN "cn=directory manager" --bindPasswordFile /home/ldap/.pw set-global-configuration-prop --set single-structural-objectclass-behavior:accept 16:58:02 11/29/18 Unable to connect to the server at "localhost" on port 4444 ```

By Mohib Zico staff 05 Dec 2018 at 2:28 a.m. CST

Copy
Mohib Zico gravatar
Hi Michael, It should be standard `ufw` or `iptables` or `firewalld` commands which can help you to achieve firewall related things. If that doesn't work.. I think you should talk to `OpenTelekomCloud` administrator. I am exactly not sure if I can test OpenTelekomCloud VM for you but a quick glance at their site seems like I need to punch my credit card. :-)

By Michael Stoll user 05 Dec 2018 at 10:07 a.m. CST

Copy
Michael Stoll gravatar
Thanks Mohib, I decide to wait with the auth challange and try it later in a kubernetes cluster. For our testing it is ok. Yes OTC is not free. I will close this ticket. Thanks for the help, i hope i don't need it for the cluster version later :)

Post an answer