By: Pawel Zaras user 04 Nov 2019 at 2:43 a.m. CST

21 Responses
Pawel Zaras gravatar
Hi, I installed Gluu from this manual: https://gluu.org/docs/ce/4.0/installation-guide/install-docker/ After the container installation with oxauth, it restarts all the time: ![](https://ibb.co/Pmm1Xht) This is repeated in the container logs: ``` INFO - pygluu.containerlib.wait - 2019-11-04 08:32:48,940 - Config is ready INFO - pygluu.containerlib.wait - 2019-11-04 08:32:49,150 - Secret is ready INFO - pygluu.containerlib.wait - 2019-11-04 08:32:49,543 - LDAP is ready Traceback (most recent call last): File "/app/scripts/entrypoint.py", line 107, in <module> main() File "/app/scripts/entrypoint.py", line 89, in main get_server_certificate(manager.config.get("hostname"), 443, "/etc/certs/gluu_https.crt") File "/src/pygluu-containerlib/pygluu/containerlib/utils.py", line 147, in get_server_certificate conn = ssl.create_connection((host, port)) File "/usr/lib/python2.7/socket.py", line 575, in create_connection raise err socket.error: [Errno 113] Host is unreachable ``` Any of you have encountered such a problem? Or someone has any idea how to solve it? BR, Paweł.

By Mohammad Abudayyeh staff 04 Nov 2019 at 3:14 a.m. CST

Mohammad Abudayyeh gravatar
Hey Pawel Zaras , The hostname provided (FQDN) is not reachable and hence it can't grab the certificate associated. If you are not using a registered Domain, an entry inside the containers should exist at `/etc/hosts` pointing `NGINX_IP FQDN`. This should automatically be set, unless your IP at the beginning of installation is wrong or your docker containers can't communicate. Can you cat `/etc/hosts` inside the pod and attach. Is this a local VM or on cloud ? Thanks, Mohammad Abudayyeh

By Pawel Zaras user 04 Nov 2019 at 3:24 a.m. CST

Pawel Zaras gravatar
Hi, Thank you for answer! It is a local virtual machine. During installation, I set the domain xxx.yyy.pl in / etc / hosts I have it given as: ``` 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 127.0.0.1 xxxx.yyy.pl myip_address xxx.yyy.pl ``` Thanks, Paweł Zaraś.

By Mohammad Abudayyeh staff 04 Nov 2019 at 3:47 a.m. CST

Mohammad Abudayyeh gravatar
Hey, ok so the ip you placed or generated at the beginning of installation is wrong. Your VM should have an IP to it, like `192.168.1.5` . The ip you would use to ssh into this centos VM is the IP you would place upon installation. Run `run_all.sh down` to remove everything. Then remove the parent folder and restart with the instructions https://gluu.org/docs/ce/4.0/installation-guide/install-docker/. When you are asked to verify the IP of the VM you are installing on make sure it is the actual ip of your VM if not , the script will give you the chance to manually enter it. Thanks,

By Pawel Zaras user 04 Nov 2019 at 3:53 a.m. CST

Pawel Zaras gravatar
But in the installation script I gave the machine's IP address. The one after which I connect via ssh. Is this not correct?

By Mohammad Abudayyeh staff 04 Nov 2019 at 3:59 a.m. CST

Mohammad Abudayyeh gravatar
The machines IP address is correct. But what I notice in your previous note ``` 127.0.0.1 xxxx.yyy.pl myip_address xxx.yyy.pl ``` `127.0.0.1` this is wrong. You should only see one entry which is `myip_address xxx.yyy.pl` thats why your container is restarting. It keeps on going to `127.0.0.1` which has nothing to offer.

By Pawel Zaras user 04 Nov 2019 at 4:02 a.m. CST

Pawel Zaras gravatar
Ok, but this entry from /etc/hosts comes from my VM. Should I check it at container level? Whose? Should I leave only the entry my_ip xxx.yyy.pl in VM /etc/hosts

By Mohammad Abudayyeh staff 04 Nov 2019 at 4:04 a.m. CST

Mohammad Abudayyeh gravatar
Yes there should only be one entry i.e one ip pointing to your FQDN of choice.

By Pawel Zaras user 04 Nov 2019 at 4:08 a.m. CST

Pawel Zaras gravatar
In this case, it is not enough to delete only the remaining entries and it should work?

By Mohammad Abudayyeh staff 04 Nov 2019 at 4:20 a.m. CST

Mohammad Abudayyeh gravatar
It should work but the issue is when and if the container restarts it will rewrite whatever you had before. You can try that though

By Pawel Zaras user 04 Nov 2019 at 4:34 a.m. CST

Pawel Zaras gravatar
In /etc/hosts I only have the entry: ``` my_ip_address xxx.yyy.pl ``` I installed gluu again, but I still have the same situation ...

By Mohammad Abudayyeh staff 04 Nov 2019 at 4:59 a.m. CST

Mohammad Abudayyeh gravatar
can you show exactly `docker exec -ti oxauth -- cat /etc/hosts`

By Pawel Zaras user 04 Nov 2019 at 5:51 a.m. CST

Pawel Zaras gravatar
``` Error response from daemon: Container debbc64ac7b61c8e66d3a96891c356af3540cc409a29e8e19d2abecca57d3cdd is restarting, wait until the container is running ``` :(

By Mohammad Abudayyeh staff 04 Nov 2019 at 8:11 a.m. CST

Mohammad Abudayyeh gravatar
you have to try that when the container is in running state before it restarts. Run `docker container oxauth restart` then keep trying to execute the command above until you get the response. It does not fail right away .

By Pawel Zaras user 05 Nov 2019 at 4:46 a.m. CST

Pawel Zaras gravatar
Do you have any other idea? Since yesterday I have been trying to "catch" the container in running mode and I haven't managed it yet ....

By Mohammad Abudayyeh staff 05 Nov 2019 at 5:02 a.m. CST

Mohammad Abudayyeh gravatar
Sure . Lets first try a re-installation. - first run `./run_all.sh down`, then delete the directory holding all the files. - wget https://github.com/GluuFederation/community-edition-containers/archive/4.0.zip \ && unzip 4.0.zip - cd community-edition-containers-4.0/examples/single-host - chmod +x run_all.sh - ./run_all.sh For your FQDN try placing `demogluu.zaras.org` , for the IP please make sure the detected IP is the IP of your VM. The issue is clearly related to the ability of grabing the certificate which is due to networking or not having the right entries inside the `/etc/hosts` files inside the pods.

By Pawel Zaras user 05 Nov 2019 at 6:14 a.m. CST

Pawel Zaras gravatar
Unfortunately, it's still the same :( Of course, I changed /etc/hosts to the domain I gave. My containers and oxauth logs: ![My containers and oxauth logs](https://imgur.com/a/JzIKUyw "My containers and oxauth logs")

By Mohammad Abudayyeh staff 05 Nov 2019 at 8:19 a.m. CST

Mohammad Abudayyeh gravatar
Ok I will try to replicate and attach a video for you.

By Mohammad Abudayyeh staff 05 Nov 2019 at 9:12 a.m. CST

Mohammad Abudayyeh gravatar
Hey Pawel, We were not able to replicate your issue. I have attached a video of a full installation on CentOS7. Hopefully that helps you. If you are unsuccessful in installing gluu and run into the same issue add the following to `svc.oxauth.yml` : `command: sh -c "sleep 60 && /app/scripts/entrypoint.sh"` like so : ``` services: oxauth: image: gluufederation/oxauth:4.0.1_01 command: sh -c "sleep 60 && /app/scripts/entrypoint.sh" environment: - GLUU_CONFIG_CONSUL_HOST=consul - GLUU_SECRET_VAULT_HOST=vault - GLUU_PERSISTENCE_TYPE=${PERSISTENCE_TYPE} - GLUU_PERSISTENCE_LDAP_MAPPING=${PERSISTENCE_LDAP_MAPPING} - GLUU_LDAP_URL=ldap:1636 - GLUU_COUCHBASE_URL=${COUCHBASE_URL} - GLUU_COUCHBASE_USER=${COUCHBASE_USER} extra_hosts: - "${DOMAIN}:${HOST_IP}" container_name: oxauth ``` This will allow you to run `docker exec -ti oxauth cat /etc/hosts` best

By Pawel Zaras user 05 Nov 2019 at 3:28 p.m. CST

Pawel Zaras gravatar
Thanks for the video. Until now, I've done everything like in the video, but I did it again (I changed the yaml file). Unfortunately, it still doesn't work :( The plus is that I have / etc / hosts from the oxauth container. ``` 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 192.168.123.223 demogluu.zaras.org 172.24.0.5 1134ac8305d5 ```

By Mohammad Abudayyeh staff 06 Nov 2019 at 11:03 a.m. CST

Mohammad Abudayyeh gravatar
Your `/etc/hosts` file looks fine. Ok can you try to ping your ip from inside the pod. Also lets take a look at the list of ips for your vm.

By Mohammad Abudayyeh staff 10 Nov 2019 at 9:39 p.m. CST

Mohammad Abudayyeh gravatar
We haven't heard back from you. Have you resolved the issue ? if not please try to ping your ip at port 443 and 80. Your firewall at the VM might be blocking those ports.