Scripts and templates to automate deployment and configuration of the Gluu Server Community Edition
Home Page: https://gluu.org/docs/ce
License: MIT License
Ubuntu 14.04 from packages, from the setup.log
09:44:30 09/04/15 Running: /bin/chown apache:apache /etc/certs/httpd.key.orig
09:44:30 09/04/15 /bin/chown: invalid user: 'apache:apache'
09:44:30 09/04/15 Running: /bin/chmod 700 /etc/certs/httpd.key.orig
09:44:30 09/04/15 Running: /bin/chown apache:apache /etc/certs/httpd.key
09:44:30 09/04/15 /bin/chown: invalid user: 'apache:apache'
We need to allow tomcat user to execute these commands: facter, check_ssl
Currently gluu-server package covers upgrade process partially. It stop previous services in order to allow new package install. But there are user data which should be restored after upgrade.
What about next simple solution:
Something wrong with method of memcached servicdee configuration in Ubuntu. According to the setup logs:
16:58:36 02/10/15 Running: /usr/sbin/update-rc.d memcached start 30 3 .
16:58:36 02/10/15 System start/stop links for /etc/init.d/memcached already exist.
16:58:36 02/10/15 update-rc.d: warning: start runlevel arguments (3) do not match memcached Default-Start values (2 3 4 5)
update-rc.d: warning: stop runlevel arguments (none) do not match memcached Default-Stop values (0 1 6)
Attribute
6898cff9-4f92-4b58-b37c-2a2b6779b0b3
of
https://github.com/GluuFederation/community-edition-setup/blob/master/templates/oxauth-config.xml
should be in sync with generated web-keys
Admin user should have more attributes to allow request user profile scope
objectClass: eduPerson is not available for users in CE-v2.2. That's why no eduPerson* attributes can be added from oxTrust GUI. In order to add eduPerson* attribute, we need to add this objectClass first with ldapmodify.
We need to install jython into /opt/jython and add environment property to gluuTomcatWrapper.conf
There is more information in next topics:
http://ox.gluu.org/doku.php?id=oxtauth:customauthscript&s%5B%5D=jython#jython_python_integration
http://ox.gluu.org/doku.php?id=oxtauth:customauthscript&s%5B%5D=jython#jython_installation_optional
test
I'm running Centos 6.5 on VirtualBox. I followed the instructions, with the following differences for setup.py:
asked to update hostname, hosts, and resolv.conf files
asked to download latest oxAuth and oxTrust WAR files
The startup.py says the Gluu server installation was successful and i can ping "ce.gluu.info", but Firefox cannot find a server at https://ce.gluu.info.
I fetched master.zip from github but the installation script is still giving me an error - here's the output:
GLUU.root@ce:~/community-edition-setup-master# python setup.py -f setup.properties -n
Ooops... file not found for setup properties.
Installing Gluu Server...
For more info see:
./setup.log
./setup_error.log
** All clear text passwords contained in ./setup.properties.last.
Traceback (most recent call last):
File "setup.py", line 1543, in <module>
print '\n%s\n' % `installObject`
File "setup.py", line 276, in __repr__
+ 'Install oxAuth RP'.ljust(30) + `self.components['oxauth_rp']['enabled']`.rjust(35) + "\n"
AttributeError: 'NoneType' object has no attribute 'rjust'
Contents of setup.properties, minus comments
ip=localhost
hostname=login.foobar.org
orgName=Foobar
countryCode=US
city=Mountain View
state=CA
jksPass=
ldapPass=
inumOrg=
inumAppliance=
I downloaded and installed gluu community edition last week, and it worked like a charm. Today I tried a new installation and when trying to login I'm getting a "Not Found".
Attemp to go to: https://gluu-server.cloudapp.net
URL will be:
https://gluu-server.cloudapp.net/oxauth/authorize?scope=openid+profile+email+user_name&response_type=code+id_token&nonce=nonce&redirect_uri=https%3A%2F%2Fgluu-server.cloudapp.net%2Fidentity%2Fauthentication%2Fauthcode&client_id=%40%21FA92.A5C9.2D35.DA41%210008%21F9F1.BC88
To see basic server configuration status and configuration you can launch /opt/opendj/bin/status
08:07:00 01/22/15 Unable to initialize log
java.io.IOException: Permission denied
at java.io.UnixFileSystem.createFileExclusively(Native Method)
at java.io.File.createNewFile(File.java:1006)
at java.io.File.createTempFile(File.java:1989)
at java.io.File.createTempFile(File.java:2040)
at org.opends.quicksetup.installer.SetupLauncher.main(SetupLauncher.java:68)
Unable to initialize log
java.io.IOException: Permission denied
at java.io.UnixFileSystem.createFileExclusively(Native Method)
at java.io.File.createNewFile(File.java:1006)
at java.io.File.createTempFile(File.java:1989)
at java.io.File.createTempFile(File.java:2040)
at org.opends.server.tools.InstallDS.mainCLI(InstallDS.java:331)
at org.opends.server.tools.InstallDS.mainCLI(InstallDS.java:286)
at org.opends.quicksetup.installer.SetupLauncher.launch(SetupLauncher.java:138)
at org.opends.quicksetup.installer.SetupLauncher.main(SetupLauncher.java:75)
Jan 22, 2015 8:06:32 AM org.opends.quicksetup.CurrentInstallStatus getPort
INFO: Failed to get port
java.io.FileNotFoundException: /opt/opendj/./config/config.ldif (No such file or directory)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.(FileInputStream.java:146)
at java.io.FileReader.(FileReader.java:72)
at org.opends.quicksetup.Configuration.load(Configuration.java:331)
at org.opends.quicksetup.Configuration.getLowerCaseContents(Configuration.java:298)
at org.opends.quicksetup.Configuration.getLDAPPort(Configuration.java:191)
at org.opends.quicksetup.Configuration.getPort(Configuration.java:92)
at org.opends.quicksetup.CurrentInstallStatus.getPort(CurrentInstallStatus.java:178)
at org.opends.quicksetup.CurrentInstallStatus.(CurrentInstallStatus.java:80)
at org.opends.server.tools.InstallDS.checkInstallStatus(InstallDS.java:622)
at org.opends.server.tools.InstallDS.execute(InstallDS.java:417)
at org.opends.server.tools.InstallDS.mainCLI(InstallDS.java:341)
at org.opends.server.tools.InstallDS.mainCLI(InstallDS.java:286)
at org.opends.quicksetup.installer.SetupLauncher.launch(SetupLauncher.java:138)
at org.opends.quicksetup.installer.SetupLauncher.main(SetupLauncher.java:75)
Failed to initialize log
Jan 22, 2015 8:06:32 AM org.opends.quicksetup.util.FileManager$CopyOperation apply
I get this log after running setup.py folder. I have setup nginx. I don't know if this script requires tomcat. If that the case, it should autodetect the binary presence of tomcat and warn the user about it.
cat setup.log
18:15:34 01/18/15 Installing Gluu Server
18:15:34 01/18/15 ./setup.properties Properties not found. Interactive setup commencing...
18:17:36 01/18/15 Checking properties
18:17:47 01/18/15 Running: /bin/mkdir -p /etc/gluu/config
18:17:47 01/18/15 Running: /bin/mkdir -p /etc/certs
18:17:47 01/18/15 Running: /bin/mkdir -p /opt/gluu
18:17:47 01/18/15 Running: /bin/mkdir -p /opt/gluu/bin
18:17:47 01/18/15 Running: /bin/mkdir -p /home/tomcat/lib
18:17:47 01/18/15 Running: /bin/mkdir -p /var/ox/photos
18:17:47 01/18/15 Running: /bin/mkdir -p /var/ox/oxtrust/removed
18:17:47 01/18/15 Error writing salt
18:17:47 01/18/15 Traceback (most recent call last):
File "./setup.py", line 1023, in make_salt
f = open("%s/conf/salt" % self.tomcatHome, 'w')
IOError: [Errno 2] No such file or directory: '/opt/tomcat/conf/salt'
18:17:47 01/18/15 ***** Error caught in main loop *****
18:17:47 01/18/15 Traceback (most recent call last):
File "./setup.py", line 1442, in <module>
installObject.make_salt()
File "./setup.py", line 1029, in make_salt
sys.exit()
SystemExit
Current setup version creates indexes in userRoot backend only. It should also create required indexes in site backend too.
This issue is marked as closed: GluuFederation/oxTrust#74
However, after installation of gluu 2.3.3-1 (latest on Ubuntu 14.04 from official packages) oxTrust still breaks:
INFO | jvm 1 | 2015/09/07 04:17:32 | java.lang.ArrayIndexOutOfBoundsException: 1
INFO | jvm 1 | 2015/09/07 04:17:32 | at org.gluu.oxtrust.ldap.service.StatusCheckerTimer.setCertificateExpiryAttributes(StatusCheckerTimer.jav
a:165)
INFO | jvm 1 | 2015/09/07 04:17:32 | at org.gluu.oxtrust.ldap.service.StatusCheckerTimer.process(StatusCheckerTimer.java:126)
INFO | jvm 1 | 2015/09/07 04:17:32 | at org.gluu.oxtrust.ldap.service.StatusCheckerTimer.scheduleStatusChecking(StatusCheckerTimer.java:90)
INFO | jvm 1 | 2015/09/07 04:17:32 | at sun.reflect.GeneratedMethodAccessor208.invoke(Unknown Source)
INFO | jvm 1 | 2015/09/07 04:17:32 | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
INFO | jvm 1 | 2015/09/07 04:17:32 | at java.lang.reflect.Method.invoke(Method.java:606)
INFO | jvm 1 | 2015/09/07 04:17:32 | at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
INFO | jvm 1 | 2015/09/07 04:17:32 | at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32)
INFO | jvm 1 | 2015/09/07 04:17:32 | at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56)
INFO | jvm 1 | 2015/09/07 04:17:32 | at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28)
INFO | jvm 1 | 2015/09/07 04:17:32 | at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
INFO | jvm 1 | 2015/09/07 04:17:32 | at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:79)
INFO | jvm 1 | 2015/09/07 04:17:32 | at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
INFO | jvm 1 | 2015/09/07 04:17:32 | at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44)
INFO | jvm 1 | 2015/09/07 04:17:32 | at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
INFO | jvm 1 | 2015/09/07 04:17:32 | at org.jboss.seam.async.AsynchronousInterceptor.aroundInvoke(AsynchronousInterceptor.java:52)
INFO | jvm 1 | 2015/09/07 04:17:32 | at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
INFO | jvm 1 | 2015/09/07 04:17:32 | at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107)
INFO | jvm 1 | 2015/09/07 04:17:32 | at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:196)
INFO | jvm 1 | 2015/09/07 04:17:32 | at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:114)
INFO | jvm 1 | 2015/09/07 04:17:32 | at org.gluu.oxtrust.ldap.service.StatusCheckerTimer_$$_javassist_seam_7.scheduleStatusChecking(StatusCheckerTimer_$$_javassist_seam_7.java)
Was the change unreleased?
We follow the setup which appears successful but nothing is listening on port 80, 8080 or 443. apache is listening on port 8443.We are running CentOS 6.6 on Azure.
The only error we see in setup.log or setup_error.log is:
14:08:17 09/05/15 (99)Cannot assign requested address: make_sock: could not bind to address 40.76.89.82:80
no listening sockets available, shutting down
Unable to open logs
In apache wrapper.log we get one error a few times.
INFO | jvm 2 | 2015/09/05 16:41:06 | Dynamic scope. Initialized successfully
INFO | jvm 2 | 2015/09/05 16:41:20 | 2015-09-05 16:41:20,207 DEBUG [org.xdi.oxauth.service.AppInitializer] Created ldapAuthEntryManager1: org.gluu.site.ldap.persistence.LdapEntryManager@7c91266f
INFO | jvm 2 | 2015/09/05 16:41:32 | 2015-09-05 16:41:32,639 DEBUG [org.gluu.oxtrust.ldap.service.MetadataValidationTimer] Starting metadata validation
INFO | jvm 2 | 2015/09/05 16:41:32 | 2015-09-05 16:41:32,644 DEBUG [org.gluu.oxtrust.ldap.service.MetadataValidationTimer] Metadata validation finished
INFO | jvm 2 | 2015/09/05 16:41:39 | org.apache.commons.exec.ExecuteException: Process exited with an error: 1 (Exit value: 1)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.apache.commons.exec.DefaultExecutor.executeInternal(DefaultExecutor.java:377)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.apache.commons.exec.DefaultExecutor.execute(DefaultExecutor.java:160)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.apache.commons.exec.DefaultExecutor.execute(DefaultExecutor.java:147)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.xdi.util.process.ProcessHelper.executeProgram(ProcessHelper.java:150)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.xdi.util.process.ProcessHelper.executeProgram(ProcessHelper.java:65)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.xdi.util.process.ProcessHelper.executeProgram(ProcessHelper.java:45)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.xdi.util.process.ProcessHelper.executeProgram(ProcessHelper.java:39)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.gluu.oxtrust.ldap.service.StatusCheckerTimer.runCheck(StatusCheckerTimer.java:189)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.gluu.oxtrust.ldap.service.StatusCheckerTimer.setCertificateExpiryAttributes(StatusCheckerTimer.java:163)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.gluu.oxtrust.ldap.service.StatusCheckerTimer.process(StatusCheckerTimer.java:126)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.gluu.oxtrust.ldap.service.StatusCheckerTimer.scheduleStatusChecking(StatusCheckerTimer.java:90)
INFO | jvm 2 | 2015/09/05 16:41:39 | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
INFO | jvm 2 | 2015/09/05 16:41:39 | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
INFO | jvm 2 | 2015/09/05 16:41:39 | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
INFO | jvm 2 | 2015/09/05 16:41:39 | at java.lang.reflect.Method.invoke(Method.java:606)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:79)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.jboss.seam.async.AsynchronousInterceptor.aroundInvoke(AsynchronousInterceptor.java:52)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:196)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:114)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.gluu.oxtrust.ldap.service.StatusCheckerTimer_$$javassist_seam_7.scheduleStatusChecking(StatusCheckerTimer$$_javassist_seam_7.java)
INFO | jvm 2 | 2015/09/05 16:41:39 | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
INFO | jvm 2 | 2015/09/05 16:41:39 | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
INFO | jvm 2 | 2015/09/05 16:41:39 | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
INFO | jvm 2 | 2015/09/05 16:41:39 | at java.lang.reflect.Method.invoke(Method.java:606)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.jboss.seam.util.Reflections.invokeAndWrap(Reflections.java:144)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.jboss.seam.async.AsynchronousInvocation$1.process(AsynchronousInvocation.java:62)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.jboss.seam.async.Asynchronous$ContextualAsynchronousRequest.run(Asynchronous.java:80)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.jboss.seam.async.AsynchronousInvocation.execute(AsynchronousInvocation.java:44)
INFO | jvm 2 | 2015/09/05 16:41:39 | at org.jboss.seam.async.ThreadPoolDispatcher$RunnableAsynchronous.run(ThreadPoolDispatcher.java:142)
INFO | jvm 2 | 2015/09/05 16:41:39 | at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
INFO | jvm 2 | 2015/09/05 16:41:39 | at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
INFO | jvm 2 | 2015/09/05 16:41:39 | at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
INFO | jvm 2 | 2015/09/05 16:41:39 | at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
INFO | jvm 2 | 2015/09/05 16:41:39 | at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
INFO | jvm 2 | 2015/09/05 16:41:39 | at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
INFO | jvm 2 | 2015/09/05 16:41:39 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
INFO | jvm 2 | 2015/09/05 16:41:39 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
INFO | jvm 2 | 2015/09/05 16:41:39 | at java.lang.Thread.run(Thread.java:745)
INFO | jvm 2 | 2015/09/05 16:41:39 | 2015-09-05 16:41:39,298 ERROR [org.gluu.oxtrust.ldap.service.StatusCheckerTimer] There was an error executing command check_ssl
INFO | jvm 2 | 2015/09/05 16:41:39 | 2015-09-05 16:41:39,298 ERROR [org.gluu.oxtrust.ldap.service.StatusCheckerTimer] check_ssl retuned an unexpected result
opendj started successfully and I saw no errors in the logs.
I tried running a standard Apache on the machine and it works. I do not know how to debug what is included in the gluu-install. Any advice would be much appreciated.
Thanks,
Jim
We should do next:
Enable oxTrust status checker by default.
There is property in oxTrust properties which allows to do that:
site.update-appliance-status=true
We need to convert our perl check_sll into python to avoid installing perl
More info there http://ox.gluu.org/doku.php?id=ce:asimba130reconfiguration
We need to update attributes.ldif to conform GluuFederation/oxAuth#7
Hi, I am using Ubuntu gluu-server package to configure gluu server on my ec2 instance. I followed the guide from here
http://www.gluu.org/docs/admin-guide/installation/ubuntu/
and successfully installed the server.
I have attached my setup.log and setup_error.log files to this ticket.
After login when I run ./setup.py. I entered following information
Enter IP Address [172.31.6.167] : 52.11.124.214
Enter hostname [ce.gluu.info] : ec2-52-11-124-214.us-west-2.compute.amazonaws.com
Enter your city or locality : Islamabad
Enter your state or province two letter code : IS
Enter two letter Country Code : PK
Enter Organization Name : Gluu
Enter email address for support at your organization : [email protected]
Enter maximum RAM for tomcat in MB [1536] :
Optional: enter password for oxTrust and LDAP superuser [047QJv6PycHh] :
Update the hostname, hosts, and resolv.conf files? [No] :
Install oxAuth OAuth2 Authorization Server? [Yes] :
Install oxTrust Admin UI? [Yes] :
Install Gluu OpenDJ LDAP Server? [Yes] :
Install Apache HTTPD Server [Yes] :
Install Shibboleth 2 SAML IDP? [No] :
Install Asimba SAML Proxy? [No] :
Install CAS? [No] :
and apparently everything is configured and working fine. But when looked at /home/gluu-server/opt/apache-tomcat-7.0.55/logs/oxtrust.log file
I can see error related to LDAP connection
"
LDAPException(resultCode=91 (connect error), errorMessage='An error occurred while attempting to connect to server localhost:1636: java.io.IOException: An error occurred while attempting to estabish"
After looking at the exception I checked /opt/opendj/logs/server.out
and I can see this
"
[02/Apr/2015:17:44:36 +0000] category=PROTOCOL severity=NOTICE msgID=2556180 msg=Started listening for new connections on Administration Connector 0.0.0.0 port 4444
[02/Apr/2015:17:44:36 +0000] category=PROTOCOL severity=NOTICE msgID=2556180 msg=Started listening for new connections on LDAP Connection Handler 0.0.0.0 port 1389
[02/Apr/2015:17:44:36 +0000] category=PROTOCOL severity=NOTICE msgID=2556180 msg=Started listening for new connections on LDAPS Connection Handler 0.0.0.0 port 1636"
That tells the opendj is working fine.
Can you please help me resolve this issue somehow.
Thanks
Hey guys,
I followed the instructions at http://www.gluu.org/docs/admin-guide/installation/centos/ to install Gluu CE, but when I go to the server URL, I get redirects to /identity, but there's nothing there.
Any ideas? Error log below:
1:54:19 11/13/14 log4j:ERROR setFile(null,true) call failed.
java.io.FileNotFoundException: /logs/oxauth_persistence_ldap_statistics.log (No such file or directory)
at java.io.FileOutputStream.open(Native Method)
at java.io.FileOutputStream.<init>(FileOutputStream.java:221)
at java.io.FileOutputStream.<init>(FileOutputStream.java:142)
at org.apache.log4j.FileAppender.setFile(FileAppender.java:289)
at org.apache.log4j.FileAppender.activateOptions(FileAppender.java:163)
at org.apache.log4j.DailyRollingFileAppender.activateOptions(DailyRollingFileAppender.java:215)
at org.apache.log4j.config.PropertySetter.activate(PropertySetter.java:256)
at org.apache.log4j.xml.DOMConfigurator.parseAppender(DOMConfigurator.java:220)
at org.apache.log4j.xml.DOMConfigurator.findAppenderByName(DOMConfigurator.java:150)
at org.apache.log4j.xml.DOMConfigurator.findAppenderByReference(DOMConfigurator.java:163)
at org.apache.log4j.xml.DOMConfigurator.parseChildrenOfLoggerElement(DOMConfigurator.java:425)
at org.apache.log4j.xml.DOMConfigurator.parseCategory(DOMConfigurator.java:345)
at org.apache.log4j.xml.DOMConfigurator.parse(DOMConfigurator.java:827)
at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:712)
at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:618)
at org.apache.log4j.helpers.OptionConverter.selectAndConfigure(OptionConverter.java:470)
at org.apache.log4j.LogManager.<clinit>(LogManager.java:122)
at org.apache.log4j.Logger.getLogger(Logger.java:117)
at org.xdi.oxauth.model.util.JwtUtil.<clinit>(JwtUtil.java:84)
at org.xdi.oxauth.model.crypto.signature.RSAPrivateKey.toJSONObject(RSAPrivateKey.java:57)
at org.xdi.oxauth.model.crypto.Key.toJSONObject(Key.java:102)
at org.xdi.oxauth.util.KeyGenerator.generateRS256Keys(KeyGenerator.java:45)
at org.xdi.oxauth.util.KeyGenerator.main(KeyGenerator.java:18)
log4j:ERROR Either File or DatePattern options are not set for appender [OX_PERSISTENCE_LDAP_STATISTICS_FILE].
log4j:ERROR setFile(null,true) call failed.
java.io.FileNotFoundException: /logs/oxauth.log (No such file or directory)
at java.io.FileOutputStream.open(Native Method)
at java.io.FileOutputStream.<init>(FileOutputStream.java:221)
at java.io.FileOutputStream.<init>(FileOutputStream.java:142)
at org.apache.log4j.FileAppender.setFile(FileAppender.java:289)
at org.apache.log4j.FileAppender.activateOptions(FileAppender.java:163)
at org.apache.log4j.DailyRollingFileAppender.activateOptions(DailyRollingFileAppender.java:215)
at org.apache.log4j.config.PropertySetter.activate(PropertySetter.java:256)
at org.apache.log4j.xml.DOMConfigurator.parseAppender(DOMConfigurator.java:220)
at org.apache.log4j.xml.DOMConfigurator.findAppenderByName(DOMConfigurator.java:150)
at org.apache.log4j.xml.DOMConfigurator.findAppenderByReference(DOMConfigurator.java:163)
at org.apache.log4j.xml.DOMConfigurator.parseChildrenOfLoggerElement(DOMConfigurator.java:425)
at org.apache.log4j.xml.DOMConfigurator.parseRoot(DOMConfigurator.java:394)
at org.apache.log4j.xml.DOMConfigurator.parse(DOMConfigurator.java:829)
at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:712)
at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:618)
at org.apache.log4j.helpers.OptionConverter.selectAndConfigure(OptionConverter.java:470)
at org.apache.log4j.LogManager.<clinit>(LogManager.java:122)
at org.apache.log4j.Logger.getLogger(Logger.java:117)
at org.xdi.oxauth.model.util.JwtUtil.<clinit>(JwtUtil.java:84)
at org.xdi.oxauth.model.crypto.signature.RSAPrivateKey.toJSONObject(RSAPrivateKey.java:57)
at org.xdi.oxauth.model.crypto.Key.toJSONObject(Key.java:102)
at org.xdi.oxauth.util.KeyGenerator.generateRS256Keys(KeyGenerator.java:45)
at org.xdi.oxauth.util.KeyGenerator.main(KeyGenerator.java:18)
log4j:ERROR Either File or DatePattern options are not set for appender [FILE].
21:58:03 11/13/14 Error running command : /usr/sbin/service httpd stop
21:58:03 11/13/14 Traceback (most recent call last):
File "./setup.py", line 228, in run
p = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
File "/usr/lib64/python2.6/subprocess.py", line 642, in __init__
errread, errwrite)
File "/usr/lib64/python2.6/subprocess.py", line 1234, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory
21:58:03 11/13/14 Error running command : /usr/sbin/service httpd start
21:58:03 11/13/14 Traceback (most recent call last):
File "./setup.py", line 228, in run
p = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
File "/usr/lib64/python2.6/subprocess.py", line 642, in __init__
errread, errwrite)
File "/usr/lib64/python2.6/subprocess.py", line 1234, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory
According to the https://wiki.shibboleth.net/confluence/display/SHIB2/IdPApacheTomcatPrepare sections "Support SOAP Endpoints" we can allow legacy Shibboleth SPs using SAML 1.1 in CE.
Do we really needs to support SAML 1.1?
Went to move to uninstall my server, here are whole commands:
We should remove perl packages from CE after resolving
GluuFederation/oxTrust#31
.....
.....
Total download size: 636 M
Installed size: 1.4 G
Is this ok [y/N]: y
Downloading Packages:
gluu-server-2.3.2-2.el6.x86_64.rpm | 636 MB 00:30
Package gluu-server-2.3.2-2.el6.x86_64.rpm is not signed
[root@test ~]#
18:55:28 02/11/15 /bin/chmod: cannot access '/opt/apache-tomcat-7.0.55/webapps/*': No such file or directory
I have found a few strange points:
install on a plain Ubuntu 14.4 server.
of the version 2.3 01
following install process of http://www.gluu.org/docs/admin-guide/deployment/ubuntu/
works but:
before install I double checked my hostname and it was ok idp.xxx.org
during the install the hostname and IP was correctly detected
once install finished the hostname was changed to ce
more over not sure to be correlated but when I log into https://idp.xxx.org/identity/status/appliance
I see
hostname, IP , system uptime all blank
last update, polling interval , person count are ok
group and free mem and disk ae blank too
in https://idp.xxx.org/identity/organization/configuration?cid=40
oxTrust section: Inum and Iname are blank too
thanks for your feedback
best regards
I m trying to install and configure gluu-server in CentOS 6 based on http://www.gluu.org/docs/admin-guide/deployment/centos/
I installed gluu-server till before step setup.py, but cannot able to start gluu-server.
Searched for log file, it was NO WHERE.
Title says it all. The current installation instructions specify CentOS/RHEL 6, which is pretty old now.
OpenDJ allow to add entries even with invalid schema definition.
According to oxauth log there is data issue in CE
2015-01-22 09:06:36,749 TRACE [org.xdi.oxauth.service.ScopeService] Failed to find entry: inum=@!88C3.4343.5EE3.CF63!0001!9E36.450E!0009!764C.2818,ou=scopes,o=@!88C3.4343.5EE3.CF63!0001!9E36.450E,o=gluu
org.gluu.site.ldap.persistence.exception.EntryPersistenceException: Failed to find entry: inum=@!88C3.4343.5EE3.CF63!0001!9E36.450E!0009!764C.2818,ou=scopes,o=@!88C3.4343.5EE3.CF63!0001!9E36.450E,o=gluu
at org.gluu.site.ldap.persistence.LdapEntryManager.find(LdapEntryManager.java:230)
Environment:
Ubuntu x64 14.04.1 on VmWare Workstation 11.1.0 build-2496824, Gluu CE 2.3.0-1
Preconditions:
Gluu server is running and fully operational
Steps to reproduce:
Result:
Despite the server is stopped successfully, it's subsequent start attempt results in failure due to the fact some ports are already in use; if command "service gluu-server start" is issued after that, the server will start successfully this time; if command "service gluu-server stop" is issued, followed by the command "service gluu-server start", the issue won't occur
According to oxTrust log file
Attributes: Failed to add new attribute type to LDAP schema
LDAPException(resultCode=80 (other), errorMessage='An error occurred while attempting to write the updated schema: IOException(Permission denied)', diagnosticMessage='An error occurred while attempting to write the updated schema: IOException(Permission denied)')
I suspect we need to change Gluu-OpenDJ configuration to enable these operations.
More info:
GLUU.[root@cec65 config]# cat config.ldif | grep aci | grep schema
ds-cfg-global-aci: (target="ldap:///cn=schema")(targetscope="base")(targetattr="objectClass||attributeTypes||dITContentRules||dITStructureRules||ldapSyntaxes||matchingRules||matchingRuleUse||nameForms||objectClasses")(version 3.0; acl "User-Visible Schema Operational Attributes"; allow (read,search,compare) userdn="ldap:///anyone";)
ds-cfg-global-aci: (targetattr="createTimestamp||creatorsName||modifiersName||modifyTimestamp||entryDN||entryUUID||subschemaSubentry")(version 3.0; acl "User-Visible Operational Attributes"; allow (read,search,compare) userdn="ldap:///anyone";)
Extract of OpenID Connect standard (http://openid.net/specs/openid-connect-core-1_0.htm), §5.3.2 :
The sub (subject) Claim MUST always be returned in the UserInfo Response.
With Gluu 2.2.0, only a field named "inum" is returned with the concerned data.
With Gluu 1.7.0, the field was named "sub" so it was correct. Why its name is now "inum" ? This is not compatible with OpenId connected definition.
CR configuration should has default inum configuration
What kind of security profile do I need? My HTTP 80 is open, but I dont have access to the server at https://
Any instructions for EC2?
19:49:13 02/09/15 Error running command : /sbin/service memcached start
19:49:13 02/09/15 Traceback (most recent call last):
File "./setup.py", line 1187, in run
p = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=cwd)
File "/usr/lib/python2.7/subprocess.py", line 710, in init
errread, errwrite)
File "/usr/lib/python2.7/subprocess.py", line 1327, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory
For example: mod_log_config mod_dav
And modules which protect from DOS attacks. I think customer's admin should install them if needed
Deployment should also include an oxAuth custom authentication interception script for FIDO U2F authentication
There are recommendations about Max Open Files. I think we need to render in setup /etc/security/limits.conf file. Also during setup we should check host VM config:
cat /proc/sys/fs/file-max
We need to check if the system has enough file descriptors available overall.
These are sample values for production with high load:
/etc/security/limits.config
opendj soft nofile 65536
opendj hard nofile 131072
Steps to reproduce
hostname carlgluu.test orgName The Org os ubuntu city Front Royal state VA countryCode US support email [email protected] tomcat max ram 1536 Admin Pass F2wLc8UYWyHF Modify Networking True Install oxAuth True Install oxTrust True Install LDAP True Install Apache 2 web server True Install Shibboleth 2 SAML IDP True Install Asimba SAML Proxy True Install CAS False
There is problem with our scripts on Ubuntu
[18:37:54] Yuriy Movchan: Enter IP Address [192.168.74.150] :
Enter hostname [ce.gluu.info] : u14.gluu.info
Traceback (most recent call last):
File "./setup.py", line 1429, in
installObject.promptForProperties()
File "./setup.py", line 1073, in promptForProperties
installObject.os_type = installObject.detect_OS_type()
File "./setup.py", line 503, in detect_OS_type
distro_info = self.file_get_contents('/etc/redhat-release')
File "./setup.py", line 577, in file_get_contents
with open(filename) as f:
IOError: [Errno 2] No such file or directory: '/etc/redhat-release'
Hi. I'm trying to do a fresh gluu install on Ubuntu 14.04.3 LTS
echo "deb http://repo.gluu.org/ubuntu/ trusty main" > /etc/apt/sources.list.d/gluu-repo.list
curl http://repo.gluu.org/ubuntu/gluu-apt.key | apt-key add -
apt-get update
apt-get install gluu-server
at this point I'm getting Unable to locate package gluu-server
09:58:43 09/04/15 update-rc.d: warning: /etc/init.d/tomcat missing LSB information
09:58:43 09/04/15 update-rc.d: warning: /etc/init.d/opendj missing LSB information
09:58:43 09/04/15 update-rc.d: warning: /etc/init.d/tomcat missing LSB information
update-rc.d: see http://wiki.debian.org/LSBInitScripts
Add default oxTrust log viewer configuration to LDAP
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.