(Migrated) load balancer's config can not be found

(This message has been automatically imported from the retired mailing list)

Hey, buddy. I am newbie, and I have a problem that needs your help.

I created a cluster named ‘quickstart-433607’ by ‘zato-quick-create’ .

After I had changed its name from web-admin. an error occured.

“Could not fetch the load balancer’s configuration”

what shall I do ?

Is there something wrong I did?

On 12/11/14 03:36, 李观平 wrote:

I created a cluster named ‘quickstart-433607’ by ‘zato-quick-create’ .

After I had changed its name from web-admin. an error occured.

“Could not fetch the load balancer’s configuration”

Hi,

just to confirm it, you had a stock Zato cluster, the only thing you did
was renaming it and it resulted in the error? Absolutely no other action?

Can you reproduce the situation providing more details, such as:

  • Which Zato version, please use ‘zato --version’.

  • Which form you filled out - please provide either a screenshot or a
    link to the form in web admin’s docs
    https://zato.io/docs/web-admin/intro.html + information what the new
    name is.

  • What is the address that you are invoking which results in the “Could
    not fetch the load balancer’s configuration”? Please send either the
    full URL or everything starting with /zato/ if you’d rather not share
    your IP/address.

thanks a lot,

On 12/11/14 03:36, 李观平 wrote:

I created a cluster named ‘quickstart-433607’ by ‘zato-quick-create’ .

After I had changed its name from web-admin. an error occured.

“Could not fetch the load balancer’s configuration”

Hi,

just to confirm it, you had a stock Zato cluster, the only thing you did
was renaming it and it resulted in the error? Absolutely no other action?

Can you reproduce the situation providing more details, such as:

  • Which Zato version, please use ‘zato --version’.

  • Which form you filled out - please provide either a screenshot or a
    link to the form in web admin’s docs
    https://zato.io/docs/web-admin/intro.html + information what the new
    name is.

  • What is the address that you are invoking which results in the “Could
    not fetch the load balancer’s configuration”? Please send either the
    full URL or everything starting with /zato/ if you’d rather not share
    your IP/address.

thanks a lot,

On 12/11/14 13:28, kelvin wrote:

see the log from the web-admin

File “/usr/lib/python2.7/httplib.py”, line 780, in send
self.connect()

Hi there,

I cannot reproduce it with quickstart. I created a quickstart Zato 1.1
cluster, renamed it and everything works perfectly fine, no errors.

  1. Are you 100% sure the rename was the only part you did - can you
    please confirm it?

  2. What where the exact commands you used to create the other cluster
    piece by piece? Please attach them 1:1 as they were executed so I can
    reproduce them locally.

  3. What URL in web admin are you invoking that results in the error?

thanks a lot,

thank u very much.

first point: zato v1.1
second point : I did it from https://zato.io/docs/_images/edit.png
I changed name from ‘quickstart-433607’ to ‘cluster1’. besides, I do nothing at all.
I can not find out the problem.
as you know, I am newbie, so I decided to reinstall again.
This time ,I tried to build zato step by step.
I created ODB first, I create CA in second step . and go on.
at last , the same problem occured.
but this time ,I found the problem.
see the log from the web-admin

File “/usr/lib/python2.7/httplib.py”, line 780, in send
self.connect()
File “/opt/zato/1.1/eggs/springpython-1.3.0.RC1-py2.7.egg/springpython/remoting/http.py”, line 48, in connect
self.sock = self.wrap_socket(sock)
File “/opt/zato/1.1/eggs/springpython-1.3.0.RC1-py2.7.egg/springpython/remoting/http.py”, line 56, in wrap_socket
ssl_version=self.ssl_version)
File “/usr/lib/python2.7/ssl.py”, line 381, in wrap_socket
ciphers=ciphers)
File “/usr/lib/python2.7/ssl.py”, line 143, in init
self.do_handshake()
File “/usr/lib/python2.7/ssl.py”, line 305, in do_handshake
self._sslobj.do_handshake()
SSLError: [Errno 1] _ssl.c:504: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca

must be something wrong with the CA.

I found that, about the CA , there is a very complex relation among the server, load-balance and the web-admin

Is there there any instruction that can show me how to config the pub_key, priv_key and the certificates.

I will be very appreciate if any help.

thanks a lot.

At 2014-11-12 16:29:55, “Dariusz Suchojad” dsuch@zato.io wrote:

On 12/11/14 03:36, ƽ wrote:

I created a cluster named ‘quickstart-433607’ by ‘zato-quick-create’ .

After I had changed its name from web-admin. an error occured.

“Could not fetch the load balancer’s configuration”

Hi,

just to confirm it, you had a stock Zato cluster, the only thing you did
was renaming it and it resulted in the error? Absolutely no other action?

Can you reproduce the situation providing more details, such as:

  • Which Zato version, please use ‘zato --version’.

  • Which form you filled out - please provide either a screenshot or a
    link to the form in web admin’s docs
    https://zato.io/docs/web-admin/intro.html + information what the new
    name is.

  • What is the address that you are invoking which results in the “Could
    not fetch the load balancer’s configuration”? Please send either the
    full URL or everything starting with /zato/ if you’d rather not share
    your IP/address.

thanks a lot,

Thanks for help.

1: I am sure of that. At first , it runned well and I created a service on zato1.1
Error occured after I changed the name.

2: here is the CLI history after I built zato 1 by 1.

zato create odb postgresql localhost 5432 zato1 zato1

mkdir ca

zato ca create ca /opt/zato/cluster1/ca/

zato ca create lb_agent /opt/zato/cluster1/ca/ zato_lb_agent1

zato ca create server /opt/zato/cluster1/ca/ cluster1 server1

zato ca create server /opt/zato/cluster1/ca/ cluster1 server2

zato ca create web_admin /opt/zato/cluster1/ca/

mkdir load-balancer

zato create load_balancer /opt/zato/cluster1/load-balancer /opt/zato/cluster1/ca/out-pub/lb-agent-pub-2014-11-12_06-17-27.pem /opt/zato/cluster1/ca/out-priv/lb-agent-priv-2014-11-12_06-17-27.pem /opt/zato/cluster1/ca/out-cert/lb-agent-cert-2014-11-12_06-17-27.pem /opt/zato/cluster1/ca/out-cert/lb-agent-cert-2014-11-12_06-17-27.pem

zato create cluster postgresql localhost 5432 zato1 zato1 172.16.35.8 21223 20151 localhost 6379 cluster1 admin

mkdir server1

mkdir server2

zato create server /opt/zato/cluster1/server1/ postgresql localhost 5432 zato1 zato1 localhost 6379 /opt/zato/cluster1/ca/out-pub/cluster1-server1-pub-2014-11-12_06-18-40.pem /opt/zato/cluster1/ca/out-priv/cluster1-server1-priv-2014-11-12_06-18-40.pem /opt/zato/cluster1/ca/out-cert/cluster1-server1-cert-2014-11-12_06-18-40.pem /opt/zato/cluster1/ca/ca-material/ca-cert.pem cluster1 server1

zato create server /opt/zato/cluster1/server2/ postgresql localhost 5432 zato1 zato1 localhost 6379 /opt/zato/cluster1/ca/out-pub/cluster1-server2-pub-2014-11-12_06-18-46.pem /opt/zato/cluster1/ca/out-priv/cluster1-server2-priv-2014-11-12_06-18-46.pem /opt/zato/cluster1/ca/out-cert/cluster1-server2-cert-2014-11-12_06-18-46.pem /opt/zato/cluster1/ca/ca-material/ca-cert.pem cluster1 server2

mkdir web-admin

zato create web_admin /opt/zato/cluster1/web-admin postgresql localhost 5432 zato1 zato1 /opt/zato/cluster1/ca/out-pub/web-admin-pub-2014-11-12_06-19-36.pem /opt/zato/cluster1/ca/out-priv/web-admin-priv-2014-11-12_06-19-36.pem /opt/zato/cluster1/ca/out-cert/web-admin-cert-2014-11-12_06-19-36.pem /opt/zato/cluster1/ca/ca-material/ca-cert.pem admin

  1. The url is http://172.16.35.8:28183/zato/cluster/

Something wrong in this place. /opt/zato/1.1/zato-web-admin/src/zato/admin/web/views/cluster.py, line 165

Btw: when will the ver 2.0 release.?

looking forward to it

=================================================================
At 2014-11-12 22:39:33, “Dariusz Suchojad” dsuch@zato.io wrote:

On 12/11/14 13:28, kelvin wrote:

see the log from the web-admin

File “/usr/lib/python2.7/httplib.py”, line 780, in send
self.connect()

Hi there,

I cannot reproduce it with quickstart. I created a quickstart Zato 1.1
cluster, renamed it and everything works perfectly fine, no errors.

  1. Are you 100% sure the rename was the only part you did - can you
    please confirm it?

  2. What where the exact commands you used to create the other cluster
    piece by piece? Please attach them 1:1 as they were executed so I can
    reproduce them locally.

  3. What URL in web admin are you invoking that results in the error?

thanks a lot,

On 13/11/14 02:37, kelvin wrote:

zato create load_balancer /opt/zato/cluster1/load-balancer
/opt/zato/cluster1/ca/out-pub/lb-agent-pub-2014-11-12_06-17-27.pem
/opt/zato/cluster1/ca/out-priv/lb-agent-priv-2014-11-12_06-17-27.pem
/opt/zato/cluster1/ca/out-cert/lb-agent-cert-2014-11-12_06-17-27.pem
/opt/zato/cluster1/ca/out-cert/lb-agent-cert-2014-11-12_06-17-27.pem

Here - this is the thing.

The 4 crypto-related arguments to ‘zato create load_balancer’ are its:

  1. Public key
  2. Private key
  3. Certificate
  4. Certificates of CA it trusts

You specified the certificate twice - the net result is that the
load-balancer trusts its own certificate only, i.e. an awkward situation
because it never connects to itself.

What you need to do, in your situation, is to replace the last argument
with the CA’s certificate from /opt/zato/cluster1/ca/ca-material/ca-cert.pem

Could you re-run the commands are confirm it worked?

Once it does, please remember that you need still to:

  • Add servers to the load-balancer [1]
  • Reconfigure ports of the newly added servers in the load-balancer’s
    config [2]

[1] https://zato.io/docs/web-admin/servers/add-remove.html
[2] https://zato.io/docs/web-admin/load-balancer/gui.html

The reason these steps are needed is to prevent rough servers from
joining a cluster - an administrator needs to allow new servers in.

As for the new release - only documentation needs to be added as far as
major tasks go thus I expect 2.0 to be released in December/January,
that’s the time needed to prepare quality documentation.

And future releases will be time-based, that for sure.

Amazing! it works.

Thanks a lot!

At 2014-11-13 16:47:14, “Dariusz Suchojad” dsuch@zato.io wrote:

On 13/11/14 02:37, kelvin wrote:

zato create load_balancer /opt/zato/cluster1/load-balancer
/opt/zato/cluster1/ca/out-pub/lb-agent-pub-2014-11-12_06-17-27.pem
/opt/zato/cluster1/ca/out-priv/lb-agent-priv-2014-11-12_06-17-27.pem
/opt/zato/cluster1/ca/out-cert/lb-agent-cert-2014-11-12_06-17-27.pem
/opt/zato/cluster1/ca/out-cert/lb-agent-cert-2014-11-12_06-17-27.pem

Here - this is the thing.

The 4 crypto-related arguments to ‘zato create load_balancer’ are its:

  1. Public key
  2. Private key
  3. Certificate
  4. Certificates of CA it trusts

You specified the certificate twice - the net result is that the
load-balancer trusts its own certificate only, i.e. an awkward situation
because it never connects to itself.

What you need to do, in your situation, is to replace the last argument
with the CA’s certificate from /opt/zato/cluster1/ca/ca-material/ca-cert.pem

Could you re-run the commands are confirm it worked?

Once it does, please remember that you need still to:

  • Add servers to the load-balancer [1]
  • Reconfigure ports of the newly added servers in the load-balancer’s
    config [2]

[1] https://zato.io/docs/web-admin/servers/add-remove.html
[2] https://zato.io/docs/web-admin/load-balancer/gui.html

The reason these steps are needed is to prevent rough servers from
joining a cluster - an administrator needs to allow new servers in.

As for the new release - only documentation needs to be added as far as
major tasks go thus I expect 2.0 to be released in December/January,
that’s the time needed to prepare quality documentation.

And future releases will be time-based, that for sure.