Hi, I am trying to launch a traffic vault and connect it to my traffic-ops server. I followed the instructions in the admin guide <http://traffic-control-cdn.net/docs/latest/admin/traffic_vault.html>, installing riak <http://goog_1273226474>2.2.0-1 <http://s3.amazonaws.com/downloads.basho.com/riak/2.2/2.2.0/rhel/6/riak-2.2.0-1.el6.x86_64.rpm> working with a self signed certificate (created via the instructions in this <http://www.akadia.com/services/ssh_test_certificate.html> link)
I had to deviate from the document in a few places in order to progress: - Replacing the host part in the riak listener configuration with 0.0.0.0. Using real hostname made riak to fail. e.g. listener.https.internal = 0.0.0.0:8088 - Setting ssl.cacertfile to point at the server.crt (as this is a self signed certificate): ssl.cacertfile = /etc/riak/certs/server.crt Note that I assume that this certificate is only used for "traffic vault https" connections. - In traffic ops, I initially set the "tcp port" to "8098" and "https port" to "8088". When traffic ops tried to connect the vault it did it via port "8098", so I changed the "tcp port" to "8088" in order for https to be used. Validating the installation using curl -kvs "https://admin :password@riakserver:8088/search/query/sslkeys?wt=json&q=cdn:mycdn" Produced the below output: < HTTP/1.1 200 OK < Server: MochiWeb/1.1 WebMachine/1.10.9 (cafe not found) < Date: Wed, 11 Jan 2017 12:26:07 GMT < Content-Type: application/json; charset=UTF-8 < Content-Length: 571 < {"responseHeader":{"status":0,"QTime":176,"params":{"shards":" vault-int.nirs-tc1.tc-dev.qwilt.com:8093/internal_solr/sslkeys ","q":"cdn:nirs-tc1-cdn","wt":"json"," vault-int.nirs-tc1.tc-dev.qwilt.com:8093":"(_yz_pn:62 AND (_yz_fpn:62)) OR _yz_pn:61 OR _yz_pn:58 OR _yz_pn:55 OR _yz_pn:52 OR _yz_pn:49 OR _yz_pn:46 OR _yz_pn:43 OR _yz_pn:40 OR _yz_pn:37 OR _yz_pn:34 OR _yz_pn:31 OR _yz_pn:28 OR _yz_pn:25 OR _yz_pn:22 OR _yz_pn:19 OR _yz_pn:16 OR _yz_pn:13 OR _yz_pn:10 OR _yz_pn:7 OR _yz_pn:4 OR _yz_pn:1"}},"response":{"numFo und":0,"start":0,"maxScore":0.0,"docs":[]}} * Connection #0 to host vault-int.nirs-tc1.tc-dev.qwilt.com left intact * Closing connection # However, when I created a delivery-service and tried to "generate" a certificate via traffic-ops, I got the below message: SSL keys for <ds> could not be created. Response was: Error creating key and csr. Result is -1 No log message found int traffic_ops log or in the riak log, to explain the issue. When pasting a certificate (self signed, including the "----" headers and footers), the operation succeed. However, when the traffic servers tried to pull this configuration, I got the below message: ERROR result for http://ops.nirs-tc1.tc-dev.qwilt.com/api/1.2/cdns/name/nirs-tc1-cdn/sslkeys.json is: ...{"message":"No SSL certificates found for nirs-tc1-cdn"}... FATAL http://ops.nirs-tc1.tc-dev.qwilt.com/api/1.2/cdns/name/nirs-tc1-cdn/sslkeys.json returned HTTP 404! Any idea what may cause these issues? Any experience in debugging similar issues? Thanks, Nir
