Hey Nir, I think I can help here. First of all, what version of Traffic Control are you running and which version of Riak are you running? We have seen issues using newer versions of Riak with Traffic Control 1.7 and 1.8. Those issues should be resolved in the next release. For now we recommend you use Riak 2.1.x and not 2.2.x
Once I know that we can start digging deeper. Thanks, Dave On Tue, Jan 17, 2017 at 9:44 AM, Nir Sopher <[email protected]> wrote: > Hi, > > I am trying to launch a traffic vault and connect it to my traffic-ops > server. > I followed the instructions in the admin guide > <http://traffic-control-cdn.net/docs/latest/admin/traffic_vault.html>, > installing riak <http://goog_1273226474>2.2.0-1 > <http://s3.amazonaws.com/downloads.basho.com/riak/2.2/ > 2.2.0/rhel/6/riak-2.2.0-1.el6.x86_64.rpm> > working with a self signed certificate (created via the instructions in > this > <http://www.akadia.com/services/ssh_test_certificate.html> link) > > I had to deviate from the document in a few places in order to progress: > > - Replacing the host part in the riak listener configuration with > 0.0.0.0. Using real hostname made riak to fail. e.g. > listener.https.internal > = 0.0.0.0:8088 > - Setting ssl.cacertfile to point at the server.crt (as this is a self > signed certificate): ssl.cacertfile = /etc/riak/certs/server.crt Note > that I assume that this certificate is only used for "traffic vault > https" > connections. > - In traffic ops, I initially set the "tcp port" to "8098" and "https > port" to "8088". When traffic ops tried to connect the vault it did it > via > port "8098", so I changed the "tcp port" to "8088" in order for https > to be > used. > > > Validating the installation using curl -kvs "https://admin > :password@riakserver:8088/search/query/sslkeys?wt=json&q=cdn:mycdn" > Produced the below output: > < HTTP/1.1 200 OK > < Server: MochiWeb/1.1 WebMachine/1.10.9 (cafe not found) > < Date: Wed, 11 Jan 2017 12:26:07 GMT > < Content-Type: application/json; charset=UTF-8 > < Content-Length: 571 > < > {"responseHeader":{"status":0,"QTime":176,"params":{"shards":" > vault-int.nirs-tc1.tc-dev.qwilt.com:8093/internal_solr/sslkeys > ","q":"cdn:nirs-tc1-cdn","wt":"json"," > vault-int.nirs-tc1.tc-dev.qwilt.com:8093":"(_yz_pn:62 AND (_yz_fpn:62)) OR > _yz_pn:61 OR _yz_pn:58 OR _yz_pn:55 OR _yz_pn:52 OR _yz_pn:49 OR _yz_pn:46 > OR _yz_pn:43 OR _yz_pn:40 OR _yz_pn:37 OR _yz_pn:34 OR _yz_pn:31 OR > _yz_pn:28 OR _yz_pn:25 OR _yz_pn:22 OR _yz_pn:19 OR _yz_pn:16 OR _yz_pn:13 > OR _yz_pn:10 OR _yz_pn:7 OR _yz_pn:4 OR _yz_pn:1"}},"response":{"numFo > und":0,"start":0,"maxScore":0.0,"docs":[]}} > * Connection #0 to host vault-int.nirs-tc1.tc-dev.qwilt.com left intact > * Closing connection # > > However, when I created a delivery-service and tried to "generate" a > certificate via traffic-ops, I got the below message: > SSL keys for <ds> could not be created. Response was: Error creating key > and csr. Result is -1 > No log message found int traffic_ops log or in the riak log, to explain the > issue. > > When pasting a certificate (self signed, including the "----" headers and > footers), the operation succeed. However, when the traffic servers tried to > pull this configuration, I got the below message: > ERROR result for > http://ops.nirs-tc1.tc-dev.qwilt.com/api/1.2/cdns/name/ > nirs-tc1-cdn/sslkeys.json > is: ...{"message":"No SSL certificates found for nirs-tc1-cdn"}... > FATAL > http://ops.nirs-tc1.tc-dev.qwilt.com/api/1.2/cdns/name/ > nirs-tc1-cdn/sslkeys.json > returned HTTP 404! > > Any idea what may cause these issues? > Any experience in debugging similar issues? > > Thanks, > Nir >
