Thank you Dave:) Indeed I was using Riak 2.2 with TC 1.7. I moved now to Riak 2.1.3 (same traffic ops, just replaced the vault). I see the same issues. The only change is the added log messages in traffic ops log during certificate generation:
[2017-01-17 20:29:58,119] [ERROR] Active Server Severe Error: 404 - vault-int.nirs-tc1.tc-dev.qwilt.com:8088 - not found Nir On Tue, Jan 17, 2017 at 6:56 PM, Dave Neuman <[email protected]> wrote: > Hey Nir, > I think I can help here. First of all, what version of Traffic Control are > you running and which version of Riak are you running? We have seen issues > using newer versions of Riak with Traffic Control 1.7 and 1.8. Those > issues should be resolved in the next release. For now we recommend you > use Riak 2.1.x and not 2.2.x > > Once I know that we can start digging deeper. > > Thanks, > Dave > > On Tue, Jan 17, 2017 at 9:44 AM, Nir Sopher <[email protected]> wrote: > > > Hi, > > > > I am trying to launch a traffic vault and connect it to my traffic-ops > > server. > > I followed the instructions in the admin guide > > <http://traffic-control-cdn.net/docs/latest/admin/traffic_vault.html>, > > installing riak <http://goog_1273226474>2.2.0-1 > > <http://s3.amazonaws.com/downloads.basho.com/riak/2.2/ > > 2.2.0/rhel/6/riak-2.2.0-1.el6.x86_64.rpm> > > working with a self signed certificate (created via the instructions in > > this > > <http://www.akadia.com/services/ssh_test_certificate.html> link) > > > > I had to deviate from the document in a few places in order to progress: > > > > - Replacing the host part in the riak listener configuration with > > 0.0.0.0. Using real hostname made riak to fail. e.g. > > listener.https.internal > > = 0.0.0.0:8088 > > - Setting ssl.cacertfile to point at the server.crt (as this is a self > > signed certificate): ssl.cacertfile = /etc/riak/certs/server.crt Note > > that I assume that this certificate is only used for "traffic vault > > https" > > connections. > > - In traffic ops, I initially set the "tcp port" to "8098" and "https > > port" to "8088". When traffic ops tried to connect the vault it did it > > via > > port "8098", so I changed the "tcp port" to "8088" in order for https > > to be > > used. > > > > > > Validating the installation using curl -kvs "https://admin > > :password@riakserver:8088/search/query/sslkeys?wt=json&q=cdn:mycdn" > > Produced the below output: > > < HTTP/1.1 200 OK > > < Server: MochiWeb/1.1 WebMachine/1.10.9 (cafe not found) > > < Date: Wed, 11 Jan 2017 12:26:07 GMT > > < Content-Type: application/json; charset=UTF-8 > > < Content-Length: 571 > > < > > {"responseHeader":{"status":0,"QTime":176,"params":{"shards":" > > vault-int.nirs-tc1.tc-dev.qwilt.com:8093/internal_solr/sslkeys > > ","q":"cdn:nirs-tc1-cdn","wt":"json"," > > vault-int.nirs-tc1.tc-dev.qwilt.com:8093":"(_yz_pn:62 AND (_yz_fpn:62)) > OR > > _yz_pn:61 OR _yz_pn:58 OR _yz_pn:55 OR _yz_pn:52 OR _yz_pn:49 OR > _yz_pn:46 > > OR _yz_pn:43 OR _yz_pn:40 OR _yz_pn:37 OR _yz_pn:34 OR _yz_pn:31 OR > > _yz_pn:28 OR _yz_pn:25 OR _yz_pn:22 OR _yz_pn:19 OR _yz_pn:16 OR > _yz_pn:13 > > OR _yz_pn:10 OR _yz_pn:7 OR _yz_pn:4 OR _yz_pn:1"}},"response":{"numFo > > und":0,"start":0,"maxScore":0.0,"docs":[]}} > > * Connection #0 to host vault-int.nirs-tc1.tc-dev.qwilt.com left intact > > * Closing connection # > > > > However, when I created a delivery-service and tried to "generate" a > > certificate via traffic-ops, I got the below message: > > SSL keys for <ds> could not be created. Response was: Error creating key > > and csr. Result is -1 > > No log message found int traffic_ops log or in the riak log, to explain > the > > issue. > > > > When pasting a certificate (self signed, including the "----" headers and > > footers), the operation succeed. However, when the traffic servers tried > to > > pull this configuration, I got the below message: > > ERROR result for > > http://ops.nirs-tc1.tc-dev.qwilt.com/api/1.2/cdns/name/ > > nirs-tc1-cdn/sslkeys.json > > is: ...{"message":"No SSL certificates found for nirs-tc1-cdn"}... > > FATAL > > http://ops.nirs-tc1.tc-dev.qwilt.com/api/1.2/cdns/name/ > > nirs-tc1-cdn/sslkeys.json > > returned HTTP 404! > > > > Any idea what may cause these issues? > > Any experience in debugging similar issues? > > > > Thanks, > > Nir > > >
