That sucks that it still doesn't work :( Lets start with the config. You said you had to set ` listener.https.internal= 0.0.0.0:8088`, we have that configured with the IP of the riak server, but if you can successfully make curl requests from the traffic_ops server, then I guess that is ok.
As for the error you are getting...that error is basically saying that Riak cannot find the SSL Keys that you are looking for. Which endpoint are you using when you get that error? Are you going through the Manange SSL Keys -> Paste Existing Keys screen? Or are you hitting an API? You should be able to see if the keys exist by running `curl -k "https://admin:password@riakURL:8088/buckets/ssl/keys?keys=true"` and looking for XMLID-latest in the list of keys; you could also run `curl -k "https://admin:password@riakURL:8088/riak/ssl/xmlid-latest"` Thanks, Dave On Tue, Jan 17, 2017 at 1:57 PM, Nir Sopher <[email protected]> wrote: > Thank you Dave:) > > Indeed I was using Riak 2.2 with TC 1.7. > I moved now to Riak 2.1.3 (same traffic ops, just replaced the vault). > I see the same issues. The only change is the added log messages in traffic > ops log during certificate generation: > > [2017-01-17 20:29:58,119] [ERROR] Active Server Severe Error: 404 - > vault-int.nirs-tc1.tc-dev.qwilt.com:8088 - not found > > Nir > > On Tue, Jan 17, 2017 at 6:56 PM, Dave Neuman <[email protected]> wrote: > > > Hey Nir, > > I think I can help here. First of all, what version of Traffic Control > are > > you running and which version of Riak are you running? We have seen > issues > > using newer versions of Riak with Traffic Control 1.7 and 1.8. Those > > issues should be resolved in the next release. For now we recommend you > > use Riak 2.1.x and not 2.2.x > > > > Once I know that we can start digging deeper. > > > > Thanks, > > Dave > > > > On Tue, Jan 17, 2017 at 9:44 AM, Nir Sopher <[email protected]> wrote: > > > > > Hi, > > > > > > I am trying to launch a traffic vault and connect it to my traffic-ops > > > server. > > > I followed the instructions in the admin guide > > > <http://traffic-control-cdn.net/docs/latest/admin/traffic_vault.html>, > > > installing riak <http://goog_1273226474>2.2.0-1 > > > <http://s3.amazonaws.com/downloads.basho.com/riak/2.2/ > > > 2.2.0/rhel/6/riak-2.2.0-1.el6.x86_64.rpm> > > > working with a self signed certificate (created via the instructions in > > > this > > > <http://www.akadia.com/services/ssh_test_certificate.html> link) > > > > > > I had to deviate from the document in a few places in order to > progress: > > > > > > - Replacing the host part in the riak listener configuration with > > > 0.0.0.0. Using real hostname made riak to fail. e.g. > > > listener.https.internal > > > = 0.0.0.0:8088 > > > - Setting ssl.cacertfile to point at the server.crt (as this is a > self > > > signed certificate): ssl.cacertfile = /etc/riak/certs/server.crt > Note > > > that I assume that this certificate is only used for "traffic vault > > > https" > > > connections. > > > - In traffic ops, I initially set the "tcp port" to "8098" and > "https > > > port" to "8088". When traffic ops tried to connect the vault it did > it > > > via > > > port "8098", so I changed the "tcp port" to "8088" in order for > https > > > to be > > > used. > > > > > > > > > Validating the installation using curl -kvs "https://admin > > > :password@riakserver:8088/search/query/sslkeys?wt=json&q=cdn:mycdn" > > > Produced the below output: > > > < HTTP/1.1 200 OK > > > < Server: MochiWeb/1.1 WebMachine/1.10.9 (cafe not found) > > > < Date: Wed, 11 Jan 2017 12:26:07 GMT > > > < Content-Type: application/json; charset=UTF-8 > > > < Content-Length: 571 > > > < > > > {"responseHeader":{"status":0,"QTime":176,"params":{"shards":" > > > vault-int.nirs-tc1.tc-dev.qwilt.com:8093/internal_solr/sslkeys > > > ","q":"cdn:nirs-tc1-cdn","wt":"json"," > > > vault-int.nirs-tc1.tc-dev.qwilt.com:8093":"(_yz_pn:62 AND > (_yz_fpn:62)) > > OR > > > _yz_pn:61 OR _yz_pn:58 OR _yz_pn:55 OR _yz_pn:52 OR _yz_pn:49 OR > > _yz_pn:46 > > > OR _yz_pn:43 OR _yz_pn:40 OR _yz_pn:37 OR _yz_pn:34 OR _yz_pn:31 OR > > > _yz_pn:28 OR _yz_pn:25 OR _yz_pn:22 OR _yz_pn:19 OR _yz_pn:16 OR > > _yz_pn:13 > > > OR _yz_pn:10 OR _yz_pn:7 OR _yz_pn:4 OR _yz_pn:1"}},"response":{"numFo > > > und":0,"start":0,"maxScore":0.0,"docs":[]}} > > > * Connection #0 to host vault-int.nirs-tc1.tc-dev.qwilt.com left > intact > > > * Closing connection # > > > > > > However, when I created a delivery-service and tried to "generate" a > > > certificate via traffic-ops, I got the below message: > > > SSL keys for <ds> could not be created. Response was: Error creating > key > > > and csr. Result is -1 > > > No log message found int traffic_ops log or in the riak log, to explain > > the > > > issue. > > > > > > When pasting a certificate (self signed, including the "----" headers > and > > > footers), the operation succeed. However, when the traffic servers > tried > > to > > > pull this configuration, I got the below message: > > > ERROR result for > > > http://ops.nirs-tc1.tc-dev.qwilt.com/api/1.2/cdns/name/ > > > nirs-tc1-cdn/sslkeys.json > > > is: ...{"message":"No SSL certificates found for nirs-tc1-cdn"}... > > > FATAL > > > http://ops.nirs-tc1.tc-dev.qwilt.com/api/1.2/cdns/name/ > > > nirs-tc1-cdn/sslkeys.json > > > returned HTTP 404! > > > > > > Any idea what may cause these issues? > > > Any experience in debugging similar issues? > > > > > > Thanks, > > > Nir > > > > > >
