environment configuration
Fran765 opened this issue · 4 comments
Hi!
We are creating our environment following this diagram:
It recommends us to install a service on another server (center server, security server management or trust services)?
We have problems when we want to add a subsystem for any of the members of ss1 and ss2:
"error_code.core.InternalError Management request failed"
and other question: it's possible to restore security server in ansible to the initial stage without backup?
Hey @Fran765!
Unfortunately, I don't think you can restore it to an initial setup stage. I believe you should be able to create a fresh one if you delete the current LXC container and rerun the Ansible playbook (however you will lose the configuration).
As for the management request failed error, please have a look in the proxy.log of both the management Security Server and the one attempting to send the management request. The logs are located under /var/log/xroad.
Hi @raits !
I ran the command "lxc rebuild ss" then "lxc start ss" and it didn't work.
If I run the ansible playbook again without deleting the ss container, will it reconfigure it?
Anyway, i stopped this container, added a new ss in the "lxd_hosts.txt" file and run the Ansible playbook again.
Then when registering the auth certificate in this new ss, this is where the above error occurs.
As for the indicated diagram:
Do you recommend that the central server, security server management and trust services be on the same server? Or manage any of these entities on a separate server?
Hi @Fran765,
I have not used rebuild myself, but based on the description of the command it should wipe the previous container setup and start from a fresh. Could you check that the X-Road software and services have been removed from it? If so, then re-running the Ansible playbook should re-install things.
I assume that ss refers to poc-ss in the diagram. If so, you will need it up and running for most management requests to work. That said, the authentication certificate registration is a different path than the subsystem registration process you mentioned earlier. To debug the issue, please clarify which version of X-Road you are running and provide the proxy.log for the Security Server that is trying to register the authentication certificate.
For production use, we recommend the Central Serve, management Security Server and trust services to be on different hosts. However, for development / PoC purposes, the setup should be ok. The setup you have created by mixing LXC and Docker is a bit exotic though, and we have never attempted a setup like that. Usually, for development purposes, we set everything up in LXC containers so that they can communicate over the LXC network, mimicking the suggested setup more closely.
Since there has not been any activity on this issue for a while, I will close it now. In case you still need support please feel free to re-open it or create a new issue.