Halite as packaged fails to start on CentOS

Question

Halite as packaged fails to start on CentOS

viq opened this issue 10 years ago · 8 comments

I wasn't able to make it log anything useful, just "Starting Halite" and nothing happens, doesn't listen on ports, nothing. Setting selinux to permissive didn't change anything.

Answer 1 · 2014-05-05T13:07:25.000Z

Possibly related to #52

Answer 2 · 2014-05-05T13:43:32.000Z

@viq Thanks for reporting this issue.

Let's try and check if there is any specific error message reported during server startup.

To do that :-

Open python (or ipython) on the command line
Type import halite
Type halite.start()

Check if there is any specific error message shown.

You can stop Halite by pressing Ctrl + c

That error should give us a good idea of what might be causing it to not start.

Answer 3 · 2014-05-05T14:35:01.000Z

$ sudo python
Python 2.6.6 (r266:84292, Jan 22 2014, 09:42:36) 
[GCC 4.4.7 20120313 (Red Hat 4.4.7-4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import halite
>>> halite.start()
20140505_163054.454498 Bottle: Running web application server 'paste' on 0.0.0.0:8080.
20140505_163054.454801 Bottle: CORS is disabled.
20140505_163054.454949 Bottle: TLS/SSL is enabled.
20140505_163054.455102 Bottle: Server options: 
{'ssl_pem': '/etc/pki/tls/certs/localhost.pem'}
Bottle v0.12-dev server starting up (using PasteServer(ssl_pem='/etc/pki/tls/certs/localhost.pem'))...
Listening on http://0.0.0.0:8080/
Hit Ctrl-C to quit.

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.6/site-packages/halite/__init__.py", line 67, in start
    server_bottle.startServer(**kwparms)
  File "/usr/lib/python2.6/site-packages/halite/server_bottle.py", line 546, in startServer
    **options)
  File "/usr/lib/python2.6/site-packages/halite/bottle.py", line 3007, in run
    server.run(app)
  File "/usr/lib/python2.6/site-packages/halite/bottle.py", line 2710, in run
    from paste import httpserver
ImportError: No module named paste

And indeed /etc/pki/tls/certs/localhost.pem does not exist, as halite is configured in /etc/salt/master.d/halite.conf to use a different path - also to use cherrypy, as python-cherrypy was installed as a dependency.

Answer 4 · 2014-05-05T17:28:18.000Z

What are the contents of etc/pki/tls/certs/ and how does Halite config look like?

Answer 5 · 2014-05-06T09:48:52.000Z

$ ls -l /etc/pki/tls/certs/
total 1720
-rw-r--r--. 1 root root 757191 Dec 17 18:44 ca-bundle.crt
-rw-r--r--. 1 root root 978662 Dec 17 18:44 ca-bundle.trust.crt
lrwxrwxrwx. 1 root root     30 Apr 29 14:06 e0dab96f.0 -> /etc/pki/tls/certs/example-ca.crt
-rwxr-xr-x. 1 root root    610 Apr  8 04:42 make-dummy-cert
-rw-r--r--. 1 root root   2242 Apr  8 04:42 Makefile
-rwxr-xr-x. 1 root root    829 Apr  8 04:42 renew-dummy-cert
-rw-r--r--. 1 root root   1619 Apr 22 17:37 salt.lab.example.com.crt
-rw-r-----. 1 root root   1704 Apr 22 17:38 salt.lab.example.com.key
-rw-r--r--. 1 root root   1744 Apr 29 14:06 example-ca.crt

$ cat /etc/salt/master.d/halite.conf 
halite:
  level: 'debug'
  server: 'cherrypy'
  host: '0.0.0.0'
  port: '8080'
  cors: False
  tls: True
  certpath: '/etc/pki/tls/certs/salt.lab.example.com.crt'
  keypath: '/etc/pki/tls/certs/salt.lab.example.com.key'
  #pempath: '/etc/pki/tls/certs/localhost.pem'

Answer 6 · 2014-05-06T15:38:53.000Z

Thanks for all that info @viq. It looks like your environment is in order.

We can try to run the server with settings similar to what you have in the config.

Comment out the Halite section from etc/salt/master.d/halite.conf (or alternatively just move that file)
Edit: Restart Salt
Start python CLI

import halite
halite.start(hopts={'server': 'cherrypy', 'tls': True, 'certpath': '/etc/pki/tls/certs/salt.lab.example.com.crt', 'keypath': '/etc/pki/tls/certs/salt.lab.example.com.key'})

I'd like to know what error is thrown when you run it like this.

Answer 7 · 2014-05-06T17:05:41.000Z

Listening on http://0.0.0.0:8080/
Hit Ctrl-C to quit.

/usr/lib/python2.6/site-packages/cherrypy/wsgiserver/wsgiserver2.py:1772: DeprecationWarning: SSL attributes are deprecated in CherryPy 3.2, and will be removed in CherryPy 3.3. Use an ssl_adapter attribute instead.
  DeprecationWarning
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.6/site-packages/halite/__init__.py", line 67, in start
    server_bottle.startServer(**kwparms)
  File "/usr/lib/python2.6/site-packages/halite/server_bottle.py", line 546, in startServer
    **options)
  File "/usr/lib/python2.6/site-packages/halite/bottle.py", line 3007, in run
    server.run(app)
  File "/usr/lib/python2.6/site-packages/halite/bottle.py", line 2697, in run
    server.start()
  File "/usr/lib/python2.6/site-packages/cherrypy/wsgiserver/wsgiserver2.py", line 1781, in start
    getattr(self, 'ssl_certificate_chain', None))
  File "/usr/lib/python2.6/site-packages/cherrypy/wsgiserver/ssl_pyopenssl.py", line 173, in __init__
    raise ImportError("You must install pyOpenSSL to use HTTPS.")
ImportError: You must install pyOpenSSL to use HTTPS.

which makes it pretty obvious what to do. So after installing pyOpenSSL I get

Listening on http://0.0.0.0:8080/
Hit Ctrl-C to quit.

/usr/lib/python2.6/site-packages/cherrypy/wsgiserver/wsgiserver2.py:1772: DeprecationWarning: SSL attributes are deprecated in CherryPy 3.2, and will be removed in CherryPy 3.3. Use an ssl_adapter attribute instead.
  DeprecationWarning

and it listens on port and displays the page. Moving halite.conf back in place and restarting salt-master makes it work from there. So I guess this could be solved by adding a dependency on pyOpenSSL

Answer 8 · 2014-05-06T17:18:19.000Z

Good call. That needs to be documented. Glad to know it is working for you!