Halite as packaged fails to start on CentOS
viq opened this issue · 8 comments
I wasn't able to make it log anything useful, just "Starting Halite" and nothing happens, doesn't listen on ports, nothing. Setting selinux to permissive didn't change anything.
@viq Thanks for reporting this issue.
Let's try and check if there is any specific error message reported during server startup.
To do that :-
- Open python (or ipython) on the command line
- Type
import halite
- Type
halite.start()
Check if there is any specific error message shown.
You can stop Halite by pressing Ctrl + c
That error should give us a good idea of what might be causing it to not start.
$ sudo python
Python 2.6.6 (r266:84292, Jan 22 2014, 09:42:36)
[GCC 4.4.7 20120313 (Red Hat 4.4.7-4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import halite
>>> halite.start()
20140505_163054.454498 Bottle: Running web application server 'paste' on 0.0.0.0:8080.
20140505_163054.454801 Bottle: CORS is disabled.
20140505_163054.454949 Bottle: TLS/SSL is enabled.
20140505_163054.455102 Bottle: Server options:
{'ssl_pem': '/etc/pki/tls/certs/localhost.pem'}
Bottle v0.12-dev server starting up (using PasteServer(ssl_pem='/etc/pki/tls/certs/localhost.pem'))...
Listening on http://0.0.0.0:8080/
Hit Ctrl-C to quit.
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.6/site-packages/halite/__init__.py", line 67, in start
server_bottle.startServer(**kwparms)
File "/usr/lib/python2.6/site-packages/halite/server_bottle.py", line 546, in startServer
**options)
File "/usr/lib/python2.6/site-packages/halite/bottle.py", line 3007, in run
server.run(app)
File "/usr/lib/python2.6/site-packages/halite/bottle.py", line 2710, in run
from paste import httpserver
ImportError: No module named paste
And indeed /etc/pki/tls/certs/localhost.pem
does not exist, as halite is configured in /etc/salt/master.d/halite.conf
to use a different path - also to use cherrypy, as python-cherrypy
was installed as a dependency.
What are the contents of etc/pki/tls/certs/
and how does Halite config look like?
$ ls -l /etc/pki/tls/certs/
total 1720
-rw-r--r--. 1 root root 757191 Dec 17 18:44 ca-bundle.crt
-rw-r--r--. 1 root root 978662 Dec 17 18:44 ca-bundle.trust.crt
lrwxrwxrwx. 1 root root 30 Apr 29 14:06 e0dab96f.0 -> /etc/pki/tls/certs/example-ca.crt
-rwxr-xr-x. 1 root root 610 Apr 8 04:42 make-dummy-cert
-rw-r--r--. 1 root root 2242 Apr 8 04:42 Makefile
-rwxr-xr-x. 1 root root 829 Apr 8 04:42 renew-dummy-cert
-rw-r--r--. 1 root root 1619 Apr 22 17:37 salt.lab.example.com.crt
-rw-r-----. 1 root root 1704 Apr 22 17:38 salt.lab.example.com.key
-rw-r--r--. 1 root root 1744 Apr 29 14:06 example-ca.crt
$ cat /etc/salt/master.d/halite.conf
halite:
level: 'debug'
server: 'cherrypy'
host: '0.0.0.0'
port: '8080'
cors: False
tls: True
certpath: '/etc/pki/tls/certs/salt.lab.example.com.crt'
keypath: '/etc/pki/tls/certs/salt.lab.example.com.key'
#pempath: '/etc/pki/tls/certs/localhost.pem'
Thanks for all that info @viq. It looks like your environment is in order.
We can try to run the server with settings similar to what you have in the config.
- Comment out the Halite section from
etc/salt/master.d/halite.conf
(or alternatively just move that file) - Edit: Restart Salt
- Start python CLI
import halite
halite.start(hopts={'server': 'cherrypy', 'tls': True, 'certpath': '/etc/pki/tls/certs/salt.lab.example.com.crt', 'keypath': '/etc/pki/tls/certs/salt.lab.example.com.key'})
I'd like to know what error is thrown when you run it like this.
Listening on http://0.0.0.0:8080/
Hit Ctrl-C to quit.
/usr/lib/python2.6/site-packages/cherrypy/wsgiserver/wsgiserver2.py:1772: DeprecationWarning: SSL attributes are deprecated in CherryPy 3.2, and will be removed in CherryPy 3.3. Use an ssl_adapter attribute instead.
DeprecationWarning
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.6/site-packages/halite/__init__.py", line 67, in start
server_bottle.startServer(**kwparms)
File "/usr/lib/python2.6/site-packages/halite/server_bottle.py", line 546, in startServer
**options)
File "/usr/lib/python2.6/site-packages/halite/bottle.py", line 3007, in run
server.run(app)
File "/usr/lib/python2.6/site-packages/halite/bottle.py", line 2697, in run
server.start()
File "/usr/lib/python2.6/site-packages/cherrypy/wsgiserver/wsgiserver2.py", line 1781, in start
getattr(self, 'ssl_certificate_chain', None))
File "/usr/lib/python2.6/site-packages/cherrypy/wsgiserver/ssl_pyopenssl.py", line 173, in __init__
raise ImportError("You must install pyOpenSSL to use HTTPS.")
ImportError: You must install pyOpenSSL to use HTTPS.
which makes it pretty obvious what to do. So after installing pyOpenSSL
I get
Listening on http://0.0.0.0:8080/
Hit Ctrl-C to quit.
/usr/lib/python2.6/site-packages/cherrypy/wsgiserver/wsgiserver2.py:1772: DeprecationWarning: SSL attributes are deprecated in CherryPy 3.2, and will be removed in CherryPy 3.3. Use an ssl_adapter attribute instead.
DeprecationWarning
and it listens on port and displays the page. Moving halite.conf back in place and restarting salt-master makes it work from there. So I guess this could be solved by adding a dependency on pyOpenSSL
Good call. That needs to be documented. Glad to know it is working for you!