search

NICMx / FORT-validator

RPKI cache validator
MIT License
47 stars 23 forks source link

revise the /etc/fort/config.json #43

Closed JC-ZI closed 3 years ago

JC-ZI commented 3 years ago

Dear Support, We followed up the APNIC guideline to revise the /etc/fort/config.json file. https://blog.apnic.net/2019/10/28/how-to-installing-an-rpki-validator/

But the fort service can't be start. Would you please provide us the setup steps?

Thanks.

pcarana commented 3 years ago

Hi @JC-ZI,

Could you please share the syslog messages related to FORT? Those messages could give us an idea on what's happening. Also, what version are you installing?

Also, just in case, here's another guide from our docs: https://nicmx.github.io/FORT-validator/installation.html#debian-package. It's basically the same as the tutorial, but with the latest FORT version.

JC-ZI commented 3 years ago

Dear Thanks for the prompt reply. We use Centos 7 and I have tried to follow up the link steps:
https://nicmx.github.io/FORT-validator/installation.html#debian-package. The installation is good and the service run.

But there are errors after I revise the /etc/fort/config.json file. Thanks. For example:

"server": { "address": "192.168.179.10", "port": "8323" },

lukastribus commented 3 years ago

You just need to take a look at the output to see that your JSON file is invalid:

sudo systemctl status fort
sudo journalctl -u fort

Examples of valid fort configurations are in /etc/fort/examples/ (or examples directory in the tarball). Use the commands above to see the error messages about the configuration.

JC-ZI commented 3 years ago

Dear Support,

(1)sudo systemctl status fort -l ● fort.service - FORT RPKI validator Loaded: loaded (/usr/lib/systemd/system/fort.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Tue 2020-11-17 17:56:45 HKT; 11s ago Docs: man:fort(8) https://nicmx.github.io/FORT-validator/ Process: 10087 ExecStart=/usr/bin/fort --configuration-file /etc/fort/config.json (code=exited, status=234/MAKE_STARTER)

(2)sudo journalctl status fort Failed to add match 'status': Invalid argument Failed to add filters: Invalid argument

(3)Please find the attached captured for your ref. and I just edited some fields for testing. There is error after i added the Ip address: Screenshot 2020-11-17 at 6 07 02 PM

(4)I used the option1 "Installing the package" Sorry , no /etc/fort/examples/ (or examples) directory was created.

(5)I configured the server with the CentOS steps below and also run the script to set up it. Do I miss any step so that no /etc/fort/examples/ directory was created? Screenshot 2020-11-17 at 6 11 04 PM

Thanks a lot.

lukastribus commented 3 years ago

The second command should have been:

sudo journalctl -u fort

What I previously wrote was wrong (there is not journalctl status ...)

Please try to stop, wait a few seconds, start fort, wait again a few seconds and then provide the full output of the status and journalctl command, as text (not screenshots):

sudo systemctl stop fort
sudo systemctl start fort
sudo systemctl status fort
sudo journalctl -u fort

I just setup fort on CentOs 7 with those instructions and can't find any issues.

I configured the server with the CentOS steps below and also run the script to set up it. Do I miss any step so that no /etc/fort/examples/ directory was created?

No, the examples directory is not created by the RPM, it's is only created by the Debian/Ubuntu package, that's why you don't see them.

pcarana commented 3 years ago

But there are errors after I revise the /etc/fort/config.json file. Thanks. For example:

"server": { "address": "192.168.179.10", "port": "8323" },

(3) {...} There is error after i added the Ip address:

It's possible that the IP address set at server.address doesn't exists (it should be listed running something like ip a). If that's the case, please add the IP to the desired interface so that FORT can bind itself there.

(5)I configured the server with the CentOS steps below and also run the script to set up it. Do I miss any step so that no /etc/fort/examples/ directory was created?

When the RPM is installed, the examples directory will be at /var/lib/fort/examples. Why there? The RPM considers files at /etc/fortas configuration files. In the particular case of examples, such directory is considered as a documentation directory.

By the way, thanks @lukastribus for your help!

JC-ZI commented 3 years ago

Dear Support, Please find the result below. Thanks.

[test@centos7v2 ~]$ sudo systemctl stop fort [test@centos7v2 ~]$ sudo systemctl start fort [test@centos7v2 ~]$ sudo systemctl status fort -l ● fort.service - FORT RPKI validator Loaded: loaded (/usr/lib/systemd/system/fort.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Thu 2020-11-19 10:51:46 HKT; 22s ago Docs: man:fort(8) https://nicmx.github.io/FORT-validator/ Process: 3660 ExecStart=/usr/bin/fort --configuration-file /etc/fort/config.json (code=exited, status=234/MAKE_STARTER) Main PID: 3660 (code=exited, status=234/MAKE_STARTER)

Nov 19 10:51:45 centos7v2 systemd[1]: Started FORT RPKI validator. Nov 19 10:51:46 centos7v2 systemd[1]: fort.service: main process exited, code=exited, status=234/MAKE_STARTER Nov 19 10:51:46 centos7v2 systemd[1]: Unit fort.service entered failed state. Nov 19 10:51:46 centos7v2 systemd[1]: fort.service failed.

[test@centos7v2 ~]$ sudo journalctl -u fort -- Logs begin at Thu 2020-11-19 10:47:57 HKT, end at Thu 2020-11-19 10:55:33 Nov 19 10:51:45 centos7v2 systemd[1]: Started FORT RPKI validator. Nov 19 10:51:46 centos7v2 systemd[1]: fort.service: main process exited, code Nov 19 10:51:46

The second command should have been:

sudo journalctl -u fort

What I previously wrote was wrong (there is not journalctl status ...)

Please try to stop, wait a few seconds, start fort, wait again a few seconds and then provide the full output of the status and journalctl command, as text (not screenshots):

sudo systemctl stop fort
sudo systemctl start fort
sudo systemctl status fort
sudo journalctl -u fort

I just setup fort on CentOs 7 with those instructions and can't find any issues.

I configured the server with the CentOS steps below and also run the script to set up it. Do I miss any step so that no /etc/fort/examples/ directory was created?

No, the examples directory is not created by the RPM, it's is only created by the Debian/Ubuntu package, that's why you don't see them.

JC-ZI commented 3 years ago

Dear pcarana, Thanks a lot.

(1) I set up a FORT validator on a CentOS VM host and the interface is in bridge mode (bind to the my pc lan port) Screenshot 2020-11-19 at 4 07 59 PM

ip a

3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 08:00:27:d0:c6:57 brd ff:ff:ff:ff:ff:ff inet 192.168.179.10/24 brd 192.168.179.255 scope global noprefixroute enp0s8

My PC: Screenshot 2020-11-19 at 3 41 26 PM

VirtualBox setting Screenshot 2020-11-19 at 3 40 27 PM

VM host interface Screenshot 2020-11-19 at 3 45 19 PM

and Can ping the IP at the VM host itself Screenshot 2020-11-19 at 3 46 33 PM

pcarana commented 3 years ago

Thanks for the information @JC-ZI , I've been trying to reproduce the issue and finally got it. I had to look at journalctl without filtering by unit (just running sudo journalctl instead of sudo journalctl -u fort), and there was the problem:

ERR: The 'server.address' element is not a JSON array.

First of all, I would like to apologize for my mistake. I (clearly) forgot that since v1.4.0 the server.address arg is an array of strings, so what your configuration file must have is:

...
"server": {
"address": ["192.168.179.10"],
"port": "8323"
},
...

This should solve your problem :wink:

JC-ZI commented 3 years ago

NO Worries Pcarana, Thanks a lot your kind helps and support.

pcarana commented 3 years ago

Glad to help! I'll close this issue.