narayan-iyengar
commented
6 years ago can you check the logs @ /var/log/user-data.log?
Open JeffGiroux opened 6 years ago
narayan-iyengar
commented
6 years ago can you check the logs @ /var/log/user-data.log?
JeffGiroux
commented
6 years ago Not much. Looks like routing got in the way. The message "Failed to connect to 54.67.81.185" is the IP of my PAN FW management IP for reference. As a workaround, I was able to manually run all the user-data commands by hand via CLI. My web and DB server work. As mentioned prior, the PAN already successfully pulled the restore and loaded it. The only thing wrong was the web and DB didn't succeed at user data. I didn't check DB logs, but my guess is that it's the same failed error. I think the web and db come up faster than PAN, they are waiting for PAN, but give up? Then user-data never finishes? Just a guess.
Logs below...
ubuntu@ip-10-0-0-99:~$ cat /var/log/user-data.log Killed old client process Internet Systems Consortium DHCP Client 4.3.3 Copyright 2004-2015 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/eth0/06:8e:e9:9d:61:74 Sending on LPF/eth0/06:8e:e9:9d:61:74 Sending on Socket/fallback DHCPRELEASE on eth0 to 10.0.1.1 port 67 (xid=0x2e69ce79) Internet Systems Consortium DHCP Client 4.3.3 Copyright 2004-2015 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/eth0/06:8e:e9:9d:61:74 Sending on LPF/eth0/06:8e:e9:9d:61:74 Sending on Socket/fallback DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3 (xid=0xfc15527d) DHCPREQUEST of 10.0.1.101 on eth0 to 255.255.255.255 port 67 (xid=0x7d5215fc) DHCPOFFER of 10.0.1.101 from 10.0.1.1 DHCPACK of 10.0.1.101 from 10.0.1.1 bound to 10.0.1.101 -- renewal in 1759 seconds. curl: (7) Failed to connect to 54.67.81.185 port 443: No route to host curl: (7) Failed to connect to 54.67.81.185 port 443: No route to host curl: (7) Failed to connect to 54.67.81.185 port 443: Connection timed out curl: (7) Failed to connect to 54.67.81.185 port 443: Connection timed out curl: (7) Failed to connect to 54.67.81.185 port 443: Connection timed out curl: (7) Failed to connect to 54.67.81.185 port 443: Connection timed out curl: (7) Failed to connect to 54.67.81.185 port 443: Connection timed out
narayan-iyengar
commented
6 years ago They should not give up…I basically keep trying forever to make sure that one the FW is up, then configure the web and db servers.
Maybe AWS is timing out the script? Which wasn’t case when I wrote the script…will have to experiment and see
Thanks for the heads up.
-- /narayan
From: Jeff notifications@github.com Reply-To: PaloAltoNetworks/aws reply@reply.github.com Date: Monday, June 11, 2018 at 9:15 PM To: PaloAltoNetworks/aws aws@noreply.github.com Cc: Narayan Iyengar niyengar@paloaltonetworks.com, Comment comment@noreply.github.com Subject: Re: [PaloAltoNetworks/aws] user data scripts not running on web and db servers (#16)
Not much. Looks like routing got in the way. The message "Failed to connect to 54.67.81.185" is the IP of my PAN FW management IP for reference. As a workaround, I was able to manually run all the user-data commands by hand via CLI. My web and DB server work. As mentioned prior, the PAN already successfully pulled the restore and loaded it. The only thing wrong was the web and DB didn't succeed at user data. I didn't check DB logs, but my guess is that it's the same failed error. I think the web and db come up faster than PAN, they are waiting for PAN, but give up? Then user-data never finishes? Just a guess.
Logs below...
ubuntu@ip-10-0-0-99:~$ cat /var/log/user-data.log Killed old client process Internet Systems Consortium DHCP Client 4.3.3 Copyright 2004-2015 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/https://urldefense.proofpoint.com/v2/url?u=https-3A__www.isc.org_software_dhcp_&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=yaPPNRHFJOEqZ9-bfG64oiDWvBigyIWTnqkw0GQeLyU&m=2fZgxR2069wOdNv8Di7o5ZOjwGQfzfccKj5pybwnyio&s=kIdmjnCqnWp0hFE6e-w4Gpef3evk9bDg_BeEh00KJt4&e=
Listening on LPF/eth0/06:8e:e9:9d:61:74 Sending on LPF/eth0/06:8e:e9:9d:61:74 Sending on Socket/fallback DHCPRELEASE on eth0 to 10.0.1.1 port 67 (xid=0x2e69ce79) Internet Systems Consortium DHCP Client 4.3.3 Copyright 2004-2015 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/https://urldefense.proofpoint.com/v2/url?u=https-3A__www.isc.org_software_dhcp_&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=yaPPNRHFJOEqZ9-bfG64oiDWvBigyIWTnqkw0GQeLyU&m=2fZgxR2069wOdNv8Di7o5ZOjwGQfzfccKj5pybwnyio&s=kIdmjnCqnWp0hFE6e-w4Gpef3evk9bDg_BeEh00KJt4&e=
Listening on LPF/eth0/06:8e:e9:9d:61:74 Sending on LPF/eth0/06:8e:e9:9d:61:74 Sending on Socket/fallback DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3 (xid=0xfc15527d) DHCPREQUEST of 10.0.1.101 on eth0 to 255.255.255.255 port 67 (xid=0x7d5215fc) DHCPOFFER of 10.0.1.101 from 10.0.1.1 DHCPACK of 10.0.1.101 from 10.0.1.1 bound to 10.0.1.101 -- renewal in 1759 seconds. curl: (7) Failed to connect to 54.67.81.185 port 443: No route to host curl: (7) Failed to connect to 54.67.81.185 port 443: No route to host curl: (7) Failed to connect to 54.67.81.185 port 443: Connection timed out curl: (7) Failed to connect to 54.67.81.185 port 443: Connection timed out curl: (7) Failed to connect to 54.67.81.185 port 443: Connection timed out curl: (7) Failed to connect to 54.67.81.185 port 443: Connection timed out curl: (7) Failed to connect to 54.67.81.185 port 443: Connection timed out
— You are receiving this because you commented. Reply to this email directly, view it on GitHubhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_PaloAltoNetworks_aws_issues_16-23issuecomment-2D396460403&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=yaPPNRHFJOEqZ9-bfG64oiDWvBigyIWTnqkw0GQeLyU&m=2fZgxR2069wOdNv8Di7o5ZOjwGQfzfccKj5pybwnyio&s=mkHCyfIWHrbV7bk4o3_LNr_1TkFErLIYS4dWevAc68g&e=, or mute the threadhttps://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_ARFcaW8PpQL9of7gpKAmsLKUpx9zifaiks5t70BSgaJpZM4UhNid&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=yaPPNRHFJOEqZ9-bfG64oiDWvBigyIWTnqkw0GQeLyU&m=2fZgxR2069wOdNv8Di7o5ZOjwGQfzfccKj5pybwnyio&s=EKwcQJVmDxK0pC4K4TmSLvgE7WpbGAOy7OE7MW83INc&e=.
thevirtualx
commented
1 year ago Hello Guys. excuse me I created the stack but it rolled back due to the error "CREATE FAILED - API: ec2:Runinstances Not authorized for images: [ami-7dcb9906]".
Best
I ran the two-tier-sample CFT. It deployed the PAN successfully, GUI came up, configurable, logs, everything. But I noticed the applications for web and DB didn't work. I logged into the web server it appears nothing was running. There's a lot of configs happening in User Data, but it doesn't look like anything loaded. Same with DB. MySQL wasn't running after all said and done.