cdn-in-a-box / db upgrade failed!

[ghost]

Hi guys,

Hope you are all well !

I create all my subdomains for deploying the "cdn-in-a-box" version, changed the en.variables, but I have the following error when running docker-compose up --build:

How can I sort that ? Is there a workaround ?

Btw, wouldn't be easier to use certbot/letsencrypt for generating ssl certificates ?

Thanks for any insights or inputs on that deployment isssue.

Cheers, Luc Michalski

[ocket8888]

Btw, wouldn't be easier to use certbot/letsencrypt for generating ssl certificates ?

That only works if you have globally authoritative DNS, as I understand it. To really implement that, we'd need to add a letsencrypt container and set up a workflow to answer challenges for TO, which we don't have right now (and likely never will) - it's faster and easier to just use openssl calls, imo.

Regarding the failure, what happened to your db container? Did that start up okay?

[ghost]

@ocket8888

Yeah it started okay but I noticed that my domain is not in the logs:

Is it normal to have "insert-self-into-dns domain ciab.test dns_key_path /shared/dns/Kciab.test.+157+47779.private my_host db my_ip 172.20.0.3 my_fqdn db.infra.ciab.test cmd 'update add db.infra.c..." instead of my domain that is set in the env.variables file ?

Cheers, Luc

[ghost]

That's what I have for now. Should I replace all "ciab.test" occurences by "evolutive.group" ? How to debug it ?

[ocket8888]

I don't think you can actually change the TLD. That's the only domain for which the DNS container is authoritative.

May I ask why you want to change it?

[ghost]

I want to change the domain ^^ not the tld sorry for the confusion

[ocket8888]

Well in variables.env there's

• TLD_DOMAIN
• INFRA_SUBDOMAIN
• CDN_SUBDOMAIN

Which one are you trying to change? And why?

[ghost]

Here is my variables.env for test purpose:

I want to use the cdn.evolutive.group subdomain for self hosting my own cdn server.

subdomain = cdn domain= evolutive tld = group

# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.
TLD_DOMAIN=evolutive.group
INFRA_SUBDOMAIN=infra
CDN_NAME=Evolutive CDN
CDN_SUBDOMAIN=cdn
DS_HOSTS=demo1 demo2 demo3
X509_CA_NAME=CIAB-CA
X509_CA_COUNTRY=FR
X509_CA_STATE=Rhone-Alpes
X509_CA_CITY=Lyon
X509_CA_COMPANY=Evolutive Group
X509_CA_ORG=Evolutive Group
X509_CA_ORGUNIT=RD
X509_CA_EMAIL=technique@evolutive-business.com
X509_CA_DIGEST=sha256
X509_CA_DURATION_DAYS=365
X509_CA_KEYTYPE=rsa
X509_CA_KEYSIZE=4096
X509_CA_UMASK=0000
X509_CA_DIR=/shared/ssl
X509_CA_PERSIST_DIR=/ca
X509_CA_PERSIST_ENV_FILE=/ca/environment
X509_CA_ENV_FILE=/shared/ssl/environment
DB_NAME=traffic_ops
DB_PORT=5432
DB_SERVER=db
DB_USER=traffic_ops
DB_USER_PASS=twelve
DNS_SERVER=dns
DBIC_TRACE=0
ENROLLER_HOST=enroller
PGPASSWORD=twelve
POSTGRES_PASSWORD=twelve
EDGE_HOST=edge
INFLUXDB_HOST=influxdb
INFLUXDB_PORT=8086
INFLUXDB_ADMIN_USER=influxadmin
INFLUXDB_ADMIN_PASSWORD=influxadminpassword
GRAFANA_ADMIN_USER=grafanaadmin
GRAFANA_ADMIN_PASSWORD=grafanaadminpassword
GRAFANA_PORT=443
MID_01_HOST=mid-01
MID_02_HOST=mid-02
ORIGIN_HOST=origin
SMTP_HOST=smtp
SMTP_PORT=25
TM_HOST=trafficmonitor
TM_PORT=80
TM_EMAIL=technique@evolutive-business.com
TM_PASSWORD=jhdslvhdfsuklvfhsuvlhs
TM_USER=tmon
TM_LOG_EVENT=stdout
TM_LOG_ERROR=stdout
TM_LOG_WARNING=stdout
TM_LOG_INFO=stdout
TM_LOG_DEBUG=stdout
TO_ADMIN_PASSWORD=twelve12
TO_ADMIN_USER=admin
TO_ADMIN_FULL_NAME=James Cole
# Set TM_DEBUG_ENABLE to true`to debug Traffic Monitor with Delve
TM_DEBUG_ENABLE=false
# Set TO_DEBUG_ENABLE to true`to debug Traffic Ops with Delve
TO_DEBUG_ENABLE=false
# Set TO_PERL_DEBUG_ENABLE to true`to debug Traffic Ops Perl with Devel::Camelcadedb
TO_PERL_DEBUG_ENABLE=false
# Set TR_DEBUG_ENABLE to true`to debug Traffic Router with with JPDA
TR_DEBUG_ENABLE=false
# Set TS_DEBUG_ENABLE to true`to debug Traffic Stats with Delve
TS_DEBUG_ENABLE=false
TO_EMAIL=technique@evolutive-business.com
TO_HOST=trafficops
TO_PORT=443
TO_PERL_HOST=trafficops-perl
TO_PERL_PORT=443
TO_PERL_SCHEME=https
TO_SECRET=blahblah
TO_LOG_ERROR=/var/log/traffic_ops/error.log
TO_LOG_WARNING=/var/log/traffic_ops/warning.log
TO_LOG_INFO=/var/log/traffic_ops/info.log
#TO_LOG_DEBUG=/var/log/traffic_ops/debug.log
TO_LOG_DEBUG=/dev/null
TO_LOG_EVENT=/var/log/traffic_ops/event.log
TP_HOST=trafficportal
TP_EMAIL=technique@evolutive-business.com
TR_HOST=trafficrouter
TR_DNS_PORT=53
TR_HTTP_PORT=80
TR_HTTPS_PORT=443
TR_API_PORT=3333
TP_PORT=443
TS_EMAIL=technique@evolutive-business.com
TS_HOST=trafficstats
TS_PASSWORD=trafficstatspassword
TS_USER=tstats
TV_HOST=trafficvault
TV_USER=tvault
TV_PASSWORD=mwL5GP6Ghu_uJpkfjfiBmii3l9vfgLl0
TV_EMAIL=technique@evolutive-business.com
TV_ADMIN_USER=admin
TV_ADMIN_PASSWORD=riakAdmin
TV_RIAK_USER=riakuser
TV_RIAK_PASSWORD=riakPassword
TV_INT_PORT=8087
TV_HTTP_PORT=8098
TV_HTTPS_PORT=8088
ENROLLER_DIR=/shared/enroller
AUTO_SNAPQUEUE_ENABLED=true
AUTO_SNAPQUEUE_SERVERS=trafficops,trafficops-perl,trafficmonitor,trafficrouter,trafficvault,edge,mid-01,mid-02
AUTO_SNAPQUEUE_POLL_INTERVAL=2
AUTO_SNAPQUEUE_ACTION_WAIT=2

[ghost]

any thoughts ? ^^

[zrhoffman]

$CDN_NAME is unquoted in some places. Using a CDN name with no spaces should work.

[ghost]

No luck ! I am still stuck with the following messages:

@mitchell852 any idea how to simplify the deploy ? or to fix my deploy issue ^^

Cheers, Luc Michalski

[ocket8888]

When you say "deploy" I get the sense that you're trying to use CDN-in-a-Box as a real, production-ready CDN. It's not meant to be deployed like that and is not guaranteed to be safe for clients to connect to - either for clients or for your services.

[jhg03a]

That said, there are some tools available that can help expedite a more production-like deployment included as well. They're only partial solutions though because each implementation is different. https://traffic-control-cdn.readthedocs.io/en/latest/admin/environment_creation.html

[ghost]

I am confused with the purpose of this project if it is not production oriented ^^

Also, I have to confess that it is still too complicated to test it.

For now, I will try to write my own simple caching web service.

Cheers, Luc Michalski

[ocket8888]

The project is production-oriented. The Dockerfiles you are trying to use in production are for testing and demoing.

But if you really just need a "simple caching web service" you probably don't need ATC to do it. ATC is primarily for large, distributed systems of up to thousands of servers.

[ocket8888]

Closing as it seems progression on this issue has ceased.