search

dragonresearch / rpki.net

Dragon Research Labs rpki.net RPKI toolkit
54 stars 30 forks source link

[rpki] Installation Difference on "Bare" Server #596

Closed sraustein closed 11 years ago

sraustein commented 11 years ago

Hi all.

Not sure whether this is easily reproducible or if it was a fluke, but I installed RPKI on two servers yesterday (I'm not a coder to please forgive my less technical feedback):

  1. The first server was doing lots of things, so it had, pretty much, all the other packages RPKI
    needs to work.
  2. The second server was much fresher, it didn't even have Curl, RRDTool, Apache or even MySQL.

Some of these I installed prior to installing RPKI, like Apache and MySQL.

After I manually installed Curl, RPKI called for RRDTool and others.

The issues I saw, after the dust settled, were interesting:

a. rsync pulled data from the TA's and RPKI authenticated them, creating caches in "/var/rcynic/data" as one would expect. However, routers pointed at this cache didn't find any data.

b. Running a local "rtr-origin --client" also found no data, even though there was authenticated data in the cache.

c. At the same time, RRD files weren't being created on the 2nd server, and yet they were on the 1st. Running "rcynic-html" on both servers revealed something interesting...

d. The "--rrdtool-binary " looked good on the 1st server, but was empty on the 2nd. My immediate thought was that even though RPKI invoked the installation of RRDTool, it did not - somehow - continue its own installation on the basis of where/whether RRDTool had been installed.

So I basically rebuilt both of the now-installed "rpki- ca-0.5427" and "rpki-rp-0.5427" packages from scratch (well, "portupgrade -f rpki-ca-0.5427|rpki-rp-0.5427", to be exact), and that solved both my problems; the routers were now able to find VRP's, and RRD files were now being created.

Has anyone else seen something like this? FreeBSD-9.1 here.

Cheers,

Mark.

[attachment:"signature.asc"]

rpki mailing list rpki@rpki.net https://lists.rpki.net/mailman/listinfo/rpki

_Trac ticket #583 component rtrorigin priority minor, owner sra, created by mark.tinka@seacom.mu on 2013-07-15T04:46:10Z, last modified 2013-07-16T14:32:12Z

sraustein commented 11 years ago

signature.asc Added by email2trac Trac attachment by mark.tinka@seacom.mu on 2013-07-16T10:08:01Z

sraustein commented 11 years ago

The empty --rrdtool-binary option is weird, I have not seen that and it should not happen.

Will see if I can reproduce it.

Trac comment by sra on 2013-07-16T01:02:21Z

sraustein commented 11 years ago

Nothing in rcynic-cron actually uses rcynic-html's--rddtool-binary option, they use an internal equivalent which is supposed to be set by autoconf at compile time.

rcynic-html is a little weird about this: it's perfectly capable of running without rrdtool if invoked with --no-show-graphs. As currently written, though, it treats failure to find rrdtool when it was expecting to use it as a fatal error. The autoconf tests, however, do not treat absence of rrdtool as a fatal error. I suspect this is one of the root causes of the problem.

For now, I'm going to change configure.ac to treat absence of rrdtool as a fatal error. Another alternative would be to treat absence of rrdtool as equivalent to changing rcynic-cron's default from --show-graphs to --no-show-graphs, but since we don't really expect this to happen on any supported platform, we should probably just force issues with rrdtool into the open during compilation.

The other problem is that rcynic-cron aborts when rcynic-html does, before ever running rtr-origin --cronjob. In retrospect this was probably a mistake, as feeding the routers is more important than generating HTML.

Assuming that the above analysis is correct, the trigger for all this was that the port could not find rrdtool the first time Mark built it. Dunno why. PATH setting, maybe.

Trac comment by sra on 2013-07-16T02:23:16Z

sraustein commented 11 years ago

In [changeset:5430]: {{{

!CommitTicketReference repository="" revision="5430"

Save rcynic-html for last in rcynic-cron, as it's less critical than tasks like feeding the rpki-rtr engine. Treat failure to find rrdtool as a fatal error during ./configure, to avoid building a version of rcynic-html that can't generate graphs. Closes #583. }}}

Trac comment by sra on 2013-07-16T02:28:14Z

sraustein commented 11 years ago

On Tuesday, July 16, 2013 03:02:21 AM Trac Ticket System wrote:

The empty --rrdtool-binary option is weird, I have not seen that and it should not happen.

Will see if I can reproduce it.

Okay. Thanks.

Cheers,

Mark.

[attachment:"signature-1.asc"]

Trac comment by mark.tinka@seacom.mu on 2013-07-16T08:14:30Z

sraustein commented 11 years ago

signature-1.asc Added by email2trac Trac attachment by mark.tinka@seacom.mu on 2013-07-16T10:08:01Z

sraustein commented 11 years ago

On Tuesday, July 16, 2013 04:23:16 AM Trac Ticket System wrote:

For now, I'm going to change configure.ac to treat absence of rrdtool as a fatal error. Another alternative would be to treat absence of rrdtool as equivalent to changing rcynic-cron's default from --show-graphs to --no-show-graphs, but since we don't really expect this to happen on any supported platform, we should probably just force issues with rrdtool into the open during compilation.

I would agree with this approach, yes.

The other problem is that rcynic-cron aborts when rcynic-html does, before ever running rtr-origin --cronjob. In retrospect this was probably a mistake, as feeding the routers is more important than generating HTML.

Assuming that the above analysis is correct, the trigger for all this was that the port could not find rrdtool the first time Mark built it. Dunno why. PATH setting, maybe.

Yes, theh above analysis is consistent with what I saw during installation.

It does feel like a PATH setting of some sort, but that's as far as my Sys Admin skills will lead me to deduce :-), which is why it "felt" like rebuilding RPKI with a now-installed RRDTool worked.

Appreciate you being able to find the issue. Thanks.

Cheers,

Mark.

[attachment:"signature-2.asc"]

Trac comment by mark.tinka@seacom.mu on 2013-07-16T10:07:57Z

sraustein commented 11 years ago

signature-2.asc Added by email2trac Trac attachment by mark.tinka@seacom.mu on 2013-07-16T10:08:01Z

sraustein commented 11 years ago

On Tuesday, July 16, 2013 04:28:14 AM Trac Ticket System wrote:

  • status: new => closed
  • resolution: => fixed

Comment:

In [changeset:5430]: {{{

!CommitTicketReference repository="" revision="5430"

Save rcynic-html for last in rcynic-cron, as it's less critical than tasks like feeding the rpki-rtr engine. Treat failure to find rrdtool as a fatal error during ./configure, to avoid building a version of rcynic-html that can't generate graphs. Closes #583. }}}

Thanks.

Mark.

[attachment:"signature-3.asc"]

Trac comment by mark.tinka@seacom.mu on 2013-07-16T10:08:01Z

sraustein commented 11 years ago

signature-3.asc Added by email2trac Trac attachment by mark.tinka@seacom.mu on 2013-07-16T10:08:01Z

sraustein commented 11 years ago

Closed with resolution fixed