Closed sraustein closed 8 years ago
sraustein
commented
8 years ago {{{ From: Oleg Muravskiy oleg@ripe.net Subject: Re: [Track-RPKI] #818: operator ca.rg.net:/root/CA-data# rpkic - ServerCA matching query does not exist To: Randy Bush randy@psg.com Date: Fri, 13 May 2016 17:07:46 +0200
We also have an exception on our side, looking into it… }}}
Trac comment by randy on 2016-05-13T15:14:18Z
sraustein
commented
8 years ago {{{ ca.rg.net:/root/CA-data# cat RGnet.3336711f-25e1-4b5c-9748-e6c58bef82a5.repository-request.xml
}}}
fwiw, did not end with a line end
Trac comment by randy on 2016-05-13T15:29:51Z
sraustein
commented
8 years ago That exception says you're trying to use an uninitialized database, one that has not had rpkic initialize_server_bpki run on it. Given that the installation process runs that command, this is weird, to put it mildly.
Is this an up-to-date tk705 installation? Is it an upgraded copy of an older tk705 installation, and, if so, did you check for errors while updating? You may recall that there was an incompatible schema change a few weeks ago (getting rid of rpki.irdb.models.Turtle), this might have caused problems; I would have expected the upgrade process to explode if that were the case, but maybe Django found some new and interesting way to break instead.
Newline at the end of XML is essentially meaningless. In some cases we add one manually to avoid disturbing human beings, but the encoder itself usually doesn't bother.
Trac comment by sra on 2016-05-13T15:33:57Z
sraustein
commented
8 years ago this is a fresh purge install
i did go through the
{{{ apt-get purge rpki-ca rpki-rp apt-get install rpki-rp rpki-ca systemctl stop rpki-ca rm -rf /usr/share/rpki/.{tal,cer} /usr/share/rpki/publication/ /usr/share/rpki/rrdp-publication/* /var/log/rpki/* rpki-sql-setup --postgresql-root-username postgres drop install -d -o rpki -g rpki /var/run/rpki /var/log/rpki /usr/share/rpki/publication /usr/share/rpki/rrdp-publication rpki-sql-setup --postgresql-root-username postgres create sudo -u rpki rpki-manage migrate rpkidb --settings rpki.django_settings.rpkid --no-color sudo -u rpki rpki-manage migrate pubdb --settings rpki.django_settings.pubd --no-color sudo -u rpki rpki-manage migrate irdb --settings rpki.django_settings.irdb --no-color sudo -u rpki rpki-manage migrate --settings rpki.django_settings.gui --no-color }}}
Trac comment by randy on 2016-05-13T15:36:22Z
sraustein
commented
8 years ago Ah, if you did all that but did not do rpkic initialize_server_bpki,
that could explain the error.
Not even going to ask why you thought manually whacking and partially rebuilding the database on ca0.rpki.net would be a good idea.
Trac comment by sra on 2016-05-13T15:59:15Z
sraustein
commented
8 years ago Ah, if you did all that but did not do
rpkic initialize_server_bpki, that could explain the error.
ok, will try. that was not in your recipe i copied. which could explain some things.
Not even going to ask why you thought manually whacking and partially rebuilding the database on ca0.rpki.net would be a good idea.
this is ca.rg.net, child of ripe, not newca0.rpki.net (altCA to be). and i have not done anything on the real ca0.rpki.net (altCA) this year.
Trac comment by randy on 2016-05-13T16:01:59Z
sraustein
commented
8 years ago {{{ ca.rg.net:/root/CA-data# rpkic initialize_server_bpki Writing /usr/share/rpki/bpki/ca.cer Writing /usr/share/rpki/bpki/rpkid.key Writing /usr/share/rpki/bpki/rpkid.cer Writing /usr/share/rpki/bpki/irdbd.cer Writing /usr/share/rpki/bpki/irbe.cer Writing /usr/share/rpki/bpki/ca.crl Writing /usr/share/rpki/bpki/pubd.key Writing /usr/share/rpki/bpki/pubd.cer ca.rg.net:/root/CA-data# rpkic configure_publication_client RGnet.3336711f-25e1-4b5c-9748-e6c58bef82a5.repository-request.xml This might be an offer, checking We don't host this client's parent, so we didn't make an offer Don't know where else to nest this client, so defaulting to top-level Client calls itself 'RGnet', we call it 'RGnet' Wrote /root/CA-data/RGnet.repository-response.xml Send this file back to the publication client you just configured ca.rg.net:/root/CA-data# rpkic configure_repository RGnet.repository-response.xml Repository calls us 'RGnet' No explicit parent_handle given, guessing parent 3336711f-25e1-4b5c-9748-e6c58bef82a5 }}}
Trac comment by randy on 2016-05-13T16:03:54Z
sraustein
commented
8 years ago Not even going to ask why you thought manually whacking and partially rebuilding the database on ca0.rpki.net would be a good idea.
s{ca0.rpki.net}{ca.rg.net}, or whatever this one is named.
Trac comment by sra on 2016-05-13T16:03:59Z
sraustein
commented
8 years ago Ah, if you did all that but did not do
rpkic initialize_server_bpki, that could explain the error.ok, will try. that was not in your recipe i copied. which could explain some things.
The recipe you copied was for newca0.rpki.net, where you were doing horrible things with raw SQL salvaged from ca0.rpki.net and the entire point of the long command sequence by hand was to avoid running the normal BPKI setup, because the SQL you were trying to salvage includes BPKI data you wanted to salvage.
this is ca.rg.net, child of ripe, not newca0.rpki.net (altCA to be).
Yeah, figured that out.
Your naming scheme perpetually confuses me at some gut level: they're all made out of ticky-tacky, and they all sound just the same.
and i have not done anything on the real ca0.rpki.net (altCA) this year.
Good.
Trac comment by sra on 2016-05-13T16:15:06Z
sraustein
commented
8 years ago Closed with resolution invalid
/tk705
{{{ ca.rg.net:/root/CA-data# rpkic configure_parent issuer-identity-20160513.xml Parent calls itself '3336711f-25e1-4b5c-9748-e6c58bef82a5', we call it '3336711f-25e1-4b5c-9748-e6c58bef82a5' Parent calls us 'f1400649-ab90-4332-b7e3-3da6b7e44cdb' Wrote /root/CA-data/RGnet.3336711f-25e1-4b5c-9748-e6c58bef82a5.repository-request.xml This is the file to send to the repository operator ca.rg.net:/root/CA-data# rpkic configure_publication_client RGnet.3336711f-25e1-4b5c-9748-e6c58bef82a5.repository-request.xml This might be an offer, checking We don't host this client's parent, so we didn't make an offer Don't know where else to nest this client, so defaulting to top-level Client calls itself 'RGnet', we call it 'RGnet' Traceback (most recent call last): File "/usr/sbin/rpkic", line 57, in
rpki.rpkic.main()
File "/usr/lib/python2.7/dist-packages/rpki/rpkic.py", line 129, in init
self.main(args)
File "/usr/lib/python2.7/dist-packages/rpki/rpkic.py", line 136, in main
args.func(self, args)
File "/usr/lib/python2.7/dist-packages/rpki/rpkic.py", line 498, in do_configure_publication_client
r, client_handle = self.zoo.configure_publication_client(f, args.sia_base, args.flat)
File "/usr/lib/python2.7/dist-packages/django/utils/decorators.py", line 145, in inner
return func(_args, _kwargs)
File "/usr/lib/python2.7/dist-packages/rpki/irdb/zookeeper.py", line 808, in configure_publication_client
issuer = self.server_ca,
File "/usr/lib/python2.7/dist-packages/rpki/irdb/zookeeper.py", line 282, in server_ca
return rpki.irdb.models.ServerCA.objects.get()
File "/usr/lib/python2.7/dist-packages/django/db/models/manager.py", line 127, in manager_method
return getattr(self.get_queryset(), name)(_args, _kwargs)
File "/usr/lib/python2.7/dist-packages/django/db/models/query.py", line 334, in get
self.model._meta.object_name
rpki.irdb.models.DoesNotExist: ServerCA matching query does not exist.
}}}
Trac ticket #818 component rpkid priority blocker, owner None, created by randy on 2016-05-13T14:53:05Z, last modified 2016-08-05T15:27:31Z