grouper-study

[Jack Stewart <>]

Chris and everyone,

I ssh-ed to a running container (the data container) and tried wget-ing the URLs to our ISP's metadata, and it can connect.  I don't think outbound connectivity is an issue.

Issues outstanding:

- www container just "sits there."

- gsh container cycles from Running, Completed, to Crash loop back off.

- Even though it was configured in the .yaml file, I had to go in and manually select the service port and target port of the ws service.  I did not have to do this with any of the other services.

I would really like to get this done by Thursday, so any experience, strength, and hope you can provide would be very much appreciated.

Thanks, Jack

On Mon, Dec 18, 2017 at 5:29 PM, Jack Stewart <> wrote:

Chris,

The www container never starts.  At all.  It just sits there showing the output in above in the deployment log.

You said "you can also comment out the InCommon metadata."  Do you mean downloading the InCommon metadata?  If so, where would I comment out downloading the InCommon metadata?  If not, I'm not sure what you mean for me to do.

Also, did you see my issue with the gsh container?  It keeps switching from Running, Completed, then Crash loop back off.  However, everything seems to be configured correctly, as there are no more Java stack traces.

Thanks, Jack

On Mon, Dec 18, 2017 at 4:51 PM, Christopher Hubing <> wrote:

On Mon, 18 Dec 2017, Jack Stewart wrote:

Everyone,
I have made some progress.  I was a holiday "helper" to myself and made some, but not complete, changes to the OpenLDAP OU structure when I brought the Internet2/TIER Grouper Git repo
to my own Git repo.  I fixed all instances of the OU structure, and I'm not seeing Java barf in the daemon, data, and gsh containers anymore.  Yay for me!

I was going to suggest taking a look at the sources.xml and make sure it matches the LDAP config, but it looks like you fixed it. I'm wondering what you had to change to make it work?

Now, the www container just sits there and does nothing.  I continue to see this:
--> Scaling www-5 to 1
--> Waiting up to 20m0s for pods in rc www-5 to become ready

Does the www container continue to run, or just die on startup? It's a pretty simple container, with Apache and a shibboleth SP. It is pre-configured to download the InCommon metadata. Is there a firewall rule that might be blocking the request? You can also comment out the InCommon metadata to see is that's the culprit.

-c

Does anyone have any ideas?

Thanks, Jack



On Sat, Dec 16, 2017 at 12:57 PM, Jack Stewart <> wrote:
      Hello!
After a fair amount of struggle, I have successfully built the containerized Grouper images and pushed them to our university's OpenShift environment.  However, I'm seeing the
following issues in the pods and services.

Pods

daemon:
Using GROUPER_HOME: /opt/grouper.apiBinary-2.3.0
Using GROUPER_CONF: /opt/grouper.apiBinary-2.3.0/conf
Using JAVA: /opt/openjdk8/bin/java
using MEMORY: 64m-750m
Grouper starting up: version: 2.3.0, build date: null, env: <no label configured>
grouper.properties read from: /opt/grouper.apiBinary-2.3.0/conf/grouper.properties
Grouper current directory is: /opt/grouper.apiBinary-2.3.0
log4j.properties read from: /opt/grouper.apiBinary-2.3.0/conf/log4j.properties
Grouper logs are not using log4j: class org.apache.commons.logging.impl.SLF4JLocationAwareLog
grouper.hibernate.properties: /opt/grouper.apiBinary-2.3.0/conf/grouper.hibernate.properties
grouper.hibernate.properties: root@jdbc:mysql://data:3306/grouper?CharSet=utf8&useUnicode=true&characterEncoding=utf8
subject.properties read from: /opt/grouper.apiBinary-2.3.0/conf/subject.properties
sources.xml read from: /opt/grouper.apiBinary-2.3.0/conf/sources.xml
sources configured in: sources.xml
sources.xml groupersource id: g:gsa
sources.xml ldap source id: ldap: cn=admin,dc=example,dc=edu@ldap://data
sources.xml groupersource id: grouperEntities
Subject API error: error with subject source id: ldap, name: EDU Ldap, problem with getSubject by id, in sources.xml: search searchSubject: ,
edu.internet2.middleware.subject.SourceUnavailableException: Ldap Exception: Pool is empty and object creation failed

gsh:
Using GROUPER_HOME: /opt/grouper.apiBinary-2.3.0
Using GROUPER_CONF: /opt/grouper.apiBinary-2.3.0/conf
Using JAVA: /opt/openjdk8/bin/java
using MEMORY: 64m-750m
Grouper starting up: version: 2.3.0, build date: null, env: <no label configured>
grouper.properties read from: /opt/grouper.apiBinary-2.3.0/conf/grouper.properties
Grouper current directory is: /opt/grouper.apiBinary-2.3.0
log4j.properties read from: /opt/grouper.apiBinary-2.3.0/conf/log4j.properties
Grouper logs are not using log4j: class org.apache.commons.logging.impl.SLF4JLocationAwareLog
grouper.hibernate.properties: /opt/grouper.apiBinary-2.3.0/conf/grouper.hibernate.properties
grouper.hibernate.properties: root@jdbc:mysql://data:3306/grouper?CharSet=utf8&useUnicode=true&characterEncoding=utf8
subject.properties read from: /opt/grouper.apiBinary-2.3.0/conf/subject.properties
sources.xml read from: /opt/grouper.apiBinary-2.3.0/conf/sources.xml
sources configured in: sources.xml
sources.xml groupersource id: g:gsa
sources.xml ldap source id: ldap: cn=admin,dc=example,dc=edu@ldap://data
sources.xml groupersource id: grouperEntities
Subject API error: error with subject source id: ldap, name: EDU Ldap, problem with getSubject by id, in sources.xml: search searchSubject: ,
edu.internet2.middleware.subject.SourceUnavailableException: Ldap Exception: Pool is empty and object creation failed

www:
--> Scaling www-4 to 1 --> Waiting up to 20m0s for pods in rc www-4 to become ready error: update acceptor rejected www-4: pods for rc "www-4" took longer than 1200 seconds to
become ready

Service

ws:
This target port will route to Service Port <unknown> → Container Port 8888.

Any assistance you can provide would be greatly appreciated.

Thanks, Jack


--
Jack Stewart
Solutions Architect, Identity and Access Management
University of Michigan
4251 Plymouth Road
Ann Arbor, Michigan 48105-3640
(734) 764-0853




--
Jack Stewart
Solutions Architect, Identity and Access Management
University of Michigan
4251 Plymouth Road
Ann Arbor, Michigan 48105-3640
(734) 764-0853

--

Jack Stewart

Solutions Architect, Identity and Access Management

University of Michigan

4251 Plymouth Road

Ann Arbor, Michigan 48105-3640

(734) 764-0853

--

Jack Stewart

Solutions Architect, Identity and Access Management

University of Michigan

4251 Plymouth Road

Ann Arbor, Michigan 48105-3640

(734) 764-0853