Grouper Users - Open Discussion List

["Black, Carey M." <>]

Francesco,

 

I believe there are two issues with the 2.5.33 container that you will need to deal with.

 

1) There is a bug in the entry point scripts that prevent the containers from restarting. If you always create a new container, then things will work out ok. However a "stop" event leaves the container "broken". ☹ ( This should be resolved in 2.5.34 ... release date... still pending...)

 

2) Tomee made a change to be more "secure" and you need to open up the addresses that it will talk to so that it will communicate with Apache.

                Update /opt/tomee/conf/server.xml

                Add to the "<Connector ..." this attribute and value:

                                address="0.0.0.0"

 

                That should resolve the issue with it talking to Apache outside of the container.

 

                It is believed that the "0.0.0.0" should not allow access to tomcat from outside of the docker host.
                You environment might be different. Your docker networking might be different.

                So, with all security controls, verify for yourself. ( other values might work too. )

 

--

Carey Matthew

 

-----Original Message-----
From: <> On Behalf Of Francesco Malvezzi
Sent: Monday, September 7, 2020 1:25 PM
To:
Cc:
Subject: [grouper-users] Struggling with grouper-ui-2.4.33

 

hi all,

 

I'm pretty sorry to write again to the mailing list because there is a

lot of documentation but I can't really set up grouper-ui-2.4.33.

 

The container starts, I can launch the gsh in it, browse the users, so

connection to the db is fine along with most of the configuration.

 

The problem is connecting tomee (in the container) with apache2 (outside).

 

Apache2 virtual host is:

 

        Timeout 2400

        ProxyTimeout 2400

        ProxyBadHeader Ignore

        <Location /grouper/>

                Authtype shibboleth

                ShibRequireSession On

                require shib-attr affiliation

                ProxyPass ajp://localhost:8009/grouper/ timeout=2400

                ProxyPassReverse ajp://localhost:8009/grouper/

        </Location>

 

apache2's error log is pretty typical:

[Mon Sep 07 19:21:07.222352 2020] [proxy_ajp:error] [pid 158044]

(70014)End of file found: AH01030: ajp_ilink_receive() can't receive header

[Mon Sep 07 19:21:07.222526 2020] [proxy_ajp:error] [pid 158044] [client

10.1.254.66:55726] AH00992: ajp_read_header: ajp_ilink_receive failed

[Mon Sep 07 19:21:07.222584 2020] [proxy_ajp:error] [pid 158044]

(120006)APR does not understand this error code: [client

10.1.254.66:55726] AH00878: read response failed from [::1]:8009 (localhost)

 

I can check tomee's log by starting it with:

/opt/tomee/bin/catalina run

logs flow in foreground: there is no hint apache2 is asking a page. If I

CTRL+C, this trace follows:

 

edu.internet2.middleware.grouper.internal.dao.GrouperDAOException:

Problem in HibernateSession: HibernateSession (426f4e2a): new, readonly,

READONLY_NEW, notActiveTransaction, session (6d54d7cd),

Exception in uniqueResult: (class

edu.internet2.middleware.grouper.Member), ByHqlStatic, query: 'from

Member as m where      m.subjectIdDb       = :sid    and

m.subjectSourceIdDb = :source and  m.subjectTypeId   = :type',

cacheable: true, cacheRegion:

edu.internet2.middleware.grouper.internal.dao.hib3.Hib3MemberDAO.FindBySubject,

tx type: null, tx type: nullBind var[0]: 'Param (class

java.lang.String): 'sid'->'GrouperSystem', Bind var[1]: 'Param (class

java.lang.String): 'type'->'application'Bind var[2]: 'Param (class

java.lang.String): 'source'->'g:isa',

 

does it maybe mean something is stuck and tomee can't reach full start?

 

thank you so much,

 

f