Cannot connect to OneFlow server

I can’t seem to get the oneflow service to communicate with the sunstone server. At first oneflow couldn’t find /var/lib/one/.one/oneflow_auth but after I fixed that error everything seemed ok until I actually clicked on the openflow link in the sunstone ui.

Our current setup is like this:

VM1

  • Sunstone-server
  • Openflow-server

VM2

  • Opennebula daemon

The errors we see in the oneflow.log, the 500 error obviously points to something bad in the oneflow server… but what?

Tue Mar 31 17:47:20 2015 [I]: 127.0.0.1 - - [31/Mar/2015:17:47:20 +0200] "GET /service HTTP/1.1" 500 31 0.0083
Tue Mar 31 17:47:34 2015 [I]: 127.0.0.1 - - [31/Mar/2015:17:47:34 +0200] "GET /service_template HTTP/1.1" 500 31 0.0026

And in the sunstone.log we see this

Tue Mar 31 16:56:30 2015 [E]: [OneFlow] Connection refused - connect(2)
Tue Mar 31 16:56:30 2015 [E]: [OneFlow] Connection refused - connect(2)

I tried to enable debug logging in oneflow but that doesn’t show any extra information in the logfiles. When i try to connect through the links browser (http://localhost:2474) on the sunstone VM, I get the following error:

A username and password must be provided

I’m kind of lost as I understood that this should be provided by the oneflow_auth file. Hope someone can shed some light on this issue.

Probably you have to update the one_xmlrpc endpoint in /etc/one/oneflow-server.conf to point to the oned VM

Hi Daniel,

Thank you for your answer, but both the sunstone and the openflow servers are pointed towards the right IP address. So the setup without the openflow server is working fine.

cat /etc/one/sunstone-server.conf | grep RPC
:one_xmlrpc: http://192.168.12.241:2633/RPC2
[root@sunstone4 ~]# cat /etc/one/oneflow-server.conf | grep RPC
:one_xmlrpc: http://192.168.12.241:2633/RPC2

This is the list of installed gems on the sunstone server

# gem list

*** LOCAL GEMS ***

amazon-ec2 (0.9.17)
aws-sdk (1.33.0)
azure (0.6.4)
bigdecimal (1.2.0)
builder (3.2.2)
configparser (0.1.3)
curb (0.8.6)
daemons (1.2.1)
eventmachine (1.0.7)
faraday (0.9.1)
hashie (3.4.0)
inflection (1.0.0)
io-console (0.4.2)
json (1.8.2, 1.7.7)
macaddr (1.7.1)
memcache-client (1.8.5)
mime-types (2.4.3, 1.25.1)
mini_portile (0.6.2)
multi_json (1.11.0)
multipart-post (2.0.0)
mysql (2.9.1)
net-ldap (0.11)
nokogiri (1.6.1)
ox (2.1.8)
parse-cron (0.1.4)
polyglot (0.3.5)
psych (2.0.0)
rack (1.6.0)
rack-protection (1.5.3)
rake (0.9.6)
rdoc (4.0.0)
sequel (4.20.0)
sinatra (1.4.5)
softlayer_api (3.0.1)
sqlite3 (1.3.10)
systemu (2.6.4)
thin (1.6.3)
tilt (1.4.1)
treetop (1.5.3)
trollop (2.1.2)
uuid (2.3.7)
uuidtools (2.1.5)
xml-simple (1.1.5)
zendesk_api (1.6.0)

Hi,

Could you try creating the following file in the machine where OneFlow (OpenFlow is a different tool :smile: ) is running:

cat /var/lib/one/.one/one_endpoint
http://192.168.12.241:2633/RPC2

and restart oneflow-server

Cheers

Hi Daniel,

At least I’m not seeing the error in the UI anymore. Still have authentication errors in the oned.log but I’ll have a look at that too. And you’re right with the openflow vs. oneflow ofcourse :smile: I’ll let you know how it goes.

Hi Daniel,

As Martijn said, we created the one_endpoint file and we restarted the oneflow-server. Now, we don’t get this error on the sunstone UI but we still get it on the oneflow.log:

Tue Apr 07 14:33:06 2015 [I]: 127.0.0.1 - - [07/Apr/2015:14:33:06 +0200] “GET /service HTTP/1.1” 200 28 0.2358
Tue Apr 07 14:33:11 2015 [I]: 127.0.0.1 - - [07/Apr/2015:14:33:11 +0200] “GET /service_template HTTP/1.1” 200 28 0.2308
Tue Apr 07 14:33:35 2015 [E]: [LCM] Error retrieving the Service Pool: [DocumentPoolInfo] User couldn’t be authenticated, aborting call.
Tue Apr 07 14:34:05 2015 [E]: [LCM] Error retrieving the Service Pool: [DocumentPoolInfo] User couldn’t be authenticated, aborting call.
Tue Apr 07 14:34:35 2015 [E]: [LCM] Error retrieving the Service Pool: [DocumentPoolInfo] User couldn’t be authenticated, aborting call.
Tue Apr 07 14:35:05 2015 [E]: [LCM] Error retrieving the Service Pool: [DocumentPoolInfo] User couldn’t be authenticated, aborting call.
Tue Apr 07 14:35:36 2015 [E]: [LCM] Error retrieving the Service Pool: [DocumentPoolInfo] User couldn’t be authenticated, aborting call.
Tue Apr 07 14:36:06 2015 [E]: [LCM] Error retrieving the Service Pool: [DocumentPoolInfo] User couldn’t be authenticated, aborting call

Also, it seems oneflow commands are not working:

oneadmin@opennebula4 ~]$ oneflow list
Error connecting to server (Connection refused - connect(2)).
Server: localhost:2474

Any hint/advice is welcome :smile:

Thanks in advance,
Esteban

Hi Daniel,

As Martijn commented on his first post, our current setup is:

VM1

  • Sunstone-server
  • Openflow-server

VM2

  • Opennebula daemon

And now, if for example I execute “oneflow list” in VM2 I get "Connection refused - connect (2)):

oneadmin@opennebula4 ~]$ oneflow-template list
Error connecting to server (Connection refused - connect(2)).
Server: localhost:2474

According to http://archives.opennebula.org/documentation:community:faq#i_get_a_connection_refused_-_connect_2_error_what_is_the_problem , I should define ONE_XMLRPC environment variable, if it is so, where I should define it? VM1 or VM2? (I understand in VM2 that is also where XMLRPC is running) and how I should define it?

Thanks in advance,
Esteban

You have to define the ONE_XMLRPC env var for the clients that are going to interact with oned.

For example:

oneflow-template (Blue_VM) -> oneflow-server (Red_VM) -> oned (Green_VM)

  • Blue_VM has to define the URL where oneflow-server is running, you can specify this using the -s/–server option of the command. By default oneflow-server is running in localhost so you won’t be able to interact with the server from a different machine, you can change this in oneflow-server.conf in Red_VM.

  • Red_VM has to define the endpoint where oned is listening, you can do this in the oneflow-server.conf but there is a bug and it’s not working in the current version. As a workaround you can define either the /var/lib/one/.one/one_endpoint file or the ONE_XMLRPC env var in Red_VM

  • You don’t have to define anything in Green_VM

Hope this helps

Hi Daniel,

Sorry, I am a bit lost with this, it is my first time configuring OneFlow and also with this infrastructure :slight_smile:

About oneflow-template(Blue_VM), I think we already have configured oneflow-server.conf to avoid it is only listening on localhost:

[root@sunstone4 ~]# grep host /etc/one/oneflow-server.conf
:host: 0.0.0.0

But in any case, if I tried to run the oneflow-template command with the -s option I get the following outputs which I think it is not the expected. After seeing the outputs I have to mention that sunstone is running under nginx so maybe we are missing some extra configuration on nginx or I am not executing correctly the command:

[oneadmin@opennebula4 ~]$ oneflow-template list -s http://192.168.12.239

301 Moved Permanently

301 Moved Permanently


nginx

I am putting 192.168.12.239 because it is the IP where oneflow server is running. I have to mention that I am running the oneflow-template command from the machine where the oned (Green_VM) is installed which is a different machine from the oneflow-server(Red_VM).

About, /var/lib/one/.one/one_endpoint , we already have defined this file on the machine where it is running the oneflow-server.

I also tried to configure ONE_XMLRPC env var on the oneflow-server and under oneadmin user but it did not change the output from previous commands.

On the other hand, I have to say that we are not seeing more errors on /var/log/one/oneflow.log log and also, I was testing OneFlow through SunStone UI following this old example https://www.youtube.com/watch?v=SfFbpYFuOJw and everything seems to be working through Sunstone. Therefore, Is OneFlow only supposed to be used through SunStone UI? If not, why is it failing through the command line/what am I missing?

Also, I would like to take the advantage to ask how it works once you have instantiated a backend and fronted nodes using OneFlow and how this works. Is there any available documentation about it?

I know, I lot of questions, so thank you very much for your patience and help :slight_smile:

Thanks in advance,
Esteban

I think you are missing the port in the url

That means everything is ok, you followed the right “Camino de Santiago”.

You can use OneFlow through Sunstone or through the CLI. These are the interactions that are performed:
sunstone → oned
sunstone → oneflow-server → oned
oneflow-cli → oneflow-server → oned

You can take a look to the following guide:
http://docs.opennebula.org/4.12/advanced_administration/application_flow_and_auto-scaling/appflow_use_cli.html

Basically, OneFlow is running on top of oned and is handling the dependencies between the VMs and elasticity rules. It will create Virtual Machines through the ONE_XMLRPC API when needed.

If you have any doubts do not hesitate to ask me

Hi Daniel,

Thank you very much for your help :smile:

The command does not work even indicating the port:

[oneadmin@opennebula4 ~]$ oneflow-template list -s http://192.168.12.239:2274
No route to host - connect(2)

But probably, I am not understanding correctly how this command works. 192.168.12.239 is the OneFlow server IP and 2274 the port in which OneFlow is listening.

I liked the sentence about the “Camino de Santiago” ^^…hehe

Thank you very much for sending the link to the documentation and for the explanation. It is on my bookmarks and I am going to try to have a look on it during today.

So, in conclusion, I think we can close this topic since it seems it is working correctly from sunstone UI but before closing it, I would like to ask you about /var/lib/one/.one/one_endpoint. I think you mentioned before that in last OneFlow version there is a known issue/bug and it is necessary to create this file by hand. Is that correct? If it is so, I would appreciate if you could indicate me the link where is tracked this issue in order to know when it is solved.

Thanks in advance,
Esteban

If you didn’t change it the default port for OneFlow is 2474.

http://dev.opennebula.org/issues/3744

Cheers

Hi Daniel,

You are right, sorry, I made a mistake during the copy/paste but in any case, the command also fails putting the right port:

oneadmin@opennebula4 ~]$ oneflow-template list -s http://192.168.12.239:2474
No route to host - connect(2)

Probably, I am missing something on the configuration with this.

Ok, thank you very much for sending us the link to the issue :smile:

Regards,
Esteban

Hi Daniel,

Just to conclude with this topic, oneflow-template command was not working because I needed to configure firewalld to open port 2474. So, it was my fault and now it is working :smile:

[oneadmin@opennebula4 ~]$ oneflow-template list -s http://192.168.12.239:2474
    ID USER            GROUP           NAME                                 
    2 oneadmin        oneadmin        TestOneFlow

Regards,
Esteban