[LON-CAPA-admin] unable to contact DNS
Stuart Raeburn
raeburn at msu.edu
Wed Nov 19 10:15:13 EST 2014
Bob,
> One related question, ca-certificates are not installed, they aren't
> installed on any of the servers in my domain, is this extra manual
> installation going to be required for all the servers when I update them
> over the Christmas break?
LON-CAPA domains running LWP 6.0 and later (i.e., Ubuntu 12, 14 and
CentOS/RedHat/Scientific Linux 7) need to have trusted root
certificates installed so that content can be replicated from other
servers running Apache/SSL, and also so that information about other
servers in the cluster can be retrieved from the authoritative
LON-CAPA "DNS" servers at MSU, University of Illinois, and SFU. This
requires installation of the ca-certificates package.
I have added a dependency on ca-certificates to an updated
LONCAPA-prerequisites rpm (1-23.2) for CentOS 7 (available from
http://install.loncapa.org/centos/loncapa/7/) so you will not need to
do this extra step manually when you update in December.
In the near future I expect to do the same for the Red Hat 7 and
Scientific Linux 7 repos, and for the loncapa-prerequisites deb
packages for Ubuntu 12 and 14.
Stuart Raeburn
LON-CAPA Academic Consortium
Quoting Bob Gonzales <rgonzal at binghamton.edu>:
> Stuart,
>
> Thanks for the quick reply.
>
> I had to put the old loncapa5 back on-line since students were logging into
> it directly and not going through our lon-balancer which had been
> configured to not use loncapa5 as a spare.
>
> So, I won't be able to follow up on this for a couple of weeks until after
> the students are done.
>
> One related question, ca-certificates are not installed, they aren't
> installed on any of the servers in my domain, is this extra manual
> installation going to be required for all the servers when I update them
> over the Christmas break?
>
> Thanks,
> Bob Gonzales
>
> On Tue, Nov 18, 2014 at 10:52 AM, Stuart Raeburn <raeburn at msu.edu> wrote:
>
>> Hi Bob,
>>
>> Tue Nov 18 09:49:29 2014 (16563): unable to contact DNS defaulting to on
>>> disk file dns_domain.tab
>>>
>>
>> I would recommend confirming that the ca-certificates package is installed.
>>
>> yum info ca-certificates
>>
>> and, if not, install it:
>>
>> yum install ca-certificates
>>
>> I would also recommend testing web requests to https://s10.lite.msu.edu/
>> by using: openssl s_client -connect s10.lite.msu.edu:443 -state
>>
>> I am seeing some requests for http://s10.lite.msu.edu/adm/dns/domain from
>> 128.226.130.232 in the access_log
>>
>> 128.226.130.232 - - [18/Nov/2014:09:49:28 -0500] "GET /adm/dns/domain
>> HTTP/1.1" 302 305
>>
>> but I am not seeing the subsequent request for
>> https://s10.lite.msu.edu/adm/dns/domain in the ssl_access_log.
>>
>> You could also try:
>>
>> wget https://s10.lite.msu.edu/adm/dns/domain
>>
>> and see what is reported by wget.
>>
>>
>> Stuart Raeburn
>> LON-CAPA Academic Consortium
>>
>>
>> Quoting Bob Gonzales <rgonzal at binghamton.edu>:
>>
>> Hi,
>>>
>>> I put my centos 7, loncapa 2.11 machine on line and I am seeing the
>>> following entries intersperse throughout my lonnet.log:
>>>
>>> Tue Nov 18 09:49:29 2014 (16563): unable to contact DNS defaulting to on
>>> disk file dns_domain.tab
>>>
>>> I can log on but it's a little slow entering a course. I don't know
>>> whether that's due to DNS or just building cache's.
>>>
>>> This is a hardware upgrade of an existing access server,
>>> loncapa5.chem.binghamton.edu.
>>>
>>> Any help would be appreciated.
>>>
>>> Thanks,
>>> Bob Gonzales
>>> Chemistry Dept
>>> Binghamton University
More information about the LON-CAPA-admin
mailing list