[Planetlab-devel] sfa.util.xmlrpcprotocol.ServerException: Internal API error

Xi Yang xyang at east.isi.edu
Wed Oct 13 12:46:46 EDT 2010 

Finally I was able to dig myself out of troubles. Below is something I would like to share with others who may get the same problems.

1. Solution ServerException: : GetSelfCredential: Cert missing parent

-- sfa-nuke-plc.py
	* this alone is not enough
-- rm -rf /var/lib/sfa/authorities/
-- service sfa stop
-- sfa-import-plc.py
-- service sfa start

2. ServerException: Internal API error: syntax error: line 1, column 0

This is due to messed i386 vs. x86_64 installation. We are running on a CentOS5 X86_64 platform.
The function 'sign' in /usr/lib/python2.5/site-packages/sfa/trust/credential.py needs to call the following command.
    /usr/bin/xmlsec1
which complained about not being able to load libxmlsec1-openssl.so library.
Somehow the myplc installation is using the xmlsec1-openssl.i386 dependency package instead of of xmlsec1-openssl.x86_64.

Here is what I did for fix.
-- yum erase xmlsec1-openssl.i386
	*this will remove both myplc and sfa. 'yes' to that. 
-- yum install xmlsec1-openssl.x86_64
-- yum install myplc
-- yum install sfa-plc sfa-client

One catch is that the libxmlsec1-openssl.so library is under /usr/lib64, which cannot be found by the code.
-- cp /usr/lib64/libxmlsec1-openssl.so /lib

I also found problem with reinstalling sfa-plc. It could not be properly erased by yum, which prevents it from being reinstalled.
Here is how to fix that.
-- yum erase sfa-plc
-- rpm -e --noscripts sfa-plc
-- yum install sfa-plc

Regards,
--Xi

On Oct 12, 2010, at 9:21 PM, Xi Yang wrote:

> Hi Glovanni,
> 
> Thanks for the insight. I have actually 'nuked' the database couple of times. The sfa table looks good after import.
> This can also be seen in the sfa.log.
> 
> ---
> 2010-10-12 18:20:02,300 - INFO - Purging SFA records from database
> 2010-10-12 18:20:06,576 - INFO - Import: inserting authority record for plc
> 2010-10-12 18:20:06,586 - INFO - Import: adding plc to trusted list
> 2010-10-12 18:20:06,588 - INFO - Connecting to PLCAPI at url https://localhost:4
> 43/PLCAPI/
> 2010-10-12 18:20:07,097 - INFO - Importing site: plc.maxpl
> 2010-10-12 18:20:07,097 - INFO - Import: site plc.maxpl
> 2010-10-12 18:20:07,258 - INFO - Import: node plc.maxpl.planetlab3
> 2010-10-12 18:20:07,330 - INFO - Import: node plc.maxpl.planetlab5
> 2010-10-12 18:20:07,418 - INFO - Import: node plc.maxpl.planetlab2
> 2010-10-12 18:20:07,497 - INFO - Import: node plc.maxpl.planetlab4
> 2010-10-12 18:20:07,590 - INFO - Import: slice plc.maxpl.netflow
> 2010-10-12 18:20:07,649 - INFO - Import: slice plc.maxpl.sirius
> 2010-10-12 18:20:07,707 - INFO - Import: slice plc.maxpl.sfacm
> 2010-10-12 18:20:07,769 - INFO - Import: slice plc.maxpl.drl
> 2010-10-12 18:20:07,818 - INFO - Import: person plc.maxpl.xyang
> 2010-10-12 18:20:08,128 - INFO - Import: person plc.maxpl.tlehman
> 2010-10-12 18:20:08,327 - INFO - Import: person plc.maxpl.bpillai
> 2010-10-12 18:20:08,538 - INFO - Import: saving current pub keys
> ---
> 
> I suppose you are also running some private or root-level PLC/SFA. Does the HRN 'plc.maxpl' sound right to you?
> 
> --Xi
> 
> 
> On Oct 12, 2010, at 6:28 PM, Giovanni Gherdovich wrote:
> 
>> Hello Yang,
>> 
>> On 10/12/2010 11:26 PM, Xi Yang wrote:
>> > Hi Thierry and all,
>> >
>> > I reinstalled both python2.5 and SFA from scratch.
>> > That might have done something good. But it didn't fix
>> > all the problems. Now I am getting another exception:
>> >
>> > sfa.util.xmlrpcprotocol.ServerException: :
>> > GetSelfCredential: Cert missing parent: plc.maxpl
>> >
>> > On the server side, we have an isolated PLC installation
>> > with HRN prefix: plc.maxpl. That means maxpl is not a site
>> > shown in the site list on http://www.planet-lab.org.
>> 
>> My two cents: if you are doing a "private" PLC/SFA deployment,
>> and you can afford to mess a bit with your database data, I would run
>> 
>> sfa-nuke.py
>> 
>> then
>> 
>> sfa-import.py
>> 
>> "nuke" erases the 'sfa' table from the postgres DB named 'planetlab5'
>> "import" creates it again.
>> 
>> I know it sounds a bit voodoo, but sometimes it got
>> me around the "Cert missing parent" error.
>> 
>> Cheers,
>> Giovanni
> 
> _______________________________________________
> Devel mailing list
> Devel at lists.planet-lab.org
> https://lists.planet-lab.org/mailman/listinfo/devel


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.planet-lab.org/pipermail/devel/attachments/20101013/7aa10256/attachment.html

More information about the Devel mailing list