cancel
Showing results for 
Search instead for 
Did you mean: 
VriendP
Level 7

TIE Slave not working

I have a situation that I hope someone here can help me out with. I installed two TIE/DXL Servers in a Master/Slave setup. Both of the servers have a DXL Broker role. As DXL brokers, everything is fine. When it comes to TIE, the first server is functioning correctly as well, so we have reputation information. However the second server does not appear to be running a postgres database. I am observing the following:

1. When I have registered both TIE servers in ePO as Database Servers, TIE connections fail 50% of the time (naturally)

2. On the Slave TIE Server, the /data/tieserver_pg directory contains only a recovery.conf file, as opposed to the same directory on the master which contains several files and directories related to postgres

3. During installation of the Slave Server, we have observed issues during initialization of the TIE Server. It gives the following error: initctl: Job failed to start (after which the process appears to continue successfully but obviously does not)

4. We see the DXL Fabric page in ePO display all information about both brokers correctly and the brokers appear to be Connected. In the System Tree, the Slave gets a DXLBROKER tag, but NOT a TIESERVER tag.

5. In the System properties for the Slave TIE Server, we observe all properties under DXL Status are Not Available

6. TIE Reputation functionality is working correctly from the Master TIE Server

Thinking I must have missed something, I rebuilt both TIE Servers, at each step patiently waiting for background tasks to complete before moving to the next step. It appears that the slave simply won’t start the postgres database and processes.

The TIE Servers are located in the same VLAN and all credentials have been triple checked. All machines have the necessary layer 3 network access.

Below I have pasted some of the relevant logs. Has anyone observed a similar issue before?

tieserver-start.log:

Call initctl start pg

Waiting for TIEServer Postgres process to start 0

Call initctl start pg

Waiting for TIEServer Postgres process to start 0

tieserver-install.log:

Preparing packages for installation...

Pre Install

Available space : 3884396 KB

Required size   : 512000 KB

Pre Initial Install

tieserver-1.2.0-131.mlos2

Adding Postgres lib directory to postmaster.conf and pg_ctl.conf

Post Initial Install

The files belonging to this database system will be owned by user "mfetie".

This user must also own the server process.

The database cluster will be initialized with locales

  COLLATE:  C

  CTYPE:    en_US.UTF-8

  MESSAGES: en_US.UTF-8

  MONETARY: en_US.UTF-8

  NUMERIC:  en_US.UTF-8

  TIME:     en_US.UTF-8

The default database encoding has accordingly been set to "UTF8".

The default text search configuration will be set to "english".

Data page checksums are disabled.

fixing permissions on existing directory /data/tieserver_pg ... ok

creating subdirectories ... ok

selecting default max_connections ... 100

selecting default shared_buffers ... 128MB

creating configuration files ... ok

creating template1 database in /data/tieserver_pg/base/1 ... ok

initializing pg_authid ... ok

initializing dependencies ... ok

creating system views ... ok

loading system objects' descriptions ... ok

creating collations ... ok

creating conversions ... ok

creating dictionaries ... ok

setting privileges on built-in objects ... ok

creating information schema ... ok

loading PL/pgSQL server-side language ... ok

vacuuming database template1 ... ok

copying template1 to template0 ... ok

copying template1 to postgres ... ok

syncing data to disk ... ok

WARNING: enabling "trust" authentication for local connections

You can change this by editing pg_hba.conf or using the option -A, or

--auth-local and --auth-host, the next time you run initdb.

Success. You can now start the database server using:

    /opt/McAfee/tieserver/postgresql/bin/postgres -D /data/tieserver_pg

or

    /opt/McAfee/tieserver/postgresql/bin/pg_ctl -D /data/tieserver_pg -l logfile start

PostgreSQL for McAfee TIE Server Successfully Installed

Starting PostgreSQL for McAfee TIE Server: [  OK  ]

Changing mfetie's password

psql: FATAL:  database "mfetie" does not exist

Creating DB

psql:/opt/McAfee/tieserver/db/createdb.sql:1: NOTICE:  database "tie" does not exist, skipping

Updating DB Schema

ePO config files does not exist

Creating Replication User

CREATE ROLE

PostgreSQL for McAfee TIE Server Successfully Initialized

Updating tie.properties

Stopping PostgreSQL for McAfee TIE Server: [  OK  ]

Setting up tie.properties for Slave and Reporting

Calling setTIEProperties. Check /tmp/reconfig-tie.log

Fri Oct 16 13:55:51 UTC 2015

0

Calling setupSlave. Check /tmp/reconfig-tie.log

Fri Oct 16 13:55:52 UTC 2015

Calling createSlaveUser

Calling addReplicationPermToMasterHBA

Cleaning data directory on new Slave

Syncing the database files with the master (using pg_basebackup)

pg_basebackup: could not connect to server: FATAL:  no pg_hba.conf entry for replication connection from host "ip-removed", user "rep", SSL off

Adding trigger_file entry to recovery.conf

Setting ownership of postgres files

0

Reloading pg_hba.conf

Fri Oct 16 13:56:03 UTC 2015

0

Enabling port binding rules

McAfee TIE Server Successfully Installed

reconfig-tie.log:

Starting McAfee TIE Server: initctl: Job failed to start

.................... [60G[ [0;31mFAILED [0;39m]

postgresql.log:

Starting :

Postgres started

LOG:  database system was shut down at 2015-10-16 13:55:43 UTC

LOG:  autovacuum launcher started

LOG:  database system is ready to accept connections

FATAL:  database "mfetie" does not exist

Waiting for TIEServer Java process to stop 0

Session terminated, killing shell...LOG:  received smart shutdown request

LOG:  autovacuum launcher shutting down

LOG:  shutting down

LOG:  database system is shut down

...killed.

Starting :

Postgres started

postmaster cannot access the server configuration file "/data/tieserver_pg/postgresql.conf": No such file or directory

Starting :

Postgres started

postmaster cannot access the server configuration file "/data/tieserver_pg/postgresql.conf": No such file or directory

mfema-install.log:

##################################################

Available space : 3904564 KB

Required size   : 16384 KB

Creating user(mfe) and group (mfe)

##################################################

Registering the start up script...

starting ma service...

Starting McAfee common services...  [60G  [0;32m [ OK ]  [0;39m

Starting McAfee Agent services...  [60G  [0;32m [ OK ]  [0;39m

/var/tmp/rpm-tmp.uMKL46: line 218: crontab: command not found

/var/tmp/rpm-tmp.uMKL46: line 218: crontab: command not found

Starting dependent services...

Agent Successfully Installed

0 Kudos
3 Replies
amenendp
Level 10

Re: TIE Slave not working

Same issue in my environment. Don't ask me why, but after some tests, using the command "reconfig-tie" on tie slave, you can reconfigure the tie profile. I put it as slae again and put the master info. After that it requested me hostames to use the readonly account. I put ePO IP.

After that Tieserver service started correctlly and the tie slave started dxl communication correctly.

0 Kudos
Troja
Level 14

Re: TIE Slave not working

,

have you solved the problem??

Cheers

0 Kudos
VriendP
Level 7

Re: TIE Slave not working

We finally did. As far as I can recall, the solution was this:

To solve fix this error, suggestion is deleting pg_hba.conf.swp (both from the master and the slave) and running the reconfig-tie script from the slave:

  1. On the Master:
  2. a. Login
  3. b. Navigate to /data/tieserver_pg
  4. c. Delete this file: rm pg_hba.conf.swp

  1. On the Slave:
  2. a. Login
  3. b. Navigate to /data/tieserver_pg
  4. c. Delete this file if applicable: rm pg_hba.conf.swp
  5. d. Sync with the Master: reconf-tie
0 Kudos