3 Replies Latest reply on May 6, 2016 2:24 PM by VriendP

    TIE Slave not working

    VriendP

      I have a situation that I hope someone here can help me out with. I installed two TIE/DXL Servers in a Master/Slave setup. Both of the servers have a DXL Broker role. As DXL brokers, everything is fine. When it comes to TIE, the first server is functioning correctly as well, so we have reputation information. However the second server does not appear to be running a postgres database. I am observing the following:

       

      1. When I have registered both TIE servers in ePO as Database Servers, TIE connections fail 50% of the time (naturally)

      2. On the Slave TIE Server, the /data/tieserver_pg directory contains only a recovery.conf file, as opposed to the same directory on the master which contains several files and directories related to postgres

      3. During installation of the Slave Server, we have observed issues during initialization of the TIE Server. It gives the following error: initctl: Job failed to start (after which the process appears to continue successfully but obviously does not)

      4. We see the DXL Fabric page in ePO display all information about both brokers correctly and the brokers appear to be Connected. In the System Tree, the Slave gets a DXLBROKER tag, but NOT a TIESERVER tag.

      5. In the System properties for the Slave TIE Server, we observe all properties under DXL Status are Not Available

      6. TIE Reputation functionality is working correctly from the Master TIE Server

       

      Thinking I must have missed something, I rebuilt both TIE Servers, at each step patiently waiting for background tasks to complete before moving to the next step. It appears that the slave simply won’t start the postgres database and processes.

      The TIE Servers are located in the same VLAN and all credentials have been triple checked. All machines have the necessary layer 3 network access.

       

      Below I have pasted some of the relevant logs. Has anyone observed a similar issue before?

       

      tieserver-start.log:

      Call initctl start pg

      Waiting for TIEServer Postgres process to start 0

      Call initctl start pg

      Waiting for TIEServer Postgres process to start 0

       

      tieserver-install.log:

      Preparing packages for installation...

      Pre Install

      Available space : 3884396 KB

      Required size   : 512000 KB

      Pre Initial Install

      tieserver-1.2.0-131.mlos2

      Adding Postgres lib directory to postmaster.conf and pg_ctl.conf

      Post Initial Install

      The files belonging to this database system will be owned by user "mfetie".

      This user must also own the server process.

       

       

      The database cluster will be initialized with locales

        COLLATE:  C

        CTYPE:    en_US.UTF-8

        MESSAGES: en_US.UTF-8

        MONETARY: en_US.UTF-8

        NUMERIC:  en_US.UTF-8

        TIME:     en_US.UTF-8

      The default database encoding has accordingly been set to "UTF8".

      The default text search configuration will be set to "english".

       

       

      Data page checksums are disabled.

       

       

      fixing permissions on existing directory /data/tieserver_pg ... ok

      creating subdirectories ... ok

      selecting default max_connections ... 100

      selecting default shared_buffers ... 128MB

      creating configuration files ... ok

      creating template1 database in /data/tieserver_pg/base/1 ... ok

      initializing pg_authid ... ok

      initializing dependencies ... ok

      creating system views ... ok

      loading system objects' descriptions ... ok

      creating collations ... ok

      creating conversions ... ok

      creating dictionaries ... ok

      setting privileges on built-in objects ... ok

      creating information schema ... ok

      loading PL/pgSQL server-side language ... ok

      vacuuming database template1 ... ok

      copying template1 to template0 ... ok

      copying template1 to postgres ... ok

      syncing data to disk ... ok

       

       

      WARNING: enabling "trust" authentication for local connections

      You can change this by editing pg_hba.conf or using the option -A, or

      --auth-local and --auth-host, the next time you run initdb.

       

       

      Success. You can now start the database server using:

       

       

          /opt/McAfee/tieserver/postgresql/bin/postgres -D /data/tieserver_pg

      or

          /opt/McAfee/tieserver/postgresql/bin/pg_ctl -D /data/tieserver_pg -l logfile start

       

       

      PostgreSQL for McAfee TIE Server Successfully Installed

      Starting PostgreSQL for McAfee TIE Server: [  OK  ]

      Changing mfetie's password

      psql: FATAL:  database "mfetie" does not exist

      Creating DB

      psql:/opt/McAfee/tieserver/db/createdb.sql:1: NOTICE:  database "tie" does not exist, skipping

      Updating DB Schema

      ePO config files does not exist

      Creating Replication User

      CREATE ROLE

      PostgreSQL for McAfee TIE Server Successfully Initialized

      Updating tie.properties

      Stopping PostgreSQL for McAfee TIE Server: [  OK  ]

      Setting up tie.properties for Slave and Reporting

      Calling setTIEProperties. Check /tmp/reconfig-tie.log

      Fri Oct 16 13:55:51 UTC 2015

      0

      Calling setupSlave. Check /tmp/reconfig-tie.log

      Fri Oct 16 13:55:52 UTC 2015

      Calling createSlaveUser

      Calling addReplicationPermToMasterHBA

      Cleaning data directory on new Slave

      Syncing the database files with the master (using pg_basebackup)

      pg_basebackup: could not connect to server: FATAL:  no pg_hba.conf entry for replication connection from host "ip-removed", user "rep", SSL off

       

       

      Adding trigger_file entry to recovery.conf

      Setting ownership of postgres files

      0

      Reloading pg_hba.conf

      Fri Oct 16 13:56:03 UTC 2015

      0

      Enabling port binding rules

      McAfee TIE Server Successfully Installed

       

      reconfig-tie.log:

      Starting McAfee TIE Server: initctl: Job failed to start

      .................... [60G[ [0;31mFAILED [0;39m]

       

       

      postgresql.log:

      Starting :

      Postgres started

      LOG:  database system was shut down at 2015-10-16 13:55:43 UTC

      LOG:  autovacuum launcher started

      LOG:  database system is ready to accept connections

      FATAL:  database "mfetie" does not exist

      Waiting for TIEServer Java process to stop 0

       

       

      Session terminated, killing shell...LOG:  received smart shutdown request

      LOG:  autovacuum launcher shutting down

      LOG:  shutting down

      LOG:  database system is shut down

      ...killed.

      Starting :

      Postgres started

      postmaster cannot access the server configuration file "/data/tieserver_pg/postgresql.conf": No such file or directory

      Starting :

      Postgres started

      postmaster cannot access the server configuration file "/data/tieserver_pg/postgresql.conf": No such file or directory

       

      mfema-install.log:

      ##################################################

      Available space : 3904564 KB

      Required size   : 16384 KB

      Creating user(mfe) and group (mfe)

      ##################################################

      Registering the start up script...

      starting ma service...

       

       

      Starting McAfee common services...  [60G  [0;32m [ OK ]  [0;39m

      Starting McAfee Agent services...  [60G  [0;32m [ OK ]  [0;39m

      /var/tmp/rpm-tmp.uMKL46: line 218: crontab: command not found

      /var/tmp/rpm-tmp.uMKL46: line 218: crontab: command not found

      Starting dependent services...

      Agent Successfully Installed

        • 1. Re: TIE Slave not working
          amenendp

          Same issue in my environment. Don't ask me why, but after some tests, using the command "reconfig-tie" on tie slave, you can reconfigure the tie profile. I put it as slae again and put the master info. After that it requested me hostames to use the readonly account. I put ePO IP.

          After that Tieserver service started correctlly and the tie slave started dxl communication correctly.

          • 2. Re: TIE Slave not working
            Troja

            VriendP,

            have you solved the problem??

            Cheers

            • 3. Re: TIE Slave not working
              VriendP

              We finally did. As far as I can recall, the solution was this:

               

              To solve fix this error, suggestion is deleting pg_hba.conf.swp (both from the master and the slave) and running the reconfig-tie script from the slave:

              1. On the Master:
              2. a. Login
              3. b. Navigate to /data/tieserver_pg
              4. c. Delete this file: rm pg_hba.conf.swp

               

              1. On the Slave:
              2. a. Login
              3. b. Navigate to /data/tieserver_pg
              4. c. Delete this file if applicable: rm pg_hba.conf.swp
              5. d. Sync with the Master: reconf-tie