Centos7 all in one no-ssl install keeps failing

I’m working on a POC for review and have been following the directions, making sure all of the prerequisites are in place, but when I run the config-all script, I keep getting the following error:
(please note this error comes right after a message that /opt/kaltura/app/kaltura-base-config.sh completed successfuly). The host is a Xen VM that is also CIS hardened.

ERROR: could not retreive partner.admin_secret for id -1. It probably means you did not yet run /opt/kaltura/app/kaltura-base-config.sh yet. Please do.
ERROR: /opt/kaltura/bin/kaltura-batch-config.sh failed:( You can re-run it when the issue is fixed.
[root@HOSTNAME init.d]# service kaltura status
Redirecting to /bin/systemctl status kaltura.service
systemctl
[root@HOSTNAME log]# tail kaltura_elastic_populate.log
PHP Fatal error: Uncaught Zend_Config_Exception: parse_ini_file(/opt/kaltura/app/configurations/kLocalMemCacheConf.ini): failed to open stream: Permission denied in /opt/kaltura/app/vendor/ZendFramework/library/Zend/Config/Ini.php:184
Stack trace:
#0 /opt/kaltura/app/vendor/ZendFramework/library/Zend/Config/Ini.php(125): Zend_Config_Ini->_loadIniFile(’/opt/kaltura/ap…’)
#1 /opt/kaltura/app/alpha/config/cache/kFileSystemConf.php(66): Zend_Config_Ini->__construct(’/opt/kaltura/ap…’)
#2 /opt/kaltura/app/alpha/config/cache/kFileSystemConf.php(90): kFileSystemConf->mergeMaps(Array, false)
#3 /opt/kaltura/app/alpha/config/cache/kFileSystemConf.php(83): kFileSystemConf->loadByHostName(‘kLocalMemCacheC…’, ‘HOSTNAME’)
#4 /opt/kaltura/app/alpha/config/kConfCacheManager.php(42): kFileSystemConf->load(NULL, ‘kLocalMemCacheC…’)
#5 /opt/kaltura/app/alpha/config/kConfCacheManager.php(67): kConfCacheManager::initLoad(‘kLocalMemCacheC…’)
#6 /opt/kaltura/app/alpha/config/kConfCacheManager.php(120): kConfCacheManager::init(false)
#7 in /opt/kaltura/app/vendor/ZendFramework/library/Zend/Config/Ini.php on line 184
[root@HOSTNAME log]# tail kaltura_monit.log
[EDT Oct 8 14:26:46] error : ‘sphinx-populate’ failed to start (exit status 0) – ‘/etc/init.d/kaltura-populate start’: Thu Oct 8 14:25:45 EDT 2020
Starting:
Service populate isn’t running but stale lock file exists
Removing stale lock file at /opt/kaltura/log/populate.pid
/usr/bin/php populateFromLog.php >> /opt/kaltura/log/kaltura_populate.log 2>&1 &
[ OK ]

[EDT Oct 8 14:26:56] error : ‘sphinx’ process is not running
[EDT Oct 8 14:26:56] info : ‘sphinx’ trying to restart
[EDT Oct 8 14:26:56] info : ‘sphinx’ start: ‘/etc/init.d/kaltura-sphinx start’
[root@HOSTNAME log]# tail kaltura_populate.log
PHP Fatal error: Uncaught Zend_Config_Exception: parse_ini_file(/opt/kaltura/app/configurations/kLocalMemCacheConf.ini): failed to open stream: Permission denied in /opt/kaltura/app/vendor/ZendFramework/library/Zend/Config/Ini.php:184
Stack trace:
#0 /opt/kaltura/app/vendor/ZendFramework/library/Zend/Config/Ini.php(125): Zend_Config_Ini->_loadIniFile(’/opt/kaltura/ap…’)
#1 /opt/kaltura/app/alpha/config/cache/kFileSystemConf.php(66): Zend_Config_Ini->__construct(’/opt/kaltura/ap…’)
#2 /opt/kaltura/app/alpha/config/cache/kFileSystemConf.php(90): kFileSystemConf->mergeMaps(Array, false)
#3 /opt/kaltura/app/alpha/config/cache/kFileSystemConf.php(83): kFileSystemConf->loadByHostName(‘kLocalMemCacheC…’, ‘HOSTNAME’)
#4 /opt/kaltura/app/alpha/config/kConfCacheManager.php(42): kFileSystemConf->load(NULL, ‘kLocalMemCacheC…’)
#5 /opt/kaltura/app/alpha/config/kConfCacheManager.php(67): kConfCacheManager::initLoad(‘kLocalMemCacheC…’)
#6 /opt/kaltura/app/alpha/config/kConfCacheManager.php(120): kConfCacheManager::init(false)
#7 in /opt/kaltura/app/vendor/ZendFramework/library/Zend/Config/Ini.php on line 184
[root@HOSTNAME log]# service monit status
Redirecting to /bin/systemctl status monit.service
Unit monit.service could not be found.
[root@HOSTNAME ~]# systemctl status kaltura.service
Unit kaltura.service could not be found.
[root@HOSTNAME ~]# systemctl status kaltura-sphinx
? kaltura-sphinx.service - LSB: start and stop sphinx searchd daemon
Loaded: loaded (/etc/rc.d/init.d/kaltura-sphinx; bad; vendor preset: disabled)
Active: inactive (dead)
Docs: man:systemd-sysv-generator(8)
[root@HOSTNAME ~]# systemctl status elasticsearch
? elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2020-10-08 14:22:40 EDT; 33min ago
Docs: http://www.elastic.co
Main PID: 15652 (java)
CGroup: /system.slice/elasticsearch.service
±15652 /usr/bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+…

Oct 08 14:22:40 HOSTNAME systemd[1]: Stopped Elasticsearch.
Oct 08 14:22:40 HOSTNAME systemd[1]: Started Elasticsearch.

Any suggestions or advice would be appreciated.

Hello @cchaves1,

See my reply here: ERROR: could not retreive partner.admin_secret for id -1.

Thank you for responding Jess. I dropped the databases and re-ran the .ans script again, but it fails at the following:
Stopping kaltura-elastic-populate (via systemctl): [ OK ]
Starting kaltura-elastic-populate (via systemctl): Job for kaltura-elastic-populate.service failed because the control process exited with error code. See “systemctl status kaltura-elastic-populate.service” and “journalctl -xe” for details.
[FAILED]
Redirecting to /bin/systemctl reload httpd.service

Configuring your Kaltura DB…

Checking MySQL version…
Ver 5.5.65-MariaDB found compatible

CREATE USER kaltura;
CREATE USER etl;
CREATE DATABASE kaltura;
CREATE DATABASE kaltura_sphinx_log;
CREATE DATABASE kalturadw;
CREATE DATABASE kalturadw_ds;
CREATE DATABASE kalturadw_bisources;
CREATE DATABASE kalturalog;
Checking connectivity to needed daemons…
Connectivity test passed:)
ERROR: Couldn’t make an API request to http://MYHOSTNAME.com:80/api_v3/index.php?service=system&action=ping.
Please check your setup and then run /opt/kaltura/bin/kaltura-db-config.sh again.

Adding my (edited) answer file:

local TZ to be used by PHP code. Note that it MUST be the same as your DB TZ.

TIME_ZONE=“America/New_York”

Apache port

KALTURA_VIRTUAL_HOST_PORT=“80”
KALTURA_VIRTUAL_HOST_NAME=“MYHOSTNAME”

host and port

KALTURA_FULL_VIRTUAL_HOST_NAME="$KALTURA_VIRTUAL_HOST_NAME:$KALTURA_VIRTUAL_HOST_PORT"

operational DB name and user

DB1_NAME=“kaltura”
DB1_USER=“kaltura”
PROTOCOL=“http”
SERVICE_URL="$PROTOCOL://$KALTURA_FULL_VIRTUAL_HOST_NAME"
SPHINX_SERVER1=“MYHOSTNAME”
SPHINX_SERVER2=" "
SPHINX_DB_HOST=“MYHOSTNAME”
SPHINX_DB_PORT=“3306”

user name for the Kaltura Admin Console, MUST be in the form of an email

ADMIN_CONSOLE_ADMIN_MAIL=“someemailaddress”

passwd for the Kaltura Admin Console

ADMIN_CONSOLE_PASSWORD=“somepassword”

for installs that have no remote CDN storage, use the same as $KALTURA_VIRTUAL_HOST_NAME

CDN_HOST=“MYHOSTNAME”

display name used when sending the ‘welcome’ mail.

ENVIRONMENT_NAME=“Kaltura Video Platform”

what web I/F would you want to enable, options:

0 - All web interfaces

1 - Kaltura Management Console [KMC], Hosted Apps, HTML5 lib and ClipAp

2 - KAC - Kaltura Admin Console

CONFIG_CHOICE=“0”

are we working over SSL? needed since, if so, we perform cert validity checks

IS_SSL=“N”

hostname for Red5

RED5_HOST=“MYHOSTNAME”

allow the install scripts to send install data for analytics and support purposes:

1 - allow

0 - prevent

USER_CONSENT=0

SSL cert path

CRT_FILE=/etc/ssl/certs/localhost.crt

SSL key path

KEY_FILE=/etc/pki/tls/private/localhost.key

if such exists enter path here, otherwise leave as is.

CHAIN_FILE=NONE

Operational DB MySQL

DB1_HOST=“MYHOSTNAME”

MySQL PORT

DB1_PORT=“3306”

desired passwd, make it good.

DB1_PASS=“someotherpassword”

analytics MySQL DB

DWH_HOST=“MYHOSTNAME”

analytics MySQL port

DWH_PORT=“3306”

analytics MySQL password

DWH_PASS=“someotherpassword”

MySQL super user, this is only used for bootstrap, the app itself will not connect with it.

SUPER_USER=“root”
SUPER_USER_PASSWD=“someotherpassword”

For nginx packager module

VOD_PACKAGER_HOST=“MYHOSTNAME”
VOD_PACKAGER_PORT=“88”

whether or not to configure Nginx over SSL

IS_NGINX_SSL=“N”

path to SSL cert

SSL_CERT

path to SSL key

SSL_KEY

NGINX SSL PORT - note, if you have Apache running over SSL as well and on port 443, do not select 443 here too

VOD_PACKAGER_SSL_PORT=8443

WWW_HOST=“MYHOSTNAME”

Range of ip addresses belonging to internal kaltura servers

The range is used when checking service actions permissions and allowing to access certain services without KS from the internal servers.

The default is only good for testing, on a production ENV you should adjust according to your network.

#IP_RANGE=“0.0.0.0-255.255.255.255”
IP_RANGE=“HOSTIPADDR”

Port to use with Nginx’s RTMP module

RTMP_PORT=1935

Please note that the hostnames are all the same.
Best regards,
Chris

Hello @cchaves1,

See my answer here Unattended installation frozen.
As noted in the output you posted:

ERROR: Couldn’t make an API request to http://MYHOSTNAME.com:80/api_v3/index.php?service=system&action=ping.

So, either the selected hostname is not resolvable or does not return the expected response. Start by making the request manually and inspecting the response.

Hello Jess,
I checked the hostname manually via curl and it comes back. Additionally, when bringing up a web browser and entering the address I get the Kaltura Getting started page, though I only get the banner across the top of the page with ‘Kaltura Video Platform (’

I figured I’d try an install of kaltura on ubuntu and see if that went smoother. I got the following error:
Err:5 http://installrepo.kaltura.org/repo/apt/debian propus InRelease
The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 0E221B84C95650AB
Get:12 http://security.ubuntu.com/ubuntu bionic-security/universe i386 Packages [964 kB]
Get:13 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages [1,078 kB]
Get:14 http://security.ubuntu.com/ubuntu bionic-security/universe Translation-en [241 kB]
Reading package lists… Done
W: GPG error: http://installrepo.kaltura.org/repo/apt/debian propus InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 0E221B84C95650AB
E: The repository ‘http://installrepo.kaltura.org/repo/apt/debian propus InRelease’ is not signed.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Any suggestions?

Hello @cchaves1,

According to the output above, you are running Ubuntu Bionic (18), which CE does not support.
See https://github.com/kaltura/platform-install-packages#documentation-and-guides

14.04 (supported but retied), 16.04 (fully supported) and 20.04 (beta) are the available choices when it comes to Ubuntu.

Thanks,

Ugh…my mistake. I will re-try with 16.04. Thank you sir!

No worries, @cchaves1.

Much appreciated @jess. My 16.04 install went well until the following error:

W: GPG error: http://installrepo.kaltura.org/repo/apt/xenial propus InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY DE7AA37623C65ECB
W: The repository ‘http://installrepo.kaltura.org/repo/apt/xenial propus InRelease’ is not signed.
N: Data from such a repository can’t be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following additional packages will be installed:
bc libcurses-perl libcurses-ui-perl libterm-readkey-perl sysv-rc-conf unzip
Suggested packages:
zip
The following NEW packages will be installed:
bc kaltura-postinst libcurses-perl libcurses-ui-perl libterm-readkey-perl sysv-rc-conf unzip
0 upgraded, 7 newly installed, 0 to remove and 68 not upgraded.
Need to get 653 kB of archives.
After this operation, 2,251 kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
kaltura-postinst
E: There were unauthenticated packages and -y was used without --allow-unauthenticated

Hi @cchaves1,

Actually, no, it hasn’t gone well:)

Are you sure you imported the key correctly?

I have the following two keys:
pub 4096R/715D7DE7 2017-08-15
uid Kaltura deb repo community@kaltura.com
sub 4096R/25F5E6AA 2017-08-15
and
pub 2048R/A1174D5E 2015-04-18
uid Kaltura deb repo community@kaltura.com
sub 2048R/0AE9AC57 2015-04-18