HTTPD startup Error :: Admin Page Endless loop

mark · January 4, 2016, 8:11pm

Install failed with the following error:
Running Batch config…

kaltura-batch-11.5.0-1.noarch
base-config completed successfully, if you ever want to re-configure your system (e.g. change DB hostname) run the following script:

rm /opt/kaltura/app/base-config.lock

/opt/kaltura/bin/kaltura-base-config.sh

Reloading httpd: not reloading due to configuration syntax error
[FAILED]

kaltura-batch-config.sh FAILED with: 9235 on line 98

Archving logs to /opt/kaltura/log/log_04_01_16_22_58.tar.gz…
ERROR: /opt/kaltura/bin/kaltura-batch-config.sh failed:( You can re-run it when the issue is fixed.
[root@player conf.d]# rpm -q kaltura-postinst
kaltura-postinst-1.0.30-10.noarch

SSL certs have been added to /etc/httpd/conf.d/zzzkaltura.ssl.conf.

mark · January 5, 2016, 3:51am

Hi @jess, I was able to install with nonSSL. Now that the nonSSL instance is working…is there any safe way to change to SSL? Please advise. Thank you.

hiphopservers · January 5, 2016, 8:56am

Hi @mark

Did you edit the tokens in this file after that reload error? There is a SSL file and regular file both have to have the tokens updated if they were not set during installation. I had a similar issue. Re-read my comments and errors for more information.

mark · January 5, 2016, 4:26pm

Hello @hiphopservers, as per your suggestion I have added the tokens to file /etc/httpd/conf.d/zzzkaltura.conf.

I am now getting the following error:

[root@player conf.d]# service httpd reload
Reloading httpd: not reloading due to configuration syntax error
[FAILED]
[root@player conf.d]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: httpd: Syntax error on line 221 of /etc/httpd/conf/httpd.conf: Syntax error on line 7 of /etc/httpd/conf.d/zzzkaltura.conf: Include directory ‘/etc/httpd/@APP_DIR@/configurations/apache/conf.d’ not found
[FAILED]

Here are the contents of file: /etc/httpd/conf.d/zzzkaltura.conf

<VirtualHost *:@KALTURA_VIRTUAL_HOST_PORT@>
# for SSL offloading support, if LB has X_FORWARDED_PROTO set to ‘https’, set HTTPS to 'on’
SetEnvIf X-Forwarded-Proto https HTTPS=on
ErrorLog "@LOG_DIR@/kaltura_apache_errors.log"
CustomLog @LOG_DIR@/kaltura_apache_access.log vhost_kalt

    Include "@APP_DIR@/configurations/apache/conf.d/enabled.*.conf"

SSLCertificateFile /etc/pki/tls/certs/player_HIDDEN.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key
SSLCACertificateFile /etc/pki/tls/certs/player_HIDDEN.ca-bundle

hiphopservers · January 5, 2016, 4:35pm

Hello @mark

I do not see where you have replaced:

@KALTURA_VIRTUAL_HOST_PORT@

with your port number for the virtual host you set in configuration. This is usually port [80].

Nor, have you replaced the path to the Kaltura log and app folder tokens:

@LOG_DIR@ this is usually /opt/kaultura/logo/
@APP_DIR@ this is usually /opt/kautura/app/

If you did not properly update those tokens found in the file with valid information then try that and restart HTTPD.

mark · January 5, 2016, 4:49pm

Hello @hiphopservers, I have updated the file /etc/httpd/conf.d/zzzkaltura.conf with:

<VirtualHost *:80>
# for SSL offloading support, if LB has X_FORWARDED_PROTO set to ‘https’, set HTTPS to 'on’
SetEnvIf X-Forwarded-Proto https HTTPS=on
ErrorLog "/opt/kaltura/log/kaltura_apache_errors.log"
CustomLog /opt/kaltura/log/kaltura_apache_access.log vhost_kalt

    Include "/opt/kaltura/app/configurations/apache/conf.d/enabled.*.conf"

SSLCertificateFile /etc/pki/tls/certs/player_HIDDEN.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key
SSLCACertificateFile /etc/pki/tls/certs/player_HIDDEN.ca-bundle

I rebooted and when I restart httpd I get the following error:

[root@player conf.d]# service httpd reload
Reloading httpd: [FAILED]

mark · January 5, 2016, 4:50pm

I also manually added the VirtualHost *:80

mark · January 5, 2016, 4:58pm

[root@player httpd]# tail -f error_log
[Tue Jan 05 19:51:09 2016] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jan 05 19:51:09 2016] [error] Init: Multiple RSA server certificates not allowed
[Tue Jan 05 19:51:09 2016] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jan 05 19:51:09 2016] [error] Init: Multiple RSA server certificates not allowed
[Tue Jan 05 19:52:22 2016] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jan 05 19:52:22 2016] [error] Init: Multiple RSA server certificates not allowed
[Tue Jan 05 19:52:24 2016] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jan 05 19:52:24 2016] [error] Init: Multiple RSA server certificates not allowed
[Tue Jan 05 19:52:42 2016] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Jan 05 19:52:42 2016] [error] Init: Multiple RSA server certificates not allowed

hiphopservers · January 5, 2016, 4:58pm

@mark

Set the proper name of this file so the extension points to a file name that ends in ‘.ca’ Apache does not recognize ‘.ca-bundle’ as a valid file extension.

mark · January 5, 2016, 5:26pm

Hello @hiphopservers, I updated the name of the SSLCACertificate file per your suggestion and I am able to start httpd successfully (THANK YOU):

[root@player conf.d]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]

I am able to see the Get Started page. When I login to the admin console I get:

An error occurred
(error code: API:-1)

mark · January 5, 2016, 5:29pm

kaltlog shows:

–
==> /opt/kaltura/log/batch/validatelivemediaservers-0-2016-01-05.err.log <==
PHP Fatal error: Uncaught exception ‘KalturaClientException’ with message 'failed to unserialize server result

’ in /opt/kaltura/app/batch/client/KalturaClientBase.php:401
Stack trace:
#0 /opt/kaltura/app/batch/client/KalturaClient.php(4129): KalturaClientBase->doQueue()

2016-01-05 12:24:10 [0.000213] [789781921] [9] [BATCH] [KAsyncDropFolderWatcher->getDropFoldersList] ERR: exception ‘Exception’ with message 'Cannot get drop folder list - failed to unserialize server result

’ in /opt/kaltura/app/infra/log/KalturaLog.php:83
Stack trace:
#0 /opt/kaltura/app/plugins/drop_folder/batch/DropFolderWatcher/KAsyncDropFolderWatcher.class.php(108): KalturaLog::err(‘Cannot get drop…’)

2016-01-05 12:24:15 [0.000284] [1283147126] [9] [BATCH] [KScheduleHelper->run] ERR: exception ‘Exception’ with message ‘System is not yet ready - ping failed’ in /opt/kaltura/app/infra/log/KalturaLog.php:83
Stack trace:
#0 /opt/kaltura/app/batch/batches/KScheduleHelper.class.php(42): KalturaLog::err(‘System is not y…’)

hiphopservers · January 5, 2016, 6:19pm

Hello @mark

@jess will have to answer you on resolving this issue. I have not encounter such an error previously. I would recommend you post this issue in a new thread. It is related to something other than the issues mention in this thread. A separate thread will make it easier for other users to search for solutions once this issue is resolved.

mark · January 5, 2016, 6:26pm

Thank you @hiphopservers for your support!!

jess · January 5, 2016, 6:29pm

Hello,

Means that the service URL provided is unreachable. You need to make sure that:
# curl -I -v $SERVICE_URL/api_v3/index.php
works and returns with HTTP 200.

This SERVICE_URL is your API endpoint and is used in multiple places, including:
/opt/kaltura/app/configurations/batch/batch.ini
/opt/kaltura/app/configurations/admin.ini
/opt/kaltura/app/configurations/local.ini

it should be something that both your Kaltura server and the machines from which you use the Kaltura I/F know how to reach.

mark · January 5, 2016, 8:44pm

Hello @jess, # curl -I -v $SERVICE_URL/api_v3/index.php yields the following:

[root@player ~]# curl -I -v $SERVICE_URL/api_v3/index.php

About to connect() to player.HIDDEN port 80 (#0)
Trying HIDDEN… connected
Connected to player.HIDDEN (HIDDEN) port 80 (#0)

HEAD /api_v3/index.php HTTP/1.1
User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Host: player.HIDDEN
Accept: /

400 Bad Request

Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

Hint: https://player.HIDDEN/

Apache/2.2.15 (CentOS) Server at player.HIDDEN Port 443 * Connection #0 to host player.HIDDEN left intact * Closing connection #0

mark · January 5, 2016, 8:51pm

@jess, I also tried the following:

[root@player conf.d]# curl -I -v https://player.HIDDEN/api_v3/index.php

About to connect() to player.HIDDEN port 443 (#0)
Trying HIDDEN… connected
Connected to player.HIDDEN (HIDDEN) port 443 (#0)
Initializing NSS with certpath: sql:/etc/pki/nssdb
NSS error -5978
Closing connection #0
Problem with the SSL CA cert (path? access rights?)
curl: (77) Problem with the SSL CA cert (path? access rights?)

mark · January 5, 2016, 9:06pm

I was able to login to admin console via:

Hello @ironsizide,

You can disable the CURL check by editing:
/opt/kaltura/app/configurations/admin.ini
set:
settings.clientConfig.verifySSL=0
Then admin console will work for you as the verification of the cert will be skipped.