Cannot connect to Serengeti Server

flaganz · ‎07-03-2013

Hi,

the deployment of the Serengeti vApp and the installation of the Web Extension were successful, however we cannot connect to the Serengeti Server from within the BigData Extension.

We get an error telling us that the Server in not reachable when selecting the serengeti management server from the BigData Plugin. But no further information is told.

Any Idea?

Cheers

Frieder

jcummings_g2 · ‎07-03-2013

Same issue with our deployment. Plugin registered, try connecting the plugins to Serengeti server and receive the same message. Was just going to post the same question.

ayu7 · ‎07-03-2013

Can you check whether you can connect to the Serengeti server via the CLI? The "Access the Serengeti CLI via the Remote CLI client" section (p. 20) in the BDE CLI guide has instructions for how to access the CLI.

VMware vSphere Big Data Extensions Command-Line Interface Guide

admin · ‎07-03-2013

Hi

Another common issue about the plugin can not connect Serengeti server is that the Serengeti management server didn't enable the SSO. The plugin and Serengeti server need use the same SSO service to do the authentication.

If you miss the step to set the SSO lookup service url when deploying the Serengeti virtual appliance. You need to login Serengeti management server, go to the /opt/serengeti/ssotool directory, perform the command "EnableSSOAuth <vc sso lookup service url> " After the command finished, you need restart the tomcat service to make it work.

By default the vc sso lookup service url is https://<vc-server-ip>:7444/lookupservice/sdk, you need to make sure the Serengeti server and vSphere web client use the same SSO service.

flaganz · ‎07-04-2013

Thanks for the responses,

I am not able to connect to the serenegti management server via the CLI.

There is another problem trying to get access to the management server, I have never seen a random generated password during boot, and therefore cannot login into the system.

Is there a default password? And also there is no login screen on the console where I could enter the credentials.

I tried to ssh into the machine and login with root/password serenegti/password, but no success.

jessehuvmw · ‎07-04-2013

Hi flaganz,

You can see the random generated password for management server in the console of management server in vSphere client. The console will show a shell login prompt and the password is displayed. Sometimes it's not shown, you can press CTRL+D then ENTER to show it.

-Jesse

Cheers, Jesse Hu

flaganz · ‎07-04-2013

Hey,

I cannot see any login shell neither a random password. the output stops after "Starting Avahi daemon [OK]"

Also CTRL-D did not work either.

Thanks for your help!

JunW · ‎07-04-2013

This output stop error happens randomly, and we will try to reproduce it in our testing environment. Meanwhile, you may try if restarting the serengeti vapp will work or not, or open a new console. Thanks.

airt · ‎07-05-2013

I experience the same problem! - > "the output stops after "Starting Avahi daemon [OK]"" :smileyconfused:

jcummings_g2 · ‎07-09-2013

The SSO configuration was my issue, and doing that from the command line resolved it. We're online and running.!

MarioLenz · ‎07-12-2013

We have the same problem. EnableSSOAuth seems to work:

[root@bde ssotool]# EnableSSOAuth <vc sso lookup service url>

Intializing registration provider...

Getting SSL certificates for <vc sso lookup service url>

Anonymous execution

The file /opt/serengeti/ssotool/ssoData/groupcheck.crt already exists. Overwriting...

The file /opt/serengeti/ssotool/ssoData/admin.crt already exists. Overwriting...

The file /opt/serengeti/ssotool/ssoData/sts.crt already exists. Overwriting...

Successfully saved SSO locations and certificates

Return code is: Success

Prepare the authentication component

SSO Authentication is enabled now. Please restart the Serengeti web server to complete the procedure by the command 'sudo service tomcat stop/start'.

[root@bde ssotool]#

However, I cannot connect via CLI:

serengeti>connect --host <management-server fqdn>

Please enter the username: serengeti

Please enter the password: *********

Cannot connect to the host: 404 not found

serengeti>

When I try to connect to the Serengeti Server from within the BigData Extension the following lines are logged to /opt/serengeti/logs/serengeti.log:

2013 Jul 12 08:18:37,816+0000 INFO http-8080-1| com.vmware.vim.sso.client.impl.SamlTokenImpl: SAML token cannot be constructed: Signature validation failed

2013 Jul 12 08:18:37,818+0000 ERROR http-8080-1| com.vmware.bdd.security.sso.utils.SecurityUtils: Cannot validate the token by sso: Signature validation failed

We didn't check the Initialize Resources check box since we wanted to use different clusters for the management vApp and the worker nodes.

airt · ‎07-12-2013

serengeti>connect --host <management-server fqdn>

Please enter the username: serengeti

Please enter the password: *********

Cannot connect to the host: 404 not found

serengeti>

I also didn't manage to login with the standard serengeti/password login. But I managed to login with my vCenter account ( also administrator) trough the Serengeti CLI. Have you tried it ?

MarioLenz · ‎07-12-2013

I tried my usual AD-Account (which has admin rights on everything in our vSphere environment) and it didn't work. I'm pretty sure I tried the SOO-acount "administrator", also. Anyway, the problem really is that I cannot connect to the Serengeti Server from within the BigData Extension.

airt · ‎07-13-2013

Did you try deploying the Serengeti OVA with Initialize Resources check box set and setting the default vc sso lookup service url to https://<vc-server-ip>:7444/lookupservice/sdk as chenz wrote? I think it is possible to change the ResourcePool of the vApp after creating the hadoop cluster.

MarioLenz · ‎07-13-2013

I'll try to deploy the vApp with Initialize Resources checked. The SSO lookup service should be OK since I copied it from another VMware product's documentation that works.

I'm a bit worried about

2013 Jul 12 08:18:37,816+0000 INFO http-8080-1| com.vmware.vim.sso.client.impl.SamlTokenImpl: SAML token cannot be constructed: Signature validation failed

2013 Jul 12 08:18:37,818+0000 ERROR http-8080-1| com.vmware.bdd.security.sso.utils.SecurityUtils: Cannot validate the token by sso: Signature validation failed

Feels wrong 😉

Is there a way to increase the log level to debug?

JunW · ‎07-14-2013

I suggest you first try cli by

serengeti>connect --host <management-server fqdn>:8080

and see whether it can connect or not.

The log level can be configured through /opt/serengeti/conf/log4j.properties. You can change log4j.logger.org.springframework.web.filter=DEBUG inside log4j.properties, and restart tomcat server from the serengeti server by 'service tomcat restart'

MarioLenz · ‎07-15-2013

I can connect to port 8080:

serengeti>connect --host <management-server fqdn>:8080

Please enter the username: <my AD account>

Please enter the password: ********

Connected

serengeti>

However, Connect Server in the BDE UI still fails.

Message was edited by: Mario Btw: We have one SSO and one webclient but several vCenter servers. However, there is only one vCenter visible in the Big Data Extensions Plug-In, unfortunately not the one we deployed the Serengeti vApp to.

MarioLenz · ‎07-15-2013

I think I found the problem- and I if I'm right I don't like it at all.

The following two lines that kept popping up in /opt/serengeti/logs/serengeti.log worried me:

2013 Jul 15 10:08:21,252+0000 INFO http-8080-1| com.vmware.vim.sso.client.impl.SamlTokenImpl: SAML token cannot be constructed: Signature validation failed

2013 Jul 15 10:08:21,252+0000 ERROR http-8080-1| com.vmware.bdd.security.sso.utils.SecurityUtils: Cannot validate the token by sso: Signature validation failed

We had the same problem when we tried to use SSO authentication with vCD. The group "domain users" is called "Domänen-Benutzer" in our (german) Active Directory. Either vCD or SSO has problems with non-ASCII characters. I think that's also the reason why I couldn't connect the Serengeti management server. When I connect as a SSO user (not part of "Domänen-Benutzer") it works:

2013 Jul 15 10:50:05,200+0000 INFO http-8080-1| com.vmware.vim.sso.client.impl.SamlTokenImpl: SAML token for subject {Name: navigator, Domain: System-Domain} successfully parsed from Element

2013 Jul 15 10:50:05,478+0000 INFO http-8080-1| com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl: Is token valid confimation result: true

Message was edited by: Mario After updating to 5.1U1 we didn't have any login problems so we decided to not install 5.1U1a. I did it now and I can connect the management server :) In order to make vCD work with SSO I had to force the web client to use UTF8 instead of the system settings. I added the following line to C:\Program Files\VMware\Infrastructure\vSphereWebClient\server\bin\service\conf\wrapper.conf: wrapper.java.additional.19=-Dfile.encoding=UTF8 I'm not sure if this is necessary for BDE but it was for vCD.

cmutchle · ‎10-01-2013

Make sure you have HA configured before deploying the BDE vApp -- that fixed my issue with the management server hanging after starting the AVAHI daemon.

All

Cannot connect to Serengeti Server