cosmic vigil Apr 22, 2023, 2:47 AM

#

Just an upgrade from 3.1.2 and now nabox is down. Cannot get to it via the web gui. It is complaining that about a secure connection failed.
..................................................................
An error occurred during a connection to {{HOSTNAME}} SSL peer has no certificate for the requested DNS name.

Error code: SSL_ERROR_UNRECOGNIZED_NAME_ALERT

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

.......................................................................
Any ideas?

Thxs

sinful tendon Apr 24, 2023, 3:48 PM

#

@gaunt warren can you chime in on this one? @cosmic vigil is it possible the ip changed? If you go to vcenter can you open a terminal and check the ip address? You could also try sshing into the machine via https://nabox.org/documentation/configuration/

cosmic vigil Apr 24, 2023, 4:19 PM

#

i can ssh into the box but that is about it ....

#

I can't get to the web gui .... is there a checklist of things that i can go through?

cosmic vigil Apr 24, 2023, 4:41 PM

#

XXXXnaboxapp02:~# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b33788b21388 registry.local/nabox-harvest:latest "python3 harvest.py" 2 days ago Up 2 days 5000/tcp nabox-harvest2
87ca7b79fd89 registry.local/nabox-graphite "/bin/sh -c /run.sh" 2 days ago Up 2 days 80/tcp graphite
1263e147031e registry.local/nabox-admin "/docker-entrypoint.â¦" 2 days ago Up 2 days 80/tcp nabox-admin
d7213df5c068 grafana/grafana-oss:8.5.15 "/run.sh" 2 days ago Up 2 days 3000/tcp grafana
a0f22b58cd95 prom/prometheus:latest "/bin/prometheus --câ¦" 2 days ago Up 2 days 9090/tcp prometheus
a7eb8db099a5 registry.local/nabox-api:latest "python api.py" 2 days ago Up 2 days 5000/tcp nabox-api
e36632e12f2a registry.local/nabox-harvest:latest "python3 harvest.py" 2 days ago Up 2 days 5000/tcp nabox-harvest
820350d84ad2 traefik:v2.6 "/nabox-traefik-entrâ¦" 8 months ago Up 2 days 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp, 0.0.0.0:2003->2003/tcp, :::2003->2003/tcp traefik
144bf2376b1a alexandertgtalbot/go-carbon "/init/run.sh" 11 months ago Up 2 days (healthy) 2003-2004/tcp, 7002-7003/tcp, 7007/tcp, 8080/tcp, 2003/udp go-carbon
fd332d923228 prom/container-exporter "/bin/container-expoâ¦" 11 months ago Up 2 days 9104/tcp container-exporter

#

my vm guys tell me that the vm ip and dns name match (no change)

#

Are there checks I can make since I am able to successfully ssh to the box

sinful tendon Apr 24, 2023, 4:53 PM

#

does docker logs traefik show anything interesting? That's the service that handles the frontend

#

also might be worth looking at docker logs nabox-admin - if traefik is up and running, it should route to the nabox-admin container for the web UI. Also worth a look https://nabox.org/faq/#network-conflict-docker

cosmic vigil Apr 24, 2023, 4:57 PM

#

where can i find the docker logs traefik?

sinful tendon Apr 24, 2023, 4:59 PM

#

they will be printed to the console when you run docker logs traefik or dc logs traefik

cosmic vigil Apr 24, 2023, 4:59 PM

#

got it .... let me check ....

#

docker logs traefik

wget: can't connect to remote host (172.18.0.11): Connection refused
wget: can't connect to remote host (172.18.0.11): Connection refused
wget: can't connect to remote host (172.18.0.11): Connection refused
wget: can't connect to remote host (172.18.0.11): Connection refused
wget: can't connect to remote host (172.18.0.11): Connection refused
wget: can't connect to remote host (172.18.0.11): Connection refused
time="2023-04-22T02:09:07Z" level=info msg="Configuration loaded from flags."
time="2023-04-22T02:09:07Z" level=error msg="Error while creating certificate store: failed to load X509 key pair: tls: private key does not match public key" tlsStoreName=default
time="2023-04-22T02:09:07Z" level=error msg="Error during the build of the default TLS configuration: TLS store default not found" entryPointName=graphite
time="2023-04-22T02:09:07Z" level=error msg="Error during the build of the default TLS configuration: TLS store default not found" entryPointName=web
time="2023-04-22T02:09:07Z" level=error msg="Error during the build of the default TLS configuration: TLS store default not found" entryPointName=webssl
time="2023-04-22T02:09:07Z" level=error msg="Error during the build of the default TLS configuration: TLS store default not found" entryPointName=traefik

#

time="2023-04-22T02:09:07Z" level=error msg="Error while creating certificate store: failed to load X509 key pair: tls: private key does not match public key" tlsStoreName=default
time="2023-04-22T02:09:07Z" level=error msg="Error during the build of the default TLS configuration: TLS store default not found" entryPointName=graphite
time="2023-04-22T02:09:07Z" level=error msg="Error during the build of the default TLS configuration: TLS store default not found" entryPointName=web
time="2023-04-22T02:09:07Z" level=error msg="Error during the build of the default TLS configuration: TLS store default not found" entryPointName=webssl
time="2023-04-22T02:09:07Z" level=error msg="Error during the build of the default TLS configuration: TLS store default not found" entryPointName=traefik
time="2023-04-22T02:09:07Z" level=error msg="TLS: No certificate store found with this name: "default", closing connection"
time="2023-04-22T02:09:07Z" level=error msg="TLS: No certificate store found with this name: "default", closing connection"

sinful tendon Apr 24, 2023, 5:02 PM

#

looks promising

#

might be worth trying to bounce all the containers too dc down will bring them down restart them

cosmic vigil Apr 24, 2023, 5:04 PM

#

ok did the dc down command

#

dc up command is still running ......

cosmic vigil Apr 24, 2023, 5:27 PM

#

dc up is still running ...... 😮

sinful tendon Apr 24, 2023, 5:29 PM

#

still running in the sense that the cmd has not returned or still running in the sense that docker ps -a shows restarting?

#

if it is still running in the sense that you typed dc up, pressed return, and it has not finished and returned you to the console. Press Ctrl+C and then type dc down without an up. Nabox has a restart timer that notices the containers are down and will restart them so only down is needed

cosmic vigil Apr 24, 2023, 5:52 PM

#

oh .... ok .... let me stop it then

cosmic vigil Apr 24, 2023, 6:42 PM

#

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8d6c294e7960 registry.local/nabox-admin "/docker-entrypoint.â¦" 2 hours ago Up 48 minutes 80/tcp nabox-admin
93edceb2bda0 traefik:v2.6 "/nabox-traefik-entrâ¦" 2 hours ago Up 48 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp, 0.0.0.0:2003->2003/tcp, :::2003->2003/tcp traefik
53ebdc75e703 registry.local/nabox-harvest:latest "python3 harvest.py" 2 hours ago Up 48 minutes 5000/tcp nabox-harvest2
e0769b4a04d3 prom/container-exporter "/bin/container-expoâ¦" 2 hours ago Up 48 minutes 9104/tcp container-exporter
9da2db5c5228 alexandertgtalbot/go-carbon "/init/run.sh" 2 hours ago Up 48 minutes (healthy) 2003-2004/tcp, 7002-7003/tcp, 7007/tcp, 8080/tcp, 2003/udp go-carbon
c9afd5ae65c2 grafana/grafana-oss:8.5.15 "/run.sh" 2 hours ago Up 48 minutes 3000/tcp grafana
10940ede4332 registry.local/nabox-graphite "/bin/sh -c /run.sh" 2 hours ago Up 48 minutes 80/tcp graphite
eb91f467c739 prom/prometheus:latest "/bin/prometheus --câ¦" 2 hours ago Up 48 minutes 9090/tcp prometheus
5ea1ce9fc9b0 registry.local/nabox-harvest:latest "python3 harvest.py" 2 hours ago Up 48 minutes 5000/tcp nabox-harvest
2363a94d1cf1 registry.local/nabox-api:latest "python api.py" 2 hours ago Up 48 minutes 5000/tcp nabox-api

#

heres whats running

sinful tendon Apr 24, 2023, 6:45 PM

#

looks like everything restarted, that's good! web UI still down?

cosmic vigil Apr 24, 2023, 6:51 PM

#

let me check

#

Got the web gui for the nabox login but none of the userids work ....

#

So I cannot login

#

I try the grafana link and I get the error message "ERR_SSL_UNRECOGNIZED_NAME_ALERT"

sinful tendon Apr 24, 2023, 6:58 PM

#

some progress, but not enough. Sounds like the certs are messed up. Matches with the earlier TLS store default not found log messages. Let's see what @gaunt warren has to say

cosmic vigil Apr 24, 2023, 6:58 PM

#

cat /usr/local/nabox/docker-compose/docker-compose.override.yaml

Use this file to customize docker-compose configuration.

For example, you can change default network CIDR like this :

networks:

default:

driver: bridge

name: docker-compose_default

ipam:

driver: default

config:

- subnet: 172.99.0.0/16

gateway: 172.99.0.1

version: "3.7"atlvnaboxapp02:~#

#

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 0056:a6:3f:ae brd ff:ff:ff:ff:ff:ff
inet 10.180.14.235/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fea6:3fae/64 scope link
valid_lft forever preferred_lft forever

#

the ip of the server is 10.180.14.235

cosmic vigil Apr 24, 2023, 7:48 PM

#

Interfaces files is correct though.........

This file describes the network interfaces available on your system

and how to activate them. For more information, see interfaces(5).

The loopback network interface

auto lo
iface lo inet loopback

The primary network interface

auto eth0

iface eth0 inet static
address 10.180.14.235
netmask 255.255.255.0
gateway 10.180.14.254

cosmic vigil Apr 26, 2023, 3:13 PM

#

Ended up "uninstalling" the ssl cert which allowed access back into web gui.

sinful tendon Apr 26, 2023, 3:25 PM

#

glad that unblocked you @cosmic vigil . @gaunt warren will take a look when he's back

#Upgrade NABOX from 3.1.2 to 3.2