user data scripts not running on web and db servers #16
Comments
|
can you check the logs @ /var/log/user-data.log? |
|
Not much. Looks like routing got in the way. The message "Failed to connect to 54.67.81.185" is the IP of my PAN FW management IP for reference. As a workaround, I was able to manually run all the user-data commands by hand via CLI. My web and DB server work. As mentioned prior, the PAN already successfully pulled the restore and loaded it. The only thing wrong was the web and DB didn't succeed at user data. I didn't check DB logs, but my guess is that it's the same failed error. I think the web and db come up faster than PAN, they are waiting for PAN, but give up? Then user-data never finishes? Just a guess. Logs below... ubuntu@ip-10-0-0-99:~$ cat /var/log/user-data.log Listening on LPF/eth0/06:8e:e9:9d:61:74 Listening on LPF/eth0/06:8e:e9:9d:61:74 |
|
They should not give up…I basically keep trying forever to make sure that one the FW is up, then configure the web and db servers.
Maybe AWS is timing out the script? Which wasn’t case when I wrote the script…will have to experiment and see
Thanks for the heads up.
…--
/narayan
From: Jeff <[email protected]>
Reply-To: PaloAltoNetworks/aws <[email protected]>
Date: Monday, June 11, 2018 at 9:15 PM
To: PaloAltoNetworks/aws <[email protected]>
Cc: Narayan Iyengar <[email protected]>, Comment <[email protected]>
Subject: Re: [PaloAltoNetworks/aws] user data scripts not running on web and db servers (#16)
Not much. Looks like routing got in the way. The message "Failed to connect to 54.67.81.185" is the IP of my PAN FW management IP for reference. As a workaround, I was able to manually run all the user-data commands by hand via CLI. My web and DB server work. As mentioned prior, the PAN already successfully pulled the restore and loaded it. The only thing wrong was the web and DB didn't succeed at user data. I didn't check DB logs, but my guess is that it's the same failed error. I think the web and db come up faster than PAN, they are waiting for PAN, but give up? Then user-data never finishes? Just a guess.
Logs below...
ubuntu@ip-10-0-0-99:~$ cat /var/log/user-data.log
Killed old client process
Internet Systems Consortium DHCP Client 4.3.3
Copyright 2004-2015 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.isc.org_software_dhcp_&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=yaPPNRHFJOEqZ9-bfG64oiDWvBigyIWTnqkw0GQeLyU&m=2fZgxR2069wOdNv8Di7o5ZOjwGQfzfccKj5pybwnyio&s=kIdmjnCqnWp0hFE6e-w4Gpef3evk9bDg_BeEh00KJt4&e=>
Listening on LPF/eth0/06:8e:e9:9d:61:74
Sending on LPF/eth0/06:8e:e9:9d:61:74
Sending on Socket/fallback
DHCPRELEASE on eth0 to 10.0.1.1 port 67 (xid=0x2e69ce79)
Internet Systems Consortium DHCP Client 4.3.3
Copyright 2004-2015 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.isc.org_software_dhcp_&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=yaPPNRHFJOEqZ9-bfG64oiDWvBigyIWTnqkw0GQeLyU&m=2fZgxR2069wOdNv8Di7o5ZOjwGQfzfccKj5pybwnyio&s=kIdmjnCqnWp0hFE6e-w4Gpef3evk9bDg_BeEh00KJt4&e=>
Listening on LPF/eth0/06:8e:e9:9d:61:74
Sending on LPF/eth0/06:8e:e9:9d:61:74
Sending on Socket/fallback
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3 (xid=0xfc15527d)
DHCPREQUEST of 10.0.1.101 on eth0 to 255.255.255.255 port 67 (xid=0x7d5215fc)
DHCPOFFER of 10.0.1.101 from 10.0.1.1
DHCPACK of 10.0.1.101 from 10.0.1.1
bound to 10.0.1.101 -- renewal in 1759 seconds.
curl: (7) Failed to connect to 54.67.81.185 port 443: No route to host
curl: (7) Failed to connect to 54.67.81.185 port 443: No route to host
curl: (7) Failed to connect to 54.67.81.185 port 443: Connection timed out
curl: (7) Failed to connect to 54.67.81.185 port 443: Connection timed out
curl: (7) Failed to connect to 54.67.81.185 port 443: Connection timed out
curl: (7) Failed to connect to 54.67.81.185 port 443: Connection timed out
curl: (7) Failed to connect to 54.67.81.185 port 443: Connection timed out
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_PaloAltoNetworks_aws_issues_16-23issuecomment-2D396460403&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=yaPPNRHFJOEqZ9-bfG64oiDWvBigyIWTnqkw0GQeLyU&m=2fZgxR2069wOdNv8Di7o5ZOjwGQfzfccKj5pybwnyio&s=mkHCyfIWHrbV7bk4o3_LNr_1TkFErLIYS4dWevAc68g&e=>, or mute the thread<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_ARFcaW8PpQL9of7gpKAmsLKUpx9zifaiks5t70BSgaJpZM4UhNid&d=DwMFaQ&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=yaPPNRHFJOEqZ9-bfG64oiDWvBigyIWTnqkw0GQeLyU&m=2fZgxR2069wOdNv8Di7o5ZOjwGQfzfccKj5pybwnyio&s=EKwcQJVmDxK0pC4K4TmSLvgE7WpbGAOy7OE7MW83INc&e=>.
|
|
Hello Guys. excuse me I created the stack but it rolled back due to the error "CREATE FAILED - API: ec2:Runinstances Not authorized for images: [ami-7dcb9906]".
Best |
I ran the two-tier-sample CFT. It deployed the PAN successfully, GUI came up, configurable, logs, everything. But I noticed the applications for web and DB didn't work. I logged into the web server it appears nothing was running. There's a lot of configs happening in User Data, but it doesn't look like anything loaded. Same with DB. MySQL wasn't running after all said and done.
The text was updated successfully, but these errors were encountered: