SOAP: transport error:

Started by jlucas, November 07, 2017, 03:48:21 PM

Previous topic - Next topic

jlucas

I'm getting the following error after install on CentOS 7 and NicTool 2.34.

SOAP: transport error: http://172.17.140.25:8082/soap: 500 Can't connect to 172.17.140.25:8082

As best I can tell everything should be set up properly.  I've also ensured that the ports are allowed through the firewall.  Any thoughts?

# cat /etc/httpd/conf.d/z_nictool.conf
PerlRequire /usr/local/nictool/client/lib/nictoolclient.conf
ServerName nictool.ops.wyoming.com
<VirtualHost 172.17.140.25:80>
    # force a https connection
    ServerName nictool.ops.wyoming.com
    Redirect / https://nictool.ops.wyoming.com/
</VirtualHost>

Listen 443
<VirtualHost 172.17.140.25:443>
    ServerName nictool.ops.wyoming.com
    Alias /images/ "/usr/local/nictool/client/htdocs/images/"
    DocumentRoot /usr/local/nictool/client/htdocs
    DirectoryIndex index.cgi
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/server.crt
    SSLCertificateKeyFile /etc/ssl/private/server.key

    <Files "*.cgi">
       SetHandler perl-script
       PerlResponseHandler ModPerl::Registry
       PerlOptions +ParseHeaders
       Options +ExecCGI
    </Files>

    <Directory "/usr/local/nictool/client/htdocs">
        Require all granted
    </Directory>
</VirtualHost>

<IfDefine !MODPERL2>
   PerlFreshRestart On
</IfDefine>
PerlTaintCheck Off

Listen 8082

PerlRequire /usr/local/nictool/server/lib/nictoolserver.conf

<VirtualHost 172.17.140.25:8082>
    KeepAlive Off
    <Location />
        SetHandler perl-script
        PerlResponseHandler NicToolServer
    </Location>
    <Location /soap>
        SetHandler perl-script
        PerlResponseHandler Apache::SOAP
        PerlSetVar dispatch_to "/usr/local/nictool/server, NicToolServer::SOAP"
    </Location>
</VirtualHost>

# cat /usr/local/nictool/server/lib/nictoolserver.conf
#!/usr/bin/perl

use Apache::DBI();
use Apache::SOAP;
use DBIx::Simple;
use XML::Parser;
use SOAP::Lite;

use strict;
use NicToolServer;
use NicToolServer::SOAP;
use NicToolServer::Client::SOAP;
use NicToolServer::Client;
use NicToolServer::Session;
use NicToolServer::Response;
use NicToolServer::Permission;
use NicToolServer::Zone;
use NicToolServer::Zone::Sanity;
use NicToolServer::Zone::Record;
use NicToolServer::Zone::Record::Sanity;
use NicToolServer::Group;
use NicToolServer::Group::Sanity;
use NicToolServer::User;
use NicToolServer::User::Sanity;
use NicToolServer::Nameserver;
use NicToolServer::Nameserver::Sanity;

BEGIN {
    # Database configuration
    $NicToolServer::dsn     = "DBI:mysql:database=nictool;host=localhost;port=3306";
    $NicToolServer::db_user = 'nictool';
    $NicToolServer::db_pass = 'nictool';

    # LDAP configuration
    # $NicToolServer::ldap_servers  = 'ldap1.example.com,ldap2.example.com'; # Comma-separated list
    # $NicToolServer::ldap_starttls = 0;                                     # Defaults to 0
    # $NicToolServer::ldap_basedn   = 'ou=Nictool users,dc=example,dc=com';  # Search base
    # $NicToolServer::ldap_user_mapping = 'uid';                             # Defaults to 'uid'

    # If ldap_filter is set, NicTool will perform a subtree search (scope: sub) for user under ldap_basedn,
    # otherwise it will guesstimate the dn at basedn level (ala scope: one)
    # $NicToolServer::ldap_filter = '(&(objectClass=*)(uid=*))';

    # If anonymous search for the user_mapping attribute is not allowed. Only needed if filter is defined
    # $NicToolServer::ldap_binddn = 'cn=Admin,dc=example,dc=com';
    # $NicToolServer::ldap_bindpw = 'the_admin_password';

    Apache::DBI->connect_on_init($NicToolServer::dsn, $NicToolServer::db_user, $NicToolServer::db_pass);
}

1;

# cat /usr/local/nictool/client/lib/nictoolclient.conf
#!/usr/bin/perl
#
# NicTool v2.00-rc1 Copyright 2001 Damon Edwards, Abe Shelton & Greg Schueler
# NicTool v2.01 Copyright 2004 The Network People, Inc.
#
# NicTool is free software; you can redistribute it and/or modify it under
# the terms of the Affero General Public License as published by Affero,
# Inc.; either version 1 of the License, or any later version.
#
# NicTool is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the Affero GPL for details.
#
# You should have received a copy of the Affero General Public License
# along with this program; if not, write to Affero Inc., 521 Third St,
# Suite 225, San Francisco, CA 94107, USA
#

use strict;

use CGI();

BEGIN {
    $NicToolClient::app_dir     = '/usr/local/nictool/client';

    #Interface options
    $NicToolClient::app_title   = 'NicTool';

    $NicToolClient::image_dir   = 'images';

    $NicToolClient::generic_error_message = qq(If you continue to get this error, please contact the system administrator, or your corporate contact.);

    #show the "help" links
    $NicToolClient::show_help_links = 1;

    #go to detail view after creating a new zone
    $NicToolClient::edit_after_new_zone = 1;

    #is the "include subgroups" checkbox automatically checked?
    $NicToolClient::include_subgroups_checked = 1;

    #is the "exact match" checkbox automatically checked?
    $NicToolClient::exact_match_checked = 0;

    $NicToolClient::template_dir                = "$NicToolClient::app_dir/templates";
    $NicToolClient::login_template              = "$NicToolClient::template_dir/login.html";
    $NicToolClient::setup_error_template        = "$NicToolClient::template_dir/setup_error.html";
    $NicToolClient::frameset_template           = "$NicToolClient::template_dir/frameset.html";
    $NicToolClient::start_html_template         = "$NicToolClient::template_dir/start_html.html";
    $NicToolClient::end_html_template           = "$NicToolClient::template_dir/end_html.html";
    $NicToolClient::body_frame_start_template   = "$NicToolClient::template_dir/body_frame_start.html";

    $NicToolClient::page_length = 50;

    #default values for zones/nameservers
    $NicToolClient::default_zone_ttl = '86400';
    $NicToolClient::default_zone_mailaddr = 'hostmaster.ZONE.TLD.';
    $NicToolClient::default_zone_refresh= '16384';    # RFC 1912 range (20 min to 12 hours)
    $NicToolClient::default_zone_retry  = '900';      # RFC 1912 range (180-900 sec)
    $NicToolClient::default_zone_expire = '1048576';  # RFC 1912 range (14 - 28 days)
    $NicToolClient::default_zone_minimum = '2560';    # RFC 2308 range (1 - 3 hours)

    $NicToolClient::default_zone_record_ttl = '86400';
    $NicToolClient::default_nameserver_ttl  = '86400';

    #NicToolServer connection settings
    $NicToolServerAPI::server_host         = "172.17.140.25";
    $NicToolServerAPI::server_port         = "8082";
    $NicToolServerAPI::transfer_protocol   = 'http',
    $NicToolServerAPI::data_protocol       = "soap";   # 'soap' or 'xml_rpc'
    $NicToolServerAPI::debug_soap_setup    = 0;        # debug soap calls
    $NicToolServerAPI::debug_soap_request  = 0;
    $NicToolServerAPI::debug_soap_response = 0;
}

use lib "$NicToolClient::app_dir/lib";
use NicToolClient;

1;

# cat /var/log/httpd/error_log
[Tue Nov 07 12:17:13.162910 2017] [mpm_prefork:notice] [pid 17394] AH00170: caught SIGWINCH, shutting down gracefully
[Tue Nov 07 12:17:14.746765 2017] [core:notice] [pid 17427] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Tue Nov 07 12:17:14.747925 2017] [suexec:notice] [pid 17427] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Nov 07 12:17:14.748669 2017] [ssl:warn] [pid 17427] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
[Tue Nov 07 12:17:15.075036 2017] [auth_digest:notice] [pid 17427] AH01757: generating secret for digest authentication ...
[Tue Nov 07 12:17:15.075911 2017] [lbmethod_heartbeat:notice] [pid 17427] AH02282: No slotmem from mod_heartmonitor
[Tue Nov 07 12:17:15.076330 2017] [ssl:warn] [pid 17427] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Tue Nov 07 12:17:15.076576 2017] [ssl:warn] [pid 17427] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 07 12:17:15.096035 2017] [mpm_prefork:notice] [pid 17427] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 configured -- resuming normal operations
[Tue Nov 07 12:17:15.096086 2017] [core:notice] [pid 17427] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Tue Nov 07 12:20:19.038598 2017] [mpm_prefork:notice] [pid 17427] AH00170: caught SIGWINCH, shutting down gracefully
[Tue Nov 07 12:20:20.558886 2017] [core:notice] [pid 17467] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Tue Nov 07 12:20:20.560050 2017] [suexec:notice] [pid 17467] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Nov 07 12:20:20.560718 2017] [ssl:warn] [pid 17467] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 07 12:20:20.886125 2017] [auth_digest:notice] [pid 17467] AH01757: generating secret for digest authentication ...
[Tue Nov 07 12:20:20.887004 2017] [lbmethod_heartbeat:notice] [pid 17467] AH02282: No slotmem from mod_heartmonitor
[Tue Nov 07 12:20:20.887425 2017] [ssl:warn] [pid 17467] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Tue Nov 07 12:20:20.887666 2017] [ssl:warn] [pid 17467] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 07 12:20:20.901210 2017] [mpm_prefork:notice] [pid 17467] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 configured -- resuming normal operations
[Tue Nov 07 12:20:20.901303 2017] [core:notice] [pid 17467] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Tue Nov 07 13:28:30.009134 2017] [mpm_prefork:notice] [pid 17467] AH00170: caught SIGWINCH, shutting down gracefully
[Tue Nov 07 13:28:31.552588 2017] [core:notice] [pid 17697] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Tue Nov 07 13:28:31.553744 2017] [suexec:notice] [pid 17697] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Nov 07 13:28:31.554429 2017] [ssl:warn] [pid 17697] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 07 13:28:31.930069 2017] [auth_digest:notice] [pid 17697] AH01757: generating secret for digest authentication ...
[Tue Nov 07 13:28:31.931097 2017] [lbmethod_heartbeat:notice] [pid 17697] AH02282: No slotmem from mod_heartmonitor
[Tue Nov 07 13:28:31.931508 2017] [ssl:warn] [pid 17697] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Tue Nov 07 13:28:31.931744 2017] [ssl:warn] [pid 17697] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 07 13:28:31.947518 2017] [mpm_prefork:notice] [pid 17697] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_perl/2.0.10 Perl/v5.16.3 configured -- resuming normal operations
[Tue Nov 07 13:28:31.947575 2017] [core:notice] [pid 17697] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

#ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:1c:25:98:1d:26 brd ff:ff:ff:ff:ff:ff
    inet 172.17.140.25/24 brd 172.17.140.255 scope global ens5
       valid_lft forever preferred_lft forever
3: enp22s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
    link/ether 00:04:5a:a9:3c:90 brd ff:ff:ff:ff:ff:ff
4: wlp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000
    link/ether 3a:98:73:e8:e3:e3 brd ff:ff:ff:ff:ff:ff


matt

Try disabling SELinux as that's a frequent stumbling point. If that works, turn it back on and then figure out the incantations required to get port 8082 open.

jlucas

Sure enough, I thought I had already worked that out but apparently not.  Thanks.