Giter Club home page Giter Club logo

Comments (12)

spitzerr avatar spitzerr commented on June 3, 2024

Hi @jbiendara,

your config with-ssl is missing some square-brackets. This part:

"SslRootOrIntermediate" : {
			"Alias":	"esri-root",
			"Path":		"C:\\data\\ArcGIS_Configuration\\Certificate\\esri-root.cer"
					 },

should be:

"SslRootOrIntermediate" : [{
			"Alias":	"esri-root",
			"Path":		"C:\\data\\ArcGIS_Configuration\\Certificate\\esri-root.cer"
					}],

Maybe this fixes also #90 Q5

Cheers

from arcgis-powershell-dsc.

avatar commented on June 3, 2024

Hi Rainer,

Unfortunately, adding the extra square brackets didn't change anything.

As soon as I add the “ssl per node” sections to the “AllNodes” part the procedure gets confused. Okay, the node ssl certificates get installed as well as does the root certificate.

But when it comes to federate the server (vsdev2371) with the portal (vsdev2370) the procedure requires a token from the server (vsdev2371), not from the portal (vsdev2370). The federation times out.

Without the “ssl per node” sections in the “AllNodes” part the procedure requires the token for the federation correctly from the portal (vsdev2370), the federation is done in seconds.

Why does the procedure gets mixed up?

Btw: I thought that the square brackets only designate the sections that need to be configured/filled in with the values of the environment or sections that are optional. Now it seems that they also do have a functional significance. Can you help me, what the (functional) difference between the square and the curly brackets is and what they both are used for in the context of the configuration scripts?

Thank you very much, best regards,
Jürgen

from arcgis-powershell-dsc.

spitzerr avatar spitzerr commented on June 3, 2024

Hi,

About the bracketts: The config is written in json-notation. Square-Bracketts are used for Arrays over there. You can see some more Information About Syntax e.g. here: http://www.json.org/

At the example configuration files there are also some square-bracketts inside of Quotation marks. These are meant as optional/filled Information which hast to be changed for use.

As soon as I add the “ssl per node” sections to the “AllNodes” part the procedure gets confused. Okay, the node ssl certificates get installed as well as does the root certificate.

For clarification: Are both certificates now installed in Portal Cert-Store?

Why does the procedure gets mixed up?

This could be a bug. On our Tests we had all WebAdaptors on the same machine and everything worked fine. Could your verify this?

from arcgis-powershell-dsc.

shailesh91 avatar shailesh91 commented on June 3, 2024

@jbiendara @spitzerr
Call for federation is made on server web adaptor. So when the web adaptors are on different machines the Portal WebAdaptor endpoint is wrongly inferred. This line is the cause of the error.

arcgis-powershell-dsc/Modules/ArcGIS/Configuration/ArcGISConfigure.ps1

Line 1664 in bfae4eb

$PortalFEDHostName = $Node.SslCertifcate.Alias

To get around the error use the following configuation.
WithSSLSections.txt

Ps. in this config, when a portal and portal webadaptor is on the same, the certificate is not installed Portal Cert-Store. It is installed in Machine Cert-Store.

from arcgis-powershell-dsc.

shailesh91 avatar shailesh91 commented on June 3, 2024

@jbiendara @spitzerr Pull request #95 should solve this bug. You can fork the PR and try it out.

from arcgis-powershell-dsc.

spitzerr avatar spitzerr commented on June 3, 2024

@shailesh91 from my perspective there is an additional timing Problem:
webadaptor waits until ArcGIS_Portal is finished to Register Portal in WA:

arcgis-powershell-dsc/Modules/ArcGIS/Configuration/ArcGISConfigure.ps1

Lines 1474 to 1488 in bfae4eb

if($Node.Role -icontains "PortalWebAdaptor")
{
if($ConfigurationData.ConfigData.PortalContext -and $PrimaryPortalMachine)
{
if($PrimaryPortalMachine -ine $Node.NodeName)
{
if($Node.WMFVersion -gt 4){
WaitForAll "WaitForAllPortalConfigToComplete$($PrimaryPortalMachine)"{
ResourceName = "[ArcGIS_Portal]Portal$($PrimaryPortalMachine)"
NodeName = $PrimaryPortalMachine
RetryIntervalSec = 60
RetryCount = 90
DependsOn = $Depends
}
$Depends += "[WaitForAll]WaitForAllPortalConfigToComplete$($PrimaryPortalMachine)"

After ArcGIS_Portal is finished ArcGIS_Portal_TLS is executed:

arcgis-powershell-dsc/Modules/ArcGIS/Configuration/ArcGISConfigure.ps1

Lines 1006 to 1038 in bfae4eb

ArcGIS_Portal "Portal$($Node.NodeName)"
{
Ensure = 'Present'
PortalContext = $ConfigurationData.ConfigData.PortalContext
PortalAdministrator = $PSACredential
DependsOn = $Depends
AdminEMail = $ConfigurationData.ConfigData.Credentials.PrimarySiteAdmin.Email
AdminSecurityQuestionIndex = 1
AdminSecurityAnswer = "vanilla"
ContentDirectoryLocation = $ContentDirectoryLocation
Join = if($Node.NodeName -ine $PrimaryPortalMachine) { $true } else { $false }
IsHAPortal = if($IsMultiMachinePortal){$True}else{$False}
ExternalDNSName = $ExternalDNSName
PortalEndPoint = $MachineFQDN
PeerMachineHostName = if($Node.NodeName -ine $PrimaryPortalMachine) { (Get-FQDN $PrimaryPortalMachine) } else { "" }
EnableDebugLogging = if($ConfigurationData.ConfigData.DebugMode) { $true } else { $false }
ADServiceUser = $ADServiceCredential
EnableAutomaticAccountCreation = if($ConfigurationData.ConfigData.Portal.EnableAutomaticAccountCreation) {$true} else {$false}
}
if($HasSSLCertificatesPerNode -and $Node.SslCertifcate.Path){
ArcGIS_Portal_TLS "Portal_TLS$($Node.NodeName)"
{
Ensure = 'Present'
SiteName = 'arcgis'
SiteAdministrator = $PSACredential
CName = $Node.SslCertifcate.Alias
CertificateFileLocation = $Node.SslCertifcate.Path
CertificatePassword = $Node.SslCertifcate.Password
DependsOn = @("[ArcGIS_Portal]Portal$($Node.NodeName)")
SslRootOrIntermediate = $SslRootOrIntermediate
}
}elseif((($AllNodes | Where-Object { ($_.Role -icontains 'LoadBalancer') -or ($_.Role -icontains 'PortalWebAdaptor') } | Measure-Object).Count -eq 0) -and $ConfigurationData.ConfigData.Portal.SslCertifcate.Alias){

As ArcGIS_Portal_TLS installs a new Cert in Portal Cert-Store the Portal-WebServer is restarted. At the same time ArcGIS WebAdaptor tries to get a token and Fails...

I'm not sure how to come around this. Maybe you have an idea.

from arcgis-powershell-dsc.

shailesh91 avatar shailesh91 commented on June 3, 2024

@spitzerr I will try to repro this issue (Can you send the config file you are using). I have a solution in mind for wmf5 that requires minimal change. But I am not sure how I will get this working in wmf4. Need to brainstorm a little more that.

from arcgis-powershell-dsc.

spitzerr avatar spitzerr commented on June 3, 2024

@shailesh91 please find attached the config which Fails on our site. As it is a racing condition I think it's hard to reproduce anyway.
Hope you can find a fix

config.json

from arcgis-powershell-dsc.

nshampur avatar nshampur commented on June 3, 2024

adding retries to ArcGIS WebAdaptor when it attempts to get a token and the Portal is restarting might be a good fix.

from arcgis-powershell-dsc.

shailesh91 avatar shailesh91 commented on June 3, 2024

@spitzerr just an FYI, support for global certs used is going away with the latest PR. You will have to use the node level certs.
@nshampur Will give the retry solution a try.

from arcgis-powershell-dsc.

shailesh91 avatar shailesh91 commented on June 3, 2024

@spitzerr The new commit (3d9697e) should solve the timing issue. Can you verify this.

from arcgis-powershell-dsc.

shailesh91 avatar shailesh91 commented on June 3, 2024

Closing the issue. Please open again if you have any further issues.

from arcgis-powershell-dsc.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.