[CalendarServer-users] Port issue

[Emil Lundberg]

(slightly confused as to whether to top- or bottom post. oh well)

Thanks Cyrus for the explanation, I was going to ask that question  
too, although I hadn't run DCS on anything less than a 4-core machine  
before... :-)

Now; you (Douglas) mentioned you opened the firewall for traffic to  
the 8008 and 8443 ports. Even though ports 8009-8010 and 8444-8445 are  
only used localhost->localhost (confirmed with netstat on my own  
machine), perhaps your firewall is locking this traffic out?

Simply put; can you deactivate the firewall and see if the service  
responds? If so, you need to allow for tcp 8008-8010 and 8443-8445  
from localhost (or the "any" network).

I tried (de)activating tcp/8008 to "any" on the firewall using 10.5.0  
server and it was enough to deny/allow communcation with iCal server  
(as it were), but YMMV.

Also, just to be sure: you seem to be using a DHCP address on your MB  
- hopefully this is the same each boot.

Come to think of it I find this statement intriguing:

>>> DCS works on the localhost, but not on the port that I assign it in
>>> the caldavd-dev.plist. [...] I don't know why it changes the port,  
>>> but
>>> whichever one it chooses I can access on localhost just fine.


This tells me the PyDirector port(s) are not responding and that you  
can connect directly to localhost:(port+1) (this not being hindered by  
the firewall), but not directly to servername:(port+1) (as this is  
blocked by the firewall). Turn the firewall off and I envision you  
could connect to servername:(port+1), although it does not tell you  
why the original ports fail. Small steps...

/Emil

> Hi Cyrus, Emil, et. al,
>
> Thank-you for your explanation of how some of the different pieces  
> work together with the server(s)/processors and whatnot. I found the  
> PyDirector service you're looking for, and it cat's the way you  
> would expect: "four services setup in that config file - two of  
> which listen on localhost and two of which listen on the external  
> address on the ports you have specified." Ex:
>
> <pdconfig>
>
>    <service name="http">
>        <listen ip="127.0.0.1:8008" />
>        <group name="main" scheduler="leastconns">
>          <host name="caldav-8009" ip="127.0.0.1:8009" />
> <host name="caldav-8010" ip="127.0.0.1:8010" />
>        </group>
>        <enable group="main" />
>    </service>
>
>
>    <service name="https">
>        <listen ip="127.0.0.1:8443" />
>        <group name="main" scheduler="leastconns">
>          <host name="caldav-8444" ip="127.0.0.1:8444" />
> <host name="caldav-8445" ip="127.0.0.1:8445" />
>        </group>
>        <enable group="main" />
>    </service>
>
> (I've only listed the localhost params for privacy purposes) I  
> assume that what's listed above is quite normal, although I don't  
> quite understand why it assigns hostnames on ports 8009 and 8010 for  
> http, or on 8444 and 8445 for the https, especially when it's  
> listening on 8008 and 8443 respectively. As long as it works,  
> right? :)
>
> On the other box, a single-processor G4, I have DCS running with no  
> problems, and it doesn't do this. It doesn't load PyDirector at all,  
> I assume because it doesn't need to balance loads between multiple  
> processors, and perhaps this is the key difference? PyDirector is  
> the problem on my newer duocore machine? If so, still, how do I  
> address this?
>
> And on both boxes, I get the lines:
>
> 2007-10-29 13:53:18-0400 [-] [caldav-8008]  [startup] Setting up  
> scheme: kerberos
> 2007-10-29 13:53:18-0400 [-] [caldav-8008]   
> [KerberosCredentialFactoryBase] getServerPrincipalDetails: ('Cannot  
> get sequence cursor from keytab', 2)
> 2007-10-29 13:53:18-0400 [-] [caldav-8008]  [startup] Could not  
> start Kerberos
>
> I thought this might have been the stumbling block on my MacBookPro,  
> the machine I'm having problems with, but since it happens on the G4  
> too maybe it doesn't matter. Or perhaps I just haven't gotten to the  
> point on the G4 where it does matter. Anyhow, any advice on this one?
>
> Many thanks,
>
> -Doug
>
>
> On Oct 29, 2007, at 11:44 AM, Cyrus Daboo wrote:
>
>> Hi Douglas,
>>
>> --On October 29, 2007 3:04:07 AM -0400 Douglas O'Connor <business at dougoconnor.com 
>> > wrote:
>>
>>> 1.) Double-checked all the file names and port numbers: as far as  
>>> I can
>>> still, it's all good.
>>> 2.) I'm using OSX 10.4.10 Tiger, Python 2.4, Subversion 1.4.5,  
>>> Apache
>>> 2.2.6, APR 1.2.11, and APR-UTIL 1.2.10. The firewall is down for the
>>> ports that I've configured DCS to listen on (8008 and 8443).
>>> 3.) No error logs come through, the only logfiles I can actually  
>>> open
>>> don't contain much (access.log).
>>> 4.) DCS works on the localhost, but not on the port that I assign  
>>> it in
>>> the caldavd-dev.plist. In fact, it always assigns to one or two  
>>> ports
>>> higher than what I tell it, and it ignores my serverhostname and IP
>>> address that I give to it. (See the verbose run script below to
>>> understand more clearly). I don't know why it changes the port, but
>>> whichever one it chooses I can access on localhost just fine.
>>> 5.) The collection listing is solid, no problems there, it  
>>> reflects my
>>> plist and xml arrangements.
>>>
>>> Here below is the run script readout:
>>>
>>
>> Some things to note: the server architecture we have allows for the  
>> "server" to actual spawn multiple server processes for handling  
>> requests. By default we spawn one server instance per cpu/core.  
>> When we do that, each server instance listens only on 127.0.0.1 and  
>> on a port that is different from the main one configured in  
>> the .plist (we increase the port numbers by one for each instance).  
>> We then also start a load balancer process (pydirector) that should  
>> be listening on all the interfaces/ports specified in the .plist,  
>> and that will redirect incoming requests to each server instance in  
>> an appropriate fashion. The error.log file (or stdout) will show  
>> the localhost and instance port numbers, not the interface/port of  
>> the load balancer. So you need to ignore those and just attempt to  
>> connect on the interfaces/ports in the caldavd.plist.
>>
>> Can you start the server again and look for the 'Adding pydirector  
>> service with configuration: XXX' line in the log output, and then  
>> in another terminal window cat the XXX file listed there. You  
>> should see four services setup in that config file - two of which  
>> listen on localhost and two of which listen on the external address  
>> on the ports you have specified. Can you double-check that?
>>
>> -- 
>> Cyrus Daboo
>>
>