[CalendarServer-users] Port issue
Emil Lundberg
Emil.Lundberg at bmc.uu.se
Mon Oct 29 12:41:11 PDT 2007
(slightly confused as to whether to top- or bottom post. oh well)
Thanks Cyrus for the explanation, I was going to ask that question
too, although I hadn't run DCS on anything less than a 4-core machine
before... :-)
Now; you (Douglas) mentioned you opened the firewall for traffic to
the 8008 and 8443 ports. Even though ports 8009-8010 and 8444-8445 are
only used localhost->localhost (confirmed with netstat on my own
machine), perhaps your firewall is locking this traffic out?
Simply put; can you deactivate the firewall and see if the service
responds? If so, you need to allow for tcp 8008-8010 and 8443-8445
from localhost (or the "any" network).
I tried (de)activating tcp/8008 to "any" on the firewall using 10.5.0
server and it was enough to deny/allow communcation with iCal server
(as it were), but YMMV.
Also, just to be sure: you seem to be using a DHCP address on your MB
- hopefully this is the same each boot.
Come to think of it I find this statement intriguing:
>>> DCS works on the localhost, but not on the port that I assign it in
>>> the caldavd-dev.plist. [...] I don't know why it changes the port,
>>> but
>>> whichever one it chooses I can access on localhost just fine.
This tells me the PyDirector port(s) are not responding and that you
can connect directly to localhost:(port+1) (this not being hindered by
the firewall), but not directly to servername:(port+1) (as this is
blocked by the firewall). Turn the firewall off and I envision you
could connect to servername:(port+1), although it does not tell you
why the original ports fail. Small steps...
/Emil
> Hi Cyrus, Emil, et. al,
>
> Thank-you for your explanation of how some of the different pieces
> work together with the server(s)/processors and whatnot. I found the
> PyDirector service you're looking for, and it cat's the way you
> would expect: "four services setup in that config file - two of
> which listen on localhost and two of which listen on the external
> address on the ports you have specified." Ex:
>
> <pdconfig>
>
> <service name="http">
> <listen ip="127.0.0.1:8008" />
> <group name="main" scheduler="leastconns">
> <host name="caldav-8009" ip="127.0.0.1:8009" />
> <host name="caldav-8010" ip="127.0.0.1:8010" />
> </group>
> <enable group="main" />
> </service>
>
>
> <service name="https">
> <listen ip="127.0.0.1:8443" />
> <group name="main" scheduler="leastconns">
> <host name="caldav-8444" ip="127.0.0.1:8444" />
> <host name="caldav-8445" ip="127.0.0.1:8445" />
> </group>
> <enable group="main" />
> </service>
>
> (I've only listed the localhost params for privacy purposes) I
> assume that what's listed above is quite normal, although I don't
> quite understand why it assigns hostnames on ports 8009 and 8010 for
> http, or on 8444 and 8445 for the https, especially when it's
> listening on 8008 and 8443 respectively. As long as it works,
> right? :)
>
> On the other box, a single-processor G4, I have DCS running with no
> problems, and it doesn't do this. It doesn't load PyDirector at all,
> I assume because it doesn't need to balance loads between multiple
> processors, and perhaps this is the key difference? PyDirector is
> the problem on my newer duocore machine? If so, still, how do I
> address this?
>
> And on both boxes, I get the lines:
>
> 2007-10-29 13:53:18-0400 [-] [caldav-8008] [startup] Setting up
> scheme: kerberos
> 2007-10-29 13:53:18-0400 [-] [caldav-8008]
> [KerberosCredentialFactoryBase] getServerPrincipalDetails: ('Cannot
> get sequence cursor from keytab', 2)
> 2007-10-29 13:53:18-0400 [-] [caldav-8008] [startup] Could not
> start Kerberos
>
> I thought this might have been the stumbling block on my MacBookPro,
> the machine I'm having problems with, but since it happens on the G4
> too maybe it doesn't matter. Or perhaps I just haven't gotten to the
> point on the G4 where it does matter. Anyhow, any advice on this one?
>
> Many thanks,
>
> -Doug
>
>
> On Oct 29, 2007, at 11:44 AM, Cyrus Daboo wrote:
>
>> Hi Douglas,
>>
>> --On October 29, 2007 3:04:07 AM -0400 Douglas O'Connor <business at dougoconnor.com
>> > wrote:
>>
>>> 1.) Double-checked all the file names and port numbers: as far as
>>> I can
>>> still, it's all good.
>>> 2.) I'm using OSX 10.4.10 Tiger, Python 2.4, Subversion 1.4.5,
>>> Apache
>>> 2.2.6, APR 1.2.11, and APR-UTIL 1.2.10. The firewall is down for the
>>> ports that I've configured DCS to listen on (8008 and 8443).
>>> 3.) No error logs come through, the only logfiles I can actually
>>> open
>>> don't contain much (access.log).
>>> 4.) DCS works on the localhost, but not on the port that I assign
>>> it in
>>> the caldavd-dev.plist. In fact, it always assigns to one or two
>>> ports
>>> higher than what I tell it, and it ignores my serverhostname and IP
>>> address that I give to it. (See the verbose run script below to
>>> understand more clearly). I don't know why it changes the port, but
>>> whichever one it chooses I can access on localhost just fine.
>>> 5.) The collection listing is solid, no problems there, it
>>> reflects my
>>> plist and xml arrangements.
>>>
>>> Here below is the run script readout:
>>>
>>
>> Some things to note: the server architecture we have allows for the
>> "server" to actual spawn multiple server processes for handling
>> requests. By default we spawn one server instance per cpu/core.
>> When we do that, each server instance listens only on 127.0.0.1 and
>> on a port that is different from the main one configured in
>> the .plist (we increase the port numbers by one for each instance).
>> We then also start a load balancer process (pydirector) that should
>> be listening on all the interfaces/ports specified in the .plist,
>> and that will redirect incoming requests to each server instance in
>> an appropriate fashion. The error.log file (or stdout) will show
>> the localhost and instance port numbers, not the interface/port of
>> the load balancer. So you need to ignore those and just attempt to
>> connect on the interfaces/ports in the caldavd.plist.
>>
>> Can you start the server again and look for the 'Adding pydirector
>> service with configuration: XXX' line in the log output, and then
>> in another terminal window cat the XXX file listed there. You
>> should see four services setup in that config file - two of which
>> listen on localhost and two of which listen on the external address
>> on the ports you have specified. Can you double-check that?
>>
>> --
>> Cyrus Daboo
>>
>
More information about the calendarserver-users
mailing list