General Discussion

File analytics installation NETAPP_XCP_1.9.1

Konstantin2
3,297 Views

Hello,

 

I am trying to install XCP NETAPP_XCP_1.9.1 on a RHEL 8.6 system with root but while configuring it does not allow me to set password for admin:

 

Enter admin password for file analytics:
Retype same password :
# Updating database entries
(pg.InternalError) FATAL: Ident authentication failed for user "central"

(Background on this error at: https://sqlalche.me/e/14/2j85)
NOTE: Please make sure you are root user. File Analytics installation unsuccessful. Please refer the user guide.

 

Does anyone know what is the problem?

 

1 ACCEPTED SOLUTION

elementx
3,288 Views

Make sure config creds from your XCP config file are valid.

View solution in original post

7 REPLIES 7

elementx
3,289 Views

Make sure config creds from your XCP config file are valid.

Konstantin2
3,273 Views

Can you please provide details which creds should be valid? 

elementx
3,260 Views

For PostgreSQL DB that is installed when you run configure.sh. In xcp.ini you may have something like this (account and credentials are for this specific database):

 

db_host = 127.0.0.1
db_port = 5432
db_user = central
...
db_name = xcp_cmdb

 

In order to verify that PostgreSQL is reachable, you could use psql client and DBA password for and then check that PostgreSQL is running, xcp_cmdb is present, etc.

 

There should be some logs in here, including error logs:

/opt/NetApp/xFiles/xcp/xcpfalogs/

 

Potential fixes include configure.sh -> Repair/ Manage which checks and restarts the DB.

elementx
3,255 Views

I just tried to install XCP 1.9.1. on Rocky Linux 8.7; configure.sh installed PostgreSQL but it also recommended to set a password for my DB user

 

NOTE:
If you are running configuration for first time or upgrading, select option 1.
________________________________________________________________________________
Please choose the menu you want to start:
1. Configure client system
2. Reset admin password
3. Reset Postgres database password
4. Rebuild xcp.ini file
5. Delete database and reconfigure client system
6. Add/Modify/Delete custom security banner (To be used after configuring the client)

0. Quit
--------------------------------------------------------------------------------
Enter digit between [0-6] >> 1

# Postgres service is running
Password must contain at least one numeral, one upper case, one lower case and a special character(! @ # $ % ^ & * - _).

Enter password for Postgres DB user:

I was prompted to enter 2 passwords, one for PostgreSQL DB user, and another for XCP admin.

 

# Postgres service is running 
Password must contain at least one numeral, one upper case, one lower case and a special character(! @ # $ % ^ & * - _).

Enter password for Postgres DB user:
Retype same password :
# Updating DB password

# Updating xcp.ini file
Password must contain at least one numeral, one upper case, one lower case and a special character(! @ # $ % ^ & * - _).

Enter admin password for file analytics:
Retype same password :
# Updating database entries


# A custom banner is a message displayed to someone who attempts to access XCP File Analytics web page before every authentication.
Example of banner message: Authorised users only!
Do you wish to add a banner ? (yes/no): no
--------------------------------------------------------------------------------
Starting xcp service
--------------------------------------------------------------------------------
# Creating XCP service ...

--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
XCP File analytics configured and XCP service started successfully.

Use following link and login as 'admin' user for GUI access
https://192.168.1.198/xcp
--------------------------------------------------------------------------------
[root@s198 xcp]# cat /opt/NetApp/xFiles/xcp/xcp.ini
[xcp]
catalog = nfs_server:/export[:subdirectory]
db_password = BhRauqE6bjS/aTmkiKmtOQ==
db_host = 127.0.0.1
db_port = 5432
db_user = central
db_name = xcp_cmdb

Note that catalog is still not configured, but DB is: BhRauqE6bjS/aTmkiKmtOQ==  is "NetApp123$".

Now I use these creds (central/NetApp123$) to check:

[root@s198 xcp]# psql -h 127.0.0.1 -U central -d xcp_cmdb -p 5432
Password for user central:
psql (10.23)
Type "help" for help. 

I rebooted the system and re-ran configure.sh which told me everything is OK:

 

[root@s198 xcp]# ./configure.sh 
--------------------------------------------------------------------------------
XCP CONFIGURATION SCRIPT
--------------------------------------------------------------------------------
# Checking if XCP service is running
# WARNING: XCP process is already running on this system.
________________________________________________________________________________

root 932 1 0 16:19 ? 00:00:00 /usr/bin/xcp --listen
root 1110 932 0 16:19 ? 00:00:00 /usr/bin/xcp --listen
postgres 1487 1015 0 16:19 ? 00:00:00 postgres: central xcp_cmdb 127.0.0.1(35064) idle

Installer script did forget to add one dependency, which I installed manually. I think that's not related to the auth problem you had, it's related to the Web UI.

 

sudo yum install python3-xmlsec.x86_64 xmlsec1.x86_64 xmlsec1-openssl.x86_64

 

elementx
1,753 Views

One tip based on v1.9.2: I used it with Rocky 8.8 and after setting everything up several times (one of the changes that seemed to have helped was disabling IPv6 so that the Web UI binds IPv4), I was finally able to access to the Web based UI. I didn't have any issues logging in on Firefox (admin/$PASS were as I set them in configuration wizard).

 

Then I tried on another host with Rocky 8.6, and there I had issues logging in. Here no matter what I did, I couldn't login (wrong username or password). Then I updated OS to Rocky 8.8 (still no luck) and finally tried Chrome and that helped.

 

So the same day, using the same version of XCP and OS, I could and couldn't use Firefox... Chrome is the only supported browser,  but it's puzzling that on Firefox the problem manifests in a rejection of valid app credentials.

 

I also noticed that configure.sh didn't handle various OS-related quirks well, so it appears it's highly desirable to watch all logs, from XCP's installation.log over PostgreSQL and various Apache logs, when troubleshooting. The credentials/browser-related error isn't even recorded in the logs as far as I could tell, it happens only in the browser.

Konstantin2
1,720 Views

Hi! Many thanks for the provided information! Actually we have issues with logging in with Chrome every time as it gives us wrong user name or password but we found a workaround. First we clear the browser cache and after that we access the following :

https://10.4.20.135:5030/xcp/api

Once we see the message that we are not authorized the login username and password are accepted on the next try.

elementx
1,716 Views

I haven't encountered the caching issue, but clearing the cache is mentioned as one of tips in Troubleshooting:

https://docs.netapp.com/us-en/xcp/xcp-troubleshoot-xcp-file-analytics-errors.html

So is the advice to use only Chrome (but in a weird way, it says to look it up in the IMT, which no one wants to do because it takes 3 minutes to do...), by the way.

If you hit that problem often and don't mind to use a separate browser profile, you could create a startup entry for Chrome with a custom profile name, which cleans browser cache on every exit.

 

> First we clear the browser cache and after that we access the following :

https://10.4.20.135:5030/xcp/api

 

I know that path (used to throw a REST error, in Firefox). Chrome shows it not-as-nicely. Here's what I get with Chrome now:

 

{"message":"404 Not Found: The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again."}

Firefox still shows the "classic" API/REST page 🙂

 

elementx_0-1689151107979.png

 

I haven't hit the stale cache issue yet, maybe it takes longer use.

 

I also found several additional problems in the installer script, which doesn't account for RPM package name changes in RHEL 8.8 (compared to 8.6) and ignores errors if yum-utils is missing.

For those, I copy package names from the script, then fix them up, and install them manually (+ yum-utils nfs-utils) because that installs a quite a few packages which may or may not be necessary. Maybe those aren't essential - it clearly works without them - but there may be some features which I haven't yet tried where those packages need to be used, so I'd rather have them than not.

 

Sometimes the role or the database doesn't get properly created which makes installation fail when XCP can't access DB to create xcp_cmdb, and to make things worse it appears the SQL statements are stored in the XCP binary itself, which makes it unnecessarily hard to troubleshoot these DB issues...  To work around that I dumped the SQL DB from a "good" XCP, so that I can just deploy the DB myself now...

 

I've been helping a customer  with this, so I noticed these things.

 

I've been thinking, if I had to do this more than once a quarter I'd probably containerize the Web UI and PostgreSQL and write own installer for XCP service to avoid all these issues and even be able to avoid the installation of PostgreSQL (e.g. I could also deploy it externally on K8s or wherever).

Public