nordic-institute / x-road Goto Github PK

Hello @petkivim,

I tried to download transaction log file along with Signed Document Download and Verification Manual.

However, my test TSA seems not working according to Failed to get time stamp from any time-stamping providers error massage responding from
https://10.183.203.87/asic?queryId=3ebaeb5f-94e6-4398-b93f-6228bc3adf78&xRoadInstance=DEMO&memberClass=GOV&memberCode=1234&subsystemCode=SUB2&force.

Also, Timestamping status on Diagnostics was Ok.

How does the test timestamp work?

P.S. X-Road Test Service and X-Road Test Client is used as a testing tool which creates responses and requests.
P.S.S hosts following
test service: Ubuntu 16.04 LTS
test client: Ubuntu 18.04 LTS
X-Road: Ubuntu 18.04 LTS

Hi everyone,

I am working on X-Road: External Load Balancer Installation Guide X-Road: External Load Balancer Installation Guide on master server. I restarted all xroad services again. Although I still can login to SS via port 4000, I cannot connect to database server anymore.

gov@ubuntu:~$ sudo service postgresql status
9.3/main (port 5432): online
9.3/serverconf (port 5433): online
gov@ubuntu:~$

I read External Load Balancer again to make sure didn't do anything wrong. But I couldn't find any missing steps. Please let me know what I should do now.

Best regards,
Hai

Hello @petkivim ,
I got an error, "Cannot connect to database server", on the GUI of master node.

I was able to connect serverconf database from master node to remote database.

However, there was an error which is 'password authentication failed for user "serverconf" ' according to jetty.log on master node.

jetty.log

I tried to configure HA cluster (master and slave) with remote database (messagelog, serverconf and opmonitor).

These are my servers

Could you please tell me any suggestions for this error?

Best Regards,

Yamato

In this case, I did initial configuration of master security server.
OS: Ubuntu 18.04
security servers: v.6.21.1-1
Reference: https://github.com/nordic-institute/X-Road/blob/develop/doc/Manuals/LoadBalancing/ig-xlb_x-road_external_load_balancer_installation_guide.md

Dear XRoad,

I have a problem with Operational Monistoring it said Unknown service: getSecurityServerOperationalData

2019-11-18 10:00:03,163 [qtp1031968647-43] ERROR e.r.x.p.c.AbstractClientProxyHandler - Request processing error
ee.ria.xroad.common.CodedException$Fault: Server.ServerProxy.UnknownService: Unknown service: SERVICE:CAM/GOV/201903/getSecurityServerOperationalData

Best Regards,
Dara Penhchet

Hello, I am using Ubuntu 18.04 LTS and tried to build new containers after reinstalling X-Road two times and this error showed up:

xroad2019@xroad2019-TERRA-PC:~/X-Road/ansible$ sudo ansible-playbook -i hosts/lxd_hosts.txt xroad_init.yml
[sudo] password for xroad2019:
[WARNING]: * Failed to parse /home/xroad2019/X-Road/ansible/hosts/lxd_hosts.txt with ini plugin: /home/xroad2019/X-Road/ansible/hosts/lxd_hosts.txt:41: Section [demo-servers:children] includes
undefined group: cs-servers

[WARNING]: Unable to parse /home/xroad2019/X-Road/ansible/hosts/lxd_hosts.txt as an inventory source

[WARNING]: No inventory was parsed, only implicit localhost is available

[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'

PLAY [lxd_servers] *****************************************************************************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
ok: [localhost]

TASK [init-lxd : Ready all Ubuntu bionic containers] *******************************************************************************************************************************************************

TASK [init-lxd : Ready all CentOS 7 containers] ************************************************************************************************************************************************************

TASK [init-lxd : Install Python2 in container if necessary] ************************************************************************************************************************************************

PLAY [ss_servers] ******************************************************************************************************************************************************************************************

TASK [Gathering Facts] *************************************************************************************************************************************************************************************
fatal: [demo-ss1]: UNREACHABLE! => {"changed": false, "msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in "/tmp". Failed command was: ( umask 77 && mkdir -p "echo ~/.ansible/tmp/ansible-tmp-1573233580.12-4287626158680" && echo ansible-tmp-1573233580.12-4287626158680="echo ~/.ansible/tmp/ansible-tmp-1573233580.12-4287626158680" ), exited with result 1", "unreachable": true}
fatal: [demo-ss2]: UNREACHABLE! => {"changed": false, "msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in "/tmp". Failed command was: ( umask 77 && mkdir -p "echo ~/.ansible/tmp/ansible-tmp-1573233580.13-97301733296530" && echo ansible-tmp-1573233580.13-97301733296530="echo ~/.ansible/tmp/ansible-tmp-1573233580.13-97301733296530" ), exited with result 1", "unreachable": true}

NO MORE HOSTS LEFT *****************************************************************************************************************************************************************************************
to retry, use: --limit @/home/xroad2019/X-Road/ansible/xroad_init.retry

PLAY RECAP *************************************************************************************************************************************************************************************************
demo-ss1 : ok=0 changed=0 unreachable=1 failed=0
demo-ss2 : ok=0 changed=0 unreachable=1 failed=0
localhost : ok=1 changed=0 unreachable=0 failed=0

Help would be appreciated.
Thanks in advance.

Dear XRoad,

Why in the XRoad Center we have to install the Management Security Server and Monitoring Security Server?

Could you explain me about it?

Best Regards,
Dara Penhchet

Hi everyone,

I am trying to modify country name to VN and recompile Xroad as the following instruction: https://github.com/egobsv/Tenoli-LAT#modificaci%C3%B3n-del-pa%C3%ADs. So, I going to create new 4 classes including 3 classes:

• VNBCYAuthCertificateProfileInfo
• VNBCYCertificateProfileInfoProvider
• VNBCYSignCertificateProfileInfo
  by cloned three classes:
• FiVRKAuthCertificateProfileInfo
• FiVRKCertificateProfileInfoProvider
• FiVRKSignCertificateProfileInfo

Also, clone FISubjectClientIdDecoder.java class to VNSubjectClientIdDecoder.java by modiying 'FI' to 'VN'. However, when run ./build_packages.sh to recompile, I got following errors:

I don't know how to start. There are no document mention about how to create these 4 classes appropriated with your country PKI. Should I use Ejbca classes to implement this instead? If yes, how can I do it?

Best regards,
Hai

Hi everyone,
I'm installing x-road center server by following the guide https://github.com/ria-ee/X-Road/blob/develop/doc/Manuals/ig-cs_x-road_6_central_server_installation_guide.md. But in the last command line: sudo apt-get install xroad-centralserver, I get this error:
running db migrations
02:39:11.056 [main] DEBUG o.a.c.c.ConfigurationUtils - ConfigurationUtils.locate(): base is null, name is /etc/xroad/db.properties
02:39:11.059 [main] DEBUG o.a.c.c.DefaultFileSystem - Could not locate file /etc/xroad/db.properties at null: no protocol: /etc/xroad/db.properties
02:39:11.059 [main] DEBUG o.a.c.c.ConfigurationUtils - Loading configuration from the absolute path /etc/xroad/db.properties
02:39:11.916 [main] DEBUG o.a.c.c.ConfigurationUtils - ConfigurationUtils.locate(): base is null, name is /etc/xroad/db.properties
02:39:11.916 [main] DEBUG o.a.c.c.DefaultFileSystem - Could not locate file /etc/xroad/db.properties at null: no protocol: /etc/xroad/db.properties
02:39:11.916 [main] DEBUG o.a.c.c.ConfigurationUtils - Loading configuration from the absolute path /etc/xroad/db.properties
== RestoreIdentifierDecoderData: migrating ===================================
rake aborted!
StandardError: An error has occurred, this and all later migrations canceled:

setting default path failed: the trustAnchors parameter must be non-empty
org/jruby/ext/openssl/X509Store.java:185:in set_default_paths' /tmp/10108/WEB-INF/lib/jruby-stdlib-1.7.27.jar!/META-INF/jruby.home/lib/ruby/shared/jopenssl/load.rb:26:in (root)'
/tmp/10108/WEB-INF/gems/gems/activesupport-3.2.22.5/lib/active_support/dependencies.rb:251:in require' /tmp/10108/WEB-INF/gems/gems/activesupport-3.2.22.5/lib/active_support/dependencies.rb:236:in load_dependency'
/tmp/10108/WEB-INF/gems/gems/activesupport-3.2.22.5/lib/active_support/dependencies.rb:251:in require' /tmp/10108/WEB-INF/lib/jruby-stdlib-1.7.27.jar!/META-INF/jruby.home/lib/ruby/shared/openssl.rb:1:in (root)'
/tmp/10108/WEB-INF/gems/gems/activesupport-3.2.22.5/lib/active_support/dependencies.rb:251:in require' /tmp/10108/WEB-INF/gems/gems/activesupport-3.2.22.5/lib/active_support/dependencies.rb:236:in load_dependency'
/tmp/10108/WEB-INF/gems/gems/activesupport-3.2.22.5/lib/active_support/dependencies.rb:251:in require' /tmp/10108/WEB-INF/lib/jruby-stdlib-1.7.27.jar!/META-INF/jruby.home/lib/ruby/shared/openssl.rb:1:in (root)'
/tmp/10108/WEB-INF/gems/gems/activesupport-3.2.22.5/lib/active_support/dependencies.rb:251:in require' /tmp/10108/WEB-INF/gems/gems/activesupport-3.2.22.5/lib/active_support/dependencies.rb:236:in load_dependency'
/tmp/10108/WEB-INF/gems/gems/activesupport-3.2.22.5/lib/active_support/dependencies.rb:251:in require' /tmp/10108/WEB-INF/vendor/engines/common-ui/lib/common-ui/cert_utils.rb:1:in (root)'
/tmp/10108/WEB-INF/gems/gems/activesupport-3.2.22.5/lib/active_support/dependencies.rb:251:in require' /tmp/10108/WEB-INF/gems/gems/activesupport-3.2.22.5/lib/active_support/dependencies.rb:236:in load_dependency'
/tmp/10108/WEB-INF/gems/gems/activesupport-3.2.22.5/lib/active_support/dependencies.rb:251:in require' /tmp/10108/WEB-INF/vendor/engines/common-ui/lib/common-ui/cert_utils.rb:24:in (root)'
/tmp/10108/WEB-INF/vendor/engines/center-common/app/models/approved_ca.rb:1:in (root)' /tmp/10108/WEB-INF/vendor/engines/center-common/app/models/approved_ca.rb:24:in (root)'
/tmp/10108/WEB-INF/gems/gems/activesupport-3.2.22.5/lib/active_support/dependencies.rb:1:in (root)' /tmp/10108/WEB-INF/gems/gems/activesupport-3.2.22.5/lib/active_support/dependencies.rb:359:in require_or_load'
/tmp/10108/WEB-INF/gems/gems/activesupport-3.2.22.5/lib/active_support/dependencies.rb:502:in load_missing_constant' /tmp/10108/WEB-INF/gems/gems/activesupport-3.2.22.5/lib/active_support/dependencies.rb:192:in const_missing'
/tmp/10108/WEB-INF/gems/gems/activesupport-3.2.22.5/lib/active_support/dependencies.rb:190:in const_missing' /tmp/10108/WEB-INF/gems/gems/activesupport-3.2.22.5/lib/active_support/dependencies.rb:514:in load_missing_constant'
/tmp/10108/WEB-INF/gems/gems/activesupport-3.2.22.5/lib/active_support/dependencies.rb:192:in const_missing' /tmp/10108/WEB-INF/gems/gems/activesupport-3.2.22.5/lib/active_support/dependencies.rb:190:in const_missing'
/tmp/10108/WEB-INF/db/migrate/20161010071153_restore_identifier_decoder_data.rb:4:in up' /tmp/10108/WEB-INF/gems/gems/activerecord-3.2.22.5/lib/active_record/migration.rb:370:in up'
/tmp/10108/WEB-INF/gems/gems/activerecord-3.2.22.5/lib/active_record/migration.rb:410:in migrate' /tmp/10108/WEB-INF/lib/jruby-stdlib-1.7.27.jar!/META-INF/jruby.home/lib/ruby/1.9/benchmark.rb:280:in measure'
/tmp/10108/WEB-INF/gems/gems/activerecord-3.2.22.5/lib/active_record/migration.rb:410:in migrate' /tmp/10108/WEB-INF/gems/gems/activerecord-3.2.22.5/lib/active_record/connection_adapters/abstract/connection_pool.rb:129:in with_connection'
/tmp/10108/WEB-INF/gems/gems/activerecord-3.2.22.5/lib/active_record/migration.rb:389:in migrate' /tmp/10108/WEB-INF/gems/gems/activerecord-3.2.22.5/lib/active_record/migration.rb:528:in migrate'
/tmp/10108/WEB-INF/gems/gems/activerecord-3.2.22.5/lib/active_record/migration.rb:720:in migrate' /tmp/10108/WEB-INF/gems/gems/activerecord-3.2.22.5/lib/active_record/migration.rb:775:in ddl_transaction'
/tmp/10108/WEB-INF/gems/gems/activerecord-3.2.22.5/lib/active_record/connection_adapters/abstract/database_statements.rb:192:in transaction' /tmp/10108/WEB-INF/gems/gems/activerecord-3.2.22.5/lib/active_record/transactions.rb:208:in transaction'
/tmp/10108/WEB-INF/gems/gems/activerecord-3.2.22.5/lib/active_record/migration.rb:775:in ddl_transaction' /tmp/10108/WEB-INF/gems/gems/activerecord-3.2.22.5/lib/active_record/migration.rb:719:in migrate'
/tmp/10108/WEB-INF/gems/gems/activerecord-3.2.22.5/lib/active_record/migration.rb:700:in migrate' /tmp/10108/WEB-INF/gems/gems/activerecord-3.2.22.5/lib/active_record/migration.rb:570:in up'
/tmp/10108/WEB-INF/gems/gems/activerecord-3.2.22.5/lib/active_record/migration.rb:551:in migrate' /tmp/10108/WEB-INF/gems/gems/activerecord-3.2.22.5/lib/active_record/railties/databases.rake:193:in (root)'
/tmp/10108/WEB-INF/lib/jruby-stdlib-1.7.27.jar!/META-INF/jruby.home/lib/ruby/1.9/monitor.rb:211:in `mon_synchronize'
Tasks: TOP => db:migrate
(See full trace by running task with --trace)
database migrate failed.ABORTING
dpkg: error processing package xroad-center (--configure):
subprocess installed post-installation script returned error exit status 2
dpkg: dependency problems prevent configuration of xroad-centralserver:
xroad-centralserver depends on xroad-center; however:
Package xroad-center is not configured yet.

dpkg: error processing package xroad-centralserver (--configure):
dependency problems - leaving unconfigured
No apport report written because the error message indicates its a followup error from a previous failure.
Errors were encountered while processing:
xroad-center
xroad-centralserver
How can I fix this error? Thanks you!

Hi everyone,
I'm working on Xroad External Load Balancer following this guide: https://github.com/ria-ee/X-Road/blob/develop/doc/Manuals/LoadBalancing/ig-xlb_x-road_external_load_balancer_installation_guide.md. So, I have 2 SS provider to balancing are located on 10.0.14.233 and 10.0.14.234, and 1 nginx for LB server is located on 10.0.14.237.
After configuring complete, The LB seem work properly in about the 20 first minutes and proxy log my SS consumer like this:
2019-03-01 17:33:22,449 [qtp1532800776-1304] INFO e.r.x.p.c.FastestConnectionSelectingSSLSocketFactory - Connecting to https://10.0.14.237:5500/
2019-03-01 17:33:22,719 [qtp1532800776-1304] INFO e.r.x.p.c.AbstractClientProxyHandler - Request successfully handled
2019-03-01 17:33:25,722 [qtp1532800776-358] INFO e.r.x.p.c.AbstractClientProxyHandler - Received request from 127.0.0.1
2019-03-01 17:33:25,722 [qtp1532800776-358] INFO e.r.x.p.c.AbstractClientProxyHandler - Received request from 127.0.0.1
2019-03-01 17:33:25,722 [qtp1532800776-358] INFO e.r.x.p.c.AbstractClientProxyHandler - Received request from 127.0.0.1
2019-03-01 17:33:25,724 [qtp1532800776-358] INFO e.r.x.p.c.AbstractClientProxyHandler - Received request from 127.0.0.1
2019-03-01 17:33:25,727 [qtp1532800776-358] INFO e.r.x.p.c.FastestConnectionSelectingSSLSocketFactory - Connecting to https://10.0.14.237:5500/
2019-03-01 17:33:26,233 [qtp1532800776-358] INFO e.r.x.p.c.AbstractClientProxyHandler - Request successfully handled
2019-03-01 17:33:41,940 [qtp1532800776-1026] INFO e.r.x.p.c.AbstractClientProxyHandler - Received request from 127.0.0.1
2019-03-01 17:33:41,940 [qtp1532800776-1026] INFO e.r.x.p.c.AbstractClientProxyHandler - Received request from 127.0.0.1
2019-03-01 17:33:41,940 [qtp1532800776-1026] INFO e.r.x.p.c.AbstractClientProxyHandler - Received request from 127.0.0.1
2019-03-01 17:33:41,946 [qtp1532800776-1026] INFO e.r.x.p.c.AbstractClientProxyHandler - Received request from 127.0.0.1
2019-03-01 17:33:41,979 [qtp1532800776-1026] INFO e.r.x.p.c.FastestConnectionSelectingSSLSocketFactory - Connecting to https://10.0.14.237:5500/
2019-03-01 17:33:42,211 [qtp1532800776-1026] INFO e.r.x.p.c.AbstractClientProxyHandler - Request successfully handled
2019-03-01 17:33:45,520 [qtp1532800776-490] INFO e.r.x.p.c.AbstractClientProxyHandler - Received request from 127.0.0.1
2019-03-01 17:33:45,520 [qtp1532800776-490] INFO e.r.x.p.c.AbstractClientProxyHandler - Received request from 127.0.0.1
2019-03-01 17:33:45,521 [qtp1532800776-490] INFO e.r.x.p.c.AbstractClientProxyHandler - Received request from 127.0.0.1
2019-03-01 17:33:45,522 [qtp1532800776-490] INFO e.r.x.p.c.AbstractClientProxyHandler - Received request from 127.0.0.1
2019-03-01 17:33:45,534 [qtp1532800776-490] INFO e.r.x.p.c.FastestConnectionSelectingSSLSocketFactory - Connecting to https://10.0.14.237:5500/
2019-03-01 17:33:46,381 [qtp1532800776-490] INFO e.r.x.p.c.AbstractClientProxyHandler - Request successfully handled

Howerver, after that it does not work anymore, the proxy log on my SS consumer always show this:
2019-03-01 17:18:00,809 [qtp1532800776-547] INFO e.r.x.p.c.FastestConnectionSelectingSSLSocketFactory - Connecting to https://10.0.14.237:5500/
2019-03-01 17:18:01,257 [qtp1532800776-1460-soap] ERROR e.r.x.p.c.ClientMessageProcessor - onError()
ee.ria.xroad.common.CodedException: IOError: null
at ee.ria.xroad.common.ErrorCodes.translateException(ErrorCodes.java:205) ~[proxy-1.0.jar:na]
at ee.ria.xroad.proxy.protocol.ProxyMessageEncoder.ocspResponse(ProxyMessageEncoder.java:120) ~[proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.ClientMessageProcessor$SoapMessageHandler.writeOcspResponses(ClientMessageProcessor.java:701) ~[proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.ClientMessageProcessor$SoapMessageHandler.soap(ClientMessageProcessor.java:633) ~[proxy-1.0.jar:na]
at ee.ria.xroad.common.message.SoapMessageDecoder$MultipartHandler.body(SoapMessageDecoder.java:225) ~[proxy-1.0.jar:na]
at org.apache.james.mime4j.parser.MimeStreamParser.parse(MimeStreamParser.java:133) ~[proxy-1.0.jar:na]
at ee.ria.xroad.common.message.SoapMessageDecoder.readMultipart(SoapMessageDecoder.java:178) ~[proxy-1.0.jar:na]
at ee.ria.xroad.common.message.SoapMessageDecoder.parse(SoapMessageDecoder.java:135) ~[proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.ClientMessageProcessor.handleSoap(ClientMessageProcessor.java:596) [proxy-1.0.jar:na]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) ~[na:1.8.0_171]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) ~[na:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[na:1.8.0_171]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[na:1.8.0_171]
at java.lang.Thread.run(Thread.java:748) ~[na:1.8.0_171]
Caused by: java.io.InterruptedIOException: null
at java.io.PipedInputStream.awaitSpace(PipedInputStream.java:275) ~[na:1.8.0_171]
at java.io.PipedInputStream.receive(PipedInputStream.java:231) ~[na:1.8.0_171]
at java.io.PipedOutputStream.write(PipedOutputStream.java:149) ~[na:1.8.0_171]
at java.io.OutputStream.write(OutputStream.java:75) ~[na:1.8.0_171]
at ee.ria.xroad.common.util.MultipartEncoder.write(MultipartEncoder.java:184) ~[proxy-1.0.jar:na]
at ee.ria.xroad.proxy.protocol.ProxyMessageEncoder.ocspResponse(ProxyMessageEncoder.java:118) ~[proxy-1.0.jar:na]
... 12 common frames omitted
2019-03-01 17:18:01,257 [qtp1532800776-547] ERROR e.r.x.p.c.AbstractClientProxyHandler - Request processing error (b415c910-014b-4eed-875d-2ac36ebe4a42)
ee.ria.xroad.common.CodedException: Server.ClientProxy.SslAuthenticationFailed.InternalError: Connection refused (Connection refused)
at ee.ria.xroad.proxy.clientproxy.AuthTrustVerifier.getAndCacheOcspResponses(AuthTrustVerifier.java:172) ~[proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.AuthTrustVerifier.getOcspResponses(AuthTrustVerifier.java:152) ~[proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.AuthTrustVerifier.verifyAuthCert(AuthTrustVerifier.java:106) ~[proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.AuthTrustVerifier.verify(AuthTrustVerifier.java:89) ~[proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.FastestConnectionSelectingSSLSocketFactory.prepareAndVerify(FastestConnectionSelectingSSLSocketFactory.java:194) ~[proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.FastestConnectionSelectingSSLSocketFactory.connectSocket(FastestConnectionSelectingSSLSocketFactory.java:148) ~[proxy-1.0.jar:na]
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141) ~[proxy-1.0.jar:na]
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) ~[proxy-1.0.jar:na]
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) ~[proxy-1.0.jar:na]
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) ~[proxy-1.0.jar:na]
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) ~[proxy-1.0.jar:na]
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) ~[proxy-1.0.jar:na]
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) ~[proxy-1.0.jar:na]
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) ~[proxy-1.0.jar:na]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) ~[proxy-1.0.jar:na]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) ~[proxy-1.0.jar:na]
at ee.ria.xroad.common.util.HttpSender.doRequest(HttpSender.java:115) ~[proxy-1.0.jar:na]
at ee.ria.xroad.common.util.HttpSender.doPost(HttpSender.java:95) ~[proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.ClientMessageProcessor.sendRequest(ClientMessageProcessor.java:297) ~[proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.ClientMessageProcessor.processRequest(ClientMessageProcessor.java:238) ~[proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.ClientMessageProcessor.process(ClientMessageProcessor.java:203) ~[proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.AbstractClientProxyHandler.handle(AbstractClientProxyHandler.java:95) ~[proxy-1.0.jar:na]
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:118) [proxy-1.0.jar:na]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [proxy-1.0.jar:na]
at org.eclipse.jetty.server.Server.handle(Server.java:564) [proxy-1.0.jar:na]
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320) [proxy-1.0.jar:na]
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) [proxy-1.0.jar:na]
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279) [proxy-1.0.jar:na]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) [proxy-1.0.jar:na]
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124) [proxy-1.0.jar:na]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:672) [proxy-1.0.jar:na]
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:590) [proxy-1.0.jar:na]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_171]
Caused by: java.net.ConnectException: Connection refused (Connection refused)
at java.net.PlainSocketImpl.socketConnect(Native Method) ~[na:1.8.0_171]
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) ~[na:1.8.0_171]
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) ~[na:1.8.0_171]
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) ~[na:1.8.0_171]
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[na:1.8.0_171]
at java.net.Socket.connect(Socket.java:589) ~[na:1.8.0_171]
at sun.net.NetworkClient.doConnect(NetworkClient.java:175) ~[na:1.8.0_171]
at sun.net.www.http.HttpClient.openServer(HttpClient.java:463) ~[na:1.8.0_171]
at sun.net.www.http.HttpClient.openServer(HttpClient.java:558) ~[na:1.8.0_171]
at sun.net.www.http.HttpClient.(HttpClient.java:242) ~[na:1.8.0_171]
at sun.net.www.http.HttpClient.New(HttpClient.java:339) ~[na:1.8.0_171]
at sun.net.www.http.HttpClient.New(HttpClient.java:357) ~[na:1.8.0_171]
at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(HttpURLConnection.java:1220) ~[na:1.8.0_171]
at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1156) ~[na:1.8.0_171]
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1050) ~[na:1.8.0_171]
at sun.net.www.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:984) ~[na:1.8.0_171]
at ee.ria.xroad.common.util.CertHashBasedOcspResponderClient.getOcspResponsesFromServer(CertHashBasedOcspResponderClient.java:95) ~[proxy-1.0.jar:na]
at ee.ria.xroad.common.util.CertHashBasedOcspResponderClient.getOcspResponsesFromServer(CertHashBasedOcspResponderClient.java:78) ~[proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.AuthTrustVerifier.getAndCacheOcspResponses(AuthTrustVerifier.java:169) ~[proxy-1.0.jar:na]
... 32 common frames omitted

I change IP SS on central server to 10.0.13.234 and wait a few minutes then change it to 10.0.14.237 again, to make it works well in the 20 first minutes and then it still down again. It's so strange, I can not understand why the LB just only work on a period like that. I need your help, please see the log and tell me what should I do?
And here is my nginx LB configuration:
stream {
log_format basic '$time_iso8601 $remote_addr '
'$protocol $status $bytes_sent $bytes_received '
'$session_time $upstream_addr '
'"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';

access_log      /var/log/nginx/tcp_acces  basic buffer=1k flush=5s;
error_log /var/log/nginx/tcp_error.log error;

upstream web_server {
   # hash   $remote_addr consistent;

server 10.0.14.233:5500;
server 10.0.14.234:5500;
}

server {
    listen 5500;
    proxy_pass web_server;
}

}

Hi!
Feature request for X-road SecurityServer - automatic messaging (email or web notification) for soon-to-expire certificates. I know about RIAs X-Road-Scripts in Github, but this (expiring certificates) seems to be "issue" for all X-Road users, why not to include it in SS software?

Hi X-Roaders,
I just wanted to hear if there is any interest in providing client authentication support into X-Road.

FWIW, I'm currently implementing a mobile authentication client which you can play with in a Web mock-up: https://cyberphone.github.io/doc/mobile-id/ui-demo/

It is based on the same platform as: https://test.webpki.org/webpay-merchant/home

Anders

Hi
I have build source code successs
after that post build script seem to work fine with "exit 0"
but i can not find out the *.deb in X-Road/src/packages folder, where can i find it out?
Thank you
thu@nnc

The build log look like:

...
BUILD SUCCESSFUL in 8m 22s
...
Checking for unpackaged file(s): /usr/lib/rpm/check-files /workspace/src/packages/build/xroad-jetty9/redhat/BUILDROOT/xroad-jetty9-6.20.0-0.20181130123550git0fb05ee.el7.x86_64
Wrote: /workspace/src/packages/build/xroad-jetty9/redhat/RPMS/x86_64/xroad-jetty9-6.20.0-0.20181130123550git0fb05ee.el7.x86_64.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.MOjlnv

• umask 022
• cd /workspace/src/packages/build/xroad-jetty9/redhat/BUILD
• rm -rf /workspace/src/packages/build/xroad-jetty9/redhat/BUILDROOT/xroad-jetty9-6.20.0-0.20181130123550git0fb05ee.el7.x86_64
• exit 0

Hi everyone,
I'm a newbie in X-Road, i have studied xroad two week ago.
I'm trying to build a x-road system follow the guide in document folder.
I just finished installing Central Server, Security Server and CA Server by this detail document:
https://confluence.niis.org/pages/viewpage.action?pageId=6783483#HowtoConfigureCentralServer?-2.InstallingtheSecurityServerformanagementservices
But i can't finish step 3.5 Importing the certificates when i setup security server because the status of "Sign certificate" is not "good / registered"

When i go to "Diagnostics" menu, OCSP Responders show:

When i check CA server, nginx service, ocsp service and tsa service is running. I was installed CA server by following this document.
https://github.com/ria-ee/X-Road/blob/develop/ansible/TESTCA.md
I don't know how to fix this problem!
Somone help me, please, thanks

I am getting the following error trying to add the wsdl https://sca.indea.mt.gov.br/SIA/webservices/SCAServices.jws?wsdl.

It works fine with the qa version: http://jao.cepromat.mt.gov.br:8180/SIA/webservices/SCAServices.jws?wsdl

I believe the difference is in the header:

Not working (Note the https in the definition)

<wsdl:definitions targetNamespace="https://sca.indea.mt.gov.br/SIA/webservices/SCAServices.jws" xmlns:apachesoap="https://xml.apache.org/xml-soap" xmlns:impl="https://sca.indea.mt.gov.br/SIA/webservices/SCAServices.jws" xmlns:intf="https://sca.indea.mt.gov.br/SIA/webservices/SCAServices.jws" xmlns:soapenc="https://schemas.xmlsoap.org/soap/encoding/" xmlns:wsdl="https://schemas.xmlsoap.org/wsdl/" xmlns:wsdlsoap="https://schemas.xmlsoap.org/wsdl/soap/" xmlns:xsd="https://www.w3.org/2001/XMLSchema">

Working (QA)

<wsdl:definitions xmlns:apachesoap="http://xml.apache.org/xml-soap" xmlns:impl="http://jao.cepromat.mt.gov.br:8180/SIA/webservices/SCAServices.jws" xmlns:intf="http://jao.cepromat.mt.gov.br:8180/SIA/webservices/SCAServices.jws" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsdlsoap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://jao.cepromat.mt.gov.br:8180/SIA/webservices/SCAServices.jws">

Is that how it is supposed to be? Any workaround?

Dear XRoad,

If our Security has two IP address How to configure that?

Best Regards,
Dara Penhchet

Hi everyone,
I built code Xroad version 6.16.0 and created my own repository, and then I installed centerserver successfully without any error, but I cannot login in CENTRAL SERVER ADMINISTRATION (with ubuntu user during the installation). I remove and reinstall but I still get this error:

Please have a look, and let me know what I should do now?
Thanks,
Ha.

Hi everyone.
I want write a API gate way for automation task in X-Road. Example: I want write API create new member of X-Road and register security server, ....
Is this possible? Thank in advance

Hi @petkivim ,
With HSM device, for now it take so much time to scan all slot of HSM. However one SS uses only one slot, so how can I configure to load only the slot (I use xroad version 6.16.0)?
For example:

• The HSM device has 100 slots
• The SS uses slot index 82
  I've just want to scan and load only slot index 82, instead scanning all 100 slots.

Thank you,
Ha

Dear @petkivim ,
May I ask you about this error?

Best Regards,
Dara Penhchet

Dear @petkivim ,

I have tried to access it via the Postman, but it is error. Maybe because my Authentication Certificate is not valid. Because my Key Usage has only: Digital Signature, Key Encipherment, Data Encipherment.

But the Key Usage in FI it required: Digital Signature, Key Encipherment, and Data Encipherment.

Could I modify the Key Usage in the Certificate Profile?

Best Regards,
Dara Penhchet

Dear @petkivim ,

Should we install the Security Server Monitoring on different Server right?

Best Regards,
Dara Penhchet

Dear XRoad,
May I ask about this error? Why I cannot upload the file that its size is more than 10MB?
How could we change that maximum to more than that?
{
"type": "Server.ClientProxy.IOError",
"message": "LoggingFailed: Message size exceeds maximum loggable size",
"detail": "560044e6-e89f-4e6c-b00a-e4678b940cbc"
}

Thanks in advanced.
Best Regards,
Dara Penhchet

Hi @petkivim

I always get this error when try to test service from ss provider.

The error logs also appear on ss consumer concurrently.

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:440) ~[na:1.8.0_171]
at ee.ria.xroad.proxy.clientproxy.AuthTrustVerifier.getPeerCertificates(AuthTrustVerifier.java:197) [proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.AuthTrustVerifier.verify(AuthTrustVerifier.java:82) [proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.FastestConnectionSelectingSSLSocketFactory.prepareAndVerify(FastestConnectionSelectingSSLSocketFactory.java:194) [proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.FastestConnectionSelectingSSLSocketFactory.connectSocket(FastestConnectionSelectingSSLSocketFactory.java:148) [proxy-1.0.jar:na]
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141) [proxy-1.0.jar:na]
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) [proxy-1.0.jar:na]
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) [proxy-1.0.jar:na]
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) [proxy-1.0.jar:na]
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) [proxy-1.0.jar:na]
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) [proxy-1.0.jar:na]
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) [proxy-1.0.jar:na]
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) [proxy-1.0.jar:na]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) [proxy-1.0.jar:na]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) [proxy-1.0.jar:na]
at ee.ria.xroad.common.util.HttpSender.doRequest(HttpSender.java:115) [proxy-1.0.jar:na]
at ee.ria.xroad.common.util.HttpSender.doPost(HttpSender.java:95) [proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.ClientMessageProcessor.sendRequest(ClientMessageProcessor.java:297) [proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.ClientMessageProcessor.processRequest(ClientMessageProcessor.java:238) [proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.ClientMessageProcessor.process(ClientMessageProcessor.java:203) [proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.AbstractClientProxyHandler.handle(AbstractClientProxyHandler.java:95) [proxy-1.0.jar:na]
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:118) [proxy-1.0.jar:na]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [proxy-1.0.jar:na]
at org.eclipse.jetty.server.Server.handle(Server.java:564) [proxy-1.0.jar:na]
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320) [proxy-1.0.jar:na]
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) [proxy-1.0.jar:na]
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279) [proxy-1.0.jar:na]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) [proxy-1.0.jar:na]
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124) [proxy-1.0.jar:na]
at org.eclipse.jetty.util.thread.Invocable.invokePreferred(Invocable.java:122) [proxy-1.0.jar:na]
at org.eclipse.jetty.util.thread.strategy.ExecutingExecutionStrategy.invoke(ExecutingExecutionStrategy.java:58) [proxy-1.0.jar:na]
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:201) [proxy-1.0.jar:na]
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:133) [proxy-1.0.jar:na]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:672) [proxy-1.0.jar:na]
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:590) [proxy-1.0.jar:na]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_171]
2018-09-19 08:57:08,119 [qtp1921553024-496] ERROR e.r.x.p.c.AbstractClientProxyHandler - Request processing error (5682efbe-02d6-45db-ac61-e315f0a27e24)
ee.ria.xroad.common.CodedException: Server.ClientProxy.SslAuthenticationFailed: Service provider did not send correct authentication certificate
at ee.ria.xroad.proxy.clientproxy.AuthTrustVerifier.getPeerCertificates(AuthTrustVerifier.java:200) ~[proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.AuthTrustVerifier.verify(AuthTrustVerifier.java:82) ~[proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.FastestConnectionSelectingSSLSocketFactory.prepareAndVerify(FastestConnectionSelectingSSLSocketFactory.java:194) ~[proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.FastestConnectionSelectingSSLSocketFactory.connectSocket(FastestConnectionSelectingSSLSocketFactory.java:148) ~[proxy-1.0.jar:na]
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141) ~[proxy-1.0.jar:na]
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) ~[proxy-1.0.jar:na]
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) ~[proxy-1.0.jar:na]
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) ~[proxy-1.0.jar:na]
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) ~[proxy-1.0.jar:na]
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) ~[proxy-1.0.jar:na]
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) ~[proxy-1.0.jar:na]
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) ~[proxy-1.0.jar:na]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) ~[proxy-1.0.jar:na]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) ~[proxy-1.0.jar:na]
at ee.ria.xroad.common.util.HttpSender.doRequest(HttpSender.java:115) ~[proxy-1.0.jar:na]
at ee.ria.xroad.common.util.HttpSender.doPost(HttpSender.java:95) ~[proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.ClientMessageProcessor.sendRequest(ClientMessageProcessor.java:297) ~[proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.ClientMessageProcessor.processRequest(ClientMessageProcessor.java:238) ~[proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.ClientMessageProcessor.process(ClientMessageProcessor.java:203) ~[proxy-1.0.jar:na]
at ee.ria.xroad.proxy.clientproxy.AbstractClientProxyHandler.handle(AbstractClientProxyHandler.java:95) ~[proxy-1.0.jar:na]
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:118) [proxy-1.0.jar:na]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [proxy-1.0.jar:na]
at org.eclipse.jetty.server.Server.handle(Server.java:564) [proxy-1.0.jar:na]
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320) [proxy-1.0.jar:na]
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) [proxy-1.0.jar:na]
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279) [proxy-1.0.jar:na]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) [proxy-1.0.jar:na]
at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124) [proxy-1.0.jar:na]
at org.eclipse.jetty.util.thread.Invocable.invokePreferred(Invocable.java:122) [proxy-1.0.jar:na]
at org.eclipse.jetty.util.thread.strategy.ExecutingExecutionStrategy.invoke(ExecutingExecutionStrategy.java:58) [proxy-1.0.jar:na]
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:201) [proxy-1.0.jar:na]
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:133) [proxy-1.0.jar:na]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:672) [proxy-1.0.jar:na]
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:590) [proxy-1.0.jar:na]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_171]
2018-09-19 08:57:08,120 [qtp1921553024-212-soap] ERROR e.r.x.p.c.ClientMessageProcessor - onError()
ee.ria.xroad.common.CodedException: IOError: null

My ss provider resource is:

.Is my ss provider really lack of resource?
Regards,
Hai

Issue

I am facing an error when trying to install the role xroad-ca in a clean machine from GCP. This is because the fresh machine GCP comes with outdated repositories.

How to reproduce

Try to run the ansible script on any fresh machine from GCP

Expected Result

The script should run without problems

Actual Result

failed: [ca.xvia.com.br] (item=nginx-light) => {"ansible_loop_var": "item", "changed": false, "item": "nginx-light", "msg": "No package matching 'nginx-light' is available"}

Possible solution

Force apt to update the packages before trying to install the new packages.

- name: Update all packages to the latest version
  apt:
    update_cache: yes

Dear Petteri, Andres,

while trying to build 6.19.0 deb files, got an error (please refer the attachment).

standard output.txt

As per the attached output, the test script is looking for this script in /usr/share/xroad/scripts/validate-test-configuration-part.sh. But unable to find this script in the NIIS repo, github repo.

Kindly guide. Thank you in advance.

Regards,
Saro

./build_packages.sh
Warning! PATH is not properly set up, /usr/share/rvm/gems/ruby-2.5.3/bin is not at first place.
Usually this is caused by shell initialization files. Search for PATH=... entries.
You can also re-add RVM to your profile by running: rvm get stable --auto-dotfiles
To fix it temporarily in this shell session run: rvm use ruby-2.5.3
To ignore this error add rvm_silence_path_mismatch_check_flag=1 to your ~/.rvmrc file.
Using /usr/share/rvm/gems/jruby-9.1.13.0
Starting a Gradle Daemon (subsequent builds will be faster)

Task :center-service:warble
rm -f build/libs/center-service.war
Creating build/libs/center-service.war

Task :center-ui:warble
rm -f build/libs/center-ui.war
Creating build/libs/center-ui.war

Task :proxy-ui:warble
rm -f build/libs/proxy-ui.war
Creating build/libs/proxy-ui.war

Task :common-ui:test

ee.ria.xroad.commonui.OptionalPartsConfBehavior > shouldAddErrorsIfCannotReadConfigurationPartFile FAILED
java.lang.AssertionError at OptionalPartsConfBehavior.java:132

13 tests completed, 1 failed

FAILURE: Build failed with an exception.

• What went wrong:
  Execution failed for task ':common-ui:test'.

There were failing tests. See the report at: file:///xroad/X-Road/src/common-ui/build/reports/tests/test/index.html

• Try:
  Run with --info or --debug option to get more log output.

• Exception is:
  org.gradle.api.tasks.TaskExecutionException: Execution failed for task ':common-ui:test'.
  at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeActions(ExecuteActionsTaskExecuter.java:100)
  at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.execute(ExecuteActionsTaskExecuter.java:70)
  at org.gradle.api.internal.tasks.execution.SkipUpToDateTaskExecuter.execute(SkipUpToDateTaskExecuter.java:63)
  at org.gradle.api.internal.tasks.execution.ResolveTaskOutputCachingStateExecuter.execute(ResolveTaskOutputCachingStateExecuter.java:54)
  at org.gradle.api.internal.tasks.execution.ValidatingTaskExecuter.execute(ValidatingTaskExecuter.java:58)
  at org.gradle.api.internal.tasks.execution.SkipEmptySourceFilesTaskExecuter.execute(SkipEmptySourceFilesTaskExecuter.java:88)
  at org.gradle.api.internal.tasks.execution.ResolveTaskArtifactStateTaskExecuter.execute(ResolveTaskArtifactStateTaskExecuter.java:52)
  at org.gradle.api.internal.tasks.execution.SkipTaskWithNoActionsExecuter.execute(SkipTaskWithNoActionsExecuter.java:52)
  at org.gradle.api.internal.tasks.execution.SkipOnlyIfTaskExecuter.execute(SkipOnlyIfTaskExecuter.java:54)
  at org.gradle.api.internal.tasks.execution.ExecuteAtMostOnceTaskExecuter.execute(ExecuteAtMostOnceTaskExecuter.java:43)
  at org.gradle.api.internal.tasks.execution.CatchExceptionTaskExecuter.execute(CatchExceptionTaskExecuter.java:34)
  at org.gradle.execution.taskgraph.DefaultTaskGraphExecuter$EventFiringTaskWorker$1.run(DefaultTaskGraphExecuter.java:248)
  at org.gradle.internal.progress.DefaultBuildOperationExecutor$RunnableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:336)
  at org.gradle.internal.progress.DefaultBuildOperationExecutor$RunnableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:328)
  at org.gradle.internal.progress.DefaultBuildOperationExecutor.execute(DefaultBuildOperationExecutor.java:197)
  at org.gradle.internal.progress.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:107)
  at org.gradle.execution.taskgraph.DefaultTaskGraphExecuter$EventFiringTaskWorker.execute(DefaultTaskGraphExecuter.java:241)
  at org.gradle.execution.taskgraph.DefaultTaskGraphExecuter$EventFiringTaskWorker.execute(DefaultTaskGraphExecuter.java:230)
  at org.gradle.execution.taskgraph.DefaultTaskPlanExecutor$TaskExecutorWorker.processTask(DefaultTaskPlanExecutor.java:124)
  at org.gradle.execution.taskgraph.DefaultTaskPlanExecutor$TaskExecutorWorker.access$200(DefaultTaskPlanExecutor.java:80)
  at org.gradle.execution.taskgraph.DefaultTaskPlanExecutor$TaskExecutorWorker$1.execute(DefaultTaskPlanExecutor.java:105)
  at org.gradle.execution.taskgraph.DefaultTaskPlanExecutor$TaskExecutorWorker$1.execute(DefaultTaskPlanExecutor.java:99)
  at org.gradle.execution.taskgraph.DefaultTaskExecutionPlan.execute(DefaultTaskExecutionPlan.java:625)
  at org.gradle.execution.taskgraph.DefaultTaskExecutionPlan.executeWithTask(DefaultTaskExecutionPlan.java:580)
  at org.gradle.execution.taskgraph.DefaultTaskPlanExecutor$TaskExecutorWorker.run(DefaultTaskPlanExecutor.java:99)
  at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:63)
  at org.gradle.internal.concurrent.ManagedExecutorImpl$1.run(ManagedExecutorImpl.java:46)
  at org.gradle.internal.concurrent.ThreadFactoryImpl$ManagedThreadRunnable.run(ThreadFactoryImpl.java:55)
  Caused by: org.gradle.api.GradleException: There were failing tests. See the report at: file:///xroad/X-Road/src/common-ui/build/reports/tests/test/index.html
  at org.gradle.api.tasks.testing.Test.handleTestFailures(Test.java:1438)
  at org.gradle.api.tasks.testing.Test.executeTests(Test.java:712)
  at org.gradle.internal.reflect.JavaMethod.invoke(JavaMethod.java:73)
  at org.gradle.api.internal.project.taskfactory.DefaultTaskClassInfoStore$StandardTaskAction.doExecute(DefaultTaskClassInfoStore.java:141)
  at org.gradle.api.internal.project.taskfactory.DefaultTaskClassInfoStore$StandardTaskAction.execute(DefaultTaskClassInfoStore.java:134)
  at org.gradle.api.internal.project.taskfactory.DefaultTaskClassInfoStore$StandardTaskAction.execute(DefaultTaskClassInfoStore.java:121)
  at org.gradle.api.internal.AbstractTask$TaskActionWrapper.execute(AbstractTask.java:731)
  at org.gradle.api.internal.AbstractTask$TaskActionWrapper.execute(AbstractTask.java:705)
  at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter$1.run(ExecuteActionsTaskExecuter.java:122)
  at org.gradle.internal.progress.DefaultBuildOperationExecutor$RunnableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:336)
  at org.gradle.internal.progress.DefaultBuildOperationExecutor$RunnableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:328)
  at org.gradle.internal.progress.DefaultBuildOperationExecutor.execute(DefaultBuildOperationExecutor.java:197)
  at org.gradle.internal.progress.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:107)
  at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeAction(ExecuteActionsTaskExecuter.java:111)
  at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeActions(ExecuteActionsTaskExecuter.java:92)
  ... 27 more

• Get more help at https://help.gradle.org

BUILD FAILED in 1m 6s
142 actionable tasks: 10 executed, 132 up-to-date

Team -

I cannot find a docker installation of X-Road on the github.

Q1. Is a docker installation in the works?
Q2. Will X-road be well compartmentalized into containers?

Dear @petkivim ,

Could I ask you about the File Access Control with XRoad Solution? Could you share me about the solution how to control and access the files?

Best Regards,
Dara Penhchet

Hi,
I am setting up a new X-Road instance using the configuration manuals. I am having a problem when it comes to registering certificates. After importing the certificate, the OCSP response is unknown, instead of 'Good'. When we try to do a registration request for 'auth', we get failure message "Failed to register certificate: Member: Dev/Edu/911" has no suitable certificate.

Dear @petkivim ,

On Saturday it works well and right now I have an error with Security server has no valid authentication certificate. Do you have any tips to make it more stable?

Best Regards,
Dara Penhchet

Test

We have a few hundred organizations that can potentially join our X-Road installation. Aside from creating them individually using the central server UI, is there a way to load members directly into the database?

Thanks for your help,
Eric.

Hi @petkivim ,
I setup the Xroad Test CA is ok, but I can't connect to ocsp from SS server like this:

By the way, I check ocsp an tsa status is running:

and telnet from ss server to port 8888 and 8899 is ok.
I can't understand the above error. Please help me!
Thank you,
Nguyen Ha.

The ansible script for setting up the central server is failing when installing on a Minimal version of Ubuntu 18.04 (ubuntu-minimal-1804-bionic). This is because the locales package is not installed by default in this image.

One possible solution is to ensure that the locales is installed on the xroad-base script as described in https://github.com/nordic-institute/X-Road/blob/develop/doc/Manuals/ig-ss_x-road_v6_security_server_installation_guide.md#24-preparing-os

Steps to reproduce

Run the playbook xroad_init.yml on a minimal version of Ubuntu 18.04 bionic.

Expected results

The script should run without any problems.

Actual results

The script fails with the following error

failed: [xx.xx.xx.xxx] (item=en_US.UTF-8) => {"ansible_loop_var": "item", "changed": false, "item": "en_US.UTF-8", "msg": "/etc/locale.gen and /var/lib/locales/supported.d/local are missing. Is the package \"locales\" installed?"}

Hi @petkivim,
I have xroad system including:

• 1 Central server
• 1 Security server provider is called SSProv
• 2 Security server consumers are called SSCons1 and SSCons2
  When I call service from SSCons1 , and SSCons2 to SSProv, it take about 3- 4 seconds to SSCons1 receives a response, but take about 10s to SSCons2 receives the response.
  After tracing log and measuring time, I see that Time to create a channel between SSCons1 and SSProv take about 2s, while between SSCons2 and SSProv take about 8s.
  In addiition proxy log of SSCons2 alway traces this job : "e.r.x.c.o.AbstractOpMonitoringBuffer - onReceive: sendMonitoringData", but SSCons1 doesnot trace it.
  I don't know why the SSCons2 is too slow than SSCons1.
  Do you know the root cause of this problem, or provide me some recomendation to tracing it?

Hello @petkivim,

I get an error again when I build the software and installation packages with ./build_packages.sh.

Starting a Gradle Daemon, 1 incompatible and 2 stopped Daemons could not be reused, use --status for details

FAILURE: Build failed with an exception.

* What went wrong:
Could not create service of type ScriptPluginFactory using BuildScopeServices.createScriptPluginFactory().
> Could not create service of type FileHasher using BuildSessionScopeServices.createFileSnapshotter().

I find all the process related to gradle by ps aux | grep gradle, and then kill -9 <pid> them all. But it doesn't work.

Gradle V: 5.3.1

Regards,
Yamato

Perhaps dev environment could benefit of Rancher, https://github.com/rancher linux container

Dear XRoad,

May I ask you what is that error?
When I generate that Certificate from Windows Server 2012 and then I import it, but it shows error like this.

Best Regards,
Dara Penhchet

Dear XRoad,
May I ask you about this error? I am runnig the XRoad version 6.22?
{
"type": "Server.ClientProxy.SslAuthenticationFailed",
"message": "Client (SUBSYSTEM:CAM/GOV/201902/TEST) specifies HTTPS but did not supply TLS certificate",
"detail": "d093fd95-abc6-48d3-8213-7273d1352e16"
}
Best Regards,
Dara Penhchet

Dear @petkivim.

When i install Xroad-CS version 6.16 on server (OS: ubuntu 14.04.6 LTS 64bit), i get error after run command: sudo apt-get install xroad-centralserver
Error:
ubuntu@ubuntu:~$ sudo apt-get install xroad-centralserver
_Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
xroad-centralserver : Depends: xroad-center but it is not going to be installed
E: Unable to correct problems, you have held broken packages._

• I try install on other server(OS: ubuntu 14.04.6 LTS 64bit), i get the same error. I install follow link: https://github.com/ria-ee/X-Road/blob/develop/doc/Manuals/ig-cs_x-road_6_central_server_installation_guide.md

Can you help me that error?

Best Regards,
trungnv

Dear XRoad,

Should we put the SubCA's OCSP or RootCA's OCSP?

Best Regards,
Dara Penhchet

Hi everyone,

I have encountered an error when I run sudo ./prepare_buildhost.sh.

Err:16 http://x-road.ee/misp2/packages xenial/main amd64 Packages
  404  Not Found
Reading package lists... Done
W: The repository 'http://x-road.ee/misp2/packages xenial Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: Failed to fetch http://x-road.ee/misp2/packages/dists/xenial/main/binary-amd64/Packages  404  Not Found
E: Some index files failed to download. They have been ignored, or old ones used instead.

Could you update the site or script?

Best regards,
Yamato

Hi everyone,
I have a xroad system including:

• 01 Center server is named CS1
• 01 Security server is named SS1, and SS1 is a member of CS1
  Now, I install a new center server is named CS2, and I want to move SS1 to be a member of CS2 without re-installing SS1.
  Have you has any idea to do this?

Thanks,
Ha

Hi @petkivim, it's me again!
Thank you so much for your supports before! and now I need your help about this:
I installed Loadbalancing for 2 Security server (named A, B) successfully following this guide:https://github.com/ria-ee/X-Road/blob/develop/doc/Manuals/LoadBalancing/ig-xlb_x-road_external_load_balancer_installation_guide.md#3-x-road-installation-and-configuration
After that, I registry the SS A to a member of Center server ok, its was synchronized all configuration of SS A to SS B
Now, I config a LoadBalance server for 2 SS A and B, then change IP of SS in Security Server details in Center server admin interface by Loadbalancing's IP look like this:

But, The LoadBalancing does not work!
I don't know what's wrong in my config, I don't find out any document about config LB. Please tell me how to config it?
Thanks.
Ha.

Dear XRoad,

Where could I install the Central Monitoring Server on XRoad?

Best Regards,
Dara Penhchet

You released the logo with the source code: https://github.com/nordic-institute/X-Road/blob/develop/xroad_logo_small.png

Is that correct? Can you publish a SVG version? I will add it on https://en.wikipedia.org/wiki/X-Road

Hi everyone,

How can I upgrade my Central Server and Security Server from v 6.16 to 6.6. I am going to HA CS, but the minimum requirements of version is 6.6.

Best regards,
Hai

I have one endpoint using HTTP protocol on port 80 that I want to connect to my security server.

But it looks like X-Road still wants to validate the TLS certificate when I request to that server:

<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Body>
        <SOAP-ENV:Fault>
            <faultcode>Server.ClientProxy.SslAuthenticationFailed</faultcode>
            <faultstring>Client (SUBSYSTEM:central-server/INT/MSERV/SMARTPASSE) specifies HTTPS but did not supply TLS certificate</faultstring>
            <faultactor></faultactor>
            <detail>
                <faultDetail xmlns="">62cb13bd-d53c-4248-9de5-d0c642e634ad</faultDetail>
            </detail>
        </SOAP-ENV:Fault>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

The SOAP request to my security server on port 80 :

<SOAP-ENV:Envelope
        xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
        xmlns:wbs="http://wbs2.homologa.detrannet.mt.gov.br"
        xmlns:ns1="http://producer.x-road.eu"
        xmlns:xrd="http://x-road.eu/xsd/xroad.xsd"
        xmlns:id="http://x-road.eu/xsd/identifiers">
    <SOAP-ENV:Header>
        <xrd:client id:objectType="SUBSYSTEM">
            <id:xRoadInstance>central-server</id:xRoadInstance>
            <id:memberClass>INT</id:memberClass>
            <id:memberCode>MSERV</id:memberCode>
            <id:subsystemCode>SMARTPASSE</id:subsystemCode>
        </xrd:client>
        <xrd:service id:objectType="SERVICE">
            <id:xRoadInstance>central-server</id:xRoadInstance>
            <id:memberClass>INT</id:memberClass>
            <id:memberCode>MSERV</id:memberCode>
            <id:subsystemCode>SMARTPASS</id:subsystemCode>
            <id:serviceCode>InterfaceServicosPortal</id:serviceCode>
            <id:serviceVersion>v1</id:serviceVersion>
        </xrd:service>
        <xrd:protocolVersion>4.0</xrd:protocolVersion>
        <xrd:id>4894e35d-bf0f-44a6-867a-8e51f1daa7e0</xrd:id>
    </SOAP-ENV:Header>
    <SOAP-ENV:Body>
        <ns1:InterfaceServicosPortal>
                <ServicoPortal>
                    <Integrador>MBL01</Integrador>
                    <ChaveUnica>d7b2a0ec0f7f33c74818</ChaveUnica>
                    <Placa>NUC8198</Placa>
                    <Renavam>229925090</Renavam>
                    <Servico>ARRTXVSEL</Servico>
                    <IpRequisicao>123</IpRequisicao>
                </ServicoPortal>
        </ns1:InterfaceServicosPortal>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Hi everyone,
I'm a newbie in X-Road. I'm trying to build a x-road system follow https://www.youtube.com/watch?v=RV-Dq69yFVE&t=1372s

In step 3.5 of this document
https://confluence.niis.org/pages/viewpage.action?pageId=6783483#HowtoConfigureCentralServer?-2.InstallingtheSecurityServerformanagementservices
I can't registration request. I get this error: "Failed to register cerificate"
When I check Diagnostics. OCSP Responders show:

How can I fix this error?
Please help me. Thank in advance

Hello @petkivim,

When I ran ./update_ruby_dependencies.sh after executing ./prepare_buildhost.sh on a clean host, I got the massage below.

./update_ruby_dependencies.sh: line 11: /home/yamatokataoka/.rvm/scripts/rvm: No such file or directory

Could you detect the reason for that?

Do I have to install those software before running ./prepare_buildhost.sh?

• OpenJDK / JDK version 8
• Gradle
• JRuby and rvm (ruby version manager)
• GCC Docker (for deb/rpm packaging)
• LXD (https://linuxcontainers.org/lxd/)
• Ansible

PS. Host: Ubuntu 18.04 TLS

Regards,
Yamato