We Keep Coding

Timeout during allocate while making RFC call

I am trying to create a SAP RFC connection to a new system.
AFAIK the firewall (in this case to port 3321) is open.
I get this message at the client:
RFC_COMMUNICATION_FAILURE (rc=1): key=RFC_COMMUNICATION_FAILURE, message=
LOCATION SAP-Gateway on host ax-swb-q06.prod.lokal / sapgw21
ERROR timeout during allocate
TIME Thu Jul 26 16:45:48 2018
RELEASE 753
COMPONENT SAP-Gateway
VERSION 2
RC 242
MODULE /bas/753_REL/src/krn/si/gw/gwr3cpic.c
LINE 2210
DETAIL no connect of TP sapdp21 from host 10.190.10.32 after 20 sec
COUNTER 3
[MSG: class=, type=, number=, v1-4:=;;;]
And this message on the SAP server
Any clue what needs to be done, to get RFC working?

With this little info no one can know what the issue is here.
But it is something related to your network and SAP system configuration.
I guess your firewall does some network address translation (NAT) and the new IP behind the firewall does not match anymore with the known one. SAP is doing some own IP / host name security checks.
If not already done, check with opening the ports 3221, 3321 and 4821 in the firewall. Also check the SAP gateway configuration which IP addresses and host names are configured to be valid ones for it (look at what is traced in the beginning of the gateway trace file dev_rd at ABAP side).
Also consider if maybe the usage of a SAProuter would be the better option for your needs.

it works in my case if ashost is the host name, and not an IP address!
Do not ask me why, but this fails:
Connection(user='x', passwd='...', ashost='10.190.10.32', sysnr='21', client='494')
But this works:
Connection(user='x', passwd='...', ashost='ax-swb-q06.prod.lokal', sysnr='21', client='494')
This is strange, since DNS resolution happens before TCP communication.
It seems that the ashost value gets used inside the connection. Strange. For most normal protocols (http, ftp, pop3, ...) this does not matter. Or you get at least a better error message.

Infinispan and jgroups Implementation on Openshift Stack

Question-1
I am trying run an Infinispan cluster on Openshift Tomcat gears. With nodes sitting on two different hosts.I am using TCP as the data transfer protocol and MPING as the discovery protocol.
If I try to use any of the JGROUPS provided key word for bind address like GLOBAL, SITE_LOCAL, LINK_LOCAL, NON_LOOPBACK, match-interface, match-host, match-address, except for LOOPBACK it binds the service to public IP(64.X.X.X) and for LOOPBACK it binds it to 127.0.0.1.This is not what I want to achieve.
I want it to run the JGROUPS service on the custom IP address provided by Openshift which looks some what like this 127.2.155.1. If I am able to run it in the given IP then it will be easy for me to write Port forwarding rules so that the cluster members will be able to discover each other even if they exist in different hosts.
Using environment property
Map<String, String> envKeys = System.getenv();
for (String keys : envKeys.keySet()) {
System.out.println(keys + ":" + envKeys.get(keys));
if (keys.equalsIgnoreCase("OPENSHIFT_JBOSSEWS_IP")) {
System.setProperty("OPENSHIFT_JBOSSEWS_IP", envKeys.get(keys));
}
}
It fails while doing above saying could not find the IP address or 127.2.155.1 is an invalid IP address. Please find the sample jgroups.xml I am using in my project.
<config xmlns="urn:org:jgroups"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:org:jgroups http://www.jgroups.org/schema /JGroups-3.4.xsd">
<TCP
bind_addr="${OPENSHIFT_JBOSSEWS_IP}"
bind_port="${jgroups.tcp.port:7800}"
port_range="0"
recv_buf_size="20m"
send_buf_size="640k"
max_bundle_size="31k"
use_send_queues="true"
enable_diagnostics="false"
bundler_type="sender-sends-with-timer"
thread_naming_pattern="pl"
thread_pool.enabled="true"
thread_pool.min_threads="2"
thread_pool.max_threads="30"
thread_pool.keep_alive_time="60000"
thread_pool.queue_enabled="true"
thread_pool.queue_max_size="100"
thread_pool.rejection_policy="Discard"
oob_thread_pool.enabled="true"
oob_thread_pool.min_threads="2"
oob_thread_pool.max_threads="30"
oob_thread_pool.keep_alive_time="60000"
oob_thread_pool.queue_enabled="false"
oob_thread_pool.queue_max_size="100"
oob_thread_pool.rejection_policy="Discard"
internal_thread_pool.enabled="true"
internal_thread_pool.min_threads="2"
internal_thread_pool.max_threads="4"
internal_thread_pool.keep_alive_time="60000"
internal_thread_pool.queue_enabled="true"
internal_thread_pool.queue_max_size="100"
internal_thread_pool.rejection_policy="Discard"
/>
<!-- Ergonomics, new in JGroups 2.11, are disabled by default in TCPPING until JGRP-1253 is resolved -->
<!--
<TCPPING timeout="3000"
initial_hosts="localhost[7800],localhost[7801]"
port_range="5"
num_initial_members="3"
ergonomics="false"
/>
-->
<MPING bind_addr="{OPENSHIFT_JBOSSEWS_IP}"
break_on_coord_rsp="true"
mcast_addr="${jgroups.mping.mcast_addr:228.2.4.6}"
mcast_port="${jgroups.mping.mcast_port:43376}"
ip_ttl="${jgroups.udp.ip_ttl:2}"
num_initial_members="3"/>
<MERGE3/>
<FD_SOCK/>
<FD timeout="3000" max_tries="5"/>
<VERIFY_SUSPECT timeout="1500"/>
<pbcast.NAKACK2 use_mcast_xmit="false"
xmit_interval="1000"
xmit_table_num_rows="100"
xmit_table_msgs_per_row="10000"
xmit_table_max_compaction_time="10000"
max_msg_batch_size="100"/>
<UNICAST3 xmit_interval="500"
xmit_table_num_rows="20"
xmit_table_msgs_per_row="10000"
xmit_table_max_compaction_time="10000"
max_msg_batch_size="100"
conn_expiry_timeout="0"/>
<pbcast.STABLE stability_delay="500" desired_avg_gossip="5000" max_bytes="1m"/>
<pbcast.GMS print_local_addr="false" join_timeout="3000" view_bundling="true"/>
<tom.TOA/> <!-- the TOA is only needed for total order transactions-->
<MFC max_credits="2m" min_threshold="0.40"/>
<FRAG2 frag_size="30k"/>
<RSVP timeout="60000" resend_interval="500" ack_on_delivery="false" />
</config>
Question-2
When Infinispan is successfully started, It runs 2 java processes one on the port 7800 as mentioned in the above config file and other on a port number randomly picked up by Infinispan. I would like to understand more about the processes.
**COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME**
java 5640 1334 44u IPv4 1556890779 0t0 TCP 127.2.155.1:7800 (LISTEN)
java 5640 1334 44u IPv4 1556890779 0t0 TCP 127.2.155.1:20772 (LISTEN)

Question-1:
Setting bind_addr to bind_addr=match-address=127.2.\* should pick the correct address (127.2.155.1).
Does 127.2.155.1 show when you do an ifconfig?
Question-2:
The second port is probably opened by FD_SOCK. You can control this by setting attributes bind_addr and start_port in FD_SOCK.
[1] http://www.jgroups.org/manual/index.html#CommonProps

Wildfly 10 not load balancing to other host

I followed these instructions from Stuart Douglas video to enable Wildfly to balance request without the need of apache + mod_cluster, feature that is available since Wildfly 9.
It worked like in the video. But then, instead of adding the 3rd backend server to the same host, I created another host and added the backend3 server to it, which was also added to the backend-servers group.
So I had the following layout:
Server one (host controller and load balancer):
Backend1
Backend2
Server two (slave):
Backend3
I started the 2nd host as a slave and I could access the clustering-demo using its ip and the backend3 port. Besides, the host controller was able to register the slave:
[Host Controller] 10:05:52,198 INFO [org.jboss.as.domain.controller] (Host Controller Service Threads - 56) WFLYHC0019: Registered remote slave host "srv217", JBoss WildFly Full 10.0.0.Final (WildFly 2.0.10.Final)
However, when I accessed the main server, the load was still being balanced only to backend1 and backend2.
I tried to stop both and let only backend3 started, but then I couldn't access clustering-demo through the load balancer anymore.
Anyone know if an addicional configuration is required for the load balancer to work with a slave host?
EDIT:
I'm adding my host controller and slave log.
Host controller: http://pastebin.com/nyaDiPzS
Slave: http://pastebin.com/kMS72E4U
These lines caught my attention:
[Server:backend2] 08:56:58,956 INFO [org.infinispan.CLUSTER] (remote-thread--p7-t1) ISPN000310: Starting cluster-wide rebalance for cache clustering-demo.war, topology CacheTopology{id=1, rebalanceId=1, currentCH=DefaultConsistentHash{ns=80, owners = (1)[master:backend2: 80+0]}, pendingCH=DefaultConsistentHash{ns=80, owners = (2)[master:backend2: 40+40, master:backend1: 40+40]}, unionCH=null, actualMembers=[master:backend2, master:backend1]}
[Server:backend2] 08:56:59,023 INFO [org.infinispan.CLUSTER] (remote-thread--p7-t1) ISPN000310: Starting cluster-wide rebalance for cache routing, topology CacheTopology{id=1, rebalanceId=1, currentCH=DefaultConsistentHash{ns=80, owners = (1)[master:backend2: 80+0]}, pendingCH=DefaultConsistentHash{ns=80, owners = (2)[master:backend2: 40+40, master:backend1: 40+40]}, unionCH=null, actualMembers=[master:backend2, master:backend1]}
[Server:backend2] 08:56:59,376 INFO [org.infinispan.CLUSTER] (remote-thread--p7-t2) ISPN000336: Finished cluster-wide rebalance for cache clustering-demo.war, topology id = 1
It seems to confirm that slave:backend3 is not detected.

Change on your slave host default interface addresses to be visible for the master.
ie:
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address}"/>
</interface>
<interface name="private">
<inet-address value="${jboss.bind.address}"/>
</interface>
<interface name="unsecure">
<inet-address value="${jboss.bind.address}"/>
</interface>
</interfaces>
where jboss.bind.address is a real IP of slave host.
And do the same on master host.

I am heaving the same issue.My master and slaves log output looks exactly the same.
I followed the video tutorial and the related project on GitHub: https://github.com/stuartwdouglas/modcluster-example
I have set all public IP addresses on the master and slave servers. The host controller registers the slaves, infinispan displays log messages for cluster rebalancing displaying the 2 slaves. But the load balancing does not work. It also appears that the session replication also does not work, despit the fact that infinispan displays all slaves as members of the cluster.
If I repeat the steps as described in the above mentioned GitHub project on a single machine, that is all servers are on the same IP, but on different ports - everything works.
I also found this: http://wildfly9.blogspot.bg/2015/10/wildfly-9-reverse-proxy-config-with.html?m=1, where he mentions adding the public IP addresses as default-host aliases. Did that too and still it is not working.
Can someone point us in the right direction. I presume it is something small, but substantial that is missing from the documentation and there is no adequate demo/tutorial on the net that demonstrated the set-up when all the slaves and the load balancer reside on different hosts (different IP addresses).

FusionPBX Inbound Route ACL Error Can't Find User

i've changed my sip providers ip to MY.SIP.PROV.IP and their domain to MYSIPPROVIDER.COM and also my phone number to XXXXXXXXXX....
This is the CLI log. I'm able to dial out but I cannot get inbound routes working... Any help is appreciated.
Main part I'm not understanding:
2016-03-09 22:59:50.981898 [DEBUG] sofia.c:9124 IP MY.SIP.PROV.IP Rejected by acl "domains". Falling back to Digest auth.
Second Part....
2016-03-09 22:59:50.981898 [WARNING] sofia_reg.c:2852 Can't find user [#MYSIPPROVIDER.COM] from MY.SIP.PROV.IP
You must define a domain called 'MYSIPPROVIDER.COM' in your directory and add a user with the id="" attribute
and you must configure your device to use the proper domain in it's authentication credentials.
2016-03-09 22:59:50.981898 [WARNING] sofia_reg.c:1703 SIP auth failure (INVITE) on sofia profile 'internal' for [XXXXXXXXXX#MYSIPPROVIDER.COM] from ip MY.SIP.PROV.IP

If you look at the vars.xml file (located in /etc/freeswitch/vars.xml if you installed from the FreeSWITCH package) you'll see two relevant settings..
<X-PRE-PROCESS cmd="set" data="internal_sip_port=5060"/>
<X-PRE-PROCESS cmd="set" data="external_sip_port=5080"/>
In short, if a SIP packet is sent to your FreeSWITCH box on port 5080, it get's routed to the /etc/freeswitch/dialplan/public.xml file. Which, if you installed from package, also includes any .xml in /etc/freeswitch/dialplan/public/ using the line..
<X-PRE-PROCESS cmd="include" data="public/*.xml"/>
Otherwise, if you receive a packet on port 5060 of your FreeSWITCH box it gets treated as an 'internal' call. These get treated a little differently. If you're using default/example configuration, one of the differences is the FreeSWITCH ACL or 'Access Control List'.
Basically, any call made to 5060 will be parsed by the ACL. Which you can perceive as a sort of firewall. If it doesn't match a rule in there, FreeSWITCH refuses it with the error.
2016-03-09 22:59:50.981898 [DEBUG] sofia.c:9124 IP MY.SIP.PROV.IP Rejected by acl "domains". Falling back to Digest auth.
And this part...
2016-03-09 22:59:50.981898 [WARNING] sofia_reg.c:2852 Can't find user [#MYSIPPROVIDER.COM] from MY.SIP.PROV.IP
You must define a domain called 'MYSIPPROVIDER.COM' in your directory and add a user with the id="" attribute
and you must configure your device to use the proper domain in it's authentication credentials.
...is being generated by this part of the ACL config...
<list name="domains" default="deny">
<node type="allow" domain="$${domain}"/>
</list>
...Take not of the "Allow any SIP packet where the 'domain' (eg the #mysipprovider.com part of the SIP URI) is part of a user defined in the 'FreeSWITCH Directory'.
In short, the ACL is used as an added measure of authenticating INTERNAL DEVICES, in the context where FreeSWITCH is used as an 'internal PBX'.
You have two options..
Ask mysipprovider to route inbound SIP packets to port 5080, and then look at managing inbound calls via the default /etc/freeswitch/dialplan/public/00_inbound_did.xml file
Add a specific line in the ACL to approve calls from mysipprovider. Maybe something like..
..then type..
fs_cli -x 'reloadacl'
..to apply it.

Rebol 2 port binding to multiple IPs

I have a Windows setup with multiple IP's, and wishes my Rebol script (on Rebol/Core 2.78) to make individual bind and listen to the same port number on each of those IP's.
Until very recently I thought the syntax to do this was:
Port1Test: open/lines tcp://:80 browse http://10.100.44.6?
Port2Test: open/lines tcp://:80 browse http://10.100.44.7?
But it turns out the Port2Test line fails, as the browse http://10.100.44.6? part is totally ignored (and now searching, I can't even locate where I got that syntax in the first place).
Reading up on the documentation all I can find on how to specify a listening port is like this:
Port1Test: open/lines tcp://:80
Probing the Port1Test port reveals most settings set to none, and a few set as follows:
scheme: 'tcp
host: none
port-id: 80
local-ip: 0.0.0.0
local-port: 80
So I attempted to modify those values like this:
Port1Test: open/lines tcp://:80 ; Create port, as before. Then modify below
Port1Test/host: 10.100.44.6 ; Might this be the binding interface?
Port1Test/port-id: 1 ; I guess this is just an id?
Port1Test/local-ip: 10.100.44.6 ; This ought to be the binding interface.
Port2Test: open/lines tcp://:80 ; Create port, as before. Then modify below
Port2Test/host: 10.100.44.7 ; Might this be the binding interface?
Port2Test/port-id: 2 ; I guess this is just an id?
Port2Test/local-ip: 10.100.44.7 ; This ought to be the binding interface.
Unfortunately all variations of the above modifications, including swapping the IP values for Port1Test and Port2Test, fails when creating Port2Test. :-(
I'm sure there's something I'm overlooking, but I can't find any hints anywhere about how to initialize a port while binding it to a specific interface.
Any hints highly appreciated!
Edit:
The way Rebol bind to interfaces is now pretty evident to me - but how to modify it it still a mystery.
Let’s say I have two IP’s (== interfaces) associated to one networking card: 10.100.1.1 and 10.100.1.2.
On 10.100.1.1:80 I setup a Tomcat application that I know can bind to that specific interface.
Then I start a REBOL application, that also claim port 80.
They will both run happily, and each be accessible on only one IP, as if the Rebol application had bound to 10.100.1.2.
Then I shut down the Tomcat application, and attempt to start it. This turns out not to be possible, as the interface is in use.
And if I access both of the IP’s, it turns out the Rebol application is accessible on both IP’s.
It’s not an active mechanism in Rebol that at work here, but because Rebol claims the 0.0.0.0 interfaces (In the context of servers, 0.0.0.0 means "all IPv4 addresses on the local machine"), which is translated to any currently available interface, and a deferred claim to interfaces as they become available.
It would be really nice to find out how to change Rebols default interface of 0.0.0.0 to something else at create time of the port!

Rebol2 listen ports bind by default to all available IPv4 interfaces (0.0.0.0), and to the extent of my knowledge, unfortunately, there is no way to change that.
FYI, Rebol2 exposes existing IPv4 interfaces using the interfaces port mode:
>> p: open tcp://:8000
>> probe get-modes p 'interfaces
[make object! [
name: "if19"
addr: 10.27.10.110
netmask: 255.255.255.252
broadcast: 10.27.10.111
dest-addr: none
flags: [broadcast multicast]
] make object! [
name: "lo0"
addr: 127.0.0.1
netmask: 255.0.0.0
broadcast: none
dest-addr: none
flags: [multicast loopback]
] make object! [
name: "if16"
addr: 192.168.1.4
netmask: 255.255.255.0
broadcast: 192.168.1.255
dest-addr: none
flags: [broadcast multicast]
]]
Alas, this is read-only...(the documentation says not settable).
You can find a list of all port modes here, in case it is of any help to you.