Creating MNET: Sun Access Manager problem

Creating MNET: Sun Access Manager problem

i le Peteris Rudzajs -
Number of replies: 5
Greetings to everyone!

Problem description:

There are two moodle instances on https://mymoodle.com/moodleA and https://mymoodle.com/moodleB. The instaces independly are running well. There is Sun Access Manager (SAM) to access both Moodle instances (authorization plugin that supports SAM).
My progress in getting Moodle Network working is: I have turned on Moodle Networking under Admin -> Network -> Settings. So I am at the very beginning.
Next step would be: "Add New Host" under Admin -> Network -> Peers. So I enter the host to talk to: https://mymoodle.com/moodleB (tried also without https, nothing)

Here is the error :
Warning: file_get_contents(https://mymoodle.com/moodleB) [function.file-get-contents]: failed to open stream: HTTP request failed! HTTP/1.1 500 Internal Server Error in /var/wwwroot/moodleA/mnet/peer.php on line 61
Request for https://mymoodle.com/moodleB failed with HTTP code 302
  • line 84 of mnet/lib.php: call to debugging()
  • line 86 of mnet/peer.php: call to mnet_get_public_key()
  • line 91 of admin/mnet/peers.php: call to mnet_peer->bootstrap()
Request for https://mymoodle.com/moodleB returned empty response
  • line 104 of mnet/lib.php: call to debugging()
  • line 86 of mnet/peer.php: call to mnet_get_public_key()
  • line 91 of admin/mnet/peers.php: call to mnet_peer->bootstrap()

Talked to our network admins and they said, that mentioned error is because of SAM. Make a small test in moodleA/test.php to get file contents from moodleB/config.php - no result. This means that authorization fails.


Have you any idea how to solve this problem and to get to talk moodleA and moodleB?
I will appreciate every answer, because this problem has to be solved!

All the best,
Peteris

Average of ratings: -
In reply to Peteris Rudzajs

Re: Creating MNET: Sun Access Manager problem

i le John Andrewartha -
Peteris,

Are both instances running in a 'jail'? If yes then your problem is most likely the jails have blocked.
John
Average of ratings: -
In reply to John Andrewartha

Re: Creating MNET: Sun Access Manager problem

i le Peteris Rudzajs -
What does it mean to run in 'jail'? Sun Access Manager is set up to https://mymoodle.com
Average of ratings: -
In reply to Peteris Rudzajs

Re: Creating MNET: Sun Access Manager problem

i le John Andrewartha -
A jail is a soft container. If apps are run in a jail then they have limited privileges and that includes cross connections. If you run top from a shell the process list will tell you, just look for 'jail'.
If not jailed then make sure that the URL is correct. mnet will look like a normal network connection to the other side. If the outside URL is https://mymoodle.com/moodleA that's what you put in.
The certificate that Moodle generates is for the network name. I.E https://mymoodle/moodleA is correct but, https://machinename.com/moodleA is not. Name/certificate mismatch.
Let DNS and the kernel handle CNAME or aliasing.

Average of ratings: -
In reply to John Andrewartha

Re: Creating MNET: Sun Access Manager problem

i le Peteris Rudzajs -
John,
All the requests are checked against SAM, it means that everey user performing request should be authentificated.
I checked the URL - it is correct. As you said "mnet will look like a normal network connection", so every request in this connection should be authentificated.

Are there any possibilities to do authentification before connection?
What ways could it be done?
Could it be like hardcoding credentials somewhere to allow MNET connection?

P.S. with the sertificates all is ok!

Peteris


Average of ratings: -
In reply to Peteris Rudzajs

Re: Creating MNET: Sun Access Manager problem

i le John Andrewartha -
Peteris,
Sorry for the delay in replying. Exam marking time. If mnet is trying to connect through the https on your SAM no way. It cant authenticate. You need to bypass SAM.

Try changing the instance name in the Moodle Admin panel and hope that admin has got the DNS correct. Then regenerate the certificates. Try again. smile

Mnet has it's own certificates that it shares with other moodles. The base problem will be that the certificate is generated for the domain name not the machine name.
The domain name will be something like www.mymoodle.com/moodleA the machine it runs on beastie.mymoodle.com.
This may take a bit of thinking. As WM S once penned "Whats in a name?" heaps when it comes to certificates.
John
Average of ratings: -