Jump to content
Sign in to follow this  
DennisGabriel

State of the new .NET Core based server

Recommended Posts

Hello,

I'm planning a completely fresh install of Plastic, no old data, migration or anything. So i thought it might make sense to take a look at the "new generation of our server, built on .NET Core and managed with systemd". It sounds like a very good step up in many areas and already being on the future version would potentially save me a difficult migration later on.

I'm installing on CentOS and followed this procedure. The installation itself was overall very easy but there seem to be some things i either don't understand or are not yet working.

 

1. Primarily i can't get ssl to work. For the web interface this is not a big issue, i could just put a reverse proxy in front of it for that but for the client I always get an error when trying to connect: 

Authentication failed because the remote party has closed the transport stream.

No ssl connection works fine. I tried the official procedures described here and also several other things but always get the same error. It also seems like the remoting.conf is no longer used at all? I then came along this thread claiming that it's mentioned somewhere that it's not supported yet but i could not find that information anywhere.

So my first question is whether someone can confirm that ssl is not working yet and if there is an official ETA on implementing that?

 

2. When trying to fix ssl i also wanted to take a look at the log files but that turned out to be another issue. I can't find them. I guess because the new server is using systemd its logging is different? And logs might be in a different location but does someone know where? Or how to set logging up correctly?

 

3. Last but not least i wonder if there are any other limitations / missing features the new generation currently has that one should be aware of? I Just need to make an informed decision on what path to follow.

 

Sorry for the long and overloaded post and thanks a lot in andanced for any help.

Share this post


Link to post
Share on other sites

Hi,

Quote

 

1. Primarily i can't get ssl to work. For the web interface this is not a big issue, i could just put a reverse proxy in front of it for that but for the client I always get an error when trying to connect: 


Authentication failed because the remote party has closed the transport stream.

No ssl connection works fine. I tried the official procedures described here and also several other things but always get the same error. It also seems like the remoting.conf is no longer used at all? I then came along this thread claiming that it's mentioned somewhere that it's not supported yet but i could not find that information anywhere.

So my first question is whether someone can confirm that ssl is not working yet and if there is an official ETA on implementing that?

 

SSL is also supported in the new netcore server. We will need to review the full server debug log to understand what could be the problem. "remoting.conf" is not used anymore and the ports and SSL certificate are defined in the "network.conf" file.

Quote

2. When trying to fix ssl i also wanted to take a look at the log files but that turned out to be another issue. I can't find them. I guess because the new server is using systemd its logging is different? And logs might be in a different location but does someone know where? Or how to set logging up correctly?

Did you install the server via packages, right? The "loader.log.conf" should be in your "server" folder. This is where the log is configured. Anyway, I attach it:

loader.log.conf

Quote

3. Last but not least i wonder if there are any other limitations / missing features the new generation currently has that one should be aware of? I Just need to make an informed decision on what path to follow.

There is not current limitation. The netcore server is the one we are currently recommened. Most of our bigger customers are already using it.

Specially for Linux where the "mono" based server will be deprecated at some point.

Regards,

Carlos.

Share this post


Link to post
Share on other sites

Hey Carlos, thank you so much for your answer! That was super helpful!

I will start check logging then see if i can fix my ssl problem myself or check back here.

 

Cheers,

Dennis

Share this post


Link to post
Share on other sites

Hello,

I'm back in search for some additional help.
I made a fresh start to make sure i have a small and reproducible scenario here.

So what i did is:
- Fresh install of CentOS 7 Minimal
- Update CentOS
- Opened some firewall ports:

firewall-cmd --permanent --add-port 7178/tcp
firewall-cmd --permanent --add-port 7179/tcp
firewall-cmd --permanent --add-port 8087/tcp
firewall-cmd --permanent --add-port 8088/tcp
firewall-cmd --reload

- Installed Plastic SCM Package:

wget https://www.plasticscm.com/plasticrepo/stable/redhat/plasticscm-stable.repo -O /etc/yum.repos.d/plasticscm-stable.repo
dnf install -y plasticscm-server-netcore

- Configure Plastic SCM:

/opt/plasticscm5/server/plasticd configure
1
8087
8088
3
skip

- Set Admin Password:

/opt/plasticscm5/server/plasticd adminpwd --pwd=SuperSecureAdminPassword

- Add Start and Autostart:

systemctl start plasticscm-server
systemctl enable plasticscm-server

At this point i started testing. Hope this is the bare minimum required to do functional testing.

1. So about logging, i did not have a loader.log.conf in the server directory, i think it's actually missing in the repo if it should be there. There is one in the "config_samples" subfolder so i just moved that over and logging comes right back. So no real issue here. Guess it would just be nice to have that in the documentation somewhere knowing that it's off by default and that it needs to be moved to the server folder?

2. About the webadmin i can reach the webadmin right away on the ssl port 7179 although it's without ssl no certificate. On some settings however it is showing an error page. Checking the logs i noticed the it could not open the config files. So i checked them and noticed that the user.conf and webadmin.conf have the owner and group set to "root" instead of "plasticscm". Changing that gave the webadmin full functionality back. I think this is a small error in the Plastic setup?

3. And finally ssl: The network.conf file in the server directory seems to be without ssl it just specifies port 8087 and 8088 and that's it. There is one in the already mentioned  "config_samples" folder that includes "security",  "sslPfxFile" and "sslPfxFilePassword". I don't know if this password is actually for the certificate that is in the server folder but i tried moving it there and it still gives me the same error as before. I did not try to generate my own certificate yet to keep the test setup as clean as possible but i'm happy to try.

 i do have all the logfiles now and can share them here or via dm. The only part about ssl that indicates an error i could find is this:

(null) (null) (null) (null) (null) DEBUG networkserver - conn    2. port 8088. Connection accepted from [192.168.0.220]
(null) (null) (null) (null) (null) DEBUG networkserver - port 8088 - Waiting to accept connection
NetworkThread-25     DEBUG PlasticProto.ConnectionFromClient - conn    2. ReceiveAsync
A-5     DEBUG PlasticProto.ConnectionFromClient - conn    2. awaked. total 1
A-5     DEBUG WorkerThreadPool - Enqueued new work. Enqueued: 1 Worker threads: 1 (1 free). conn    2
A-5     DEBUG WorkerThreadPool - There are 1 free threads - not starting a new one. Enqueued: 1. conn    2
W-26 2    DEBUG WorkerThreadPool - Request dequeued. It was waiting for 00:00:00.0001292. Queued requests: 0. ThId: 26. conn    2
W-26     DEBUG WorkerThread - WorkerThread.Run: Work retrieved. ThId: 26. 75612 ms. conn    2
W-26 2    INFO  PlasticProto.ConnectionFromClient - conn    2. Authentication failed, see inner exception.
W-26 2    INFO  PlasticProto.ConnectionFromClient - conn    2 from 192.168.0.220 closed. Requests attended:    1
W-26 2    INFO  ChannelCall - conn:     2 protocol:plasticproto sec:none recb:      95|rect:   0|sentb:       0|sendt:   0|queuedt:       0|prt:       7|th:   26|dest:   0|mt:       0|sert:   0|zip:   0|cpu:       0|   192.168.0.220|user:|Unknown-plasticproto
W-26     DEBUG WorkerThread - WorkerThread.Run: Going to GetWork. ThId: 26

 

So any help on the ssl issue is much appreciated.

Cheers,
Dennis

Share this post


Link to post
Share on other sites

Hi @DennisGabriel, thank you very muich for the detailed explanation. 

1 and 2. Thanks for explaining in detail the issues you faced when configuring the server. Your feedback is very appreaciated.

3. Regarding the SSL configuration: 

If you don't define a specific certificate and password in "network.conf", when you start the netcore server, a new self-signed certificate ("ssl-certificate.pfx") will be automatically created and you should be able to connect to the 8088 port using with this certificate. You don't need to manualy set the file path and certificate password in "network.conf". Of course, you can also define your own custom certificate and password.

[
  {
    "port": 8087
  },
  {
    "security": "ssl",
    "port": 8088
  }
]

If the issue, persists, please reach us at support@codicesoftware.com and we can arrange a meeting to help you with the last configuration steps.

Regards,

Carlos.

Share this post


Link to post
Share on other sites

Hey Carlos,

thanks for the SSL tips.

Unfortunately the issue does still persist so i will have to contact you guys soon.

I will wait for our new production server to arrive and prep everything before that though.

 

Thanks Again!

Cheers,
Dennis

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...