[et-mgmt-tools] re: "invalid kernel" -- found the problem!

JimmyT _ jtatpbl at gmail.com
Mon Feb 4 19:45:13 UTC 2008 

(moving this discussion thread from private email & irc chats to this
list, per request)


-------------------------------------------------------------------------------
if I,

cd /tmp/xen
wget http://mirrors.kernel.org/fedora/releases/8/Fedora/x86_64/os/images/xen/vmlinuz
wget http://mirrors.kernel.org/fedora/releases/8/Fedora/x86_64/os/images/xen/initrd.img

ls -al /tmp/xen

cobbler distro add --name=f8 \
--kernel='/tmp/xen/vmlinuz' --initrd='/tmp/xen/initrd.img' \
--arch=x86_64 --breed=redhat

cobbler profile add --name=f8pv --distro=f8 --virt-type=xenpv \
--virt-ram=512 --virt-cpus=1 --virt-bridge=eth0 --kickstart=/tmp/f8pv_ks.cfg

cobbler sync

ls -al /tmp/xen
  -rw-r--r--  1 root root 6735017 2007-11-02 08:00 initrd.img
  -rw-r--r--  1 root root 1961293 2007-11-02 08:00 vmlinuz

koan --virt --virt-name=testvm --profile=f8pv --server=server.internal.net \
--virt-path=/dev/VG01/testvm \
--autonet --nogfx


FAILS:

  - using kickstart: http://10.0.0.100/cblr/kickstarts/f8_min_pv/ks.cfg
  libvirtd (pid 2322) is running...
  downloading initrd initrd.img to /var/lib/xen/initrd.img
  url=http://server.internal.net/cobbler/images/fedora8/initrd.img
  - using kickstart:
http://server.internal.net/cobbler/images/fedora8/initrd.img
  downloading kernel vmlinuz to /var/lib/xen/vmlinuz
  url=http://server.internal.net/cobbler/images/fedora8/vmlinuz
  - using kickstart: http://server.internal.net/cobbler/images/fedora8/vmlinuz
  libvir: Xen Daemon error : GET operation failed:
  libvir: Xen Daemon error : GET operation failed:
  libvir: Xen Daemon error : POST operation failed: (xend.err "Error
creating domain: (2, 'Invalid kernel', 'xc_dom_find_loader: no loader
found\\n')")
  Traceback (most recent call last):
    File "/usr/lib/python2.5/site-packages/koan/app.py", line 192, in main
     k.run()
    File "/usr/lib/python2.5/site-packages/koan/app.py", line 402, in run
     self.virt()
    File "/usr/lib/python2.5/site-packages/koan/app.py", line 670, in virt
     return self.net_install(after_download)
    File "/usr/lib/python2.5/site-packages/koan/app.py", line 624, in
net_install
     after_download(self, profile_data)
    File "/usr/lib/python2.5/site-packages/koan/app.py", line 668, in
after_download
     self.virt_net_install(profile_data)
    File "/usr/lib/python2.5/site-packages/koan/app.py", line 1243,
in virt_net_install
     fullvirt      =  fullvirt
    File "/usr/lib/python2.5/site-packages/koan/xencreate.py", line
128, in start_install
     guest.start_install()
    File "/usr/lib/python2.5/site-packages/virtinst/Guest.py", line
813, in start_install
     return self._do_install(consolecb, meter)
    File "/usr/lib/python2.5/site-packages/virtinst/Guest.py", line
834, in _do_install
     self.domain = self.conn.createLinux(install_xml, 0)
    File "/usr/lib64/python2.5/site-packages/libvirt.py", line 585,
in createLinux
     if ret is None:raise libvirtError('virDomainCreateLinux()
failed', conn=self)
  libvirtError: virDomainCreateLinux() failed POST operation failed:
(xend.err "Error creating domain: (2, 'Invalid kernel',
'xc_dom_find_loader: no loader found\\n')")


Checking,

ls -al /var/lib/xen/{vmlinuz*,initrd*}
  -rw-r--r-- 1 root root 609 2008-02-01 16:56 /var/lib/xen/initrd.img
  -rw-r--r-- 1 root root 609 2008-02-01 16:56 /var/lib/xen/vmlinuz

Those sizes are clearly WRONG!  What's "in there"?

Oddly,

cat /var/lib/xen/{vmlinuz,initrd.img)

  <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  <html><head>
  <title>400 Bad Request</title>
  </head><body>
  <h1>Bad Request</h1>
  <p>Your browser sent a request that this server could not understand.<br />
  Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
  Instead use the HTTPS scheme to access this URL, please.<br />
  <blockquote>Hint: <a
href="https://server.internal.net/"><b>https://server.internal.net/</b></a></blockquote></p>
  <hr>
  <address>Apache/2.2.6 (Fedora) Server at <a
href="mailto:root at localhost">server.internal.net</a> Port
443</address>
  </body></html>
  <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  <html><head>
  <title>400 Bad Request</title>
  </head><body>
  <h1>Bad Request</h1>
  <p>Your browser sent a request that this server could not understand.<br />
  Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
  Instead use the HTTPS scheme to access this URL, please.<br />
  <blockquote>Hint: <a
href="https://server.internal.net/"><b>https://server.internal.net/</b></a></blockquote></p>
  <hr>
  <address>Apache/2.2.6 (Fedora) Server at <a
href="mailto:root at localhost">server.internal.net</a> Port
443</address>
  </body></html>

This is happening, I believe because koan's DL'ing from:

  url=http://server.internal.net/cobbler/images/fedora8/initrd.img

rather than,

  url=https://server.internal.net/cobbler/images/fedora8/initrd.img


Checking, if I nav to:

  links http://server.internal.net/cobbler/images/fedora8/

I see,


                                          400 Bad Request
                                                            Bad
Request

     Your browser sent a request that this server could not
understand.
     Reason: You're speaking plain HTTP to an SSL-enabled server
port.
     Instead use the HTTPS scheme to access this URL, please.

      Hint: https://server.internal.net/

     ---------------------------------------------------------------------------------------------------------------------------------------------------------------

     Apache/2.2.6 (Fedora) Server at server.internal.net Port 443

which is what's in those "errant" koan DL's ...

Whereas if I instead nav to:

  links https://server.internal.net/cobbler/images/fedora8/

i see as expected,

Index of /cobbler/images/fedora8

Index of /cobbler/images/fedora8

  [ICO]       Name         Last modified   Size Description
  ---------------------------------------------------------
  [DIR] Parent Directory                      -
  [   ] initrd.img       01-Feb-2008 16:50 6.4M
  [   ] vmlinuz          01-Feb-2008 16:50 1.9M
  ---------------------------------------------------------

   Apache/2.2.6 (Fedora) Server at server.internal.net Port 443

Bottom line ... koan's NOT getting files via the required https://....

And, this, of course, would explain the "invalid kernel" messages I've
been seeing.

Now, the question is config change in koan/cobbler? apache? or a koan
source problem?

HTH,

Jimmy

-------------------------------------------------------------------------------

So to summarize, you have port 80 configured to be HTTPS and you have
shut http:// off?

To get things going you'll need to turn it back on in the Cobbler
server.     The address of the cobbler server and the port is configured
in settings, but the URLs
generated will be http://.    It does not need to be port 80, but if
it's not, you need to change the port value in /var/lib/cobbler/settings.

This probably explains both your transfer error and the XMLRPC messages.

It would be possible to allow cobbler to generate https:// URLs, though
there is not much point in doing so -- Anaconda itself does not support
authentication.

--Michael

-------------------------------------------------------------------------------
Michael,

I decided to step away from it myself, and have someone else here
setup a new/clean box.  again, vanilla f8 + apache.

They've pulled latest git heads of cobbler/koan.

Now, @ their "koan ...",

koan --virt --virt-name=test --server=http://server3.internal.net
--profile=f8test \
--virt-path=/dev/VG03/test --autonet --nogfx
       Could not communicate with http://server3.internal.net:25151

checking @ server3

       service iptables status
               iptables: Firewall is not running.

       service ip6tables status
               ip6tables: Firewall is not running.

and,

       telnet server3.internal.net 25151
               Trying 10.0.0.203...
               Connected to server3.internal.net.
               Escape character is '^]'.


has something changed?

-------------------------------------------------------------------------------

Is cobbler check clean? Is cobblerd running?

-------------------------------------------------------------------------------

yes to both.

cobbler check
 No setup problems found
 Manual review and editing of /var/lib/cobbler/settings is recommended
to tailor cobbler to your particular configuration.
 Good luck.

service cobblerd status
 cobblerd (pid 7761 7760 7759 7758) is running...

-------------------------------------------------------------------------------

Can you actually telnet to that port from the remote box?

FYI:  Q&A should go to the public list.

-------------------------------------------------------------------------------
yes. that's what the above,

    telnet server3.internal.net 25151
              Trying 10.0.0.203...
              Connected to server3.internal.net.
              Escape character is '^]'.

was. sorry, did not make it cleat that the telnet was from a remote.

-------------------------------------------------------------------------------

More information about the et-mgmt-tools mailing list