Forum OpenACS Q&A: Server won't serve anything once .tcl libraries loaded at startup.

Sorry to have to ask this but I have now spent about two weeks trying
to tie this down and am really stuck. Please help someone.

I had a full prototype installation working with virtual hosting and
multiple ACSs with PostgreSQL 7.1 under Mandrake Linux 7.1 which had
been installed with OS security set to LOW.

Confident that I now fully understood the configuration processes I
hosed the machine and installed Mandrake 8.2 with security option
HIGH. I then installed AOLserver ad33.13, PostgreSQL 7.2, and all
other components just as before.

I have since been unable to serve a single .tcl page from ACS 3.2.5.
I have tested everything I can think of. I have removed the virtual
hosting and focused on just one AOLServer process for a single ACS. I
have recompiled AOLServer without the nsvhr patches, I have re-
compiled PostgreSQL without the ODBC drivers that I was hoping to use.

I have also trawled the forums and tried everything I can find in
relation to the browser error message - "the Document contained no
data". No luck.

All of the other drivers appear to be loading on startup (log file
attached below), the database responds to queries in psql, the server
log reports that the database connection is ok and the .tcl libraries
are reported as loaded ok also.

But here is the really confusing bit.......

If I comment out the line :

    ns_param library "/web/${server}/tcl"

so that the libraries are not parsed into memory at startup, the
AOLServer will successfully serve a test static index.html file
from /web/${server}/www. However as soon as I uncomment this line to
enable the ACS libraries I can't even get the static page to serve.
Netscape just reports "the Document contained no data, Please contact
your administrator". (But I am the Administrator - so what now??!)

I am left wondering the following :

1) Should I not be using PostgreSQL v7.2? (But I cannot see why that
should be a problem because the data is there and the server log
shows that queries are running successfully).

2) Is there any possibility that the OS security settings could have
an effect on the preauth filtering .tcl procs? Is there anything that
I have missed setup wise that would lead the ACS .tcl filters to
refuse to allow even the serving of the default index.html file?

Can anyone help with suggestions of other things to try?

I tried to included below my server1.tcl file and a copy of the
server log but the formatting is lost in the upload and I didn't want
to clutter up the forum. If anyone is willing to take a look I will e-
mail them. I have been using the sample ad.tcl renamed to
ad_server1.tcl. Once again sorry to bother everyone with this -
really stumped.

Thank you very much, Richard.

PS. I have also tried :  set hostname localhost
but no luck there either.

I have put the files on the following URL.

Thanks very much for replying, hope you will see what I have missed!

NSD Config :  http://freespace.virgin.net/richard_s.hamilton/server1.tcl.htm

Server Log File :  http://freespace.virgin.net/richard_s.hamilton/server1.htm

Regards
Richard

If you type http://192.168.100.2:8000/index.html (based on your server log output), can you see the static page?

If I comment out the line :

ns_param library "/web/${server}/tcl"

so that the libraries are not parsed into memory at startup, the AOLServer will successfully serve a test static index.html file from /web/${server}/www. However as soon as I uncomment this line to enable the ACS libraries I can't even get the static page to serve. Netscape just reports "the Document contained no data, Please contact your administrator". (But I am the Administrator - so what now??!)

In 3.2.5, don't forget the default parameter in parameters/ad.tcl:

#precedence for file extensions, e.g., "tcl,adp,html" means "serve 
# a .tcl file if available, else an .adp file if available, else an 
# .html file if available, else the first file available in alphabetical 
# order". Comma-separated 
ns_param ExtensionPrecedence tcl,adp,html,jpg,gif

This parameter will control what pages get served first. So if you only typed http://192.168.100.2:8000/, it will ignore your static index.html and serve index.tcl instead (if it exists). By itself, this does not explain why aolserver is not serving anything, unless you modified the default www/index.tcl and forgot to include ns_writes to actually output something to the connection. Something to check...

What output do you get with?

telnet 192.168.100.2 8000(enter) 
GET /(enter) 
(enter) 
(enter) 

This tells us that your server is listening on port 80.
The bad request is because you typed "GET/" instead of "GET /".
This isn't really a telnet service. We are using telnet to check the web service.

You can fix this by changing ForceHostP to 0 or false (in /web/${server}/parameters/${server}.tcl) as Jonathan mentioned or by setting hostname to 192.168.100.2

Foreign host is whatever host is on the other end of your
connection.

Check your server's log files for the answer at
/usr/local/aolserver/log/server-???.log or wherever it might be.
Your server is probably generating some error in a preauth filter.
(I created a patch for AOLServer 4.0 to return an error to the user
in this case instead of just dying.  We'll see what they do with
it.)

Could it be related to the OS security settings?

Unlikely. Insofar as Mandrake is a Red Hat Linux derivative, by HIGH security settings they probably mean that most ports on the system are blocked.

I am not a Mandrake user. If Mandrake has the lokkit utility as Red Hat does, you can use it to inspect your "security settings". On Red Hat Linux, it is installed at /usr/sbin/lokkit.

Alternatively, you can go for the real thing and inspect your firewall settings directly with ipchains (/sbin/ipchains on Red Hat) like so:

bash$ su - -c "ipchains -L"
Password: 
Chain input (policy ACCEPT):
target     prot opt     source                destination           ports
ACCEPT     udp  ------  someplace.redhat.com  anywhere              domain ->   1025:65535
ACCEPT     tcp  -y----  anywhere              anywhere              any ->   netbios-ns
ACCEPT     tcp  -y----  anywhere              anywhere              any ->   netbios-dgm
ACCEPT     tcp  -y----  anywhere              anywhere              any ->   netbios-ssn
ACCEPT     tcp  -y----  anywhere              anywhere              any ->   1025
ACCEPT     tcp  -y----  anywhere              anywhere              any ->   ssh
ACCEPT     tcp  -y----  anywhere              anywhere              any ->   http
ACCEPT     udp  ------  anywhere              anywhere              bootps:bootpc ->   bootps:bootpc
ACCEPT     udp  ------  anywhere              anywhere              bootps:bootpc ->   bootps:bootpc
ACCEPT     all  ------  anywhere              anywhere              n/a
REJECT     tcp  -y----  anywhere              anywhere              any ->   0:1023
REJECT     tcp  -y----  anywhere              anywhere              any ->   nfs
REJECT     udp  ------  anywhere              anywhere              any ->   0:1023
REJECT     udp  ------  anywhere              anywhere              any ->   nfs
REJECT     tcp  -y----  anywhere              anywhere              any ->   x11:6009
REJECT     tcp  -y----  anywhere              anywhere              any ->   xfs
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):

These are slightly modified MEDIUM security settings in Red Hat. For example, this box accepts connections to ports 22 (ssh) and 80 (http), and rejects connections to all ports in the 0-1023 range that do not have an explicit ACCEPT policy. Your setup should be similar.

In any case, if you say you can serve static pages when server is running on port 8000, that means your box IS accepting connections on that port. When you try telnetting into the port on which your webserver is listening, does it look like this:

bash$ telnet www.yahoo.com 80
Trying 64.58.76.224...
Connected to www.yahoo.com.
Escape character is '^]'.

If telnet says, Connected to localhost, then your security settings are fine. You shouldn't waste your time reinstalling the system with MEDIUM security settings.

Here is a section of access.log from /usr/local/aolserver/server1/modules/nslog

192.168.100.2 - - [12/May/2002:00:03:10 +0100] "GET / HTTP/1.0" 304 0 "" "Mozilla/4.78 [en] (X11; U; Linux 2.4.8-26mdk i686)"

192.168.100.2 - - [12/May/2002:00:09:58 +0100] "GET / HTTP/1.0" 304 0 "" "Mozilla/4.78 [en] (X11; U; Linux 2.4.8-26mdk i686)"

192.168.100.2 - - [12/May/2002:00:12:03 +0100] "GET / HTTP/1.0" 304 0 "" "Mozilla/4.78 [en] (X11; U; Linux 2.4.8-26mdk i686)"

192.168.100.2 - - [12/May/2002:00:18:56 +0100] "GET / HTTP/1.0" 302 302 "" "Mozilla/4.78 [en] (X11; U; Linux 2.4.8-26mdk i686)"

192.168.100.2 - - [12/May/2002:00:20:48 +0100] "GET /register.tcl HTTP/1.0" 302 314 "" "Mozilla/4.78 [en] (X11; U; Linux 2.4.8-26mdk i686)"

192.168.100.2 - - [12/May/2002:00:25:19 +0100] "GET /doc/audit.html HTTP/1.0" 302 316 "" "Mozilla/4.78 [en] (X11; U; Linux 2.4.8-26mdk i686)"

192.168.100.2 - - [12/May/2002:11:32:14 +0100] "GET / HTTP/1.0" 302 302 "" "Mozilla/4.78 [en] (X11; U; Linux 2.4.8-26mdk i686)"

192.168.100.2 - - [12/May/2002:11:32:23 +0100] "GET /monitor.tcl HTTP/1.0" 302 313 "" "Mozilla/4.78 [en] (X11; U; Linux 2.4.8-26mdk i686)"

192.168.100.3 - - [12/May/2002:22:40:21 +0100] "GET / HTTP/1.1" 302 302 "" "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)"

192.168.100.3 - - [12/May/2002:22:40:21 +0100] "GET / HTTP/1.1" 302 302 "" "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)"

[Thousands of re-tries]

192.168.100.2 - - [12/May/2002:22:45:12 +0100] "GET /monitor.tcl HTTP/1.1" 302 313 "" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4) Gecko/20010914"

192.168.100.2 - - [12/May/2002:22:45:12 +0100] "GET /monitor.tcl HTTP/1.1" 302 313 "" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4) Gecko/20010914"

192.168.100.2 - - [12/May/2002:22:45:12 +0100] "GET /register.tcl HTTP/1.1" 302 314 "" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4) Gecko/20010914"

192.168.100.2 - - [12/May/2002:22:45:13 +0100] "GET /monitor.tcl HTTP/1.1" 302 313 "" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4) Gecko/20010914"

192.168.100.2 - - [12/May/2002:22:45:13 +0100] "GET /register.tcl HTTP/1.1" 302 314 "" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4) Gecko/20010914"

192.168.100.2 - - [12/May/2002:22:45:13 +0100] "GET /monitor.tcl HTTP/1.1" 302 313 "" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4) Gecko/20010914"

192.168.100.2 - - [12/May/2002:22:45:13 +0100] "GET /register.tcl HTTP/1.1" 302 314 "" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4) Gecko/20010914"

192.168.100.2 - - [12/May/2002:22:45:13 +0100] "GET /monitor.tcl HTTP/1.1" 302 313 "" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4) Gecko/20010914"

192.168.100.2 - - [12/May/2002:22:45:13 +0100] "GET /register.tcl HTTP/1.1" 302 314 "" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4) Gecko/20010914"

[Thousands of re-tries - 70 per second]

You will notice that I have tried connecting from an NT5.0 box 192.168.100.3 also.

The server logs each request but returns no data at all.

Thank you for persisting with this everyone. Much appreciated.

Regards
Richard

Based on your access log files it appears that the ForceHostP/ set hostname xxx should have worked.

The log files I was interested in are at /usr/local/aolserver/log/server-???.log but they probably don't have anything interesting in them based on your access log files. make sure you kill all existing aolserver instances "killall nsd", and try again. perhaps you either didn't restart the server after changing the config files or, if you did, an old instance is still running somewhere.

[12/May/2002:22:23:04][1290.2051][-sched-] Error: dns: gethostbyname failed: temporary error - try again

You still don't have your network setup. It has been a long while since I used 3.x so this is strange.

I could be wrong, but I believe that gethostbyname uses your /etc/hosts or /etc/host.conf to get a hostname, specifically yours. <p>

Have tested *.adp pages and found that they serve ok. So the problem is restricted to *.tcl pages. What on earth have I done wrong?

Richard