From a38cd772f49289537b83d629243623205c72f451 Mon Sep 17 00:00:00 2001 From: Arthur Wolf Date: Thu, 12 Oct 2023 17:26:40 +0200 Subject: [PATCH 1/5] add DNS troubleshooting documentation --- docs/src/how-to/install/troubleshooting.md | 151 +++++++++++++++++++++ 1 file changed, 151 insertions(+) diff --git a/docs/src/how-to/install/troubleshooting.md b/docs/src/how-to/install/troubleshooting.md index de2d857e4b..62ebef7032 100644 --- a/docs/src/how-to/install/troubleshooting.md +++ b/docs/src/how-to/install/troubleshooting.md @@ -263,3 +263,154 @@ p: the expected ping (how many pings have not returned) Question: Are the connection values for bad networks/disconnect configurable on on-prem? Answer: The values are not currently configurable, they are built into the clients at compile time, we do have a mechanism for sending calling configs to the clients but these values are not currently there. + +## Verifying correct deployment of DNS / DNS troubleshooting. + +After installation, or if you meet some functionality problems, you should check that your DNS setup is correct. + +You'll do this from either your own computer (any public computer connected to the Internet), or from the Wire backend itself. + +### Testing public domains. + +From your own computer (not from the Wire backend), test that you can reach all sub-domains you setup during the Wire installation: + +* `assets.youdomain.com` +* `teams.yourdomain.com` +* `webapp.yourdomain.com` +* `accounts.yourdomain.com` +* etc... + +You can test if a domain is reachable by typing in your local terminal: + +``` +nslookup assets.yourdomain.com +``` + +If the domain is succesfully resolved, you should see something like: + +``` +Server: 127.0.0.53 +Address: 127.0.0.53#53 + +Non-authoritative answer: +Name: assets.yourdomain.com +Address: 388.114.97.2 +``` + +And if the domain can not be resolved, it will be something like this: + +``` +Server: 127.0.0.53 +Address: 127.0.0.53#53 + +** server can't find test.fra: NXDOMAIN +``` + +Do this for each and every of the domains you configured, make sure each of them is reachable from the open Internet. + +If a domain can not be reached, check your DNS configuration and make sure to solve the issue. + +### Testing internal domain resolution. + +Open a shell inside the SNS pod, and make sure you can resolve the following three domains: + +* `minio-external` +* `cassandra-external` +* `elasticsearch-external` + +First get a list of all pods: + +``` +kubectl get pods --all-namespaces +``` + +In here, find the sns pod (usually its name contains `fake-aws-sns`). + +Open a shell into that pod: + +``` +kubectl exec -it my-sns-pod-name -- /bin/sh +``` + +From inside the pod, you should now test each domain: + +``` +nslookup minio-external +``` + +If the domain is succesfully resolved, you should see something like: + +``` +Server: 127.0.0.53 +Address: 127.0.0.53#53 + +Non-authoritative answer: +Name: minio-external +Address: 173.188.1.14 +``` + +And if the domain can not be resolved, it will be something like this: + +``` +Server: 127.0.0.53 +Address: 127.0.0.53#53 + +** server can't find test.fra: NXDOMAIN +``` + +If you can not reach some of the domains from the SNS pod, you need to try those from one of the servers running kubernetes (kubernetes host): + +``` +ssh kubernetes-server +``` + +Then try the same thing using `nslookup`. + +If either of these steps fail, please request support. + +### Testing reachability of AWS. + +First off, use the Amazon AWS documentation to determine your region code: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html + +Here we will use `us-west-1` but please change this to whichever is closest to your server as needed. + +First list all pods: + +``` +kubectl get pods --all-namespaces +``` + +In here, find the sns pod (usually its name contains `fake-aws-sns`). + +Open a shell into that pod: + +``` +kubectl exec -it my-sns-pod-name -- /bin/sh +``` + +And test the reachability of the AWS services: + +``` +nslookup sqs.us-west-1.amazonaws.com +``` + +If it can be reached, you'll see something like this: + +``` +Server: 127.0.0.53 +Address: 127.0.0.53#53 + +Non-authoritative answer: +sqs.us-west-1.amazonaws.com canonical name = us-west-1.queue.amazonaws.com. +Name: us-west-1.queue.amazonaws.com +Address: 3.101.114.18 +``` + +And if it can't: + +``` +Server: 127.0.0.53 +Address: 127.0.0.53#53 + +** server can't find sqs.us-west-1.amazonaws.com: NXDOMAIN +``` \ No newline at end of file From f613b24ef1d5b24a27f555b2f3a426b4eef99395 Mon Sep 17 00:00:00 2001 From: Arthur Wolf Date: Thu, 12 Oct 2023 17:37:24 +0200 Subject: [PATCH 2/5] correct minor mistake --- docs/src/how-to/install/troubleshooting.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/src/how-to/install/troubleshooting.md b/docs/src/how-to/install/troubleshooting.md index 62ebef7032..be52656224 100644 --- a/docs/src/how-to/install/troubleshooting.md +++ b/docs/src/how-to/install/troubleshooting.md @@ -303,7 +303,7 @@ And if the domain can not be resolved, it will be something like this: Server: 127.0.0.53 Address: 127.0.0.53#53 -** server can't find test.fra: NXDOMAIN +** server can't find assets.yourdomain.com: NXDOMAIN ``` Do this for each and every of the domains you configured, make sure each of them is reachable from the open Internet. @@ -355,7 +355,7 @@ And if the domain can not be resolved, it will be something like this: Server: 127.0.0.53 Address: 127.0.0.53#53 -** server can't find test.fra: NXDOMAIN +** server can't find minio-external: NXDOMAIN ``` If you can not reach some of the domains from the SNS pod, you need to try those from one of the servers running kubernetes (kubernetes host): From 3fdf6069322261df73c1d561b33443484c9d1425 Mon Sep 17 00:00:00 2001 From: Arthur Wolf Date: Thu, 12 Oct 2023 17:43:43 +0200 Subject: [PATCH 3/5] moving try-again-on-host instructions from extrenal- to aws- --- docs/src/how-to/install/troubleshooting.md | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/docs/src/how-to/install/troubleshooting.md b/docs/src/how-to/install/troubleshooting.md index be52656224..92b1437b39 100644 --- a/docs/src/how-to/install/troubleshooting.md +++ b/docs/src/how-to/install/troubleshooting.md @@ -358,15 +358,7 @@ Address: 127.0.0.53#53 ** server can't find minio-external: NXDOMAIN ``` -If you can not reach some of the domains from the SNS pod, you need to try those from one of the servers running kubernetes (kubernetes host): - -``` -ssh kubernetes-server -``` - -Then try the same thing using `nslookup`. - -If either of these steps fail, please request support. +If you can not resolve any of the three domains, please request support. ### Testing reachability of AWS. @@ -413,4 +405,14 @@ Server: 127.0.0.53 Address: 127.0.0.53#53 ** server can't find sqs.us-west-1.amazonaws.com: NXDOMAIN -``` \ No newline at end of file +``` + +If you can not reach the AWS domain from the SNS pod, you need to try those from one of the servers running kubernetes (kubernetes host): + +``` +ssh kubernetes-server +``` + +Then try the same thing using `nslookup`. + +If either of these steps fail, please request support. \ No newline at end of file From 0617c30593878d8d2c0dd34710175ec08ff3182a Mon Sep 17 00:00:00 2001 From: Arthur Wolf Date: Thu, 12 Oct 2023 17:48:27 +0200 Subject: [PATCH 4/5] full list of domains` --- docs/src/how-to/install/troubleshooting.md | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/docs/src/how-to/install/troubleshooting.md b/docs/src/how-to/install/troubleshooting.md index 92b1437b39..0c3d426574 100644 --- a/docs/src/how-to/install/troubleshooting.md +++ b/docs/src/how-to/install/troubleshooting.md @@ -274,11 +274,18 @@ You'll do this from either your own computer (any public computer connected to t From your own computer (not from the Wire backend), test that you can reach all sub-domains you setup during the Wire installation: -* `assets.youdomain.com` -* `teams.yourdomain.com` -* `webapp.yourdomain.com` -* `accounts.yourdomain.com` -* etc... +* `assets.` +* `teams.` +* `webapp.` +* `accounts.` +* `nginz-https.` +* `nginz-ssl.` +* `sftd.` +* `restund01.` +* `restund02.` +* `federator.` + +Some domains (such as the federator) might not apply to your setup. Refer to the domains you configured during installation, and act accordingly. You can test if a domain is reachable by typing in your local terminal: From 3433e249e9bf2d5e838d0a0444729f1abcf36228 Mon Sep 17 00:00:00 2001 From: Arthur Wolf Date: Thu, 12 Oct 2023 17:49:58 +0200 Subject: [PATCH 5/5] add note about values.yaml` --- docs/src/how-to/install/troubleshooting.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/src/how-to/install/troubleshooting.md b/docs/src/how-to/install/troubleshooting.md index 0c3d426574..85a2bc95e0 100644 --- a/docs/src/how-to/install/troubleshooting.md +++ b/docs/src/how-to/install/troubleshooting.md @@ -371,7 +371,7 @@ If you can not resolve any of the three domains, please request support. First off, use the Amazon AWS documentation to determine your region code: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html -Here we will use `us-west-1` but please change this to whichever is closest to your server as needed. +Here we will use `us-west-1` but please change this to whichever value you set in your `values.yaml` file during installation. First list all pods: