Issue installing Apigee Edge 4.17.09 on AWS ami

Not applicable

Apigee supports "Amazon AWS Linux: latest version" as per the doc.

we have hardened base image ami which was 2017.03, so we updated the ami as per:

https://aws.amazon.com/amazon-linux-ami/2017.09-release-notes/

from the doc:

To upgrade to Amazon Linux AMI 2017.09 from 2011.09 or later, run sudo yum clean all followed by sudo yum update. When the upgrade is complete, reboot your instance.

and have done

~ cat /etc/system-release

Amazon Linux AMI release 2017.09

Now when we install ms profile on the node it fails at the openldap install attaching openldap and the setup logs. Is it the right approach to update the ami and install edge?

because as long as we are using the aws ami 2017.09 we should be able to install apigee edge 4.17.09.

apigee-openldap-log.txt

openldap-config-log.txt

setup-root-log.txt

0 9 597
9 REPLIES 9

@Nagendra Buddhala can you include what is in your openldap.properties file as well ? I appears to be erroring out once it hits a config parameter in that file.

@Christin Brown we dont have any custom tokens set for openldap at /opt/apigee/customer/application/openldap.properties. Please, fill in more details on the openldap.properties file you were reffering to.

Not applicable

Do you see any errors in the management server logs?

I also see [ChangeDelta, position: 1, lines: [LDAP_PORT=${LDAP_PORT:-10389}] to [LDAP_PORT=${LDAP_PORT:-10391}]]

why are you changing the port?

Not applicable

We installed Apigee Edge 4.17.09 using the same version of of Amazon Linux (2017.09) and ran into the same failures. The fix for us was to set localhost in /etc/hosts as an alias of the Eth0 IP address and not the loopback.

FAIL: ldapsearch -h localhost -p 10389 -x -b '' -s base supportedFeatures

SUCCESS: ldapsearch -h $(hostname) -p 10389 -x -b '' -s base supportedFeatures

we figured this out by adding 'set -ex' to the top of /opt/apigee/apigee-service/bin/apigee-service

This could be TCP Wrappers. Can you check /etc/hosts.allow and /etc/hosts.deny to see whether there are any restrictions?

100% correct! we had ALL : ALL in the deny and the loopback was missing from the allow. Thanks a bunch!

I ran into same issue, added loopback address to /etc/hosts.allow file and its started working

Nagendra,

Would the doc on TCP wrappers here have helped:

https://docs.apigee.com/private-cloud/latest/installation-requirements#networksetting-tcpwrappers

Or was there more you had to do? I just want to make sure I understand the problem ad if any doc updates are needed.

Thanks,

Stephen

My bad I missed this question @sgilson we don't need any update on the docs. The issue was with prebaked AMI used within the enterprise.