connecting secondary dns to namedmanager about namedmanager HOT 9 OPEN

I have 2 CentOS, both with namedmanager and they are syncing each other.
I took some time to understand that the $config['api_url'] in config-bind.php must be the same for each server of the pool, and I put the url of the first server for each namedmanager.
api_server_name should contain the name of the server you are configuring. And api_auth_key, obviously the same key.
I'm just an user, if case of mistakes, please someone corrects me!

from namedmanager.

Hi Thanks for replying.
I made changes to my /etc/php.ini so I do not get the PHP syntax error. I have in the name of the first server in $config['api_url'] as you mentioned. I also have the fqdn of the server I am configuring as well as its api_auth_key which is been configured in the API Authentication key in the web server configuration under Name Servers - > Adjust Server Configuration for the secondary dns server.
I now get the error.
[root@ns2 wolf]# php -q /usr/share/namedmanager/bind/namedmanager_bind_configwriter.php
PHP Fatal error: SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://nt01.xxx.xxx/api/namedmanager.wsdl' : failed to load external entity "https://nt01.xxx.xxx/api/namedmanager.wsdl"
in /usr/share/namedmanager/bind/include/application/inc_soap_api.php on line 33
PHP Fatal error: Uncaught SoapFault exception: [WSDL] SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://nt01.xxx.xxx/api/namedmanager.wsdl' : failed to load external entity "https://nt01.xxx.xxx/api/namedmanager.wsdl"
in /usr/share/namedmanager/bind/include/application/inc_soap_api.php:33
Stack trace:
#0 /usr/share/namedmanager/bind/include/application/inc_soap_api.php(33): SoapClient->SoapClient('https://nt01.br...')
#1 /usr/share/namedmanager/bind/namedmanager_bind_configwriter.php(108): soap_api->authenticate()
#2 {main}
thrown in /usr/share/namedmanager/bind/include/application/inc_soap_api.php on line 33

from namedmanager.

I don't know if we have the same version of namedmanager, but in the api_url I've just put "namedmanager":
$config["api_url"] = "https://ns1.xxxx.xx/namedmanager";

from namedmanager.

My api_url is correct as it is the website, but I will give it a try. I will change my api_url as you suggest and see if that works.

from namedmanager.

I have figured the problem out. It is because the ssl certificate is self signed on the api_url server that the communication is failing. I am now trying to figure out if I can fix this by importing the certificate or by making some changes to the php soap so that it does not check.

from namedmanager.

I'm using self-signed certificates and I didn't made adjustments...

from namedmanager.

Hi
It works now that I added the certificate from api_url = "https://ns1.xxx.xxx" to /etc/pki/ca-trust/source/anchors and ran update-ca-trust extract (more about how this is done can be found at http://kb.kerio.com/product/kerio-connect/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html). I ran [root@ns2 anchors]# php -q /usr/share/namedmanager/bind/namedmanager_bind_configwriter.php
Error: Unable to open file /var/named/chroot/etc/named.namedmanager.conf for reading
Error: Some errors occured whilst attempting to deploy domain configuration
Checked /var/named/chroot and then ran the command [root@ns2 chroot]# php -q /usr/share/namedmanager/bind/namedmanager_bind_configwriter.php
and everything has synced.
Thank you so much for your help and time.

from namedmanager.

thanks for helping out @fedebros - it could be something like a different PHP version enforcing cert validation (which it should!) whereas your version might not have been enforcing validation.

It's annoying that it's not throwing a clear exception, means I can't easily catch it and write a nice clear end user message. TBH, I think the SOAP API probably needs to be replaced by a nicer REST API at some point that actually fails in a nice fashion.

from namedmanager.

I faced this issue today

I thought (and should confirm) the comment from Jethro: Different PHP version.

I have exactly the same setup in 3 servers (Debian 8 jessie with PHP 5), and now I'm deploying a new server to replace one of them. The new server is Ubuntu LTS 16.04, using PHP7 and I copied exactly the same namedmanager (not last namedmanager version, although) and same configuration. I get the same error:

PHP Fatal error: SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://www.l3jane.net/namedmanager/api/namedmanager.wsdl' : failed to load external entity "https://www.l3jane.net/namedmanager/api/namedmanager.wsdl"
in /usr/local/share/namedmanager/include/application/inc_soap_api.php on line 33
PHP Fatal error: Uncaught SoapFault exception: [WSDL] SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://www.l3jane.net/namedmanager/api/namedmanager.wsdl' : failed to load external entity "https://www.l3jane.net/namedmanager/api/namedmanager.wsdl"
in /usr/local/share/namedmanager/include/application/inc_soap_api.php:33
Stack trace:
#0 /usr/local/share/namedmanager/include/application/inc_soap_api.php(33): SoapClient->SoapClient('https://www.l3j...')
#1 /usr/local/share/namedmanager/namedmanager_bind_configwriter.php(108): soap_api->authenticate()
#2 {main}
thrown in /usr/local/share/namedmanager/include/application/inc_soap_api.php on line 33

But ....
I'm using a certificate issued by my own CA (not self-signed) and didn't faced issues before.

Although as this is a new machine, I just issued 'c_rehash' command (this command updates the trusted certificate db/cache of the system) and now it works.

So seems clearly a certificate trust issue, also confirmed by the fact I didn't see the HTTP-request on the web server log when I launch namedmanager_bind. May be PHP7 do more checks on SSL certificates?

So basically you should install the certificates (CA o or self-signed) on the bind system and issue 'c_rehash' to make PHP SOAP trusts the server.

from namedmanager.