Skip to content

Troubleshooting

Jump to bottom Edit New page
Gordon Woodhull edited this page Feb 21, 2023 · 8 revisions

General

I've installed RCloud locally, and it cycles endlessly between GitHub authorization and RCloud login

This may be because the cookie domain does not match up, so RCloud does not know where to find your authorization token. Try setting Host: in your rcloud.conf.

Error messages in login.R

  • R aborted on the request - This means that the script process is failing for some reason. Look at the output of the script process to determine the cause. Some possible causes are:
    • The compute node can't reach the metadata (RCS) server - check that it has the right address.
    • R 3.6.0 needs later Rserve - see s-u/Rserve#131 and att/rcloud#267. Install latest with install.packages('Rserve',,'http://rforge.net')
  • Blank error (Evaluation error: Error in function (type, msg, asError = TRUE) : with no message)
    • login.R uses RCurl to connect to SKS to validate the user
    • RCurl can throw a NULL error if it runs into a permission error, so check cert permissions

With User Switching

Error in unixtools::set.user(exec.usr) : failed to set gid (65534) from passwd for user nobody

If you're using user switching, you need to start RCloud with sudo conf/start

(scripts/shutdown.sh will detect user switching and invoke sudo automatically, so it's not necessary to prefix with sudo.)

With Session Key Server

Session Key Server allows user switching by confirming the username and password on the target machine using PAM Unix authentication, or via various other authentication protocols.

Evaluation error: Error in function (type, msg, asError = TRUE) : server certificate verification failed.
CAfile: /data/rcloud/conf/xxxx.crt CRLfile: none

This could mean that the cert used by SKS is expired or invalid (not the one in the error message!) Check that the xxx.jks file referenced by SKS is up-to-date with the cert used by nginx, and if necessary, generate it from the xxx.crt:

#make p12 file from new cert
openssl pkcs12 -export -in xxx.crt -inkey xxx.key -out xxx.p12

#make jks
keytool -importkeystore -srckeystore xxx.p12  -srcstoretype PKCS12 -destkeystore xxx.jks -deststoretype JKS

You will need the password which is stored in the file supplied to SKS using the -PF parameter.

With Gist Services

If you are using rcloud-gist-services as your notebook backend, the gist services will need to validate any access tokens using SKS.

When RCloud creates or modifies any gist, it will supply the client_id (from github.client.id in rcloud.conf) and access_token from SKS.

The gist service could fail with error 403 for various reasons:

  • Since it needs to independently validate the token, SKS needs to be configured in application.yml, so make sure that the client_id and URL match:
gists:
  keyservers:
    client_id:
      url: https://example.com:4301/valid?token={token}&realm={realm}
  • Turn on verbose logging by changing INFO to DEBUG in logback.xml (no restart needed), and see if the incoming credentials match what are expected
  • Cross reference with the SKS log
Add a custom footer
Add a custom sidebar
Clone this wiki locally