500 Error on new install RHEL 8

I just installed Open Ondemand from RPM on a RHEL 8.5 system.
After starting the web daemon, I get a 500 - internal server error.
I followed the instructions on the doc site. What am I missing ?

I suspect it has something to do with mapping an initial default user. Some other discord articles describe that. Where is the user map located?

SELinux and local firewall is disabled. This is just a test system before I install on the production server.

Sorry about the Noob question. These are the steps I’ve taken for installation.

  1. installed and updated a fresh RHEL 8.5 system
  2. added the OSC repo to my package manager
  3. enabled the ruby and nodejs modules
  4. installed ondemand with the dependencies
  5. verified that SELinux and local firewall is OFF
  6. started httpd daemon
  7. verified that apache is running
  8. get 500 - Internal Server Error on web page

What step(s) am I missing on a simple test installation?

Hello and welcome!

The installation instructions can be found here: Installation — Open OnDemand 2.0.20 documentation

Are those the instructions you were following for the RPM install?

After the install, did you also follow the starting services page here: 4. Start Services — Open OnDemand 2.0.20 documentation

Steps that may have been missed could be caught reading through those again, I’m just not sure what could be wrong with the previous info so far is all.

Also, you mentioned the user mapping in a previous post, and so maybe this doc would help as well: 2. Setup User Mapping — Open OnDemand 2.0.20 documentation

Let me know if any of those help you clear up any missing steps, and if not we can dig deeper and see what’s goign on.

Hello, and Thanks ! :grinning:
Yes, those were the instructions I have been using. I am installing on a test system before I deploy to the login node. Just wanted to work out some of the issues and give it a good look.

So, my checklist of steps in a previous post seem to follow the instructions pretty closely. I was expecting to see a generic login page, since no user has logged in yet, there should be no PUNs.

I’m sure I overlooked something apparently important, since I get the 500 error. I just don’t see what could be missing. Would you recommend a different OS ? RHEL 7 perhaps ?

Hmm, yeah that’s strange. Have you tried firing a VM up and walking through again to check? It does seem like a step was missed somewhere from the error.

Are you seeing anything in the internal server logs?

You could try a build on RHEL 7 if you are fine with doing that and have the time, though I’d like to know what happened with the 8 install as well.

Okay, I went through all the steps again. Sorry for the lengthy post.
What could I be missing here ?
Do I need to make any changes in a conf file?

Basic RHEL 8.5 install - fully updated

[root@whqpod01p ~]# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.5 (Ootpa)

1. Standard repos enabled

±---------------------------------------------------------+
Repositories in /etc/yum.repos.d/redhat.repo
±---------------------------------------------------------+
Repo ID: codeready-builder-for-rhel-8-x86_64-rpms
Repo Name: Red Hat CodeReady Linux Builder for RHEL 8 x86_64 (RPMs)

Repo ID: rhel-8-for-x86_64-supplementary-rpms
Repo Name: Red Hat Enterprise Linux 8 for x86_64 - Supplementary (RPMs)

Repo ID: rhel-8-for-x86_64-appstream-rpms
Repo Name: Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)

Repo ID: SFWMD_EPEL_EPEL_8
Repo Name: EPEL 8

Repo ID: rhel-8-for-x86_64-baseos-rpms
Repo Name: Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)

2. Add OSC Repo

yum install https://yum.osc.edu/ondemand/2.0/ondemand-release-web-2.0-1.noarch.rpm

3. Enable Ruby and Nodejs module streams

dnf module enable ruby:2.7
dnf module enable nodejs:12

4. Install ondemand package & dependencies

yum install ondemand

5. Verify web service status

[root@whqpod01p ~]# service httpd status
Redirecting to /bin/systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/httpd.service.d
└─ood-portal.conf, ood.conf
Active: inactive (dead)
Docs: man:httpd.service(8)

No need to modify system security, since firewall and SELinux are off

6. Start Web daemons

systemctl start httpd
systemctl enable httpd

7. Verify web service status again

[root@whqpod01p ~]# service httpd status
Redirecting to /bin/systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/httpd.service.d
└─ood-portal.conf, ood.conf
Active: active (running) since Thu 2022-01-27 13:31:29 EST; 41s ago
Docs: man:httpd.service(8)
Main PID: 12300 (httpd)
Status: “Running, listening on: port 443, port 80”
Tasks: 213 (limit: 23671)
Memory: 30.5M
CGroup: /system.slice/httpd.service
├─12300 /usr/sbin/httpd -DFOREGROUND
├─12302 /usr/sbin/httpd -DFOREGROUND
├─12303 /usr/sbin/httpd -DFOREGROUND
├─12304 /usr/sbin/httpd -DFOREGROUND
└─12305 /usr/sbin/httpd -DFOREGROUND

Jan 27 13:31:29 whqpod01p systemd[1]: Starting The Apache HTTP Server…
Jan 27 13:31:29 whqpod01p update_ood_portal[12285]: No change in Apache config.
Jan 27 13:31:29 whqpod01p systemd[1]: Started The Apache HTTP Server.
Jan 27 13:31:29 whqpod01p httpd[12300]: Server configured, listening on: port 443, port 80

8. Check web page

500 - Internal Server Error
:face_with_diagonal_mouth:

What did you do for you authentication? Did you use the Dex OIDC package with the ood user or have a default user on the system before the login?

We are working on RedHat IdM (ldap & krb5), but that’s not ready yet.
I was just using local accounts so far. I’ve been looking at the http logs

Error.log says AuthType openid-connect configured without corresponding module

I was assuming that httpd runs as the apache user, which I see was added when it was installed.
I was hoping to examine OOD more fully, but can’t seem to get it off the ground.
Isn’t there an “out of the box” configuration for testing ?

Did you include the sudo yum install ondemand-dex when working through the steps? If so, did you also issue the sudo systemctl start ondemand-dex and sudo systemctl enable ondemand-dex commands after the setup?

I just went through a VM with CentOS8 and had it running so maybe that’s the issue, though it’s not an exact RedHat replication it’s pretty close. I also skipped SELinux, turned off the firewall, and just went with the simple dex setup with that local ood user.

There is also the option of using the docker container if that’s something you are comfortable with. The instructions for that option are here: ondemand/DEVELOPMENT.md at master · OSC/ondemand · GitHub

Good Morning Travis.
The instructions list that as optional.
Apparently, that was the missing piece.

Okay, after installing ondemand-dex, and restarting apache and the ondemand-dex services, I see a login screen. I added the ood user and group, but I cannot login. Sorry about all the questions, I am new to this software. How do I login ?

Hello,
Okay, reading the instructions further, I see that ood@localhost is the default user.
Thanks for your help. I will continue to evaluate the product. Thanks again !
:grinning:

Glad it worked out!

We are currently working on a documentation update and reorganization and I agree that step is a bit confusing the way it’s worded as it says optional then after gives a note as to how this option is needed if you just want to do some exploration, which is not a good sequence of explanation.

I’ve created an issue in the docs to capture this here: Improve readibility of Install Instructions · Issue #629 · OSC/ood-documentation · GitHub

Greetings – I have experienced the same issue, having skipped the optional Dex install, and pausing in 4.4 (Start Services) to browse to ‘ondemand’ to verify status.

So is the bottom line that Dex is necessary? Reading forward to the LDAP implementation, the guide suggests that Dex would in fact be installed, as it calls for:

step 1: Add LDAP configurations to to Dex, refer to Configuring OnDemand Dex for LDAP.

I have not installed since doing so with 1.0.3, and did not recall working with Dex previously. Am happy to incorporate that now.

ps Cheers to equiros-sfwmd for posting about this experience.

Sorry for the whiplash – since we are implementing CAS through mod_auth_cas, which requires source build under RHEL 8, I’m jumping past dex. Step one under apache authentication specifies using apxs and apr under a directory not installed after installing ondemand via dnf:

/opt/rh/httpd24/root/usr/bin

Is this an indication that I have an incomplete install?
Have a good weekend!