9831 is for the job server profile type.
why is it not possible in your enviornment to talk to that server?
The "design" is to have only CONFIGURATION and NSH_PROXY-server on that host1. But this host has also the IP-address for the provisioning-LAN. As we have a cluster this one address is switched to the active host. The jobserver(s) (in fact we have four of them - yes, maybe that's an important information here ) are not clustered.
And: as always I'm interested in the things going on "behind the curtain"...
That design was incorrect then.
Or add a job instance to the config server but setup the job routing rules so that it never runs jobs.
"That design was incorrect then."
according to the software's capabilities you are right. But from the customer's view I would say the software is "incorrect" - it depends on the viewpoint.
"Or add a job instance to the config server but setup the job routing rules so that it never runs jobs."
That nails down the opinion that the software is not well designed at this point: if no job has to be run on the server (i.e. host1) - why do I have to configure a JOBserver?
But - this answers my underlying question: the (so called) JOBserver is only needed to listen on port 9831 and not to execute any real job. Thank you!
Provisioning is a Job. it just is backwards in that the target is polling the appserver for what to do instead of the other way around. running provisioning is not a function of the ‘config’ server or the ‘nsh_proxy’ server profile types.
Mmh, that sounds interesting. I think that most of the provisioning-tasks are executed by one of the job-servers. Actually the provisioning went very far (I'm not at the customer at the moment), the SuSE files were fetched from the pxestore and installed. The only thing that - to my memory - did not happen was the bmi-callback. There was some message like "port 9831 is not available on 18.104.22.168" (<= the above named IP-address).
I will check tomorrow and add the exact mesage here and how far the installation actually went.
Try it w/ windows and you will not get as far.
I can understand the point about it not making complete sense to have the 9831 port attached to the Job server, at least for provisioning. The sole purpose of this connection for provisioning is to update the database with the status of the provisioning process on the target. It does not interact with the provisioning job at all - the job can even be running on a separate physical machine and it will still pick up the update through the DB. Also, the other incoming connections from external systems all go into the CONFIG server, so it would logically make more sense. The SSL port is needed for other functionality on the JOB server though.
That said, this is the way it is currently designed and there are reasons for the design, some of which we may not be aware of. You can raise an RFE to get this changed, but I think that it would make more sense to remove the need to have a connection from the BMI back to the app server at all.
Thanks to both of you!!!
Some additional info as promised:
w/o JOBserver configured the provisioning history tells us that the provisioning job is executed on some jobserver-deployment on host2
"Executin work item Provision Job:PollForProvisionedWorkItem; on application server: JobServerA1"
(with JobServerA1 running on host2)
The installation runs through including installation of rscd-agent. After the agent-installation the error-message (complete message-sequence) that appears w/o the JOBserver configured is:
Host Address: 22.214.171.124
comm to provisioning server started
comm: to connect
connect to 126.96.36.199:failed
Could not connect to 188.8.131.52:9831. EC: 111
could not connect to blademetal server!
Now I configured a JOBserver-deployment on host1 and did the following settings:
blasadmin -s configandjobserver set AppServer MaxJobs 0
blasadmin -s configandjobserver set AppServer MaxJobThreads 0
blasadmin -s configandjobserver set AppServer MaxWorkItemThreads 0
The provisioning job runs again on JobServerA1, could now connect to port 9831 on host1 and finishes as expected!
Regarding this one from Paul:
"The SSL port is needed for other functionality on the JOB server though."
Do you know of some or all of this "functionality"? The documentation just tells about:
"SSL Communication Port 9831 Required if using Provisioning"
"9831 TCP Application Server Bare Metal Image communication to and from the Application Server. (By default the Application Server uses this port for SSL communication.)
I though 9831 was also used for the inter app server communication, but it's not, so it does seem like provisioning is the only place that uses this port.
As Bill said though, most provisioning for Windows, RedHat and Solaris will fail part of the way through if this port is not reachable.
Nope. That’s 9836 and the port range 9850-9899