I have two docker containers one is a web app and the other is a socket.io instance. I am sending constant traffic every 20 seconds.
My problem is that every ~10 minutes or so the containers disconnect and reconnect or they reboot or refresh.
For my container running socket.io with connection listener:
user connected (while connect send traffic every 15 seconds)
~10 minutes everything connected with disconnect
~4 seconds later everything reconnect
I have this issue for every docker container. I am also noticing this on multiple machines
Here are my logs
'browser-http-intake.logs.datadoghq.com:443:::::::::::::::::::::': [ [TLSSocket], [TLSSocket] ]
2023-01-27 06:33:14 },
2023-01-27 06:33:14 freeSockets: [Object: null prototype] {},
2023-01-27 06:33:14 keepAliveMsecs: 1000,
2023-01-27 06:33:14 keepAlive: false,
2023-01-27 06:33:14 maxSockets: Infinity,
2023-01-27 06:33:14 maxFreeSockets: 256,
2023-01-27 06:33:14 scheduling: 'lifo',
2023-01-27 06:33:14 maxTotalSockets: Infinity,
2023-01-27 06:33:14 totalSocketCount: 2,
2023-01-27 06:33:14 maxCachedSessions: 100,
2023-01-27 06:33:14 _sessionCache: { map: {}, list: [] },
2023-01-27 06:33:14 [Symbol(kCapture)]: false
2023-01-27 06:33:14 },
2023-01-27 06:33:14 socketPath: undefined,
2023-01-27 06:33:14 method: 'POST',
2023-01-27 06:33:14 maxHeaderSize: undefined,
2023-01-27 06:33:14 insecureHTTPParser: undefined,
2023-01-27 06:33:14 path: '/v1/input/pub8fbf7e98390ffade40f912e605b26dc9',
2023-01-27 06:33:14 _ended: false,
2023-01-27 06:33:14 res: null,
2023-01-27 06:33:14 aborted: false,
2023-01-27 06:33:14 timeoutCb: null,
2023-01-27 06:33:14 upgradeOrConnect: false,
2023-01-27 06:33:14 parser: null,
2023-01-27 06:33:14 maxHeadersCount: null,
2023-01-27 06:33:14 reusedSocket: false,
2023-01-27 06:33:14 host: 'browser-http-intake.logs.datadoghq.com',
2023-01-27 06:33:14 protocol: 'https:',
2023-01-27 06:33:14 _redirectable: [Circular *3],
2023-01-27 06:33:14 [Symbol(kCapture)]: false,
2023-01-27 06:33:14 [Symbol(kBytesWritten)]: 0,
2023-01-27 06:33:14 [Symbol(kEndCalled)]: false,
2023-01-27 06:33:14 [Symbol(kNeedDrain)]: false,
2023-01-27 06:33:14 [Symbol(corked)]: 0,
2023-01-27 06:33:14 [Symbol(kOutHeaders)]: [Object: null prototype] {
2023-01-27 06:33:14 accept: [ 'Accept', 'application/json, text/plain, */*' ],
2023-01-27 06:33:14 'content-type': [ 'Content-Type', 'application/json' ],
2023-01-27 06:33:14 'user-agent': [ 'User-Agent', 'axios/1.2.5' ],
2023-01-27 06:33:14 'content-length': [ 'Content-Length', '176' ],
2023-01-27 06:33:14 'accept-encoding': [ 'Accept-Encoding', 'gzip, compress, deflate, br' ],
2023-01-27 06:33:14 host: [ 'Host', 'browser-http-intake.logs.datadoghq.com' ]
2023-01-27 06:33:14 },
2023-01-27 06:33:14 [Symbol(kUniqueHeaders)]: null
2023-01-27 06:33:14 },
2023-01-27 06:33:14 _currentUrl: 'https://browser-http-intake.logs.datadoghq.com/v1/input/pub8fbf7e98390ffade40f912e605b26dc9',
2023-01-27 06:33:14 [Symbol(kCapture)]: false
2023-01-27 06:33:14 },
2023-01-27 06:33:14 cause: Error: read ECONNRESET
2023-01-27 06:33:14 at TLSWrap.onStreamRead (node:internal/stream_base_commons:217:20) {
2023-01-27 06:33:14 errno: -104,
2023-01-27 06:33:14 code: 'ECONNRESET',
2023-01-27 06:33:14 syscall: 'read'
2023-01-27 06:33:14 }
2023-01-27 06:33:14 }
2023-01-27 06:33:14
2023-01-27 06:33:14 Node.js v18.12.1
2023-01-27 15:07:51 npm ERR! path /usr/src/socketio
2023-01-27 15:07:51 npm ERR! command failed
2023-01-27 15:07:51 npm ERR! signal SIGTERM
2023-01-27 15:07:51 npm ERR! command sh -c -- nodemon .
2023-01-27 15:07:51
2023-01-27 15:07:51 npm ERR! A complete log of this run can be found in:
2023-01-27 15:07:51 npm ERR! /root/.npm/_logs/2023-01-27T09_53_48_354Z-debug-0.log
Related
I'm looking for a way to get organizations of a user logged in using Keyrock's OAuth2.
I have Keyrock set up using docker-compose. I've created an organization and assigned users to it, using API. But, when a user logs in, both the JWT token and the /user endpoint return an empty list of organizations.
The user is assigned to an organization, I can see entries in the database and when using API:
mysql> select * from user_organization;
+----+--------+--------------------------------------+--------------------------------------+
| id | role | user_id | organization_id |
+----+--------+--------------------------------------+--------------------------------------+
| 2 | owner | admin | f21f255d-ef4c-4afd-9cc3-261e3e7dc168 |
| 3 | owner | admin | 3cab93ad-83ba-404f-8499-f870d0ab0d02 |
| 4 | member | 42a336da-2321-4258-a4dd-6e447d2ee171 | 3cab93ad-83ba-404f-8499-f870d0ab0d02 |
+----+--------+--------------------------------------+--------------------------------------+
In the API, when logged in as the admin:
curl -iX GET \
'localhost:3000/v1/organizations/3cab93ad-83ba-404f-8499-f870d0ab0d02/users/42a336da-2321-4258-a4dd-6e447d2ee171/organization_roles' \
-H 'Content-Type: application/json' \
-H 'X-Auth-token: 09c30919-ad6c-4eb9-9d90-283f0ae7483e'
{"organization_user":{"user_id":"42a336da-2321-4258-a4dd-6e447d2ee171","organization_id":"3cab93ad-83ba-404f-8499-f870d0ab0d02","role":"member"}}%
When I log in as the 42a336da-2321-4258-a4dd-6e447d2ee171 user using OAuth2, the JWT token has neither roles nor organizations. A part of decoded JWT token:
"organizations": [],
"displayName": "",
"roles": [],
"app_id": "d2e68240-b822-413c-978f-cc9ebdba1600",
"trusted_apps": [],
"isGravatarEnabled": false,
"id": "42a336da-2321-4258-a4dd-6e447d2ee171",
similarly, when instead of JWT I use a bearer token and I get user details using the /user endpoint:
http://localhost:3000/user?access_token=5d50b9b7162fc1cf7890d3b81feb96c5b176f0c8&action=GET&resource=myResource&app_id=d2e68240-b822-413c-978f-cc9ebdba1600
{
"organizations": [],
"displayName": "",
"roles": [],
"app_id": "d2e68240-b822-413c-978f-cc9ebdba1600",
"trusted_apps": [],
"isGravatarEnabled": false,
"id": "42a336da-2321-4258-a4dd-6e447d2ee171",
"authorization_decision": "Deny",
"app_azf_domain": "",
"eidas_profile": {},
"attributes": {},
"shared_attributes": "",
"username": "Test",
"email": "email#example.com",
"given_name": "Test",
"family_name": "Test",
"image": "",
"gravatar": "",
"extra": {
"visible_attributes": [
"username",
"description",
"website",
"identity_attributes",
"image",
"gravatar"
]
},
"sub": "42a336da-2321-4258-a4dd-6e447d2ee171"
}
Did I miss some steps in the organization/user configuration? Is there another way to get the organizations and roles of a current user?
I have an umbrella application which has logger configuration in the root config.exs file:
config :logger,
compile_time_purge_level: :debug,
backends: [
{LoggerFileBackend, :backends_log}
]
config :logger, :backends_log,
path: "path/to/awesome.log",
level: :debug,
metadata: :all
After updating OTP from 22 to 24 version (elixir 1.12.3, erlang 24.1), backends_log is not starting and all logs are going to STDOUT with default :console backend. But configuration is still same:
Application.get_all_env(:kernel)
=> [
logger: [
{:handler, :default, :logger_std_h,
%{
config: %{type: :standard_io},
formatter: {:logger_formatter,
%{legacy_header: true, single_line: false}}
}}
],
logger_sasl_compatible: false,
logger_level: :notice,
shell_docs_ansi: :auto
]
Application.get_all_env(:logger)
=> [
handle_sasl_reports: true,
discard_threshold: 5000,
compile_time_purge_matching: [],
sync_threshold: 10000,
utc_log: false,
console: [],
backends_log: [path: "path/to/awesome.log", level: :debug, metadata: :all],
start_options: [],
pdu_format_reviewer_error_count: [level: :error],
compile_time_application: nil,
backends: [
{LoggerFileBackend, :backends_log}
],
discard_threshold_periodic_check: 30000,
translators: [
{Plug.Cowboy.Translator, :translate},
{Logger.Translator, :translate}
],
compile_time_purge_level: :debug,
truncate: 8096,
log_counter: [level: :debug],
handle_otp_reports: true,
discard_threshold_for_error_logger: 500,
translator_inspect_opts: []
]
:logger.get_primary_config()
=> %{
filter_default: :log,
filters: [process_disabled: {&Logger.Filter.process_disabled/2, []}],
level: :debug,
metadata: %{}
}
I can fix this problem with Runtime Configuration
Logger.add_backend({LoggerFileBackend, :backends_log})
Logger.configure_backend(
{LoggerFileBackend, :backends_log},
path: "path/to/awesome.log",
level: :debug,
metadata: :all
)
Logger.remove_backend(Logger.Backends.Console)
but I think Application Configuration is more proper way.
How should I fix this problem?
Your config works for me. My configuration is: Ubuntu2004, Elixir 1.12.2, Erlang 24.1 (ESL Erlang). I tried to recreate your problem. Take a look at it, it might help.
https://github.com/z5ottu/elixir_12_logger_test
I send a GET for a team at least one resource the resources is in beta. The resource teamDiscoverySettings shouldn't be returned when the request is made to v1.0 API
I sent a GET https://graph.microsoft.com/v1.0/teams/{{teamID}} and the server responds with:
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#teams/$entity",
"id": "...",
"displayName": "...",
"description": "...",
"internalId": "...",
"webUrl": "...",
"isArchived": false,
"discoverySettings": {
"showInTeamsSearchAndSuggestions": false
},
"memberSettings": {
"allowCreateUpdateChannels": true,
"allowDeleteChannels": true,
"allowAddRemoveApps": true,
Shouldn't the beta resources only be returned withing the beta version of the APIs?
I am facing an issue in loopback, 401 (Unauthorized). Initially all APIs are working perfectly.
Now I set ACL for some of the models. After that I got an error 401 (Unauthorized) while accessing APIs
Sample Code
Eg: One of my model.json file
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$unauthenticated",
"permission": "DENY"
}
I got the accesstoken after login. I think the access token is not getting in in my API headers.
you can also define ACS level. you DENY for all unauthorized user but also set permission for authorized user like.
"acls": [
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "admin",
"permission": "ALLOW"
},
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$unauthenticated",
"permission": "ALLOW"
}
]
principalId is define in my ROLE collection if you did't define any princepalId you can also use this.
{
"accessType": "*",
"principalType": "ROLE",
"principalId": "$authenticated",
"permission": "ALLOW"
}
Please do not report as duplicate because all other topics have not solved my issue, thanks.
I'm using Microsoft Graph API to list and create calendar events, however, I can't seem to make the findMeetingTimes endpoint work.
This is my authorization URL:
https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize
?client_id=xxxxx
&response_type=code
&redirect_uri=xxxxx
&response_mode=form_post
&scope=openid profile User.ReadWrite User.ReadBasic.All Sites.ReadWrite.All Contacts.ReadWrite People.Read Notes.ReadWrite.All Tasks.ReadWrite Mail.ReadWrite Files.ReadWrite.All Calendars.ReadWrite
&state=12345
Then I request an access token using the same scopes:
$request = json_decode($guzzle->post('https://login.microsoftonline.com/common/oauth2/v2.0/token', [
'headers' => ['Content-Type' => 'application/x-www-form-urlencoded'],
'form_params' => [
'client_id' => 'xxxxx',
'scope' => 'openid profile User.ReadWrite User.ReadBasic.All Sites.ReadWrite.All Contacts.ReadWrite People.Read Notes.ReadWrite.All Tasks.ReadWrite Mail.ReadWrite Files.ReadWrite.All Calendars.ReadWrite',
'code' => $auth_code,
'grant_type' => 'authorization_code',
'redirect_uri' => 'xxxxx',
'client_secret' => 'xxxxx'
],
])->getBody()->getContents());
After that I'm trying the findMeetingTimes endpoint using:
$request = json_decode($guzzle->post('https://graph.microsoft.com/v1.0/me/findMeetingTimes', [
'headers' => [
'Authorization' => 'Bearer ' . $accessToken,
'Content-Type' => 'application/json',
],
'body' => '{
"attendees": [
{
"type": "required",
"emailAddress": {
"name": "My Name",
"address": "myemail#hotmail.com"
}
}
],
"timeConstraint": {
"activityDomain":"work",
"timeslots": [
{
"start": {
"dateTime": "2019-04-02T09:00:00",
"timeZone": "Pacific Standard Time"
},
"end": {
"dateTime": "2019-04-03T17:00:00",
"timeZone": "Pacific Standard Time"
}
}
]
}
}',
])->getBody()->getContents());
However, it keeps returning:
401 - Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied.
Does anyone know what I'm missing? Note that I'm not using a Microsoft work/school account, just my regular one. (Does it matter?)
Its not possible to call this endpoint with personal accounts, this is metioned very cleary in the documentation