I would like to setup monitoring of our Springboot application. We already have jolokia included in.
I'm not able to connect to jolokia endpoint though due to ssl certificate validation failure.
GET https://localhost:9090/jolokia/search/*%3Aj2eeType%3DJ2EEServer%2C*
===========================================================
500 Can't connect to localhost:9090 (certificate verify failed)
Content-Type: text/plain
Client-Date: Mon, 07 Dec 2020 13:12:16 GMT
Client-Warning: Internal response
Can't connect to localhost:9090 (certificate verify failed)
SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed at /usr/lib/perl5/vendor_perl/5.26.1/LWP/Protocol/http.pm line 50.
Thank you,
Radovan
You might want to try setting this environment variable:
PERL_LWP_SSL_VERIFY_HOSTNAME=0
You don't give an example of what your check command looks like, but as a general example you should be able to squeeze in environment variables at the start of it:
define command {
command_name foo
command_line PERL_LWP_SSL_VERIFY_HOSTNAME=0 /plugins/my_plugin.pl (...)
}
This is one way of setting the variable at run time, you can of course set it in other ways, such as in a systemd service file, but I think this is the easiest and surest way to get it to apply.
Related
VSCode Version:
1.62.2
Local OS Version:
Windows 10.0.18363
Reproduces in: Remote - Containers
Name of Dev Container Definition with Issue:
/vscode/devcontainers/typescript-node
In our company we use a proxy which terminates the SSL connections. When I now try to start any devcontainer (the workspace is in the WSL2 filesystem), I get the following error message:
Installing VS Code Server for commit 3a6960b964327f0e3882ce18fcebd07ed191b316
[2021-11-12T17:01:44.400Z] Start: Downloading VS Code Server
[2021-11-12T17:01:44.400Z] 3a6960b964327f0e3882ce18fcebd07ed191b316 linux-x64 stable
[2021-11-12T17:01:44.481Z] Stop (81 ms): Downloading VS Code Server
[2021-11-12T17:01:44.499Z] Error: unable to get local issuer certificate
at TLSSocket.onConnectSecure (_tls_wrap.js:1497:34)
at TLSSocket.emit (events.js:315:20)
at TLSSocket._finishInit (_tls_wrap.js:932:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:706:12)
In the dockerfile I copy the company certificates and update them:
ADD ./certs /usr/local/share/ca-certificates
RUN update-ca-certificates 2>/dev/null
The proxy environment variables are also set correctly. Out of desperation I also tried to disable the certificate check for wget:
RUN su node -c "echo check_certificate=off >> ~/.wgetrc"
Even in the devcontainer configuration I have disabled the proxy and the security check for VS code via the settings:
// Set *default* container specific settings.json values on container create.
"settings": {
"http.proxy": "http://<proxy.url>:8080",
"http.proxyStrictSSL": false
},
I have tried many other things, like setting NODE_TLS_REJECT_UNAUTHORIZED=0 as env variable inside the dockerfile, unfortunately without any success. Outside the company network, without the proxy, it works wonderfully.
Maybe one of you has an idea how I can solve this problem?
A working if not so nice solution to the problem is to add HTTPS exceptions for the following domains:
https://update.code.visualstudio.com
https://az764295.vo.msecnd.net
A list of common hostnames can be found here:
https://code.visualstudio.com/docs/setup/network
I have Jenkins ver. 2.205 in Windows 10 and I have the following situation
Configure Global Security has Enable security checked.
I created the id_rsa_jenkins and id_rsa_jenkins.pub keys. The value of the public key was added to Jenkins for my account in SSH Public Keys.
I have the jenkins-cli.jar file, downloaded from http://localhost:9090/cli/
CLI
When I execute the following (split in multiple lines for presentation purposes):
java -jar jenkins-cli.jar
-s http://localhost:9090/
-i C:\Users\windowsusername/.ssh/id_rsa_jenkins
-ssh
-user jenkinsusername
help
Appears:
Enter passphrase for C:\Users\windowsusername\.ssh\id_rsa_jenkins:
Problem
I write the valid passphrase and then appears the following:
Nov 23, 2019 11:28:22 AM org.apache.sshd.common.util.security.AbstractSecurityProviderRegistrar getOrCreateProvider
INFO: getOrCreateProvider(EdDSA) created instance of net.i2p.crypto.eddsa.EdDSASecurityProvider
Nov 23, 2019 11:28:22 AM hudson.cli.SSHCLI sshConnection
WARNING: No header 'X-SSH-Endpoint' returned by Jenkins
As shown above, does not appear the expected data
It happens for any Jenkins CLI command, such as:
help
who-am-i
list-jobs
etc.
What is missing or wrong?
For the audience:
The instructions provided in the original post are mandatory. But the following instructions are mandatory too:
Have installed the SSH plugin
In Configure Global Security, in the SSH Server section (in the bottom), proceed to enable it, in this case I use the Fixed value option.
Note seems the random option is only useful for the jenkins-cli.jar case. It because through the SSH connection (i.e: ssh -l jenkinsusername -p 2020 localhost list-jobs) is mandatory know the port, in this case 2020.
Therefore Fixed or Random is viable for jenkins-cli.jar (it does not ask for use a port number) but for SSH connection is mandatory know the port number (here Fixed is need it)
Furthemore in Jenkins SSH indicates:
Configuration
By default, Jenkins will listen on a random available port, so as not to break
existing deployments. But this is most likely not very useful, so the administrator
is encouraged to change this from the global security configuration page by assigning
a fixed port. This configuration UI will also allow you to disable this feature.
Was very valuable this video:
Jenkins in Telugu part 17 | Jenkins CLI (with ssh)
enter image description here1. I have downloaded and extracted the 'opencv_contrib-master' & 'opencv-master' from Git repo.
2. cmake 3.9 version is installed.
When I run the cmake, I am getting the below error:
I am using Visual Studio 2017 and Windows 10. Any help?
This is a screnshot of the CMAkeDownloadLog.txt
ErrorLog
From ErrorLog:
#use_cache "C:/Downloads/OPENCV/opencv-master/.cache"
#do_copy "opencv_ffmpeg.dll" "b8120c07962d591e2e9071a1bf566fd0" "https://raw.githubusercontent.com/opencv/opencv_3rdparty/0a0e88972a7ea97708378d0488a65f83e7cc5e69/ffmpeg/opencv_ffmpeg.dll" "C:/OpenCV/3rdparty/ffmpeg"
#missing "C:/OpenCV/3rdparty/ffmpeg/opencv_ffmpeg.dll"
#check_md5 "C:/Downloads/OPENCV/opencv-master/.cache/ffmpeg/b8120c07962d591e2e9071a1bf566fd0-opencv_ffmpeg.dll"
#mismatch_md5 "C:/Downloads/OPENCV/opencv-master/.cache/ffmpeg/b8120c07962d591e2e9071a1bf566fd0-opencv_ffmpeg.dll" "d41d8cd98f00b204e9800998ecf8427e"
#delete "C:/Downloads/OPENCV/opencv-master/.cache/ffmpeg/b8120c07962d591e2e9071a1bf566fd0-opencv_ffmpeg.dll"
#cmake_download "C:/Downloads/OPENCV/opencv-master/.cache/ffmpeg/b8120c07962d591e2e9071a1bf566fd0-opencv_ffmpeg.dll" "https://raw.githubusercontent.com/opencv/opencv_3rdparty/0a0e88972a7ea97708378d0488a65f83e7cc5e69/ffmpeg/opencv_ffmpeg.dll"
# timeout on name lookup is not supported
# Trying 151.101.112.133...
# TCP_NODELAY set
# connect to 151.101.112.133 port 443 failed: Timed out
# Failed to connect to raw.githubusercontent.com port 443: Timed out
# Closing connection 0
As you probably noticed, CMake cannot connect to the server providing the file it needs to download. Most likely that is some problem with your network connection.
For me CMake didn't know about the company https proxy. CMake knows about this through the environment variables HTTP_PROXY and HTTPS_PROXY. If this is your problem, you can set these variables for your system. If you cannot set environment variables system wide or you just want a quick test, start up command prompt and run
set HTTP_PROXY=<your-proxy-here>
set HTTPS_PROXY=<your-proxy-here>
c:\program files\cmake\bin\cmake-gui.exe
The path to cmake may be different, if it was installed to a different location.
If this is not the cause, something else is blocking your connection. E. g. a firewall, malware protection, etc.
I am getting an error when I execute the following command on Hortonworks sandbox HDP 2.3_1:
curl -i "http://localhost:50075/webhdfs/v1/queryresult/part-m-00000?op=OPEN
HTTP/1.1 400 Bad Request
Content-Type: application/json; charset=utf-8
Content-Length: 161
Connection: close
{"RemoteException":{"exception":"IllegalArgumentException","javaClassName":"java.lang.IllegalArgumentException","message":"java.net.UnknownHostException: null"}}
When I change the port to 50070, I get a message "curl: (7) couldn't connect to host".
webhdfs property is enabled in my hdsf-site.xml and its a single node hadoop cluster.
<property>
<name>dfs.webhdfs.enabled</name>
<value>true</value>
<final>true</final>
</property>
Does /queryresult/part-m-00000 exist? Try hadoop dfs -ls /queryresult/queryresult/part-m-00000 and see if you can see the file. If you can check the permissions on the file. They should have read ability for the user making the webhdfs query.
First the 50075 is not correct the 50070 is default, but still won't work, because some strange redirection to the sandbox.hortonworks.com.
To fix it, I added to the "hosts" (for Windows located here C:\Windows\System32\drivers\etc): file the folowing entry
127.0.0.1 sandbox.hortonworks.com
After this my PC managed to deal with this redirect. Maybe you will need to restart http client, in my case it was chrome
As per https://hadoop.apache.org/docs/r1.0.4/webhdfs.html, it is better to change to actual hostname of the machine.
This command works for me (hdp 2.5):
curl -i "sandbox.hortonworks.com:50075/webhdfs/v1/data/xyz.json?op=OPEN"
I couldn't get it to work with localhost.
I am trying to invoke remote build with token. It gives me 401. As per my understanding its not required with token.
Jigars-MacBook-Pro:portal jigarshah$
curl https://jigarshah:<TOKEN API>#jenkins-jigarshah.rhcloud.com/job/MyJob/build?token=<TOKEN>
<html><head><title>Error 401</title></head><body bgcolor="#ffffff"><h1>Status Code: 401</h1>Exception: Bad credentials<br>Stacktrace: (none)
<br><hr size="1" width="90%"><i>Generated by Winstone Servlet Engine v0.9.10 at Mon Apr 08 09:27:59 EDT 2013</i></body></html>
What am I missing here ?
You forget about your username and password.
Look this: link and link
I found solution. I don't have to provide password. Just API TOKEN is good enough. Yes, user name has to me from jenkins. go to /me/configure
There is button that says "show api token". Use that to trigger build...
curl https://:#/job/MyJob/build?token=