Develop Reference

Installing cosmos db emulator SSL certificate in docker redhat/kafka-connect container

I did the setup of the Cosmos DB emulator on the local machine, and started with the following parameters:
/port=443 /AllowNetworkAccess /Key=<CosmosPrimaryKey>
And currently, it is accessible via https://<LocalMachineIP>/
When I tried to make a curl request from the docker Redhat container (using docker image: confluentinc/cp-kafka-connect) it throws the below error:
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
And when trying to crate cosmos DB source connector it throws the below error:
[20 10:37:45,018] ERROR Client initialization failed. Check if the endpoint is reachable and if your auth token is valid. More info: https://aka.ms/cosmosdb-tsg-service-unavailable-java (com.azure.cosmos.implementation.RxDocumentClientImpl)
[2022-05-20 10:37:45,079] ERROR unexpected failure in initializing client. (com.azure.cosmos.implementation.RxDocumentClientImpl)
java.lang.RuntimeException: Client initialization failed. Check if the endpoint is reachable and if your auth token is valid. More info: https://aka.ms/cosmosdb-tsg-service-unavailable-java
at com.azure.cosmos.implementation.RxDocumentClientImpl.initializeGatewayConfigurationReader(RxDocumentClientImpl.java:401)
.......
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
[2022-05-20 10:37:45,095] WARN [8e2a220b, L:/172.25.0.6:57076 ! R:/192.168.154.131:443] The connection observed an error (reactor.netty.http.client.HttpClientConnect)
shaded.io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at shaded.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:477)
..........
at shaded.io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986)
at shaded.io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at shaded.io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
.........
at shaded.io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1283)
at shaded.io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:507)
at shaded.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:446)
... 17 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
.....................
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335)
... 31 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
... 37 more
I have exported the cosmos emulator .cer file using this article.
How to install it in the Docker container "kafka-connect"?

Can you post your curl request?
You need to use the -k flag to denote that it’s insecure.
curl -k https://{emulatoripaddr}:8081/_explorer/emulator.pem > emulatorcert.crt
It needs to be .crt
Then copy it to
/usr/local/share/ca-certificates/
Then install it
update-ca-certificates
Additionally you can mount a volume to the cosmos folder and save the .pem manually… /tmp/cosmos/appdata

Peer not authenticated Observed while securing API , using WSO2 EI Oauth 2.0 in localhost

I tried to secure my API using Oauth 2.0 http://abeykoon.blogspot.com/2015/04/wso2-esb-securing-rest-end-point-using.html in wso2 EI custom SimpleOauthhandler and I'm observing this exception
Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated.
I tried to import certificates using keytool, but I'm not sure which certificates are expired, if certificate expiry is the cause for this exception.
Line 63(return stub.validate(dto).getValid();) in SimpleOAuthHandler class http://abeykoon.blogspot.com/2015/04/wso2-esb-securing-rest-end-point-using.html causing this exception
Exception:
[2020-01-10 13:10:54,931] [EI-Core] INFO - HTTPSender Unable to sendViaPost to url[https://localhost:9445/services/OAuth2TokenValidationService]
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:450)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:276)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:186)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:704)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:199)
at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:81)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:459)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:286)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:441)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:227)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
at org.wso2.carbon.identity.oauth2.stub.OAuth2TokenValidationServiceStub.validate(OAuth2TokenValidationServiceStub.java:738)
at org.wso2.handler.SimpleOauthHandler.handleRequest(SimpleOauthHandler.java:93)
at org.apache.synapse.rest.API.process(API.java:325)
at org.apache.synapse.rest.RESTRequestHandler.apiProcess(RESTRequestHandler.java:135)
at org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:113)
at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:71)
at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:303)
at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:92)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:337)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:158)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
[2020-01-10 13:10:54,933] [EI-Core] ERROR - SimpleOauthHandler Error occurred while processing the message
org.apache.axis2.AxisFault: peer not authenticated
at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)

Download server certificat
(here is desrcibed how:
https://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file)
In your case from localhost:9445
Add downloaded server SSL certificate to client-truststore.jks in WSO2.
keytool -import -alias localhost -file {PathToDownloadedCertFile} -keystore {WSO2HomeDir}\repository\resources\security\client-truststore.jks
Restart WSO2

SonarQube server can not be reached by Jenkins using Docker

I have added a SonarQube Scanner analysis step to my Jenkins build, but the step fails:
[Test_gitlab] $ /var/jenkins_home/tools/hudson.plugins.sonar.SonarRunnerInstallation/http_INTERNAL_DOCKER_IP_ADDRESS_9000/bin/sonar-scanner -e -Dsonar.host.url=SERVER_IP_ADDRESS:9000 ******** -Dsonar.projectBaseDir=/var/jenkins_home/workspace/Test_gitlab
INFO: Option -e/--errors is no longer supported and will be ignored
INFO: Scanner configuration file: /var/jenkins_home/tools/hudson.plugins.sonar.SonarRunnerInstallation/http_INTERNAL_DOCKER_IP_ADDRESS_9000/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarQube Scanner 2.8
INFO: Java 1.8.0_102 Oracle Corporation (64-bit)
INFO: Linux 3.10.0-327.10.1.el7.x86_64 amd64
INFO: User cache: /var/jenkins_home/.sonar/cache
ERROR: SonarQube server [SERVER_IP_ADDRESS:9000] can not be reached
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 0.214s
INFO: Final Memory: 4M/209M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarQube Scanner execution
org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarQube
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:84)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:71)
at java.security.AccessController.doPrivileged(Native Method)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:71)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:67)
at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:218)
at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:156)
at org.sonarsource.scanner.cli.Main.execute(Main.java:72)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.lang.IllegalStateException: Fail to download libraries from server
at org.sonarsource.scanner.api.internal.Jars.downloadFiles(Jars.java:93)
at org.sonarsource.scanner.api.internal.Jars.download(Jars.java:70)
at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:39)
at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:75)
... 8 more
Caused by: java.lang.IllegalArgumentException: unexpected url: SERVER_IP_ADDRESS:9000/batch_bootstrap/index
at org.sonarsource.scanner.api.internal.shaded.okhttp.Request$Builder.url(Request.java:141)
at org.sonarsource.scanner.api.internal.ServerConnection.callUrl(ServerConnection.java:109)
at org.sonarsource.scanner.api.internal.ServerConnection.downloadString(ServerConnection.java:98)
at org.sonarsource.scanner.api.internal.Jars.downloadFiles(Jars.java:78)
... 11 more
ERROR:
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.
ERROR: SonarQube scanner exited with non-zero code: 1
Finished: FAILURE
My SonarQube Scanner is declared in Jenkins Global Tool Configuration. The name used is "http://SERVER_IP_ADDRESS:9000". This is the same address as the server base URL that I have set within SonarQube General Settings.
I'm using Docker: Jenkins is in a Docker container, and so does SonarQube.
The "unexpected url" mentioned in the stacktrace SERVER_IP_ADDRESS:9000/batch_bootstrap/index can be opened in a browser,
which displays sonar-scanner-engine-shaded-6.1.jar|SOME_LETTERS_AND_NUMBERS.
So why can't Jenkins reach the server?
I've also tried with Docker internal IP address, that can be found with:
docker inspect SONARQUBE_CONTAINER_ID | grep IP

Find place where you define the "unexpected url" mentioned in the stacktrace (parameter sonar.host.url of SonarQube Scanner) and prefix it with http://.
URLs must start with a scheme - see Wikipedia. Browser simply adds http:// by default.

SonarQube integration with Jenkins

I am trying to integrate SonarQube runner in my build process. My build steps consists of an ant build and sonar-runner task. I have attached the Screenshots later. I am getting an error stating "
Unable to determine database dialect to use within sonar with dialect
null jdbc url localhost
Build step 'Invoke Standalone SonarQube Analysis' marked build as failure
"-
[MyProject] $ /var/lib/jenkins/tools/hudson.plugins.sonar.SonarRunnerInstallation/Default-SonarQube-Runner/bin/sonar-runner -X -e -Dsonar.jdbc.url=localhost ******** ******** -Dsonar.host.url=http://qa.MyProject.com:9000 ******** ******** -Dsonar.projectBaseDir=/var/lib/jenkins/workspace/MyProject -Dproject.settings=/var/lib/jenkins/workspace/MyProject/sonar-project.properties
SonarQube Runner 2.4
Java 1.7.0_95 Oracle Corporation (64-bit)
Linux 3.13.0-48-generic amd64
INFO: Error stacktraces are turned on.
INFO: Runner configuration file: /var/lib/jenkins/tools/hudson.plugins.sonar.SonarRunnerInstallation/Default-SonarQube-Runner/conf/sonar-runner.properties
INFO: Project configuration file: /var/lib/jenkins/workspace/MyProject/sonar-project.properties
INFO: Default locale: "en_US", source code encoding: "UTF-8"
INFO: Work directory: /var/lib/jenkins/workspace/MyProject/.sonar
INFO: SonarQube Server 5.1
07:06:34.641 INFO - Load global repositories
07:06:34.651 DEBUG - Download: http://qa.MyProject.com:9000/batch/global (no proxy)
07:06:34.744 INFO - Load global repositories (done) | time=105ms
07:06:34.745 INFO - Server id: 20160304110723
07:06:34.747 INFO - User cache: /var/lib/jenkins/.sonar/cache
07:06:34.755 INFO - Install plugins
07:06:34.755 DEBUG - Download index of plugins
07:06:34.755 DEBUG - Download: http://qa.MyProject.com:9000/deploy/plugins/index.txt (no proxy)
07:06:34.841 DEBUG - Loaded 2196 properties from l10n bundles
07:06:34.842 INFO - Install JDBC driver
07:06:34.842 DEBUG - Download index of jdbc-driver
07:06:34.842 DEBUG - Download: http://qa.MyProject.com:9000/deploy/jdbc-driver.txt (no proxy)
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
Total time: 0.681s
Final Memory: 3M/59M
INFO: ------------------------------------------------------------------------
ERROR: Error during Sonar runner execution
org.sonar.runner.impl.RunnerException: Unable to execute Sonar
at org.sonar.runner.impl.BatchLauncher$1.delegateExecution(BatchLauncher.java:91)
at org.sonar.runner.impl.BatchLauncher$1.run(BatchLauncher.java:75)
at java.security.AccessController.doPrivileged(Native Method)
at org.sonar.runner.impl.BatchLauncher.doExecute(BatchLauncher.java:69)
at org.sonar.runner.impl.BatchLauncher.execute(BatchLauncher.java:50)
at org.sonar.runner.api.EmbeddedRunner.doExecute(EmbeddedRunner.java:102)
at org.sonar.runner.api.Runner.execute(Runner.java:100)
at org.sonar.runner.Main.executeTask(Main.java:70)
at org.sonar.runner.Main.execute(Main.java:59)
at org.sonar.runner.Main.main(Main.java:53)
Caused by: Unable to determine database dialect to use within sonar with dialect null jdbc url localhost
Build step 'Invoke Standalone SonarQube Analysis' marked build as failure
Finished: FAILURE
Inside my Jenkins->Manage Jenkins->Configure System , I have configured the sonar qube section as shown in the screenshot below-
Here is the screenshot of my build config-
I am not getting the clue on how to debug ? Any suggestion ?
Here are the version details-
SonarQube Runner 2.4
Sonar Version 5.1

Can you double check if you are specifying the correct JDBC URL. In the screenshot attached, SonarQube is configured with datasource URL as 'localhost'.
The stacktrace again says you do not have a database dialect specified. This can be specified in the sonar properties file.

I realised, what was wrong here. I had added incorrect database dialect in my jenkins configuration (Jenkins->Manage Jenkins->Configure System). See the screenshot. Earlier i had used
localhost
instead of
jdbc:mysql://localhost:3306/sonar?autoReconnect=true&useUnicode=true&characterEncoding=utf8

This node is offline because Jenkins failed to launch the slave agent on it

I'm not sure of what the proper steps are for configuring the Jenkins master to build/deploy these jobs to a new slave, and how to set up the new slave, but it is giving an error. For instance, do I need to install anything on the new slave, or do any kind of setup/config? & I'm configuring on Ubuntu OS.
just before slave node1 gets launched ...
executing pre-launch scripts ...
[06/25/15 13:06:55] [SSH] Opening SSH connection to 192.168.4.153:22.
ERROR: Server rejected the 1 private key(s) for jenkins (credentialId:fd3affc2-25a4-4b24-9e21-275badb8b6d9/method:publickey)
ERROR: Failed to authenticate as jenkins with credential=fd3affc2-25a4-4b24-9e21-275badb8b6d9
java.io.IOException: Publickey authentication failed.
at com.trilead.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:315)
at com.trilead.ssh2.Connection.authenticateWithPublicKey(Connection.java:467)
at com.cloudbees.jenkins.plugins.sshcredentials.impl.TrileadSSHPublicKeyAuthenticator.doAuthenticate(TrileadSSHPublicKeyAuthenticator.java:109)
at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.authenticate(SSHAuthenticator.java:408)
at com.cloudbees.jenkins.plugins.sshcredentials.SSHAuthenticator.authenticate(SSHAuthenticator.java:428)
at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1173)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:701)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:696)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: Decrypted PEM has wrong padding, did you specify the correct password?
at com.trilead.ssh2.crypto.PEMDecoder.removePadding(PEMDecoder.java:110)
at com.trilead.ssh2.crypto.PEMDecoder.decryptPEM(PEMDecoder.java:287)
at com.trilead.ssh2.crypto.PEMDecoder.decode(PEMDecoder.java:320)
at com.trilead.ssh2.auth.AuthenticationManager.authenticatePublicKey(AuthenticationManager.java:224)
... 11 more
[06/25/15 13:06:55] [SSH] Authentication failed.
hudson.AbortException: Authentication failed.
at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:1178)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:701)
at hudson.plugins.sshslaves.SSHLauncher$2.call(SSHLauncher.java:696)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
[06/25/15 13:06:55] Launch failed - cleaning up connection
[06/25/15 13:06:55] [SSH] Connection closed.

This article explains how to connect a slave to the master using the master public ssh key:
https://www.caktusgroup.com/blog/2012/01/10/configuring-jenkins-slave/
To resume:
Generate a public SSH key on the master: ssh-keygen -t rsa (with no paraphrase)
Copy the public master key from .ssh/id_rsa.pub
On the slave, paste the public key in /home/jenkins/.ssh/authorized_keys (if /home/jenkins is your home folder)
Please confirm it solves your issue.

The real issue in question is Caused by: java.io.IOException: Decrypted PEM has wrong padding, did you specify the correct password? so there maybe mistake in private key text or wrong passphrase.
In my case I've got an error PEM problem: it is of unknown type with key which looks like valid:
-----BEGIN RSA PRIVATE KEY-----
...
...
-----END RSA PRIVATE KEY----
but it's not valid because I've lost last "-" character when copy/paste private key from terminal, so the right form should be:
-----BEGIN RSA PRIVATE KEY-----
...
...
-----END RSA PRIVATE KEY-----

The .ssh directory on the agent must have proper access permissions so that group and others do not have write permissions. The following command should make it work:
chmod 700 ~/.ssh