I'm having problems reloading my rabbitmq ssl certs when they get renewed. The core of my setup is as follows:
vps running the rabbitmq community edition docker container
ssl certs provisioned using letsencrypt on the vps, with the certs available to the docker image via a mounted folder
auto-renewal configured by mounting a folder that gets bound to /plugins/rabbitmq_management-{rmq-version}/priv/www in the docker container, and specifying the --webroot-path as that folder. This allows the renewal to work without shutting down the server because the /priv/www folder is where cowboy serves static assets from
The problem now is that even with the renewal successful, the server seems to not pick up the changed ssl certs unless the docker container is restarted. For this problem the closest I've found to a possible solution is this recommendation to clear the certs cache, but when I try that command the error message I get is this: unable to connect to epmd (port 4369) on {cluser-name}.localdomain: nxdomain (non-existing domain). I haven't found a solution to this problem yet. I've seen this suggestion to check the contents of the /etc/hosts/ file, and the contents of mine differ from the contents shown in that blog article. Specifically mine simply shows:
127.0.0.1 localhost
...
without the localhost.localdomain parts shown in the article. I'm stumped beyond this point. Any help will be much appreciated. Thank you!
Try running this command:
rabbitmqctl -n rabbit#localhost eval 'ssl:clear_pem_cache().'
NOTE: the RabbitMQ team monitors the rabbitmq-users mailing list and only sometimes answers questions on StackOverflow.
Recently I got an error doing ssh to another remote server from Jenkins pipeline. I forget to save all the log but here's a part of it
###########################################################
# WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! #
###########################################################
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
In the error log, there's a suggestion to run this command to fix it
sudo ssh-keygen -f "/var/lib/jenkins/.ssh/known_hosts" -R "<<remote ssh ip>>"
so I ran it.
Previously some remote ssh command does run before it returns an error.
But now it seems can't connect to the remote at all, the remote ssh command fails from the beginning.
Failed to add the host to the list of known hosts (/var/lib/jenkins/.ssh/known_hosts).
from How can I get rid of " WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!" I tried running ssh-keygen -R <<remote ssh ip>> but the error still appear.
How can I recover the deleted line? or recreate a new one?
First, you have to understand what the message means before you "get rid of it".
The message means the destination server has changed its identity or someone is hacking you man-in-the-middle like and the server you are trying to reach, is not the server you think it is.
So first of all you must make sure there is no man-in-the-middle hack going on.
Then, you go into the known_hosts file and delete just the line with the server you are about to connect to.
After saving, you get asked wether you want to trust the server or not just as a connection to a yet unknown host.
I am getting below error when trying to access jenkins pipeline url. I tried clearing the browser cache, tried different browsers etc but no luck. the same pipeline url works fine for other users but not for me. any ideas why it throwing 404 error for me? many thanks!
HTTP ERROR 404
Problem accessing /job/jenkins/job/test/. Reason:
Not Found
Powered by Jetty:// 9.4.z-SNAPSHOT
After loging in as an administrator, use the url http://localhost:8080.
It initially takes to the url that says jenkins in it's name, which will not work. The URL you want to access is http://localhost:8080
Also if you have a different port binded you can try to call the url as http://[ip]:[port]/jenkins
If you get such error like it was mentioned above you should access through the URL "http://localhost:8081/jenkins/", but not only "http://localhost:8081".
Btw my port is 8081 because of the circumstance that my 8080 port is already used.
Have a good day!
There can be probably one of these reasons :
You do not have the access to the job.
You do have access to the job but you are not logged in . Try to login to jenkins in another window and check remember me on this computer , then open that url.
You are trying to access it from another server which is not whitelisted from the jenkins master server ,i.e it is not allowed access.
These are the best guesses I coud get .If these do not work then someone needs to manually check the url you are entering and other environment related issues themselves.
There is a common mistake that most of the people making.(while running jenkins.war from CMD)
Please ensure that your tomcat server is 'up and running' locally.
Follow these steps.
try restarting your jenkins service with $sudo service jenkins restart
I have faced the same issue and identified JIRA and Jenkins are installed on same port 8080. Jenkins service is starting first because of that JIRA was not working. Then I have edited Jenkins.xml file with port 8081 and restarted the services it was working fine.
When I ran jenkins.war from CMD, I faced the same issue. Practically when you run jenkins.war from CMD, localhost:8080 is where jenkins is available. But if you run the startup.bat file, then the path you have set, say, localhost:8080/jenkins will work.
If you are using a hook this error occurs. This is a known issue in GIT showing 404 error. Way around of the above said problem is to use the NIC ID instead of using "localhost".
I used a docker container to start jenkins locally for a test purpose.
Here is the cmd: docker run -p 8080:8080 -p 50000:50000 jenkins reffered to official documentation: https://hub.docker.com/_/jenkins?tab=description.
After started the container, I browsed into http://localhost:8080 and got
HTTP ERROR 404
Problem accessing /job/jenkins/job/test/. Reason:
Not Found
Powered by Jetty:// 9.4.z-SNAPSHOT
I just removed exposing the JNLP port which is 50000
And the command to start docker was: docker run -p 8080:8080 jenkins
And now, I was able to browse the application at http://localhost:8080 without not found error.
Thanks
Issue
So my problem is that I can't get the rancher server to find the rancher agent. I've looked at the Rancher Troubleshooting FAQs but that haven't helped with my issue. I'm using one server for both the rancher server and the agent and I'm setting the CATTLE_AGENT_IP to the IP of the physical server.
I'm running Ubuntu 16.04 and docker 1.12.3.
Iptables
At first I thought it might be a firewall issue, but I've tried disabled it and no luck.
Logs
Rancher agent error log message
time="2016-10-27T11:56:50Z" level="info" msg="Host not registered yet. Sleeping 1 second and trying again." Attempt=5 reportedUuid="492dc65c-6359-4a40-b6e3-89c6da704ffb"
I feel like I've tried everything without any result. Anyone have an idea what could be wrong or how I could continue to troubleshoot the problem?
Are you reusing the host from a previous Rancher install?
If so, there is sometimes old credentials that are tried instead of the new ones for the host. The files are in /var/lib/rancher. (they are .files so you need ls -a to view)
If you are using a self signed SSL cert it will fail to register if you are not bind mounting the CA root cert. See http://docs.rancher.com/rancher/v1.2/en/installing-rancher/installing-server/basic-ssl-config/ the last section "Adding Hosts" for more info.
I solved my issue. The problem was a faulty CATTLE_AGENT_IP. Apparently you can not have http:// before the IP address.
I have installed docker in my ubuntu 14.04 OS.In docker containers im running puppet master and puppet agent.But im getting errors during the certificate exchange.
The puppet agent is not requesting certificates.Also showing an error saying the name cannot be resolved.
I checked the IP and hostname in /etc/hosts and /etc/hostname.
root#55fe460464d3:/# puppet agent --test
Error: Could not request certificate: getaddrinfo: Name or service not known
Exiting; failed to retrieve certificate and waitforcert is disabled
root#f7d7516d720e:/# puppet cert list -all
+ "f7d7516d720e" (SHA256) D1:6C:50:5B:BD:F6:AA:91:C4:B2:FD:4D:58:B8:DF:18:32:F4:EB:D7:B2:75:FF:E4:AF:7B:F6:F6:FE:0D:84:54
The puppet cert list --all command is showing only the master certificate,not the client certificate
What it looks like is happening is that the puppet agent can't talk to or find the puppetmaster to ask for a certificate.
The first thing to check would be that they can talk to each other over the network; the second thing to check is that the short hostname puppet resolves to the puppetmaster when run on the host. Unless you've specified a different dns name in /etc/puppet/puppet.conf by setting a server =directive in the [main] section or specified it on the command line with puppet agent -t --server <foo>, it will look for a hostname called puppet and rely on your /etc/resolv.conf's search domains to find it.