I'm currently using sensu and Uchiwa in an attempt to get rid of Zabbix, the problem is some checks persist even though they're dependent on other check.
For example:
I have a check that checks if the vpn process is active:
"vpn-process": {
"command": "check-process.rb -f /var/run/openvpn/client.pid",
"subscribers": [
"uni"
],
"interval": 60,
"dependencies": [
"http-url1",
"http-url2",
"http-url3"
]
},
And I also have a check for http response, but this shouldn't work if the vpn is down.
"http-url1": {
"command": "python /etc/sensu/plugins/check-http.py https://url",
"subscribers": [
"uni"
],
"interval": 60
},
Still, Uchiwa warns about the VPN check and the HTTP checks.
Uchiwa showing VPN and HTTP checks
I read about the dependency check filters, but as far as I could understand, it only works for handlers and Uchiwa is not a handler?
It seems you can't use Uchiwa as a handler (I checked with the maintainers), I had to write my own in python to call the API everytime the VPN is down and silence the checks I don't want to be shown in the dashboard. This way I created my own dependency.
Uchiwa displays the current state of events in the system -- it is a passive view of checks/events, whereas handlers are active. The HTTP check will execute on-schedule even if VPN is down, and it will be considered CRITICAL regardless of whether you have a dependency filter.
The only way to have the HTTP check not result in a CRITICAL value if VPN is down is if you're somehow able to check for that case within the HTTP check and return a different value instead of CRITICAL. However, VPN being down might look very similar to other network-related issues, so it's probably best to avoid this scenario.
Maybe try making the VPN and HTTP checks into a check aggregate?
Related
I am trying to connect with an iOS device to the Firebase Auth and RealTime Database Emulator.
The thing is, I can connect and use emulator through Firebase Admin using NodeJS on local machine (trough http://localhost:9000?ns=my-project).
Also I am able to connect with an iOS device to the remote Firebase server... But locally it doesn't work. It throws bunch of random errors, like this (when I try to complete registration/authentication):
Error Domain=NSURLErrorDomain Code=-1004 "Could not connect to the
server." NSLocalizedDescription=Could not connect to the server.,
NSErrorFailingURLStringKey=http://192.168.1.3:9099/www.googleapis.com/identitytoolkit/v3/relyingparty/signupNewUser?key=myKeyGoesHere
and
Optional(Error Domain=com.firebase.core Code=1 "Unable to get latest
value for query FQuerySpec (path: /news, params: { }), client offline
with no active listeners and no matching disk cache entries"
Here is firebase.json:
{
"database": {
"rules": "database.rules.json"
},
"emulators": {
"auth": {
"port": 9099
},
"database": {
"port": 9000
},
"ui": {
"enabled": true
}
}
}
I changed rules just in case:
{
"rules": {
".read": true,
".write": true
}
}
but its not that.
and here is how I try to connect to database in my iOS application(my FirebaseManager class):
init(){
Auth.auth().useEmulator(withHost:"192.168.1.3", port:9099)
}
private lazy var newsNodeRef:DatabaseReference? = {
guard let urlString = getBaseURL() else {return nil}
let node = LocalConstants.kNewsRef // this has value of 'news'
return Database.database(url: urlString).reference(withPath: node)
}()
private func getBaseURL()->String?{
let environment = Environment()
guard let connectionProtocol = environment.configuration(PlistKey.firebaseConnectionProtocol), let baseURL = environment.configuration(PlistKey.firebaseDatabaseURL) else {return nil}
let urlString = "\(connectionProtocol)://\(baseURL)"
return urlString // this produces something like 'http://192.168.1.3:9000?ns=my-project' (its fetched from Configuration Settings file based on selected environment)
}
the thing is, the exact same setup works on remote server, if I just change the environment(which automatically changes base url).
I have also allowed insecure http loads in info.plist, just to be sure if it is not that, but still doesn't work.
This is what I get in console when I run emulators:
What is the problem here?
I replied a little late π.
I saw the solution you found. It didn't work for me but I'm sure it has worked for a lot of people.
I found a solution too.
Actually, I couldn't see a problem for iOS 15. My problem was that it didn't work on iOS 14 and earlier.
Solution;
First, you need the MacBook's IP address.
To find the IP address;
You can access it right under System preferences -> Network -> Status.
Then we need to make some changes in the firebase.json file.
Adding βhostβ : βIPβ for each part.
Overwrite the βhostβ part with the βportβ part.
"emulators": {
"auth": {
"host": "192.168.1.11β,
"port": 9100
},
"functions": {
"host": "192.168.1.11β,
"port": 5002
},
"firestore": {
"host": "192.168.1.11β,
"port": 8081
},
"database": {
"host": "192.168.1.11",
"port": 9001
},
"storage": {
"host": "192.168.1.11",
"port": 9200
},
"ui": {
"enabled": true
}
Then we need to add in swift codes.
We need to write the IP address in the host part.
More precisely, we will replace the parts that say localhost with the IP address.
let settings = Firestore.firestore().settings
settings.host = "192.168.1.11:8081"
settings.isPersistenceEnabled = false
settings.isSSLEnabled = false
Firestore.firestore().settings = settings
Storage.storage().useEmulator(withHost:"192.168.1.11", port:9200)
Auth.auth().useEmulator(withHost:"192.168.1.11", port:9100)
let db = Database.database(url:"http://192.168.1.11:9001?ns=firebaseappname")
Functions.functions().useFunctionsEmulator(origin: "http://192.168.1.11:5002")
I think this solution will work in JS, android and other languages.
I would appreciate it if you tried this solution and let me know if it works.
It worked for me.
I actually solved it. The solution/problem, I don't even know how to declare it, was with Local Network Access prompt & permissions and its buggy behaviour (as well how I was trying to access my Mac by ip).
At first I didn't even see a prompt shows every time, but I guess it was related to a wrong setup of a port, host etc.
But when I correctly set local computer's ip and reverted firebase.json to it's default settings (which is what worked for me), the prompt started to jump out every time.
The thing is, prompt's behaviour seems broken, because instead of jumping before you try to access devices in a local network, it pops out after that action is made. Quite fast, but still after Auth system responded, which doesn't make sense.
Here, it can be confusing, cause error that is returned from a Firebase Auth system in the case when you didn't allow Local Network Access usage, doesn't really tell you much about real cause. See my ( original question) above to see the errors.
After that terrible flow, I allowed access trough the prompt. Once I did that, on every next 'api' call towards Emulator was successful. Worked like a charm.
The real problem here is Local Network Access prompt. Cause we don't have at all control over it, so we can't that easily trigger it, or easily get info what user have selected/chosen at the moment / or before. It's triggered by the system in certain conditions.
Luckily this is just for development :) but I hope it will be fixed/improved soon, cause it should.
I found a lot about this topic and its considered as a bug Local Network Access Prompt problems on Dev portal:
I was also faced the same problem while using the firebase auth in iOS simulator
then i change my code little bit
Future<void> main() async {
WidgetsFlutterBinding.ensureInitialized();
await Firebase.initializeApp();
if (Platform.isAndroid) {
await FirebaseAuth.instance.useAuthEmulator('localhost', 9099);
}
runApp(const MyApp());
}
I have made a check for only android and it works for me
Inside this method you can see it only works for android.
I'm building an application with microservices communicating through RabbitMQ (request-response pattern). Everything works fine but still I have a problem with error "There is no matching message handler defined in the remote service." - When I send POST to my Client app, it should simply send the message with data through client (ClientProxy) and the Consumer app should response. This functionality actually works, but always only for the second time. I know it sounds strange but on my first POST request there is always the error from Client and my every second POST request works. However this problem is everywhere in my whole application, so the particular POST request is just for the example.
Here is the code:
Client:
#Post('devices')
async pushDevices(
#Body(new ParseArrayPipe({ items: DeviceDto }))
devices: DeviceDto[]
) {
this.logger.log('Devices received');
return this.client.send(NEW_DEVICES_RECEIVED, devices)
}
Consumer:
#MessagePattern(NEW_DEVICES_RECEIVED)
async pushDevices(#Payload() devices: any, #Ctx() context: RmqContext) {
console.log('RECEIVED DEVICES');
console.log(devices);
const channel = context.getChannelRef();
const originalMsg = context.getMessage();
channel.ack(originalMsg);
return 'ANSWER';
}
Client has the RMQ settings with queueOptions: {durable: true} and the consumer as well queueOptions: {durable: true} with noAck: false
Please do you have any ideas what may causes the problem? I have tried sending the data with JSON.stringify and changing the message structure to {data: devices} but the error is still there.
I had same error and finally solve it today.
In my project, there is an api-gateway as a hybrid application to receive requests and pass data to other systems, every second request gives an error like below.
error: There is no matching message handler defined in the remote service.
Then I tried to remove the api-gateway hybrid application scope in the code below, the error is gone, hope this helps you out with this.
// api-gateway main.ts
const app = await NestFactory.create(AppModule);
// run as a hybrid app ββ remove it
app.connectMicroservice({
transport: Transport.RMQ,
noACK: false,
options: {
urls: [`amqp://${rmqUser}:${rmqPassword}#127.0.0.1:5672`],
queue: 'main_queue',
queueOptions: {
durable: false,
},
},
});
// run hybrid app
await app.startAllMicroservices(); ββ remove it
await app.listen(3000);
I solved this issue by placing the #EventPattern decorator on to a #Controller decorator method
I had this error while NOT using RabbitMQ. I found very little help online around this error message outside of it being related to RabbitMQ.
For me it was an issue where I was importing a DTO from another microservice in my microservice's Controller. I had a new DTO in my microservice that has a similar name to one in another microservice. I accidentally selected the wrong one from the automated list.
Since there wasn't any real indicator that my build was bad, just this error, I wanted to share in case others made the same mistake I did.
I encountered this same issue today and could not find any solution online and stumbled upon your question. I solved it in a hacky way and am not sure how it will behave when the application scales.
I basically added one #EventPattern (#MessagePattern in your case) in the controller of the producer microservice itself. And I called the client.emit() function twice.
So essentially the first time it gets consumed by the function that is in the producer itself and the second emit actually goes to the actual consumer.
This way only one POST call is sufficient.
Producer Controller:
#EventPattern('video-uploaded')
async test() {
return 1;
}
Producer client :
async publishEvent(data: VideosDto) {
this.client.emit('video-uploaded', data);
this.client.emit('video-uploaded', data);
}
I've experienced the same error in my another project and after some research I've found out that problem is in the way of distributing messages in RabbitMQ - named round-robin. In my first project I've solved the issue by creating a second queue, in my second project I'm using the package #golevelup/nestjs-rabbitmq instead of default NestJS library, as it is much more configurable. I recommend reading this question
I've deployed the vanilla CouchDB Docker container, tag "latest" on DigitalOcean's App Platform.
I set the admin user using environment variables and I successfully were able to curl to the database server on https port 443, not 5984 as a raw install. Then I created the system databases as outlined in the docker documentation.
The initial load of the Fauxton UI worked (using _utils), however login fails on an UI level. The login form submits the form with name/password, CouchDB replies with:
{
"ok":true,
"name":"couchadmin",
"roles":[
"_admin"
]
}
A toast appears "You have been logged in", the AuthSession cookies gets set, but Fauxton won't let me access any function, just redirects to the login page again.
What do I miss?
Update
Checked the network tab again, there's more going on:
POST to _session, result as above
GET tp _session, result:
{"ok":true,"userCtx":{"name":null,"roles":[]},"info":{"authentication_handlers":["cookie","default"]}}
name and roles are null/empty. Then GET repeats a final time with the same result
** Update 2 **
When I query _session?basic=true I get a proper response:
{
ok: true,
userCtx: {
name: "couchadmin",
roles: [
"_admin",
"user",
"admin"
]
},
info: {
authentication_handlers: [
"cookie",
"default"
],
authenticated: "cookie"
}
}
Looks like the session cookie is eaten somewhere along the line.
In your first POST to _SESSION, can you check what response headers you get and whether it includes a session cookie?
Turns out that the cookie is eaten somewhere in the bowels of the DigitalOcean App platform. I redeployed a CouchDB Droplet instead of an app and everything works as expected.
This also solved the (not yet tackled) need of storage persistence. An app is epidermal, while a droplet retains data (still need to backup) with attached block storage.
I'm having issues disabling the CSRF protection in an automated fashion. I want to disable with a groovy init script or just in a property file before Jenkins Master Starts. I'm not sure why I'm getting a crumb issue I assume it has to do with the exposed LB in K8S / AWS. I'm using AWS ELB to expose pods and its causing a csrf exception in the crumb, and I also get a reverse proxy warning sometimes when I goto manage Jenkins.
I researched the issue it said I could enable the expanded proxy compatibility or disable the CSRF checking. I haven't found the groovy or config files where these live.
My current groovy init script is as follows:
import hudson.security.csrf.DefaultCrumbIssuer
import jenkins.model.Jenkins
def j = Jenkins.instance;
j.setCrumbIssuer(null); // I've also tried setting a new crumb issuer here as well.
j.save();
System.setProperty("hudson.security.csrf.CrumbFilter", "false");
System.setProperty("hudson.security.csrf", "false");
System.setProperty("hudson.security.csrf.GlobalCrumbIssuerConfiguration", "false");
I can't seem to find the reference as to how to disable this property or enable the Enable proxy compatibility property either.
Crumb Algorithm
Default Crumb Issuer
Enable proxy compatibility
I intercepted the request to configure when I click apply and the json payload passed seems like the setting is
"hudson-security-csrf-GlobalCrumbIssuerConfiguration": {
"csrf": {
"issuer": {
"value": "0",
"stapler-class": "hudson.security.csrf.DefaultCrumbIssuer",
"$class": "hudson.security.csrf.DefaultCrumbIssuer",
"excludeClientIPFromCrumb": true
}
}
},
im not sure what or how I'm supposed to set these.
If you really need to (temporarily) disable CSRF it can be done with groovy:
import jenkins.model.Jenkins
def instance = Jenkins.instance
instance.setCrumbIssuer(null)
It should be enabled afterwards again by setting to the Default CrumbIssuer again
as mentioned in the Jenkins Wiki:
import hudson.security.csrf.DefaultCrumbIssuer
import jenkins.model.Jenkins
def instance = Jenkins.instance
instance.setCrumbIssuer(new DefaultCrumbIssuer(true))
instance.save()
N.B.: It's not enough to set the Flag to enable CSRF protection via the GUI afterwards, you need to check the crumb algorithm, too.
I stumbled on this question while I was tearing my hair out trying to figure out more or less the same thing (in my case, I needed to know how the proxy compatibility option mapped to Jenkins' config.xml). In the HTML source for the form, there's this helpful bit of info (truncated for brevity):
<label>Enable proxy compatibility</label><a helpURL="/descriptor/hudson.security.csrf.DefaultCrumbIssuer/help/excludeClientIPFromCrumb"><img /></a>
excludeClientIPFromCrumb is a constructor parameter on DefaultCrumbIssuer, as the javadocs expose: http://javadoc.jenkins-ci.org/hudson/security/csrf/DefaultCrumbIssuer.html. I just needed to flip that value in my config.xml - my confusion stemmed from how the label for the field in the UI differed from the name of the constructor argument.
For your case, if you want to enable CSRF protection using the default crumb provider with "enable proxy compatibility" turned on, in your script you can do
j.setCrumbIssuer(new DefaultCrumbIssuer(true));
Instead of disabling the CSRF, you can simply add a crumb in your request so that you won't get that error anymore. Please go through this link to do it. Please go through this link for more info. Hope this helps.
I'm in the midst of testing mod_http_api to replace the existing usage of mod_rest in our implementation.
I can unrestrict access to some commands from group of IP addresses by using option "admin_ip_access". I can successfully execute some commands (e.g. change_password).
However, for some cases, we may require login as well for both user (own)and admin(own and other user).
However, when I tried to login with Basic Auth. It's not successful. I'm keep on getting the following. If my assumption is correct, this might be related to configuration.
Will be much appreciated if someone could show me how the correct configuration should be done.
{
"status": "error",
"code": 31,
"message": "Command need to be run with admin priviledge."
}
Current config
modules:
mod_http_api:
admin_ip_access: admin_ip_access_rule
acl:
admin_ip_acl:
ip:
- "xx.xx.xx.xx/32"
access:
admin_ip_access_rule:
admin_ip_acl:
- all
EDIT
For testing purpose, I've enabled the following configuration:
commands_admin_access: configure
commands:
- add_commands:
- status
- get_roster
- change_password
- register
- unregister
- registered_users
- muc_online_rooms
- oauth_issue_token
I able to run both of user and admin commands successfully for those listed commands inside add_commands tags. It works as expected. However, I still facing some issues, most related to the IP restriction. Calling the API from the host that is not listed in admin_ip_acl also successful where I expect to get error when calling for non-whitelited host
The API requires an OAuth token for authentication. You need to generate one with correct scope. When a command is restricted to an admin, you need to also pass the HTTP header: "X-Admin: true" to let ejabberd know that it should consider you would like to act as an admin.