Hazelcast IMap not available in JMX on startup - jmx

I am trying to add monitoring for a hazelcast map to Nagios. Now I face the issue that the IMap entry in JMX is not available before the first usage of this map (get/set values)
Is there any option to initialize this during hazelcast startup.
The map is configured as follows
<map name="myMap">
<backup-count>1</backup-count>
<time-to-live-seconds>0</time-to-live-seconds>
<max-idle-seconds>0</max-idle-seconds>
<eviction-policy>LRU</eviction-policy>
<max-size policy="USED_HEAP_SIZE">256</max-size>
<eviction-percentage>25</eviction-percentage>
<merge-policy>com.hazelcast.map.merge.PutIfAbsentMapMergePolicy</merge-policy>
<map-store enabled="true" initial-mode="EAGER" />
</map>
I already tried to add map-store eager loading but this also did not fixed the issue:
<map name="myMap">
...
<map-store enabled="true" initial-mode="EAGER" />
</map>
The JMX path which I try to access is
com.hazelcast:instance=_hzInstance_1_dev,type=IMap,name=myMap
How can I configure the map in such a way that the JMX values are always available.

Related

Not able to send log4net logs to application insights

I have dotnetcore service which is running in Kubernetes. For logging, I have used the log4net. I am trying to send the logs of service to application-insights but the logs are not showing there.
I have added the below configuration in my service for application insights.
Runtime version: netcoreapp3.1 version-2.31.0.1
Hosting environment: Azure-cluster
app-service.csproj
<ItemGroup>
<PackageReference Include="Microsoft.ApplicationInsights.AspNetCore" Version="2.16.0" />
<PackageReference Include="Microsoft.ApplicationInsights.Log4NetAppender" Version="2.16.0" />
...
<ItemGroup>
log4net.config
...
<appender name="aiAppender" type="Microsoft.ApplicationInsights.Log4NetAppender.ApplicationInsightsAppender, Microsoft.ApplicationInsights.Log4NetAppender">
<InstrumentationKey name="AppInsightsKey" value="abcdefgh-abcd-abcd-abcd-abcdefghijkl" />
<layout type="log4net.Layout.PatternLayout">
<conversionPattern value="%message%newline"/>
</layout>
</appender>
startup.cs
public Startup(IConfiguration configuration)
{
Configuration = configuration;
Logger.ConfigureLog4Net("./logs/app.log", Configuration)
...
}
public void ConfigureServices(IServiceCollection services)
{
// The following line enables Application Insights telemetry collection.
services.AddApplicationInsightsTelemetry();
services.AddSingleton<ITelemetryInitializer, CloudRoleNameTelemetryInitializer>();
// This code adds other services for the application.
services.AddMvc();
...
}
CloudRoleNameTelemetryInitializer.cs
using System.Net;
using Microsoft.ApplicationInsights;
using Microsoft.ApplicationInsights.Channel;
using Microsoft.ApplicationInsights.Extensibility;
public class CloudRoleNameTelemetryInitializer : ITelemetryInitializer
{
public void Initialize(ITelemetry telemetry)
{
// set custom role name here
telemetry.Context.Cloud.RoleName = "app-service";
}
}
I have also added the APPINSIGHTS_INSTRUMENTATIONKEY environment variable for service. I am able to see the request information for service but not logs. Only 2 logs are showing in the log section of application-insights but it is not from the application(log4net).
No XML encryptor configured. Key {XXX-XXX-XXX-XXX-XXX} may be persisted to storage in unencrypted form.
Storing keys in a directory '/root/.aspnet/DataProtection-Keys' that may not be persisted outside of the container. Protected data will be unavailable when the container is destroyed.
Below are some links I have explored.
https://learn.microsoft.com/en-us/azure/azure-monitor/app/asp-net-trace-logs
https://medium.com/#muralimohan.mothupally/application-insights-integration-with-log4net-e1bef68fe3c8
https://blog.ehn.nu/2014/11/using-log4net-for-application-insights/
https://jan-v.nl/post/using-application-insights-in-your-log4net-application/
But still, logs are not adding in the application insights. Is there anything I am missing here? Also is it possible to add Console.WriteLine logs to application-insights as like in nodejs app we can send it by enabling the application-insights module's configuration? Can you please help me?
Thanks...
Thanks for Peter Drier's answer, I thinks below code he provided is useful to you.
For more details, you can refer the orgin post.
Log4Net and Application Insights-no data is coming through
<appender name="aiAppender" type="Microsoft.ApplicationInsights.Log4NetAppender.ApplicationInsightsAppender, Microsoft.ApplicationInsights.Log4NetAppender">
<layout type="log4net.Layout.PatternLayout">
<conversionPattern value="%message%newline" />
</layout>
<threshold value="INFO" />
<InstrumentationKey value="12345678-7946-1234-1234-8b330fbe1234" />
</appender>

Is there any way to restrict access by configuring in WildFly?

Is there any way to restrict access by configuring in WildFly. I would like to know whether we can add a list of IPs that can only access the server? Is there any way to blacklist IPs in server level?
I am checking a feature like this: http://boseca.blogspot.in/2010/12/programmatically-addremove-ip-security.html
You can also implement the IP filter on JBOSS level by adding a filter-ref and expression filter as shown below
<subsystem xmlns="urn:jboss:domain:undertow:3.0" statistics-enabled="true" instance-id="instanceid">
<buffer-cache name="default"/>
<server name="default-server">
<ajp-listener name="ajp" max-connections="1200" write-timeout="600000" read-timeout="30000" allow-equals-in-cookie-value="true" record-request-start-time="true" socket-binding="ajp"/>
<http-listener name="default" allow-equals-in-cookie-value="true" socket-binding="http"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<access-log suffix=".log" prefix="access" pattern="%a %h %{i,sm_user} %u %t %r %s %b %T"/>
<filter-ref name="limit-connections"/>
<filter-ref name="ipaccess"/>
<single-sign-on/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<request-limit name="limit-connections" queue-size="100" max-concurrent-requests="1200"/>
<expression-filter module="io.undertow.core" name="ipaccess" expression="ip-access-control[default-allow=false, acl={'10.0.0.1 deny', '10.0.0.0/24 allow'}]"/>
</filters>
</subsystem>
If you're using Wildfly 8.2 (which contains Undertow 1.1.0), then you can configure IP access control via the undertow-handlers.conf file, which you put in a war's WEB-INF or a jar's META-INF folder.
You can do something like:
ip-access-control[default-allow=false, acl={'10.0.0.1 deny', '10.0.0.0/24 allow'}]
this can also be combined with predicates:
path-prefix[/internal] -> ip-access-control[acl={ '10.0.0.0/24 allow'}]
Source.
Alternatively (or if you use an earlier Wildfly version than 8.2) you can create a ServletExtension. Create a file META-INF\services\io.undertow.servlet.ServletExtension, in it there should be a fully qualified name of your extension. The extension must implement the io.undertow.servlet.ServletExtension interface. This extension then may create a io.undertow.server.handlers.IPAddressAccessControlHandler programmatically, configure it, and add it to the deployment's initial handler chain.
The above talked about adding a handler at the deployment level. To add a custom handler at the server level you need at least Wildfly 8.2. In the undertow subsystem in standalone.xml (or whatever config you use) you can add a handler (filter) like this (irrelevant configuration omitted):
<subsystem xmlns="urn:jboss:domain:undertow:1.2">
<server name="default-server">
<host name="default-host" alias="localhost">
<filter-ref name="custom-filter" />
</host>
</server>
<filters>
<filter name="custom-filter" module="io.undertow.core" />
class-name="io.undertow.server.handlers.HttpTraceHandler"
</filters>
</subsystem>
Source. The handler must be in your static server module, not in a deployment. Inherit the IPAddressAccessControlHandler, configure it in your constructor or override its methods as you need, and point the config to your custom handler.
According to WFLY-4048 text based handler configuration at the server level will be in Wildfly 10.

JBoss 6.3 EAP - define other simple namaing bindings in domain for evey server

we need to define a different file url via simple naming bindings for every server in a JBoss domain.
e.g. we need for every server in the cluster an entry like
<subsystem xmlns="urn:jboss:domain:naming:1.4">
<bindings>
<simple name="java:/url/ServerConfigurationUrl" value="file:///c:/JBoss//server3.properties" type="java.net.URL"/>
</bindings>
</subsystem>
Can this be achieved using some variables? Expressions seem not to be valid here.
If we could just use something like value=${path to file} that would be great.
Thanks,
ralf
Using something like
<system-properties>
<property name="FILEURL" value=value="file:///c:/JBoss//server3.properties" />
</system-properties>
and then
<bindings>
<simple name="java:/url/ServerConfigurationUrl" value="${FILEURL}" type="java.net.URL"/>
</bindings>
worked for me.
Greetings,
ralf

WiX IIS Authentication mode on subdirectories

I'm trying to install a ASP.NET MVC web application with wix. So far so good.
Unfortunately I came up with a pretty annoying issue I don't know how to implement.
Imagine the following WebSite structure:
Default Web Site (Windows authentication)
MyApplication (Windows authentication)
WebServices (Anoynmous authentication)
As you can see the whole website can only be accessed with valid NT credentials.
But I need to set anonymous authentication on the WebServices directory.
How can I accomplish this with wix?
<DirectoryRef Id="INSTALLDIR_WEB">
<!-- Configuring app pool -->
<Component Id="Cmp_AppPool" Guid="27CE75BF-1118-4E15-9CD5-6FA973A20B45" KeyPath="yes">
<util:User Id="AppPoolUser" Domain="[APPPOOL_IDENTITYDOMAIN]" Name="[APPPOOL_IDENTITY]" Password="[APPPOOL_IDENTITYPWD]" CreateUser="no" />
<iis:WebAppPool Id="CustomAppPool" ManagedPipelineMode="[APPPOOL_PIPELINEMODE]" ManagedRuntimeVersion="[APPPOOL_ManagedRuntimeVersion]" Name="[APPPOOL_NAME]" Identity="other" User="AppPoolUser" />
</Component>
<!-- Create new WebApplication -->
<Component Id="Cmp_CreateApplication" Guid="65591914-46A9-4CB7-BF2E-9F30F4DEE3EC" KeyPath="yes">
<Condition><![CDATA[Installed OR WEBAPP_NAME <> ""]]></Condition>
<iis:WebVirtualDir Id="MyWebVirtualDir" Alias="[WEBAPP_NAME]" Directory="INSTALLDIR_WEB" WebSite="DefaultWebSite">
<iis:WebDirProperties Id="MyWebVirtDirProperties" AnonymousAccess="no" BasicAuthentication="no" WindowsAuthentication="yes" />
<iis:WebApplication Id="MyWebWebApplication" Name="[WEBAPP_NAME]" WebAppPool="CustomAppPool" />
</iis:WebVirtualDir>
</Component>
<!-- Install directly in the IIS ROOT -->
<Component Id="Cmp_SetPermissions">
<iis:WebDir Path="WebServices" DirProperties="EnableAnonymousAuth" WebSite="DefaultWebSite" Id="ServiceDir" />
</Component>
</DirectoryRef>
<iis:WebDirProperties Id="EnableAnonymousAuth" Read="yes" Write="yes" Script="yes" Execute="yes" AnonymousAccess="yes" Index="no" LogVisits="no" />
The above code successfully creates the webapplication but does not set anonymous access on the WebServices directory.
Any ideas?
Regards
Lukas
There is WebDirProperties element for WebDir.
You can set AnonymousAccess="yes" there.
Also you should also provide the user account using the AnonymousUser attribute, and determine what setting to use for the IIsControlledPassword attribute.

Spring Security and multiple ldap configuration

I use Spring Security to manage user and group securities.
All datas are stored in a ldap server. My configuration is the following:
<authentication-manager alias="authenticationManager">
<ldap-authentication-provider
user-search-filter="(mail={0})"
user-search-base=""
group-search-filter="(uniqueMember={0})"
group-search-base="ou=groups"
group-role-attribute="cn"
role-prefix="ROLE_"
user-context-mapper-ref="contextMapper">
</ldap-authentication-provider>
<lda
</authentication-manager>
<beans:bean id="contextMapper" class="com.mycompany.CustomContextMapper">
<beans:property name="indexer" ref="entityIndexer" />
</beans:bean>
<ldap-user-service server-ref="ldapServer" user-search-filter="(mail={0})" />
<ldap-server manager-dn="cn=admin,dc=springframework,dc=org" manager-password="password" url="ldap://server/dc=springframework,dc=org" id="ldapServer" />
All runs like a charm. Now, I want to add a second ldap server if the first one is down (fallback). I can't find an easy way to do it.
So, my question si simple: how to add a second ldap server in this config to provide a fallback if the first one is down ?
Use space delimited value for url attribute:
url="ldap://server1/dc=springframework,dc=org ldap://server2/dc=springframework,dc=org"
Ref: LDAP & LDAPS URLs
That's so simple that I missed it.
Just configure multiple url separated by a space as it:
<ldap-server ... url="ldap://server1/dc=springframework,dc=org ldap://server2/dc=springframework,dc=org" />
The previous answers are correct.
I wanted to add information on LDAP server redundancy. Since that is the objective for adding multiple LDAP urls, hope it is useful.
I tested few scenarios:
For LDAP Server urls(url1, url2)
If both LDAP servers specified by urls are down, application login will fail.
If one LDAP server is down. Consider server1 as url1 : ldap://url1
(irrespective of url1 position 1st or 2nd), application works fine.
If either url is syntactically malformed: url1 : ldap://MALFORMED_URL , the application will fail to startup.

Resources