We use a few P4Ant tasks to commit code to our perforce depots from within an Ant task. This has been working fine for months, however we recently changed our perforce server to only accept trusted/ssl connections.
As such, our new P4 port now looks like ssl:server_hostname:port and we’re getting an error when running our Ant task: non-numeric Perforce server port specifier: p4java://ssl:server_hostname:port .
From the P4Java api (which P4Ant uses under the hood), it seems that the connection should have looked like: p4javassl://server_hostname:port
Does the P4Ant library support SSL perforce ports? If so, how can I configure it to pass this port properly to p4java.
Regarding P4Ant and SSL, not as downloaded because it is bundled with a pre-2012.1 P4Java version. SSL support was added for P4Java versions 2012.1 and forward as noted in the release notes:
http://www.perforce.com/perforce/doc.current/user/p4javanotes.txt
It should work by using (replacing) the p4java.jar with the latest version.
See the following Knowledge Base article:
http://answers.perforce.com/articles/KB_Article/P4Ant--SSL-p4d
Also, you can check this article regarding your java installation in case you may also need the following:
http://answers.perforce.com/articles/KB_Article/Using-P4Java-and-P4Eclipse-with-SSL-enabled-Perforce-Servers
Related
You could use Apache with Jenkins to use client certificates for authentication, but is there a less bulky way that is just as simple on Windows or RHEL? Perhaps, customizing the Jenkins code is an option, since it says it already runs in a Jetty servlet? A way to do this in Hudson itself?
With Apache Web Server, I was fighting with some plugins, like Selenium related plugins. Also, I noticed more issues connecting to slaves when using a proxy despite using the tunnel option. Leaner and meaner would be nice.
Today I download neo4j-community-3.2.0 in windows, when i start the server, i meet one problem in browser, i meet this problem in neo4j-community-3.1.2 and i had solved it by Ticking the "Do not use Bolt" option in settings solved the issue. But in neo4j-community-3.2.0 , i can't see "Do not use Bolt" option ,and i don't know how to do.
N/A: WebSocket connection failure. Due to security constraints in your web browser, the reason for the failure is not available to this Neo4j Driver. Please use your browsers development console to determine the root cause of the failure. Common reasons include the database being unavailable, using the wrong connection URL or temporary network problems. If you have enabled encryption, ensure your browser is configured to trust the certificate Neo4j is configured to use. WebSocket readyState is: 3
This happens because the browser is trying (under the hood) to also access the bolt port, which uses an unsigned certificate.
You probably allowed the browser to access the SSL 7474 port through allowing the unsigned certificate as an exception on your browser (and if you didn't, you should in order to make it work).
The url was:
https://[neo4j_host]:7474
Do the same for the bolt certificate, allow it as an exception for url:
https://[neo4j_host]:7687
I ran into the same problem trying to use Neo4j Community Edition on an AWS Ubuntu 16.04 instance. The key thing that solved it was to open port 7687 (the bolt port) in the AWS security group settings.
Found this based on https://stackoverflow.com/a/45234105/1529646
Thus, full answer is:
Make sure to configure Neo4j correctly, ie. uncomment the line dbms.connectors.default_listen_address=0.0.0.0 AND the line dbms.connector.bolt.listen_address=:7687
Open ports 7474 AND 7687 in the AWS security group settings.
In the lower left corner of the browser gear, select do not use bolt.
Open your ${NEO4J_HOME}/conf/neo4j.conf file and edit the bolt settings. It is just about uncommenting this line dbms.connector.bolt.address=0.0.0.0:7687
Change the version of Neo4j
Check your JDK version, use JDK1.8
Adding another option, which worked for me. If your bolt's tls_level is set to REQUIRED, you need to change it to OPTIONAL, if you are not using it with SSL certificate; to get this working.
If you are using Neo4J Community Edition (ver 3.5.1 - in my case) from AWS Marketplace, you need to change the configuration in:
/etc/neo4j/pre-neo4j.sh
Change this line:
echo "dbms_connector_bolt_tls_level" "${dbms_connector_bolt_tls_level:=REQUIRED}"
to
echo "dbms_connector_bolt_tls_level" "${dbms_connector_bolt_tls_level:=OPTIONAL}"
You can find more about Neo4J connector configuration option here. Ideally as per docs, by default bolt.tls_level should have been OPTIONAL only. But I'm not really sure what exactly happened in my case, which got it changed to REQUIRED. Or if it came as is from AWS Marketplace.
Assuming you have valid certs and placed them under the correct certificates directory:
dbms.ssl.policy.bolt.client_auth=NONE
Version 4.0. Took it from this article.
I shared my full ssl config on this other answer.
I had the same error. New to Neo, so take this with a grain of salt, but my solution didn't match these above idea. But thanks as they did lead me to the right "water". So
I went into the conf file, noticed that there was the same port number (previously, the Neo desktop had been constantly telling me it'd needed to update the port numbers...I never checked to verity, but they'd be #, #+1 and #+2. But that didn't work yet that'd happened again and again...but now, after checking the conf file myself, I noticed that the number was the same for all three port requirements for BOLT. Tried that and it didn't work either...but maybe that was important in what did:
In the folder, where the specific database is housed, named "..neo4jdatabases/[GUID Value]" there were two directories titled "/installation-3.4.0" and "...1". I removed the ".0", restarted things and IT WORKED.
So, either there should NOT be two versions under the same database collection OR that's true AND you need the three ports to be the same.
Final add for any Neo4j experts who actually know what they're doing, I have three databases running, two without issue. This occurred AFTER I was messing around trying to see how PowerShell might be useful. Not sure if this is related, but the other databases have worked fine...but, this db is the original playground/sandbox I'd had since the beginning. Not 100% sure, I made the version update before or after, creating the other two databases. HTH.
Using a windows trial version on a Windows 10 machine. Current N4j version is 3.4.1.
Do love what I see so far with Neo BTW!!!
Please mention the correct bolt port under the Connect URL textbox.if you are using the service port the mention the service port in place of bolt port.
Then finally I resolve it by replacing the bolt port with service port inside k8s.
user: neo4j
password: neo4j
I resolve this error by replace the port 7687 with node port 30033 inside Neo4j
then it works fine.
I was facing the same issue with Neo4J version 4 installed on an Ubuntu 18 EC2 instance. Tthe workaround that did the trick for me was to replace the 0.0.0.0 entries in /etc/neo4j/neo4j.conf with the actual private IP of my instance.
Following are the lines where the replace happened:
dbms.default_listen_address=172.X.X.232
dbms.connector.bolt.address=172.X.X.232:7687
Post restart of the DB, the Connect URL when accessing from browser should also use the private IP instead of localhost.
I am trying to run an ant script behind a corporate proxy and I can't seam to get it to work :
i have followed what I presume is the closest to what I have :
http://www.midvision.com/community/code-blog-for-developers/bid/275503/Allow-access-from-Ivy-to-the-internet-through-a-corporate-firewall-that-requires-authentication
And I still get Your proxy requires authentication message.
I have some specia characters inside my password and I escaped them with url encodings.
I am new to Ivy and I am trying to build Apache nutch . An y idea what could be the problem? I am using the latest ant and ivy versions (1.9.4 and 2.4.0).
I would choose to use Nexus or Artifactory. Yes, getting through a firewall is not their purpose, but it protects you from the repository going down and stopping your development. I use Nexus and getting through the firewall was a snap.
Use CNTLM software and put proxy of its local server. Refer this answer for detailed steps
We have a solution consisting of several class libraries, and a Web
Application Project. We are using TFS 2012 with Team Build. The solution
compiles correctly on the build server.
I am currently trying to do this via MSBuild Arguments.
/p:DeployOnBuild=True /p:DeployTarget=MsDeployPublish
/p:CreatePackageOnPublish=False /p:MSDeployPublishMethod=RemoteAgent
/p:MsDeployServiceUrl=https://testWebServer:8172/MsDeploy.axd?site=direct /p:AllowUntrustedCertificate=True
/p:DeployIisAppPath="direct"
/p:AuthType=NTLM
The solution builds but does not deploy. I get the following error message:
msdeploy error ERROR_DESTINATION_INVALID: Web deployment task failed.
( Could not connect to the remote computer ("https"). Make sure that
the remote computer name is correct and that you are able to connect
to that computer. Learn more at:
http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_DESTINATION_INVALID.)
[C:\Builds\1\ProjectName\Solution General Build\Sources\Temp
Source\ProjectName\Solution\Project.csproj]
Is there another argument I should be passing to specify the server? I did
not intend for https to be the server name... I have tried omitting the
https:// to no avail, error is the same, so it is getting the value from
somewhere.
I have tried this with the following values for MsDeployServiceUrl:
https://testWebServer:8172/MsDeploy.axd?site=direct
https://testWebServer:8172/MsDeploy.axd
"https://testWebServer:8172/MsDeploy.axd?site=direct"
https://192.168.X.X:8172/MsDeploy.axd?site=direct
"https://192.168.X.X:8172/MsDeploy.axd?site=direct"
testWebServer:8172/MsDeploy.axd?site=direct
Update
Alright, the following is at least connecting:
/p:MsDeployServiceUrl=testWebServer
I have seen numerous posts concerning that particular argument, and almost invariably they are a URL, not just a hostname (the ones that appear to be a hostname I thought were just written that way for brevity).
I am now, however, faced with a new problem. I have made the Build Service Account (domain account) local admin on the webserver, and I am getting msdeploy error ERROR_USER_NOT_ADMIN as well as an Audit failure in the Security log.
Resolution
These are the MSBuild arguments I am currently going with.
/p:DeployOnBuild=True /p:DeployTarget=MsDeployPublish /p:CreatePackageOnPublish=False /p:MSDeployPublishMethod=WMSvc /p:MsDeployServiceUrl="https://SERVER:8172/MsDeploy.axd" /p:AllowUntrustedCertificate=True /p:DeployIisAppPath="siteName"
I am now getting ERROR_USER_UNAUTHORIZED. Apparently I have either not set up the delegation correctly or the IIS Manager User I have created is somehow incorrect. Regardless that will go in a different post if necessary.
What is the Server and IIS version, you are using?
IIS 6 uses Web Deployment Agent Service (MsDepSvc), whereas IIS 7 usually uses Web Management Service (WMSvc) which have different URLs (besides, you have to be an admin on the target server to execute MsDepSvc.
Can you try specifying
/P:MSDeployPublishMethod=WMSvc
Based on this article from Troy Hunt, Web Management Service (WMSvc) is using
.axd
URLs (the one you specify), whereas you are trying to force it use RemoteAgent publish method which seems to be inconsistent.
See this article for complete set of differencies between WMSvc and RemoteAgent publish methods.
I had a similar issue. To resolve the issue I tried the following steps:
As it was a hosted server we had to make sure that the port 8172 was open (obviously).
Creating a new login and set this up in IIS -> Deploy -> Configure -> Configure Web Deploy Publishing on the target server. I made sure that the password didn't have any spaces in to avoid the quotes issue just to be sure.
Actually running a manual deployment from the build server.
Finally specifying an IP address in the MSDeployServicerl:
/p:MsDeployServiceUrl=xxx.xxx.xxx.xxx:8172/msdeploy.axd
None of the web site names worked for me either. None of my parameters had quotes in. Of course if you leave a space in incorrectly in one of your parameters you will get the error:
MSBUILD : error MSB1008: Only one project can be specified
Is it feasible to have a Ruby on Rails app, which is:
a) deployed on Heroku, and
b) working with a remote SQL Server database?
I take it that I'll need unixODBC installed on Heroku, but I cannot find a way to do so. Is this possible?
Or, is there any other way (without ODBC?) to accomplish this?
Thank you very much for any guidance or tip.
Updated:
Some info on the subject:
1) Heroku pre-installs both unixODBC and FreeTDS by default, so you already have them.
2) Also, it is possible to run shell commands via Heroku Console in backticks, e.g.:
heroku console
`odbcinst`
(runs "odbcinst" command in Heroku shell and shows the result)
3) You do not have access to filesystem outside of your slice where the packages are installed. If you only need a driver path, Heroku support can provide it (/usr/lib/odbc/libtdsodbc.so in my case).
4) You cannot run sudo commands in Heroku shell.
At the moment, to connect to MS SQL Server you at least need to append ‘freetds.conf’ file. Even when using tinyTDS (there is an open ticket#2 in tinyTDS gitgub issue page). DSN-less connection instructions from "wiki.rubyonrails.org SLASH database-support SLASH ms-sql" didn’t work for me, I guess this connection requires some extra-configuration either.
‘freetds.conf’ cannot be modified without sudo. Therefore, I conclude that currently there is no way to make MS SQL and Heroku work together.
I’ve managed to set up this connection with EngineYard and activerecord-sqlserver-adapter.
I followed these instructions:
https://github.com/rails-sqlserver/activerecord-sqlserver-adapter/wiki/Platform-Installation---Ubuntu
(there are only some filepath differences, e.g. ‘odbc.ini’ is located in ‘/etc/unicodbc’, not in ‘/etc’ - this is easy to work out).
I installed 'unixODBC' and 'freetds' packages using EY Unix Packages feature, and made all configurations manually through SSH. Sudo is available in EY (no password required). There is also Chef Recepes feature to automate those configurations (seems to be pretty easy, I'm going to try it tomorrow).
Hope this is helpful.
It is possible.
Because Heroku copies/symlinks its own config/database.yml over whatever you supply in your repository, you may need to take additional steps (e.g. in config/environments/production.rb or in config/initializers/remote_mssql_from_heroku.rb) to set up your application appropriately.
You will face the challenge, however, that traffic from Heroku to your MSSQL database will traverse the public internet. By default, this traffic will not be encrypted. Potentially everyone in the world will be able to monitor your traffic between your Heroku application and your database, and even alter the traffic in-flight, whether for benign or malicious purpose, without you being able to detect it. MS SQL offers the capability to connect over SSL. This capability requires explicit configuration in the MSSQL server, so you must be able to access and modify that configuration. Additionally, this configuration requires that your client library be up-to-date and capable of talking with MSSQL over SSL. Note that MSSQL server will enforce that your server certificate list a Common Name or Subject Alternative Name exactly matching or wildcard-matching the server's FQDN (at least, the FQDN that the server knows about), and that the client use an FQDN for the server exactly matching or wildcard-matching one of the names on the certificate.
I've successfully used the following article which uses Heroku's newer buildpack feature to use TinyTDS and connect remotely to SQL Server 2008 R2. I'm still investigating how I could encrypt traffic. Hope this helps others!
http://blog.firmhouse.com/connecting-to-sql-server-from-heroku-with-freetds-here-is-how-on-cedar#
We're having a similar problem where we're needing to import old data from a SQL Server database into our new app. The data isn't a straight table import, but needs to undergo some processing and conversions. We've built an import layer for this which lives in a private gem, so as to not pollute the new app with the old data conversion issues. This approach is also designed to permit incremental updates, as we get closer to launch we'll keep syncing records up to the moment of switch-over.
Heroku told us that it's not trivial to connect to SQLServer, in particular as they don't support FreeTDS. Their support staff recommended to run an instance with the import gem from a laptop in our office and configure it to connect to their database (which requires a dedicated DB, not the free shared one). This sounded like the most palatable approach to us.
Secondly, regarding security that was mentioned by #Justice, we discussed configuring SSL for SQLServer with the hosting company and they pointed out the complexities of this. They recommended VPN as an easier solution. As we don't have office-side VPN hardware, the simplest and free solution proved to be an SSH tunnel.
We've set up an SSH tunnel from the laptop to the SQLServer Windows box. That was straightforward. We had CopSSH installed on Windows (which comes with a Linux shell, by the way) and we were able to simply set up a tunnel, having the laptop talk to localhost for its SQLServer connection, i.e.:
ssh -L 1433:localhost:1433 user#windows_server_name
I did not know Heroku has FreeTDS on it? I was told they did not. TinyTDS if used with FreeTDS 0.91 can have a zero freetds.conf dependency and be driving by runtime connection args. We are looking into building an Ubuntu 10.4 native gem that statically links 0.91 with OpenSSL so you can just drop it into Heroku and us it to connect to Azure and/or you own outside DB.