I'm want to enable JMX on tomcat7-maven-plugin. How do I pass in CATALINA_OPTS to plugin configuration?
Two possible solutions (not tested):
add sys props in MAVEN_OPTS
or try http://tomcat.apache.org/maven-plugin-2.2/tomcat6-maven-plugin/examples/add-system-properties.html which work for tomcat7 too.
Added below line to my .profile
export MAVEN_OPTS="-Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=9000 -Xmx1024m -XX:MaxPermSize=256m -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=1099 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false"
if you want to enabled jmxremote.authenticate then use this.
in setenv.sh
-Dcom.sun.management.jmxremote.port=7091 \
-Dcom.sun.management.jmxremote.ssl=false \
-Dcom.sun.management.jmxremote.authenticate=true \
-Djava.rmi.server.hostname=127.0.0.1 \
-Dcom.sun.management.jmxremote.password.file=/usr/tomcat/conf/jmxremote.password \
-Dcom.sun.management.jmxremote.access.file=/usr/tomcat/conf/jmxremote.access"
vi jmxremote.access file
monitor readonly
admin readwrite \
create javax.management.monitor.*,javax.management.timer.* \
unregister
vi jmxremote.password file
monitor pass1
admin pass2
change permission
sudo chown tomcat7:tomcat7 /usr/tomcat/conf/jmxremote.*
sudo chmod 0600 /usr/tomcat/conf/jmxremote.*
Controlling the Ports
we need to add jmx listener /usr/tomcat/conf/server.xml file like this:
<Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"
rmiRegistryPortPlatform="7091" rmiServerPortPlatform="7091" />
add jmx jar file inside tomcat lib:/usr/tomcat/lib/.
The jar we are looking for is called catalina-jmx-remote.jar.
Restart tomcat then try to connect using jconsole or jvisualvm
reference : 1. https://blog.markshead.com/1129/connecting-visual-vm-to-tomcat-7/
2.https://geekflare.com/enable-jmx-tomcat-to-monitor-administer/#:~:text=JMX%20(Java%20Management%20Extension)%20is,Classes%2C%20and%20configure%20various%20MBeans.
Related
I'm trying to find a way to use hosts defined in my user's ~/.ssh/config file to define a docker context.
My ~/.ssh/config file contains:
Host my-server
HostName 10.10.10.10
User remoteuser
IdentityFile /home/me/.ssh/id_rsa-mykey.pub
IdentitiesOnly yes
I'd like to create a docker context as follow:
docker context create \
--docker host=ssh://my-server \
--description="remoteuser on 10.10.10.10" \
my-server
Issuing the docker --context my-server ps command throws an error stating:
... please make sure the URL is valid ... Could not resolve hostname my-server: Name or service not known
For what I could figure out, the docker command uses the sudo mechanism to elevate its privileges. Thus I guess it searches /root/.ssh/config, since ssh doesn't use the $HOME variable.
I tried to symlink the user's config as the root one:
sudo ln -s /home/user/.ssh/config /root/.ssh/config
But this throws another error:
... please make sure the URL is valid ... Bad owner or permissions on /home/user/.ssh/config
The same happens when creating the /root/.ssh/config file simply containing:
Include /home/*/.ssh/config
Does someone have an idea on how to have my user's .ssh/config file parsed by ssh when issued via sudo ?
Thank you.
Have you confirmed your (probably correct) theory that docker is running as root, by just directly copying your user's ~/.ssh/config contents into /root/.ssh/config? If that doesn't work, you're back to square one...
Otherwise, either the symlink or the Include ought to work just fine (a symlink inherits the permissions of the file it is pointing at).
Another possibility is that your permissions actually are bad -- don't forget you have to change the permissions on both ~/.ssh AND ~/.ssh/config.
chmod 700 /home/user/.ssh
chmod 600 /home/user/.ssh/config
And maybe even:
chmod 700 /root/.ssh
chmod 600 /root/.ssh/config
I am running Jmeter in noVNC, able to run Jmeter in noVNC but offcourse in default small window.
But when I create Http(s) script recorder and when click on Start button, I get this error
error is -> "Could not create script recorder -see log for details: >> keytool error: java.security.ProviderException: Could not initialize NSS << command failed code:1
'keytool -genkeypair -alias:root_ca: -dname"CN=_Jmeter Root CA for recording(INSTALL ONLY IF IT IS YOURS).......FULL ERROR in SCREENSHOT"'"
Tried creating Http(s) script recrorder with and without PRoxy setup in my Chrome browser, getting same error.
right hand side of screenshot
below is my Dockerfile
FROM uphy/novnc-alpine
RUN \
apk add --no-cache curl openjdk8-jre bash \
&& apk add --no-cache nss \
&& curl -L https://archive.apache.org/dist/jmeter/binaries/apache-jmeter-5.4.1.tgz > /tmp/jmeter.tgz \
&& mkdir -p /opt \
&& tar -xvf /tmp/jmeter.tgz -C /opt \
&& rm /tmp/jmeter.tgz \
&& cd /etc/supervisor/conf.d \
&& echo '[program:jmeter]' >> supervisord.conf \
&& echo 'command=/opt/apache-jmeter-5.4.1/bin/./jmeter' >> supervisord.conf \
&& echo 'autorestart=true' >> supervisord.conf
ENV JAVA_HOME /usr/lib/jvm/java-1.8-openjdk/
RUN export JAVA_HOME
This is how I am running (related to Use Jmeter desktop application as web app)
creating docker image with noVNC and running Jmeter inside noVNC (dockerfile also provided in the end)
exposing it to some port and accessing it in browser
docker build -t jmeter .
docker run -it --rm -p 8080:8080 jmeter
I checked my docker container also, able to see JDK, jdk is already present here -> /usr/lib/jvm/java-1.8-openjdk/ and jmeter is present here /opt/apache-jmeter-5.4.1
I am not sure should I pass more options or arguments inside docker run command.
I am wondering, how this jmeter will create the certificate inside my bin directory on click of start button, since this Jmeter is running inside noVNC docker ?
Any other way by which we can automatically integrate/create this certificate without importing or without clicking on start button.
How Proxy setting can be done if Jmeter in running inside noVNC container.
I think you need to install nss package
change this line:
apk add --no-cache curl openjdk8-jre bash \
to this one:
apk add --no-cache curl openjdk8-jre bash nss \
Once you re-build the image the HTTP(S) Test Script Recorder should launch normally.
With regards to the certificate, it will be stored in JMeter's "bin" folder in the container so if you want to use in in the browser in the container - you will have to install the browser there as well.
If you want to use the browser on your local machine - you will need to copy the certificate from the container and to expose another port for JMeter's HTTP(S) test script recorder.
Just in case be aware that you can also record JMeter test scripts using JMeter Chrome Extension, in this case you won't have to worry about proxies, certificates and ports.
I have this set of services I wish to do some logging for. Some services are running a node app, so the output is directly visible in the docker logs command.
However, a couple are different. Let's use my Java application as an example. It's running in a wrapper but the logging is written to a log file instead of STDOUT.
How can I hook the file as the docker logs output?
ps. The other app is an PHP app on a Nginx server, also with it's own logging file.
-UPDATE
The application is a Java application (.jar file) running in Java Service Wrapper from Tanuki. The built JAR has a Log4j logger writing via a DailyRollingFileAppender to logs/server.log. The Wrapper itself has output which I ignore via >/dev/null 2>&1. I just added to following line to the Dockerfile.
RUN ln -sf /dev/stdout /opt/myserver/logs/server.log
This is not working though. No output is send when I use docker-compose up myserver
Link log file(s) to stdout/stderr. For example in your Dockerfile:
RUN ln -sf /dev/stdout /<path>/logfile.log \
&& ln -sf /dev/stderr /<path>/errors-logfile.log
I found it. Apparently you can write logs from docker containers via
RUN ln -sf /proc/1/fd/1 /opt/myserver/logs/server.log
in your Dockerfile
I am trying to run metricbeat using docker in windows machine and I have changed metricbeat.yml as per my requirement.
docker run -v /c/Users/someuser/docker/metricbeat.yml:/usr/share/metricbeat/metricbeat.yml docker.elastic.co/beats/metricbeat:5.6.0
but getting these error
metricbeat2017/09/17 10:13:19.285547 beat.go:346: CRIT Exiting: error
loading config file: config file ("metricbeat.yml") can only be
writable by the owner but the permissions are "-rwxrwxrwx" (to fix the
permissions use: 'chmod go-w /usr/share/metricbeat/metricbeat.yml')
Exiting: error loading config file: config file ("metricbeat.yml") can only be writable by the owner but the permissions are "-rwxrwxrwx"
(to fix the permissions use: 'chmod go-w /
usr/share/metricbeat/metricbeat.yml')
Why I am getting this?
What is the right way to make permanent change in file content in docker container (As I don't want to change configuration file each time when container start)
Edit:
Container is not meant to be edited / changed.If necessary, docker volume management is available to externalize all configuration related works.Thanks
So there are 2 options you can do here I think.
The first is that you can ensure the file has the proper permissions:
chmod 644 metricbeat.yml
Or you can run your docker command with -strict.perms=false which flags that metricbeat shouldn't care about what permissions are on the metricbeat.yml file.
docker run \
docker.elastic.co/beats/metricbeat:5.6.0 \
--volume="/c/Users/someuser/docker/metricbeat.yml:/usr/share/metricbeat/metricbeat.yml" \
-strict.perms=false
You can see more documentation about that flag in the link below:
https://www.elastic.co/guide/en/beats/metricbeat/current/command-line-options.html#global-flags
In docker, how to scope with the requirement of configuring known_hosts, authorized_keys and ssh connectivity in general, when container have to talk with external systems?
For example, I'm running jenkins container and try to checkout the project from github in job, but connection fails with the error host key verification failed
This could be solved by login into container, connect to github manually and trust the host key when prompted. However this isn't proper solution, as everything needs to be 100% automated (I'm building CI pipeline with ansible and docker). Another (clunky) solution would be to provision the running container with ansible, but this would make things messy and hard to maintain. Jenkins container doesn't even has ssh daemon, and I'm not sure how to ssh into container from other host. Third option would be to use my own Dockerfile extending jenkins image, where ssh is configured, but that would be hardcoding and locking the container to this specific environment.
So what is the correct way with docker to manage (and automate) connectivity with external systems?
To trust github.com host you can issue this command when you start or build your container:
ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts
This will add github public key to your known hosts file.
If everything is done in the Dockerfile it's easy.
In my Dockerfile:
ARG PRIVATE_SSH_KEY
# Authorize SSH Host
RUN mkdir -p /root/.ssh && \
chmod 0700 /root/.ssh && \
ssh-keyscan example.com > /root/.ssh/known_hosts && \
# Add the keys and set permissions
echo "$PRIVATE_SSH_KEY" > /root/.ssh/id_rsa && \
chmod 600 /root/.ssh/id_rsa
...do stuff with private key
# Remove SSH keys
RUN rm -rf /root/.ssh/
You need to obviously need to pass the private key as an argument to the building(docker-compose build or docker build).
One solution is to mount host's ssh keys into docker with following options:
docker run -v /home/<host user>/.ssh:/home/<docker user>/.ssh <image>
This works perfectly for git.
There is a small trick but git version should be > 2.3
export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
git clone git#gitlab.com:some/another/repo.git
or simply
GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" git clone git#...
you can even point to private key file path like this:
GIT_SSH_COMMAND="ssh -i /path/to/private_key_file -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" git clone git#...
This is how I do it, not sure if you will like this solution though. I have a private git repository containing authorized_keys with a collection of public keys. Then, I use ansible to clone this repository and replace authorized_keys:
- git: repo=my_repo dest=my_local_folder force=yes accept_hostkey=yes
- shell: "cp my_local_folder/authorized_keys ~/.ssh/"
Using accept_hostkey is what actually allows me to automate the process (I trust the source, of course).
Try this:
Log into the host, then:
sudo mkdir /var/jenkins_home/.ssh/
sudo ssh-keyscan -t rsa github.com >> /var/jenkins_home/.ssh/known_hosts
The Jenkins container sets the home location to the persistent map, as such, running this in the host system will generate the required result.
Detailed answer to the one provided by #Konstantin Suvorov, if you are going to use a Dockerfile.
In my Dockerfile I just added:
COPY my_rsa /root/.ssh/my_rsa # copy rsa key
RUN chmod 600 /root/.ssh/my_rsa # make it accessible
RUN apt-get -y install openssh-server # install openssh
RUN ssh-keyscan my_hostname >> ~/.ssh/known_hosts # add hostname to known_hosts
Note that "my_hostname" and "my_rsa" are your host-name and your rsa key
This made ssh work in docker without any issues, so I could connect to DBs