I can't seem to find the configuration reference for creating a CA with cfssl.
I'm going through k8s the hard way and trying to understand every single step. In this step, he makes a ca-config.json for use with cfssl gencert -initca ca-csr.json. I'd like to see the reference for this, but I can't find it. Where is it?
Related
I have a weird issue with envFrom:
- name: template-api
envFrom:
- secretRef:
name: common-secrets
- secretRef:
name: template-api
in common-secrets I have variables like this:
MAILHOST=smtp.gmail.com
MAILPORT=587
And template-api is like:
MAIL_HOST=$MAILHOST
MAIL_PORT=$MAILPORT
This is like that, because pods have different variables names for same info.
But when the container is running the variables are replaced with literal $VAR instead of var value.
Maybe Im using the wrong solution for this. Did somebody face the same issue?
Kubernetes won't update it that way, if you are running that approach with any code or script it will work inside the code. like process.env($MAILHOST)
Whatever you have mentioned in secret it will get injected into the OS environment now if the same values are there it will get overwritten.
Kubernetes inject the secret based on the YAML configuration either to the file system or either inside the OS.
Kubernetes simply inject the values into the POD as set in secret. it won't check whether anything is already set in the environment and replaces it with values.
I currently need to parse the CommonName from a packet. I have code that works up to a point, however am having trouble skipping over the "issuer" member of a Certificate record for TLSv1.2. I have done research on the format of the SSL records and have investigated the dump via wireshark. I've found the format is generally - Length, followed by the data. However when trying to find the issue length, I cannot seem to get it, and is inconsistent with the bytes presented. Any ideas..or a better way to skip over the issuer field, and go directly to the "subject" of an TLS 1.2 record. Coded in C..Thank you for useful responses.
You need to understand ASN.1. Go read this book (it is a free download). Once you have read and understood it, you can write your decoder, following the ASN.1 specification for certificates. This is doable, but requires great implementation care. In fact, this is a bad idea unless you are a demi-god of C programming.
Alternatively, use some library that already knows how to decode a certificate. Typically, OpenSSL.
I can access this API/WS through
http://localhost:8080/ode/processes/ProcessManagement?wsdl.
I would like to get the Process Info of a Process through this service and active it.
The serivce has the matching operations getProcessInfo and activate.
With listAllProcesses I get all Processes of a delpoyed package.
For getProcessInfo/activate I need the Process pid.
I get a <ns:pid>, using this gets me a load of Exceptions.
Using the name of the process and other stuff I receive earlier doesn't work either.
The pid is of type QName, perhaps thats the root of the problem.
However I don't now how to typecast here.
(Tried all with the eclipse Web Services Explorer and soapUI)
question: How does a proper request for both Operations look like?
When I try to consume the webservice with axi2 via eclipse, there is a undeclared variable local in the AnySimpleType class. I'm not keen on using the service this way.
But since I'm already writing a Client for the DeploymentService I thought about this approach.
question: How do I properly access the ProcessManagement?
EDIT: I have a simular problem with the DeploymentService and the undeploy Operation.
EDIT2: I figured the Problem with the DeploymentService undeploy out.
I had to get the Packagename as String. Then a made a javax.xml.namespace.QName out of it. Then I used the setPackageName of said undeploy operation.
Answer to question number 1:
soapUI with listAllProcesses returns
<ns:pid>{ode/bpel/unit-test}HelloWorld2-1</ns:pid>
getProcessInfo wants
<pmap:getProcessInfo>
<pid>?</pid>
</pmap:getProcessInfo>
Now I replaced <pid>?</pid> with
<pid xmlns:odetest="http://ode/bpel/unit-test">odetest:HelloWorld2-1</pid>
and it worked like a charm.
I remember that there was an issue with parameter ordering when using the Axis2 generated WSDL. Could you try if building a request against the original WSDL located at http://localhost:8080/ode/deployment/services/ProcessManagement works?
EDIT: Now that I got the question correctly, the problem is that ODE expects the QName to be serialized differently, i.e. in the XML way instead of the Java way. Thus, instead of <ns:pid>{ode/bpel/unit-test}HelloWorld2-1</ns:pid> the correct notation is <ns:pid xmlns:odetest="ode/bpel/unit-test">odetest:HelloWorld2-1</ns:pid>.
I have successfully created WLS 10.3.5 domains using offline WLST, along the lines of readTemplate(template); set("name","DomainName"); ...
One detail remains: I need to set the "Credential" of each domain to a common random value, across all domains, for "global trust". It's the setting that's behind Console / Domain / Security / General / Advanced / "Credential"
Question: I fail to find the property (or its location?) that one needs to set for this?
FWIW, I use post-processing on config.xml file level now to inject an encrypted common value string as <credential-encrypted> , but I'd rather just set this via WLST without tweaking the resulting XML.
Thanks in advance,
Matthias
I suggest you to use createDomain() command it will be much easy to work.
createDomain('/olddoamin/path/template.jar’,’domainPath’,’user’, ‘passwd’)
For more you can see the following link:
WLST by Examples: Domain migration made simple
As you told your navigation on the console, I found on WLST navigation property location it is having in the followingpath:
wls:/offline/mydomain/SecurityConfiguration/mydomain>ls()
-rw- CredentialEncrypted ????????
It is with -rw- so you can update it right?
Hope this will help you.
Right, this works. The key is to not work on the template, but to read the doman from its domain directory. Then it's just setting the attribute CredentialEncrypted:
readDomain(domain_dir)
cd('/SecurityConfiguration/' + 'domain_name)
set('CredentialEncrypted', encrypt(shared_credential,domain_dir))
updateDomain()
closeDomain()
shared_credential should be something random. I used a hex-encoded digest of the newly-created config.xml file, which contains enough randomness.
I'm probably having the most simple problem, but I'm still a bit at my wits end. Basically my problems are related to this command:
euca-run-instances -k mykey emi-104915A8
As you know, when starting up instance in Eucalyptus, either through API (as I actually am) or with the command above, the key pair has to be created. If I have understood right, eucalyptus injects the public key of that key pair to the instance. Now there's a method in API (using typica, btw) for creating such a key pair, but I believe when using that it's not possible to get the private key, which I would be needing, since I'd like to do some administrative stuff from external application.
So is it possible to get private keys through eucalyptus api? Or have you managed to find a good solution for injecting externally generated key pairs to instances? I'm between just making my own images and either fooling around with custom-user parameters, or just making some general key pair and putting that straight to image.
I'm just fooling around with Eucalyptus, and trying to get a hand of it, since I think it's best to get to know this cloud concept by trying to implement something on top of it :)
There is not much that can be done in this matter using Typica. I recommend creating the keypair by ssh-ing into the Cloud Controller and creating the keypair by euca-create-keypair command (all this through JAVA). You will get the private key as the output of the command. Save it into a file and carry on.
All the best !!!