I am following the App Dev Pack to configure the domino server.
After I tried to setup ldap configuration, then the following error message occured.
The server.kyr is kyring file using the make_certs.cmd and make_keying.cmd from the App Dev Pack.
Here is the error message when running.
[1760:0005-17A8] 2022/07/13 下午 12:11:04 CertStore: LDAP: Cannot find TLS Credential for [serv.org.com.kyr] (RSA: 1, ECDSA: 1) : Entry not found in index
[1760:0002-17A8] 2022/07/13 下午 12:11:05 LDAP Server: Started
[07FC:0002-15B0] 2022/07/13 下午 12:11:07 JVM: Java Virtual Machine initialized.
[07FC:0002-15B0] 2022/07/13 下午 12:11:07 HTTP Server: Java Virtual Machine loaded
[0518:0002-16B0] 2022/07/13 下午 12:11:07 JVM: Java Virtual Machine initialized.
[0518:0002-16B0] 2022/07/13 下午 12:11:07.47 PROTON> Listening on 0.0.0.0:3002, SSL-ENABLED
[07FC:0002-15B0] 2022/07/13 下午 12:11:07.47 CSRF Init: iNotes_WA_Security_ReturnUrlCheck> c_CSRFReturnUrlCheck: 1
[0518:0002-16B0] 2022/07/13 下午 12:11:07.47 PROTON> Server initialized
[0518:0002-16B0] 2022/07/13 下午 12:11:07.47 PROTON> Server allows Anonymous access only.
[0518:0005-0A4C] 2022/07/13 下午 12:11:08.42 PROTON> SessionCache::prune: enter
[0518:0005-0A4C] 2022/07/13 下午 12:11:08.44 PROTON> SessionCache::prune: exit
[0518:0005-0A4C] 2022/07/13 下午 12:11:24.16 PROTON> SessionCache::prune: enter
[0518:0005-0A4C] 2022/07/13 下午 12:11:29.27 PROTON> SessionCache::prune: exit
[07FC:0002-15B0] 2022/07/13 下午 12:11:30 XSP Command Manager initialized
[07FC:0002-15B0] 2022/07/13 下午 12:11:30 HTTP Server: Error - Unable to Bind serv.org.com, port 80, port in use or Bind To Host configuration specifies a duplicate IP address/host
[07FC:0002-15B0] 2022/07/13 下午 12:11:31 XSP Command Manager terminated
[07FC:0002-15B0] 2022/07/13 下午 12:11:32 HTTP Server: Shutdown
[0518:0005-0A4C] 2022/07/13 下午 12:11:44.74 PROTON> SessionCache::prune: enter
[0518:0005-0A4C] 2022/07/13 下午 12:11:44.74 PROTON> SessionCache::prune: exit
[0518:0005-0A4C] 2022/07/13 下午 12:12:15.16 PROTON> SessionCache::prune: enter
[0518:0005-0A4C] 2022/07/13 下午 12:12:15.16 PROTON> SessionCache::prune: exit
[06A8:0002-07E0] 2022/07/13 下午 12:12:29 AMgr: Error executing agent 'DeleteExpiredDocs' in 'iam-store.nsf'. Agent signer 'Domino Template Development/Domino': You are not authorized to perform that operation
[0518:0005-0A4C] 2022/07/13 下午 12:12:30.40 PROTON> SessionCache::prune:
Your error does not have anything to do with your changes in setup.
When you start the domino server, then it first starts the so called "Server Controller". This server controller is an executable (scontroller.exe under Windows), that listens on port 2050 for any Java remote console to connect.
The controller is configured in "dcontroller.ini" in your data directory.
You can check, if the controller runs using netstat in a command line:
netstat -ano |findstr 2050
will give you the following result, if the controller is running:
TCP 0.0.0.0:2050 0.0.0.0:0 LISTENING 3836
or if it is configured to a specific IP address:
TCP 172.16.0.21:2050 0.0.0.0:0 LISTENING 3836
To connect to the server using the Domino Server Console, it uses a file called "dconsole.ini" in the same directory as dcontroller.ini.
The dconsole.ini has an entry to point to controller called "LocalHost". It should point to the same IP / Hostname, that the controller listens to:
LocalHost=172.16.0.21:2050
This is usually the second line in that file. If it is missing: Add it and restart console.
Your error typically occurs if a server has more than one IP address / network card.
Related
I have configured the ZK Server to use SSL (signed cert, trust store,keystore, modified zookeeper.properties all setup done and good). Zookeeper starts and listens on the port 2182 for SSL requests and no errors in the zookeeper and kafka server logs.
#new properties added in kafka/config/zookeeper.properties
secureClientPort=2182
authProvider.x509=org.apache.zookeeper.server.auth.X509AuthenticationProvider
serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
ssl.trustStore.location=/path/to/ssl/kafka.zookeeper.truststore.jks
ssl.trustStore.password=serversecret
ssl.keyStore.location=/path/to/ssl/kafka.zookeeper.keystore.jks
ssl.keyStore.password=serversecret
ssl.clientAuth=need
Now to connect to secure zookeeper using ZK-CLI I am following similar approach. Create zk-client cert, get it signed, create truststore and keystore for the same. Create the properties file and trying to connect to ZK server but I get an error
Command not found: Command not found /path/to/ssl/zookeeper-client.properties
$ kafka/bin/zookeeper-shell.sh localhost:2182 -zk-tls-config-file /Users/path/to/ssl/zookeeper-client.properties
Connecting to localhost:2182
ZooKeeper -server host:port cmd args
addauth scheme auth
close
.....
Command not found: Command not found /Users/path/to/ssl/zookeeper-client.properties
My zookeeper-client.properties looks like this
$cat /Users/path/to/ssl/zookeeper-client.properties
#zookeeper.connect=localhost:2182
zookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
zookeeper.ssl.client.enable=true
zookeeper.ssl.protocol=TLSv1.2
zookeeper.ssl.truststore.location=/Users/path/to/ssl/kafka.zookeeper-client.truststore.jks
zookeeper.ssl.truststore.password=serversecret
zookeeper.ssl.keystore.location=/Users/path/to/ssl/kafka.zookeeper-client.keystore.jks
zookeeper.ssl.keystore.password=serversecret
Kafka Server logs at the start of the ZK.
[2021-07-16 11:27:38,676] INFO binding to port 0.0.0.0/0.0.0.0:2181 (org.apache.zookeeper.server.NettyServerCnxnFactory)
[2021-07-16 11:27:43,760] INFO bound to port 2181 (org.apache.zookeeper.server.NettyServerCnxnFactory)
.....
[2021-07-16 11:27:43,819] INFO Using org.apache.zookeeper.server.NettyServerCnxnFactory as server connection factory (org.apache.zookeeper.server.ServerCnxnFactory)
[2021-07-16 11:27:43,819] INFO binding to port 0.0.0.0/0.0.0.0:2182 (org.apache.zookeeper.server.NettyServerCnxnFactory)
[2021-07-16 11:27:43,821] INFO bound to port 2182 (org.apache.zookeeper.server.NettyServerCnxnFactory)
...
When I try to connect to port 2182 with the zk-client the server logs doesn't show an entry (probably because it is not able to connect as the command to initiate connection fails)
I am using kafka_2.12 version and it has zookeeper-3.5.7
What am I missing here? To me configurations look as expected and the zk-cli shouldn't throw
Reference :
https://atsc.com.sg/docs/edp/7-security/zookeeper-mutual-tls/
https://docs.confluent.io/platform/current/security/zk-security.html
Thanks,
JE
I think the problem is that your cli is running from older version that does not yet support this parameter, check your execution path , are you truly executing from the "current" version?
I've installing CF2018 on a new server, which is installed and running, I can see it if I run ps aux | ack -i coldfusion
$ cat /etc/centos-release
CentOS Linux release 7.6.1810 (Core)
$ httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built: Jul 29 2019 17:18:49
UPDATE
I had clearly broken something so I've removed earlier errors, but I'm still getting issues with the connector.
I have removed all references and files relating to mod_jk from /etc/httpd/conf, reinstalled CF then re-ran the connector.
It's installed successfully with this command:
$ sudo ./wsconfig -ws Apache -dir /etc/httpd/conf
I have the dir at /opt/coldfusion2018/config/wsconfig/1 setup but I'm now getting these errors:
$ pwd
/opt/coldfusion2018/config/wsconfig/1
$ tail mod_jk.log
[error] ajp_service::jk_ajp_common.c (3000): (cfusion) connecting to tomcat failed (rc=-3, errors=583, client_errors=0).
[info] jk_open_socket::jk_connect.c (816): connect to ::1:8018 failed (errno=13)
[info] ajp_connect_to_endpoint::jk_ajp_common.c (1140): (cfusion) Failed opening socket to (::1:8018) (errno=13)
[error] ajp_send_request::jk_ajp_common.c (1811): (cfusion) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=13)
[info] ajp_service::jk_ajp_common.c (2979): (cfusion) sending request to tomcat failed (recoverable), because of error during request sending (attempt=1)
[info] jk_open_socket::jk_connect.c (816): connect to ::1:8018 failed (errno=13)
[info] ajp_connect_to_endpoint::jk_ajp_common.c (1140): (cfusion) Failed opening socket to (::1:8018) (errno=13)
[error] ajp_send_request::jk_ajp_common.c (1811): (cfusion) connecting to backend failed. Tomcat is probably not started or is listening on the wrong port (errno=13)
[info] ajp_service::jk_ajp_common.c (2979): (cfusion) sending request to tomcat failed (recoverable), because of error during request sending (attempt=2)
[error] ajp_service::jk_ajp_common.c (3000): (cfusion) connecting to tomcat failed (rc=-3, errors=584, client_errors=0).
I have no idea where port 8018 has come from, I thought tomcat used 8500 by default
UPDATE 2
If I visit my site with :8500 on the end I can get into the CFIDE, so it's CF is running and that port is accessible
UPDATE 3
I've found this in my server.xml file, tried setting the port to both 8009 and 8018 and it seems to make no difference to the errors in the mod_jk.log
<!-- Define an AJP 1.3 Connector on port 8009 -->
<!-- begin connector -->
<Connector port="8009" packetSize="65535" protocol="AJP/1.3" redirectPort="8451" tomcatAuthentication="false" maxThreads="500" connectionTimeout="60000"/>
<!-- end connector -->
Pete,
What's the OS and the webserver's version?
Did you try passing the parameters other than dir, explicitly, like so:
sudo ./wsconfig -ws Apache /opt/apache2/conf -bin /opt/apache2/bin/httpd -script /opt/apache2/bin/apachectl -dir -v
..and the coldfusion process need not be running for the connector to be configured.
8018 is the default AJP port that the conector uses to talk to tomcat. 8500 is the default HTTP port that you'd use when you access the CF admin console.
You initially reported error when configuring the connector. Is that resolved.
Did you check the wsconfig log to see if there were errors configuring the connector.
The modjk log excrepts you've shared more recently simply indicate that CF is not running, or at the least, not listening on the default AJP port.
The problem was SELinux blocking port 8018, I actually asked my hosting provider Secura to look into this for me and they fixed it (based on all the information I'd found from piyush's answer)
I had to allow port 8018 in SELinux
semanage port -a -t http_port_t -p tcp 8018
I have created the getting started lagom application http://www.lagomframework.com/documentation/1.0.x/GettingStarted.html
And the system is starting fine.
[info] Service locator is running at http://localhost:8000
[info] Service gateway is running at http://localhost:9000
[info] application - Signalled start to ConductR
[info] application - Signalled start to ConductR
[info] Service hellostream-impl listening for HTTP on 0:0:0:0:0:0:0:0:26230
[info] Service helloworld-impl listening for HTTP on 0:0:0:0:0:0:0:0:24266
How do i change the host and port of the service gateway to listen on 0.0.0.0:8080 ?
The hostname seems to be fine. It's possible to access the service from another machine. The localhost is hard coded.
def serviceGatewayAddress: URI = {
new URI(s"http://localhost:${gateway.address.getPort}")
}
see https://github.com/lagom/lagom/blob/1.0.0-M1/dev/service-locator/src/main/scala/com/lightbend/lagom/discovery/ServiceLocatorServer.scala#L71
To configure the port of the service gateway set the property lagomServiceGatewayPort in the main build.sbt.
lagomServiceGatewayPort in ThisBuild := 8080
Launching my spark worker, I got an error which may be related to the possibility from the slave to contact the master machine. But I am unsure.
6/02/12 23:47:13 INFO Utils: Successfully started service 'sparkWorker' on port 38019.
16/02/12 23:47:13 INFO Worker: Starting Spark worker 192.168.0.38:38019 with 8 cores, 26.5 GB RAM
16/02/12 23:47:13 INFO Worker: Running Spark version 1.6.0
16/02/12 23:47:13 INFO Worker: Spark home: /home/romain/spark-1.6.0-bin-hadoop2.6
16/02/12 23:47:13 INFO Utils: Successfully started service 'WorkerUI' on port 8081.
16/02/12 23:47:13 INFO WorkerWebUI: Started WorkerWebUI at http://192.168.0.38:8081
16/02/12 23:47:13 INFO Worker: Connecting to master 192.168.0.39:7078...
16/02/12 23:47:13 WARN Worker: Failed to connect to master 192.168.0.39:7078
java.io.IOException: Failed to connect to /192.168.0.39:7078
at org.apache.spark.network.client.TransportClientFactory.createClient(TransportClientFactory.java:216)
at org.apache.spark.network.client.TransportClientFactory.createClient(TransportClientFactory.java:167)
at org.apache.spark.rpc.netty.NettyRpcEnv.createClient(NettyRpcEnv.scala:200)
at org.apache.spark.rpc.netty.Outbox$$anon$1.call(Outbox.scala:187)
at org.apache.spark.rpc.netty.Outbox$$anon$1.call(Outbox.scala:183)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.net.ConnectException: Connection refused: /192.168.0.39:7078
at sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)
at sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:744)
at io.netty.channel.socket.nio.NioSocketChannel.doFinishConnect(NioSocketChannel.java:224)
at io.netty.channel.nio.AbstractNioChannel$AbstractNioUnsafe.finishConnect(AbstractNioChannel.java:289)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:528)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:468)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:382)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:354)
at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:111)
... 1 more
While on the master I see it is up and running :
16/02/12 23:30:30 WARN Utils: Your hostname, pl resolves to a loopback address: 127.0.1.1; using 192.168.0.39 instead (on interface eth0)
16/02/12 23:30:30 WARN Utils: Set SPARK_LOCAL_IP if you need to bind to another address
16/02/12 23:30:31 WARN NativeCodeLoader: Unable to load native-hadoop library for your platform... using builtin-java classes where applicable
16/02/12 23:30:31 INFO SecurityManager: Changing view acls to: romain
16/02/12 23:30:31 INFO SecurityManager: Changing modify acls to: romain
16/02/12 23:30:31 INFO SecurityManager: SecurityManager: authentication disabled; ui acls disabled; users with view permissions: Set(romain); users with modify permissions: Set(romain)
16/02/12 23:30:31 WARN Utils: Service 'sparkMaster' could not bind on port 7077. Attempting port 7078.
16/02/12 23:30:31 INFO Utils: Successfully started service 'sparkMaster' on port 7078.
16/02/12 23:30:31 INFO Master: Starting Spark master at spark://pl:7078
16/02/12 23:30:31 INFO Master: Running Spark version 1.6.0
16/02/12 23:30:32 INFO Utils: Successfully started service 'MasterUI' on port 3094.
16/02/12 23:30:32 INFO MasterWebUI: Started MasterWebUI at http://192.168.0.39:3094
16/02/12 23:30:32 WARN Utils: Service could not bind on port 6066. Attempting port 6067.
16/02/12 23:30:32 INFO Utils: Successfully started service on port 6067.
16/02/12 23:30:32 INFO StandaloneRestServer: Started REST server for submitting applications on port 6067
16/02/12 23:30:32 INFO Master: I have been elected leader! New state: ALIVE
Going through blogs and pages it seems it is possible that we would need a secure network (I did install password-less ssh key - but for "romain" user : under which user is spark launch ? the command-line user I guess).
Should I check something on the network ?
From this page :
Spark worker can not connect to Master
I tried :
telnet 192.168.0.39
Trying 192.168.0.39...
telnet: Unable to connect to remote host: Connection refused
But ping works :
romain#wk:~/spark-1.6.0-bin-hadoop2.6$ ping 192.168.0.39
PING 192.168.0.39 (192.168.0.39) 56(84) bytes of data.
64 bytes from 192.168.0.39: icmp_seq=1 ttl=64 time=0.233 ms
64 bytes from 192.168.0.39: icmp_seq=2 ttl=64 time=0.185 ms
^C
--- 192.168.0.39 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.185/0.209/0.233/0.024 ms
and I do have passwordless ssh connectivity :
$ ssh 192.168.0.39
Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.19.0-49-generic x86_64)
$
What should be done to make connectivity possible ?
By setting SPARK_LOCAL_IP=127.0.0.1 variable, I was able to get my
spark worker working.
you can either define it as local bash ENV variable in ~/.bashrc
you can make a copy of $SPARK_HOME/conf/spark-env.sh.template as 'conf/spark-env.sh' and define it there.
In a cluster environment, you better it as local IP address. Thus you would be able to see worker node UI.
I need to allow client to connect to a websocket on server 10.0.4.160. The 10.0.4.160 server does not have SSL installed on it but it have a websocket that is running on port 8080.
I need to setup a secure tunnel to allow the client to connect to the websocket.
I installed the stunnel on my windows Server 2008 R2, And changed my stunnel.conf file to look loke this
[websockets]
accept = 8443
connect = 8080
verify = 2
CAfile = ca-certs.pem
client = yes
I am expecting to connect to the server on port 8433 and the stunnel will allow the connection to connect to port 8080
This is the code that I use in the client's console "Of course, the console is on a PC that is on my internal network"
var conn = new WebSocket('wss://10.0.4.160:8443');
conn.onopen = function(e) {
console.log("Connection established!");
};
conn.onmessage = function(e) {
console.log(e.data);
};
While on the server I open up a command line and I execute this
telnet localhost 8080
I get a command line and when I fire the code above from a console I see this in the server's command line
But few seconds later I get this error in the console
WebSocket connection to 'wss://10.0.4.160:8443/' failed: Error in connection establishment: net::ERR_TIMED_OUT
If I try to send a command using conn.sent('Hello') I get this error
VM289:2 Uncaught DOMException: Failed to execute 'send' on 'WebSocket': Still in CONNECTING state.
at Error (native)
at <anonymous>:2:6
at Object.InjectedScript._evaluateOn (<anonymous>:905:140)
at Object.InjectedScript._evaluateAndWrap (<anonymous>:838:34)
at Object.InjectedScript.evaluate (<anonymous>:694:21)
Additionally, I tried to turn on debugging in strunnel by adding debug = 7
This is what I got in the stunnel console. I don't understand what is wrong as the logs show that the client is connected but I can't send messages from the client to the server
2015.08.16 16:40:06 LOG7[36]: Service [websockets] started
2015.08.16 16:40:06 LOG5[36]: Service [websockets] accepted connection from 10.0.4.195:21963
2015.08.16 16:40:06 LOG6[36]: s_connect: connecting 127.0.0.1:8080
2015.08.16 16:40:06 LOG7[36]: s_connect: s_poll_wait 127.0.0.1:8080: waiting 10 seconds
2015.08.16 16:40:06 LOG5[36]: s_connect: connected 127.0.0.1:8080
2015.08.16 16:40:06 LOG5[36]: Service [websockets] connected remote server from 127.0.0.1:50891
2015.08.16 16:40:06 LOG7[36]: Remote socket (FD=668) initialized
2015.08.16 16:40:06 LOG6[36]: SNI: sending servername: localhost
2015.08.16 16:40:06 LOG7[36]: SSL state (connect): before/connect initialization
2015.08.16 16:40:06 LOG7[36]: SSL state (connect): SSLv2/v3 write client hello A
What am I doing wrong here?
How come the connection keeps failing?