We Keep Coding

Can't ping Terraform created droplets with Ansible

Using Terraform I have created 3 droplets on DigitalOcean. While doing it, in folder I have been writing SSH key and creating inventory.txt file.
Here is how it look in Terraform code:
resource "local_file" "servers_ipv4" {
content = join("\n", [
for idx, s in module.openvpn_do_infrastructure_module.servers_ipv4:
<<EOT
${var.droplet_names[idx]} ansible_host=${s} ansible_user=root ansible_ssh_private_key=openvpn_do_ssh.key
EOT
])
filename = "${path.module}/ansible/inventory.txt"
}
resource "local_file" "ssh_keys" {
content = module.openvpn_do_infrastructure_module.ssh_keys
filename = "${path.module}/ansible/openvpn_do_ssh.key"
}
Then, I have ansible folder. After execution of the script and creating droplets in this folder I have 3 files. First file, is just ansible.cfg:
[defaults]
host_key_checking = false
inventory = ./inventory.txt
The other 2 are created by Terraform. It's SSH key - openvpn_do_ssh.key and inventory.txt:
certificate-authority-server ansible_host=123.123.123.121 ansible_user=root ansible_ssh_private_key=openvpn_do_ssh.key
openvpn-server ansible_host=123.123.123.122 ansible_user=root ansible_ssh_private_key=openvpn_do_ssh.key
nextcloud-server ansible_host=123.123.123.123 ansible_user=root ansible_ssh_private_key=openvpn_do_ssh.key
And here is the problem. When I do ansible all -m ping, I get errors:
certificate-authority-server | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: root#123.123.123.121: Permission denied (publickey).",
"unreachable": true
}
nextcloud-server | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: root#123.123.123.122: Permission denied (publickey).",
"unreachable": true
}
openvpn-server | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: root#123.123.123.123: Permission denied (publickey).",
"unreachable": true
}
Also, I can connect to those droplets with SSH and everything is just fine. Even when I change permission to .key file, I still have the same error. I was trying to get more logs with -vvv flags, and here is the most interesting info I found:
ESTABLISH SSH CONNECTION FOR USER: root
...
<123.123.123.121> (255, b'', b"Warning: Permanently added '123.123.123.121' (ED25519) to the list of known hosts.\r\nroot#123.123.123.121: Permission denied (publickey).\r\n")
<123.123.123.121> (255, b'', b'root#123.123.123.121: Permission denied (publickey).\r\n')

I have solved this problem. This is what has helped me:
First of all, I have changed the extension of SSH key file from .key to .pem.
To ansible.cfg I have added next line:
[defaults]
host_key_checking = false
inventory = ./inventory.txt
inventory = ./inventory.txt
private_key_file = ./openvpn_do_ssh.pem
The last thing I have done, is adding read-only file_permission for SSH key.
resource "local_file" "ssh_keys" {
content = module.openvpn_do_infrastructure_module.ssh_keys
filename = "${path.module}/ansible/openvpn_do_ssh.pem"
content = module.openvpn_do_infrastructure_module.ssh_keys
filename = "${path.module}/ansible/openvpn_do_ssh.pem"
file_permission = "0400"
}
Hope it can help someone...

ssh hanged in crontab

I want to use openssh client to automatically execute some commands remotely. So I modified the function channel_handle_wfd(struct ssh *ssh, Channel *c) in channels.c like the following:
if(0 == strncmp(buf + dlen - 2, "$ ", 2))
{
switch(step++)
{
case 0:
sshbuf_put(c->input, "stty -echo\r\n", 12);
break;
case 1:
sshbuf_put(c->input, "sz foo\r\n", 8);
break;
case 2:
do_zmodem();
break;
case 3:
sshbuf_put(c->input, "\004", 1);
break;
default:
break;
}
}
the program runs successfully in console:
Last login: Tue Mar 1 2:30:01 2022 from 1.2.3.4
~$ stty -echo
~$ ~$ OO ~$ logout
Connection to 1.2.3.5 closed
but hanged in crontab:
Last login: Tue Mar 1 2:32:01 2022 from 1.2.3.4
~$ stty

Codeception Acceptance Testing issue using session snapshot

Update 10 Jun, 2021
So when removing the populator from codeception.yml the session problem goes away.
BUT: In the dump.sql is nothing having influence on users or sessions or cookies. There are only a few tables with demo data, and they are needed!
The relevant part in the file is this:
codeception.yml
...
modules:
enabled: [Db]
config:
Db:
dsn: "mysql:host=%HOST%;dbname=%DBNAME%"
user: "root"
password: "root"
populate: true
cleanup: true
# populator: "mysql -u$user -p$password $dbname < tests/codeception/_data/dump.sql"
...
Original Post
I think i read almost all similar reccources considering this issue, but nothing helped so far.
I am moving our Codeception tests on Github Actions. The whole build process is running but the acceptance tests not, because the session snapshot can't be restored.
The same Workflow works on a local server where i use selenium webdriver. I tried to run selenium in Actions (commented in build.yml) but that made some port problems.
What i'm doing in this short example is installing Joomla (works) and after that creating a Content category.
The second step (creating a Content category) tries to pick up the created session from the first step.
It's very simple and no problem locally, but on Actions the created session cannot be read.
The relevant report part:
InstallCest: Install joomla
Signature: InstallCest:installJoomla
Test: tests/codeception/acceptance/install/InstallCest.php:installJoomla
... works
InstallCest: createCategory
Signature: InstallCest:createcategory
Test: tests/codeception/acceptance/install/InstallCest.php:createcategory
Scenario --
[Db] Executing Populator: `mysql -uroot -proot test < tests/codeception/_data/dump.sql`
[Db] Populator Finished.
I create category "test 123"
Category creation in /administrator/
I open Joomla Administrator Login Page
[GET] http://127.0.0.1:8000/administrator/index.php
[Cookies] [{"name":"9d4bb4a09f511681369671a08beff228","value":"fail5495jbd01q6dc2nm06i7gf","path":"/","domain":"127.0.0.1","expiry":1623346855,"secure":false,"httpOnly":false},{"name":"8b5558aac8008f05fd8f8e59a3244887","value":"irhlqlj8jabat2n5746ba0sb5r","path":"/","domain":"127.0.0.1","expiry":1623346855,"secure":false,"httpOnly":false}]
[Snapshot] Restored "admin" session snapshot
[GET] http://127.0.0.1:8000/administrator/index.php?option=com_categories
Screenshot and page source were saved into '/home/runner/work/project_b/project_b/tests/codeception/_output/' dir
ERROR
The report:
session not created: No matching capabilities found
The HTML Snapshot:
Warning: session_start(): Failed to read session data: user (path: /var/lib/php/sessions) in /home/runner/work/project_b/project_b/joomla/libraries/joomla/session/handler/native.php on line 260
Error: Failed to start application: Failed to start the session
The php.log part
[Wed Jun 9 18:24:13 2021] 127.0.0.1:41972 Accepted
[Wed Jun 9 18:24:13 2021] 127.0.0.1:41972 [200]: GET /media/jui/fonts/IcoMoon.woff
[Wed Jun 9 18:24:13 2021] 127.0.0.1:41972 Closing
[Wed Jun 9 18:24:16 2021] 127.0.0.1:41982 Accepted
[Wed Jun 9 18:24:16 2021] PHP Warning: session_start(): Failed to read session data: user (path: /var/lib/php/sessions) in /home/runner/work/project_b/project_b/joomla/libraries/joomla/session/handler/native.php on line 260
[Wed Jun 9 18:24:16 2021] 127.0.0.1:41982 [500]: GET /administrator/index.php
[Wed Jun 9 18:24:16 2021] 127.0.0.1:41982 Closing
[Wed Jun 9 18:24:16 2021] 127.0.0.1:41986 Accepted
[Wed Jun 9 18:24:16 2021] PHP Warning: session_start(): Failed to read session data: user (path: /var/lib/php/sessions) in /home/runner/work/project_b/project_b/joomla/libraries/joomla/session/handler/native.php on line 260
[Wed Jun 9 18:24:16 2021] 127.0.0.1:41986 [500]: GET /administrator/index.php?option=com_categories
[Wed Jun 9 18:24:16 2021] 127.0.0.1:41986 Closing
I tried change the session.save_path without effect.
Posting relevant pieces:
composer.json
{
"name": "company/tests",
"description": "Company Product",
"license": "GPL-2.0+",
"require": {},
"require-dev": {
"codeception/codeception": "^4",
"fzaninotto/faker": "^1.6",
"behat/gherkin": "^4.4.1",
"phing/phing": "2.*",
"codeception/module-asserts": "^1.3",
"codeception/module-webdriver": "^1.2",
"codeception/module-filesystem": "^1.0",
"codeception/module-db": "^1.1"
}
}
build.yml
name: Codeception Tests
on: [push]
jobs:
tests:
runs-on: ${{ matrix.operating-system }}
strategy:
fail-fast: false
matrix:
operating-system: [ubuntu-latest]
php: ["7.4"]
name: PHP ${{ matrix.php }} Test on ${{ matrix.operating-system }}
env:
php-ini-values: post_max_size=32M
DB_DATABASE: test
DB_NAME: test
DB_ADAPTER: mysql
DB_USERNAME: root
DB_PASSWORD: root
DB_HOST: 127.0.0.1
DB_PORT: 3306
APP_URL: http://127.0.0.1:8000
steps:
- name: Checkout
uses: actions/checkout#v2
- name: Checkout Joomla 3
uses: actions/checkout#v2
with:
repository: joomla/joomla-cms
ref: "3.9.27"
path: joomla
- name: Setup PHP
uses: shivammathur/setup-php#v2
with:
php-version: ${{ matrix.php }}
# ini-values: session.save_path=/tmp
extensions: mbstring, intl, zip, json
tools: composer:v2
- name: Start MySQL
run: |
sudo /etc/init.d/mysql start
mysql -e 'CREATE DATABASE test;' -uroot -proot
mysql -e 'SHOW DATABASES;' -uroot -proot
# Composer stuff ...
- name: Run chromedriver
run: nohup $CHROMEWEBDRIVER/chromedriver --url-base=/wd/hub /dev/null 2>&1 &
# - name: Start ChromeDriver (was a try)
# run: |
# google-chrome --version
# xvfb-run --server-args="-screen 0, 1280x720x24" --auto-servernum \
# chromedriver --port=4444 --url-base=/wd/hub &> chromedriver.log &
- name: Run PHP webserver
run: |
php -S 127.0.0.1:8000 -t joomla/ &> php.log.txt &
sleep 1;
- name: Install Tests
run: |
php vendor/bin/codecept run "tests/codeception/acceptance/install/InstallCest.php" -vv --html
env:
DB_PORT: ${{ job.services.mysql.ports[3306] }}
- name: Upload Codeception output
if: ${{ always() }}
uses: actions/upload-artifact#v2
with:
name: codeception-results
# path: Tests/Acceptance/_output/
path: tests/codeception/_output/
- name: Upload PHP log
if: ${{ failure() }}
uses: actions/upload-artifact#v2
with:
name: php-log
path: php.log.txt
Acceptance Suite
class_name: AcceptanceTester
modules:
enabled:
- Asserts
- JoomlaBrowser
- Helper\Acceptance
- DbHelper
- Filesystem
config:
JoomlaBrowser:
url: "http://127.0.0.1:8000/"
browser: "chrome"
restart: true
clear_cookies: true
# window_size: 1280x1024
window_size: false
port: 9515
capabilities:
unexpectedAlertBehaviour: "accept"
chromeOptions:
args: ["--headless", "--disable-gpu"] # Run Chrome in headless mode
# prefs:
# download.default_directory: "..."
username: "admin" # UserName for the Administrator
password: "admin" # Password for the Administrator
database host: "127.0.0.1:3306" # place where the Application is Hosted #server Address
database user: "root" # MySQL Server user ID, usually root
database password: "root" # MySQL Server password, usually empty or root
database name: "test" # DB Name, at the Server
database type: "mysqli" # type in lowercase one of the options: MySQL\MySQLi\PDO
database prefix: "jos_" # DB Prefix for tables
install sample data: "no" # Do you want to Download the Sample Data Along with Joomla Installation, then keep it Yes
sample data: "Default English (GB) Sample Data" # Default Sample Data
admin email: "admin#mydomain.com" # email Id of the Admin
language: "English (United Kingdom)" # Language in which you want the Application to be Installed
Helper\Acceptance:
url: "http://127.0.0.1:8000/" # the url that points to the joomla installation at /tests/system/joomla-cms - we need it twice here
MicrosoftEdgeInsiders: false # set this to true, if you are on Windows Insiders
error_level: "E_ALL & ~E_STRICT & ~E_DEPRECATED"
InstallCest.php
<?php
/**
* Install Joomla and create Category
*
* #since 3.7.3
*/
class InstallCest
{
/**
* Install Joomla, disable statistics and enable Error Reporting
*
* #param AcceptanceTester $I The AcceptanceTester Object
*
* #since 3.7.3
*
* #return void
*
*/
public function installJoomla(\AcceptanceTester $I)
{
$I->am('Administrator');
$I->installJoomlaRemovingInstallationFolder();
$I->doAdministratorLogin();
$I->disableStatistics();
$I->setErrorReportingToDevelopment();
}
/**
* Just create Category
*
* #param AcceptanceTester $I The AcceptanceTester Object
*
* #since 3.7.3
*
* #return void
*
*/
public function createCategory(\AcceptanceTester $I)
{
$I->createCategory('test 123');
}
}

RabbitMQ messages are not consummed

I would like to use RabbitMQ to send messages from a webapp backend to a second module. On my laptop, it works, but when I deploy the application on a VPS, even in dev mode, it doesn't work anymore... Could you please help me solve this out?
Current status :
If I check the queues on the VPS where both modules are installed, then, it looks ok (messages are added in the queue)
$ rabbitmqctl list_queues
Timeout: 60.0 seconds ...
Listing queues for vhost / ...
MyMessages 2
When I launch the second module, I get following log :
Waiting for a request on queue : MyMessages, hosted at localhost
Comming from the following java code :
public static void main(String[] args) throws IOException, TimeoutException {
RabbitMQConsumer rabbitMQConsumer = new RabbitMQConsumer();
rabbitMQConsumer.waitForRequests();
System.out.println("Waiting for a request on queue : " + AppConfig.QUEUE_NAME + ", hosted at " + AppConfig.QUEUE_HOST);
}
public RabbitMQConsumer() throws IOException, TimeoutException {
mapper = new ObjectMapper();
ConnectionFactory connectionFactory = new ConnectionFactory();
connectionFactory.setHost(AppConfig.QUEUE_HOST);
Connection connection = connectionFactory.newConnection();
channel = connection.createChannel();
}
public void waitForRequests() throws IOException {
DefaultConsumer consumer = new DefaultConsumer(channel) {
#Override
public void handleDelivery(String consumerTag, Envelope envelope, AMQP.BasicProperties properties, byte[] body) throws IOException {
try {
System.out.println("Message received ! ");
channel.basicAck(envelope.getDeliveryTag(), false);
} catch (Exception e) {
e.printStackTrace();
}
}
};
channel.queueDeclare(AppConfig.QUEUE_NAME, true, false, false, null);
channel.basicConsume(AppConfig.QUEUE_NAME, consumer);
}
I think both modules are looking at the same queue, there are messages in the quue, so... to me, it looks like messages are not consummed... I've looked at the status of rabbitMQ, but I do not know how to use it :
$ invoke-rc.d rabbitmq-server status
● rabbitmq-server.service - RabbitMQ broker
Loaded: loaded (/lib/systemd/system/rabbitmq-server.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2018-04-07 18:24:59 CEST; 1h 38min ago
Process: 17103 ExecStop=/usr/lib/rabbitmq/bin/rabbitmqctl shutdown (code=exited, status=0/SUCCESS)
Main PID: 17232 (beam.smp)
Status: "Initialized"
Tasks: 84 (limit: 4915)
CGroup: /system.slice/rabbitmq-server.service
├─17232 /usr/lib/erlang/erts-9.3/bin/beam.smp -W w -A 64 -P 1048576 -t 5000000 -stbt db -zdbbl 1280000 -K true -- -root /usr/lib/erlang -progname erl -- -home /var/lib/rabbitmq -- -pa /usr/lib/r
abbitmq/lib/rabbitmq_server-3.7.4/ebin -noshell -noinput -s rabbit boot -sname rabbit#vps5322 -boot start_sasl -kernel inet_default_connect_options [{nodelay,true}] -sasl errlog_type error -sasl sasl_err
or_logger false -rabbit lager_log_root "/var/log/rabbitmq" -rabbit lager_default_file "/var/log/rabbitmq/rabbit#vps5322.log" -rabbit lager_upgrade_file "/var/log/rabbitmq/rabbit#vps5322_upgrade.log" -r
abbit enabled_plugins_file "/etc/rabbitmq/enabled_plugins" -rabbit plugins_dir "/usr/lib/rabbitmq/plugins:/usr/lib/rabbitmq/lib/rabbitmq_server-3.7.4/plugins" -rabbit plugins_expand_dir "/var/lib/rabbitmq/
mnesia/rabbit#vps5322-plugins-expand" -os_mon start_cpu_sup false -os_mon start_disksup false -os_mon start_memsup false -mnesia dir "/var/lib/rabbitmq/mnesia/rabbit#vps5322" -kernel inet_dist_listen_m
in 25672 -kernel inet_dist_listen_max 25672
├─17319 /usr/lib/erlang/erts-9.3/bin/epmd -daemon
├─17453 erl_child_setup 1024
├─17475 inet_gethost 4
└─17476 inet_gethost 4
Apr 07 18:24:57 vps5322 rabbitmq-server[17232]: ## ##
Apr 07 18:24:57 vps5322 rabbitmq-server[17232]: ## ## RabbitMQ 3.7.4. Copyright (C) 2007-2018 Pivotal Software, Inc.
Apr 07 18:24:57 vps5322 rabbitmq-server[17232]: ########## Licensed under the MPL. See http://www.rabbitmq.com/
Apr 07 18:24:57 vps5322 rabbitmq-server[17232]: ###### ##
Apr 07 18:24:57 vps5322 rabbitmq-server[17232]: ########## Logs: /var/log/rabbitmq/rabbit#vps5322.log
Apr 07 18:24:57 vps5322 rabbitmq-server[17232]: /var/log/rabbitmq/rabbit#vps5322_upgrade.log
Apr 07 18:24:57 vps5322 rabbitmq-server[17232]: Starting broker...
Apr 07 18:24:59 vps5322 rabbitmq-server[17232]: systemd unit for activation check: "rabbitmq-server.service"
Apr 07 18:24:59 vps5322 systemd[1]: Started RabbitMQ broker.
Apr 07 18:24:59 vps5322 rabbitmq-server[17232]: completed with 0 plugins.
Finally, note that the webapp application is a PlayFramework app, with these dependencies :
libraryDependencies ++= Seq(
guice,
"com.rabbitmq" % "amqp-client" % "5.2.0"
)
Whereas the second module is a pure java code, based on maven, with the following pom :
<dependency>
<groupId>com.rabbitmq</groupId>
<artifactId>amqp-client</artifactId>
<version>5.2.0</version>
</dependency>
Any idea of the problem?
Thank you very much !!

Finally I've found the problem. This configuration is actually working, but I could not see it because of a crash in my own app that was not logged because of an error in my log4J configuration.
Just in case, the error I had was that a local library included in my pom with a relative path (${project.basedir}) was found by my IDE but not anymore once deployed on a VPS. To solve this, I've just moved this (hopefully) very small library directly into my project. After solving this issue, I had to reset rabbitMQ and then it was all fine :
rabbitmqctl stop_app
rabbitmqctl reset
rabbitmqctl start_app
Thank you very much,
Regards,

In custom AMI sshd is not getting started

I created my own AMI & when I start my instance sshd is not getting started. What might be the problem?
Please find below the system log snippet
init: rcS main process (199) terminated with status 1
Entering non-interactive startup
NET: Registered protocol family 10
lo: Disabled Privacy Extensions
Bringing up loopback interface: OK
Bringing up interface eth0:
Determining IP information for eth0...type=1400 audit(1337940238.646:4): avc: denied { getattr } for pid=637 comm="dhclient-script" path="/etc/sysconfig/network" dev=xvde1 ino=136359 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file
martian source 255.255.255.255 from 169.254.1.0, on dev eth0
ll header: ff:ff:ff:ff:ff:ff:fe:ff:ff:ff:ff:ff:08:00
type=1400 audit(1337940239.023:5): avc: denied { getattr } for pid=647 comm="dhclient-script" path="/etc/sysconfig/network" dev=xvde1 ino=136359 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file
type=1400 audit(1337940239.515:6): avc: denied { getattr } for pid=674 comm="dhclient-script" path="/etc/sysconfig/network" dev=xvde1 ino=136359 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file
type=1400 audit(1337940239.560:7): avc: denied { getattr } for pid=690 comm="dhclient-script" path="/etc/sysconfig/network" dev=xvde1 ino=136359 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file
done.
OK
Starting auditd: OK
Starting system logger: OK
Starting system message bus: OK
Retrigger failed udev events OK
Starting sshd: FAILED

The problem was due to selinux. Once I disabled selinux during boot up by providing selinux=0 as argument in GRUB for kernel field, the machine booted with sshd service started and I'm able to connect to it.