I have a test using RabbitMq in Testcontainers. The test is working using HTTP
#Container private static final RabbitMQContainer RABBITMQ_CONTAINER =
new RabbitMQContainer()
.withLogConsumer(new Slf4jLogConsumer(LOG))
.withStartupTimeout(Duration.of(5, ChronoUnit.MINUTES))
.waitingFor(Wait.forHttp("/api/vhosts")
.forPort(15672)
.withBasicCredentials("guest", "guest"));
and fails when I switch to HTTPS
#Container private static final RabbitMQContainer RABBITMQ_CONTAINER =
new RabbitMQContainer()
.withLogConsumer(new Slf4jLogConsumer(LOG))
.withStartupTimeout(Duration.of(5, ChronoUnit.MINUTES))
.waitingFor(Wait.forHttp("/api/vhosts")
.usingTls()
.forPort(15671)
.withBasicCredentials("guest", "guest"))
.withSSL(forClasspathResource("/certs/server_key.pem", 0644),
forClasspathResource("/certs/server_certificate.pem", 0644),
forClasspathResource("/certs/ca_certificate.pem", 0644),
VERIFY_NONE,
false);
In logs I see that container can not start:
...
18:53:21.274 [main] INFO - /brave_swirles: Waiting for 60 seconds for URL: https://localhost:50062/api/vhosts (where port 50062 maps to container port 15671)
...
18:54:21.302 [main] ERROR - Could not start container
org.testcontainers.containers.ContainerLaunchException: Timed out waiting for URL to be accessible (https://localhost:50062/api/vhosts should return HTTP 200)
What do I miss? I'd want at least Testcontainers' waiting strategy works.
Using RabbitMQContainer with custom SSL certificates makes it hard to also use HttpWaitStrategy. In this case, you probably need to configure the whole JVM to trust those SSL certificates.
Alternatively, just continue to use the default wait strategy (which will be a LogMessageWaitStrategy).
For further examples, just look at the RabbitMQContainer tests in Testcontainers itself:
https://github.com/testcontainers/testcontainers-java/blob/c3f53b3a63e6b0bc800a7f0fbce91ce95a8986b3/modules/rabbitmq/src/test/java/org/testcontainers/containers/RabbitMQContainerTest.java#L237-L264
Related
I am trying to understand some example Kotlin code that connects to http://127.0.0.1 using sockets, and I have IIS enabled and running it on 127.0.0.1. However, when I run the code, I get:
"C:\Program Files\Microsoft\jdk-11.0.12.7-hotspot\bin\java.exe" -agentlib:jdwp=transport=dt_socket,address=127.0.0.1:52769,suspend=y,server=n -javaagent:C:/Users/ivlat/.gradle/caches/modules-2/files-2.1/org.jetbrains.kotlinx/kotlinx-coroutines-core-jvm/1.5.0/d8cebccdcddd029022aa8646a5a953ff88b13ac8/kotlinx-coroutines-core-jvm-1.5.0.jar -javaagent:C:\Users\ivlat\AppData\Local\JetBrains\IdeaIC2022.2\captureAgent\debugger-agent.jar=file:/C:/Users/ivlat/AppData/Local/Temp/capture.props -Dfile.encoding=UTF-8 -classpath "C:\Dev\KotlinProjects\7_08_Echo\client\build\classes\kotlin\main;C:\Users\ivlat\.gradle\caches\modules-2\files-2.1\org.jetbrains.kotlin\kotlin-stdlib-jdk8\1.5.21\6b3de2a43405a65502728047db37a98a0c7e72f0\kotlin-stdlib-jdk8-1.5.21.jar;C:\Users\ivlat\.gradle\caches\modules-2\files-2.1\ch.qos.logback\logback-classic\1.2.3\7c4f3c474fb2c041d8028740440937705ebb473a\logback-classic-1.2.3.jar;C:\Users\ivlat\.gradle\caches\modules-2\files-2.1\ch.qos.logback\logback-core\1.2.3\864344400c3d4d92dfeb0a305dc87d953677c03c\logback-core-1.2.3.jar;C:\Dev\KotlinProjects\7_08_Echo\shared\build\classes\kotlin\main;C:\Users\ivlat\.gradle\caches\modules-2\files-2.1\org.jetbrains.kotlinx\kotlinx-coroutines-core-jvm\1.5.0\d8cebccdcddd029022aa8646a5a953ff88b13ac8\kotlinx-coroutines-core-jvm-1.5.0.jar;C:\Users\ivlat\.gradle\caches\modules-2\files-2.1\org.jetbrains.kotlin\kotlin-stdlib-jdk7\1.5.21\f059658740a4b3a3461aba9681457615332bae1c\kotlin-stdlib-jdk7-1.5.21.jar;C:\Users\ivlat\.gradle\caches\modules-2\files-2.1\org.jetbrains.kotlin\kotlin-stdlib\1.5.21\2f537cad7e9eeb9da73738c8812e1e4cf9b62e4e\kotlin-stdlib-1.5.21.jar;C:\Users\ivlat\.gradle\caches\modules-2\files-2.1\org.slf4j\slf4j-api\1.7.25\da76ca59f6a57ee3102f8f9bd9cee742973efa8a\slf4j-api-1.7.25.jar;C:\Users\ivlat\.gradle\caches\modules-2\files-2.1\org.jetbrains.kotlin\kotlin-stdlib-common\1.5.21\cc8bf3586fd2ebcf234058b9440bb406e62dfacb\kotlin-stdlib-common-1.5.21.jar;C:\Users\ivlat\.gradle\caches\modules-2\files-2.1\org.jetbrains\annotations\13.0\919f0dfe192fb4e063e7dacadee7f8bb9a2672a9\annotations-13.0.jar;C:\Program Files\JetBrains\IntelliJ IDEA Community Edition 2022.2.3\lib\idea_rt.jar" com.knowledgespike.client.ApplicationKt
Connected to the target VM, address: '127.0.0.1:52769', transport: 'socket'
Exception in thread "main" java.io.IOException: The remote computer refused the network connection.
at java.base/sun.nio.ch.Iocp.translateErrorToIOException(Iocp.java:299)
at java.base/sun.nio.ch.Iocp$EventHandlerTask.run(Iocp.java:389)
at java.base/sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
Disconnected from the target VM, address: '127.0.0.1:52769', transport: 'socket'
Process finished with exit code 1
Apparently, my IIS isn't really set up for the port 9999, as I am getting the error below when I type localhost/127.0.0.1:9999
HTTP Error 404.0 - Not Found
The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
The connection string that the Kotlin code is also using is localhost/127.0.0.1:9999
How would I go about getting the IIS recognize this request/let it through? It really doesn't even have to be IIS. I just want to understand this sample code better, and any sort of sandbox/test web server that allows for this request would more than suffice at this point.
This is the Kotlin code that's throwing the exception when trying to connect:
fun main() = runBlocking {
val client: AsynchronousSocketChannel = AsynchronousSocketChannel.open()
val hostAddress = InetSocketAddress("localhost", PORT)
val tcpSocket = TcpSocket(client)
tcpSocket.connect(hostAddress)
val br = BufferedReader(InputStreamReader(System.`in`))
var line: String
println("Main name is: \t\t\t\t\t${Thread.currentThread().name}")
println("Message to server:")
while (br.readLine().also { line = it } != null) {
val result = async {
println("while:async name is: \t\t\t${Thread.currentThread().name}")
sendMessage(tcpSocket, line)
}
println("while: name is: \t\t\t\t${Thread.currentThread().name}")
if (line == "bye") {
println("End")
break
}
val response: String = result.await()
withContext(Dispatchers.Default) {
println("withContext[Default] name is: \t${Thread.currentThread().name}")
println("response from server: $response")
println("Message to server:")
}
}
}
A webserver listens on a particular port, the default is port 80 for HTTP. Unless you go out of your way to configure it, I expect that's where IIS will be listening
I would start by taking Kotlin out of the question and establish you have a webserver listening on a particular port. Just use a regular web browser to check. Beware the browsers handle comms fails in nice friendly ways, hiding the real issues. Better to use a more technical tool like
curl
Postman
If IIS is suspect, then what IDE are you using? If you are using IntelliJ
find yourself an HTML file,
open it up, then notice in the Top Right several however icons will show up
pick the IntelliJ one, this will start an internal web server and then a web browser will launch to connect to it
try this web server for your tests
I was able to circumvent the error by going to bindings for the default web site in the IIS Manager UI and then adding the port 9999. The Kotlin code connects fine now. I'm pretty sure there are better ways of solving this IRL, but I think it's good enough, as I am just learning Kotlin at this point.
We have defined Lettuce client connection factory to be able to connect to Redis defining custom socket and command timeout:
#Bean
LettuceConnectionFactory lettuceConnectionFactory() {
final SocketOptions socketOptions = SocketOptions.builder().connectTimeout(socketTimeout).build();
final ClientOptions clientOptions =
ClientOptions.builder().socketOptions(socketOptions).build();
LettuceClientConfiguration clientConfig = LettuceClientConfiguration.builder()
.commandTimeout(redisCommandTimeout)
.clientOptions(clientOptions).build();
RedisStandaloneConfiguration serverConfig = new RedisStandaloneConfiguration(redisHost,
redisPort);
final LettuceConnectionFactory lettuceConnectionFactory = new LettuceConnectionFactory(serverConfig,
clientConfig);
lettuceConnectionFactory.setValidateConnection(true);
return new LettuceConnectionFactory(serverConfig, clientConfig);
}
Lettuce documentation define default values:
Default socket timeout is 10 seconds
Default command timeout is 60 seconds
If Redis service is down application must receive timeout in 300ms. Which value must be defined as the greatest value?
Github example project:
https://github.com/cristianprofile/spring-data-redis-lettuce
In socket options you specify connect timeout. This is a maximum time allowed for Redis client (Lettuce) to try to establish a TCP/IP connection to a Redis Server. This value should be relatively small (e.g. up to 1 minute).
If client could not establish connection to a server within 1 minute I guess it's safe to say server is not available (server is down, address/port is wrong, network security like firewalls prohibit connection etc).
The command timeout is completely different. Once connection is established, client can send commands to the server. It expects server to respond to those command. The timeout configures for how long client will be waiting for a response to a command from the server.
I think this timeout can be set to a bigger value (e.g a few minutes) in case client command sends a lot of data to the server and it takes time to transfer and store so much data.
Where can I find information about Hikari properties that can be modified at runtime?
I tried to modify connectionTimeout. I can do it and it will be modified in the HikariDataSource without an exception (checked by setting and then getting the property) but it takes no effect.
If I initially do:
HikariConfig config = new HikariConfig();
config.setConnectionTimeout(12000);
HikariDataSource pool = new HikariDataSource(config);
and later on I do
config.setConnectionTimeout(5000);
Hikari tries to get a new connection for 12 seconds instead of 5 seconds.
Or is there a way to change the value with effect?
Are there other properties with the same behaviour?
You can do this through the MX bean, but you don't need to use JMX
public void updateTimeout(final long connectionTimeoutMs, final HikariDataSource ds) {
var poolBean = ds.getHikariPoolMXBean();
var configBean = ds.getHikariConfigMXBean();
poolBean.suspendPool(); // Block new connections being leased
configBean.setConnectionTimeout(connectionTimeoutMs);
poolBean.softEvictConnections(); // Close unused cnxns & mark open ones for disposal
poolBean.resumePool(); // Re-enable connections
}
Bear in mind you will need to enable pool suspension in your initial config
var config = new HikariConfig();
...
config.setAllowPoolSuspension(true);
You can't dynamically update the property values by resetting them on the config object - the config object is ultimately read once when instantiating the Hikari Pool (have a look at the source code in PoolBase.java to see how this works.
You can however do what you want and update the connection timeout value at runtime via JMX. How to do this is explained in the hikari documentation here
If your JVM has JMX enabled (I recommend for every prod), you could:
SSH-tunnel JMX port to your local machine
Connect to the VM in a JMX client like JConsole
Operate pool MBean as needed
Note: JMX port must never be public to the internet, be sure that firewall protects you.
SSH Tunnel command example:
ssh -i ${key_path} -N -L 9000:localhost:9000 -L 9001:localhost:9001 ${user}#${address}
This follows on from "How to access JMX interface in docker from outside?" which talks about setting up unencrypted JMX connections.
I could use either RMI or JMXMP which Glassfish uses.
There is a set of JVM options that are required and I'm looking for the changes I need to set up JMX with SSL:
com.sun.management.jmxremote=true
com.sun.management.jmxremote.local.only=false
com.sun.management.jmxremote.ssl=true
com.sun.management.jmxremote.authenticate=true
com.sun.management.jmxremote.port=12345
com.sun.management.jmxremote.rmi.port=12346
java.rmi.server.hostname=10.11.12.176
com.sun.management.jmxremote.access.file=/.secure/jmxremote.access
com.sun.management.jmxremote.password.file=/.secure/jmxremote.pass
com.sun.management.jmxremote.login.config=ldap-ad-config
java.net.preferIPv4Stack=true
com.sun.management.jmxremote.ssl.config.file=/.secure/jmxremotessl.properties
javax.net.ssl.keyStore=/config/app.jks
javax.net.ssl.keyStorePassword=teabag
javax.net.ssl.trustStore=/config/cacerts
javax.net.ssl.trustStorePassword=milk
The problem is the same:
java.rmi.ConnectException: Connection refused to host: 172.0.0.85; nested exception is
java.net.ConnectException: Operation timed out
That IP address is the internal IP address of the docker container. I assume that this is happening despite the java.rmi.server.hostname solution because it's on SSL.
I tried to reverse proxy the SSL to non-SSL with nginx but that failed with the error
java.rmi.ConnectIOException: non-JRMP server at remote endpoint
so I guess I should be forwarding extra headers in nginx.
I'm now attempting to set up JMXMP but the documentation on how to do it is pretty thin on the ground. There's a Spring implementation and a Glassfish implementation but not with findable docs (as yet) - so I'm adding the glassfish tag.
The answer is that I can set up my app to use JMXMP and configure it to implement TLS connections using these JVM options:
-Dcom.sun.management.jmxremote=true
-Dcom.sun.management.jmxremote.local.only=false
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.ssl=true
-Dcom.sun.management.jmxremote.access.file=C:/dev/.secure/jmxremote.access
-Dcom.sun.management.jmxremote.password.file=C:/dev/.secure/jmxremote.pass
-Dcom.sun.management.jmxremote.login.config=spnego-server
-Djava.net.preferIPv4Stack=true
-Dcom.sun.management.jmxremote.ssl.config.file=/.secure/jmxremotessl.properties
however I have to code up a configuration class to launch the JMXConnectorServer like so:
#Configuration
public class JmxServer {
public JmxServer(
#Value("${jmx.remote.hostname}") final String hostname,
#Value("${jmx.remote.port}") final String port) {
try {
Map<String, Object> env = new HashMap<>();
env.put("jmx.remote.profiles", "TLS SASL/PLAIN");
env.put(JMXConnector.CREDENTIALS,
new String[] {"myusername", "password"});
JMXConnectorServerFactory.newJMXConnectorServer(
new JMXServiceURL(
String.format("service:jmx:jmxmp://%s:%s",
hostname, port)),
env,
ManagementFactory.getPlatformMBeanServer()
).start();
} catch (IOException e) {
e.printStackTrace();
}
}
}
But this is only half of it. I am now wrangling with JConsole to get it to do JMXMP with TLS.
For that I'm following this fossil question from 2007 on the Oracle forums:
Can JConsole connect to a remote JMX agent using JMXMP and TLS?
but still struggling...
Please note that my question is not about testing ssl/tls secured http links and not about making Webdriver accept certain certificates.
My question is about how to make the embedded Jetty of selenium standalone server provide a secured https connection.
In the sourcecode of 3.4.0 I can see this section:
HttpConfiguration httpConfig = new HttpConfiguration();
httpConfig.setSecureScheme("https");
httpConfig.setSecurePort(config.port);
log.info("Will listen on " + config.port);
ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(httpConfig));
http.setPort(config.port);
server.addConnector(http);
From the logs I can see that this code is reached but the connection is not secured (how should it be, there isn't even a certificate involved):
10:57:00.023 INFO - Selenium build info: version: '3.4.0', revision: 'unknown'
10:57:00.024 INFO - Launching Selenium Grid hub
2017-05-09 10:57:01.707:INFO::main: Logging initialized #2044ms to org.seleniumhq.jetty9.util.log.StdErrLog
10:57:01.721 INFO - Will listen on 4444
2017-05-09 10:57:01.800:INFO:osjs.Server:main: jetty-9.4.3.v20170317
2017-05-09 10:57:01.851:INFO:osjs.session:main: DefaultSessionIdManager workerName=node0
Because of company security governance we are forced to provide all services secured. This means I need to secure at least the hub of selenium grid, nodes would be perfect too. I know that I could do some tunneling, proxying or ipsec but I want to avoid this complexity if possible.
I even tried if Jetty somehow "automagically" knows to respond accordingly if ssl is used but as expected this fails: