I deployed a helm chart onto an isolated server and in the self-signed certificate HTTPS post it does to the kube-api it is failing w/ this error:
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to kubernetes.default.svc:443
Anyone seen it before? This is the “POST”:
echo "Creating a secret for the certificate and keys"
STATUS=$(curl -ik \
-o ${TMP_DIR}/output \
-w "%{http_code}" \
-X POST \
-H "Authorization: Bearer $TOKEN" \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"kind": "Secret",
"apiVersion": "v1",
"metadata": {
"name": "spark-webhook-certs",
"namespace": "'"$NAMESPACE"'"
},
"data": {
"ca-cert.pem": "'"$ca_cert"'",
"ca-key.pem": "'"$ca_key"'",
"server-cert.pem": "'"$server_cert"'",
"server-key.pem": "'"$server_key"'"
}
}' \
https://kubernetes.default.svc/api/v1/namespaces/${NAMESPACE}/secrets
The error is occuring due to a self signed certificate whose .sh is being invoked by a docker image command here: https://github.com/GoogleCloudPlatform/spark-on-k8s-operator/blob/master/hack/gencerts.sh
I know it's not getting to the end of this because it's failing to make the secret it's trying to post. Where do y'all think I should look to start troubleshooting? I've posted additional info here including screen shots: https://github.com/GoogleCloudPlatform/spark-on-k8s-operator/issues/926
I would try to update the contents of gencerts.sh to get some more context on the error:
Add the -v or --verbose option to the curl command.
Use strace to invoke the curl command
Both of those options will send more outputs to stderr so you should be able to inspect in your log and get a better idea of the failure mode. Fair warning: strace will generate a lot of output.
Another source of information would be the kube-apiserver logs. You'll need to enable collection of master logs by adjusting the configuration of your cluster. You should expect every API request to be logged by kube-apiserver.
The first question here is whether the request is received by the control plane at all. To troubleshoot this, I would get a shell on a container inside the cluster and try to recreate the curl request that gencerts.sh is making. There is some information on accessing the cluster API without kubectl in the kubernetes docs.
Related
I am trying to automate the setting and removal of downtimes on icinga hosts.
I am currently using the following command:
(note that I'm running this in an ansible playbook so {{item}} is the hostname and any other double brackets are filled in with ansible variables)
curl -k -s -u {{username}}:{{password}} -H 'Accept: application/json' -X POST "https://localhost:5665/v1/actions/schedule-downtime?filter=host.name==%22{{item}}%22&type=Host" -d "{ \"start_time\": \"{{now}}\", \"end_time\": \"{{end}}\", \"duration\": 1000, \"author\": \"{{username}}\", \"comment\": \"auto set downtime on {{item}}\" }"
This is able to put the host into a downtime. However, it doesn't put any services on that host into that downtime. This is as if I went into the web ui and put the host into a downtime without selecting the "all services" checkbox.
How can I change this command to put the host into a downtime, while also putting all services on that host into a downtime?
I would also be interested if there was an ansible task that could also preform this function.
The answer is to change the &type=Host bit at the end of the url to &type=Service to do service downtimes instead of host downtimes.
curl -k -s -u {{username}}:{{password}} -H 'Accept: application/json' -X POST "https://localhost:5665/v1/actions/schedule-downtime?filter=host.name==%22{{item}}%22&type=Service" -d "{ \"start_time\": \"{{now}}\", \"end_time\": \"{{end}}\", \"duration\": 1000, \"author\": \"{{username}}\", \"comment\": \"auto set downtime on {{item}}\" }"
I want to automate the addition and removal of VMs from the RHEL Subscription. I want to use a curl command if possible and keep it simple.
I tried executing curl commands on the api.access.redhat.com/management/v1/subscriptions endpoints but it is giving errors like "Authentication parameters missing".
Below is an example command I am using:
curl -X GET -s -k -u username:Password "https://api.access.redhat.com/management/v1/subscriptions" -H "accept: application/json"
Expected to see the list of Subscribed systems but getting the "Authentication parameters missing" message.
In order to get all the subscriptions you have, run the following command:
curl -H "Authorization: Bearer $access_token" "https://api.access.redhat.com/management/v1/subscriptions"
You can retrieve the access_token variable by running the following command:
curl https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token -d grant_type=refresh_token -d client_id=rhsm-api -d refresh_token=$offline_token
The offline_token, instead, has to be generated from the API Tokens Page.
Check this article for further details.
I do know rabbitmq_tracing, which is a plugin of RabbitMQ, can provides a GUI to capture traced messages and log them in text or JSON format files. But the plugin is performance costing, is there a way to log all messages without this plugin?
Or is there a eclectic way to log messages automatically without using the management plugin? Because configuring traces on the GUI is not tolerant for some customers.
Any response would be appreciated.
I can't find a good solution to log all messages without rabbitmq_management. But with this plugin turned on, add and delete rabbitmq trace via command line:
Add a new trace:
[windows:] curl -i -u guest:guest -H "content-type:application/json" -XPUT ^ http://localhost:15672/api/traces/%2f/my-trace ^ -d"{""format"":""json"",""pattern"":""#"",""max_payload_bytes"":1000}"
[linux:] curl -i -u guest:guest -H "content-type:application/json" -XPUT \ http://localhost:15672/api/traces/%2f/my-trace \ -d'{"format":"text","pattern":"#", "max_payload_bytes":1000}'
Delete a trace:
[windows:] curl -i -u guest:guest -H "content-type:application/json" -XDELETE ^ http://localhost:15672/api/traces/%2f/my-trace
[linux:] curl -i -u guest:guest -H "content-type:application/json" -XDELETE \ http://localhost:15672/api/traces/%2f/my-trace
I am new to openstack, trying to use Ceilometer python API to pull some data from a testbed server, I am accessing the server from a remote site
the problem is that I cannot figure out how get the an authorization token
I used the following command
curl -i 'http://HOST:8774/' -X POST -H "Content-Type: application/json" -H "Accept: application/json" -d/tokens auth": {"tenantName": "project", "passwordCredentials": {"username": "user", "password": "password"}}}'
But it does not give me anything,
curl -X GET -H "X-Auth-Token:$MY_TOKEN" http://HOST:8774/tokens
also does not give me any token
From your use of port 8774 I suspect you might be using DevStack. Try this
curl -s -X POST http://$OPENSTACK_KEYSTONE_HOST:5000/v2.0/tokens -d '{"auth": {"passwordCredentials": {"username":"my-username", "password":"my-password"}, "tenantName":"my-tenantName"}}
In DevStack Keystone (the auth service you get tokens from) is running on port 5000 by default. This may or may not be true in your case. Ask your friendly OpenStack operator what host (and port) Keystone is running on and put that in place of $OPENSTACK_KEYSTONE_HOST:5000
I am using mmc for deployment of mule based application. All deployed application through mmc goes to apps directory under mule server. If I put an application directly under mule-server/apps, launch the application, application runs successfully, but I am not able to view the deployment details in mmc. Where I need to make the changes in mule server to view the deployed application details in mmc?
I need to make a auto deployment through shell script. For this, I am creating a sample project, create zip file, copy this zip file under mule server apps direction. Finally, once mmc is launched, I need to see the deployed application in mmc for viewing flows, running application, flow analyzer etc.
EDIT
Based on answer given below to deploy a new application, I have given my url as:
curl --basic -u admin:admin -F file=#C:/apps/testserver-1.0.0-SNAPSHOT.zip -F name=test-app -F version=2.0 --header 'Content-Type: multipart/form-data' http://almule1.ux.corp.local:8585/mmc/api/repository
Response I received:
curl: (6) Could not resolve host: multipart {"versionId":"local$5015b8d6-b149-4245-a218-55c12aecc8e7","applicationId":"local$74616cb9-9ecb-4fd6-b167-bf153c8e59fb"}
I am using windows env to deploy in unix server.
MMC retrieves information from Mule ESB, so you shouldn't make any changes. Anyway I think that deploying an application outside MMC is not a good idea. For scripting purposes I would prefer to use MMC Deployments REST API. You can deploy an application by simply running:
Upload zipped application
This uploads your application to MMC.
curl --basic -u admin:admin -F file=#my-zipped-app.zip -F name=test-app -F version=2.0 --header 'Content-Type: multipart/form-data' http://localhost:8080/mmc/api/repository
List available servers
curl --basic -u admin:admin http://localhost:8080/mmc-console-3.4.0/api/servers
There you should get the server Id (let's suppose it is local$26f2fea8-3b7c-45a7-84a8-d1509e73fca4), then use it in this command:
Create deployment
Before starting your application you need to create a deployment telling MMC to which server, and the id of the uploaded application.
curl --basic -u admin:admin -d '{"name" : "ExampleDeployment" , "servers": [ "local$26f2fea8-3b7c-45a7-84a8-d1509e73fca4" ], "applications": [ "local$32bb47d3-d180-4bb9-8906-2378dad9ae21" ]}' --header 'Content-Type: application/json' http://localhost:8080/mmc/api/deployments
Perform deploy
Once you have a server and a deployment you can finally start the application.
curl --basic -u admin:admin -X POST 'http://localhost:8080/mmc/api/deployments/local$97e3c184-09ed-423e-a5a5-9b94713a9e36/deploy'
Here is the auto deployment on windows environment which deploys in Unix server.
Application Name: testserver-1.0.zip
step1: Upload
curl --basic -u admin:admin -F file=#C:/apps/testserver-1.0.zip -F name=auto-deploy-server -F version=1.0 --header "Content-Type: multipart/form-data" http://allmule1.ux.corp.local:8585/mmc/api/repository
Response:
{"versionId":"local$fd507b45-25c2-4cc9-afe9-9f020f685867","applicationId":"local$47bcf1f3-72bc-4c08-ba50-4fe33422199c"}
step2: Get server details:
curl --basic -u admin:admin http://allmule1.ux.corp.local:8585/mmc/api/servers
Response:
{"total":1,"data":[{"agents":[{......,"agentUrl":"https://localhost:7777/mmc-support","version":"3.4.2","name":"Mule-3.4.2","id":"local$5a6c4f81-7b35-425d-95bd-200224f60a2b"}]}
Note: Here server id is: local$5a6c4f81-7b35-425d-95bd-200224f60a2b
Get the VERSION ID (not application id) from step 1
step3: deployments
curl --basic -u admin:admin -d "{\"name\" : \"Auto-Deployment\" , \"servers\": [ \"local$5a6c4f81-7b35-425d-95bd-200224f60a2b\" ], \"applications\": [ \"local$fd507b45-25c2-4cc9-afe9-9f020f685867\" ]}" --header "Content-Type: application/json" http://allmule1.ux.corp.local:8585/mmc/api/deployments
Response:
{"applications":["local$fd...,"name":"Auto-Deployment","id":"local$9062bbe7-75ab-4658-b021-8314b1681511","lastModified":"Wed, 18 Jun 2014 12:27:30.610 PDT"}
Note here Deployment Id: local$9062bbe7-75ab-4658-b021-8314b1681511
Step4: Deploy
curl --basic -u admin:admin -X POST http://allmule1.ux.corp.local:8585/mmc/api/deployments/local$9062bbe7-75ab-4658-b021-8314b1681511/deploy
Response: The deployments were deployed
verify your server console, application might have deployed.
Redeploy
curl --basic -u admin:admin -X POST http://allmule1.ux.corp.local:8585/mmc/api/deployments/local$9062bbe7-75ab-4658-b021-8314b1681511/redeploy
Undeploy:
curl --basic -u admin:admin -X POST http://allmule1.ux.corp.local:8585/mmc/api/deployments/local$9062bbe7-75ab-4658-b021-8314b1681511/undeploy
Automated Deployment with Mule Management Console and Maven
https://dzone.com/articles/automated-deployment-mule?mz=38541-devops