Because of limitations, we're forced to use Windows to host and manage our Zookeeper/SolrCloud cluster.
We're using 3 Windows Server 2016 servers, in Microsoft Azure, with an Azure Load Balancer in front of it.
I was able to install and configure everything, but Zookeeper isn't communicating in SSL with SolrCloud, so none of our API calls are working when creating things like new collections, etc.
I've followed the Zookeeper documentation (https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide), but all of it is for Linux systems. I've adapted it to the best of my knowledge, but it's just not working.
Here's what I did:
Added the following to zkCli.cmd : set CLIENT_JVMFLAGS="-Dzookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty -Dzookeeper.client.secure=true -Dzookeeper.ssl.keyStore.location=C:/solr-7.2.1/server/etc/wildcard_sidlee_cloud.pfx -Dzookeeper.ssl.keyStore.password=somepassword -Dzookeeper.ssl.trustStore.location=C:/solr-7.2.1/server/etc/wildcard_sidlee_cloud.pfx -Dzookeeper.ssl.trustStore.password=somepassword"
Added %CLIENT_JVMFLAGS% to the Java call in zkCli.cmd
Added the following to zkServer.cmd: set SERVER_JVMFLAGS="-Dzookeeper.serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory -Dzookeeper.ssl.keyStore.location=C:/solr-7.2.1/server/etc/wildcard_sidlee_cloud.pfx -Dzookeeper.ssl.keyStore.password=somepassword -Dzookeeper.ssl.trustStore.location=C:/solr-7.2.1/server/etc/wildcard_sidlee_cloud.pfx -Dzookeeper.ssl.trustStore.password=somepassword"
Added %SERVER_JVMFLAGS% to the Java call in zkServer.cmd
Modified clientPort=2181 in zoo.cfg to secureClientPort=2181
Zookeeper service "starts" but there's actually nothing happening. If I start zkServer.cmd manually, it fails with the error:
java.lang.NumberFormatException: For input string: "-Dzookeeper.serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory -Dzookeeper.ssl.keyStore.location=C:/solr-7.2.1/server/etc/wildcard_sidlee_cloud.pfx -Dzookeeper.ssl.keyStore.password=somepassword -Dzookeeper.ssl.trustStore.location=C:/solr-7.2.1/server/etc/wildcard_sidlee_cloud.pfx -Dzookeeper.ssl.trustStore.password=somepassword"
at java.lang.NumberFormatException.forInputString(Unknown Source)
at java.lang.Integer.parseInt(Unknown Source)
at java.lang.Integer.parseInt(Unknown Source)
at org.apache.zookeeper.server.ServerConfig.parse(ServerConfig.java:63)
at org.apache.zookeeper.server.ZooKeeperServerMain.initializeAndRun(ZooKeeperServerMain.java:103)
at org.apache.zookeeper.server.ZooKeeperServerMain.main(ZooKeeperServerMain.java:64)
at org.apache.zookeeper.server.quorum.QuorumPeerMain.initializeAndRun(QuorumPeerMain.java:128)
at org.apache.zookeeper.server.quorum.QuorumPeerMain.main(QuorumPeerMain.java:82)
I'm really at a loss here, and don't know where to go from here!
Thanks in advance for the help!!
Iv'e encountered the same error and figured it out:
When you added: %SERVER_JVMFLAGS% to the Java call in zkServer.cmd, you must of added it to the end of the line. Try Adding it next to all the arguments. before the " %* " at the end of the line.
That worked for me.
call %JAVA% "-Dzookeeper.log.dir=%ZOO_LOG_DIR%" "-Dzookeeper.root.logger=%ZOO_LOG4J_PROP%" "%SERVER_JVMFLAGS%" "-Dzookeeper.log.file=%ZOO_LOG_FILE%" "-XX:+HeapDumpOnOutOfMemoryError" "-XX:OnOutOfMemoryError=cmd /c taskkill /pid %%%%p /t /f" -cp "%CLASSPATH%" %ZOOMAIN% "%ZOOCFG%" %*
Related
I'm new in ejbca and i have to install it on a virtual machine for job
Ubuntu 20.04
ejbca_7_4_3_2
wildfly-18.0.0.Final
mariadb-server version: 10.3.32-MariaDB-0ubuntu0.20.04.1 Ubuntu 20.04
openjdk version "1.8.0_312"
Apache Ant(TM) version 1.10.7 compiled on October 24 2019
After a few try's(and a lot of virtual machines cloned and deleted), i finally get the "build successfully" message with the commands ant runinstall and ant deploy-keystore
But when i try to use the URL https://localhost:8443/ejbca/ (the certificate SuperAdmin.p12 is installed) my browser(firefox 96.0 64bits) give the message
An error occurred during a connection to localhost:8443. Cannot communicate securely with peer: no common encryption algorithm(s).
Error code: SSL_ERROR_NO_CYPHER_OVERLAP
i have this errors on my log file, the first one related with ant -q clean deployear
and the last, appear every time i try to access via URL https://localhost:8443/ejbca/
ERROR [org.jboss.as.jsf] (MSC service thread 1-1) WFLYJSF0002: Could not load JSF managed bean class: org.ejbca.ui.web.admin.peerconnector.PeerConnectorMBean
ERROR [io.undertow.request] (default I/O-2) Closing SSLConduit after exception on handshake: javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
at sun.security.ssl.Alert.createSSLException(Alert.java:117)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:311)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:267)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:258)
at sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipherSuite(ServerHello.java:461)
at sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(ServerHello.java:296)
at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:421)
at sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1020)
at sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:727)
at sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:693)
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:981)
at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:968)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:915)
at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1072)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.lang.Thread.run(Thread.java:748)
ERROR [io.undertow.request] (default I/O-2) Closing SSLConduit after exception
Sounds like a TLS configuration issue. You will find the TLS configuration you did when configuring WildFly in the commands you ran like:
/opt/wildfly/bin/jboss-cli.sh --connect '/subsystem=elytron/server-ssl-context=httpspriv:add(key-manager=httpsKM,protocols=["TLSv1.2"],use-cipher-suites-order=false,cipher-suite-filter="TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",trust-manager=httpsTM,need-client-auth=true)'
The result is somewhere in standalone.xml in WildFly, and you can modify it directly in WildFly. For example if you have EC keys in the server certificate while using the above RSA algorithm selection.
In server.log you should also see when WildFly starts up if there are any error in parsing the values, or keystores.
Make sure that you server and client certificates have keys and algorithms that match the TLS algorithm settings, otherwise WildFly will remove those algortihms.
sorry for the delay.
to update to the question:
weblogic version is 12c. our installs are a bit different as we do not manually create a domain. we used a piece of software called maintenix that gets installed on top of the weblogic base install and it creates a domain the app runs under admin server
thank you
Hi everybody I am trying to decrypt the login and password for my WebLogic console
So I researched and seems this should work but i get the error below:
here are more details:
[webmstr#Ready4Use Oracle_Home]$ cd oracle_common/common/bin/
[webmstr#Ready4Use bin]$ ./wlst.sh
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
wls:/offline> domain = "/webapps/maint/maint35_install/domain/"
wls:/offline> service = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain)
wls:/offline> encryption = weblogic.security.internal.encryption.ClearOrEncryptedService(service)
wls:/offline> print encryption.decrypt("{AES}WDhZb5/IP95P4eM8jwYITiZs01kawSeliV59aFog1jE=")
Traceback (innermost last):
File "<console>", line 1, in ?
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:144)
at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:192)
at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:99)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
weblogic.security.internal.encryption.EncryptionServiceException: weblogic.security.internal.encryption.EncryptionServiceException: com.rsa.jsafe.JSAFE_PaddingException: Invalid padding.
I am suspecting some env item is not set properly but for the life of me I cannot see it (I did run setDomainEnv.sh before hand.
I try to run a *.sh file in linux system ,this *.sh file is used to start a Java Application.this Application use gemfire as its distributed cache system. it seems that i can not build a new tcp connection of gemfire. is there anyone knows how to solve this problem?
here is the exception:
java.net.BindException: Address already in use
at sun.nio.ch.Net.bind0(Native Method)
at sun.nio.ch.Net.bind(Net.java:437)
at sun.nio.ch.Net.bind(Net.java:429)
at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:223)
at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74)
at com.gemstone.gemfire.internal.cache.tier.sockets.AcceptorImpl.<init>(AcceptorImpl.java:378)
at com.gemstone.gemfire.internal.cache.BridgeServerImpl.start(BridgeServerImpl.java:297)
at spark.cache.CacheServicePoint.enableServer(CacheServicePoint.java:197)
at orion.di.service.profile.ProfileService.initialize(ProfileService.java:108)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1544)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1485)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1417)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
Address already in use is that already your application instance is running/listening on the same port. If you are an ubuntu user
netstat -tulpn | grep YOURAPPNAME
This will give you the ProcessId which is running the instance in your system. Find the process Id number and kill the instance and start the application once again.
To kill
kill -9 PROCESSID
Are you starting two processes of your Java application on the same box? GemFire server by default opens up a port on 40404 to listen to client connections, so when you start more than two servers on the same box, the second one gets an Address already in use exception. Look the script used to start your application. You will need to provide a different port for each GemFire server you are trying to start. Using GemFireShell i.e. gfsh this could be done like so:
gfsh>start server --name=server1 --server-port=4045
Or, if there are no clients (i.e. peer-to-peer deployment of GemFire), you can disable listening to clients like so:
gfsh>start server --name=server1 --disable-default-server
I'm trying to put together a small utility that will let us pull managed server listen addresses and ports out of the managed servers in a domain.
WLST seemed like the right tool to use.
I've get a script that works something like this
admin_url = sys.argv[1]
cluster = sys.argv[2]
connect(url=admin_url)
servers = get_servers(cluster)
for server in servers.values():
address = server.getListenAddress()
port = str(server.getListenPort())
server_url = address + ":" + port
addresses.append(server_url)
print ','.join(addresses)
We're using weblogic keys to store the username and password, so no need to pass connect the username and password. It works fine, but...we need to use this in an ant script, and it looks like the only way to get info out of WLST and back into ant is via capturing the output.
The first problem I ran into is that WLST prints some garbage (a header) when you invoke it that you can't suppress. "Initializing WebLogic Scripting Tool (WLST) ...", etc.
So a little searching reveals there's no way to suppress that if you invoke WLST directly, but you can embed your script in a java class and the embedded interpreter won't output the header.
I wrapped my script in a class, compiled it and it runs no problem when I run it using java...
>java wlst.GetClusterAddress t3://myhost:7001 mycluster
mymanagedserver1:9999,mymananagedserver2:9999
So far so good.
Now I try to wrap that class in my ant script...
<java classname="wlst.GetClusterAddress" outputproperty="${addresses}" >
<arg line="${admin.url} ${cluster.name}"/>
<classpath refid="class.path"/>
</java>
Ant throws an exception when connecting to the admin server
[java] WLSTException: Error occured while performing connect : Error connecting to the server : weblogic.security.internal.encryption.EncryptionServiceException: weblogic.security.internal.encryption.EncryptionServiceException: [Security:090219]Error decrypting Secret Key java.lang.SecurityException: The provider self-integrity check failed.
[java] Use dumpStack() to view the full stacktrace
[java]
I've checked my classpath, and all seems to be the same between java and ant. I'm not sure where to look next. Why doesn't this work when using ant?
Try it when you set fork="true" in the java task:
<java classname="wlst.GetClusterAddress" outputproperty="${addresses}" fork="true">
...
I'm working on setting up and understaind WSO2 ESB and i was going through the samples and set up.
I was looking at this sample, but well, any i tried from the first four failed:
http://docs.wso2.org/wiki/display/ESB451/Sample+3%3A+Local+Registry+Entry+Definitions%2C+Reusable+Endpoints+and+Sequences
So, i start the ESB (Management Console is running fine), that works fine. I can build the SimpleStockQuoteService and i can start the sample AXIS2 server. I can open the wsdl from the browser, so that piece looks fine.
When i run the client code from command line
ant stockquote -Daddurl=http://localhost:9000/services/SimpleStockQuoteService -Dtrpurl=http://localhost:8280/
It gets to the axis2 server (i can see it in the logs: "Mon Mar 11 16:53:37 CET 2013 samples.services.SimpleStockQuoteService :: Generating quote for : IBM")), it gets to the ESB (i can see it in the log, too), but suddenly, when it is trying to forward (?) or pass (?) the message, the connection is suddenly dropped. This is what i see in the log:
[2013-03-11 16:53:37,701] INFO - LogMediator Text = Sending quote request, version = 0.1, direction = incoming
[2013-03-11 16:53:37,830] ERROR - SourceHandler I/O error: A l├®tezo kapcsolatot a t├ívoli ├íllom├ís k├®nyszer├¡tetten bez├írta
java.io.IOException: A l├®tezo kapcsolatot a t├ívoli ├íllom├ís k├®nyszer├¡tetten bez├írta
at sun.nio.ch.SocketDispatcher.read0(Native Method)
at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:25)
at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:233)
at sun.nio.ch.IOUtil.read(IOUtil.java:206)
at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:236)
at org.apache.http.impl.nio.reactor.SessionInputBufferImpl.fill(SessionInputBufferImpl.java:93)
at org.apache.http.impl.nio.codecs.AbstractMessageParser.fillBuffer(AbstractMessageParser.java:113)
at org.apache.http.impl.nio.DefaultNHttpServerConnection.consumeInput(DefaultNHttpServerConnection.java:150)
at org.apache.http.impl.nio.DefaultServerIOEventDispatch.inputReady(DefaultServerIOEventDispatch.java:154)
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:158)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:340)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:318)
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:278)
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104)
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:542)
at java.lang.Thread.run(Thread.java:619)
"A l├®tezo kapcsolatot a t├ívoli ├íllom├ís k├®nyszer├¡tetten bez├írta
java.io.IOException: A l├®tezo kapcsolatot a t├ívoli ├íllom├ís k├®nyszer├¡tetten bez├írta" This piece is having bad encoding and is in hungarian, it means something like :"Connection was closed forcefully by remote host"
I don't really know what is going wrong... Any ideas?
I'm on Windows 7. I've downloaded the latest WSO2 ESB (wso2esb-4.6.0.zip)