I am trying to use rabbit as my transporter in spring-xd. Earlier, I installed redis and configured redis properties in servers.yml and it was working.
Now, I moved to rabbitmq, and installed rabbitmq and able to run the service rabbitmq-server.
I made the following changes in servers.yml
xd:
transport: rabbit
#RabbitMQ properties
spring:
rabbitmq:
host: FQHN
port: 5672
username: guest
password: guest
virtual_host: /
But, when I am starting xd-admin and container, still container taking redis as a transporter.
Redis properties are commented in servers.yml.
Please help me on this.
Thanks,
-Suyodha
I use rabbit transport all the time, with no problems.
First, I suggest you move to the recent 1.0.0.RELEASE. The rabbit host and port are now provided in the addresses property
spring:
rabbitmq:
addresses: FQHN:5672
...
How are you launching the container and admin? Do you have any XD_ environment variables set? Using the supplied scripts, the servers.yml settings will normally override the application.yml. It must be on the classpath. If you can't figure it out, post a DEBUG log of the container startup somewhere (too big for here) with DEBUG enabled for org.springframework.
Related
I've been wrestling with this for several days now. I have a swarm with 9 nodes, 3 managers. I'm planning on deploying multiple testing environments to this swarm using Docker-Compose for each environment. We have many rest services in each environment that I would like to manage access to them through a reverse proxy so that access to the services comes through a single port per environment. Ideally I would like it do behave something like this http://dockerNode:9001/ServiceA and http:/dockerNode:9001/ServiceB.
I have been trying traefic, docker proxy, HAProxy, (I haven't tried NGINX yet). All of these have ran into issues where I can't even get their examples to work, OR they require me to drop a file on each masternode, or setup cloud storage of some sort).
I would like to be able to have something just work by droping it into a docker-compose file, but I am also comfortable configuring all the mappings in the compose file (these are not dynamically changing environments where services come and go).
What is there a working example of this type of setup, or what should I be looking into?
If you want to access your service using the server IP and the service port, then you need to setup dnsrr endpoint mode to override the docker swarm's service mesh. Here is a yaml so you know how to do it.
version: "3.3"
services:
alpine:
image: alpine
ports:
- target: 9100
published: 9100
protocol: tcp
mode: host
deploy:
endpoint_mode: dnsrr
placement:
constraints:
- node.labels.host == node1
Note the configuration endpoint_mode: dnsrr and the way the port has been defined. Also note the placement contraint that will make the service only be able to be schedule in the with the label node1. Thus, now you can access your service using node1's IP address and port 9100. With respect to the URI serviceA just add it.
This spring guide on messaging with rabbitmq does not talk about the host port configurations. I followed the same and added these properties to application.properties to connect to rabbitmq broker installed on GCP
spring:
rabbitmq:
host: XXX.XXX.XXX.XX
port: 5672
username: user
password: bitnami
virtual-host: /
While running the app I am getting timeout exception while connecting to rabbitmq
2017-08-06 17:16:54.322 ERROR 7280 --- [ container-1] o.s.a.r.l.SimpleMessageListenerContainer : Failed to check/redeclare auto-delete queue(s).
org.springframework.amqp.AmqpConnectException: java.net.ConnectException: Connection timed out: connect
at org.springframework.amqp.rabbit.support.RabbitExceptionTranslator.convertRabbitAccessException(RabbitExceptionTranslator.java:62) ~[spring-rabbit-1.7.2.RELEASE.jar:na]
at org.springframework.amqp.rabbit.connection.AbstractConnectionFactory.createBareConnection(AbstractConnectionFactory.java:367) ~[spring-rabbit-1.7.2.RELEASE.jar:na]
at org.springframework.amqp.rabbit.connection.CachingConnectionFactory.createConnection(CachingConnectionFactory.java:565) ~[spring-rabbit-1.7.2.RELEASE.jar:na]
at org.springframework.amqp.rabbit.core.RabbitTemplate.doExecute(RabbitTemplate.java:1430) ~[spring-rabbit-1.7.2.RELEASE.jar:na]
at org.springframework.amqp.rabbit.core.RabbitTemplate.execute(RabbitTemplate.java:1411) ~[spring-rabbit-1.7.2.RELEASE.jar:na]
at org.springframework.amqp.rabbit.core.RabbitTemplate.execute(RabbitTemplate.java:1387) ~[spring-rabbit-1.7.2.RELEASE.jar:na]
at org.springframework.amqp.rabbit.core.RabbitAdmin.getQueueProperties(RabbitAdmin.java:336) ~[spring-rabbit-1.7.2.RELEASE.jar:na]
at org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer.redeclareElementsIfNecessary(SimpleMessageListenerContainer.java:1136) ~[spring-rabbit-1.7.2.RELEASE.jar:na]
at org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer$AsyncMessageProcessingConsumer.run(SimpleMessageListenerContainer.java:1387) [spring-rabbit-1.7.2.RELEASE.jar:na]
Tried the following but still same error:
Opened up tcp:5672 through GCP firewall configuration
Changed the rabbitmq config at /opt/bitnami/rabbitmq/etc/rabbitmq/rabbitmq.config to change the allowed ips from localhost (127.0.0.1) to 0.0.0.0
{
rabbit,
[{tcp_listeners, [{"0.0.0.0", 5672}, {"::", 5672}]},
{default_vhost, <<"/">>},
{default_user, <<"user">>},
{default_pass, <<"bitnami">>},
{default_permissions, [<<".*">>, <<".*">>, <<".*">>]}
}
What could be the problem here ?
Update
I have installed rabbitmq locally and everything works fine.
I doubt if the updates to config file is actually not getting reflected properly. This is how I did it.
updated the rabbitmq.config
rabbitmqctl stop_app
rabbitmqctl start_app
But still I see some difference under the 'Ports and contexts' section in the UI
localhost
gcp
Any pointers ? Or is it all looking fine and the problem is something different, like with GCP setup or something ?
After telnet-ing to the port and checking the port config through the GCP console I figured out that I did a mistake in setting the right tag name to the instance where I installed rabbitmq.
Please do verify that the 'target tag' mentioned in your firewall rule is indeed mapped to the vm instance where rabbitmq is installed
Otherwise the config mentioned in the question is enough to make it work from a remote client
I have attempted everything recommended by the following error message:
(error) DENIED Redis is running in protected mode because protected mode is enabled, no bind address was specified, no authentication password is requested to clients. In this mode connections are only accepted from the loopback interface. If you want to connect from external computers to Redis you may adopt one of the following solutions: 1) Just disable protected mode sending the command 'CONFIG SET protected-mode no' from the loopback interface by connecting to Redis from the same host the server is running, however MAKE SURE Redis is not publicly accessible from internet if you do so. Use CONFIG REWRITE to make this change permanent. 2) Alternatively you can just disable the protected mode by editing the Redis configuration file, and setting the protected mode option to 'no', and then restarting the server. 3) If you started the server manually just for testing, restart it with the '--protected-mode no' option. 4) Setup a bind address or an authentication password. NOTE: You only need to do one of the above things in order for the server to start accepting connections from the outside.
My /etc/redis/sentinel.conf:
daemonize yes
sentinel myid XXX
sentinel monitor master XXX 6379 2
sentinel down-after-milliseconds master 60000
sentinel config-epoch master 0
protected-mode no
bind 0.0.0.0
port 26379
EDIT: My /etc/redis/redis.conf:
port 6379
bind 0.0.0.0
protected-mode no
I've also tried adding sentinel auth-pass master XXX.
My entire backend is on private subnets. I'm VPN'd into my datacenter behind the firewall, coming from the same private network, and I can still only connect locally without getting that frustrating error message.
Server Environment: Debian 8, Redis 3.2.6
Client Environment: Ubuntu 16.10, redis-cli 3.2.1
Redis instances: 3
Sentinel instances: 3
I've done not just one, but 3/4 of the things suggested (didn't set the command-line flags). Does anyone have any guidance or ideas? I'm clearly missing something that I've been unable to figure out from the error message, documentation, Stackoverflow, Google, and trial & error. I figured I'd post a question here first, before diving into the source code.
Any help is appreciated. Thanks!
... and, yes, I've restarted the daemons after configuration changes. :)
https://www.reddit.com/r/redis/comments/3zv85m/new_security_feature_redis_protected_mode/
As you know we got several problems from unprotected Redis instances exposed to the internet. I covered the reason why a restrictive binding to 127.0.0.1 by default may be an usability concern and, even worse, may not fix the problem (hey just comment the "bind" statement and restart!) in my blog post.
The same blog post introduced an attack that was heavily used by script kiddies to break into Redis instances (serious security researchers where already able to do this, I guess).
So I finally decided to do something before Redis 3.2 official release: Protected mode is the result and will be merged into 3.2 RC2.
The feature is already available in the unstable branch, introduced by this commit. This is how it works.
If and only if:
Protected mode is enabled (this is the default both in the configuration file and in the configless default).
AND IF No AUTH password is configured.
AND IF No "bind" directive is used in order to restrict Redis to certain interfaces.
Then Redis only accepts connections from the loopback IPv4 and IPv6 addresses. External connections are accepted just for the time to send the client an error that makes the user aware of what is happening:
> PING
(error) DENIED Redis is running in protected mode because protected mode is enabled, no bind address was specified, no authentication password is requested to clients.
In this mode connections are only accepted from the lookback interface. If you want to connect from external computers to Redis you may adopt one of the following solutions:
Just disable protected mode sending the command 'CONFIG SET protected-mode no' from the loopback interface by connecting to Redis from the same host the server is running, however MAKE SURE Redis is not publicly accessible from internet if you do so. Use CONFIG REWRITE to make this change permanent.
Alternatively you can just disable the protected mode by editing the Redis configuration file, and setting the protected mode option to 'no', and then restarting the server.
If you started the server manually just for testing, restart it with the --protected-mode no option.
Setup a bind address or an authentication password. NOTE: You only need to do one of the above things in order for the server to start accepting connections from the outside.
This should protect errors in a reasonable way while providing users with a clue instead of a connection refused. Please share your feedbacks so that we can make changes to this feature if needed, before it will get merged into Redis 3.2 RC2. Thanks.
I have installed two broker of Mosquitto (1.4.2-3.2x86_64)and RabbitMQ (3.5.3-1) using newest version so far on CentOS 6 servers. With default configuration i can sub/pub messages for each broker separately, this mean that MQTT is running normally.
But when i bridge Mosquitto server to a RabbitMQ server, i face below problem right after i change mosquitto.conf file:
"Connecting bridge (Rabbit-IP)
Socket error on client client_name, disconnecting".
My bridge configuration in mosquitto.conf is:
connection test
address Rabbitmq-IP
topic # both 0 local/ remote/
Can you explain to me !
Thanks !
Try to use this option in your config file for the bridge
try_private false
This is an option that will tell the other broker that this is a bridge connection and defaults to true and if the RabbitMQ doesn't supports it, then it would not allow you to connect.
I have gone through lot of blogs etc but could not connect to my glassfish JMX remotely. I have below JVM settings -
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.local.only=false
-Dcom.sun.management.jmxremote.port=8686
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false
-Djava.rmi.server.hostname=myremoteip
I am trying to access via console by using below string
service:jmx:rmi://myremoteip:8686/jndi/rmi://myremoteip:8686/jmxrmi
Above setup doesn't work and i am not sure how can i resolve it. Any help will be appreciated.
In addtion to set JVM parameters listed above, in Glassfish Admin Console Configurations -> server-config -> Admin Service have to set:
Address: server's IP address
Security: not checked
Port: 8686
Realm name: admin-realm
If exists, delete JVM setting "-Dcom.sun.management.jmxremote.port=8686", this
causes "Cannot start JMX connector JmxConnector config..." like exception!
It seems that -Dcom.sun.management.jmxremote is not same as glassfish's own JMX server, but starts another JMX server in addition to servers existing one. I have not found any reasonable way to remotely connect to glassfish's own JMX yet.
If you change the -Dcom.sun.management.jmxremote.port to for example 8786 you should be able to connect to the non-glassfish JMX just fine.