I have two WEB nodes/servers where two “OpenAM” instances run under “Apache Tomcat” Web Server.
I would like to apply the “Session Replication”, on these two nodes, using the OpenAM’s standard "ds replication" commands :
dsreplication.bat enable --host1 [host/server 1 FQDN] --port1 4444 --bindDN1 "cn=Directory Manager" --bindPassword1 Test123 --replicationPort1 58989 --host2 [host/server 1 FQDN] --port2 4444 --bindDN2 "cn=Directory Manager" --bindPassword2 Test123 --replicationPort2 58989 --adminUID replicationAdmin --adminPassword Test456 --baseDN "dc=XXX,dc=YYYY" -X -n
I don't have any kind of problem if the Web Servers have only one network adapter and therefore the FQDN/Server Name corresponds to one and only one "IP address"
Unfortunately I find myself in a situation in which the Web Servers have 2 network adapter and therefore 2 “IP Addresses” : “FE- Front End” and “BE – Back End” IP address
• “Web Server 1” sees/resolves its hostname with the “FE- Front End” IP address
• “Web Server 2” sees/resolves its hostname with the “FE- Front End” IP address
• “Web Server 1” sees/resolves the hostname of “Web Server 2” with the “BE – Back End” IP address
• “Web Server 2” sees/resolves the hostname of “Web Server 1” with the “BE – Back End” IP address
I think this “network configuration” (double “network adapter” and “IP Address” for each Web Server) creates some communication problems when I run the “ds replication” command to apply the "Session Replication" between Web Server 1 and Web Server 2
the "ENABLE" command of "dsreplication.bat" seems invoked correctly ... But I get an error during execution
dsreplication.bat enable --host1 [host/Web server 1 FQDN] --port1 4444 --bindDN1 "cn=Directory Manager" --bindPassword1 Test123 --replicationPort1 58989 --host2 [host/Web server 1 FQDN] --port2 4444 --bindDN2 "cn=Directory Manager" --bindPassword2 Test123 --replicationPort2 58989 --adminUID replicationAdmin --adminPassword Test456 --baseDN "dc=XXX,dc=YYY",dc=ZZZ" -X -n
Establishing connections ..... Done
Checking registration information ..... Done
Configuring Replication port on server WebServer1:4444... Done
Configuring Replication port on server WebServer2:4444 ..... Done
Updating replication configuration for baseDN dc=XXX,dc=YYY,dc=ZZZ on server WebServer1:4444.....Done
Updating replication configuration for baseDN dc=XXX,dc=YYY,dc=ZZZ on server WebServer2:4444.....Done
Updating registration configuration on server WebServer1:4444.....Done
Updating registration configuration on server WebServer2:4444.....Done
Updating replication configuration for baseDN cn=schema on server WebServer1:4444.....Done
Updating replication configuration for baseDN cn=schema on server WebServer2:4444.....Done
Initializing registration information on server WebServer2:4444with the contents of server WebServer1:4444..... ERROR during the initialization with contents from server WebServer1:4444.
Last log details: [07/mag/2021:10:27:01+0200] nseverity="NOTICE"msgCount=0 msgID=org.opends.messages.backend-413 message="Initialize From Replica task setup-initialize-1 started execution". Task state: STOPPED_BY_ERROR. Check the error logs of WebServer1:4444 for more information. ….\Temp\opendj-replication-4691783391363351360.log for detailed log of this
Unfortunately the log file "opendj-replication-4691783391363351360.log" is EMPTY! Into the LOG files of Apache Tomcat I do NOT find anything about it.
Is it necessary to specifically modify the "ENABLE" command of "dsreplication.bat" in order to manage two Network adapters n Web Server?
is there anyone who can help me with this issue?
If i understand correctly, you need to activate replication between two ldap, of course the command you used wont work, first because you are trying to use the same port twice on the same machine:
dsreplication.bat enable --host1 [host/server 1 FQDN] --port1 4444 --bindDN1 "cn=Directory Manager" --bindPassword1 Test123 --replicationPort1 58989 --host2 [host/server 1 FQDN] --port2 4444 --bindDN2 "cn=Directory Manager" --bindPassword2 Test123 --replicationPort2 58989 --adminUID replicationAdmin --adminPassword Test456 --baseDN "dc=XXX,dc=YYYY" -X -n
You dont have to use fqdn for your machines, you can use ipAdressess directly or even update you respective fqdns on both machine so that that have a secondary name used only for opendj purposes.
If ipAdresses is not an option (for example you run this on cloud), and you cant tweak the fqdn, then unfortunatly there is no way to use replicaiton.
Forgerock DS 7.1 apparently solves this problemes which was very common on cloud, i didnot test it yet. The opensource version wont have any updates to resolve this.
Related
I'm new to Amazon Web Service (AWS).
I already created a PostgreSQL from AWS RDS:
Endpoint: database-1.XXX.rds.amazonaws.com
Port: 5432
Public accessibility: Yes
Availablity zone: ap-northeast-1c
After that, I will push my application that using the database to AWS (maybe deploy to EKS).
However, I want to try testing the database server from my local computer first.
I haven't tried testing from my laptop PC at home yet, but I think it will connect OK because my laptop PC is not using the HTTP proxy to connect to the network.
The problem is that I want to try testing from my company PC, which needs setup the HTTP proxy to connect to the internet. The PC spec:
Windows 10
Installed PostgreSQL 10
Firstly, I tried using psql command-line:
psql -h database-1.XXXX.rds.amazonaws.com -U postgre
> Unknown host
set http_proxy=http://user:password#my_company_proxy:3128
set https_proxy=http://user:password#my_company_proxy:3128
psql -h database-1.XXXX.rds.amazonaws.com -U postgre
> Unknown host
set http_proxy=http://my_second_company_proxy:3128
set https_proxy=http://my_second_company_proxy:3128
psql -h database-1.XXXX.rds.amazonaws.com -U postgre
> Unknown host
Then, I tried using the pgAdmin tool.
As from the internet post, it said that we can use "SSH Tunnel" for inputing proxy:
However, the error message will be shown:
So, anyone can help suggest if we can connect to the public PostgreSQL server through HTTP proxy?
I think problem is Postgres uses plain TCP/IP protocol and you are trying to use HTTP proxy. Also you're trying to create SSH tunnel against your HTTP proxy server which won't work.
So I'd suggest following solutions:
Use TCP proxy instead of HTTP proxy
Create an EC2 or any instance that has SSH access from your company network and has access to public internet. So that you can create SSH tunnel through that instance to achieve your goal.
NOTE: Make sure you PostgreSQL is accessible from public internet (although this is usually bad idea, but it's out of scope this question) sometimes security group configs prevent it to connect from public internet.
Just add all ports(5432,3128...) in the Security Group from your RDS and specify your IP. Don't forget "/32"
Let me add that "unknown host" is usually an indication that you're not resolving the DNS hostname. Also, your HTTP proxy should not interfere with connections to databases since they aren't on port 80 or 443. A couple of things you can try (assuming you're on windows) sub in your actual url:
nslookup database-1.XXXX.rds.amazonaws.com
telnet database-1.XXXX.rds.amazonaws.com 5432
You should also check the security group that is attached to your RDS and make sure you've opened up the ip address that you're originating from on port TCP/5432.
Lastly check that your VPC has DNS and Hostnames enabled. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html#vpc-dns-updating
I have a Linux VM running with a Jenkins, Nexus and SonarQube server on it. The IP for the VM is 192.168.56.2 and I have no trouble accessing both Jenkins and Nexus on ports 8080 and 8081 respectively. However, when I try to access 192.168.56.2:9000 for SonarQube it just says 192.168.56.2 refused to connect.
When I run systemctl status sonar in the terminal it shows that SonarQube is active and running. I have opened the firewall to port 9000 and I have not changed any of the default settings. Does anyone have any idea what might be the issue?
SonarQube will only be listening on 'loopback' rather than on all inbound IP addresses. In your server's sonar.properties file, you'll need to set the Web information in order to access the server remotely, specifically the following values:
sonar.web.host: 192.168.56.2
sonar.web.port: 80 # if you want to use a port other than 9000
Also, in the web UI's Settings, under the "General" section, set the "Server base URL" value so that links and redirects issued by SonarQube target the correct location.
I have installed Spinnaker on a Vagrant Machine running Ubuntu 14.04
All my components are running successfully (Checked Active Ports , all logs)
I am also binding Deck UI and Gate on all network interfaces by specifying custom settings
When i access Deck UI from the host machine on VagrantIP at 9000, the UI comes up successfully. But Deck UI tries to access gate on localhost at 8084 and gets a "Connection Refused".
My Gate is running at "http://VagrantIP:8084"
Where do i modify the URL with which Deck accesses Gate?
Thanks for your help
You need to bind spinnaker to the 0.0.0.0 network interface so it will be available when accessed from your local machine.
You can read the following blog post https://blog.spinnaker.io/exposing-spinnaker-to-end-users-4808bc936698 but basically the following should do the trick
We’ll specify the 0.0.0.0 host in both gate.yml and deck.yml in our
default Halyard deployment with this command:
echo "host: 0.0.0.0" | tee \
~/.hal/default/service-settings/gate.yml \
~/.hal/default/service-settings/deck.yml
sudo hal deploy apply
I'm having trouble connecting to a mongo instance running on a windows azure vm running Windows Server 2012 R2. I've verified the following things
The network security group has rule allowing port 27017 inbound (* -> 27017)
The VM has TCP port 27017 inbound open on all profiles (currently, my firewall is completely disabled)
Mongo is running as a windows service. I've verified it is up and running. I was able to connect, insert, and find records in the shell on the remote vm that's running Mongo
When I run netstat -a, I can see 0.0.0.0:27017 with the status "LISTENING"
If I try to ping the VM, it times out (I believe this is expected)
Port 22 is open in the firewall and in the network security group rules
I am not running any 3rd party anti-virus software on my local machine
I tried restarting the VM both from the OS and from azure portal
I tried removing the rules from network security group and readding them
I've tried connection via SSH in bash on my local machine running windows 10 using the most basic command mongo <ip-address>. It times out with the message ssh: connect to host x.x.x.x port 22: Resource temporarily unavailable
I've tried connection via Putty/SSH. Same result
I've tried connection via MongoDB Compass which gives a similar error Could not connect to MongoDB on the provided host and port
any ideas?
Here's the config I'm using
systemLog:
logAppend: true
verbosity: 0
traceAllExceptions: true
path: c:\MongoLogs\mongolog.log
destination: file
net:
port: 27017
bindIp: [127.0.0.1, <external-ip>]
http:
enabled: true
JSONPEnabled: false
RESTInterfaceEnabled: true
storage:
dbPath: c:\MongoData\
As it turns out, the VM had multiple network security group profiles attached to it. When I click "Effective security rules" it showed a second tab that had another profile that appears to have been inherited from the subnet -- sufficed to say, it did not have the permissions that are needed. By opening the correct ports on that profile as well, connections we then going through just fine. We're gonna clean that up, but in short, there was a conflict of permissions.
I have installed wakanda server on an Amazon EC2 server running ubuntu by following this utube video: https://www.youtube.com/watch?v=uSQODnB7wRU .
Now the video is for an older version but I have followed along successfully until I actually launch wakanda on the server. This is what I get in the console:
Welcome to Wakanda Server 10 build 10.187175
Publishing "DefaultSolution" solution
The solution's log file will be stored in the "/home/ubuntu/.Wakanda Server/UserCache/Wakanda Server/DefaultSolution-1882/Logs/" folder
The Administration Web Server cannot listen for connections on port 8080 or secure port 4433 on all IP addresses
You can customize the Administration Web Server's ports with the "--admin-port" and "--admin-ssl-port" options
, then when I try to log into it via the browser it says the connection dropped! Any help would be much appreciated, it seams I need to restrict the IP addresses which can access, but how?
Your wakanda server tried and failed to listen on 8080 and/or 4433
Check the following things:
Are the ports 8080 and/or 4433 used by other processes? (sudo netstat -tapen | grep :8080, if a result is found, then yes another process uses 8080. Check 4433 also)
You may found that wakanda server is already running as a service:
yes you should use this service (create and edit /etc/default/wakanda, add WAKANDA_SOLUTION_AT_STARTUP=your_path and restart with sudo /etc/init.d/wakanda restart)
or to continue starting it manually, stop the service first (sudo /etc/init.d/wakanda stop)
Has the current user the right to listen on those ports? (try running the server with sudo just to check, then use authbind or equivalent)
Can you use alternative ports? (use --admin-port and --admin-ssl-port wakanda server options)
wakanda-server --help will give you the list of options available, especially --solution=VALUE to provide the path to your solution.