How to point consul-cli to HTTPS endpoint? - consul

How to point consul cli to HTTPS url?
I tried the below ...
export CONSUL_HTTP_ADDR=127.0.0.1:8501
consul members
Error retrieving members: Unexpected response code: 400 (Client sent an HTTP request to an HTTPS server.
)

Ah..
export CONSUL_HTTP_SSL=true
consul members
Node Address Status Type Build Protocol DC Segment
myhostname 192.168.2.198:8301 alive server 1.10.4 2 dc1 <all>

Related

How to access localhost or 127.0.0.1 on a Windows machine from Ubuntu Production Server?

I need to fetch some data from a biometric device connected to the customer's PC and return it back to my production server. I'm using a Mantra MFS100 Biometric Device to capture biometric data of the user. According to Mantra's document the biometric service will be running in 127.0.0.1. I'm able to utilize different endpoints and fetch the data required locally(using pycharm IDE windows) but when trying from my production Ubuntu Server it does not work.
The biometric service will be running on port range 11100 - 11120. To use the service I need to discover the port on which the service is running.
Code to discover the service:
import requests
for port in xrange(11100, 11122, 1):
response = requests.request('RDSERVICE', 'http://localhost:%s' % str(port), headers=headers, data=data)
if response.status == "READY":
device_port = port
if port == 11121:
print "Fingerprint device is not connected"
If the service is READY, I can move on to capture the device data:
import requests
response = requests.request('CAPTURE', 'http://localhost:%s/rd/capture' % device_port, headers=headers, data=data)
print response.text
This works when I'm trying from Local Windows IDE and endpoint as Localhost or 127.0.0.1 but does not work when I try from Ubuntu Server. When trying from the Ubuntu Server I get the following error:
HTTPConnectionPool(host='127.0.1.1', port=11100): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f677d12cf10>: Failed to establish a new connection: [Errno 111] Connection refused',))
I also tried passing the user's ip as the endpoint to no avail:
import requests
import socket
ip_address = socket.gethostbyname(socket.gethostname())
response = requests.request('CAPTURE', 'http://%s:%s/rd/capture' % (ip_address, device_port), headers=headers, data=data)
How can I access Window's Localhost from Ubuntu Server(NGINX) in Python?
Edit:
This is the request, response data from the document:
Request:
RDSERVICE * HTTP/1.1
HOST: http://127.0.0.1:[port]
EXT: APP_NAME
Response:
HTTP/1.1 200 OK
CACHE-CONTROL:no-cache
LOCATION:http://127.0.0.1:<rd_service_port>
Content-Length: length in bytes of the body
Content-Type: text/xml
Connection: Closed
<RDService status="READY|USED|NOTREADY|..." info="provider info for display purposes">
<Interface id="CAPTURE" path="/rd/capture" />
<Interface id="DEVICEINFO" path="/rd/info" />
</RDService>
I solved this by executing the logic as ir.actions.client action with Javascript instead of Python. I'm able to access Localhost when I execute the logic as a client action.

Not able to Configure relay sentry setup with proxy

I want to connect relay to sentry.io via proxy service/application.
Please help me in this I am not able to find any way to put proxy between relay and sentry.
Config.yml
relay:
mode: managed
upstream: “https://sentry.io/”
host: 0.0.0.0
port: 3000
tls_port: ~
tls_identity_path: ~
tls_identity_password: ~
Where I have to set the proxy in relay?
You can replace the upstream location to your proxy service/application and there you need to have another relay which can upload the data to sentry.io
Warn : This will just forward the messages, so configure your first relay in proxy mode.

How to expose elasticsearch setup using eck externally

Hi i would like to expose my elasticsearch cluster in kubernetes created using ECK (https://www.elastic.co/guide/en/cloud-on-k8s/current/index.html) so it can be accessed externally.
I have a requriement to setup Functionbeat to ship aws lambda cloudwatch logs to elastcsearch.
Please see Step 2: Connect to the Elastic Stack https://www.elastic.co/guide/en/beats/functionbeat/current/functionbeat-installation-configuration.html
Attempt:
I have an elastic load balancer that has haproxy running on it which i use to expose other k8 services externally such as frontends. Ive attempted to modify this to also allow me to expose elasticsearch.
haproxy
frontend elasticsearch
bind *:9200
acl host_data_elasticsearch hdr(host) -i elasticsearch.acme.com
use_backend elasticsearchApp if host_data_elasticsearch
backend elasticsearchApp
server data-es data-es-es-http:9200 check rise 1 ssl verify none
Im attempting to see if i can connect using the following curl command:
curl -u "elastic:$ELASTIC_PASSWORD" -k "https://elasticsearch.acme.com:9200"
However i get the following error:
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
In the browser if i navigate to the url i get
This site can’t provide a secure connection
elasticsearch.acme.com sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
Posting answer as community wiki based on #Joao Morais comment:
you added ssl to the server line which instructs haproxy to perform a ssl offload and you didn't add the ssl stuff in the frontend. it seems you should either remove the ssl+verify from the server, add ssl to the front or query a plain http request.
Additional information:
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number indicates that you are trying to reach website that is not secure.
To access it you should replace https: with http: in your curl command so it will look like this:
curl -u "elastic:$ELASTIC_PASSWORD" -k "http://elasticsearch.acme.com:9200"

How to set metricbeat on amazon elasticsearch

I have two servers one for production and one for test, I've been trying to install metricbeat on both servers.
I did on my test server and set it to send logs to my amazon elasticsearch service and now I can see on kibana all data from that server but I did the same process to my production server and when I use command sudo metricbeat -e it starts but I get
ERROR pipeline/output.go:74 Failed to connect: Get https://amazon-endpoint request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers) but the config for both is the same

Consul running on Docker HTTP health check returns "connection reset by peer"

We are running consul through docker and using the HTTP health checks to a URL (https://10.1.24.68:5012/status) with a self-signed certificate. However, I get the following error:
2016/06/10 10:29:42 [WARN] agent: http request failed
'https://10.1.24.68:5012/status': Get https://10.1.24.68:5012/status:
read tcp 10.3.2.11:55549->10.1.24.68:5012: read: connection reset by
peer
It works as well when we use the Script health check with the wget command but this is not ideal. This is the line of code in Consul throwing the above error.
When running the health check to a HTTP URL (http://localhost:5012/status) it works. Could this be a certificate issue? I've added our certificate to both /etc/ssl/certs/ca-certificates.crt and /usr/share/local/ca-certificates.crt.
Halp!

Resources