Cannot start Keycloak 19.0.2 on Azure - azure

I have a Linux VM hosted on Azure. On this VM I "installed" the standalone version of Keycloak 19.0.2. When I connect to the VM with SSH, I can simply start the server with bin/kc.sh start-dev. This works without any problems.
Now I want to start the Keycloak server automatically on the VM startup. I tried this with Crontab. This did not work because the VM resets the Crontab on each restart.
Then I tried to directly start it from Azure with a Custom Script for Linux. Since I had trouble setting it up, I started playing around with the Run command feature in the Azure portal. When I run the command sudo /home/my_user/keycloak/bin/kc.sh start-dev I get the following output:
2022-09-14 14:19:32,839 INFO [org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider] (main) Hostname settings: FrontEnd: <request>, Strict HTTPS: false, Path: <request>, Strict BackChannel: false, Admin: <request>, Port: -1, Proxied: false
2022-09-14 14:19:34,670 INFO [org.keycloak.common.crypto.CryptoIntegration] (main) Detected crypto provider: org.keycloak.crypto.def.DefaultCryptoProvider
2022-09-14 14:19:36,475 WARN [org.infinispan.CONFIG] (keycloak-cache-init) ISPN000569: Unable to persist Infinispan internal caches as no global state enabled
2022-09-14 14:19:36,483 WARN [org.infinispan.PERSISTENCE] (keycloak-cache-init) ISPN000554: jboss-marshalling is deprecated and planned for removal
2022-09-14 14:19:36,553 INFO [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller'
2022-09-14 14:19:37,251 INFO [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000128: Infinispan version: Infinispan 'Triskaidekaphobia' 13.0.9.Final
2022-09-14 14:19:37,886 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: node_884187, Site name: null
2022-09-14 14:19:41,657 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Failed to start server in (development) mode
2022-09-14 14:19:41,657 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: Unable to start HTTP server
2022-09-14 14:19:41,658 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) ERROR: io.quarkus.runtime.QuarkusBindException
2022-09-14 14:19:41,658 ERROR [org.keycloak.quarkus.runtime.cli.ExecutionExceptionHandler] (main) For more details run the same command passing the '--verbose' option. Also you can use '--help' to see the details about the usage of the particular command.
TLDR: The server starts perfectly fine, when I manually start it via SSH. When I try to start the server with the Azure portal (Run command) it does not work.

Related

502 Bad Gateway when hosting a Meteor app on AWS Elastic Beanstalk with Meteor-up

I have a Meteor app I've been trying to deploy to AWS with mup-aws-beanstalk.
Here is my repository This is a basic "Hello world" equivalent of MongoDB, Meteor, React, Node.js app. How to install
This works perfectly fine localy, and runs on http://localhost:3000/. When I try to deploy to AWS with the meteor-up mup-aws-beanstalk plugin, it deploys, but I get a 502 Bad Gateway error.
I'm pretty new to this but I did some research and checked the logs.
Checking the logs, I see that the start script isnt working properly
> mup-meteor-example-deploy-aws#1.0.0 start /var/app/current
> bash ./start.sh
┌──────────────────────────────────────────────────┐
│ npm update check failed │
│ Try running with sudo or get access │
│ to the local update config store via │
│ sudo chown -R $USER:$(id -gn $USER) /tmp/.config │
└──────────────────────────────────────────────────┘
┌──────────────────────────────────────────────────┐
│ npm update check failed │
│ Try running with sudo or get access │
│ to the local update config store via │
│ sudo chown -R $USER:$(id -gn $USER) /tmp/.config │
└──────────────────────────────────────────────────┘
Node version
v12.16.1
Npm version
6.14.0
=> Starting health check server
=> Starting App
/var/app/current/programs/server/node_modules/fibers/fibers.js:90
return fn.apply(this, arguments);
^
Error: $ROOT_URL, if specified, must be an URL
at packages/meteor.js:1328:13
at packages/meteor.js:1343:4
at packages/meteor.js:1508:3
at /var/app/current/programs/server/boot.js:401:38
at Array.forEach (<anonymous>)
at /var/app/current/programs/server/boot.js:226:21
at /var/app/current/programs/server/boot.js:464:7
at Function.run (/var/app/current/programs/server/profile.js:280:14)
at /var/app/current/programs/server/boot.js:463:13
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! mup-meteor-example-deploy-aws#1.0.0 start: `bash ./start.sh`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the mup-meteor-example-deploy-aws#1.0.0 start script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm WARN Local package.json exists, but node_modules missing, did you mean to install?
I checked the above problem and other StackOverflow questions mention to make the URL start with http or https, which my does.
Then there is also an error from nginx, there are these lines that keep repeating. I am not sure if these two are related.
This post describes the problem might be because the app isn't running on the server/port combination
HOWEVER, this post states that it might be because Elastic Beanstalk is reading the wrong file first, and therefore not opening up the ports in the first place?
I am not sure how or where to change the port numbers, or if this is a problem with npm.
-------------------------------------
/var/log/nginx/error.log
-------------------------------------
2020/07/13 04:02:02 [error] 4632#0: *148508 connect() failed (111: Connection refused) while connecting to upstream, client: 172.31.21.16, server: , request: "GET /aws-health-check-3984729847289743128904723 HTTP/1.1", upstream: "http://127.0.0.1:8039/aws-health-check-3984729847289743128904723", host: "172.31.46.135"
2020/07/13 04:02:06 [error] 4632#0: *148510 connect() failed (111: Connection refused) while connecting to upstream, client: 172.31.46.174, server: , request: "GET /aws-health-check-3984729847289743128904723 HTTP/1.1", upstream: "http://127.0.0.1:8039/aws-health-check-3984729847289743128904723", host: "172.31.46.135"
2020/07/13 04:02:17 [error] 4632#0: *148512 connect() failed (111: Connection refused) while connecting to upstream, client: 172.31.21.16, server: , request: "GET /aws-health-check-3984729847289743128904723 HTTP/1.1", upstream: "http://127.0.0.1:8039/aws-health-check-3984729847289743128904723", host: "172.31.46.135"
This is my deployment output
PS G:\GitFolder\meteor-example-deploy-aws\.deploy> mup deploy
=> Setting up
=> Ensuring IAM Roles and Instance Profiles are setup
Building App Bundle Locally
WARNING: The output directory is under your source tree.
Your generated files may get interpreted as source code!
Consider building into a different directory instead
meteor build ../output
app/node_modules/semantic-ui-css/semantic.css: warn: There are some #import rules in the middle of a file. This might be a bug, as imports are only valid at the beginning of a file.
Browserslist: caniuse-lite is outdated. Please run next command `npm update`
Unable to resolve some modules:
"#babel/runtime/helpers/createSuper" in /G/GitFolder/meteor-example-deploy-aws/app/imports/ui/layouts/App.jsx (web.browser.legacy)
If you notice problems related to these missing modules, consider running:
meteor npm install --save #babel/runtime
=> Archiving Bundle
10% Archived
20% Archived
30% Archived
40% Archived
50% Archived
60% Archived
70% Archived
80% Archived
90% Archived
100% Archived
=> Uploading bundle
Uploaded 11%
Uploaded 23%
Uploaded 35%
Uploaded 46%
Uploaded 58%
Uploaded 70%
Uploaded 81%
Uploaded 93%
Uploaded 100%
Finishing upload. This could take a couple minutes
=> Creating Version
=> Configuring Beanstalk Environment
Updated Environment
=> Waiting for Beanstalk Environment to finish updating
Env Event: Updating environment mup-env-meteor-example-deploy-aws's configuration settings.
Env Event: Rolling with Additional Batch deployment policy enabled. Launching a new batch of 1 additional instance(s).
Env Event: Batch 1: 1 EC2 instance(s) [i-0b017a1b7f1c7151a] launched. Deploying application version.
Env Event: Environment health has transitioned from Severe to Degraded. 100.0 % of the requests are failing with HTTP 5xx. ELB processes are not healthy on 1 out of 2 instances. Configuration update in progress on 1 instance. 0 out of 2 instances completed (running for 2 minutes). ELB health is failing or not available for 1 out of 2 instances. Impaired services on 1 out of 2 instances.
Env Event: Added instance [i-0b017a1b7f1c7151a] to your environment.
Env Event: Failed to run npm install. Snapshot logs for more details.
Env Event: Retrieving logs prior to instance(s) termination. Logs will be available for an hour in the environment management console and at elasticbeanstalk-us-east-1-966889535256/resources/environments/logs/bundle/e-kvnxyajrem.
Env Event: During an aborted deployment, some instances may have deployed the new application version. To ensure all instances are running the same version, re-deploy the appropriate application version.
Env Event: Failed to deploy configuration.
Env Event: Terminating excess instance(s): [i-0b017a1b7f1c7151a].
Env Event: Command execution completed on all instances successfully.
Env Event: [Instance: i-0b017a1b7f1c7151a] Successfully finished bundling 16 log(s)
=> Deploying new version
=> Waiting for Beanstalk Environment to finish updating
Env Event: Environment health has transitioned from Degraded to Severe. 100.0 % of the requests are failing with HTTP 5xx. Command failed on 1 out of 2 instances. Incorrect application version found on 1 out of 2 instances. Expected version "5" (deployment 10). ELB processes are not healthy on all instances. Application update in progress (running for 42 seconds). ELB health is failing or not available for all instances. Impaired services on 1 out of 2 instances.
Env Event: Rolling with Additional Batch deployment policy enabled. Launching a new batch of 1 additional instance(s).
Env Event: Removed instance [i-0b017a1b7f1c7151a] from your environment.
Env Event: Added instance [i-0733205831e115a28] to your environment.
Env Event: Batch 1: 1 EC2 instance(s) [i-0733205831e115a28] launched. Deploying application version '5'.
Env Event: Unsuccessful command execution on instance id(s) 'i-0733205831e115a28'. Aborting the operation.
Env Event: Command execution completed on all instances. Summary: [Successful: 0, Failed: 1].
Env Event: [Instance: i-0733205831e115a28] Command failed on instance. Return code: 127 Output: (TRUNCATED)...
/opt/elasticbeanstalk/hooks/appdeploy/pre/45node.sh: line 12: nvm: command not found
/opt/elasticbeanstalk/hooks/appdeploy/pre/45node.sh: line 13: nvm: command not found
/opt/elasticbeanstalk/hooks/appdeploy/pre/45node.sh: line 14: npm: command not found.
Hook /opt/elasticbeanstalk/hooks/appdeploy/pre/45node.sh failed. For more detail, check /var/log/eb-activity.log using console or EB CLI.
Env Event: Retrieving logs prior to instance(s) termination. Logs will be available for an hour in the environment management console and at elasticbeanstalk-us-east-1-966889535256/resources/environments/logs/bundle/e-kvnxyajrem.
Env Event: Excess instance(s) terminated.
Env Event: Terminating excess instance(s): [i-0733205831e115a28].
Env Event: Command execution completed on all instances successfully.
Env Event: [Instance: i-0733205831e115a28] Successfully finished bundling 15 log(s)
Env Event: Environment health has transitioned from Severe to Degraded. 100.0 % of the requests are failing with HTTP 5xx. Command failed on 1 out of 2 instances. Incorrect application version found on 1 out of 2 instances. Expected version "1" (deployment 1). ELB processes are not healthy on 1 out of 2 instances. Application update is aborting. 1 out of 2 instances completed (running for 4 minutes). ELB health is failing or not available for 1 out of 2 instances. Impaired services on 1 out of 2 instances.
App is running at mup-env-meteor-example-deploy-aws.eba-cah6ppkm.us-east-1.elasticbeanstalk.com
=> Finding old versions
=> Removing old versions
=> Updating Beanstalk SSL Config
and this everything in my mup.js file
app: {
// Tells mup that the AWS Beanstalk plugin will manage the app
type: 'aws-beanstalk',
name: 'meteor-example-deploy-aws',
path: 'G:/GitFolder/meteor-example-deploy-aws/app',
env: {
ROOT_URL: 'http://mup-env-meteor-example-deploy-aws.eba-cah6ppkm.us-east-1.elasticbeanstalk.com/',
MONGO_URL: 'mongodb://MYUSERNAME:MYPASSREDACTED#docdb-2020-07-06-07-57-38.cluster-c9vs8fwnppko.us-east-1.docdb.amazonaws.com:27017/?ssl=true&ssl_ca_certs=rds-combined-ca-bundle.pem&replicaSet=rs0&readPreference=secondaryPreferred&retryWrites=false'
},
auth: {
id: 'AKIA6C...',
secret: 'xCBpL....'
},
minInstances: 1
},
plugins: ['mup-aws-beanstalk']
};

AWS elastic beanstalk deploy always fails (uploading a zipfile)

I upload a new version of my app as a zipfile and click deploy. Then the status changes to severe.
This is the error trace:
WARN
Environment health has transitioned from Info to Degraded. Command failed on all instances. Incorrect application version found on all instances. Expected version "Sample" (deployment 2). Application update failed 10 seconds ago and took 4 minutes.
ERROR
During an aborted deployment, some instances may have deployed the new application version. To ensure all instances are running the same version, re-deploy the appropriate application version.
ERROR
Failed to deploy application.
ERROR
Unsuccessful command execution on instance id(s) 'i------'. Aborting the operation.
ERROR
[Instance: i-002326d7ceeba0ea9] Command failed on instance. Return code:
1 Output: nginx: [emerg] no host in upstream ":80" in /etc/nginx/conf.d/elasticbeanstalk-nginx-docker-upstream.conf:
2 nginx: configuration file /etc/nginx/nginx.conf test failed Failed to start nginx, abort deployment.
Hook /opt/elasticbeanstalk/hooks/appdeploy/enact/01flip.sh failed.
For more detail, check /var/log/eb-activity.log using console or EB CLI.
ERROR
Failed to start nginx, abort deployment
/var/log/eb-activity.log
here are errors in this log:
[0mInstalling dependencies from Pipfile.lock (5e00f3)…
Failed to load paths: /bin/sh: 1: /root/.local/share/virtualenvs/app-lp47FrbD/bin/python: not found
...
[2020-05-29T01:51:24.746Z] INFO [11395] - [Application update v1.3.3-1#3/AppDeployStage1/AppDeployEnactHook/00run.sh] : Completed activity. Result:
jq: error (at <stdin>:1): Cannot iterate over null (null)
a2f568b1c255eb9e0fdc6ceebdd29b9ec64b9ab4481a3e1c5bcb11828b0ac526
[2020-05-29T01:51:24.747Z] INFO [11395] - [Application update v1.3.3-1#3/AppDeployStage1/AppDeployEnactHook/01flip.sh] : Starting activity...
[2020-05-29T01:51:26.099Z] INFO [11395] - [Application update v1.3.3-1#3/AppDeployStage1/AppDeployEnactHook/01flip.sh] : Activity execution failed, because: nginx: [emerg] no host in upstream ":80" in /etc/nginx/conf.d/elasticbeanstalk-nginx-docker-upstream.conf:2
nginx: configuration file /etc/nginx/nginx.conf test failed
Failed to start nginx, abort deployment (ElasticBeanstalk::ExternalInvocationError)
caused by: nginx: [emerg] no host in upstream ":80" in /etc/nginx/conf.d/elasticbeanstalk-nginx-docker-upstream.conf:2
nginx: configuration file /etc/nginx/nginx.conf test failed
Failed to start nginx, abort deployment (Executor::NonZeroExitStatus)
...
[2020-05-29T01:51:26.099Z] INFO [11395] - [Application update v1.3.3-1#3/AppDeployStage1/AppDeployEnactHook/01flip.sh] : Activity failed.
[2020-05-29T01:51:26.099Z] INFO [11395] - [Application update v1.3.3-1#3/AppDeployStage1/AppDeployEnactHook] : Activity failed.
[2020-05-29T01:51:26.099Z] INFO [11395] - [Application update v1.3.3-1#3/AppDeployStage1] : Activity failed.
[2020-05-29T01:51:26.100Z] INFO [11395] - [Application update v1.3.3-1#3] : Completed activity. Result:
Application update - Command CMD-AppDeploy failed
The inability to deploy has been consistent for this environment, after several attempts, even reverting to an older version.
Afterwards, I resolved this by isolating the code and error messages using a local docker image with the zipfile. Running the code on my machine outside of docker did NOT reveal any problems, because the pip / pipenv part was missing some depdendency.
Steps for local docker testing:
WITHIN a docker container:
docker system prune
Go to the folder with Dockerfile
docker image build -t <app_name>:<version_number> .
TO run locally:
(docker rm <app_name> first, if you've already got a stopped container with the same name from prior testing)
docker container run --publish 80:80 --name <app_name> myapp:1.0
NOTE:
this won't let you test AWS functions that require environment variables, such as ~.aws credentials because they're not inside the image.
(but you could add them with your Dockerfile)
Once the docker container is running, you'll see (I saw) error messages that were not there when testing locally, because they were caused by a missing package dependency and a pipenv error.

can't start prestodb server over https with a custom password authenticator

I'm using presto 0.206 and trying to config it to run over https with a password authenticator that i wrote.
I get the following error -
2018-10-29T16:24:45.974+0200 INFO main com.facebook.presto.server.security.PasswordAuthenticatorManager -- Loading password authenticator --
2018-10-29T16:24:45.976+0200 INFO main Bootstrap PROPERTY DEFAULT RUNTIME DESCRIPTION
2018-10-29T16:24:45.980+0200 INFO main com.facebook.presto.server.security.PasswordAuthenticatorManager -- Loaded password authenticator v3io --
2018-10-29T16:24:45.989+0200 INFO main com.facebook.presto.server.PrestoServer ======== SERVER STARTED ========
2018-10-29T16:24:45.989+0200 ERROR Announcer-0 io.airlift.discovery.client.Announcer Cannot connect to discovery server for announce: Announcement failed for https://192.168.224.157:8889
2018-10-29T16:24:45.990+0200 ERROR Announcer-0 io.airlift.discovery.client.Announcer Service announcement failed after 9.44ms. Next request will happen within 0.00s
looks like my plugin ("v3io") is loaded successfully but something is wrong with the https config
config.properties -
coordinator=true
node-scheduler.include-coordinator=true
http-server.https.enabled=true
http-server.https.port=8889
query.max-memory=5GB
query.max-memory-per-node=1GB
discovery-server.enabled=true
discovery.uri=https://192.168.224.157:8889
node.internal-address=192.168.224.157
http-server.https.keystore.path=/opt/presto-server-0.206/keystore.jks
http-server.https.keystore.key=password
http-server.authentication.type=PASSWORD
Change the discovery.uri value to be http not https. I don’t think it supports HTTPS.

Anchore Engine - Jenkins CI plugin

We are trying to scan our docker images using Anchore Engine Jenkins plugin.
Currently we create our application docker images, push it in our own private local registry and then deploy it in our test environments.
Now, we want to setup docker image scanning in our CI/CD process to check for any vulnerabilities.
We have installed Anchore Engine using the recommended Docker-Compose yaml method given in the Documentation link:
https://anchore.freshdesk.com/support/solutions/articles/36000020729-install-on-docker-swarm
Post installation, we installed the
Anchore Container Image Scanner Plugin in Jenkins.
We configured the plugin as mentioned in the document link:
https://wiki.jenkins.io/display/JENKINS/Anchore+Container+Image+Scanner+Plugin
However, the scanning fails. Error Message as follows:
2018-10-11T07:01:44.647 INFO AnchoreWorker Analysis request accepted, received image digest sha256:7d6fb7e5e7a74a4309cc436f6d11c29a96cbf27a4a8cb45a50cb0a326dc32fe8
2018-10-11T07:01:44.647 INFO AnchoreWorker Waiting for analysis of 10.180.25.2:5000/hello-world:latest, polling status periodically
2018-10-11T07:01:44.647 DEBUG AnchoreWorker anchore-engine get policy evaluation URL: http://10.180.25.2:8228/v1/images/sha256:7d6fb7e5e7a74a4309cc436f6d11c29a96cbf27a4a8cb45a50cb0a326dc32fe8/check?tag=10.180.25.2:5000/hello-world:latest&detail=true
2018-10-11T07:01:44.648 DEBUG AnchoreWorker Attempting anchore-engine get policy evaluation (1/300)
2018-10-11T07:01:44.675 DEBUG AnchoreWorker anchore-engine get policy evaluation failed. URL: http://10.180.25.2:8228/v1/images/sha256:7d6fb7e5e7a74a4309cc436f6d11c29a96cbf27a4a8cb45a50cb0a326dc32fe8/check?tag=10.180.25.2:5000/hello-world:latest&detail=true, status: HTTP/1.1 404 NOT FOUND, error: {
"detail": {},
"httpcode": 404,
"message": "image is not analyzed - analysis_status: not_analyzed"
}
NOTE:
In Image TAG 10.180.25.2:5000/hello-world:latest, 10.180.25.2:5000 is our local private registry and hello-world:latest is latest hello-world image available in docker hub which we pulled and pushed in our registry to try out image scanning using Anchore-Engine.
Unfortunately we are not able to find much resource online to try and resolve the above mentioned issue.
Anyone who might have worked on Anchore-Engine, please may I request to have a look and help us resolve this issue.
Also, any suggestions or alternatives to anchore-engine or detailed steps in case we might have missed anything would be really appreciated.
End of the output is as follows:
2018-10-15T00:48:43.880 WARN AnchoreWorker anchore-engine get policy evaluation failed. HTTP method: GET, URL: http://10.180.25.2:8228/v1/images/sha256:7d6fb7e5e7a74a4309cc436f6d11c29a96cbf27a4a8cb45a50cb0a326dc32fe8/check?tag=10.180.25.2:5000/hello-world:latest&detail=true, status: 404, error: {
"detail": {},
"httpcode": 404,
"message": "image is not analyzed - analysis_status: not_analyzed"
}
2018-10-15T00:48:43.880 WARN AnchoreWorker Exhausted all attempts polling anchore-engine. Analysis is incomplete for sha256:7d6fb7e5e7a74a4309cc436f6d11c29a96cbf27a4a8cb45a50cb0a326dc32fe8
2018-10-15T00:48:43.880 ERROR AnchorePlugin Failing Anchore Container Image Scanner Plugin step due to errors in plugin execution
hudson.AbortException: Timed out waiting for anchore-engine analysis to complete (increasing engineRetries might help). Check above logs for errors from anchore-engine
at com.anchore.jenkins.plugins.anchore.BuildWorker.runGatesEngine(BuildWorker.java:480)
at com.anchore.jenkins.plugins.anchore.BuildWorker.runGates(BuildWorker.java:343)
at com.anchore.jenkins.plugins.anchore.AnchoreBuilder.perform(AnchoreBuilder.java:338)
at hudson.tasks.BuildStepCompatibilityLayer.perform(BuildStepCompatibilityLayer.java:81)
at hudson.tasks.BuildStepMonitor$1.perform(BuildStepMonitor.java:20)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:744)
at hudson.model.Build$BuildExecution.build(Build.java:206)
at hudson.model.Build$BuildExecution.doRun(Build.java:163)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:504)
at hudson.model.Run.execute(Run.java:1724)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
at hudson.model.ResourceController.execute(ResourceController.java:97)
at hudson.model.Executor.run(Executor.java:421)
I also checked status and found below:
docker run anchore/engine-cli:latest anchore-cli --u admin --p admin123 --url http://172.18.0.1:8228/v1 system status
Service analyzer (dockerhostid-anchore-engine, http://anchore-engine:8084): up
Service catalog (dockerhostid-anchore-engine, http://anchore-engine:8082): up
Service policy_engine (dockerhostid-anchore-engine, http://anchore-engine:8087): down (unavailable)
Service simplequeue (dockerhostid-anchore-engine, http://anchore-engine:8083): up
Service apiext (dockerhostid-anchore-engine, http://anchore-engine:8228): up
Service kubernetes_webhook (dockerhostid-anchore-engine, http://anchore-engine:8338): up
Engine DB Version: 0.0.7
Engine Code Version: 0.2.4
It seems service policy engine is down
Service policy_engine (dockerhostid-anchore-engine, http://anchore-engine:8087): down (unavailable)
I also checked the docker logs . I found below error:
[service:policy_engine] 2018-10-15 09:37:46+0000 [-] [bootstrap] [DEBUG] service (policy_engine) starting in: 4
[service:policy_engine] 2018-10-15 09:37:46+0000 [-] [bootstrap] [INFO] Registration complete.
[service:policy_engine] 2018-10-15 09:37:46+0000 [-] [bootstrap] [INFO] Checking feeds client credentials
[service:policy_engine] 2018-10-15 09:37:46+0000 [-] [bootstrap] [DEBUG] Initializing a feeds client
[service:policy_engine] 2018-10-15 09:37:47+0000 [-] [bootstrap] [DEBUG] init values: [None, None, None, (), None, None]
[service:policy_engine] 2018-10-15 09:37:47+0000 [-] [bootstrap] [DEBUG] using values: ['https://ancho.re/v1/service/feeds', 'https://ancho.re/oauth/token', 'https://ancho.re/v1/account/users', 'anon#ancho.re', 3, 60]
[service:policy_engine] 2018-10-15 09:37:47+0000 [-] [urllib3.connectionpool] [DEBUG] Starting new HTTPS connection (1): ancho.re
[service:policy_engine] 2018-10-15 09:37:50+0000 [-] [bootstrap] [ERROR] Preflight checks failed with error: HTTPSConnectionPool(host='ancho.re', port=443): Max retries exceeded with url: /v1/account/users/anon#ancho.re (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7ffa905f0b90>: Failed to establish a new connection: [Errno 113] No route to host',)). Aborting service startup
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/anchore_manager/cli/service.py", line 158, in startup_service
raise Exception("process exited: " + str(rc))
Exception: process exited: 1
[anchore-policy-engine] [anchore_manager.cli.service/startup_service()] [INFO] service process exited at (Mon Oct 15 09:37:50 2018): process exited: 1
[anchore-policy-engine] [anchore_manager.cli.service/startup_service()] [INFO] exiting service thread
Thanks and Regards,
Rohan Shetty
When images are added to anchore-engine, they are queued for analysis which moves them through a simple state machine that starts with ‘not_analyzed’, goes to ‘analyzing’ and finally ends in either ‘analyzed’ or ‘analysis_failed’. Only when an image has reached ‘analyzed’ will a policy evaluation be possible.
The anchore Jenkins plugin will add an image, then poll the engine for image status/evaluation for the configured number of tries (default 300). Once the image goes to ‘analyzed’ (where policy evaluation is possible), the plugin will then receive a policy evaluation result from the engine.
The plugin will fail the build (by default) if the max retries has been performed and the image has not reached ‘analyzed’, if the image does reach ‘analyzed’ but the policy evaluation is producing a ‘fail’ result (meaning the image didn’t pass your configured policy checks). Note that all build failure behavior can be controlled in the plugin (I.e. there are options to allow the plugin to succeed even if the analysis or image eval fails).
You’ll need to look at the end of the output from your build run (instead of just the beginning from your post), and combined with the information above, it should be clear which scenario is causing the plugin to fail the build.
We have resolved the issue.
Root Cause:
We were not able to establish a successful https connection to URL : https://ancho.re from within the anchore-engine docker container.
As a result the service:policy_engine was not able to start.
https://ancho.re is required to download policy feeds and sync-up periodically. Without these policy anchore-engine won't be able to analyse the docker images.
Solution:
1) We passed a HTTPS_PROXY URL as an environment variable in the docker-compose.yaml of anchore-engine.
We used this proxy URL to bypass restrictions in our environment and establish a connection with https://ancho.re url.
2) Restarted the docker containers.
Finally we got all services up and running including Anchore policy-engine.
FYI:
It takes a while to download all the required Feeds depending on your internet speed.
Lastly, Thanks to the Anchore community for quick responses and support over slack.
Hope this helps.
Warm Regards,
Rohan Shetty

Setting up a Selenium node on Linux

I am currently trying to set up a Selenium node on a Linux VM (headless). The hub is being run from a Windows device on port 5786 (4444 was in use).
I initiate the hub using the following code:
java -jar selenium-server-standalone-
2.53.0.jar -role node –hub http://<myIP>:5786/grid/register -port 5558
When i execute this, it returns the following error messages:
13:42:12.765 INFO - Launching a Selenium Grid node
13:42:13.435 WARN - error getting the parameters from the hub. The node may
end up with wrong timeouts.Connect to 10.146.48.80:4444 [/10.146.48.80]
failed: Connection refused
13:42:13.445 INFO - Java: Oracle Corporation 24.60-b09
13:42:13.445 INFO - OS: Linux 3.10.0-514.21.1.el7.x86_64 amd64
13:42:13.450 INFO - v2.53.0, with Core v2.53.0. Built from revision 35ae25b
13:42:13.521 INFO - Driver provider
org.openqa.selenium.ie.InternetExplorerDriver registration is skipped:
registration capabilities Capabilities [{platform=WINDOWS,
ensureCleanSession=true, browserName=internet explorer, version=}] does not
match the current platform LINUX
13:42:13.521 INFO - Driver provider org.openqa.selenium.edge.EdgeDriver
registration is skipped:
registration capabilities Capabilities [{platform=WINDOWS,
browserName=MicrosoftEdge, version=}] does not match the current platform
LINUX
13:42:13.521 INFO - Driver class not found:
com.opera.core.systems.OperaDriver
13:42:13.521 INFO - Driver provider com.opera.core.systems.OperaDriver is not
registered
13:42:13.522 INFO - Driver provider org.openqa.selenium.safari.SafariDriver
registration is skipped:
registration capabilities Capabilities [{platform=MAC, browserName=safari,
version=}] does not match the current platform LINUX
13:42:13.523 INFO - Driver class not found:
org.openqa.selenium.htmlunit.HtmlUnitDriver
13:42:13.523 INFO - Driver provider
org.openqa.selenium.htmlunit.HtmlUnitDriver is not registered
13:42:13.552 INFO - Version Jetty/5.1.x
13:42:13.553 INFO - Started HttpContext[/selenium-server/driver,/selenium-
server/driver]
13:42:13.553 INFO - Started HttpContext[/selenium-server,/selenium-server]
13:42:13.553 INFO - Started HttpContext[/,/]
13:44:03.596 INFO - Started
org.openqa.jetty.jetty.servlet.ServletHandler#188fd321
13:44:03.596 INFO - Started HttpContext[/wd,/wd]
13:44:03.599 INFO - Started SocketListener on 0.0.0.0:5555
13:44:03.599 INFO - Started org.openqa.jetty.jetty.Server#a01330f
13:44:03.599 INFO - Selenium Grid node is up and ready to register to the hub
13:44:03.630 INFO - Starting auto registration thread. Will try to register
every 5000 ms.
13:44:03.630 INFO - Registering the node to the hub:
http://10.146.48.80:4444/grid/register
13:44:03.638 INFO - Couldn't register this node: Error sending the
registration request: Connect to 10.146.48.80:4444 [/10.146.48.80] failed:
Connection refused
In the command that you shared viz.,
java -jar selenium-server-standalone-2.53.0.jar -role node –hub http://<myIP>:5786/grid/register -port 5558
You have a copy paste problem. The - before the parameter hub doesn't seem to be a hyphen character.
I was able to deduce this as a possible root cause because the value of -hub is completely being ignored and the default hub port of 4444 is being attempted to use. The stacktrace that you shared re-iterates this
13:42:13.435 WARN - error getting the parameters from the hub. The node may
end up with wrong timeouts.Connect to 10.146.48.80:4444 [/10.146.48.80]
failed: Connection refused
As you can see, even though you are providing your Hub's registration URL to include a port number of 5786, its still picking up 4444 and complaining Connection refused.
Please try typing out the entire command for starting the hub and try again. That should work.

Resources