KubeDNS not injecting nameservers, Kubernetes 1.5.2 on RHEL 7- - dns

I've created a cluster with a master and 5 nodes with flannel for the POD network and that is working fine.
What is not working is that after installing kubeDNS (kubedns, dnsmasq and sidecar) but I can't get the new nameserver to be injected into HOST /etc/resolv.conf, because of that I can't resolve any hostnames.
Everything else works fine, all KubeDNS containers are running and with no errors
My kube-proxy ARGS
KUBE_PROXY_ARGS="--cluster-cidr=10.254.0.0/16"
My Kubelet configs
KUBELET_DNS="--cluster-dns=10.254.0.253"
KUBELET_DOMAIN="--cluster-domain=cluster.local"
Here are my configs for the DNS POD:
{
"kind": "Pod",
"apiVersion": "v1",
"metadata": {
"name": "kube-dns-4073989832-f7g5g",
"generateName": "kube-dns-4073989832-",
"namespace": "kube-system",
"selfLink": "/api/v1/namespaces/kube-system/pods/kube-dns-4073989832-f7g5g",
"uid": "6f76055c-5b1e-11e7-b0c5-0050568fc023",
"resourceVersion": "3974782",
"creationTimestamp": "2017-06-27T09:53:13Z",
"labels": {
"k8s-app": "kube-dns",
"pod-template-hash": "4073989832"
},
"annotations": {
"kubernetes.io/created-by": "{\"kind\":\"SerializedReference\",\"apiVersion\":\"v1\",\"reference\":{\"kind\":\"ReplicaSet\",\"namespace\":\"kube-system\",\"name\":\"kube-dns-4073989832\",\"uid\":\"8afa7fce-5a9e-11e7-b714-0050568fc023\",\"apiVersion\":\"extensions\",\"resourceVersion\":\"3974404\"}}\n",
"scheduler.alpha.kubernetes.io/critical-pod": ""
},
"ownerReferences": [
{
"apiVersion": "extensions/v1beta1",
"kind": "ReplicaSet",
"name": "kube-dns-4073989832",
"uid": "8afa7fce-5a9e-11e7-b714-0050568fc023",
"controller": true
}
]
},
"spec": {
"volumes": [
{
"name": "kube-dns-config",
"configMap": {
"name": "kube-dns",
"defaultMode": 420
}
}
],
"containers": [
{
"name": "kubedns",
"image": "vvcelparti01:443/k8s-dns-kube-dns-amd64:1.14.2",
"args": [
"--domain=cluster.local",
"--dns-port=10053",
"--config-dir=/kube-dns-config",
"--kube-master-url=http://10.64.146.26:8080",
"--v=2"
],
"ports": [
{
"name": "dns-local",
"containerPort": 10053,
"protocol": "UDP"
},
{
"name": "dns-tcp-local",
"containerPort": 10053,
"protocol": "TCP"
},
{
"name": "metrics",
"containerPort": 10055,
"protocol": "TCP"
}
],
"env": [
{
"name": "PROMETHEUS_PORT",
"value": "10055"
}
],
"resources": {
"limits": {
"memory": "170Mi"
},
"requests": {
"cpu": "100m",
"memory": "70Mi"
}
},
"volumeMounts": [
{
"name": "kube-dns-config",
"mountPath": "/kube-dns-config"
}
],
"livenessProbe": {
"httpGet": {
"path": "/healthcheck/kubedns",
"port": 10054,
"scheme": "HTTP"
},
"initialDelaySeconds": 60,
"timeoutSeconds": 5,
"periodSeconds": 10,
"successThreshold": 1,
"failureThreshold": 5
},
"readinessProbe": {
"httpGet": {
"path": "/readiness",
"port": 8081,
"scheme": "HTTP"
},
"initialDelaySeconds": 3,
"timeoutSeconds": 5,
"periodSeconds": 10,
"successThreshold": 1,
"failureThreshold": 3
},
"terminationMessagePath": "/dev/termination-log",
"imagePullPolicy": "IfNotPresent"
},
{
"name": "dnsmasq",
"image": "vvcelparti01:443/k8s-dns-dnsmasq-nanny-amd64:1.14.2",
"args": [
"-v=2",
"-logtostderr",
"-configDir=/etc/k8s/dns/dnsmasq-nanny",
"-restartDnsmasq=true",
"--",
"-k",
"--cache-size=1000",
"--log-facility=-",
"--server=/cluster.local/127.0.0.1#10053",
"--server=/in-addr.arpa/127.0.0.1#10053",
"--server=/ip6.arpa/127.0.0.1#10053"
],
"ports": [
{
"name": "dns",
"containerPort": 53,
"protocol": "UDP"
},
{
"name": "dns-tcp",
"containerPort": 53,
"protocol": "TCP"
}
],
"resources": {
"requests": {
"cpu": "150m",
"memory": "20Mi"
}
},
"volumeMounts": [
{
"name": "kube-dns-config",
"mountPath": "/etc/k8s/dns/dnsmasq-nanny"
}
],
"livenessProbe": {
"httpGet": {
"path": "/healthcheck/dnsmasq",
"port": 10054,
"scheme": "HTTP"
},
"initialDelaySeconds": 60,
"timeoutSeconds": 5,
"periodSeconds": 10,
"successThreshold": 1,
"failureThreshold": 5
},
"terminationMessagePath": "/dev/termination-log",
"imagePullPolicy": "IfNotPresent"
},
{
"name": "sidecar",
"image": "vvcelparti01:443/k8s-dns-sidecar-amd64:1.14.2",
"args": [
"--v=2",
"--logtostderr",
"--probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.cluster.local,5,A",
"--probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.cluster.local,5,A"
],
"ports": [
{
"name": "metrics",
"containerPort": 10054,
"protocol": "TCP"
}
],
"resources": {
"requests": {
"cpu": "10m",
"memory": "20Mi"
}
},
"livenessProbe": {
"httpGet": {
"path": "/metrics",
"port": 10054,
"scheme": "HTTP"
},
"initialDelaySeconds": 60,
"timeoutSeconds": 5,
"periodSeconds": 10,
"successThreshold": 1,
"failureThreshold": 5
},
"terminationMessagePath": "/dev/termination-log",
"imagePullPolicy": "IfNotPresent"
}
],
"restartPolicy": "Always",
"terminationGracePeriodSeconds": 30,
"dnsPolicy": "Default",
"serviceAccountName": "kube-dns",
"serviceAccount": "kube-dns",
"nodeName": "gopher01",
"securityContext": {}
},
"status": {
"phase": "Running",
"conditions": [
{
"type": "Initialized",
"status": "True",
"lastProbeTime": null,
"lastTransitionTime": "2017-06-27T09:52:45Z"
},
{
"type": "Ready",
"status": "True",
"lastProbeTime": null,
"lastTransitionTime": "2017-06-27T09:52:55Z"
},
{
"type": "PodScheduled",
"status": "True",
"lastProbeTime": null,
"lastTransitionTime": "2017-06-27T09:53:13Z"
}
],
"hostIP": "10.64.146.24",
"podIP": "172.30.18.4",
"startTime": "2017-06-27T09:52:45Z",
"containerStatuses": [
{
"name": "dnsmasq",
"state": {
"running": {
"startedAt": "2017-06-27T09:52:47Z"
}
},
"lastState": {},
"ready": true,
"restartCount": 0,
"image": "vvcelparti01:443/k8s-dns-dnsmasq-nanny-amd64:1.14.2",
"imageID": "docker-pullable://vvcelparti01:443/k8s-dns-dnsmasq-nanny-amd64#sha256:5a9dda0fdf5bf548eb6a63260c3f5e6f5cdc3d0917279e38a435c00967c6c57c",
"containerID": "docker://682fa7e0ffb28f26aee97a8ac7fe564096ece3ef3d7fe14fd9ed6857526d2d2f"
},
{
"name": "kubedns",
"state": {
"running": {
"startedAt": "2017-06-27T09:52:47Z"
}
},
"lastState": {},
"ready": true,
"restartCount": 0,
"image": "vvcelparti01:443/k8s-dns-kube-dns-amd64:1.14.2",
"imageID": "docker-pullable://vvcelparti01:443/k8s-dns-kube-dns-amd64#sha256:c78ed83587e42e7fc21f07756364c568c5c0fe10289f4f7f19d03a97f15b7a60",
"containerID": "docker://20b729004655a43efd384f8dded1f97d898a3b54092e190aba3d2031e72da056"
},
{
"name": "sidecar",
"state": {
"running": {
"startedAt": "2017-06-27T09:52:47Z"
}
},
"lastState": {},
"ready": true,
"restartCount": 0,
"image": "vvcelparti01:443/k8s-dns-sidecar-amd64:1.14.2",
"imageID": "docker-pullable://vvcelparti01:443/k8s-dns-sidecar-amd64#sha256:8d8c0e03e5f91ae85be7402ac88f804c52431dac32491c7a2557fd462fd2695b",
"containerID": "docker://bbaec6e9d0aa933daaee7c33b6d64d0f37f1a57213fabd2aa1c686c61a356f7f"
}
]
}
}
Here is my throubleshooting session:
$ kubectl get svc --namespace=kube-system
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns 10.254.0.253 <none> 53/UDP,53/TCP 24d
kubernetes-dashboard 10.254.170.86 <none> 80/TCP 29d
$ kubectl get ep kube-dns --namespace=kube-system
NAME ENDPOINTS AGE
kube-dns 172.30.18.4:53,172.30.18.4:53 24d

Related

Shopware6 API integrity constraints on nested entities

Tested on Shopware 6.3.5.1:
I'm trying to create a product via API together with its parent. That is necessary, because I can only iterate over variants in the other system.
As far as I can tell there's no conflict with the IDs or duplicates. Neither the product nor its parent already exist.
But when I do this:
POST https://somedomain.de/api/v3/_action/sync
Content-Type: application/json
Accept: application/json
Authorization: Bearer {{auth_token}}
{
"7508d64f832fb06b8f82f78963b280ab": {
"action": "upsert",
"entity": "product",
"payload": [
{
"id": "7508d64f832fb06b8f82f78963b280ab",
"__code": "1111111189",
"stock": 99,
"taxId": "d390c2f211144543845dbf76fa69d17a",
"cmsPageId": null,
"deliveryTimeId": null,
"manufacturerId": null,
"visibilities": [
{
"id": "e24f994426246015347bba784ac69a97",
"productId": "7508d64f832fb06b8f82f78963b280ab",
"salesChannelId": "8e7c11e2540b4c71b521d5a59920e142",
"visibility": 30
}
],
"unitId": null,
"price": [
{
"currencyId": "b7d2554b0ce847cd82f3ac9bd1c0dfca",
"net": 25,
"gross": 29.75,
"linked": true
}
],
"productNumber": "1111111189",
"coverId": null,
"translations": {
"ce1df85b5f1c4eedbc532cbd34c57df6": {
"name": "Converse black",
"description": "Converse black"
},
"2fbb5fe2e29a4d70aa5854ce7ce3e20b": {
"name": "Converse black",
"description": "Converse black"
}
},
"categories": [
{
"id": "e90cf50735a0d6f69b2dbf599caa4954"
},
{
"id": "a5b4753f41c8f4bedba1bf5954c961cb"
}
],
"properties": [
{
"id": "a01a0380ca3c61428c26a231f0e49a09"
}
],
"media": [
{
"id": "cb9a886400616c215a588b13cb7c662b",
"mediaId": "a7aabb5ff4dc3c99ba45724ec7477ffe"
}
],
"parent": {
"id": "7a788255eab96bf51002829b3a6becf2",
"__code": "1111111189",
"stock": 99,
"taxId": "d390c2f211144543845dbf76fa69d17a",
"cmsPageId": null,
"deliveryTimeId": null,
"manufacturerId": null,
"visibilities": [
{
"id": "8d5a7e2b2c02986a924eaf3d9504413c",
"productId": "7a788255eab96bf51002829b3a6becf2",
"salesChannelId": "8e7c11e2540b4c71b521d5a59920e142",
"visibility": 30
}
],
"unitId": null,
"price": [
{
"currencyId": "b7d2554b0ce847cd82f3ac9bd1c0dfca",
"net": 25,
"gross": 29.75,
"linked": true
}
],
"productNumber": "converseblack",
"coverId": null,
"translations": {
"ce1df85b5f1c4eedbc532cbd34c57df6": {
"name": "Converse black",
"description": "Converse black"
},
"2fbb5fe2e29a4d70aa5854ce7ce3e20b": {
"name": "Converse black",
"description": "Converse black"
}
},
"categories": [
{
"id": "e90cf50735a0d6f69b2dbf599caa4954"
},
{
"id": "a5b4753f41c8f4bedba1bf5954c961cb"
}
],
"properties": [
{
"id": "a01a0380ca3c61428c26a231f0e49a09"
}
],
"media": [
{
"id": "cb9a886400616c215a588b13cb7c662b",
"mediaId": "a7aabb5ff4dc3c99ba45724ec7477ffe"
}
],
"configuratorSettings": [
{
"optionId": "a01a0380ca3c61428c26a231f0e49a09",
"id": "db3787abb8d6372e1997c144031ef1e2"
}
]
},
"parentId": "7a788255eab96bf51002829b3a6becf2",
"options": [
{
"id": "a01a0380ca3c61428c26a231f0e49a09"
}
]
}
]
}
}
I get as a response that the integrity constraint productId X saleschannelId in visibilities gets violated:
{
"success": false,
"data": {
"7508d64f832fb06b8f82f78963b280ab": {
"result": [
{
"entities": [],
"errors": [
{
"code": "0",
"status": "500",
"title": "Internal Server Error",
"detail": "An exception occurred while executing 'INSERT INTO `product_visibility` (`id`, `product_id`, `product_version_id`, `sales_channel_id`, `visibility`, `created_at`) VALUES (?, ?, ?, ?, ?, ?)' with params [\"\\x8d\\x5a\\x7e\\x2b\\x2c\\x02\\x98\\x6a\\x92\\x4e\\xaf\\x3d\\x95\\x04\\x41\\x3c\", \"\\x7a\\x78\\x82\\x55\\xea\\xb9\\x6b\\xf5\\x10\\x02\\x82\\x9b\\x3a\\x6b\\xec\\xf2\", \"\\x0f\\xa9\\x1c\\xe3\\xe9\\x6a\\x4b\\xc2\\xbe\\x4b\\xd9\\xce\\x75\\x2c\\x34\\x25\", \"\\x8e\\x7c\\x11\\xe2\\x54\\x0b\\x4c\\x71\\xb5\\x21\\xd5\\xa5\\x99\\x20\\xe1\\x42\", 30, \"2021-02-22 11:36:18.099\"]:\n\nSQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry 'zx\\x82U\\xEA\\xB9k\\xF5\\x10\\x02\\x82\\x9B:k\\xEC\\xF2-\\x0F\\xA9\\x1C\\x...' for key 'uniq.product_id__sales_channel_id'"
}
]
}
],
"extensions": []
}
},
"extensions": []
}
I just figured out, that it's possible to extract the nested entities into separate actions (that works):
{
"7508d64f832fb06b8f82f78963b280ab": {
"action": "upsert",
"entity": "product",
"payload": [
{
"id": "7508d64f832fb06b8f82f78963b280ab",
"__code": "1111111189",
"stock": 99,
"taxId": "d390c2f211144543845dbf76fa69d17a",
"cmsPageId": null,
"deliveryTimeId": null,
"manufacturerId": null,
"unitId": null,
"price": [
{
"currencyId": "b7d2554b0ce847cd82f3ac9bd1c0dfca",
"net": 25,
"gross": 29.75,
"linked": true
}
],
"productNumber": "1111111189",
"coverId": null,
"translations": {
"ce1df85b5f1c4eedbc532cbd34c57df6": {
"name": "Converse black",
"description": "Converse black"
},
"2fbb5fe2e29a4d70aa5854ce7ce3e20b": {
"name": "Converse black",
"description": "Converse black"
}
},
"categories": [
{
"id": "e90cf50735a0d6f69b2dbf599caa4954"
},
{
"id": "a5b4753f41c8f4bedba1bf5954c961cb"
}
],
"properties": [
{
"id": "a01a0380ca3c61428c26a231f0e49a09"
}
],
"media": [
{
"id": "cb9a886400616c215a588b13cb7c662b",
"mediaId": "a7aabb5ff4dc3c99ba45724ec7477ffe"
}
],
"parent": {
"id": "7a788255eab96bf51002829b3a6becf2",
"__code": "1111111189",
"stock": 99,
"taxId": "d390c2f211144543845dbf76fa69d17a",
"cmsPageId": null,
"deliveryTimeId": null,
"manufacturerId": null,
"unitId": null,
"price": [
{
"currencyId": "b7d2554b0ce847cd82f3ac9bd1c0dfca",
"net": 25,
"gross": 29.75,
"linked": true
}
],
"productNumber": "converseblack",
"coverId": null,
"translations": {
"ce1df85b5f1c4eedbc532cbd34c57df6": {
"name": "Converse black",
"description": "Converse black"
},
"2fbb5fe2e29a4d70aa5854ce7ce3e20b": {
"name": "Converse black",
"description": "Converse black"
}
},
"categories": [
{
"id": "e90cf50735a0d6f69b2dbf599caa4954"
},
{
"id": "a5b4753f41c8f4bedba1bf5954c961cb"
}
],
"properties": [
{
"id": "a01a0380ca3c61428c26a231f0e49a09"
}
],
"media": [
{
"id": "cb9a886400616c215a588b13cb7c662b",
"mediaId": "a7aabb5ff4dc3c99ba45724ec7477ffe"
}
],
"configuratorSettings": [
{
"optionId": "a01a0380ca3c61428c26a231f0e49a09",
"id": "db3787abb8d6372e1997c144031ef1e2"
}
]
},
"parentId": "7a788255eab96bf51002829b3a6becf2",
"options": [
{
"id": "a01a0380ca3c61428c26a231f0e49a09"
}
]
}
]
},
"e24f994426246015347bba784ac69a97": {
"action": "upsert",
"entity": "product_visibility",
"payload": [
{
"id": "e24f994426246015347bba784ac69a97",
"productId": "7508d64f832fb06b8f82f78963b280ab",
"salesChannelId": "8e7c11e2540b4c71b521d5a59920e142",
"visibility": 30
}
]
},
"8d5a7e2b2c02986a924eaf3d9504413c": {
"action": "upsert",
"entity": "product_visibility",
"payload": [
{
"id": "8d5a7e2b2c02986a924eaf3d9504413c",
"productId": "7a788255eab96bf51002829b3a6becf2",
"salesChannelId": "8e7c11e2540b4c71b521d5a59920e142",
"visibility": 30
}
]
}
}

Hyperledger Fabric: Add new organization to existing channel using JsonPath

I want to add a new Organization to an existing Channel in Hyperledger Fabric.
First I obtain the channel configuration in JSON format using the following code snippet:
byte[] configBytes = channel.getChannelConfigurationBytes();
String configtxlator = props.getProperty("configtxlator");
HttpPost httppost = new HttpPost(configtxlator + "/protolator/decode/common.Config");
httppost.setEntity(new ByteArrayEntity(configBytes));
HttpClient httpclient = HttpClients.createDefault();
HttpResponse response = httpclient.execute(httppost);
int statuscode = response.getStatusLine().getStatusCode();
if (statuscode == 200) {
return EntityUtils.toString(response.getEntity());
} else {
return "";
}
The result is the following JSON string:
{
"channel_group": {
"groups": {
"Application": {
"groups": {
"Org1MSP": {
"groups": {},
"mod_policy": "Admins",
"policies": {
"Admins": {
"mod_policy": "Admins",
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "Org1MSP",
"role": "ADMIN"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
"version": "0"
},
"Readers": {
"mod_policy": "Admins",
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "Org1MSP",
"role": "ADMIN"
},
"principal_classification": "ROLE"
},
{
"principal": {
"msp_identifier": "Org1MSP",
"role": "PEER"
},
"principal_classification": "ROLE"
},
{
"principal": {
"msp_identifier": "Org1MSP",
"role": "CLIENT"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
},
{
"signed_by": 1
},
{
"signed_by": 2
}
]
}
},
"version": 0
}
},
"version": "0"
},
"Writers": {
"mod_policy": "Admins",
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "Org1MSP",
"role": "ADMIN"
},
"principal_classification": "ROLE"
},
{
"principal": {
"msp_identifier": "Org1MSP",
"role": "CLIENT"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
},
{
"signed_by": 1
}
]
}
},
"version": 0
}
},
"version": "0"
}
},
"values": {
"AnchorPeers": {
"mod_policy": "Admins",
"value": {
"anchor_peers": [
{
"host": "peer1.org1.isprint.com",
"port": 7051
},
{
"host": "peer2.org1.isprint.com",
"port": 7051
}
]
},
"version": "0"
},
"MSP": {
"mod_policy": "Admins",
"value": {
"config": {
"admins": [],
"crypto_config": {
"identity_identifier_hash_function": "SHA256",
"signature_hash_family": "SHA2"
},
"fabric_node_ous": {
"admin_ou_identifier": {
"certificate": "...",
"organizational_unit_identifier": "admin"
},
"client_ou_identifier": {
"certificate": "...",
"organizational_unit_identifier": "client"
},
"enable": true,
"orderer_ou_identifier": {
"certificate": "...",
"organizational_unit_identifier": "orderer"
},
"peer_ou_identifier": {
"certificate": "...",
"organizational_unit_identifier": "peer"
}
},
"intermediate_certs": [],
"name": "Org1MSP",
"organizational_unit_identifiers": [],
"revocation_list": [],
"root_certs": [
"..."
],
"signing_identity": null,
"tls_intermediate_certs": [],
"tls_root_certs": [
"..."
]
},
"type": 0
},
"version": "0"
}
},
"version": "1"
}
},
"mod_policy": "Admins",
"policies": {
"Admins": {
"mod_policy": "Admins",
"policy": {
"type": 3,
"value": {
"rule": "MAJORITY",
"sub_policy": "Admins"
}
},
"version": "0"
},
"Readers": {
"mod_policy": "Admins",
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Readers"
}
},
"version": "0"
},
"Writers": {
"mod_policy": "Admins",
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Writers"
}
},
"version": "0"
}
},
"values": {
"Capabilities": {
"mod_policy": "Admins",
"value": {
"capabilities": {
"V1_4_2": {}
}
},
"version": "0"
}
},
"version": "1"
},
"Orderer": {
"groups": {
"OrdererOrg": {
"groups": {},
"mod_policy": "Admins",
"policies": {
"Admins": {
"mod_policy": "Admins",
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "OrdererMSP",
"role": "ADMIN"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
"version": "0"
},
"Readers": {
"mod_policy": "Admins",
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "OrdererMSP",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
"version": "0"
},
"Writers": {
"mod_policy": "Admins",
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "OrdererMSP",
"role": "MEMBER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
"version": "0"
}
},
"values": {
"MSP": {
"mod_policy": "Admins",
"value": {
"config": {
"admins": [],
"crypto_config": {
"identity_identifier_hash_function": "SHA256",
"signature_hash_family": "SHA2"
},
"fabric_node_ous": {
"admin_ou_identifier": {
"certificate": "...",
"organizational_unit_identifier": "admin"
},
"client_ou_identifier": {
"certificate": "...",
"organizational_unit_identifier": "client"
},
"enable": true,
"orderer_ou_identifier": {
"certificate": "...",
"organizational_unit_identifier": "orderer"
},
"peer_ou_identifier": {
"certificate": "...",
"organizational_unit_identifier": "peer"
}
},
"intermediate_certs": [],
"name": "OrdererMSP",
"organizational_unit_identifiers": [],
"revocation_list": [],
"root_certs": [
"..."
],
"signing_identity": null,
"tls_intermediate_certs": [],
"tls_root_certs": [
"..."
]
},
"type": 0
},
"version": "0"
}
},
"version": "0"
}
},
"mod_policy": "Admins",
"policies": {
"Admins": {
"mod_policy": "Admins",
"policy": {
"type": 3,
"value": {
"rule": "MAJORITY",
"sub_policy": "Admins"
}
},
"version": "0"
},
"BlockValidation": {
"mod_policy": "Admins",
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Writers"
}
},
"version": "0"
},
"Readers": {
"mod_policy": "Admins",
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Readers"
}
},
"version": "0"
},
"Writers": {
"mod_policy": "Admins",
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Writers"
}
},
"version": "0"
}
},
"values": {
"BatchSize": {
"mod_policy": "Admins",
"value": {
"absolute_max_bytes": 103809024,
"max_message_count": 100,
"preferred_max_bytes": 524288
},
"version": "0"
},
"BatchTimeout": {
"mod_policy": "Admins",
"value": {
"timeout": "30s"
},
"version": "0"
},
"Capabilities": {
"mod_policy": "Admins",
"value": {
"capabilities": {
"V1_4_2": {}
}
},
"version": "0"
},
"ChannelRestrictions": {
"mod_policy": "Admins",
"value": null,
"version": "0"
},
"ConsensusType": {
"mod_policy": "Admins",
"value": {
"metadata": {
"consenters": [
{
"client_tls_cert": "...",
"host": "orderer1.isprint.com",
"port": 7050,
"server_tls_cert": "..."
},
{
"client_tls_cert": "...",
"host": "orderer2.isprint.com",
"port": 7050,
"server_tls_cert": "..."
},
{
"client_tls_cert": "...",
"host": "orderer3.isprint.com",
"port": 7050,
"server_tls_cert": "..."
}
],
"options": {
"election_tick": 10,
"heartbeat_tick": 1,
"max_inflight_blocks": 5,
"snapshot_interval_size": 20971520,
"tick_interval": "500ms"
}
},
"state": "STATE_NORMAL",
"type": "etcdraft"
},
"version": "0"
}
},
"version": "0"
}
},
"mod_policy": "Admins",
"policies": {
"Admins": {
"mod_policy": "Admins",
"policy": {
"type": 3,
"value": {
"rule": "MAJORITY",
"sub_policy": "Admins"
}
},
"version": "0"
},
"Readers": {
"mod_policy": "Admins",
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Readers"
}
},
"version": "0"
},
"Writers": {
"mod_policy": "Admins",
"policy": {
"type": 3,
"value": {
"rule": "ANY",
"sub_policy": "Writers"
}
},
"version": "0"
}
},
"values": {
"BlockDataHashingStructure": {
"mod_policy": "Admins",
"value": {
"width": 4294967295
},
"version": "0"
},
"Capabilities": {
"mod_policy": "Admins",
"value": {
"capabilities": {
"V1_4_3": {}
}
},
"version": "0"
},
"Consortium": {
"mod_policy": "Admins",
"value": {
"name": "SampleConsortium"
},
"version": "0"
},
"HashingAlgorithm": {
"mod_policy": "Admins",
"value": {
"name": "SHA256"
},
"version": "0"
},
"OrdererAddresses": {
"mod_policy": "/Channel/Orderer/Admins",
"value": {
"addresses": [
"orderer1.isprint.com:7050",
"orderer2.isprint.com:7050",
"orderer3.isprint.com:7050"
]
},
"version": "0"
}
},
"version": "0"
},
"sequence": "2"
}
I have written a code snippet using JsonPath:
DocumentContext context = JsonPath.parse(json);
String pathOrg1MSP = "$.channel_group.groups.Application.groups.Org1MSP";
Map<String,Object> mapOrg1MSP = context.read(pathOrg1MSP);
Map<String,Object> mapOrg2MSP = new LinkedHashMap<String,Object>();
mapOrg1MSP.forEach((k,v) -> {
mapOrg2MSP.put(k, v);
});
String pathOrg2MSP = "$.channel_group.groups.Application.groups";
context.put(pathOrg2MSP, "Org2MSP", mapOrg2MSP);
The intention is to create an exact clone first, then change whatever values need to be changed (peers, certs etc), and then splice it into the original Json.
Would this achieve what I intend to do?
What values would I need to change to prevent any possible conflicts with existing organizations?
Generate crypto materials for Org2
Generate Org2-specific configuration materials
Fetch the latest config block from orderer, trim it down and convert it to JSON (I believe u have done this step already)
Add Org2-specific configuration materials to the JSON
Convert original JSON and newly edited JSON to protobuf format
Compute difference between the new and original block (.pb files)
Convert it to JSON format and add back header
Convert it to protobuf format
Sign transaction by Org1
For the detailed commands, you can refer to this official documentation. https://hyperledger-fabric.readthedocs.io/en/release-1.4/channel_update_tutorial.html

Azure Application Gateway WAF_V2 failing ARM deployment

Getting error while deploying App gateway waf_v2 with more then one listener. For single listner it is working fine.
Error :
{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"BadRequest","message":"{\r\n "error": {\r\n "code": "ApplicationGatewayHttpListenersUsingSameFrontendPortAndFrontendIpConfig",\r\n "message": "Two Http Listeners of Application Gateway journal-listner and attachmentmgmt-listner are using the same Frontend Port /subscriptions/77585cb5-cc1b-47a6-b60d-4c1ec4b078fc/resourceGroups/drgr001appgatewaydevtest-au/providers/Microsoft.Network/applicationGateways/bo-appgw-waf-v2-entdev1/frontendPorts/frontendPorts and FrontendIpConfiguration /subscriptions/77585cb5-cc1b-47a6-b60d-4c1ec4b078fc/resourceGroups/drgr001appgatewaydevtest-au/providers/Microsoft.Network/applicationGateways/bo-appgw-waf-v2-entdev1/frontendIPConfigurations/PrivateFrontendIp.",\r\n "details": []\r\n }\r\n}"}]}
template code :
// Application Gateway
{
"name": "[parameters('applicationGatewayName')]",
"type": "Microsoft.Network/applicationGateways",
"apiVersion": "2020-03-01",
"location": "[parameters('location')]",
"zones": "[parameters('availabilityZones')]",
"properties": {
"sku": {
"name": "WAF_v2",
"tier": "WAF_v2",
"capacity": "[parameters('capacity')]"
},
"sslCertificates": [
{
"name": "[parameters('certName')]",
"properties": {
"data": "[parameters('certData')]",
"password": "[parameters('certPassword')]"
}
}
],
"gatewayIPConfigurations": [
{
"name": "gatewayIp",
"properties": {
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
],
"trustedRootCertificates": "[parameters('trustedRootCertificates')]",
"frontendIPConfigurations": [
{
"name": "PublicFrontendIp",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[parameters('publicIpResourceId')]"
}
}
},
{
"name": "PrivateFrontendIp",
"properties": {
"privateIPAddress": "[parameters('privateIPAddress')]",
"privateIPAllocationMethod": "Static",
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
],
"frontendPorts": [
{
"name": "frontendPorts",
"properties": {
"Port": 443
}
}
],
"backendAddressPools": "[parameters('backendAddressPools')]",
"probes": "[parameters('probes')]",
"copy": [
{
"name": "backendHttpSettingsCollection",
"count": "[length(parameters('backendHttpSettings'))]",
"input": {
"name": "[parameters('backendHttpSettings')[copyIndex('backendHttpSettingsCollection')].name]",
"properties": {
"port": 443,
"pickHostNameFromBackendAddress": true,
"protocol": "Https",
"probeEnabled": "[parameters('backendHttpSettings')[copyIndex('backendHttpSettingsCollection')].probeEnabled]",
"probe": {
"id": "[resourceId('Microsoft.Network/applicationGateways/probes', parameters('applicationGatewayName'), parameters('backendHttpSettings')[copyIndex('backendHttpSettingsCollection')].probe)]"
}
}
}
},
{
"name": "httpListeners",
"count": "[length(parameters('httpListeners'))]",
"input": {
"name": "[parameters('httpListeners')[copyIndex('httpListeners')].name]",
"properties": {
"protocol": "Https",
// Set hostname if it exists
"hostName": "[if(contains(parameters('httpListeners')[copyIndex('httpListeners')], 'hostName'), parameters('httpListeners')[copyIndex('httpListeners')].hostName, '')]",
"sslCertificate": {
"id": "[concat(variables('applicationGatewayId'), '/sslCertificates/',parameters('httpListeners')[copyIndex('httpListeners')].sslCertificateName)]"
},
"frontendIPConfiguration": {
"id": "[concat(variables('applicationGatewayId'), '/frontendIPConfigurations/PrivateFrontendIp')]"
},
"frontendPort": {
"id": "[concat(variables('applicationGatewayId'), '/frontendPorts/frontendPorts')]"
}
}
}
},
{
"name": "requestRoutingRules",
"count": "[length(parameters('requestRoutingRules'))]",
"input": {
"name": "[parameters('requestRoutingRules')[copyIndex('requestRoutingRules')].name]",
"properties": {
"ruleType": "Basic",
"backendAddressPool": {
"id": "[concat(variables('applicationGatewayId'), '/backendAddressPools/',parameters('requestRoutingRules')[copyIndex('requestRoutingRules')].backendpoolName)]"
},
"backendHttpSettings": {
"id": "[concat(variables('applicationGatewayId'), '/backendHttpSettingsCollection/',parameters('requestRoutingRules')[copyIndex('requestRoutingRules')].backendHttpSetting)]"
},
"httpListener": {
"id": "[concat(variables('applicationGatewayId'), '/httpListeners/',parameters('requestRoutingRules')[copyIndex('requestRoutingRules')].httpListener)]"
}
}
}
}
],
"redirectConfigurations": "[parameters('redirectConfigurations')]",
"enableHttp2": "[parameters('enableHttp2')]",
"webApplicationFirewallConfiguration": "[variables('webApplicationFirewallConfiguration')]",
"urlPathMaps": "[parameters('urlPathMaps')]",
"authenticationCertificates": "[parameters('authenticationCertificates')]",
"sslPolicy": {
"policyType": "Predefined",
"policyName": "AppGwSslPolicy20170401S"
},
"rewriteRuleSets": "[parameters('rewriteRuleSets')]"
}
}
Parameter used :
"backendHttpSettings": {
"value": [
{
"name": "https-attachment",
"probeEnabled": true,
"probe": "attachment-probe"
},
{
"name": "https-journal",
"probeEnabled": true,
"probe": "journal-probe"
}
]
},
"backendAddressPools": {
"value": [
{
"name": "AttachmentServicePool",
"properties": {
"backendAddresses": [
{
"fqdn": "attachmentmgmt-svc-api-dev-euw.aseentdev.sys.dom"
}
]
}
},
{
"name": "journalServicePool",
"properties": {
"backendAddresses": [
{
"fqdn": "journalmgmt-svc-api-dev-euw.aseentdev.sys.dom"
}
]
}
}
]
},
"availabilityZones": {
"value": [
1,
2
]
},
"probes": {
"value": [
{
"name": "attachment-probe",
"properties": {
"protocol": "Https",
"PickHostNameFromBackendHttpSettings": true,
"path": "/index.htm",
"interval": 5,
"timeout": 10,
"match": {
"statusCodes": [
200
],
"body": "SUCCESS"
}
}
},
{
"name": "journal-probe",
"properties": {
"protocol": "Https",
"PickHostNameFromBackendHttpSettings": true,
"path": "/index.htm",
"interval": 5,
"timeout": 10,
"match": {
"statusCodes": [
200
],
"body": "SUCCESS"
}
}
}
]
},
"httpListeners": {
"value": [
{
"name": "attachmentmgmt-listner",
"sslCertificateName": "abc"
},
{
"name": "journal-listner",
"sslCertificateName": "abc"
}
]
},
"urlPathMaps": {
"value": []
},
"requestRoutingRules": {
"value": [
{
"name": "attachment-routing-rule",
"backendpoolName": "AttachmentServicePool",
"backendHttpSetting": "https-attachment",
"httpListener": "attachmentmgmt-listner"
},
{
"name": "journal-routing-rule",
"backendpoolName": "journalServicePool",
"backendHttpSetting": "https-journal",
"httpListener": "journal-listner"
}
]
},
You can't create two basic listeners on the same port. Either use different ports or two different hostnames with Multi site listener.
change in parameter file with passing host name for httplistner worked fine.
"httpListeners": {
"value": [
{
"name": "listner1",
"sslCertificateName": "ABC",
"hostName": "wb.abc.dom"
},
{
"name": "listner2",
"sslCertificateName": "ABC",
"hostName": "wb1.abc.dom"
}
]
}

Passing all files in a folder via Terraform

I'm building a monitoring stack for our internal projects. I would like for them to be able to design their own monitoring dashboards to be used inside Grafana so I cannot predict what those will be called.
I created a folder called grafana_dashboard, where I will be instructing them to store their dashboard as JSON files and I want to pass all the contents of that folder to the Grafana instance.
I have tried a number of variations of this :
resource "grafana_dashboard" "dashboards" {
for_each = fileset(path.module, "grafana_dashboard/*.json")
config_json = "${each.key}"
depends_on = [aiven_service.grafana]
}
But keep getting this error:
Error: invalid character 'g' looking for beginning of value
on ../modules/monitoring/grafana.tf line 139, in resource "grafana_dashboard" "dashboards":
139: resource "grafana_dashboard" "dashboards" {
Can any of you see what I'm doing wrong?
Here's an example of one of the .json files i'm trying to pass:
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
},
{
"datasource": "Prometheus",
"enable": true,
"expr": "sum(changes(nginx_ingress_controller_config_last_reload_successful_timestamp_seconds{instance!=\"unknown\",controller_class=~\"$controller_class\",namespace=~\"$namespace\"}[30s])) by (controller_class)",
"hide": false,
"iconColor": "rgba(255, 96, 96, 1)",
"limit": 100,
"name": "Config Reloads",
"showIn": 0,
"step": "30s",
"tagKeys": "controller_class",
"tags": [],
"titleFormat": "Config Reloaded",
"type": "tags"
}
]
},
"description": "Ingress-nginx supports a rich collection of prometheus metrics. If you have prometheus and grafana installed on your cluster then prometheus will already be scraping this data due to the scrape annotation on the deployment.",
"editable": false,
"gnetId": 9614,
"graphTooltip": 0,
"id": 18,
"iteration": 1574177838584,
"links": [],
"panels": [
{
"columns": [
{
"text": "Current",
"value": "current"
}
],
"datasource": "Prometheus",
"fontSize": "100%",
"gridPos": {
"h": 15,
"w": 24,
"x": 0,
"y": 0
},
"height": "1024",
"id": 85,
"links": [],
"options": {},
"pageSize": 15,
"scroll": true,
"showHeader": true,
"sort": {
"col": 1,
"desc": false
},
"styles": [
{
"alias": "Time",
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"pattern": "Time",
"type": "date"
},
{
"alias": "TTL",
"colorMode": "cell",
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 0,
"pattern": "Current",
"thresholds": [
"0",
"691200"
],
"type": "number",
"unit": "s"
},
{
"alias": "",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"decimals": 2,
"pattern": "/.*/",
"thresholds": [],
"type": "number",
"unit": "short"
}
],
"targets": [
{
"expr": "avg(nginx_ingress_controller_ssl_expire_time_seconds{kubernetes_pod_name=~\"$controller\",namespace=~\"$namespace\",ingress=~\"$ingress\"}) by (host) - time()",
"format": "time_series",
"instant": false,
"intervalFactor": 1,
"legendFormat": "{{ host }}",
"metric": "gke_letsencrypt_cert_expiration",
"refId": "A",
"step": 1
}
],
"title": "Ingress Certificate Expiry",
"transform": "timeseries_aggregations",
"type": "table"
}
],
"refresh": "5s",
"schemaVersion": 19,
"style": "dark",
"tags": [
"nginx"
],
"templating": {
"list": [
{
"allValue": ".*",
"current": {
"text": "All",
"value": "$__all"
},
"datasource": "Prometheus",
"definition": "",
"hide": 0,
"includeAll": true,
"label": "Namespace",
"multi": false,
"name": "namespace",
"options": [],
"query": "label_values(nginx_ingress_controller_config_hash, controller_namespace)",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"sort": 0,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": ".*",
"current": {
"text": "All",
"value": "$__all"
},
"datasource": "Prometheus",
"definition": "",
"hide": 0,
"includeAll": true,
"label": "Controller Class",
"multi": false,
"name": "controller_class",
"options": [],
"query": "label_values(nginx_ingress_controller_config_hash{namespace=~\"$namespace\"}, controller_class) ",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"sort": 0,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": ".*",
"current": {
"text": "All",
"value": "$__all"
},
"datasource": "Prometheus",
"definition": "",
"hide": 0,
"includeAll": true,
"label": "Controller",
"multi": false,
"name": "controller",
"options": [],
"query": "label_values(nginx_ingress_controller_config_hash{namespace=~\"$namespace\",controller_class=~\"$controller_class\"}, controller_pod) ",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"sort": 0,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": ".*",
"current": {
"text": "All",
"value": "$__all"
},
"datasource": "Prometheus",
"definition": "",
"hide": 0,
"includeAll": true,
"label": "Ingress",
"multi": false,
"name": "ingress",
"options": [],
"query": "label_values(nginx_ingress_controller_requests{namespace=~\"$namespace\",controller_class=~\"$controller_class\",controller=~\"$controller\"}, ingress) ",
"refresh": 1,
"regex": "",
"skipUrlSync": false,
"sort": 2,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-5m",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"2m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "browser",
"title": "Cert-manager",
"uid": "nginx",
"version": 12
}
This works, so I know that I can do it, but doesn't suit my needs as I'd need to hardcode the name of each file:
resource "grafana_dashboard" "nginx_ingress_controller" {
config_json = templatefile("${path.module}/grafana_dashboard/nginx-ingress-controller.json", { DS_PROMETHEUS = local.prometheus_datasource_name })
depends_on = [aiven_service.grafana]
}
You need to actually use the file contents in your config_json parameter to the grafana_dashboard.
Switching your resource definition to the following should be enough:
resource "grafana_dashboard" "dashboards" {
for_each = fileset(path.module, "grafana_dashboard/*.json")
config_json = file("${path.module}/${each.key}")
depends_on = [aiven_service.grafana]
}

Unable to start a ubuntu container in openshift-origin

Am trying to bring up a ubuntu container in a POD in openshift. I have setup my local docker registry and have configured DNS accordingly. Starting the ubuntu container with just docker works fine without any issues. When I deploy the POD, I can see that my docker ubuntu image is pulled successfully, but doesnt succeed in starting the same. It fails with back-off pulling image error. Is this because my entry point does not have any background process running in side the container ?
"openshift.io/container.ubuntu.image.entrypoint": "[\"top\"]",
Snapshot of the events
Deployment-config :
{
"kind": "DeploymentConfig",
"apiVersion": "v1",
"metadata": {
"name": "ubuntu",
"namespace": "testproject",
"selfLink": "/oapi/v1/namespaces/testproject/deploymentconfigs/ubuntu",
"uid": "e7c7b9c6-4dbd-11e6-bd2b-0800277bbed5",
"resourceVersion": "4340",
"generation": 6,
"creationTimestamp": "2016-07-19T14:34:31Z",
"labels": {
"app": "ubuntu"
},
"annotations": {
"openshift.io/deployment.cancelled": "4",
"openshift.io/generated-by": "OpenShiftNewApp"
}
},
"spec": {
"strategy": {
"type": "Rolling",
"rollingParams": {
"updatePeriodSeconds": 1,
"intervalSeconds": 1,
"timeoutSeconds": 600,
"maxUnavailable": "25%",
"maxSurge": "25%"
},
"resources": {}
},
"triggers": [
{
"type": "ConfigChange"
},
{
"type": "ImageChange",
"imageChangeParams": {
"automatic": true,
"containerNames": [
"ubuntu"
],
"from": {
"kind": "ImageStreamTag",
"namespace": "testproject",
"name": "ubuntu:latest"
},
"lastTriggeredImage": "ns1.myregistry.com:5000/ubuntu#sha256:6d9a2a1bacdcb2bd65e36b8f1f557e89abf0f5f987ba68104bcfc76103a08b86"
}
}
],
"replicas": 1,
"test": false,
"selector": {
"app": "ubuntu",
"deploymentconfig": "ubuntu"
},
"template": {
"metadata": {
"creationTimestamp": null,
"labels": {
"app": "ubuntu",
"deploymentconfig": "ubuntu"
},
"annotations": {
"openshift.io/container.ubuntu.image.entrypoint": "[\"top\"]",
"openshift.io/generated-by": "OpenShiftNewApp"
}
},
"spec": {
"containers": [
{
"name": "ubuntu",
"image": "ns1.myregistry.com:5000/ubuntu#sha256:6d9a2a1bacdcb2bd65e36b8f1f557e89abf0f5f987ba68104bcfc76103a08b86",
"resources": {},
"terminationMessagePath": "/dev/termination-log",
"imagePullPolicy": "Always"
}
],
"restartPolicy": "Always",
"terminationGracePeriodSeconds": 30,
"dnsPolicy": "ClusterFirst",
"securityContext": {}
}
}
},
"status": {
"latestVersion": 5,
"details": {
"causes": [
{
"type": "ConfigChange"
}
]
},
"observedGeneration": 5
}
The problem was with the http proxy. After solving that image pull was successful

Resources