wildfly-swarm Delay traffic from HAproxy
In the case a service is deployed into production where the traffic is already ongoing, the enable of service is done to quick, before the micro service is ready to take full traffic. HAProxy however see the service and direct traffic as soon as it is registered, but this can use the service to go down due to burst of traffic directly.
Is there a way to delay the registration, or increase the amount of traffic in a more dynamically way without need to manually modify HAProxy with max connections? Could this be configured in the service ?
See also questions close to this topic
Spring boot Eureka in docker swarm registering wrong internal docker ip's
Docker nodes are registering with inter ip's in springboot-eureka My conf is as follows 1. Spring-boot eureka deployed to swarm (1 node) 2. Created spring-boot client containers (2nodes) and registering with eureka
The above containers are deployed as separate deployments, and the client conf is as follows
eureka: instance: prefer-ip-address: true client: registerWithEureka: true fetchRegistry: true serviceUrl: defaultZone: http://eureka-server-address/eureka/ healthcheck: enabled: true Spring: cloud: inetutils: ignored-interfaces: - eth0 - eth1 - eth2 - eth3 - lo
the ip's come as 184.108.40.206 instead of real-external ip's. and docker containers fail to connect each other with the real ip's.
Intermittent DNS issues while pulling docker image from ECR repository
Has anyone facing this issue with docker pull. we recently upgraded docker to 18.03.1-ce from then we are seeing the issue. Although we are not exactly sure if this is related to docker, but just want to know if anyone faced this problem.
We have done some troubleshooting using tcp dump the DNS queries being made were under the permissible limit of 1024 packet. which is a limit on EC2, We also tried working around the issue by modifying the /etc/resolv.conf file to use a higher retry \ timeout value, but that didn't seem to help.
we did a packet capture line by line and found something. we found some responses to be negative. If you use Wireshark, you can use 'udp.stream eq 12' as a filter to view one of the negative answers. we can see the resolver sending an answer "No such name". All these requests that get a negative response use the following name in the request:
Would anyone of you happen to know why ec2.internal is being adding to the end of the DNS? If run a dig against this name it fails. So it appears that a wrong name is being sent to the server which responds with 'no such host'. Is docker is sending a wrong dns name for resolution.
We see this issue happening intermittently. looking forward for help. Thanks in advance.
5.0.25_61: Pulling from rrg Digest: sha256:50bbce4af6749e9a976f0533c3b50a0badb54855b73d8a3743473f1487fd223e Status: Downloaded newer image forXXXXXXXX.dkr.ecr.us-east-1.amazonaws.com/rrg:5.0.25_61
docker-compose up -d rrg-node-1 Creating rrg-node-1 ERROR: for rrg-node-1 Cannot create container for service rrg-node-1: Error response from daemon: Get https:/XXXXXXXX.dkr.ecr.us-east-1.amazonaws.com/v2/: dial tcp: lookup XXXXXXXX.dkr.ecr.us-east-1.amazonaws.com on 10.5.0.2:53: no such host
Steps to reproduce the issue
docker pull XXXXXXXX.dkr.ecr.us-east-1.amazonaws.com/rrg:5.0.25_61
Output of docker version:
(Docker version 18.03.1-ce, build 3dfb8343b139d6342acfd9975d7f1068b5b1c3d3) Output of docker info:
([ec2-user@ip-10-5-3-45 ~]$ docker info Containers: 37 Running: 36 Paused: 0 Stopped: 1 Images: 60 Server Version: swarm/1.2.5 Role: replica Primary: 10.5.4.172:3375 Strategy: spread Filters: health, port, containerslots, dependency, affinity, constraint Nodes: 12 Plugins: Volume: Network: Log: Swarm: NodeID: Is Manager: false Node Address: Kernel Version: 4.14.51-60.38.amzn1.x86_64 Operating System: linux Architecture: amd64 CPUs: 22 Total Memory: 80.85GiB Name: mgr1 Docker Root Dir: Debug Mode (client): false Debug Mode (server): false Experimental: false Live Restore Enabled: false WARNING: No kernel memory limit support)
Docker-Compose/Stack doesn't utilise Notary
Im currently doing a feasibility research on notary for a project, Notary seems to be working for basic docker pull and docker push.
Although when we try to run images using docker-compose and stack they are pulled straight from the registry without contacting the notary.
Has anyone dealt with this issue before or know how to get docker-compose and docker stack to use the notary.
Setup max-threads parameter to the Thorntail JBeret fraction
I use JBeret Thorntail Fraction (thorntail version - 2.0.0.Final):
What is the proper way to define max-threads number?
When I set up yaml configuration:
swarm: batch: thread-pools: default: max-threads: 20
Max thread count remains 10 (default value).
Should in this case I define my own thread pool and how to do this?
It seems that any batch fractions properties I defined are ignored and set to default values. I tried, for example:
datasources: data-sources: h2: driver-name: h2 connection-url: jdbc:h2:./target/jberet-repo user-name: sa password: sa batch: default-job-repository: h2 jdbc-job-repositories: h2: data-source: h2 thread-pools: batch: max-threads: 20
Get access to yaml external file in Thorntail
I want to get access to external YAML file which I specify through command-line argument:
java -jar target/app-thorntail.jar -s./test.yaml
This file I need to use to get my custom properties tree by SnakeYaml.
JAAS Authentication in WildFly Swarm
I'm developing a small website using angular frontend and JAX-RS REST services for the backend. I would like to secure all pages and REST services such that only authenticated users can access the pages and REST services. I'm using WildFly Swarm as my application server and would like to store users and roles in a custom (MySQL) database. I've only ever worked with JSF and WebSphere application server before, and I've used Windows Active Directory for authentication, so I'm lost here and I didn't find any relevant tutorials or articles on what I should do.
Here's what I did so far
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd" > <web-app> <display-name>My Web App</display-name> <security-constraint> <web-resource-collection> <web-resource-name>Admin Resource</web-resource-name> <url-pattern>/administration/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>User Resource</web-resource-name> <url-pattern>/pages/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>user</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>../login.html</form-login-page> <form-error-page>../login-failed.html</form-error-page> </form-login-config> </login-config> <security-role> <role-name>admin</role-name> </security-role> <security-role> <role-name>user</role-name> </security-role> </web-app>
swarm: context: path: /my-app datasources: data-sources: authentication-db: driver-name: mysql connection-url: jdbc:mysql://mysql-host:3306/AUTHDB user-name: root password: P@ssw0rd
I have 2 questions:
- How do I specify the database and table as the source for users and roles?
How do I implement the actual login process? I have created a LoginServlet that is called when the login.html page is submitted, and tried the line below but it didn't work
response.sendRedirect("j_security_check?j_username=" + username + "&j_password=" + password);
Any help would be greatly appreciated!