Alpha7 startup problem
by Van Dillon
Hi,
I'm running into a problem trying to start Alpha7 AIO on both Windows 7 and
Docker.
In Windows I set 'org.hawkular.data.dir' before trying to run. This worked
well in Alpha6. When I run I get a lot of WARN entries:
2015-11-19 17:01:16,780 WARN [com.datastax.driver.core.Connection]
(cluster4-nio-worker-0) Error closing channel:
io.netty.channel.ChannelException: java.net.SocketException: Socket is
closed
Then I get one or more of these FATAL entries:
2015-11-19 17:01:32,351 FATAL [org.hawkular.accounts.common.internal]
(EE-ManagedExecutorService-default-Thread-2) HAWKACC150005: Could not
connect to Cassandra after enough attempts. Giving up. Reason:
com.datastax.driver.core.exceptions.NoHostAvailableException: All host(s)
tried for query failed (tried: /127.0.0.1:9042
(com.datastax.driver.core.TransportException: [/127.0.0.1:9042] Cannot
connect))
Finally the server shuts down with:
2015-11-19 17:02:07,987 WARN [org.keycloak.events] (default task-3)
type=LOGIN_ERROR, realmId=hawkular-realm,
clientId=hawkular-accounts-backend, userId=null, ipAddress=127.0.0.1,
error=invalid_user_credentials, auth_method=openid-connect,
response_type=token, client_auth_method=client-secret, username=jdoe
2015-11-19 17:02:08,038 WARN [org.keycloak.events] (default task-6)
type=LOGIN_ERROR, realmId=hawkular-realm,
clientId=hawkular-accounts-backend, userId=null, ipAddress=127.0.0.1,
error=invalid_user_credentials, auth_method=openid-connect,
response_type=token, client_auth_method=client-secret, username=jdoe
2015-11-19 17:02:08,086 INFO [org.hawkular.nest.extension.log] (MSC
service thread 1-6) HAWKBUS130002: Nest service stopping
2015-11-19 17:02:08,100 INFO [org.hawkular.nest.extension.log] (MSC
service thread 1-6) HAWKBUS130003: Nest service stopped
2015-11-19 17:02:08,116 INFO [org.jboss.as.connector.deployment] (MSC
service thread 1-3) WFLYJCA0011: Unbound JCA AdminObject
[java:/topic/HawkularAccountsEvents]
2015-11-19 17:02:08,125 ERROR [org.jboss.as.controller] (Controller Boot
Thread) WFLYCTL0002: Error booting the container:
java.lang.RuntimeException: Cannot get tenant ID
at
org.hawkular.agent.monitor.service.MonitorService.buildRuntimeConfiguration(MonitorService.java:205)
at
org.hawkular.agent.monitor.service.MonitorService.startMonitorService(MonitorService.java:413)
at
org.hawkular.agent.monitor.service.MonitorService$1.propertyChange(MonitorService.java:391)
at java.beans.PropertyChangeSupport.fire(PropertyChangeSupport.java:335)
at
java.beans.PropertyChangeSupport.firePropertyChange(PropertyChangeSupport.java:327)
at
java.beans.PropertyChangeSupport.firePropertyChange(PropertyChangeSupport.java:263)
at
org.jboss.as.controller.ControlledProcessStateService.stateChanged(ControlledProcessStateService.java:114)
at
org.jboss.as.controller.ControlledProcessState.setRunning(ControlledProcessState.java:115)
at
org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:277)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.Exception: status-code=[401], reason=[Unauthorized],
url=[http://127.0.0.1:8080/hawkular/accounts/personas/current]
at
org.hawkular.agent.monitor.service.MonitorService.buildRuntimeConfiguration(MonitorService.java:189)
... 9 more
In Docker the log has the same FATAL and ERROR entries but does not have
the WARN entries.
Any help would be much appreciated.
Thanks,
Van
9 years
securing download WAR
by John Mazzitelli
Today we have a simple WAR [1] that lets you download the agent .zip and the agent installer:
1. Download the agent distro: http://localhost:8080/hawkular/wildfly-agent/download
2. Download the installer: http://localhost:8080/hawkular/wildfly-agent/download?installer=true
That second one you can submit a FORM POST with some additional installer config settings. In fact, that /download URL points to a single servlet - its just if you POST with "installer=true" (or pass it in as a GET query string) you'll get the installer instead. We could change this if need by (say "/download" for the agent distro, and "/installer" for the installer).
The question I have is - what do I need to do to get that second one "secured" with an Accounts login?
We want to keep the "/download" URL such that it doesn't require a user/pass just to serve the agent distro zip (that is just the same one you build via mvn - there is nothing that needs to be secured here - plus, the installer needs to download it later and we don't want to have the installer log in just to download the zip).
But that second one, we are going to need the Accounts credentials because the installer will need to do things like create an offline token for the user so it can be put in the installer config - or be able to ask Accounts for the offline token for that user.
Before anything like that can be done, I think we need to put accounts in front of that WAR [1] . What needs to be done here for that?
[1] https://github.com/hawkular/hawkular/tree/master/modules/hawkular-wildfly...
9 years
Cassandra and DataStax driver versions
by John Sanda
There is a PR[1] open for hawkular-parent that upgrades Cassandra from 2.2.0 to 2.2.2 and the driver from 2.2.0-rc2 to 2.2.0-rc3, so now is a good time to discuss this. Earlier this week, Cassandra 3.0 was released[2]. There are some substantial changes including a rewrite of the storage engine to be better optimized for CQL, materialized views, and range deletes to name a few. The driver repo has been maintaining separate branches for each Cassandra branch which has been causing a lot of maintenance overhead. It was announced earlier today on the driver mailing list that the 2.2 branch, which we are currently using, has been merged into the 3.0 branch[3]. There will be no further development on the 2.2 branch. The driver is designed to be backwards compatible such that newer versions of the driver can be used with older versions of Cassandra. This means we could upgrade the driver without upgrading Cassandra; however, I think it makes sense to upgrade Cassandra as well.
Are there any questions, comments, concerns, objections, etc.?
[1] https://github.com/hawkular/hawkular-parent-pom/pull/55 <https://github.com/hawkular/hawkular-parent-pom/pull/55>
[2] http://www.mail-archive.com/user@cassandra.apache.org/msg44740.html <http://www.mail-archive.com/user@cassandra.apache.org/msg44740.html>
[3] https://groups.google.com/a/lists.datastax.com/forum/#!topic/java-driver-... <https://groups.google.com/a/lists.datastax.com/forum/#!topic/java-driver-...>
9 years
Standalone Metrics+Alerts
by John Sanda
Over the past couple weeks I have been working on a standalone deployment of Metrics and Alerts. The work is being tracked under HWKMETRICS-311. One of the changes I made was to introduce a new maven module in the hawkular-metrics project that builds and assembles a WildFly 10 distro which includes Metrics and Alerts. Should this new module and other integration modules live in the main hawkular repo instead of the component repo?
- John
9 years
more agent installer enhancements
by John Mazzitelli
Just a couple things to mention:
1) you can ask the server to give you an agent installer with the passwords encrypted. If you pass in "encryption-key" when you ask for the installer the passwords in the installer config file will be encrypted (weakly, but still encrypted - its more than obfuscation) so you can pass around the installer jar without having the passwords inside it in clear text. You have to remember to pass that same encryption key to the installer when you install (using --encryption-key cmdline option)
2) The installer will default its wildfly-home to the current working directory if you don't give it one. That way, you can copy the installer jar right to a wildfly home location, run "java -jar installar.jar" without specifying --wildfly-home and it will use the wildfly home it is living in.
9 years
Hawkular goodies / swag
by Thomas Heute
I'd like to open the discussion to *anyone* on something light: Hawkular
Goodies ;)
I would like to get some goodies to give away at conferences, for
contributors...
I would like to have something that is not going to the trash right away,
something you would want to have (and doesn't cost a fortune ;)).
I am personally not fond of T-shirts as we usually get many at conferences
unless the design is really fun/original.
So please make your proposals and then we can vote, we may end with 2
results, cheaper to spread more/slightly more expensive for special
occasions.
Maybe you saw/received something fun/useful in the past.
Example of something original:
Atlassian socks:
https://twitter.com/tgrall/status/664728176266997760?utm_source=fb&utm_me...
Don't be shy :)
If we go to the end with your idea, you would definitely get the first item
;)
9 years
you can now download a wildfly agent installer from kettle
by John Mazzitelli
Jirka put together a small UI and enhanced the download servlet, which I then went in and enhanced further, so you can now get a wildfly agent installer.
Here's quickly how it should work:
1) Go to the UI and fill in the fields, submit it, and you should be able to save the installer jar you get back
1b) alternatively, you can download it from the command line like this:
wget --content-disposition 'http://localhost:8080/wildfly-agent/download?installer=true
at this point, you have something like "hawkular-wildfly-agent-installer-0.13.1.Final.jar" on your file system.
2) Run the installer jar, pointing it to the wildfly you want to install it to:
java -jar hawkular-wildfly-agent-installer-0.13.1.Final.jar --wildfly-home=/path/to/your/wildfly/home
This installs the agent to your wildfly server.
That should be it. Run your wildfly and you've got it monitored by the agent.
Now, of course, there are lots of ways you can customize the agent installation. The above just gets you the default agent with jdoe/password credentials assuming http://localhost:8080 is accessible when you install.
Whatever properties that are accepted in the installer .properties file (which are also the same cmdline options to the installer) you can pass to the download URL so they can be preset for you in the installer's default configuration. So, for example, if you want all of your agents to talk to "http://your-hawk-server:8080", you can do this to get an installer that will install an agent talking to that server:
wget --content-disposition 'http://localhost:8080/wildfly-agent/download?installer=true&hawkular-serv...'
There are other properties you can pass in if you want to further customize the installer and the agent it installs. Just look at this for all that are available:
https://github.com/hawkular/hawkular-agent/blob/master/hawkular-wildfly-a...
In the future, we want to have the installer that you download preconfigured (if you want) for the credentials of the user who requested the download, and preconfigured for the server that you downloaded the installer from (right now, it defaults to "http://localhost:8080" which is not optimal). But, again, you can customize this now via installer cmdline options if you want:
java -jar hawkular-wildfly-agent-installer-0.13.1.Final.jar \
--wildfly-home=/path/to/your/wildfly/home \
--hawkular-server-url=http://your-server:8080 \
--hawkular-security-key=your-offline-token-key \
--hawkular-security-secret=your-offline-token-secret \
--subsystem-snippet=/path/to/my/custom/agent-subsystem.xml
That latter one (subsystem-snippet) is a powerful way you can further configure the agent by giving a full .xml of the agent subsystem (so you can do things like define what resource-type-dmr definitions you want, what metrics you want enabled or disabled, etc, etc.)
9 years
hawkular wildfly agent installer enhancements
by John Mazzitelli
I'm going to see if I can tweek this server-side installer builder servlet some more to accept FORM POST rather than GET.
I don't like the idea that we have to put passwords and things in a query string on a URL since web servers usually log URLs in their log files (and thus we'd have sensitive passwords being logged in some log file out on the file system).
I'm also going to look into an optional parameter you can pass in to encode the passwords using a given random-key or something. You would then pass that in to the installer to "decode" the passwords that the installer then uses.
For example:
http://localhost:8080/hawkular/wildfly-agent/download?installer=true&encr...
I'll then do something to encrypt the passwords (not just the hawkular password and secret key but also the key/keystore password if one is provided) before writing them to the installer .properties file. When you run the installer, you have to provide that encryptionSeed to the installer somehow (either pass it in as a cmdline option or have the installer ask on stdin).
This encryptionSeed isn't as sensitive as the passwords, since its used one time only during installation. So even if that is logged or captured in the bash history, its not that much of a problem - you can delete the installer jar and download another installer with a different encryptionSeed to render the original encrypionSeed useless.
Before I do this encryptionSeed thing - what are your thoughts on that? Any other better ideas?
9 years
