Is it possible to run and access a mesos master on a machine that is placed behind a proxy?
I have successfully succeeded to deployed a MesosMaster/Marathon/MesosSalve on my local infrastructure.
The problem arises when I want to put the MesosSlave somewhere in the internet, so that MesosSlave and MesosMaster shall communicate through public IPs
My conf is the following:
Internet My Infra
.----------------------. .-----------------. .-----------------. .-------------------------------------------------.
| Mesos Slave VM | | Front Machine | | Proxy | | Tool-VM |
| 178.22.17.248 | | 39.224.147.94 | | 10.2.0.57 | | 10.1.10.176 |
|----------------------| | my.domain.com | |-----------------| | 192.168.5.1 (docker bridge) |
| | |-----------------| | | |-------------------------------------------------|
| | | | | | | |
| __________ | | __________ | | __________ | | .-----------------------------. |
| [_...__..5051.°]| |[_..5050.__...°] |<---|[_..5050.__...°] |<------------^| | Mesos-Master Container | |
| | | | | | \ __________ | 192.168.5.4 (docker bridge) | |
| | | __________ | | __________ | |[_..5050.__...°]^|-----------------------------| |
| | |[_..2181.__...°] |<---|[_..2181.__...°] |<------------^| \ __________ | |
| | | | | | \ __________ |[_..5050.__...°] | |
| | | | | | |[_..2181.__...°]^| __________ | |
| | | | | | | \[_..2181.__...°] | |
| | | | | | | '-----------------------------' |
'----------------------' '-----------------' '-----------------' '-------------------------------------------------'
However:
My domain infra redirect everthing that arrives from outside on ports 5050 (for Mesos) and port 2181 (zookeeper) ONLY for requests that are addressed to the domain 'my.domain.com' (which is a virtualhost of 39.224.147.94). But not for the other requests (that are arriving on 39.224.147.94).
So I try to execute the service through CLI for the moment:
Execute Mesos Master(in Mesos Master Container)
/usr/sbin/mesos-master --ip=192.168.5.4 --work_dir=~/Mesos/mesos-0.23.0/workdir/ --zk=zk://192.168.5.4:2181/mesos --quorum=1 --log_dir=/var/log/mesos --external_log_file=/dev/stdout
Execute Marathon (in Mesos Master Container)
/usr/bin/marathon --zk zk://192.168.5.4:2181/marathon --master zk://my.domain.com:2181/mesos
Execute Mesos Slave (in Mesos Slave VM)
/usr/sbin/mesos-slave --master=my.domain.com:5050 --work_dir=/var/lib/mesos/agent --port=8009 --containerizers=docker --executor_registration_timeout=3mins --log_dir=/var/log/mesos
The Mesos Master can see the Slave resources.
However, when I send a Job through Marathon, this job stay in a waiting state.
It seems that the slave is not able to communicate on the hostname of the Master, but only using it's public IP:
I have this in the Slave logs:
New master detected at master#39.224.147.94:5050
However incoming traffic on 39.224.147.94:5050 is blocked by my infra (only my.domain.com:5050 is accepted)
So, is it possible to create a connection between Master and Slaves, using domain names, but not IPs?
It's a bit confusing to bee honest. What I don't understand is that you seem to use the 192.168.5.4 ip for the Master process, but it's nowhere to be found in your diagram. I'd expect to use 39.224.147.94 instead.
Furthermore, I'd recommend to use the ip addresses instead of hostname in all connection strings, you're using a mixture...
Additionally, you can try to set the LIBPROCESS_IP environment variable to the respective ip addresses for the agent and Marathon processes.
Another question would be why you use such an old version of Mesos... Mesos 1.1.0 is out already!
Related
I am looking for the powershell scripts/commands to get the details of below points
| Key | OutPut |
| ------------------------------ | ---------------- |
| Seurity [FIPS Alogithm Policy] | Enabled/Disabled |
| Is Client SSL 2.0 Enabled? | Enabled/Disabled |
| Is Server SSL 2.0 Enabled? | Enabled/Disabled |
| Is Client SSL 3.0 Enabled? | Enabled/Disabled |
| Is Server SSL 3.0 Enabled? | Enabled/Disabled |
| Is Client TLS 1.1 Enabled? | Enabled/Disabled |
| Is Server TLS 1.1 Enabled? | Enabled/Disabled |
| Is Client TLS 1.2 Enabled? | Enabled/Disabled |
| Is Server TLS 1.2 Enabled? | Enabled/Disabled |
I have tried the below code but getting different different errors.
$Socket = New-Object System.Net.Sockets.Socket([System.Net.Sockets.SocketType]::Stream, [System.Net.Sockets.ProtocolType]::Tcp)
$Socket.Connect($ComputerName, $Port)
$NetStream = New-Object System.Net.Sockets.NetworkStream($Socket, $true)
$SslStream = New-Object System.Net.Security.SslStream($NetStream, $true)
$SslStream.AuthenticateAsClient($ComputerName, $null, $ProtocolName, $false)
I have Sql Server 2014 installed with the latest updates.
I am looking for the Correct Powershell scripts to get the details for the FIPS Algorithm status and the status of protocol (SSL and TLS) for client/server.
I tried the above code but its not working.
Is it possible to manually map all users when switching the Azure Active Directory connection for Azure DevOps?
The directory that we're switching to has guest accounts for the source UPN set up for 95% of the users in ADO, so they're automatically mapped. Rather than that happening, we'd like to map each source user to their new UPN in the destination domain.
What's happening
| Source UPN | Source Type | | Destination UPN | Destination Type |
| ---------- | ----------- | ---- | --------------- | ---------------- |
| user#a.com | Member | \ | user#b.com | Member |
| | | -> | user#a.com | Guest |
What we want to happen
| Source UPN | Source Type | | Destination UPN | Destination Type |
| ---------- | ----------- | ---- | --------------- | ---------------- |
| user#a.com | Member | ---> | user#b.com | Member |
| | | | user#a.com | Guest |
Is it possible to manually map all users when switching the Azure Active Directory connection for Azure DevOps?
I am afraid there is no such way to manually map all users when switching the AAD connection for Azure DevOps. Automatically map behavior is by designed, in order to provide us with convenience when switching AAD.
If we want to manually map the users, we need to delete those users from target AAD before switching AAD. In this case, when we switch AAD, Azure Devops says "X member(s) of the xxx organization can't sign in because they're not in the XX AAD. Delete any unwanted users in Organization settings, and then Resolve for remaining members.". Hit the resolve button a page shows up with the Users, then we can match them manually.
In my Windows Firewall, I've created certain rules that give me more control over my PC. But my rules have become somewhat useless since Windows and other apps are kept adding rules that I don't want.
I've tried to prevent this from happening, but the only way I've found is to use a third-party tool like Tinywall, which isn't exactly what I'm looking for.
So, to fix this, I want to create a PowerShell script that will disable and rename all rules that are not added by me. This way, I can manage them easily.
Rules that are added by me can be easily recognized because all of them start with certain words.
In this case, let's assume it starts with either 'Sample XYZ' or 'Sample ABC'.
Sample XYZ - Windows Update
Sample ABC - MPC-HC
Sample ABC - Firefox
Sample XYZ - Windows News
So far, this is what I have done.
In this part, the script will filter all the rules that I have created and then it'll disable & block all other rules.
To my surprise, this is working as expected.
# This will get all firewall rules
$NR = Get-NetFirewallRule
# This will exclude all the rules added by the user
$NR = $NR | Where-Object DisplayName -NotMatch "Sample ABC"
$NR = $NR | Where-Object DisplayName -NotMatch "Sample XYZ"
# Disable all other rules that are not added by the user
$NR | Set-NetFirewallRule -Enabled False
# Set rules' action to block
$NR | Set-NetFirewallRule -Action Block
These are the parts that don't work.
Task: Add a custom word to the beginning of the rules' display name
Example: If a rule name is 'Microsoft Photos', then it'll be renamed to 'IDWTFR - Microsoft Photos'.
# Add a custom word to the beginning of the rules' display name
# Custom word = 'IDWTFR - '
# Attempt 01: Fail
$NR | Set-NetFirewallRule -DisplayName "IDWTFR - " + $NR.DisplayName
# Attempt 02: Fail
$NR = $NR | ForEach-Object -MemberName DisplayName "IDWTFR - " + $NR.DisplayName | Set-NetFirewallRule
Task: Add unwanted rules to a group named 'Junk Rules'.
# Add to a group
# Attempt 01: Fail
$NR | Set-NetFirewallRule -DisplayGroup "Junk Rules"
To clarify it a bit more, this is the summary of what I am trying to do.
+-----------------------------+---------------------------+----------------+----------------+----------------+-------------+
| Rule Name | New Rule Name | Group | Action | Status | Created by |
+-----------------------------+---------------------------+----------------+----------------+----------------+-------------+
| Sample XYZ - Windows Update | Same as before | Same as before | Same as before | Same as before | User |
| Sample ABC - MPC-HC | Same as before | Same as before | Same as before | Same as before | User |
| Sample ABC - Firefox | Same as before | Same as before | Same as before | Same as before | User |
| Sample XYZ - Windows News | Same as before | Same as before | Same as before | Same as before | User |
| Microsoft Photos | IDWTFR - Microsoft Photos | Junk Rules | Block | Disable | Not by user |
| App Installer | IDWTFR - App Installer | Junk Rules | Block | Disable | Not by user |
| Feedback Hub | IDWTFR - Feedback Hub | Junk Rules | Block | Disable | Not by user |
| Microsoft Edge | IDWTFR - Microsoft Edge | Junk Rules | Block | Disable | Not by user |
+-----------------------------+---------------------------+----------------+----------------+----------------+-------------+
I'm new to PowerShell, so any help will be appreciated. Thanks.
Since this is your special use case, it's going to a challenge for one to validate without setting up an environment as close as possible to what you show here. I am in no position to do that.
Yet, looking at what you say you have done, here is a refactor option to try. Refactor a bit (again, not tested)
# Get all firewall rule name, and filter out the named rules
Get-NetFirewallRule |
Where-Object -Property Name -notlike 'Sample ABC|Sample XYZ' |
ForEach {
# Disable all other rules that are not added by the user
Set-NetFirewallRule -Name $PSItem.DisplayGroup -Enabled False
# Set rules' action to block
$PSItem.DisplayName |
Set-NetFirewallRule -Action Block
# Rename firewall rule
If ($PSItem.DisplayName -like '*Microsoft*')
{Rename-NetFirewallRule -Name $PSItem.DisplayName -NewName "IDWTFR-$($PSitem.DisplayName)"}
# Create new firewall group
$PSItem.Group = 'JunkRules' |
Set-NetFirewallRule -NewDisplayName $PSItem.DisplayName
}
As an example, say I have a program named Abc containing one class named Xyz. The code is located in a Git repository containing a single Eclipse project. I've adopted the Maven source directory layout. Before Java 9 the project structure might have looked like this (simplified):
Abc.git
|
+---.git
|
+---Abc
|
+---.settings
|
+---.project
|
+---.classpath
|
+---src
|
+---main
| |
| +---java (source folder)
| |
| +---com
| |
| +---abc
| |
| +---Xyz.java
+---test
|
+---java (source folder)
|
+---com
|
+---abc
|
+---XyzTest.java
The JUnit tests were typically in the same packages as the production code, but in a different source folder. But now the production code is in a module. A package being tested can't be split into separate modules. Furthermore, some classes under test may reside in packages not exported by their module.
What is the correct practice in terms of code organization to address these issues?
This question is not about Maven. What I meant was: Is this the recommended way to do it?
Abc.git
|
+---.git
|
+---Abc
|
+---.settings
|
+---.project
|
+---.classpath
|
+---src
|
+---main
| |
| +---java
| |
| +---com.abc (source folder?)
| |
| +---module-info.java (exports com.abc)
| |
| +---com
| |
| +---abc
| |
| +---Xyz.java
+---test
|
+---java
|
What goes here?
I'm using Eclipse Luna on multiple monitors setup as one single desktop. I resize the Eclipse window to fill the primary monitor (in the center, secondary on the right). When I type Ctrl-E to get the "Quick Switch Editor", the dialog spans over the gap between the monitors and shows up on both (1/2 on each monitor). That is really annoying, but I can't see how to move the dialog position.
How can the dialog position be changed? I don't see any handles on the dialog.
A screenshot doesn't really show the problem, it looks OK there. However, some ascii art may help to show what is really happening:
+-----------------------------+ +-----------------------------+
| +-------------------------+ | | |
| | +---| | |--+ |
| | | | | | | <- popup dialog spans |
| | +---| | |--+ both monitors |
| | | | | |
| | | | | |
| | Eclipse window | | | |
| +-------------------------+ | | |
| Primary monitor | | Secondary monitor |
+-----------------------------+ +-----------------------------+
This is on Red Hat Enterprise Linux 5, with Nvidia "TwinView".
The Quick Switch Editor popup (invoked with Ctrl+E) isn't movable or resizable. What you're seeing doesn't happen on Windows, so it's likely a platform-specific bug.
As an alternative, you can use the Swtich to Editor dialog (invoked with Ctrl+Shift+E).