I followed the docs in order to get access to my ELK Service:
cf login
And selecting appropriate org and space
cf create-service-key <service-instance-name> mykey
And then
cf service-key <service-instance-name> mykey
All of which works so far. However, accessing the kibana URL fails
cf service-connector 9000 http://xmnlzu2mkmsn05ll.service.consul:56063
with the following error
FAILED
Value for remote host and remote port is not valid.
There is no firewall blocking rule for this.
Edit: There is also no proxy
The current version of the service connector expects the hostname:port without protocol prefix. Could you try:
cf service-connector 9000 xmnlzu2mkmsn05ll.service.consul:56063
That should work as expected.
(Disclaimer: I work for Swisscom)
Related
I was actually doing some quick labs exercise when I noticed this issue where is ping to an internal IP works but if I ping with machine name it does not work. Here is what I did:
a.) Create a GCP project. Leave all the default firewall rules in place
b.) Create a VM in us-central-1 (any region) call it - mynet-us-vm
c.) Create a VM in eu-west-1 (any region) - call it - mynet-eu-vm
d.) SSH to mynet-us-vm from the console
e.) Run this commands : ping -c 3 <Enter mynet-eu-vm's internal IP here>- It works
f.) Run this command: ping -c 3 mynet-eu-vm - Does not work! Getting below error
Getting Error:
"ping: mynet-eu-vm: Name or service not known"
For Internal DNS resolution to work there are multiple factors that affect this:
On the client Instance running ping the resolv.conf file must have the metadata server (169.254.169.254) as it’s nameserver and the search domains must be set similarly to the example on the documentation, if using a Google provided image this configuration should already be set correctly.
Additionally, verify the hostname registered for the Instance “mynet-eu-vm” this can be done by running curl against the metadata server, the output to this will be the full FQDN which will confirm whether the resolv.conf file should be set to Zonal DNS or Global DNS and if the hostname for the Instance is the same as the one being used with ping.
If running “dig FQDN #169.254.169.254” works but ping still fails this would mean that the Instance is trying to resolve against a different nameserver, or that the search list on resolv.conf is incorrect.
If the above steps fail I suggest raising a support case with Google Cloud Platform or opening a new Public Issue Tracker since following the steps provided does not result in the same behavior and likely it’s something specific to your setup.
I have a docker image listed in my gitlab ci services list. When I make an htpp request using curl to my docker service url everything works fine. But when I run my tests which makes an http request using axios to the service docker image url it says connection refused here is the exact message connect EINVAL 0.0.31.129:80 - Local (0.0.0.0:0)
The thing is that I was using a service on my registry running on specific port and the runner was trying to connect to the registry at port 80. Because since I did specify the port the runner don't exactly know what protocol to use. So, the runner pick default port for http which is 80. So, the fix will be to add http protocol to the registry url.
Recently I've set up an Amazon EC2 instance of Ubuntu 16.04 that was authorized to scan an IP block. The version of GSA that I have installed is 7.0.3. Currently, I can locally access GSA through the EC2 instance or remotely using my public Amazon elastic IP.
Additionally, I've allowed external access to GSA's listening port from my IP block. Currently, I can access GSA without any problems using my instances static public IP over HTTPS.
The problem that I'm currently running into is accessing GSA using a FQDN.
For example, I want to be able to use https://gsa.mydomain.com
My local DNS server has an A record with the FQDN and my EC2 instances public IP.
On my instance, I ran the following command.
sudo gsad --allow-header-host gsa.mydomain.com
However, browsing to https://gsa.mydomain.com produces the following error.
"The request contained an unknown or invalid Host header. If you are trying to access GSA via its hostname or a proxy, make sure GSA is set up to allow it."
Neither restarting GSA services or my instance had no effect.
Clearly, DNS is working but the host header command is not.
Any thoughts on how I can make this happen?
Additionally, for reference, I used the following URL
https://github.com/greenbone/gsa/pull/318
In ubuntu/debian edit /etc/default/openvas-gsa file and set ALLOW_HEADER_HOST=HOSTNAME
where HOSTNAME is your host name in the browser address line.
I'm using Kali and was able to figure this out my modifying the systemd service files. Modify the file /lib/systemd/system/greenbone-security-assistant.service, adding the --allow-header-host gsa.mydomain.com to the end of the ExecStart line.
For example, change the line from:
ExecStart=/usr/sbin/gsad --foreground --listen=<internal IP> --port=<configured web server port> --mlisten=<internal IP> --mport=<configured management port>
to:
ExecStart=/usr/sbin/gsad --foreground --listen=<internal IP> --port=<configured web server port> --mlisten=<internal IP> --mport=<configured management port> --allow-header-host gsa.mydomain.com
Then run:
systemctl daemon-reload
systemctl restart greenbone-security-assistant.service openvas-manager.service openvas-scanner.service
Hopefully I'm doing something wrong, I've read all documentation and scoured forums but can't seem to get to the bottom of an issue I'm experiencing. I'm using OSX btw.
Things that are working:
Connect to cloud SQL from local OS using proxy via either TCP or Socket
Connect to cloud SQL from local OS using proxy in container via TCP
Connect to cloud SQL from GKE using proxy in the same pod via TCP
Things that are not working:
Connect to cloud SQL from local OS using proxy in contain via sockets
Connect to cloud SQL from GKE using proxy in the same pod via socket
I suspect both of these problems are actually the same problem. I'm using this command to run the proxy inside of the container:
docker run -v [PATH]:/cloudsql \
gcr.io/cloudsql-docker/gce-proxy /cloud_sql_proxy -dir=/cloudsql \
-instances=[INSTANCE_CONNECTION_NAME] -credential_file=/cloudsql/[FILE].json
And the associated socket is being generated with the directory. However when I attempt to connect I get the following error:
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/cloudsql/node-sql:us-central1:nodedb' (61)
The proxy doesn't generate a new line when I try to connect which makes me think that it's not receiving the request, it simply says Ready for new connections and waits.
Any idea what's going wrong, or how I could troubleshoot this further?
For "Connect to cloud SQL from GKE using proxy in the same pod via socket" can you please follow the tutorial at https://cloud.google.com/sql/docs/mysql/connect-kubernetes-engine? We have a working WordPress example there that has the cloudsql-proxy as a sidecar container (i.e. in the same Pod, but over TCP).
I don't think you can do "in the same pod via socket" unless you’re running multiple processes in a single container (which you shouldn’t as a best practice). If you do a sidecar container, you can use TCP, so you don’t need a unix socket (moreover, I'm not sure how you’d share files between containers of a Pod).
Also, the docker run -v /local.sock:/remote.sock (I think) will be creating a file/directory locally as /local.sock and making that available inside the container as /remote.sock. This might not work because the docker-engine doesn't know that /local.sock is meant to be a Unix socket and it creates a regular file.
Getting the below error while trying to execute the statement in command prompt.
C:\users\Blue mix> cf API https://api.ng.bluemix.net
Setting API endpoint to https://api.ng.bluemix.net...
Request error: Get https://api.ng.bluemix.net/v2/info: http: error connecting to
proxy http://my.proxyserver.com:8080: dial tcp : lookup my.proxy server.com: GET Address inflow : No such host is known.
TIP: If you are behind a firewall and require an HTTP proxy, verify the HTTPS_proxy environment variable is correctly set. Else, check your network connection.
FAILED
Can you please suggest how can I fix this problem ?
It looks like you have configured the https_proxy variable? https://docs.cloudfoundry.org/cf-cli/http-proxy.html.
The error message suggests that the hostname you have set for your proxy server can not be resolved to an IP address.
Update:
You can verify if your machine is able to resolve the hostname of the proxy server by pinging your proxyserver, e.g.
C:\> ping my.proxyserver.com
Ping will report if it is unable to resolve the proxy hostname to an ip address. E.g.
C:\> ping my.proxyserver.com
Ping request could not find host my.proxyserver.com. Please check the name and try again.
If it is unable to resolve to an ip address, you need to fix that problem first. See here for some tips: https://support.rackspace.com/how-to/modify-your-hosts-file/