I would like to implement fail2ban on critical production systems and wondering if there is a 'monitoring' mode possible where ip's are not banned but logged to review fail2ban operation first to prevent outages because of config failures?
We have an action dummy that can be used for this purposes.
So configure it like this in your jail.local for [jail] you want test or [DEFAULT] section for all jails:
[jail]
banaction = dummy[target=/some/path/to/fail2ban.dummy.txt]
This works for v.0.10 and higher.
If you have still v.0.9, use action instead banaction (with all expected parameters) or banaction = dummy without [target=...] (it would use default target path /var/run/fail2ban/fail2ban.dummy).
I'm trying to install Jboss Operations Network server and have issues during the step where installer tries to connect to local Jboss server. Hence, I'm constantly getting this info message:
INFO [org.rhq.server.control.command.Install] Still waiting for server to start...
Exact defect in redhat hub is described here
Thing is, I believe my properties file is correctly set up and certainly both jboss.bind.address and jboss.bind.address.management are set. Tried 0.0.0.0 and 127.0.0.1 bindings, also tried to not set it at all, however then the installation wouldn't start at all - rhs-server.properties validation error with reason null.
According to server.log the server itself did start correctly. Although strangely enough password doesn't work when logging in to management console, but that's other issue.
#################### RHQ Server Configuration Properties ####################
#############################################################################
# Database Settings
# -----------------
# INSTALLATION ACTION REQUIRED!
# All properties must be explicitly set for the desired database vendor.
#
# These should point to the database that your RHQ Server will use as
# its backend RDBMS storage.
# If you are using Oracle:
# - comment out the Postgres settings
# - uncomment the Oracle settings below
# - adjust the values to match your environment
#
# NOTE: rhq.server.database.password is not to be set to the actual password
# but instead should be the encoded password value as generated by:
# rhq-encode-value.sh(.bat)
#############################################################################
# PostgreSQL database
# rhq.server.database.connection-url=jdbc:postgresql://127.0.0.1:5432/rhq
# rhq.server.database.user-name=rhqadmin
# rhq.server.database.password=1eeb2f255e832171df8592078de921bc
# rhq.server.database.type-mapping=PostgreSQL
# rhq.server.database.server-name=127.0.0.1
# rhq.server.database.port=5432
# rhq.server.database.db-name=rhq
# hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
# rhq.server.quartz.driverDelegateClass=org.quartz.impl.jdbcjobstore.PostgreSQLDelegate
# Oracle database
rhq.server.database.connection-url=jdbc:oracle:thin:#localhost:1521:jon
rhq.server.database.user-name=rhqadmin
rhq.server.database.password=1eeb2f255e832171df8592078de921bc
rhq.server.database.type-mapping=Oracle10g
hibernate.dialect=org.hibernate.dialect.Oracle10gDialect
rhq.server.quartz.driverDelegateClass=org.quartz.impl.jdbcjobstore.oracle.OracleDelegate
#############################################################################
# Server Settings
# ---------------
# UPGRADE ACTION REQUIRED! The following property must be explicitly set:
# rhq.server.high-availability.name
#
# These are miscellaneous settings that the server will use to customize itself
# to the environment in which it is running. These are settings you usually
# want to change or at least be aware of.
#############################################################################
# Defines what this server's name is to be known as to the RHQ system.
# It doesn't necessarily have to be an IP address or hostname, but it can be.
# If left blank, the RHQ Server will pick a name for itself based on the
# hostname it is running on.
# NOTE! If you are upgrading an existing server, this must be the same name
# as the server being upgraded.
rhq.server.high-availability.name=localhost
# Email settings used to connect to an SMTP server to send alert emails.
rhq.server.email.smtp-host=localhost
rhq.server.email.smtp-port=25
rhq.server.email.from-address=xxxxx#yyyyy.no
#############################################################################
# Host and Port Bindings
# ----------------------
# INSTALLATION ACTION REQUIRED! The following property must be explicitly set:
# jboss.bind.address
#
# These define the ports the RHQ Server will bind to. Most of the time
# you can leave these alone. You can change these default values to
# conform to your own environment's requirements, such as the IP address
# the RHQ Server will bind to (jboss.bind.address) and the ports
# browsers will use to access the RHQ web application
# (rhq.server.socket.binding.port.http, rhq.server.socket.binding.port.https)
# If you change the binding address, you might also want to change
# "rhq.autoinstall.public-endpoint-address" as well.
#############################################################################
# The bind address for the RHQ server (jboss server). To bind the server on
# all network interfaces set to 0.0.0.0, otherwise a specific IP address.
# jboss.bind.address=0.0.0.0
jboss.bind.address=0.0.0.0
# By default only local management connections
jboss.bind.address.management=0.0.0.0
jboss.socket.binding.port-offset=0
jboss.management.native.port=6999
jboss.management.http.port=6990
jboss.management.https.port=6443
rhq.server.socket.binding.port.ajp=7009
rhq.server.socket.binding.port.http=7080
rhq.server.socket.binding.port.https=7443
rhq.server.socket.binding.port.jacorb=2528
rhq.server.socket.binding.port.jacorb-ssl=2529
rhq.server.socket.binding.port.messaging=4449
rhq.server.socket.binding.port.messaging-throughput=4455
rhq.server.socket.binding.port.osgi-http=7090
rhq.server.socket.binding.port.remoting=3447
rhq.server.socket.binding.port.txn-recovery-environment=3712
rhq.server.socket.binding.port.txn-status-manager=3713
#############################################################################
# Installer Settings
# ------------------
# INSTALLATION ACTION REQUIRED! Review the default settings:
#
# These enable the installer when starting for the first time. To do so,
# first ensure all values in this properties file are appropriately set
# for your environment. Once you are sure all values are as you want them,
# set rhq.autoinstall.enabled=true and run the server then run the installer.
#
# rhq.autoinstall.enabled
# This must be true to trigger the automatic install.
# rhq.autoinstall.database
# Allowed values: auto, overwrite, skip:
# auto : create a new schema if one does not exist, otherwise
# upgrade the existing schema as needed (keep existing data).
# overwrite: create a new schema even if one exists (lose existing data).
# skip : leave existing database as is. WARNING! You must ensure your
# database schema already exists and is up to date.
# rhq.autoinstall.public-endpoint-address
# The public IP/hostname that all agents will use to talk to this server.
# If not set, a value to use is determined at auto-install time.
# rhq.autoinstall.public-endpoint-port
# rhq.autoinstall.public-endpoint-secure-port
# The public ports that all agents will use to talk to this server.
# If not set, values to use will be determined at auto-install time.
# You can normally leave these empty unless you have a special setup
# where the server's bind ports are exposed differently to remote
# clients (e.g. within a Docker container).
# rhq.autoinstall.server.admin.password
# The password for the built-in "rhqadmin" superuser. If not set the
# password will be prompted for by the "rhqctl install" command.
#
# NOTE: rhq.autoinstall.server.admin.password is not to be set to the
# actual password but instead should be the encoded password value
# as generated by: rhq-encode-value.sh(.bat)
#############################################################################
rhq.autoinstall.enabled=true
rhq.autoinstall.database=auto
#rhq.autoinstall.public-endpoint-address=
#rhq.autoinstall.public-endpoint-port=
#rhq.autoinstall.public-endpoint-secure-port=
rhq.autoinstall.server.admin.password=1eeb2f255e832171df8592078de921bc
#############################################################################
# Advanced Settings
# -----------------
# The settings below can usually be left as-is. These are advanced settings
# and should only be changed if you know what you are doing.
#############################################################################
# Enable debug messages from RHQ code
rhq.server.log-level=INFO
# Set this to true to have the server reject agent requests upon startup.
rhq.server.maintenance-mode-at-startup=false
# RHQ Server's remote endpoint for agents to talk to
# bind-address and bind-port are derived from the HA server definition,
# if you set the address/port here, they will override the HA server
# definition found in the database
rhq.communications.connector.transport=servlet
rhq.communications.connector.bind-address=
rhq.communications.connector.bind-port=
rhq.communications.connector.transport-params=/jboss-remoting-servlet-invoker/ServerInvokerServlet
# Multicast detector configuration for auto-discovery
rhq.communications.multicast-detector.enabled=false
rhq.communications.multicast-detector.bind-address=
rhq.communications.multicast-detector.multicast-address=224.16.16.16
rhq.communications.multicast-detector.port=16162
# Server-side SSL Security Configuration for HTTPS thru Tomcat
# These are used for browser https access and
# for incoming messages from agents over sslservlet transport.
# [Due to issue https://issues.jboss.org/browse/WFLY-1177, you cannot change
# rhq.server.tomcat.security.keystore.file or rhq.server.tomcat.security.truststore.file
# after you install RHQ. If you need to change those again, you must manually do so in standalone-full.xml.]
# Note that security algorithm settings are commented out - the defaults will be determined at runtime
# based on the JVM the server is running in (for IBM JVMs, the algorithm will default to "IbmX509",
# for all other JVMs, the algorithm will default to "SunX509"). If you need a specific algorithm value,
# you may hardcode it here in this file by uncommenting the lines and setting the values explicitly.
rhq.server.tomcat.security.client-auth-mode=false
rhq.server.tomcat.security.secure-socket-protocol=TLS
#rhq.server.tomcat.security.algorithm=SunX509
rhq.server.tomcat.security.keystore.alias=RHQ
rhq.server.tomcat.security.keystore.file=${jboss.server.config.dir}/rhq.keystore
rhq.server.tomcat.security.keystore.password=RESTRICTED::5fb458952ebdaa86aa0b4e8d3eac5d13
rhq.server.tomcat.security.keystore.type=JKS
rhq.server.tomcat.security.truststore.file=${jboss.server.config.dir}/rhq.truststore
rhq.server.tomcat.security.truststore.password=RESTRICTED::5fb458952ebdaa86aa0b4e8d3eac5d13
rhq.server.tomcat.security.truststore.type=JKS
# Server-side SSL Security Configuration (for incoming messages from agents)
# These are used when secure transports other than sslservlet are used
rhq.communications.connector.security.secure-socket-protocol=TLS
rhq.communications.connector.security.keystore.file=${jboss.server.config.dir}/rhq.keystore
#rhq.communications.connector.security.keystore.algorithm=SunX509
rhq.communications.connector.security.keystore.type=JKS
rhq.communications.connector.security.keystore.password=RESTRICTED::5fb458952ebdaa86aa0b4e8d3eac5d13
rhq.communications.connector.security.keystore.key-password=RESTRICTED::5fb458952ebdaa86aa0b4e8d3eac5d13
rhq.communications.connector.security.keystore.alias=RHQ
rhq.communications.connector.security.truststore.file=${jboss.server.config.dir}/rhq.truststore
#rhq.communications.connector.security.truststore.algorithm=SunX509
rhq.communications.connector.security.truststore.type=JKS
rhq.communications.connector.security.truststore.password=RESTRICTED::5fb458952ebdaa86aa0b4e8d3eac5d13
rhq.communications.connector.security.client-auth-mode=none
# Client-side SSL Security Configuration (for outgoing messages to agents)
rhq.server.client.security.secure-socket-protocol=TLS
rhq.server.client.security.keystore.file=${jboss.server.config.dir}/rhq.keystore
#rhq.server.client.security.keystore.algorithm=SunX509
rhq.server.client.security.keystore.type=JKS
rhq.server.client.security.keystore.password=RESTRICTED::5fb458952ebdaa86aa0b4e8d3eac5d13
rhq.server.client.security.keystore.key-password=RESTRICTED::5fb458952ebdaa86aa0b4e8d3eac5d13
rhq.server.client.security.keystore.alias=RHQ
rhq.server.client.security.truststore.file=${jboss.server.config.dir}/rhq.truststore
#rhq.server.client.security.truststore.algorithm=SunX509
rhq.server.client.security.truststore.type=JKS
rhq.server.client.security.truststore.password=RESTRICTED::5fb458952ebdaa86aa0b4e8d3eac5d13
rhq.server.client.security.server-auth-mode-enabled=false
# Operations/controls timeout
# Defines the default timeout for all operations (specified in seconds)
rhq.server.operation-timeout=600
# Additional Quartz settings
rhq.server.quartz.selectWithLockSQL=SELECT * FROM {0}LOCKS ROWLOCK WHERE LOCK_NAME = ? FOR UPDATE
rhq.server.quartz.lockHandlerClass=org.quartz.impl.jdbcjobstore.StdRowLockSemaphore
# Concurrency limits for incoming UI and agent messages
rhq.server.startup.web.max-connections=200
rhq.server.agent-downloads-limit=45
rhq.server.client-downloads-limit=5
rhq.communications.global-concurrency-limit=30
rhq.server.concurrency-limit.inventory-report=5
rhq.server.concurrency-limit.availability-report=25
rhq.server.concurrency-limit.inventory-sync=10
rhq.server.concurrency-limit.content-report=5
rhq.server.concurrency-limit.content-download=5
rhq.server.concurrency-limit.measurement-report=10
rhq.server.concurrency-limit.measurement-schedule-request=10
rhq.server.concurrency-limit.configuration-update=10
# Content Local Filesystem Repository
rhq.server.content.filesystem=${jboss.server.data.dir}/packagebits
# The frequency (in millis) the server checks for updated plugins
rhq.server.plugin-scan-period-ms=300000
# When this is enabled, the server at start up will compare its endpoint
# address to the host name/address found on the host machine. If they differ,
# the server endpoint address will be updated to the value found on the host
# machine. This is targeted for use in cloud deployments where IP addresses
# change frequently, but it can be of use in other deployment settings where
# you have to deal with IP address changes.
rhq.sync.endpoint-address=false
# When this is enabled, the server will request that agents send content for
# for binary files that are being monitored for drift. The content for those
# files will then be persisted on the server. By default, the server does not
# persist content for well known binary file types like .ear, .war, .zip, .so,
# etc. The server does however persist content for text files or any other
# files that are not known binary types.
#rhq.server.drift.store-binary-content=false
# The installer will create a default EAP management user named 'rhqadmin'.
# The password is generated and obfuscated and specified here. This should
# not be edited.
rhq.server.management.password=-7f3686bb1fda3ac207a6df87216de44
#############################################################################
# Storage cluster configuration settings
#
# IMPORTANT NOTE:
# - Storage Node properties will be stored in the database
# after the initial install. The server will use database stored
# properties during operation and after restarts.
# - Additional servers in an HA topology will use database stored Storage
# Node properties. So properties set in this configuration file will be
# overriden on install with the database values.
#############################################################################
# The username RHQ will use to authenticate against the Storage Cluster.
# The value is generated and should not be edited.
rhq.storage.username=qfwrfyor
# The password RHQ will use to authenticate against the Storage Cluster.
# The value is generated and obfuscated and should not be edited.
rhq.storage.password=6565d48c5be26f74df8592078de921bc
# A comma-delimited list of storage nodes. Each Storage node uses this list as
# contact points to find other nodes in the cluster and learn the ring
# topology. The RHQ server(s) use this list to connect to the cluster;
# therefore, this property MUST BE SET in order for RHQ to talk to the Storage.
# Cluster. The of an entry is as follows:
#
# hostname1,hostname2
#
# Note that this is actually an installer setting. Changing the value after
# installation will have no effect.
rhq.storage.nodes=MT3JZ0D5J
# The ports used by storage nodes to communicate with each other
# and used by the RHQ server(s) to communicate with the cluster.
# Both properties are required.
#
rhq.storage.cql-port=9142
rhq.storage.gossip-port=7100
#############################################################################
# Storage client settings
#
# The following are advanced settings the client (i.e., driver) that
# communicates with the storage cluster
#############################################################################
# The request limit will automatically change by this amount when there is a
# topology change event. The change will be persisted to this file. Topology
# change events include nodes being added/removed and nodes going up/down.
# Defaults 30,000 if undefined.. If specified the value is parsed as a double.
rhq.storage.request.limit.topology-delta=30000
# When a request times out, the request limit as specified by
# rhq.storage.request.limit will be decreased. The change will be persisted to
# this file. The value is parsed as a double and should be expressed as a
# percentage (i.e., a value between 0 and 1). For example, a value of 0.3 means
# that on a request timeout, the the request limit will decrease by 30%.
# Defaults to 0.2 if undefined.
rhq.storage.request.limit.timeout-delta=0.2
# If a request timeout occurs, there is a good possibility that it could be
# followed by successive timeouts due to read/write patterns. This property
# specifies a dampening period such that the request throughput will only be
# decreased once for all timeouts that occur during said period. Defaults to
# 30 seconds if undefined. The value is specified in milliseconds and is parsed
# as a long.
rhq.storage.request.limit.timeout-dampening=30000
# Sets the maximum throttling. In other words, the request limit will not
# decrease lower than this value. Defaults to 5,000 if undefined. The value is
# parsed as a double.
rhq.storage.request.limit.min=5000
##############################################################################
# Metrics aggregation settings
#
# Note that if you commit the RHQ Server into inventory, these settings can be
# managed through the resource configuration of the Measurement Subsystem.
# Changes made through the Measurement Subsystem resource are applied
# dynamically at runtime whereas directly editing these properties requires a
# a server restart for changes to take effect.
##############################################################################
# Specifies the number of schedules for which data will be fetched per thread.
# A higher value can improve aggregation performance at the cost of greater
# memory utilization.
rhq.metrics.aggregation.batch-size=5
# Specifies the number of batches that can be processed in parallel. A higher
# value can improve aggregation performance at the cost of greater memory
# utilization.
rhq.metrics.aggregation.parallelism=3
# The number of threads to use during aggregation. It defaults to
# ceiling(5, num_cores).
rhq.metrics.aggregation.workers=4
# A limit, specified in days, on the age of raw data that is ingested. If raw
# data has a timestamp that is more than limit days old, then it is not stored.
# This prevents raw data that is for example a year old from being stored.
rhq.metrics.data.age-limit=3
This defect was solved in v3.3 update 9. Installing most recent update from here should solve the problem.
We are using sails framework for our web application and MongoDB as database.
Now we are calling services of the web app from the mobile.
There can be around 200-300 concurrent users calling webservice.
I observed that there are around 5-6 services executed and rest are ignore with time out exception.
I read somewhere that sails-mongo has default connection pool size 5.
How can I change it?
Here is config file. Though the connection pool size not changing.
mongodb: {
adapter: 'sails-mongo',
url : 'mongodb://127.0.0.1:27017/mydb?poolSize=200'
},
I found poolSize configuration in sails-mongo documention.
Can you try something like below.
someMongoDb: {
adapter: 'sails-mongo',
host: 'localhost', // defaults to `localhost` if omitted
port: 27017, // defaults to 27017 if omitted
user: 'username_here', // or omit if not relevant
password: 'password_here', // or omit if not relevant
database: 'database_name_here' // or omit if not relevant
poolSize: 10 //or omit if not relevant
}
It looks like the sails framework limits the concurrent request. I
remove the fetching data from mongodb and just make the method empty
without sending response. I observe that it executes 4 requests and
make other request for wait. If I kill one request it takes other
waited request
Sails/node/mongodb are not the problem as they can handle thousands of simultaneous requests. Nodejs is configured to accept infinite number of sockets by default https://nodejs.org/api/http.html#http_agent_maxsockets.
Most likely your browser or http client is limiting the number of requests per server. Refer to https://stackoverflow.com/a/985704/401025 or lookup the maximum number of requests from the manual of your http client.
I'm using awslogs to send my haproxy logs to Cloudwatch from an EC2 instance running Ubuntu, and it's working fine, except that each log message is appearing twice.
This post seems to indicate that it's because log global is in global as well as defaults, but I can't find anything else about it.
Here's the log bits of the current configuration:
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
log 127.0.0.1 local2
...
defaults
mode http
log global
...
I commented out 'log global' in defaults but I'm still seeing double log entries in Cloudwatch.
editing to add rsyslog 49-haproxy.conf:
# Create an additional socket in haproxy's chroot in order to allow logging via
# /dev/log to chroot'ed HAProxy processes
$AddUnixListenSocket /var/lib/haproxy/dev/log
# Send HAProxy messages to a dedicated logfile
if $programname startswith 'haproxy' then /var/log/haproxy.log
&~
Hello I would like to enquire if there is an API that can be used to retrieve Ganglia stats for all clients from a single ganglia server?
The Ganglia gmetad component listens on ports 8651 and 8652 by default and replies with XML metric data. The XML data type definition can be seen on GitHub here.
Gmetad needs to be configured to allow XML replies to be sent to specific hosts or all hosts. By default only localhost is allowed. This can be changed in /etc/ganglia/gmetad.conf.
Connecting to port 8651 will get you a default XML report of all metrics as a response.
Port 8652 is the interactive port which allows for customized queries. Gmetad will recognize raw text queries sent to this port, i.e. not HTTP requests.
Here are examples of some queries:
/?filter=summary (returns a summary of the whole grid, i.e. all clusters)
/clusterName (returns raw data of a cluster called "clusterName")
/clusterName/hostName (returns raw data for host "hostName" in cluster "clusterName")
/clusterName?filter=summary (returns a summary of only cluster "clusterName")
The ?filter=summary parameter changes the output to contain the sum of each metric value over all hosts. The number of hosts is also provided for each metric so that the mean value may be calculated.
Yes, there's an API for Ganglia: https://github.com/guardian/ganglia-api
You should check this presentation from 2012 Velocity Europe - it was really a great talk: http://www.guardian.co.uk/info/developer-blog/2012/oct/04/winning-the-metrics-battle
There is also an API you can install from pypi with 'pip install gangliarest' and sets up a configurable API backed with a Redis cache and indexer to improve performance.
https://pypi.python.org/pypi/gangliarest