I try to implement sonarqube continuous inspection in azure devops with help of windows container instance. After creating azure sonarqube instance (Docker sonarqube latest image) and azure sql database, I try to bind sonarqube windows instance with azure sql server with help of below azure CLI command :
az webapp config connection-string set --resource-group $RESOURCE_GROUP_NAME --name $WEBAPP_NAME -t SQLAzure --settings SONARQUBE_JDBC_URL=$DB_CONNECTION_STRING --connection-string-type SQLAzure
az webapp config container set --name $WEBAPP_NAME--resource-group $RESOURCE_GROUP_NAME --docker-custom-image-name $CONTAINER_REGISTRY_FQDN/$CONTAINER_IMAGE_NAME:$CONTAINER_IMAGE_TAG --docker-registry-server-url https://$CONTAINER_REGISTRY_FQDN --docker-registry-server-user $REG_ADMIN_USER --docker-registry-server-password $REG_ADMIN_PASSWORD
for this i used server less sonarqube setup approach derived in below article:
https://github.com/Hupka/sonarqube-azure-setup
But i am getting below container logs while running sonarqube container instance:
2019-06-13 14:28:34.362 INFO - Logging is not enabled for this container.
Please use https://aka.ms/linux-diagnostics to enable logging to see container logs here.
2019-06-13 14:28:38.819 INFO - Initiating warmup request to container SonarQubewebappName for site sonarqube-docker
2019-06-13 14:28:54.260 INFO - Waiting for response to warmup request for container SonarQubewebappName. Elapsed time = 15.4410269 sec
2019-06-13 14:29:12.285 INFO - Waiting for response to warmup request for container SonarQubewebappName. Elapsed time = 33.4654201 sec
2019-06-13 14:29:28.296 INFO - Waiting for response to warmup request for container SonarQubewebappName. Elapsed time = 49.4772459 sec
2019-06-13 14:29:44.637 INFO - Waiting for response to warmup request for container SonarQubewebappName. Elapsed time = 65.8173845 sec
**2019-06-13 14:29:56.670 ERROR - Container SonarQubewebappName for site SonarQubewebappName has exited, failing site start
2019-06-13 14:29:56.693 ERROR - Container SonarQubewebappName didn't respond to HTTP pings on port: 9000, failing site start.**
getting :( Application Error while accessing sonarqube.
However same configuration works for sonarqube docker instance which is created locally and linked with same azure sql database.
Can you please help me out with this error.
az webapp config connection-string set --resource-group $RESOURCE_GROUP_NAME --name $WEBAPP_NAME -t SQLAzure --settings SONARQUBE_JDBC_URL=$DB_CONNECTION_STRING --connection-string-type SQLAzure
az webapp config container set --name $WEBAPP_NAME--resource-group $RESOURCE_GROUP_NAME --docker-custom-image-name $CONTAINER_REGISTRY_FQDN/$CONTAINER_IMAGE_NAME:$CONTAINER_IMAGE_TAG --docker-registry-server-url https://$CONTAINER_REGISTRY_FQDN --docker-registry-server-user $REG_ADMIN_USER --docker-registry-server-password $REG_ADMIN_PASSWORD
Related
I already have a v16 running in Azure. Now, I'm trying to run a Keycloak 19 in Azure WebApp (with Azure SQL Server), but the container always stop with timeout.
My dockerfile
FROM quay.io/keycloak/keycloak:latest as builder
ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
ENV KC_FEATURES=token-exchange
RUN curl -sL https://github.com/aerogear/keycloak-metrics-spi/releases/download/2.5.3/keycloak-metrics-spi-2.5.3.jar -o /opt/keycloak/providers/keycloak-metrics-spi-2.5.3.jar
RUN /opt/keycloak/bin/kc.sh \
build \
--db=mssql \
--transaction-xa-enabled=false
FROM quay.io/keycloak/keycloak:latest
COPY --from=builder /opt/keycloak/ /opt/keycloak/
WORKDIR /opt/keycloak
RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 2048 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore
ENV KC_DB=mssql
ENV KC_DB_URL=jdbc:sqlserver://<SERVER>:1433;databaseName=keycloak
ENV KC_DB_USERNAME=<USER>
ENV KC_DB_PASSWORD=<PASS>
ENV KC_HOSTNAME=localhost
EXPOSE 8443
ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start", "--optimized"]
I run locally normally, the problem only occurs in Azure
The container Log
2022-09-06T01:35:02.819Z INFO - Pulling image: marcem/keycloak:19.0.1
2022-09-06T01:35:04.669Z INFO - 19.0.1 Pulling from marcem/keycloak
2022-09-06T01:35:04.670Z INFO - Digest: sha256:41fe4fe72ecc4625032ef08b91fc3c64739b53482dd83a15d77c9e2b4f0f12e0
2022-09-06T01:35:04.671Z INFO - Status: Image is up to date for marcem/keycloak:19.0.1
2022-09-06T01:35:04.674Z INFO - Pull Image successful, Time taken: 0 Minutes and 1 Seconds
2022-09-06T01:35:04.686Z INFO - Starting container for site
2022-09-06T01:35:04.687Z INFO - docker run -d --expose=8443 --name idteste19_0_b2d18046 -e WEBSITES_ENABLE_APP_SERVICE_STORAGE=false -e WEBSITES_PORT=8443 -e WEBSITE_SITE_NAME=idteste19 -e WEBSITE_AUTH_ENABLED=False -e WEBSITE_ROLE_INSTANCE_ID=0 -e WEBSITE_HOSTNAME=idteste19.azurewebsites.net -e WEBSITE_INSTANCE_ID=d666afc5e23f437c473fe3731926e159eed3db588814c4ad67c48018d825c3c4 -e WEBSITE_USE_DIAGNOSTIC_SERVER=False marcem/keycloak:19.0.1
2022-09-06T01:35:04.687Z INFO - Logging is not enabled for this container.
Please use https://aka.ms/linux-diagnostics to enable logging to see container logs here.
2022-09-06T01:35:06.990Z INFO - Initiating warmup request to container idteste19_0_b2d18046 for site idteste19
2022-09-06T01:35:22.306Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 15.3159746 sec
2022-09-06T01:35:38.239Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 31.2483851 sec
2022-09-06T01:35:54.129Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 47.1388503 sec
2022-09-06T01:36:09.300Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 62.3097502 sec
2022-09-06T01:36:24.480Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 77.4895726 sec
2022-09-06T01:36:40.237Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 93.2471132 sec
2022-09-06T01:36:55.426Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 108.4360961 sec
2022-09-06T01:37:10.588Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 123.5979024 sec
2022-09-06T01:37:25.747Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 138.7566758 sec
2022-09-06T01:37:40.925Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 153.9341915 sec
2022-09-06T01:37:56.075Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 169.0848266 sec
2022-09-06T01:38:12.088Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 185.097369 sec
2022-09-06T01:38:27.253Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 200.2621661 sec
2022-09-06T01:38:42.393Z INFO - Waiting for response to warmup request for container idteste19_0_b2d18046. Elapsed time = 215.4024129 sec
2022-09-06T01:38:57.060Z ERROR - Container idteste19_0_b2d18046 for site idteste19 did not start within expected time limit. Elapsed time = 230.0696036 sec
2022-09-06T01:38:57.086Z ERROR - Container idteste19_0_b2d18046 didn't respond to HTTP pings on port: 8443, failing site start. See container logs for debugging.
2022-09-06T01:38:57.093Z INFO - Stopping site idteste19 because it failed during startup.
The keycloak log
2022-09-06T01:35:18.552235082Z 2022-09-06 01:35:13,613 INFO [org.keycloak.common.Profile] (main) Preview feature enabled: token_exchange
2022-09-06T01:35:18.554454187Z 2022-09-06 01:35:13,647 INFO [org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider] (main) Hostname settings: FrontEnd: localhost, Strict HTTPS: true, Path: <request>, Strict BackChannel: false, Admin: <request>, Port: -1, Proxied: false
2022-09-06T01:35:18.620453452Z 2022-09-06 01:35:16,830 INFO [org.keycloak.common.crypto.CryptoIntegration] (main) Detected crypto provider: org.keycloak.crypto.def.DefaultCryptoProvider
2022-09-06T01:35:20.874562080Z 2022-09-06 01:35:20,872 WARN [org.infinispan.CONFIG] (keycloak-cache-init) ISPN000569: Unable to persist Infinispan internal caches as no global state enabled
2022-09-06T01:35:20.913982278Z 2022-09-06 01:35:20,913 WARN [org.infinispan.PERSISTENCE] (keycloak-cache-init) ISPN000554: jboss-marshalling is deprecated and planned for removal
2022-09-06T01:35:21.007026510Z 2022-09-06 01:35:21,006 INFO [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller'
2022-09-06T01:35:22.045335289Z 2022-09-06 01:35:22,038 INFO [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000128: Infinispan version: Infinispan 'Triskaidekaphobia' 13.0.9.Final
2022-09-06T01:35:22.439656965Z 2022-09-06 01:35:22,439 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000078: Starting JGroups channel `ISPN`
2022-09-06T01:35:22.442769173Z 2022-09-06 01:35:22,442 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000088: Unable to use any JGroups configuration mechanisms provided in properties {}. Using default JGroups configuration!
2022-09-06T01:35:22.762236477Z 2022-09-06 01:35:22,761 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the send buffer of socket MulticastSocket was set to 1.00MB, but the OS only allocated 212.99KB
2022-09-06T01:35:22.773617706Z 2022-09-06 01:35:22,773 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the receive buffer of socket MulticastSocket was set to 20.00MB, but the OS only allocated 212.99KB
2022-09-06T01:35:22.778530319Z 2022-09-06 01:35:22,777 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the send buffer of socket MulticastSocket was set to 1.00MB, but the OS only allocated 212.99KB
2022-09-06T01:35:22.783215231Z 2022-09-06 01:35:22,782 WARN [org.jgroups.protocols.UDP] (keycloak-cache-init) JGRP000015: the receive buffer of socket MulticastSocket was set to 25.00MB, but the OS only allocated 212.99KB
2022-09-06T01:35:24.868971104Z 2022-09-06 01:35:24,868 INFO [org.jgroups.protocols.pbcast.GMS] (keycloak-cache-init) 3ede773e307d-43775: no members discovered after 2018 ms: creating cluster as coordinator
2022-09-06T01:35:24.891014759Z 2022-09-06 01:35:24,890 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000094: Received new cluster view for channel ISPN: [3ede773e307d-43775|0] (1) [3ede773e307d-43775]
2022-09-06T01:35:24.901995387Z 2022-09-06 01:35:24,900 INFO [org.infinispan.CLUSTER] (keycloak-cache-init) ISPN000079: Channel `ISPN` local address is `3ede773e307d-43775`, physical addresses are `[169.254.129.3:52868]`
2022-09-06T01:35:26.153975737Z 2022-09-06 01:35:26,153 INFO [org.keycloak.connections.infinispan.DefaultInfinispanConnectionProviderFactory] (main) Node name: 3ede773e307d-43775, Site name: null
2022-09-06T01:35:28.435231448Z 2022-09-06 01:35:28,434 INFO [io.quarkus] (main) Keycloak 19.0.1 on JVM (powered by Quarkus 2.7.6.Final) started in 21.561s. Listening on: https://0.0.0.0:8443
2022-09-06T01:35:28.436131450Z 2022-09-06 01:35:28,435 INFO [io.quarkus] (main) Profile prod activated.
2022-09-06T01:35:28.436823052Z 2022-09-06 01:35:28,436 INFO [io.quarkus] (main) Installed features: [agroal, cdi, hibernate-orm, jdbc-h2, jdbc-mariadb, jdbc-mssql, jdbc-mysql, jdbc-oracle, jdbc-postgresql, keycloak, logging-gelf, narayana-jta, reactive-routes, resteasy, resteasy-jackson, smallrye-context-propagation, smallrye-health, smallrye-metrics, vault, vertx]
I tried change the KC_HOSTNAME (from localhost to xxx.azurewebsites.net), KC_HOSTNAME_PORT (to 443, 8443), PROXY_ADDRESS_FORWARDING (to false and true) and WEBSITES_PORT (to 80, 8080 and 8443). But unsuccessfully.
Any ideas?
Thanks a lot
I managed to get the Keycloak UI be shown and works to login. Now the only problem is with SSL cert.
But to get it started do this steps
in Dockerfile i added
CMD ["start", "--hostname-strict false --hostname-strict-https false"]
after the [EntryPoint]
Then in Azure Configuration you need to add variables
PORT: 8080
and
WEBSITES_PORT: 8080
and
KC_DB_URL="jdbc:sqlserver://mydatabaseserver.database.windows.net;database=mydatabase"
You can also check the logs by enabling App Service Logs and then login to the Advanced Tools and check the Log files. The file ending with the _docker.log is the file to check if it starts up correctly.
I was also able to solve the problem by setting environment variables:
ENV KC_HOSTNAME_STRICT=false
ENV KC_HOSTNAME_STRICT_HTTPS=false
ENV KC_HTTP_PORT=8080
ENV KC_HTTP_ENABLED=true
and using ENTRYPOINT
ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"]
I am following this instructions for deploying metabase with Google App Engine, after I complete the operations and open the url where the service is deployed i get 502 Bad Gateway or
Error: Server Error
The server encountered a temporary error and could not complete your request.
Please try again in 30 seconds. and from console I got
INFO metabase.driver :: Registered abstract driver :sql ?
This is my app.yaml
env: flex
manual_scaling:
instances: 1
env_variables:
MB_JETTY_PORT: 8080
MB_DB_TYPE: postgres
MB_DB_DBNAME: metabase
MB_DB_PORT: 5432
MB_DB_USER: devops
MB_DB_PASS: password
MB_DB_HOST: 127.0.0.1
beta_settings:
cloud_sql_instances: <instance-name>=tcp:5432
Dockerfile:
FROM gcr.io/google-appengine/openjdk
EXPOSE 8080
ENV PORT 8080
ENV MB_PORT 8080
ENV MB_JETTY_PORT 8080
ENV MB_DB_PORT 5432
ENV METABASE_SQL_INSTANCE <instance_name>=tcp:5432
ENV JAVA_OPTS "-XX:+IgnoreUnrecognizedVMOptions -Dfile.encoding=UTF-8 --add-opens=java.base/java.net=ALL-UNNAMED --add-modules=java.xml.bind"
ADD https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64 ./cloud_sql_proxy
ADD http://downloads.metabase.com/v0.33.2/metabase.jar /metabase.jar
RUN chmod +x ./cloud_sql_proxy
CMD ./cloud_sql_proxy -instances=$METABASE_SQL_INSTANCE=tcp:$MB_DB_PORT & java -jar ./metabase.jar
Also I troubleshoot everything I saw on stackoverflow and tried all options with similar problem but still not working, i tried this option 1 and this options 2 but still no working effects.
My steps:
On GCP I am the owner of the project,I created Compute engine VM instance, then SQL Postgres instance, and a new Postgres database with user, I added the public IP address of the VM in the configurations of the SQL Instance as authorized network, and deployed the app.yaml and Dockerfile with gcloud app deploy. Any working solutons?
[1]: https://www.cloudbooklet.com/install-metabase-on-google-cloud-with-docker-app-engine/
I fixed the issue. I just change the metabase version, it always has to be the newest. 0.36.6 at this moment
I have Jenkins set up on GCE and from there I am trying to access k8s cluster on GKE. I get unauthorized when I try to test a connection on the plugin.
I have enabled GKE API access, created a service account on GKE, created role and role binding.
Installed kubernetes plugin on Jenkins and configured it by providing kubernetes url, certificate and token. I still get following exception -
Expected is - Connection to Kubernetes cluster succeeds.
Actual is - Error testing connection https://35.193.108.106: java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Empty input (With Disabled Https)
AND
With (Disable https certificate check enabled)
Error testing connection https://35.193.108.106: Failure executing: GET at: https://35.193.108.106/api/v1/namespaces/default/pods. Message: Unauthorized. Received status: Status(apiVersion=v1, code=401, details=null, kind=Status, message=Unauthorized, metadata=ListMeta(_continue=null, resourceVersion=null, selfLink=null, additionalProperties={}), reason=Unauthorized, status=Failure, additionalProperties={}).
Check gcp network rules settings and check connection with kubectl from jenkins vm. I use "Secret text" type credentials to store token. I use jenkins vm in same gcp network to skip such issues.
Service account creation in namespace jenkins with "admin" permissions
kubectl create namespace jenkins && kubectl create serviceaccount jenkins --namespace=jenkins && kubectl describe secret $(kubectl describe serviceaccount jenkins --namespace=jenkins | grep Token | awk '{print $2}') --namespace=jenkins && kubectl create rolebinding jenkins-admin-binding --clusterrole=admin --serviceaccount=jenkins:jenkins --namespace=jenkins
I'm trying to connect to google sql cloud instance from custom runtime environment in App Engine.
When I follow the doc to connect using unix domain socket, it works. The problem is when I try to connect using a TCP connect. It shows:
Warning: mysqli_connect(): (HY000/2002): Connection refused in
/var/www/html/index.php on line 3
Connect error: Connection refused
This is my app.yaml file:
runtime: custom
env: flex
beta_settings:
cloud_sql_instances: testing-mvalcam:europe-west1:testdb=tcp:3306
resources:
cpu: 1
memory_gb: 0.5
disk_size_gb: 10
The Dockerfile:
FROM php:7.0-apache
ENV PORT 8080
CMD sed -i "s/80/$PORT/g" /etc/apache2/sites-available/000-default.conf /etc/apache2/ports.conf && docker-php-entrypoint apache2-foreground
RUN docker-php-ext-install mysqli
RUN a2enmod rewrite
COPY ./src /var/www/html
EXPOSE $PORT
And index.php:
<?php
$link = mysqli_connect('127.0.0.1', 'root', 'root', 'test');
if (!$link){
die('Connect error: '. mysqli_connect_error());
}
echo 'successfully connected';
mysqli_close($link);
?>
What am I doing Wrong?
The ip address ‘172.17.0.1’ is related with the docker container where the webserver is running, you can get more context on that in this documentation.
The documentation page you’re using might be lacking on adjusting the use case if you’re deploying with a presence of a Dockerfile. In the following documentation you can read more information about App Engine flexible runtimes.
As demonstrated by the documentation you’re using (remember to click on the TCP CONNECTION tab on this page), on the section of the app.yaml related to Cloud SQL instances information about the TCP port in use by the database server is needed.
I've trouble in connecting to a wss secured socket server via google appengine frontend with managed VM support.
buy default google exposes only port 8080 in docker image google/nodejs-runtime, Even if expose port 8443 in Dockerfile like below i can connect only to http://localhost:8080 not https://localhost:8443
FROM google/nodejs
WORKDIR /app
ADD package.json /app/
RUN npm install
ADD . /app
EXPOSE 8443
CMD []
ENTRYPOINT ["/nodejs/bin/npm", "start"]
Still i can see port 8080 include in the container
"/nodejs/bin/npm start 8443/tcp, 0.0.0.0:8080->8080/tcp
If i log in to my managed vm instance and run the container image with
docker run -d -p 8443:8443 nodejs.default.wss-check:latest
and try
$curl https://localhost:8443
I get curl: (60) SSL certificate problem: unable to get local issuer certificate, It looks like its connecting but i've to use realdomain name
I've created a issue in github aswell https://github.com/GoogleCloudPlatform/appengine-nodejs-quickstart/issues/13, but not that helpful.
Same set up works like a charm in normal compute instance. but it doesn't auto scale.
Any help on this issue will be appreciated.
The reason you can't curl to https on localhost (curl: (60) SSL certificate problem: unable to get local issuer certificate) is because "localhost" is unknown to any CA. You need to run curl -k https://localhost:8443 to get it to ignore the lack of a certificate for localhost.
Looks like currently Google Managed VM supports Websocket connection only on JAVA
Even if you try websocket connection on with nodejs on GMV it defaults to polling transport. if you wanna see this in live you can use set socket transports, deploy to live and look in to console- network and see which transport its using!
socket.set('transports', [
'websocket'
, 'flashsocket'
, 'htmlfile'
, 'xhr-polling'
, 'jsonp-polling'
]);
We have to wait untill google implements websocket support in Managed VM. If anyone get this working on GMV, Please comment here :)