OHS the plug-ins do not fail over

 

CAUSE

The multiple invocations had nothing to do with OSB, rather with the configuration of the plugin for the Apache load balancer. This is expected behavior for the default 11g configuration in certain situations. The issue is due to the use of the plugin configuration parameter "Idempotent".

When "Idempotent" is turned on, the plugin will attempt to resend the HTTP request after it has timed out (configured in the "WLIOTimeoutSecs" parameter in plugin).

http://download.oracle.com/docs/cd/E13222_01/wls/docs100/plugins/plugin_params.html

 

Unsolicited multiple invocations like this have been reported in other products using the same load balancer configuration.

SOLUTION

 

1. Turn OFF Idempotent in the web server plugin configuration.
   http://download.oracle.com/docs/cd/E13222_01/wls/docs100/plugins/plugin_params.html
   If "Idempotent" is set to “OFF” the plugin will not fail over.
2. If not explicitly set, WLIOTimeoutSecs defaults to 300 seconds (5 minutes).
   You can add a line in the file httpd.conf ($ORACLE_INSTANCE/config/OHS/ohsx) in order to set this parameter WLIOTimeoutSecs

OHS Terminating SSL Requests

 

Terminating SSL Requests

The following sections describe how to terminate requests using SSL before or within Oracle HTTP Server, where the mod_wl_ohs module forwards requests to WebLogic Server. Whether you terminate SSL before the request reaches Oracle HTTP Server or when the request is in the server, depends on your topology. A common reason to terminate SSL is for performance considerations when an internal network is otherwise protected with no risk of a third-party intercepting data within the communication. Another reason is when WebLogic Server is not configured to accept HTTPS requests.

This section includes the following topics:

• About Terminating SSL at the Load Balancer

• About Terminating SSL at Oracle HTTP Server

About Terminating SSL at the Load Balancer

If you are using another device such as a load balancer or a reverse proxy which terminates requests using SSL before reaching Oracle HTTP Server, then you must configure the server to treat the requests as if they were received through HTTPS. The server must also be configured to send HTTPS responses back to the client.

Figure 9-1 illustrates an example where the request transmitted from the browser through HTTPS to WebLogic Server. The load balancer terminates SSL and transmits the request as HTTP. Oracle HTTP Server must be configured to treat the request as if it was received through HTTPS.

Figure 9-1 Terminating SSL Before Oracle HTTP Server

Description of "Figure 9-1 Terminating SSL Before Oracle HTTP Server"

Terminating SSL at the Load Balancer

To instruct the Oracle HTTP Server to treat requests as if they were received through HTTPS, configure the httpd.conf file with the SimulateHttps directive in the mod_certheaders module.

For more information on mod_certheaders module, see mod_certheaders Module—Enables Reverse Proxies.

Note:

This procedure is not necessary if SSL is configured on Oracle HTTP Server (that is, if you are directly accessing Oracle HTTP Server using HTTPS).

1. Configure the httpd.conf configuration file with the external name of the server and its port number, for example:

   ServerName <www.company.com:port>
   

2. Configure the httpd.conf configuration file to load the mod_certheaders module, for example:

   • On UNIX:

     LoadModule certheaders_module libexec/mod_certheaders.so
     

   • On Windows:

     LoadModule certheaders_module modules/ApacheModuleCertHeaders.dll
     AddModule mod_certheaders.c
     

     Note:

     Oracle recommends that the AddModule line should be included with other AddModule directives.

3. Configure the SimulateHttps directive at the bottom of the httpd.conf file to send HTTPS responses back to the client, for example:

   # For use with other load balancers and front-end devices:
   SimulateHttps On
   

4. Restart Oracle HTTP Server and test access to the server. Especially, test whether you can access static pages such as https://host:port/index.html

   Test your configuration as a basic setup. If you are having issues, then you should troubleshoot from here to avoid overlapping with other potential issues, such as with virtual hosting.

5. Ideally, you may want to configure a VirtualHost in the httpd.conf file to handle all HTTPS requests. This separates the HTTPS requests from the HTTP requests as a more scalable approach. This may be more desirable in a multi-purpose site or if a load balancer or other device is in front of Oracle HTTP Server which is also handling both HTTP and HTTPS requests.

   The following sample instructions load the mod_certheaders module, then creates a virtual host to handle only HTTPS requests.

   # Load correct module here or where other LoadModule lines exist:
   LoadModule certheaders_module libexec/mod_certheaders.so
   # This only handles https requests:
      <VirtualHost <name>:<port>
          # Use name and port used in url:
          ServerName <www.company.com:port>
          SimulateHttps On
          # The rest of your desired configuration for this VirtualHost goes here
      </VirtualHost>
   

6. Restart Oracle HTTP Server and test access to the server, First test a static page such as https://host:port/index.html and then your test your application.

About Terminating SSL at Oracle HTTP Server

If SSL is configured in Oracle HTTP Server but not on Oracle WebLogic Server, then you can terminate SSL for requests sent by Oracle HTTP Server.

The following figures illustrate request flows, showing where HTTPS stops. In Figure 9-2, an HTTPS request is sent from the browser. The load balancer transmits the HTTPS request to Oracle HTTP Server. SSL is terminated in Oracle HTTP Server and the HTTP request is sent to WebLogic Server.

Figure 9-2 Terminating SSL at Oracle HTTP Server—With Load Balancer

Description of "Figure 9-2 Terminating SSL at Oracle HTTP Server—With Load Balancer"

In Figure 9-3 there is no load balancer and the HTTPS request is sent directly to Oracle HTTP Server. Again, SSL is terminated in Oracle HTTP Server and the HTTP request is sent to WebLogic Server.

Figure 9-3 Terminating SSL at Oracle HTTP Server—Without Load Balancer

Description of "Figure 9-3 Terminating SSL at Oracle HTTP Server—Without Load Balancer"

Terminating SSL at Oracle HTTP Server

To instruct the Oracle HTTP Server to treat requests as if they were received through HTTPS, configure the WLSProxySSL directive in the mod_wl_ohs.conf file and ensure that the SecureProxy directive is not configured.

1. Configure the mod_wl_ohs.conf file to add the WLSProxySSL directive for the location of your non-SSL configured managed servers.
   For example:

   WLProxySSL ON
   

2. If using a load balancer or other device in front of Oracle HTTP Server (which is also using SSL), you might need to configure the WLProxySSLPassThrough directive instead, depending on if it already sets WL-Proxy-SSL.
   For example:

   WLProxySSLPassThrough ON
   

   For more information, see your load balancer documentation. For more information on WLProxySSLPassThrough, see Parameters for Oracle WebLogic Server Proxy Plug-Ins in Using Oracle WebLogic Server Proxy Plug-Ins.

3. Ensure that the SecureProxy directive is not configured, as it will interfere with the intended communication between the components.
   This directive is to be used only when SSL is used throughout. The SecureProxy directive is commented out in the following example:

   # To configure SSL throughout (all the way to WLS):
   # SecureProxy ON
   # WLSSLWallet  "<Path to Wallet>" 
   

4. Enable the WebLogic Plug-In flag for your managed servers or cluster.
   By default, this option is not enabled. Complete the following steps to enable the WebLogic Plug-In flag:
   1. Log in to the Oracle WebLogic Server Administration Console.
   2. In the Domain Structure pane, expand the Environment node.
   3. Click on Clusters.
   4. Select the cluster to which you want to proxy requests from Oracle HTTP Server.
      The Configuration: General tab appears.
   5. Scroll down to the Advanced section, expand it.
   6. Click Lock and Edit.
   7. Set the WebLogic Plug-In Enabled to yes.
   8. Click Save and Activate the Changes.
   9. Restart the servers for the changes to be effective.
5. Restart Oracle HTTP Server and test access to a Java application.
   For example: https://host:port/path/application_name.

Ref https://docs.oracle.com/middleware/12213/webtier/administer-ohs/security.htm#HSADM1265

How to run .SQL script using JDBC?

 

A database script file is a file that contains multiple SQL quries separated from each other. Usually, these files have the .sql extention.

Running .sql script files in Java

You can execute .sql script files in Java using the runScript() method of the ScriptRunner class of Apache iBatis. To this method you need to pass a connection object.

Therefore to run a script file −

• Register the MySQL JDBC Driver using the registerDriver() method of the DriverManager class.
• Create a connection object to establish connection with the MySQL database using the getConnection() method.
• Initialize the ScriptRunner class of the package org.apache.ibatis.jdbc.
• Create a Reader object to read the script file.
• Finally, execute the script using the runScript(reader) method.

Example

Let us create a script file with name sampleScript.sql copy the following contents init. This script creates a table with name cricketers_data in MySQL database an populates it with five records.

CREATE DATABASE exampleDB;
use exampleDB;
CREATE TABLE exampleDB.cricketers_data(
   First_Name VARCHAR(255),
   Last_Name VARCHAR(255),
   Date_Of_Birth date,
   Place_Of_Birth VARCHAR(255),
   Country VARCHAR(255)
);
insert into cricketers_data values('Shikhar', 'Dhawan', DATE('1981-12-05'), 'Delhi', 'India');
insert into cricketers_data values('Jonathan', 'Trott', DATE('1981-04-22'), 'CapeTown', 'SouthAfrica');
insert into cricketers_data values('Kumara', 'Sangakkara', DATE('1977-10-27'), 'Matale', 'Srilanka');
insert into cricketers_data values('Virat', 'Kohli', DATE('1988-11-05'), 'Delhi', 'India');
insert into cricketers_data values('Rohit', 'Sharma', DATE('1987-04-30'), 'Nagpur', 'India');
select * from mydatabase.cricketers_data;

Add the following maven dependency (for the jar file mybatis-3.4.1.jar) to your pom.xml file −

<dependency>
   <groupId>org.mybatis</groupId>
   <artifactId>mybatis</artifactId>
   <version>3.4.5</version>
</dependency>

Example

Following JDBC program executes the sampleScript.sql file.

import java.io.BufferedReader;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.Reader;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
import org.apache.ibatis.jdbc.ScriptRunner;
public class RunningScripts {
   public static void main(String args[]) throws Exception {
      //Registering the Driver
      DriverManager.registerDriver(new com.mysql.jdbc.Driver());
      //Getting the connection
      String mysqlUrl = "jdbc:mysql://localhost/talakai_noppi";
      Connection con = DriverManager.getConnection(mysqlUrl, "root", "password");
      System.out.println("Connection established......");
      //Initialize the script runner
      ScriptRunner sr = new ScriptRunner(con);
      //Creating a reader object
      Reader reader = new BufferedReader(new FileReader("E:\\sampleScript.sql"));
      //Running the script
      sr.runScript(reader);
   }
}

Output

Connection established......
CREATE DATABASE exampleDB
use exampleDB
CREATE TABLE exampleDB.cricketers_data(
   First_Name VARCHAR(255),
   Last_Name VARCHAR(255),
   Date_Of_Birth date,
   Place_Of_Birth VARCHAR(255),
   Country VARCHAR(255)
)
insert into cricketers_data values('Shikhar', 'Dhawan', DATE('1981-12-05'), 'Delhi', 'India')
insert into cricketers_data values('Jonathan', 'Trott', DATE('1981-04-22'), 'CapeTown', 'SouthAfrica')
insert into cricketers_data values('Kumara', 'Sangakkara', DATE('1977-10-27'), 'Matale', 'Srilanka')
insert into cricketers_data values('Virat', 'Kohli', DATE('1988-11-05'), 'Delhi', 'India')
insert into cricketers_data values('Rohit', 'Sharma', DATE('1987-04-30'), 'Nagpur', 'India')
select * from mydatabase.cricketers_data
First_Name Last_Name Year_Of_Birth Place_Of_Birth Country
Shikhar Dhawan 1981-12-05 Delhi India
Jonathan Trott 1981-04-22 CapeTown SouthAfrica
Lumara Sangakkara 1977-10-27 Matale Srilanka
Virat Kohli 1988-11-05 Delhi India
Rohit Sharma 1987-04-30 Nagpur India

 Reference: https://www.tutorialspoint.com/how-to-run-sql-script-using-jdbc 

How to get a list of images on docker registry v2

 List all repositories (effectively images):

curl -X GET https://myregistry:5000/v2/_catalog
> {"repositories":["redis","ubuntu"]}

List all tags for a repository:

curl -X GET https://myregistry:5000/v2/ubuntu/tags/list
> {"name":"ubuntu","tags":["14.04"]}

Install letsencrypt cer to trust CA in ubuntu

Install ca-certificates

sudo apt-get install ca-certificates

Down load cer from letsencrypt

cd /usr/share/ca-certificates

sudo wget https://letsencrypt.org/certs/isrgrootx1.pem  -O isrgrootx1.crt

sudo wget https://letsencrypt.org/certs/letsencryptauthorityx3.pem  -O letsencryptauthorityx3.crt

Update CA

sudo dpkg-reconfigure ca-certificates

Endpoint is not Created for Service in Kubernetes

The Problem

Endpoints shows ‘none’:

$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.yy.0.1 <none> 443/TCP 9d
test ClusterIP 10.xx.97.97 <none> 6379/TCP 21s

$ kubectl describe svc test
Name: test
Namespace: default
Labels: <none>
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"test","namespace":"default"},"spec":{"clusterIP":"10.xx.97.97","...
Selector: app=test
Type: ClusterIP
IP: 10.xx.97.97
Port: <unset> 6379/TCP
TargetPort: 6379/TCP
Endpoints: <none>
Session Affinity: None
Events: <none>

The Solution

The service selector doesn’t match any Pod’s labels.

$ kubectl get pods --show-labels |egrep 'app=test'
$

1. Edit the yaml file and correct the selector to match the Pod’s label.

$ kubectl get pods --show-labels |egrep 'app=filebeat'
myapp-ds-c2fwm 1/1 Running 0 21h app=filebeat,controller-revision-hash=54ccfc87bd,pod-template-generation=1,release=stable
myapp-ds-rbn4z 1/1 Running 0 21h app=filebeat,controller-revision-hash=54ccfc87bd,pod-template-generation=1,release=stable

$ vi test-svc.yaml
apiVersion: v1
apiVersion: v1
kind: Service
metadata:
name: test
namespace: default
spec:
selector:
app: filebeat
clusterIP: 10.xx.97.97
type: ClusterIP
ports:
- port: 6379
targetPort: 6379

2. Apply the configuration:

$ kubectl apply -f test-svc.yaml
service/test created

$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.yy.0.1  443/TCP 9d
test ClusterIP 10.xx.97.97  6379/TCP 29m

3. Show the details of the service:

$ kubectl describe svc test
Name: test
Namespace: default
Labels: [none]
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"test","namespace":"default"},"spec":{"clusterIP":"10.xx.97.97","...
Selector: app=filebeat
Type: ClusterIP
IP: 10.xx.97.97
Port: [unset] 6379/TCP
TargetPort: 6379/TCP
Endpoints: 10.zzz.1.38:6379,10.zzz.2.36:6379
Session Affinity: None
Events: [none]

$ kubectl get endpoints test
NAME ENDPOINTS AGE
test 10.zzz.1.38:6379,10.zzz.2.36:6379 39m

 Ref: https://www.thegeekdiary.com/endpoint-is-not-created-for-service-in-kubernetes/

Run Docker Container as a Service

 Ref: https://www.jetbrains.com/help/youtrack/standalone/run-docker-container-as-service.html

Docker team recommends to use cross-platform built-in restart policy for running container as a service. For this, configure your docker service to start on system boot and simply add parameter --restart unless-stopped to the docker run command that starts YouTrack.

However, when it comes to the sequential start of several services (including YouTrack), the restart policy method will not suit. You can use a process manager instead.

Here's an example of how to run YouTrack container as a service on Linux with help of systemd.

To run YouTrack container as a service on Linux with systemd:

Create a service descriptor file /etc/systemd/system/docker.youtrack.service:

[Unit]
Description=YouTrack Service
After=docker.service
Requires=docker.service
[Service]
TimeoutStartSec=0
Restart=always
ExecStartPre=-/usr/bin/docker exec %n stop
ExecStartPre=-/usr/bin/docker rm %n
ExecStartPre=/usr/bin/docker pull jetbrains/youtrack:<version>
ExecStart=/usr/bin/docker run --rm --name %n \
    -v <path to data directory>:/opt/youtrack/data \
    -v <path to conf directory>:/opt/youtrack/conf \
    -v <path to logs directory>:/opt/youtrack/logs \
    -v <path to backups directory>:/opt/youtrack/backups \
    -p <port on host>:8080 \
    jetbrains/youtrack:<version>
[Install]
WantedBy=default.target

Enable starting the service on system boot with the following command:

systemctl enable docker.youtrack

You can also stop and start the service manually at any moment with the following commands, respectively:

sudo service docker.youtrack stop

sudo service docker.youtrack start