I tried to setup-up a custom jenkins image, based on the redhat jenkins image. The redhat jenkins image, has the Openshift Login Plugin, installed already.
After, the image started up properly, I tried to login, with my Openshift credentials, but it didn't work.
I just saw the the following error message:
"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.","state":"xxxxxxxxxxxxxxxxxxx"
and there was another message in the OS terminal of the running pod.
I read about several other issues from the Openshift Login Plugin, but also an update to Version 1.0.12 didn't fix my problems.
My Problem was, that I didn't knew, that each Openshift Service Account has a redirect reference - specially configured for one deployment.
I already used the Service Account, I used for the above mentioned Jenkins, for another Jenkins Deployment, because of this Openshift added the redirect reference, configured for this "older" deployment.
In our Openshift Setup (3.11), you aren't able to find the redirection configuration within the Service Account settings that you can find under Resources --> Membership --> Service Accounts. Instead you have to look and edit the YAML File of the Service Account, that you can find under Resources --> Other Resources --> Service Account.
serviceaccounts.openshift.io/oauth-redirectreference.jenkins
Since this is quite tricky to find out, I hope that I could possibly save somebody a few hours of searching.
Related
I have a google workspace addon which is extending gmail and is using app script oauth to connect our own system, https://github.com/googleworkspace/apps-script-oauth2.
Our system has a development environment and a live environment, each uses a different identity client id secret which need to be used when connecting to each. I have stored these as different project properites with the development properties being prefixed with 'dev-' and i have a function that looks like this:
getScriptPropery function. This function has a variable that should let me change the script properties I access.
I have then created a versioned deployment that uses the live project properties and have kept my HEAD deployment using the develpoment properties. My problem is that once someone tries to login on the versioned deployment they seem to be redirected back to the HEAD version of the code which is using development project properties, this then breaks the login attempt and gives the following error: AppScript login error. I have tested this by adding logging that is only in the HEAD version of the getScriptProperty function and you can see the logs swap to using the development properties after redirecting from the login attempt, Logging example.
Is there a better way to manage deployments/project properties to stop this from happening or have a just missed something with how they are meant to work?
I'm running jira in openshift using the basic image from atlassian: https://hub.docker.com/r/atlassian/jira-software
So far most things work fine.
I installed a plugin using the web ui which worked as well.
But now I'm running into an issue when a pod is restarted. The pod uses the image and naturally (as specified) my plugin is not installed anymore. I can install the plugin via webservice calls and register it as an osgi module for jira. But I don't want to do this manually. Building a pipeline or jon for this is quite easy (I'm thinking jenkins or ansible tower). But I so far I didn't find a way to trigger this pipeline after the pod is started (or better after jira is started).
Anyone got an idea how to handle this?
Thanks and best regards. Sebastian
Why not create a custom image based on the Atlassian image with everything you need installed?
As far as I know, there isn't a way to trigger a pipeline when a Pod is started; only Webhook, Image Change, and Config Change triggers are available. You'll need to write a Jenkinsfile to script all of the installation and setup you want, but then that can be triggered in one of the three ways mentioned.
I'm thinking an Image Change trigger would work best for you, so when the latest version of Atlassian's image comes out, you can run your pipeline to set everything up on the latest version.
Also, just curious, but do you have some persistent storage attached to the Jira pod? If not, you'll lose everything in Jira if the Pod dies; that means tickets, boards, comments, everything.
Update:
Looking at this page, it looks like most of the stuff you're trying to persist is stored in jira-home, so maybe mounting that as a persistent volume will be a good solution for you.
You're correct that the tickets are stored in the database, but I'm guessing the database connection settings are getting wiped when the Pod is cycled.
The jira-home directory stores your application and database connection settings, as well as a subdirectory for your plugins.
dbconfig.xml
This file (located at the root of your JIRA home directory) defines
all details for JIRA's database connection. This file is typically
created by running the JIRA setup wizard on new installations of JIRA
or by configuring a database connection using the JIRA configuration
tool.
You can also create your own dbconfig.xml file. This is useful if you
need to specify additional parameters for your specific database
configuration, which are not generated by the setup wizard or JIRA
configuration tool. For more information, refer to the 'manual'
connection instructions of the appropriate database configuration
guide in Connecting JIRA to a database.
jira-config.properties
This file (also located at the root of your JIRA home directory)
stores custom values for most of JIRA's advanced configuration
settings. Properties defined in this file override the default values
defined in the jpm.xml file (located in your JIRA application
installation directory). See Advanced JIRA configuration for more
information.
In new JIRA installations, this file may not initially exist and if
so, will need to be created manually. See Making changes to the
jira-config.properties file for more information. This file is
typically present in JIRA installations upgraded from version 4.3 or
earlier, whose advanced configuration options had been customized
(from their default values).
plugins/
This is the directory where plugins built on Atlassian's Plugin
Framework 2 (i.e. 'Plugins 2' plugins) are stored. If you are
installing a new 'Plugins 2' plugin, you will need to deploy it into
this directory under the installed-plugins sub-directory.
'Plugins 1' plugins should be stored in the JIRA application
installation directory.
This directory is created on JIRA startup, if it does not exist
already.
I'm trying to see whether I can host RTD privately (behind a VPN). I spun up an AWS EC2 instance and set it up using the Docker image and instructions here. Everything worked fine, but when I go to http://<internal_ip> to test it I get a page with the message
404 - Invalid Host
The host "" is unknown to Read the Docs
If you control this domain and believe this is in error, please review our custom domain documentation. In the past, we allowed custom domains to point to us without configuring the domain in the Read the Docs dashboard and we attempted to intelligently guess the correct project based on DNS settings. Now, we believe that explicit is better than implicit. Below are some steps to help you get your domain working again:
Ensure you have a CNAME record pointing to readthedocs.io
Add your desired domain in the Read the Docs dashboard for your project (under Your Project >> Admin >> Domains)
It points me to this page, but it seems to me that those instructions assume I'm hosting my project on the public readthedocs.io site. Any ideas on how I can get this to work on my private server?
When I run Keycloak, I'd like it to load my LDAP configuration (user federation) automatically when it is run, so I don't have to enter it manually. Is there any way to do this with Keycloak? I'm using the containerized version 7.0.0, if it matters. I am also running in standalone mode. Thanks
You should be able to create your realm from a template that has your LDAP configuration in it.
From what I understand from your question, you want to use LDAP as your user Federation server, so you should have an LDAP up and running before starting your Keycloak container, and the container should start with the LDAP configuration.. to do this, I'll suggest a method that is a bit cumbersome at first, but it will give you a better grasp on how to configure Keycloak in the future.
Start by downloading keycloak from the website and run it without putting it in a container.. set up your Realm, clients and everything apart from the LDAP configuration.
Copy the Keycloak.json file outside of the directory, we're going to use that later
Get back to your web interface, configure your LDAP server, and save the configuration.
Now copy the keycloak.json file again, and place both versions in a text comparison tool, Diffmerge for example, and see the difference in the configuration related to your LDAP, that should be added to your container's keycloak.json.
A good practice using keycloak container is to create your whole configuration, and replace the default one, this way your container will start every time with your Realms, clients and all other pre-configured attributes.
OK so I think I figured it out. In Keycloak I had to export the realm via the standalone.sh script as specified in the documentation. Using the kcadm.sh admin CLI did not export the whole realm. Then I could import the realm using the admin CLI later. Thanks for your help it lead me to this answer.
I am trying to customize the default AMI of beanstalk, but everytime I get server restarts after some random time. I went so far as not to change anything, but nothing works.
I have tried the following:
find the instance of running beanstalk, create AMI, modify the AMI of beanstalk-crashing
create new instance with same AMI as on beanstalk, create AMI, modify configuration-crashing
I have tried both stopping the instance before creating AMI, and creating AMI of running instance.
Edit: I found the answer here: Can't generate a working customized EC2 AMI from Amazon Beanstalk sample appl
From personal experience, place the health status page to point to a dummy, static .html file. Although not recommended, this will prevent the health checks from restarting the machine and you could make more inside inspection.
AWS captures into the S3 logs only the ones output via java.util.logging. It means all console logging is not transferred.
That said, make sure you define an private key in your environment config, so you could ssh to it easily and see its output (it changes - for Tomcat 7, it is at /opt/tomcat7. For tomcat6, it is under /usr/share/tomcat6)
Just to add to what aldrinleal wrote (can't comment yet): In the past, I would often find a failed Healthcheck would also disable my site. By which I mean: If you have the health check on your actual app and that app threw an exception, you wouldn't actually get to see anything, the environment would just report a failed state. Only after I changed to a static file for the health check, did I manage to see the errors.
Now I obviously this is more a problem with a dev environment and you can always just pull the logs. But especially in the beginning as someone new to AWS/Beanstalk this helped me a lot.