I have a local Nagios Server and I'm trying to configure it to monitor my tomcat8 server with check_jvm, so I can control the memory and classes used by Java.
To do so I installed the check_nrpe plugin on the client, and configured it but I'm having an 'odd' error.
If I try to call the plugin on the client from my server, it answers correctly, even using check_jvm commands as parameter.
But when I configure it so nagios do the check on his own, the web browser returns a "CHECK_NRPE: Error - Could not complete SSL handshake" for that service specifically.
This is what I have:
From my nagios server
# /usr/local/nagios/libexec/check_nrpe -H <client.ip>
NRPE v2.12
# /usr/local/nagios/libexec/check_nrpe -H <client.ip> -c tomcat_heap
OK 799998504 |max=2101870592;;; commited=2101870592;;; used=799998504;;;
Where tomcat_heap is the name of a command defined in nrpe.cfg at the client in order to use the check_jvm plugin.
command[tomcat_heap]=sudo /usr/local/nagios/libexec/check_jvm -n org.apache.catalina.startup.Bootstrap -p heap -w 1700000000 -c 2000000000
Now, back again on my Nagios server, this is the service definition
define service{
use generic-service
host_name lin-des
service_description Tomcat heap
check_command check_nrpe!tomcat_heap
}
Now, this returns a 'CHECK_NRPE: Error - Could not complete SSL handshake' on the web app.
I've checked the allowed_hostson the nrpe.cfgfile, as well as on /etc/xinetd.d/nrpe, so it includes my nagios server IP.
I've also checked Selinux and Iptables configuration.
I've also checked that both my Nagios server, and the client share the same version of the ssl libraries.
Lastly, I've checked all the permissions on /usr/local/nagios/libexec on both the server and the client, so the user nagios have the ownership of them.
At this point, I ran out of ideas, and that's why I'm asking you. Any ideas on where the problem may be?
Found it.
It seems when I defined the check_nrpe command in the command.cfg, I made a mistake on the command line.
define command{
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -p 5656 -t 30 -c $ARG1$
}
As you can see, I defined the command to work on the port 5656 which isn't the port used by the nrpe service (it actually is 5666).
After fixing this error, everything runs properly.
I hope this helps to anyone with similar problems.
I want to install bamboo agent on my working computer. I have downloaded the jar file and try to run it with following syntax
java -jar atlassian-bamboo-agent-installer-5.7.0.jar https://bamboo.xxxxx.org/agentServer/
I got error javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated.
The source of this error is clear to me - we have a self-signed SSL sertificate. I tried to run with following parameters
java -Dbamboo.agent.ignoreServerCertName=true -jar atlassian-bamboo-agent-installer-5.7.0.jar https://bamboo.xxxxx.org/agentServer/
but it does not work as well.
I tried to add the certificate using this link Java keytool easy way to add server cert from url/port
The sertificate seems to be installed, but it does not help. I still have the following error.
Do you know how can I fix it?
The problem was that bamboo did not obtained (for some reason) the keystorage created by keytool.
I needed to manually set the keystore in the bamboo configuration. In config/wrapper.conf you need to add following lines
wrapper.java.additional.3=-Djavax.net.ssl.keyStore=/#MODIFY_ME_TO_MY_HOME#/bamboo-agent-home/keystores/client.ks
wrapper.java.additional.4=-Djavax.net.ssl.keyStorePassword=#MY_AWESOME_PASSWORD#
wrapper.java.additional.5=-Djavax.net.ssl.trustStore=/#MODIFY_ME_TO_MY_HOME#/bamboo-agent-home/keystores/client.ts
This can be caused if you are running Bamboo behind Apache with SSL, if your default SSL VirtualHost is not returning the same SSLCertificate as your Bamboo VirtualHost. We had a similar problem, because I didn't know /etc/httpd/conf.d/ssl.conf created a VirtualHost.
I'm trying to set up Jenkins / Hudson on my Ubuntu PC. That's not the problem but I set an Android job with the following commands:
export CLEAN=false
export LUNCH=cm_ace-userdebug
export REPO_BRANCH=cm-10.1
export RELEASE_TYPE=CM_NIGHTLY
curl -O https://raw.github.com/CyanogenMod/hudson/master/job.sh
. ./job.sh
The job stops after a few seconds because of the error:
could not read Username for 'https://github.com': No such device or address
How do I fix this error?
Please help!
I suspect that Jenkins is attempting to open "/dev/tty" or something to ask you for a user name and password. That is failing because Jenkins is running as a daemon ... and "/dev/tty" can't be used in that context. The "No such device or address" comes from the failed attempt to open "/dev/tty".
The solution would be to configure the job to use a specific private key for the fetch. Read the curl manual entry and check out the -E option. Alternatively, you could use -u and specify the username and password in the curl command.
Unable to open debugger port in intellij.
The port number 9009 matches the one which has been set in the configuration file for the application.
<java-config debug-options="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=9009" system-classpath="" native-library-path-prefix="D:\Project\lib\windows\64bit" classpath-suffix="">
<jvm-options>-XX:MaxPermSize=192m</jvm-options>
<jvm-options>-client</jvm-options>
<jvm-options>-XX:+UnlockDiagnosticVMOptions</jvm-options>
<jvm-options>-XX:+LogVMOutput</jvm-options>
<jvm-options>-XX:LogFile=${com.sun.aas.instanceRoot}/logs/jvm.log</jvm-options>
<jvm-options>-Djava.endorsed.dirs=${com.sun.aas.installRoot}/modules/endorsed${path.separator}${com.sun.aas.installRoot}/lib/endorsed</jvm-options>
<jvm-options>-Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy</jvm-options>
<jvm-options>-Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf</jvm-options>
<jvm-options>-Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as</jvm-options>
<jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks</jvm-options>
<jvm-options>-Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/cacerts.jks</jvm-options>
<jvm-options>-Djava.ext.dirs=${com.sun.aas.javaRoot}/lib/ext${path.separator}${com.sun.aas.javaRoot}/jre/lib/ext${path.separator}${com.sun.aas.instanceRoot}/lib/ext</jvm-options>
<jvm-options>-Djdbc.drivers=org.apache.derby.jdbc.ClientDriver</jvm-options>
<jvm-options>-DANTLR_USE_DIRECT_CLASS_LOADING=true</jvm-options>
<jvm-options>-Dcom.sun.enterprise.config.config_environment_factory_class=com.sun.enterprise.config.serverbeans.AppserverConfigEnvironmentFactory</jvm-options>
<jvm-options>-Dosgi.shell.telnet.port=4766</jvm-options>
<jvm-options>-Dosgi.shell.telnet.maxconn=1</jvm-options>
<jvm-options>-Dosgi.shell.telnet.ip=127.0.0.1</jvm-options>
<jvm-options>-Dfelix.fileinstall.dir=${com.sun.aas.installRoot}/modules/autostart/</jvm-options>
<jvm-options>-Dfelix.fileinstall.poll=5000</jvm-options>
<jvm-options>-Dfelix.fileinstall.debug=1</jvm-options>
<jvm-options>-Dfelix.fileinstall.bundles.new.start=true</jvm-options>
<jvm-options>-Dorg.glassfish.web.rfc2109_cookie_names_enforced=false</jvm-options>
<jvm-options>-XX:NewRatio=2</jvm-options>
<jvm-options>-Xmx2048m</jvm-options>
</java-config>
Configuration in IntelliJ:
When I try and enable the remote debugging in for this application it comes up with the following error:
You may have to change the debugger port if your port is already used by another program. To do so:
Run
Edit Configurations
Startup/Connection tab
Debug
Change the port here
Or, maybe in other versions:
Run
Edit Configurations
Remote > Remote debug in the list on the left
Configuration tab, Settings section
Port: change the port here
Add the following parameter debug-enabled="true" to this line in the glassfish configuration.
Example:
<java-config debug-options="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=9009" debug-enabled="true"
system-classpath="" native-library-path-prefix="D:\Project\lib\windows\64bit" classpath-suffix="">
Start and stop the glassfish domain or service which was using this configuration.
I had the same problem and this solution also did the trick for me: Provide the IP 127.0.0.1 in the Intellij Debug configuration instead of the host name "localhost", in case you're using this hostname.
You must set CHMOD +x (execute for *.sh or *.bat files). For example, I am using macOS
cd /Users/donhuvy/Documents/tools/apache-tomcat-9.0.12/bin
sudo chmod +x *.sh
Then IntelliJ IDEA, and Apache Tomcat running or debugging just good.
In glassfish\domains\domain1\config\domain.xml set before start server
<java-config classpath-suffix="" debug-options="-agentlib:jdwp=transport=dt_socket,address=9009,server=y,suspend=n" java-home="C:\Program Files\Java\jdk1.8.0_162" debug-enabled="true" system-classpath="">
or set debug-enabled="true" server=y,suspend=n in http://localhost:4848/common/index.jsf
In current Idea 2018 - Server Run Configuration - Debug - Port - address
I'm hoping your problem has been solved by now. If not, try this... It looks like you have server=y for both your app and IDEA. IDEA should probably be server=n. Also, the (IDEA) client should have an address that includes both the host name and the port, e.g., address=127.0.0.1:9009.
This one worked for me--
If the issue still persists (in case you are not using a glassFish server), then close your JIdea and stop the server. This will disable the ports connectivity. Then start your server and JIdea, this will start fresh connectivity with the ports, resolving the issue.
For me, the problem was that catalina.sh didnt have execute permissions. The "Unable to open debugger port in intellij" message appeared in Intellij, but it sort of masked the 'could not execute catalina.sh' error that appeared in the logs immediately prior.
This error can happen Tomcat is already running. So make sure Tomcat isn't running in the background if you've asked Intellij to start it up ( default ).
Also, check the full output window for more errors. As a more useful error may have preceded this one ( as was the case with my configuration just now )
Answer is pretty simple,
I also faced the problem finally I got perfect solution.
Create Debug
Create Remote debug with following configuration
Firstly run by debug.
It gives you waitng for socket 5005
then run with remote debug
Try to connect with telnet , if it connects then it shows below:
$telnet 10.238.136.165 9999
Trying 10.238.136.165...
Connected to 10.238.136.165.
Escape character is '^]'.
Connection closed by foreign host.
If port is not available (either because someone else is already connected to it or the port is not open etc) then it shows something like it shows like below:
$telnet 10.238.136.165 9999
Trying 10.238.136.165...
telnet: connect to address 10.238.136.165: Connection refused
telnet: Unable to connect to remote host
So I think one needs to see whether:
the application is property listening to port or not
or someone else has already connected to it
Also try to connect on that m/c itself first like
$telnet localhost 9999
Set the MAVEN_OPTS. It should work !!
export MAVEN_OPTS="-Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,address=4000,server=y,suspend=n"
mvn spring-boot:run -Dserver.port=8090
Run your Spring Boot application with the given command to enable debugging on port 6006 while the server is up on port 8090:
mvn spring-boot:run -Drun.jvmArguments='-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=6006' -Dserver.port=8090
Your Service/ Application might already be running. In Search enter Services and you will get list of services. Stop yours and then try again.
I had the same issue, I just have to remove the HTTP protocol from the URL. That's it.
I hope it works for you.
I once have this problem too.
My solution is to work around this problem by kill the application which is using the port.
Here is a article to teach us how to check which application is using which port, find it and kill/close it.
In my case, I was not setting the debug port while starting the application.
I am using tomcat to deploy 3 war files, and I forgot to configure the debug port.
Tomcat allows us to configure this via setenv.sh.
Here are the commands to create setenv.sh file in the bin directory of my tomcat installation and provide the debug arguments/port.
tee /usr/share/tomcat9/bin/setenv.sh << EOF
export CATALINA_OPTS="$CATALINA_OPTS -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005"
EOF
service tomcat9 restart
Merely hitting the debug icon again fixed my problem in a few seconds.
Make sure to specify an SDK and Project SDK for your app under File --> Project Structure (Project | SDKs)
I have a section in a POM that looks something like this:
<scm>
<connection>scm:cvs:ext:myhostname:/cvsroot/repo:module_name</connection>
</scm>
I typically use publickey auth to authentication against this cvs server, although it should accept my password as well.
When I attempt to run mvn scm:update, mvn release:prepare, or any other Maven goal that involves connecting to this scm, I get the following failure:
[INFO] Executing: cmd.exe /X /C "cvs -z3 -f -q update -d"
[INFO] Working directory: C:\Documents and Settings\matt\workspace\projectname
org.netbeans.lib.cvsclient.connection.AuthenticationException: Cannot authenticate. Reason: Publickey authentication failed.
at org.apache.maven.scm.provider.cvslib.cvsjava.util.ExtConnection.open(ExtConnection.java:136)
at org.apache.maven.scm.provider.cvslib.cvsjava.util.CvsConnection.connect(CvsConnection.java:166)
at org.apache.maven.scm.provider.cvslib.cvsjava.util.CvsConnection.processCommand(CvsConnection.java:498)
at org.apache.maven.scm.provider.cvslib.cvsjava.command.update.CvsJavaUpdateCommand.executeCvsCommand(CvsJavaUpdateCommand.java:53)
at org.apache.maven.scm.provider.cvslib.command.update.AbstractCvsUpdateCommand.executeUpdateCommand(AbstractCvsUpdateCommand.java:78)
at org.apache.maven.scm.command.update.AbstractUpdateCommand.executeCommand(AbstractUpdateCommand.java:63)
at org.apache.maven.scm.command.AbstractCommand.execute(AbstractCommand.java:59)
at org.apache.maven.scm.provider.cvslib.AbstractCvsScmProvider.executeCommand(AbstractCvsScmProvider.java:750)
at org.apache.maven.scm.provider.cvslib.AbstractCvsScmProvider.update(AbstractCvsScmProvider.java:348)
at org.apache.maven.scm.provider.AbstractScmProvider.update(AbstractScmProvider.java:821)
at org.apache.maven.scm.provider.AbstractScmProvider.update(AbstractScmProvider.java:770)
at org.apache.maven.scm.manager.AbstractScmManager.update(AbstractScmManager.java:526)
at org.apache.maven.scm.plugin.UpdateMojo.execute(UpdateMojo.java:89)
(lots more of the stacktrace....)
And further down in the stacktrace:
Caused by: java.io.IOException: Decrypted PEM has wrong padding, did you specify the correct password?
at ch.ethz.ssh2.crypto.PEMDecoder.removePadding(PEMDecoder.java:109)
at ch.ethz.ssh2.crypto.PEMDecoder.decryptPEM(PEMDecoder.java:286)
at ch.ethz.ssh2.crypto.PEMDecoder.decode(PEMDecoder.java:319)
Followed by:
[ERROR] Provider message:
[ERROR] The cvs command failed.
[ERROR] Command output:
I'm running this on a Windows machine, with no cvs executable on the PATH. I do have my public key available under $HOME/.ssh, but it doesn't seem as if cvs/maven/scm is loading it here - as I'm not asked for the keyphrase for it.
So my question is ... is there anything special I need to do with Maven or the SCM/CVS provider to get it to recognize where my public key is installed, or how to actually use it? Currently it doesn't seem as if it is even being used as I am not prompted for it's passphrase.
So after debugging this a bit more, and downloading the source code for the maven-scm-provider-cvs package, I discovered that the CVS library used by this plugin uses the empty string ("") for the passphrase value if it finds your private key. To use the correct passphrase, the library expects you to set a System property with the key name maven.scm.cvs.java.ssh.passphrase.
So, if I run my scm:status goal like so:
mvn scm:status -Dmaven.scm.cvs.java.ssh.passphrase=<my passphrase>
I'm able to connect to CVS.
Gee - I really wish this was documented!
I solved this by executing the cvs+ssh login command from the console before using maven. This added the magic numbers to $home/.ssh for the automated login to work.
If this is because of a self-signed cert, check out the InstallCert code on how to add the self signed cert to the client. Or this example on how to replace the default X509 Trust code.