This is the log I got from the pod on GKE.
esp Aug 29, 2018, 2:58:59 PM ERROR:Fetching rollouts failed (status code 403, reason Forbidden, url https://servicemanagement.googleapis.com/v1/services/myapp.endpoints.xxxxx.cloud.goog/rollouts?filter=status=SUCCESS)
esp Aug 29, 2018, 2:58:57 PM INFO:Fetching the service config ID from the rollouts service
esp Aug 29, 2018, 2:58:57 PM INFO:Fetching an access token from the metadata service
I can see my endpoint service using:
gcloud endpoints configs list --service=myapp.endpoints.xxxxx.cloud.goog
2018-08-29r3 myapp.endpoints.xxxxx.cloud.goog
2018-08-29r2 myapp.endpoints.xxxxx.cloud.goog
2018-08-29r1 myapp.endpoints.xxxxx.cloud.goog
2018-08-29r0 myapp.endpoints.xxxxx.cloud.goog
I also have service permission enabled on my GKE cluster.
Service Control Enabled
Service Management Read Write
It turned out I need create credentials for your service, even I'm on google kubernetes engine.
For me I forgot to deploy swagger file to endpoints. After deploying endpoints it is fixed.
Related
I have my wso2 servers up and running..now customer came up with a rewuirement that they need a separate webpage [ofcourse authenitucated] where they can see the status [up/down] and they would like to stop and start wso2 from that page rather than going to wso2 admin console.
Is there any API for getting the status as well as stopping/starting of wso2 ?
My product is wso2 EI
I guess I can invoke the wso2server.bat from Java and achieve is..is this ideal to do that or are there other approaches?
You can use WSO2 admin services to check the server(each node) status, do server restart or put into maintenance mode as well.
This internal admin service is called ServerAdmin and it's running on the servlet port(9443 - https://localhost:9443/services/ServerAdmin ). Below are the few operations available on that service
isAlive
restartGracefully
startMaintenance
endMaintenance
If you want to check the WSDL of this service, you need to change the visibility of admin WSDLs using <HideAdminServiceWSDLs>false</HideAdminServiceWSDLs> configuration in the carbon.xml file.
We are running a simple application that connects to Firebase are reads some data. It fails to connect with the following timeout error:
#firebase/database: FIREBASE WARNING: {"code":"app/invalid-credential",
"message":"Credential implementation provided to initializeApp()
via the \"credential\" property failed to fetch a valid Google OAuth2 access token
with the following error: \"Failed to parse access token response: Error: Error
while making request: connect ETIMEDOUT
We are behind Firewall / Proxy and it appears that is blocking traffic to/from Firebase and hence failed connection. My question is what ports need to be opened and to what destination URLs to make this application work normally?
Any help will be much appreciated!
Finally, after struggling with the issue for several days got it working. Needed to contact network team and request to perform following actions:
Open ports 5228, 5229, 5230 for Firebase communication.
Opened communication at proxy level between the source server and following URLs:
fcm.googleapis.com
gcm-http.googleapis.com
accounts.google.com
{project-name}.firebaseio.com
Added following code in my node.js application:
var globalTunnel = require('global-tunnel-ng');
globalTunnel.initialize({
host: '<proxy-url>',
port: <proxy-port>,
//proxyAuth: 'userId:password', // optional authentication
sockets: 50 // optional pool size for each http and https
});
Installed module global-tunnel-ng:
npm install global-tunnel-ng
It solved the my problem and I hope it can help others too. :-)
I used Wireshark to monitor a local install of a Node.js application using the Admin SDK for firestore. I also referenced this list by Netify. This is what I found:
*.firebaseio.com
*.google.com
*.google-analytics.com
*.googleapis.com
*.firebase.com
*.firebaseapp.com
all. I am currently working on a go project that requires me to connect to Google Analytics API v3. I am authenticating using service account method. I am pretty sure that I am able to authenticate but I am getting "insufficient_scope" error. I am not sure what's going on here.
My config struct
config := &jwt.Config{
Email:settings.Client_email,
PrivateKey:[]byte(settings.Private_key),
Scopes: []string{
"https://www.googleapis.com/auth/analytics.readonly",
},
TokenURL: google.JWTTokenURL,
}
The response header
Cache-Control:[private, max-age=0]
X-Xss-Protection:[1; mode=block]
Alt-Svc:[quic=":443"; p="1"; ma=604800]
Date:[Fri, 23 Oct 2015 17:45:13 GMT]
X-Content-Type-Options:[nosniff]
X-Frame-Options:[SAMEORIGIN]
Server:[GSE]
Alternate-Protocol:[443:quic,p=1]
Vary:[Origin X-Origin]
Content-Type:[application/json; charset=UTF-8]
Www-Authenticate:[
Bearer realm="https://accounts.google.com/",
error=insufficient_scope,
scope="https://www.googleapis.com/auth/analytics"
]
Expires:[Fri, 23 Oct 2015 17:45:13 GMT]
Figured it out. I just needed to add client email to Google Analytics account.
https://support.google.com/analytics/answer/1009702?hl=en#Add
Up until recently my catalina.log used to report the following:
Mar 19, 2015 4:49:20 PM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring FrameworkServlet 'dispatcher1'
Mar 19, 2015 4:49:20 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-9080"]
Mar 19, 2015 4:49:20 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 53209 ms
which I look for during an automated deployment to know whether my servlet started OK. Recently, I no longer get this message in catalina.out. However:
there are no startup errors
logging is working
the server seems to be working perfectly, AFAICT (responds to all requests)
kill -3 doesn't show anything helpful that I can see
So,
What might have caused the "Server startup" message to stop being printed (and yet the server to accept connections)?
In (annotation based) Spring MVC, there a good place where I can place a hook and output a custom "servlet startup success" message?
The "standard out" may no longer be going to catalina.out. What's in your log4j property file? And what are you using to start Tomcat?
You could impelement a ServletContextListener to be aware of when the Servlet based application is ready to accept requests.
http://docs.oracle.com/javaee/6/api/javax/servlet/ServletContextListener.html#contextInitialized(javax.servlet.ServletContextEvent)
I'm currently working on a website developed with Symfony2 and I need to send messages in an Amazon SQS. In order to do that I added to my composer.json:
"aws/aws-sdk-php": "2.4.*"
Then when I try to create a queue or list queues I've got a 403 error saying:
Access to the resource https://sqs.us-west-2.amazonaws.com/ is denied.
EDIT:
added the full error message
AWS Error Code: AccessDenied, Status Code: 403, AWS Request ID:
2fe34c11-7af8-5445-a768-070159a0953e, AWS Error Type: client, AWS
Error Message: Access to the resource
https://sqs.us-west-2.amazonaws.com/ is denied., User-Agent:
aws-sdk-php2/2.4.11 Guzzle/3.7.4 curl/7.25.0 PHP/5.4.3
Here is a sample code of what I do:
$aws = Aws::factory(array(
'key' => 'my-key',
'secret' => 'my-secret',
'region' => 'us-west-2'
));
$sqs = $aws->get('sqs');
return new Response(var_dump($sqs->listQueues()));
What do I do wrong to get this error ?
After digging I discovered that the account I was using wasn't granted the access to SQS service.
To give a SQS access to an account you have to go to the amazon management console. Then click on IAM. Under this section click on Users and then you can manage permission for each account you created.
Make sure that both the following policies allow access to the SQS queue
Resource (SQS) based policy: The SQS queue should allow your identity to use the queue. You define this using the queue policy (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-sqs-policy). The default queue policy will allow access only to the owner of the queue (owner of the queue is the identity that created the queue).
Identity based policies: The policy for the identity that is accessing the queue should have permission to invoke operations on the queue.
Make sure that the access is not restricted by either one of them.
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-using-identity-based-policies.html
I had the same strange issue, I had everything set up including policies and permission, after a couple of hrs I found out I was getting 403 error because of wrong aws region was configured in my application it was supposed to be ap-south-1 by default it was us-east-1