A few of our database connections are configured to require windows authentication. I am trying to setup a docker container with a java application which should be able to query those databases. However, I keep getting the following error:
Failed to load the sqljdbc_auth.dll cause : no sqljdbc_auth in java.library.path: [/usr/java/packages/lib, /usr/lib64, /lib64, /lib, /usr/lib]
I am not sure if this is even doable - setting up windows auth from within docker container. Has anybody done it?
FYI - I am using docker for Windows
I believe you need to set up gMSA for this to work. The context is that Windows containers don't get domain-joined. With that, they don't get a computer account to talk to the domain, neither you can use a domain account to authenticate. gMSA solves that, but requires that you configure it with the container host (also referred to as gMSA v1) or K8s (also referred to as gMSA v2).
Here's the documentation on how gMSA works: https://learn.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/manage-serviceaccounts
Related
Currently I m running a component (IBM WTX tool) from Java using the jars provided by IBM. In the WTX component I am connecting to a oracle database using tns connect identifier. While the running the component independently the tool picks up the tnsnames.ora of the oracle driver installed in my system and it works fine. But when running the same component from Java it could not resolve the tnsname and fails. Do we need to do any additional setup in Java Side?
I tried System.setProperty("oracle.net.tns_admin",""). But It didn't work.
Can anyone help on the issue?
Regards,
TNS_ADMIN must be set in the environment before the Java process is started. I don't think it can be set from within Java - or at least I haven't seen it done successfully before. Typically I have see this set from a shell script that also launches the Java program.
I am trying to build an application that can control dockers containers hosted on Docker for windows.
The application is built on top of docker-java library and it works fine.
I tried to host this application on docker itself. Hosting was OK. The issue is that, when the application tries to connect to tcp://localhost:2375 in order to access docker's api, the connection fails.
This is obviously because localhost within the container is not anymore refering to the actual host where Docker for Windows is installed.
So I used the explicit IP address to access docker's api from the container (tcp://192.168.0.10:2375), the connection was also refused!
I stopped the firewall, yet the issue was still there.
I searched for it, then I realized that I have to define "hosts" configuration variable to make docker's api accessable using the host's explicit IP address.
But when I tried to set the "hosts" configuration variable, docker said:
"hosts": Cannot be used in Docker for Windows
So does it mean that there is no way on Docker for Windows to host a container that can access its api?
Though I am not quite familiar with Docker on Windows, I found some introductions on docker website. Just try below.
I WANT TO CONNECT FROM A CONTAINER TO A SERVICE ON HOST.
But I strongly suggest you give Docker on Windows up.
Edited: 2018-9-5 19:55
Using host.docker.internal to access the host as comment suggested below.
I am trying to access my Tomcat HomePage which is inside my Google Cloud VM Instance with External IP address 35.189.85.127 and Internal IP 10.154.0.2. On my local machine, in my browser I tried http://35.189.85.127 and http://35.189.85.127:8080 but got error
The connection has timed out. The server at 35.189.85.127 is taking too long to respond.
I have seen all the questions and replies on stackoverflow regarding this question but still I found no clear solution.
The steps that I've done so far:
I have setup a Google Cloud VM instance in Compute Engine. I am using Windows Server 2016 as the image.
Using RDP I log on to Windows Server.
I successfully installed Java 1.7 and Tomcat 7 on Windows Server.
I tested Java and Tomcat 7, both are working fine i.e. I open browser and type localhost:8080 and it shows Tomcat HomePage.
I replaced localhost with my VM Instance Internal IP i.e. 10.154.0.2:8080 and it again correctly shows Tomcat HomePage.
Now I try to access Tomcat HomePage using my VM Instance External IP (Static) 35.189.85.127 but in my browser I get error
The connection has timed out. The server at 35.189.85.127 is taking too long to respond.
Faced the same issue today.
Noticed from your question that you're using an Windows environment.
On Windows
Be sure that the Windows Firewall is properly configured to allow traffic under the ports you need (or deactivate it).
On GCP
Under "VPC Network/Firewall Rules", create a new firewall rule and configure as below:
Firewall Rule Parameters (image)
Or, you have the option to check the "Allow HTTP traffic" option under the Instance Configuration menu and edit Tomcat's server.xml to startup at port 80, as described here:
Change Tomcat Port Tutorial # StackOverflow
Option1: If it's just tomcat. GCP offers a click to launch Tomcat instance with an external IP. You can SSH and also have a temp tomcat username and password to manage any of your deployments.
https://console.cloud.google.com/launcher/details/click-to-deploy-images/tomcat
Option 2:
If you wish to have a Google Cloud VM instance in Compute Engine.
You will need to setup security groups and assign it to your instance.
Eg. Define rules to Open Tomcat port 8080(or any) externally / range. Assign that group/rule to your VM instance.
There are many options available, it all depends on how you wish to organize things. You could create a VPC and add your instances there or keep them under the same subnet or have them accessible externally etc.
I’m using glassfish 3.1.2 on Red Hat Enterprise Linux Server release 5.7 (Tikanga). Glassfish has been installed as part of a piece of bigger software (that I’m developing). It used to work correctly in the past.
I can issue a ‘start-domain’ command. This one will work correctly and glassfish will start. I can see the process and the glassfish admin web console is working fine. However, the command ‘list-domain’ reports my domain as not running. The command ‘stop-domain’ will fail reporting the domain1 as already stopped. This prevents my software to run properly.
As far as I know, nothing has changed on that system. There is no exception/error in the log. I already search the internet for description of similar behaviour. I ensured the embedded firewall (the one coming with the OS) did not prevent the communication. I removed the expired certificate (just in case). I have no idea on what I could do next.
What could I check? Any help appreciated. Add a comment if you need specific details and I will update the question.
Answer to unwichtich's questions:
absolute path to jvm using an absolute path to the admin-cli.jar: /.../java -Duser.home=... -Duser.language=en -Dhttps.protocols=TLSv1.2 -jar /.../glassfish/modules/admin-cli.jar --terse --port 23992 --user admin --passwordfile /.../passwordfile list-domains
There are two lines in the /etc/hosts. The first with the ip mapping to the hostname. The second with 127.0.0.1 mapping to loopback and localhost
My software includes some command line utilities that need to perform operation on Glassfish (like start-domain, stop-domain, list-domains,...).
I have an app deployed to my local WebLogic instance (10.3.6) on my Win7 laptop. It's creating Beans through Spring and registering them in the local MBeanServer. I can open up VisualVM, see the "WebLogic" process and see the mbeans that I've registered. This works fine.
I then wanted to set up my JVM for remote JMX access. I took the simple-minded approach for now and set the following properties:
-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8888 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true
I made sure the "jmxremote.access" and "jmxremote.password" file in my JRE was set appropriately.
I started it up, then opened up VisualVM on my Linux box and created a remote host entry for the IP address of my laptop, then a JMX connect to port 8888, and specified the name:pwd pair I set in the jmxremote.access and jmxremote.password files. This all worked fine. I could see all the same registered mbeans.
Then, I went back to my laptop and looked my local VisualVM, and I saw that there was no "WebLogic" process. It appears that enabling my JVM for remote JMX access has disabled local access. Is this supposed to happen? Is there a way to configure this? This isn't necessarily a big problem, I just need to understand it.