Tag Archives: Life records

The drone settings page is not trusted

The drone settings page is not trusted

In the tutorial of building the drone cicd system, check trusted in the main part of settings. The normal page is like this

If you don’t have a trusted page, like this

It means that the user who logs in to drone is not an administrator, so you can’t see the option of trusted.

Solution

Check if there is drone in the docker running parameter of drone_ USER_ Create , as shown in the figure below

docker run \
  --volume=/opt/bin/drone/data:/data \
  --env=DRONE_GIT_ALWAYS_AUTH=true \
  --env=DRONE_GIT_USERNAME=xxx \
  --env=DRONE_GIT_PASSWORD=xxx \
  --env=DRONE_GOGS=true \
  --env=DRONE_GOGS_SKIP_VERIFY=false \
  --env=DRONE_GOGS_SERVER=http://xxx \
  --env=DRONE_PROVIDER=gogs \
  --env=DRONE_RPC_SECRET=xxx \
  --env=DRONE_USER_CREATE=username:yourUsername,admin:true \
  --env=DRONE_SERVER_PROTO=http \
  --publish=xxx:80 \
  --publish=xxx:443 \
  --restart=always \
  --detach=true \
  --name=drone \
  -h drone \
  drone/drone:1

--env=DRONE_ USER_ CREATE= username:yourUsername , admin:true this line is very important. After that, you can log in to drone with your user name and become an administrator. If you don’t add it, you won’t see the trusted button.

At that time, the -- env in my line was written as - env which resulted in that the parameters in this line did not take effect and that I did not run drone as an administrator, so I could not see the option of trusted.

Others: how to restart drone after it has been run?

docker rm -f drone # Delete the original image
# Run the above docker run to build a new image and run it

[Solved] fatal: could not read Username for

Total: could not read username for ‘http:// solution

After deploying the clone (cicd software), when the commit is triggered, the problem occurs when the clone runner executes the pull warehouse code (on his deployed gogs)

Initialized empty Git repository in /drone/src/.git/
+ git fetch origin +refs/heads/master:
fatal: could not read Username for 'http://ip:port': terminal prompts disabled

The reason is that you need to enter the user name and password, but because this is cicd software, there is no time to enter the password, so there are two solutions:

Using SSH, you can produce git public key on the server where drone is located and upload it to code hosting (I use the gogs built by myself here, but there will also be GitHub, gitea, gitee, gitlab, etc.), so that you don’t need to download and upload the user name and password, and use the memory password mechanism of GIT to save the user name and password

Enter the server where the drone is located, log in with the drone process user, enter the home directory ( Cd ~ ) and execute git clone [your git code path] , and find that you need to enter a password, Ctrl + C interrupt execution touch. Git credentials create. Git credentials file execute vim. Git credentials edit the file, press I key to enter edit mode, enter: HTTP (s):// {your user name}: {your password} @ your git server address [Note: select HTTPS/HTTP, Remove curly brackets] press ESC Enter : WQ save and exit to execute git config -- global credential.helper store cat ~ /. Gitconfig found one more item:

[credential]
helper = store

Explain that it has been configured. Try again git clone [your git code path] no need to enter a password

Fatal: could not read username for ‘http://…’: terminal prompts disabled problem solving~

Why interview requires reading the source code

Some people always think that when interviewing to build an aircraft carrier, you need to screw up your work. In the junior interview, you often ask, what is the life cycle of spring and what has been done since it was started, but it doesn’t matter at work. It’s useless and meaningless. Is that really the case?

Here is a small problem that can only be solved by understanding the initial sequence of spring.

Problem description

In the old version, obtaining a certain data XXX depends on a table tb in the database_ XXX, the new version requires to obtain these data by calling service_ B service interface. It’s reasonable to change bservice’s implementation class to interface mode, but after the change, we find that the application can’t be started! Error: DH handshake failed! I didn’t modify other logic, but I couldn’t start it, and the interface I called doesn’t need any encryption verification. As a fresh undergraduate who has been employed for less than two months, how can I solve this situation?

Background

Application introduction
our Java Web application service_ A is dynamic, the page is dynamic, the fields of the entity class are dynamic, the functions of an entity class and the services to be accessed are dynamic. You need to read the XML configuration file at startup to determine what the application looks like and what capabilities it has. The technology stack is SSM. In order to facilitate the natural loading of XML in @ postcut, That is, these XML configuration files are loaded after bean creation.

Requirements and changes
in the new version of the technology stack, we need to switch to spring boot, with some functional changes. Parsing these model configuration files actually depends on a table tb in the database_ XXX, the new version requires to obtain these data by calling service_ B service interface.

Introduction to service invocation
before calling other services remotely, you need to call addressing service first_ X address to obtain the protocol, IP, port and domain information of the target service, and then get the same address as the domain of its own service, and then get a callable instance of the target service according to the specified load balancing algorithm to call. The sensitive interface needs DH handshake and data encryption and decryption.


Problem orientation

I just changed a service method from database to interface, and the error was DH handshake failure. There was no change, which means that there must be something wrong with the interface call. Debugging found that the DH error occurred in the service addressing report, that is, the error occurred before entering the code I wrote, and the service addressing code was provided by the internal framework, Other people are also using the frame. Why didn’t other people respond?

Make a breakpoint in the addressing part of the framework code of idea decompilation, and debug step by step to find that the addressing service is being called_ The IP port of the target host can’t be found in X, but the framework code takes it directly from the cache. If it doesn’t, NPE will be thrown, and it will be thrown as a DH error by the upper layer. It is reasonable to say that there should be IP port information of addressing service in cache. Debug check shows that the cache is empty, size = 0, indicating that it has not been put in. Ctrl Alt F7 looks for a wave to see where the key pair will be put into the cache. It is found that the framework injects a bean: serviceinfolistener, which is executed after listening to the applicationcontextinitializedevent.

At this point, students who have read the spring source code or know what spring did when it started will immediately know what the problem is, because XML parsing is too early, and the dependent service addressing is not initialized at this time, so it cannot be called.


solve

Temporary scheme:
the parsing of XML will be delayed until the listener of the framework is finished.

The following scheme:
discuss with the framework group, the framework will rely on the addressing service_ The configuration time of X’s secret key pair is advanced to the after properties set of initializing bean, that is, the application developed with the framework is allowed to be called remotely at startup.