Hi all, one more thing to add. Create container is the most heavy API call(payload/parameter size). But how about things like start/stop/search/info/delete/ like methods. Should be think on accepting them as as activity plugin configs ?
On Sat, Jun 18, 2016 at 3:12 AM, Nadeesh Dilanga <[email protected]> wrote: > Hi Alan, Hi Stian, > Please refer my latest commit @ > > https://github.com/NadeeshDilanga/incubator-taverna-common-activities/commits/docker/taverna-docker-activity > > where I have implemented reading a injected configuration. Can you please > review this and let me know what I am missing here. But one thing I would > like to know is, who is responsible of creating(populating) the > DockerContainerConfiguration ? We have to allow user to give a docker.conf > and from which some one construct the DockerContainerConfiguration and > inject it to the activity plugin. > > Then I went through the taverna-engine repo code base looking for the clue > Stian gave, where I have to implement Configurable interface, and use > ConfigurationManager. And Configuration manager interface had > store/populate methods to override, but I found it bit unclear to figure > out how exactly I can use that to my use case/how it works/relation ship > between Configurable interface and ConfigurationManager. Do we have any > documentation on that ? > > For SSL issue, I am calling the container as > https://192.168.99.100:2376/containers/create where 192.168.99.100 is my > container host. I assume that is the target you meant ? > > > > On Fri, Jun 17, 2016 at 10:12 AM, Stian Soiland-Reyes <[email protected]> > wrote: > >> Probably it is that the local Docker daemon has a self-signed >> certificate that Java does not recognize. >> >> >> Taverna has the credential manager - which should normally pop up and >> ask if you want to accept (and store) the certificate. >> >> I'm not sure why that is not happening here.. perhaps because your >> RESTUtil uses the Apache HTTPClient rather than the built-in URL >> handling, then there is no link to the Credential Manager? >> >> >> Could you try if it works to do a "dummy connection" first with >> something like new URL("https://localhost:1239/";).openConnection() >> (whatever the port is) -- this should trigger the certificate >> handling in Java. >> >> >> I must admit I could not find out how this is done in the REST activity.. >> >> https://github.com/apache/incubator-taverna-common-activities/blob/master/taverna-rest-activity/src/main/java/org/apache/taverna/activities/rest/RESTActivityCredentialsProvider.java >> >> is used for username/password (e.g. http basic auth) through Credential >> Manager. >> >> >> Does the REST activity today support https:// connections against >> 'unknown' SSL certificates? (e.g. triggering the pop-ups in Workbench) >> >> >> This file CLAIMS to do it, but doesn't seem to: >> >> >> https://github.com/apache/incubator-taverna-common-activities/blob/master/taverna-rest-activity/src/main/java/org/apache/taverna/activities/rest/HTTPRequestHandler.java#L116 >> >> // Register a protocol scheme for https that uses Taverna's >> // SSLSocketFactory >> >> but it uses the regular org.apache.http.conn.ssl.SSLSocketFactory >> >> .. I would have thought it should use >> CredentialManager.getTavernaSSLSocketFactory() from >> >> >> https://github.com/apache/incubator-taverna-engine/blob/master/taverna-credential-manager-impl/src/main/java/org/apache/taverna/security/credentialmanager/impl/CredentialManagerImpl.java#L2004 >> >> >> Perhaps something similar to that HTTPRequestHandler code to >> initialise org.apache.http would work? >> >> >> On 17 June 2016 at 06:32, Nadeesh Dilanga <[email protected]> wrote: >> > Still got stuck further on the SSL issue[1]. May be something to do >> with my >> > setup. So I also implemented invoking simple HTTP(without SSL) in >> > additional to HTTP SSL. >> > >> > Meanwhile I already started getting configuration thru that spring >> > inject-able framework. Will commit those changes also(without just >> blocking >> > on Http SSL issue) to my private repo from which I am planning to send >> > pull request. >> > >> > [1]: >> > >> > avax.net.ssl.SSLHandshakeException: >> > sun.security.validator.ValidatorException: PKIX path building failed: >> > sun.security.provider.certpath.SunCertPathBuilderException: unable to >> find >> > valid certification path to requested target >> > at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) >> > at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1902) >> > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) >> > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) >> > at >> > >> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1338) >> > at >> > >> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154) >> > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) >> > at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) >> > at >> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1032) >> > at >> > >> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328) >> > at >> > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355) >> > at >> > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) >> > at >> > >> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:543) >> > at >> > >> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409) >> > at >> > >> org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:479) >> > at >> > >> org.apache.http.conn.scheme.SchemeSocketFactoryAdaptor.connectSocket(SchemeSocketFactoryAdaptor.java:66) >> > at >> > >> org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177) >> > at >> > >> org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144) >> > at >> > >> org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:131) >> > at >> > >> org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611) >> > at >> > >> org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446) >> > at >> > >> org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882) >> > at >> > >> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) >> > at >> > >> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) >> > at >> > >> org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) >> > at >> > org.apache.taverna.activities.docker.RESTUtil.doPost(RESTUtil.java:125) >> > at >> > >> org.apache.taverna.activities.docker.RESTUtil.createContainer(RESTUtil.java:90) >> > at >> > >> org.apache.taverna.activities.docker.test.TestCreateContainer.testCreateContainer(TestCreateContainer.java:40) >> > at >> > >> org.apache.taverna.activities.docker.test.TestCreateContainer.main(TestCreateContainer.java:32) >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> > at >> > >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) >> > at >> > >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> > at java.lang.reflect.Method.invoke(Method.java:601) >> > at >> com.intellij.rt.execution.application.AppMain.main(AppMain.java:134) >> > Caused by: sun.security.validator.ValidatorException: PKIX path building >> > failed: sun.security.provider.certpath.SunCertPathBuilderException: >> unable >> > to find valid certification path to requested target >> > at >> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) >> > at >> > >> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) >> > at sun.security.validator.Validator.validate(Validator.java:260) >> > at >> > >> sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) >> > at >> > >> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231) >> > at >> > >> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) >> > at >> > >> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1320) >> > ... 29 more >> > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: >> > unable to find valid certification path to requested target >> > at >> > >> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196) >> > at >> java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) >> > at >> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) >> > ... 35 more >> > >> > >> > On Wed, Jun 15, 2016 at 6:17 PM, Nadeesh Dilanga <[email protected]> >> > wrote: >> > >> >> It is the container host and I am invoking the remote API. Will do more >> >> troubleshooting and get back. >> >> >> >> On Wed, Jun 15, 2016 at 7:05 AM, Alan Williams < >> [email protected]> >> >> wrote: >> >> >> >>> On 15-Jun-16 09:02, Nadeesh Dilanga wrote: >> >>> >> >>>> Hi Alan, >> >>>> Thank you very much for the pointer. I went through and understood >> how >> >>>> works. >> >>>> 1. Implement docker factory class to return an activity >> configuration. >> >>>> 2. Accept the configuration in the DockerActivity constructor. >> >>>> >> >>>> Please correct me if I missed something. >> >>>> >> >>> >> >>> I need a picture of what is being proposed :) >> >>> >> >>> Also I am working on the implementation and commiting my code to my >> forked >> >>>> repo at [1]. I will send pull requests once following TODOs finishes. >> >>>> 1. Test HTTPS invocation(right now I am having a SSL handshake >> issue and >> >>>> working on it) >> >>>> >> >>>> I am using SSLContext.getDefault() and gives me >> >>>> javax.net.ssl.SSLHandshakeException: >> >>>> sun.security.validator.ValidatorException: PKIX path building failed: >> >>>> sun.security.provider.certpath.SunCertPathBuilderException: unable to >> >>>> find >> >>>> valid certification path to requested target >> >>>> >> >>>> I have a unit test to test this. I also tried setting system >> properties >> >>>> javax.net.ssl.keyStore, javax.net.ssl.trustStore, >> >>>> javax.net.ssl.keyStorePassword. But no luck. >> >>>> >> >>> >> >>> What is the target of the HTTPS ? Does it have a valid certificate? >> >>> >> >>> 2. Enhance the activity class to read configuration injected by >> Spring. >> >>>> >> >>>> >> >>>> [1] - >> >>>> >> >>>> >> https://github.com/NadeeshDilanga/incubator-taverna-common-activities/commits/docker >> >>>> >> >>> >> >>> Great. >> >>> >> >>> Alan >> >>> >> >>> >> >>> >> >> >> >> >> >> -- >> Stian Soiland-Reyes >> Apache Taverna (incubating), Apache Commons >> http://orcid.org/0000-0001-9842-9718 >> > >
