tag:blogger.com,1999:blog-84263450888264412572024-03-13T09:34:57.838-04:00CinqMy technical notesMartinhttp://www.blogger.com/profile/02115962332077438616noreply@blogger.comBlogger9125tag:blogger.com,1999:blog-8426345088826441257.post-54550386301406624662023-12-20T09:28:00.003-05:002023-12-20T09:28:53.245-05:00Intellij IDEA adventures with Python<p> I am a bit puzzled this morning.</p><p>Yesterday I built a simple python application and containerized it. It was all working in Intellij with the python plugin and I could run it with the Dockerfile. A good experience that made it easy to develop and test.</p><p>The only thing not working in IntelliJ was the AI assistant. The plugin was stuck in eap-preview and no matter than I re-installed it and restarted IntelliJ, he did not want to recognize my license. Frustrating.</p><p>I apply the update to 2023.3.1 and this morning...</p><p>I have a working AI assistant.</p><p>IntelliJ will not recognize that python is available and keeps telling me that it can't reach the Docker server. Complete Amnesia.</p><p>At the CLI, I can confirm that docker and python are available.</p><p>I have no clue what it lost in its configuration to not be able to recognize anything.</p>Martinhttp://www.blogger.com/profile/02115962332077438616noreply@blogger.com2tag:blogger.com,1999:blog-8426345088826441257.post-67950029735275563222023-09-27T16:13:00.004-04:002023-09-27T16:13:42.850-04:00First python application using my GPU<p> I simply wanted to make sure that some Python code could use my GPU and it took a little more effort than I taught.</p><p>The code I found simply makes sure you have some GPU available and fills in a matrix of 1000x1000. Very simple.</p><p>First rookie mistake was to call my file tensorflow.py which cause a circular reference that took me too long to figure out.</p><p>I also needed to install a few missing components on my fresh Ubuntu 22.04 installation.</p><p><span style="font-family: courier;">pip install tensorflow</span></p><p><span style="font-family: courier;">sudo apt install nvidia-cuda-toolkit</span></p><p><span style="font-family: courier;">pip install tensorrt</span></p><p><span style="font-family: inherit;">Once all these components were present, the application ran without errors.</span></p><p><span style="font-family: inherit;"><br /></span></p>Martinhttp://www.blogger.com/profile/02115962332077438616noreply@blogger.com0tag:blogger.com,1999:blog-8426345088826441257.post-56578692833687368092023-09-26T20:41:00.003-04:002023-09-26T20:41:36.314-04:00SDKMan needs curl from apt install<p> I made a rookie mistake and installed the curl from the snap store and that is not compatible with SDKMan. I would get errors about curl failing:</p><p><span style="font-family: courier;">curl: Failed to open /home/user/.sdkman/tmp/spark-3.4.0.headers.tmp</span></p><p><span style="font-family: inherit;">The solution was to remove the snap curl and get the apt one installed:</span></p><p><span style="font-family: courier;">sudo snap remove curl</span></p><p><span style="font-family: courier;">sudo apt install curl</span></p><p><span style="font-family: inherit;">Easy enough and I can now install all my java tools.</span></p>Martinhttp://www.blogger.com/profile/02115962332077438616noreply@blogger.com0tag:blogger.com,1999:blog-8426345088826441257.post-75846685427154874452022-11-04T14:19:00.003-04:002022-11-04T14:19:41.529-04:00Keycloak Outage<p> It is a strange behavior that I learned today.</p><p>We run keycloak in HA in K8S. Bitnami chart. Nothing fancy.</p><p>We have a volume for the custom theme.</p><p>If I remove the theme files and put new one in place... All pods will restart...</p><p>This was very unexpected.</p><p>Next time we replace the theme we will need to have a maintenance window.</p>Martinhttp://www.blogger.com/profile/02115962332077438616noreply@blogger.com0tag:blogger.com,1999:blog-8426345088826441257.post-8571331052704783372022-11-03T11:44:00.002-04:002022-11-03T11:44:23.201-04:00Security Headers<p> A useful site to check your deployed application:</p><p><a href="https://securityheaders.com/" target="_blank">Security Headers Scanner</a><br /></p><p>It easily shows you what you have set properly and what is missing.</p><p>Gives you a grade that is color coded.</p><p>It helps to get this done before a pen test.</p>Martinhttp://www.blogger.com/profile/02115962332077438616noreply@blogger.com0tag:blogger.com,1999:blog-8426345088826441257.post-27925484113959339312022-07-13T14:20:00.011-04:002022-11-02T14:38:51.820-04:00Istio and proxy-protocol<p> When you search for solutions on the internet it is sometimes very difficult to know if what is proposed is going to work in your environment. The challenge comes from the fact that not everyone identifies the version they were working with at the time they applied this solution.</p><p>I find this snippet of YAML to be applied to my istio deployment to allow some headers to be properly passed on with the requests to the destination service.</p><div style="text-align: left;"><span style="font-family: courier;">apiVersion: networking.istio.io/v1alpha3<br />kind: EnvoyFilter<br />metadata:<br /> name: proxy-protocol<br /> namespace: istio-system<br />spec:<br /> configPatches:<br /> - applyTo: LISTENER<br /> patch:<br /> operation: MERGE<br /> value:<br /> listener_filters:<br /> - name: envoy.listener.proxy_protocol<br /> - name: envoy.listener.tls_inspector<br /> workloadSelector:<br /> labels:<br /> istio: ingressgateway</span></div><p>Once applied, I tested but nothing changed and I still get the errors:</p><p>ERR_TOO_MANY_REDIRECTS</p><p>I then decide to see if restarting the istio ingress pod would fix things.</p><p>Well…</p><p>The pod is not coming back so I pull the logs and rapidly reads to identify what is causing this issue. I finally spot a few lines:</p><div style="text-align: left;"><span style="font-family: courier;">2022-07-12T20:39:29.975846Z<span style="white-space: pre;"> </span>error<span style="white-space: pre;"> </span>envoy misc<span style="white-space: pre;"> </span>Using deprecated extension name 'envoy.listener.proxy_protocol' for 'envoy.filters.listener.proxy_protocol'. This name will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/version_history/version_history for details. If continued use of this filter name is absolutely necessary, see https://www.envoyproxy.io/docs/envoy/latest/configuration/operations/runtime#using-runtime-overrides-for-deprecated-features for how to apply a temporary and highly discouraged override.<br />2022-07-12T20:39:30.421115Z<span style="white-space: pre;"> </span>error<span style="white-space: pre;"> </span>envoy misc<span style="white-space: pre;"> </span>Using deprecated extension name 'envoy.listener.proxy_protocol' for 'envoy.filters.listener.proxy_protocol'. This name will be removed from Envoy soon. Please see https://www.envoyproxy.io/docs/envoy/latest/version_history/version_history for details. If continued use of this filter name is absolutely necessary, see https://www.envoyproxy.io/docs/envoy/latest/configuration/operations/runtime#using-runtime-overrides-for-deprecated-features for how to apply a temporary and highly discouraged override.<br />2022-07-12T20:39:30.429091Z<span style="white-space: pre;"> </span>warning<span style="white-space: pre;"> </span>envoy config<span style="white-space: pre;"> </span>gRPC config for type.googleapis.com/envoy.config.listener.v3.Listener rejected: Error adding/updating listener(s) 0.0.0.0_8443: Didn't find a registered implementation for name: 'envoy.listener.proxy_protocol'<br />0.0.0.0_8080: Didn't find a registered implementation for name: 'envoy.listener.proxy_protocol'</span></div><p>So I delete the EnvoyFilter and everything comes back.</p><p>So envoy.listener.proxy_protocol does not work with istio 1.13.x? I will have to read more to figure that part out.</p><p><br /></p>Martinhttp://www.blogger.com/profile/02115962332077438616noreply@blogger.com0tag:blogger.com,1999:blog-8426345088826441257.post-28919078800221131652022-06-09T14:32:00.014-04:002022-11-02T14:37:00.006-04:00Spring Beans not Instantiating<p><span style="font-family: inherit;">I had not seen this error before:</span></p><p><span style="font-family: courier;">No qualifying bean of type 'org.springframework.security.oauth2.client.registration.ClientRegistrationRepository' available</span></p><p><span style="font-family: inherit;">It took a little bit of research to find that if you do not have your application.yaml with the Spring Security section for this bean, it will not be able to instatiate one and you get the error.</span></p><p>To make it more difficult, I was specifying this module in gradle and I was expecting things to work. Asuming…</p><p>Once I added:</p><p><span style="font-family: courier;">spring:<br /></span><span style="font-family: courier;"> security:<br /></span><span style="font-family: courier;"> oauth2:<br /></span><span style="font-family: courier;"> client:<br /></span><span style="font-family: courier;"> registration:<br /></span><span style="font-family: courier;"> nameItSomething:<br /></span><span style="font-family: courier;"> authorization-grant-type: client_credentials<br /></span><span style="font-family: courier;"> client-id: clientNameYouHave<br /></span><span style="font-family: courier;"> client-secret: DontShareYourSecretOnTheInternet<br /></span><span style="font-family: courier;"> provider:<br /></span><span style="font-family: courier;"> nameItSomething:<br /></span><span style="font-family: courier;"> token-uri: https://oidcServer/protocol/openid-connect/token</span></p><p>That ClientRegistrationRepository bean started to have a life.</p><p>Next bean… Same… I need to add a section for the caching in my application.yaml.</p>Martinhttp://www.blogger.com/profile/02115962332077438616noreply@blogger.com0tag:blogger.com,1999:blog-8426345088826441257.post-79030440450868251562022-04-12T14:39:00.001-04:002022-11-02T14:40:48.393-04:00Dear Checkstyle<p> I am not a big fan of forced styles and all these errors that comes with it.</p><p>I know, I know… If you are on a team of more people, you don’t have much of a choice otherwise you end up with style chaos and naming convention that are closer to a standup comedian number than logic.</p><p>I am just not a big fan…</p><p>We have a style for the member name in our classes that only allows for letters and number but I did a class to match the json returned from Azure OIDC so it is all lowercase name with underscore. Checkstyle would not let this through so I learned quickly how to turn that off for my class</p><p>This is the module in Checkstyle:</p><div style="text-align: left;"><span style="font-family: courier;"><module name="SuppressionCommentFilter"><br /> <property name="offCommentFormat" value="CHECKSTYLE.OFF\: ([\w\|]+)"/><br /> <property name="onCommentFormat" value="CHECKSTYLE.ON\: ([\w\|]+)"/><br /> <property name="checkFormat" value="$1"/><br /></module></span></div><p>All you have to do is a comment:</p><p><span style="font-family: courier;">// CHECKSTYLE.OFF: MemberName</span></p><p>and after my class definition I can simply turn it back on:</p><p><span style="font-family: courier;">// CHECKSTYLE.ON: MemberName</span></p><p>Then I could discuss with a team mate and disagree about having an annotation (@jsonproperty(“name_with_underscore”)) for each member name to respect the checkstyle and work with the json. What is the simplest will always win in my mind and not following made up rules for the sake of the rule.</p>Martinhttp://www.blogger.com/profile/02115962332077438616noreply@blogger.com0tag:blogger.com,1999:blog-8426345088826441257.post-25233297548087364932022-04-12T13:53:00.001-04:002022-11-04T13:55:29.965-04:00Dear Checkstyle<p> I am not a big fan of forced styles and all these errors that comes with it.</p><p>I know, I know… If you are on a team of more people, you don’t have much of a choice otherwise you end up with style chaos and naming convention that are closer to a standup comedian number than logic.</p><p>I am just not a big fan…</p><p>We have a style for the member name in our classes that only allows for letters and number but I did a class to match the json returned from Azure OIDC so it is all lowercase name with underscore. Checkstyle would not let this through so I learned quickly how to turn that off for my class</p><p>This is the module in Checkstyle:</p><div style="text-align: left;"><span style="font-family: courier;"><module name="SuppressionCommentFilter"><br /> <property name="offCommentFormat" value="CHECKSTYLE.OFF\: ([\w\|]+)"/><br /> <property name="onCommentFormat" value="CHECKSTYLE.ON\: ([\w\|]+)"/><br /> <property name="checkFormat" value="$1"/><br /></module></span></div><p>All you have to do is a comment:</p><p><span style="font-family: courier;">// CHECKSTYLE.OFF: MemberName</span></p><p>and after my class definition I can simply turn it back on:</p><p><span style="font-family: courier;">// CHECKSTYLE.ON: MemberName</span></p><p>Then I could discuss with a team mate and disagree about having an annotation (@jsonproperty(“name_with_underscore”)) for each member name to respect the checkstyle and work with the json. What is the simplest will always win in my mind and not following made up rules for the sake of the rule.</p><p><br /></p>Martinhttp://www.blogger.com/profile/02115962332077438616noreply@blogger.com0