Saturday, February 13, 2016

Pending - Waiting for next available executor/Disk space too low on /tmp - Jenkins

Pending - Waiting for next available executor/Disk space too low on /tmp - Jenkins

While we were trying to execute the job, it was displaying "Pending - Waiting for next available executor". When looking into the Jenkins node from the console, the Master node is offline and the error message displayed was "Disk space too low. Only xxxGB on /tmp" but the /tmp folder has space around 1GB.





The following steps are followed to resolve the issue.

  • Increase the space available in /tmp folder. If not able to increase the space in /tmp folder then TemporarySpaceMonitor can be disabled or the memory threshold value of the TemporarySpaceMonitor can be reduced in $JENKINS_HOME/nodeMonitors.xml(make sure atleast minimum memory is available)


<?xml version='1.0' encoding='UTF-8'?>
<hudson.util.DescribableList>
  <hudson.node__monitors.ArchitectureMonitor>
    <ignored>false</ignored>
  </hudson.node__monitors.ArchitectureMonitor>
  <hudson.node__monitors.ClockMonitor>
    <ignored>false</ignored>
  </hudson.node__monitors.ClockMonitor>
  <hudson.node__monitors.DiskSpaceMonitor>
    <ignored>false</ignored>
    <freeSpaceThreshold>1GB</freeSpaceThreshold>
  </hudson.node__monitors.DiskSpaceMonitor>
  <hudson.node__monitors.SwapSpaceMonitor>
    <ignored>false</ignored>
  </hudson.node__monitors.SwapSpaceMonitor>
  <hudson.node__monitors.TemporarySpaceMonitor>
    <ignored>false</ignored>//Change to true to disable monitoring 
    <freeSpaceThreshold>50MB</freeSpaceThreshold>
  </hudson.node__monitors.TemporarySpaceMonitor>
  <hudson.node__monitors.ResponseTimeMonitor>
    <ignored>false</ignored>
  </hudson.node__monitors.ResponseTimeMonitor>
</hudson.util.DescribableList>

  • Increase the number of executor from default value 2


  • Remove the following content from $JENKINS_HOME/config.xml

<temporaryOfflineCause class="hudson.node_monitors.DiskSpaceMonitorDescriptor$DiskSpace">
    <path>/tmp</path>
    <size>966733824</size>
    <triggered>true</triggered>
    <trigger>hudson.node_monitors.TemporarySpaceMonitor</trigger>
  </temporaryOfflineCause>

  • Restart the Jenkins server.



Wednesday, February 10, 2016

Restricitng the content access to authenticated user - Adobe CQ5/AEM

By default anonymous user in AEM will have the read access to content, so the content can be accessed via dispatcher/publisher directly without providing any credential.

This blog will explain how to restrict the content access to only authenticated users via dispatcher(including cached content) and publisher.

Remove the access of Anonymous user for content node in publisher


Create a user sample1 in publisher and provide the read access for content node (Multiple users can be created based on the requirement)



Enable the authentication in dispatcher:

Execute the below command to create the passwordfile and add the user - htpasswd -c /etc/httpd/conf/dispatcher.htaccess sample1 (enter the same password used in the publisher for sample1)

Command to add the users to the existing password file - htpasswd /etc/httpd/conf/dispatcher.htaccess sample2 (Multiple users can be created as per requirement, make sure the users are also created in publisher with same credentials)

Add the below configurations in httpd.conf file

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/httpd/conf/dispatcher.htaccess
Require valid-user

 Make sure the below mentioned line is commented out in httpd.conf file

 #RequestHeader unset Authorization

 Securing the cached content:

 Refer the following Adobe blog to enable the same - https://docs.adobe.com/docs/en/dispatcher/permissions-cache.html

 Make sure you are merging the existing /filter section with /auth_checker -/filter section in dispatcher.any file.



Monday, February 8, 2016

Enabling basic authentication for different directories with differnt credentials in dispatcher - Adobe CQ5/Adobe AEM

Separate credential for two different directories:

Create the .httpaccess for different directories

htpasswd -c /etc/httpd/conf/dispatcher.htaccess <username>
htpasswd -c /etc/httpd/conf/dispatcher1.htaccess <username>

Add the below configuration in the httpd.conf

<LocationMatch ^/content/sample1*>
# unsets authorization header when sending request to AEM
RequestHeader unset Authorization
SetEnvIf Request_URI ^/content/sample1* auths=0
AuthName "Please login to access the site"
AuthType Basic
AuthUserFile /etc/httpd/conf/dispatcher.htaccess
# first, allow everybody
Order Allow,Deny
Satisfy any
Allow from all
Require valid-user
# then, deny only if required
Deny from env=auths
</LocationMatch>

<LocationMatch ^/content/sample2*>
# unsets authorization header when sending request to AEM
RequestHeader unset Authorization
SetEnvIf Request_URI ^/content/sample2* auths=1
AuthName "Please login to access the press release"
AuthType Basic
AuthUserFile /etc/httpd/conf/dispatcher1.htaccess
# first, allow everybody
Order Allow,Deny
Satisfy any
Allow from all
Require valid-user
# then, deny only if required
Deny from env=auths
</LocationMatch>

Restart the dispatcher

Now you will be able to access /content/sample1 and /content/sample2 with different credential

There is a another scenario, separate credential for particular directory and rest of all the directories will use the same credentials.

Create the .httpaccess for different directories

htpasswd -c /etc/httpd/conf/dispatcher.htaccess <username>
htpasswd -c /etc/httpd/conf/dispatcher1.htaccess <username>

<Location />
# unsets authorization header when sending request to AEM
RequestHeader unset Authorization
SetEnvIf Request_URI ^/content/* auths=1
SetEnvIf Request_URI ^/content/sample2* auths=0
AuthName "Please login to access the site"
AuthType Basic
AuthUserFile /etc/httpd/conf/dispatcher.htaccess
# first, allow everybody
Order Allow,Deny
Satisfy any
Allow from all
Require valid-user
# then, deny only if required
Deny from env=auths
</Location>

<LocationMatch ^/content/sample2*>
# unsets authorization header when sending request to AEM
RequestHeader unset Authorization
SetEnvIf Request_URI ^/content/sample2* auths=1
AuthName "Please login to access the press release"
AuthType Basic
AuthUserFile /etc/httpd/conf/dispatcher1.htaccess
# first, allow everybody
Order Allow,Deny
Satisfy any
Allow from all
Require valid-user
# then, deny only if required
Deny from env=auths
</LocationMatch>

Restart the server.



Contact Form

Name

Email *

Message *