Bad gateway error upon updating collector from 2.3.1 to 2.4.5

oguzhanunlu · January 19, 2022, 2:29pm

I see that only the first suggestion is applied. Your Dockerfile still uses exec form of CMD, which doesn’t invoke a shell, hence no string interpolation to inject CERT_PW. (Whether you provide the executable as first CMD argument or not, it is still exec form)

If you could replace your CMD with the following

CMD /opt/snowplow/bin/snowplow-stream-collector --config oneapp_collector.conf -Dcom.amazonaws.sdk.disableCertChecking -Dcom.amazonaws.sdk.disableCbor -Djavax.net.ssl.keyStore=/opt/snowplow/ssl/collector.p12 -Djavax.net.ssl.keyStorePassword=${CERT_PW} -Djavax.net.ssl.keyStoreType=PKCS12

which is shell form of CMD, cert password will be injected into this command as expected.

Regarding the official image, Snowplow Stream Collector has official docker images. You can pull the latest one by executing

docker pull snowplow/scala-stream-collector-kinesis:2.4.5

Before you run it, you can generate an ssl cert using your script (don’t forget to provide a non-empty password), prepare your collector config, then the rest is a matter of attaching the cert and config as volumes, along with an env var JAVA_OPTS to define all JVM options.

Please let me know if there are further questions.

Kind regards

mgloel · January 19, 2022, 2:56pm

Ok, thanks I totally overlooked that part about the exec form.

I changed it as you suggested to:

CMD /opt/snowplow/bin/snowplow-stream-collector --config oneapp_collector.conf -Dcom.amazonaws.sdk.disableCertChecking -Dcom.amazonaws.sdk.disableCbor -Djavax.net.ssl.keyStore=/opt/snowplow/ssl/collector.p12 -Djavax.net.ssl.keyStorePassword=${CERT_PW} -Djavax.net.ssl.keyStoreType=PKCS12

The password error disappeared. This is our cloudwatch log:

Unfortunately our endpoint remains unreachable and returns 502 when we send data to it. We are kind of in the situation that we had in the beginning (see above).

mgloel · January 21, 2022, 12:48pm

Did the collector config.hocon change in version 2.4.5?

PaulBoocock · January 21, 2022, 1:01pm

A new telemetry block has been added to it.

You can see an example of the bump in our collector terraform module: Bump stream-collector to 2.4.5 (close #16) · snowplow-devops/terraform-aws-collector-kinesis-ec2@43f570d · GitHub

istreeter · January 21, 2022, 2:00pm

One other nice change was that we made many of the parameters optional. This means you can configure it with a completely minimal config like this one.

mgloel · January 27, 2022, 11:47am

How would that look like in the dockerfile? Unfortunately we are still running into 502s

oguzhanunlu · January 27, 2022, 1:25pm

Hey @mgloel ,

That reference was about using official docker image where you don’t have your own Dockerfile.

mgloel · February 2, 2022, 12:58pm

We are using port 9543 instead of 443 could that be an issue in the 2.4.5 version?

mgloel · February 3, 2022, 11:33am

Is there another way to make it run? Can the options be added somewhere else. We need to update the collector in order to reduce the vulnerabilities on ECR. Our IT security is complaining about it.

oguzhanunlu · February 3, 2022, 12:41pm

Hi @mgloel ,

I just wrote down an example deployment in our documentation. I hope it comes useful.

mgloel · February 4, 2022, 10:01am

awesome, thanks

Topic		Replies	Views
Scala stream collector error and 502 bad gateway Collectors	4	2794	May 2, 2018
Unknown Scala Collector Error Collectors	1	1818	December 26, 2020
Unknown error from Stream Enrich with Localstack Enrichment	1	1072	August 13, 2021
Kinesis stream doesn't exist or isn't available Collectors	5	1204	October 17, 2021
Error in running scala stream collector AWS batch pipeline (Legacy)	2	3291	November 28, 2017

Bad gateway error upon updating collector from 2.3.1 to 2.4.5

Related topics