License Type | SaaS & On-Premise |
Agent Mode | Protect |
Main Product Category | Ruby Agent |
Sub Category | Connectivity |
Issue
The agent is correctly installed but unable to connect to the service when the application starts. The following error is seen in the contrast log file:
2017-10-30 15:43:32,892 [Contrast Security] DEBUG - Sending 1 messages (current=Contrast::Api::Dtm::ApplicationCreation)
2017-10-30 15:43:32,892 [Contrast Security] DEBUG - Marshaled data length 186 bytes
2017-10-30 15:43:32,892 [Contrast Security] ERROR - Client threw exception communicating with service :: Connection refused - connect(2)
for
127.0.0.1"
port 30556
Cause
If the Contrast ruby agent is having trouble connecting with the ruby service verify the following details: a. the ruby service must be running, b. the port for the ruby service and the ruby agent must match, c. the ruby agent is loading its configuration file, d. the connection is actually established, but the logging level is set too high.
The ruby agent runs within the Ruby on Rails application's thread so all interactions with Teamserver require that the ruby agent forward information about attacks to the ruby service. In addition, the ruby service is responsible for reading the server features and application settings from Teamserver and forwarding them to the agent. If the communication between the service and the agent is not established the customer's web application will still run (Rule #1 don't break the application) but it will not be protected from attack.
Resolution
a. Verifying that the Service is running:
The ruby service should be identifiable as `contrast-service` in the process list. The most likely reason that the service did not start is that it could not find the configuration file. It is intended to fail immediately in this case with the following error:
starting up server...
bundler: failed to load
command
: exe
/contrast_service
(exe
/contrast_service
)
RuntimeError: No configuration
file
found
in
contrast_security.yml, contrast_security.yaml, config
/contrast_security
.yml, config
/contrast_security
.yaml,
/etc/contrast_security
.yml,
/etc/contrast_security
.yaml
b. Verifying Service and Agent port numbers:
Both the agent and the service need the following sections in their configuration file:
agent:
service:
host: 127.0.0.1
port: 30555 # any valid port number is allowed
c. Verifying that the Agent is loading the Configuration YAML file:
If the agent can not find a configuration file it will not prevent the application from running but it will output a warning to STDOUT.
~
/testing/rails5/app_with_scaffold
:rails-5.0.0 [!?]$ rails s
=> Booting Puma
=> Rails 5.0.6 application starting
in
development on http:
//localhost
:3000
=> Run `rails server -h`
for
more
startup options
No configuration
file
found
in
contrast_security.yml, contrast_security.yaml, config
/contrast_security
.yml, config
/contrast_security
.yaml,
/etc/contrast_security
.yml,
/etc/contrast_security
.yaml
Puma starting
in
single mode...
* Version 3.10.0 (ruby 2.4.1-p111), codename: Russell's Teapot
* Min threads: 5, max threads: 5
* Environment: development
* Listening on tcp:
//0
.0.0.0:3000
Use Ctrl-C to stop