Airflow SambaHook authentication issue with SpnegoError and Kerberos? - airflow

I am trying to connect to a Samba server in Airflow using the SambaHook class. The Samba server requires Kerberos authentication.
I have already defined a Samba connection in Airflow using the following parameters:
Host,Schema and Extra {"auth": "kerberos"}
airflow connections add "samba_repo" --conn-type "samba" --conn-host "myhost.mywork.com" --conn-schema "fld" --conn-extra '{"auth": "kerberos"}'
I'm trying to use the SambaHook class in Airflow to connect to a Samba server. When I run my code, I get the following error:
Failed to authenticate with server: SpnegoError (1): SpnegoError (16): Operation not supported or available, Context: Retrieving NTLM store without NTLM_USER_FILE set to a filepath, Context: Unable to negotiate common mechanism
However, when I use smbclient to connect to the same server using Kerberos authentication from the Docker terminal, it works fine with the command: smbclient //'myhost'/'fld' -c 'ls "\workpath\*" ' -k
What I tried: I set up a connection to the Samba server in Airflow using the SambaHook class and tried to use the listdirmethod to retrieve a list of files in a specific directory.
What I expected to happen: I expected the listdir method to successfully retrieve a list of files in the specified directory from the Samba server.
What actually resulted: Instead, I encountered the following error message:
Failed to authenticate with server: SpnegoError (1): SpnegoError (16): Operation not supported or available, Context: Retrieving NTLM store without NTLM_USER_FILE set to a filepath, Context: Unable to negotiate common mechanism

Related

Issue with connecting Golang application on Cloud Run with Firestore

I try to get all Documents from Firestore using the below function.
The credentials are stored in an encrypted file in a GCP Cloud Source repository.
I decrypted the configuration in the Cloud Build trigger and set the ENV in the Dockerfile pointing to the file. I see the content by RUN ls /app/credentials.json.
The error I get in the application log:
rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority"
The credentials are stored in an encrypted file in a GCP Cloud Source repository.
I decrypted the configuration in the Cloud Build trigger and set the ENV in the Dockerfile pointing to the file. I see the content by RUN ls /app/credentials.json.
The error I get in the application log:
rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority"
This error is the result of an HTTPS failure where the certificate cannot be verified. The Alpine base image is missing a package that provides root certificates. Currently the Cloud Run quickstart is missing this for at least the Go language.
Assuming this is your problem, add the following to the final stage of your Dockerfile:
RUN apk add --no-cache ca-certificates

MPI A process or daemon was unable to complete a TCP connection

Open MPI: 4.0.1a
HostFile:
34bb0519eAAA
a2935f150BBB
I am in machine 34bb0519eAAA. And I could use ssh a2935f150BBB to connect a2935f150BBB successfully. And also ssh 34bb0519eAAA In machine a2935f150BBB to connect 34bb0519eAAA successfully .
But when I mpiexec command . I get error message
****Warning: Permanently added '[XX.XX.XX.XX]:XX' (a2935f150BBB'IP address) to the list of known hosts.**
----------------------**--------------------------------------
A process or daemon was unable to complete a TCP connection
to another process:
Local host: a2935f150BBB
Remote host: 34bb0519eAAA
This is usually caused by a firewall on the remote host. Please
check that any firewall (e.g., iptables) has been disabled and
ORTE was unable to reliably start one or more daemons.
This usually is caused by:
* not finding the required libraries and/or binaries on
one or more nodes. Please check your PATH and LD_LIBRARY_PATH
settings, or configure OMPI with --enable-orterun-prefix-by-default
* lack of authority to execute on one or more specified nodes.
Please verify your allocation and authorities.
* the inability to write startup files into /tmp (--tmpdir/orte_tmpdir_base).
Please check with your sys admin to determine the correct location to use.
* compilation of the orted with dynamic libraries when static are required
(e.g., on Cray). Please check your configure cmd line and consider using
one of the contrib/platform definitions for your system type.
* an inability to create a connection back to mpirun due to a
lack of common network interfaces and/or no route found between
them. Please check network connectivity (including firewalls
and network routing requirements).
I am very confused that.Because I run ssh to each other successfully . How could fail that.
Here is ssh connection
ssh a2935f150BBB
Warning: Permanently added '[XX.XX.XX.XX]:XX to the list of known hosts.
Welcome to Ubuntu 18.04.1 LTS (XXXXXXXXXXXXXXXXXX)
Documentation: https://help.ubuntu.com
Management: https://landscape.canonical.com
Support: https://ubuntu.com/advantage
This system has been minimized by removing packages and content that are
not required on a system that users do not log into.
To restore this content, you can run the 'unminimize' command.
Last login:XXXXXXXXXXXXX from XXXXXXXXXX

Angular 2+ and ASP.NET Core Web API - How to publish on Heroku?

I have applications:
1. Client-side which is Angular 2+/ASP.NET Core project
2. Server-side ASP.NET Core Web Api with MS SQL database (Entity Framework Core)
This apps have configured CORS.
How can I publish both of this apps on Heroku?
I started with the server-side using this tutorial
https://blog.devcenter.co/deploy-asp-net-core-2-0-apps-on-heroku-eea8efd918b6
But after this step:
docker build -t <image-name> ./bin/release/netcoreapp2.0/publish
I have tried to run this docker image and it doesn't work correctly:
docker run --rm -it -p 8080:8080 treeder/myapp
The app failed. There is some problem with connection to MSSQL...
An error occurred using the connection to database 'sample-app' on
server 'localhost'. System.Data.SqlClient.SqlException (0x80131904): A
network-related or instance-specific error occurred while establishing
a connection to SQL Server. The server was not found or was not
accessible. Verify thatthe instance name is correct and that SQL
Server is configured to allow remote connections. (provider: TCP
Provider, error: 35 - An internal exception was caught) --->
System.AggregateException: One or more errors occurred. (Connection
refused 127.0.0.1:1433) --->
System.Net.Internals.SocketExceptionFactory+ExtendedSocketException:
Connection refused 127.0.0.1:1433
Even command used to login to Heroku Containter Registry doesn't work:
$ heroku container:login
And it gives me such an error:
heroku container:login unknown flag: --password-stdin See 'docker
login --help'. ▸ Error: docker login exited with 125
There could be number of problems.
Asp.net core looks for ASPNETCORE_ENVIRONMENT environment variable to determine type of deployment. If value for the variable is not found, then it will assume that it is running in production environment.
Check you have put your connection string in appsettings.Development.json. Since we are not setting value for the variable when running the image, it is not reading the development setting file.
If you are using localhost for SQL server, then application will try to connect to the SQL server on the port inside container. But SQL server is running on the host and not in the container. You can ask Docker to attach container to host machine.
Also if you are using exact instructions in the article, then you will need to pass it the port number. Try the command below and see if that works.
docker build -t treeder/myapp ./bin/release/netcoreapp2.0/publish
docker run --rm -it --expose=8080 -p 8080:8080 -e="PORT=8080" -e="ASPNETCORE_ENVIRONMENT=Development" --network="host" treeder/myapp

after insalling devstack http://server-ip:5000 not accessible

I followed https://www.theurbanpenguin.com/installing-devstack-on-ubuntu-16-04/ tutorial to install devstack(queens release) on my Ubuntu 16.04 server.
After the installation was done I ran the following commands
export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export OS_PASSWORD=<password>
export OS_AUTH_URL=http://server-ip:5000/v2.0
openstack image create --public --disk-format qcow2 --container-format bare --file /home/cse3/ubuntu_images/ubuntu-14.04-server-cloudimg-amd64-disk1.img ubuntu
But whenever I open http://server-ip:5000/v2.0 in my browser I am getting unable to connect error.
When I create an image from the command line I get the following message
Failed to discover available identity versions when contacting http://server-ip:5000/v2.0. Attempting to parse version from URL.
Unable to establish connection to http://server-ip:5000/v2.0/tokens: HTTPConnectionPool(host='server-ip', port=5000): Max retries exceeded with url: /v2.0/tokens (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f84ebecabd0>: Failed to establish a new connection: [Errno 111] Connection refused',))
Can anyone suggest what steps need to be followed to remove this error?
After installing the Devstack, you should be able to view the OpenStack dashboard at http://server-ip if the server-ip is a public IP. The AUTH_URL is for you to authorize the API when you are using the SDK or the client library. And this is actually how the dashboard (Horizon) works with the Keystone identity service.
If the server_ip is not a public IP, you need to set up a proxy port in your server and your browser.
It's because the identity API changed from
export OS_AUTH_URL=http://server-ip:5000/v2.0
to
export OS_AUTH_URL=http://server-ip/identity
You can get more from the OpenStack Doc
Check your httpd is running
systemctl status httpd
If it is exited or not started .
Enable the httpd
systemctk s

SSL: CERTIFICATE_VERIFY_FAILED error displayed while connecting to SignalR through Python

from requests import Session
from signalr import Connection
with Session() as session:
connection = Connection("https://localhost:443/Platform", session)
Signalhub = connection.register_hub('MessageRouteHubspot')
with connection:
Signalhub.server.invoke('subscribe','1_FPGA_ACCESS_COMMANDS')
When executing this I'm getting error requests.exceptions.
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
How to bypass/ignore SSL verification??
Python's signalr-client uses WebSocket package to establish the connection. WebSocket package is then using OpenSSL to do SSL/TLS. It appears that the WebSocket client requires client CA (Certificate Authority) bundle to be passed as the environment variable WEBSOCKET_CLIENT_CA_BUNDLE.
Exporting this variable with the CA bundle including the certificates signing the original site's certificate should do the trick. Below is an example on my Ubuntu based system.
$ export WEBSOCKET_CLIENT_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
$ python test-signalr.py

Resources