I add #google-cloud/debug-agent on my nodejs project which is deployed on GKE.
But I got error:
restify listening to http://[::]:80
#google-cloud/debug-agent Failed to re-register debuggee nodejs-bot: Error: The caller does not have permission
#google-cloud/debug-agent Failed to re-register debuggee nodejs-bot: Error: The caller does not have permission
#google-cloud/debug-agent Failed to re-register debuggee nodejs-bot: Error: The caller does not have permission
#google-cloud/debug-agent Failed to re-register debuggee nodejs-bot: Error: The caller does not have permission
I have checked my GKE have the debug permission. I don't know why the service didn't have permission.
Here is the code I define on my index.ts
import * as tracer from '#google-cloud/trace-agent';
tracer.start();
import * as debug from '#google-cloud/debug-agent';
debug.start();
This issue can be resolved by doing the following:
1 - Create a new Cluster with these permissions enabled (i.e. Cloud Debugger/ Cloud Platform 'Enabled') and with the required scopes. [1]
Example:
$ gcloud container clusters create example-cluster-name --scopes https://www.googleapis.com/auth/cloud_debugger --zone
2- You can use the same YAML config files you used to deploy your original workloads in the new cluster. You must make sure you have the required scopes for this to work.
You can review how authentication and scopes work using [2] [3].
I found the issue is caused by workload identity, so I just close this feature to fix this issue.
Because I select to launch the workload identity feature. Every pod which needs to connect GCP service will need to create a service account for these pods. Otherwise, the permission will be blocked.
https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
Related
When I used the workflow feature of NebulaGraph Explorer, the task reported the following error:
handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain?
How to resolve the error?
You need to reconfigure the permissions to 744 on the folder .ssh and 600 on the file .ssh/authorized_keys.
In the workflow/dag controller, it's leveraging SSH to do some of the RPC call(dirty but works), which requires ssh key based authentication.
To debug this, we just need to login to the workflow machine and try manually perform the ssh login with exactly the same user and host(even when it calls itself, SSH is still needed here), the tips are to add -vvv arguments to show in the verbose mode where it could go wrong as #lisa liu posted, it could be permission issues of the corresponding files or other cipher handshake issues.
I have a need to do automated testing of a configuration of WCF bindings. I wrote a test that, in it setup, picks a random port number and binds to it with a WSHttpBinding. The test runs a ServiceHost for the duration of its execution and then shuts it down. This works, but then when the build agents try to run the test, I get this error:
System.Exception: Unable to set up service host ---> System.ServiceModel.AddressAccessDeniedException: HTTP could not register URL http://+:52361/Test/. Your process does not have access rights to this namespace (see http://go.microsoft.com/fwlink/?LinkId=70353 for details). ---> System.Net.HttpListenerException: Access is denied
Is there any way to work around this? Can this "urlacl" mechanism be disabled??
UPDATE: This was a wild goose chase, as it turns out. This wasn't the error that was happening on the build agents. I flubbed it when gathering that information. Turns out the build agents are running elevated and don't run into the urlacl problem. The actual problem I was encountering was that a NuGet reference somehow hadn't had its corresponding assembly reference added to the .csproj file. How the tests worked locally, I don't know!
The error is "The process does not have permission to access this namespace".
You can try the following methods.
Make Test public
Run the service as administrator
Run the command prompt as administrator, add URL to ACL netsh http add urlacl url=
https://www.codeproject.com/Questions/441371/When-Hosting-the-WCF-service-i-got-exception
WCF ServiceHost access rights
I'm on a QA environment, and can talk to the BizTalk Admin tomorrow. Apparently, I'm the first person to call a BizRule from an orchestration, and the orchestration is giving error:
Inner exception: The type initializer for 'Microsoft.RuleEngine.RuleEngineCache' threw an exception.
I checked, and the Rules Engine is configured on this machine. But the "Rule Engine Update Service" was not running. I tried to start it, and get this error in the "Services" tool:
"The Rule Engine Update Service service on Local Computer started and
then stopped. Some services stop automatically if they are not in use
by other services or programs."
I checked the event log, and for each time I tried to start it, I see this:
Service could not be started. :
System.Reflection.TargetInvocationException: Exception has been thrown
by the target of an invocation. System.InvalidCastException: Specified
cast is not valid.
Any ideas what I can do? I have admin privileges on the machine (BizTalk 2013/R2).
Our BizTalk Admin corrected the CacheEntries using RegEdit. The one on the right was the other server in the group that was working.
I dont have hands on experience on stackdriver monitoring configuration for google cloud platform VM instances monitoring. our basic monitoring for our project works fine but while trying to install stackdriver agent in Ubuntu 14.04 OS it gives us error and stack driver with agent does not works for us. below is the error for your reference.
Jan 3 10:43:42 ubuntu-uat01 collectd[2283]: write_gcm: Unsuccessful
HTTP request 403: {#012 "error": {#012 "code": 403,#012
"message": "User is not authorized to access the project monitoring
records.",#012 "status": "PERMISSION_DENIED"#012 }#012} Jan 3
10:43:42 ubuntu-uat01 collectd[2283]: write_gcm: Error -2 from
wg_curl_get_or_post Jan 3 10:43:42 ubuntu-uat01 collectd[2283]:
write_gcm: wg_transmit_unique_segment failed.
Can someone help me in setting up stackdriver monitoring with Agent installed on server or provide me some documentation link if any available.
I got this precise error on my instances until I added the permission 'Monitoring Metric Writer' to the service account.
You could also, as Igor suggested, add the monitoring api scope to the instance
See the StackDriver Monitoring docs
Most likely you either don't have the Stackdriver Monitoring API enabled in your project, or your VM does not have the correct scopes. There are extensive instructions on the Google Cloud site for installing the agent, including the troubleshooting page.
If you are installing StackDriver monitoring and logging agent on your instance, you need to make sure attached service-account to your instance has proper rights to edit/write data to StackDriver. Simply run following commands to assign proper roles:
gcloud projects add-iam-policy-binding PROJECT_NAME --member="serviceAccount:SERVICE_ACCOUNT_EMAIL" --role="roles/logging.logWriter"
gcloud projects add-iam-policy-binding PROJECT_NAME --member="serviceAccount:SERVICE_ACCOUNT_EMAIL" --role="roles/monitoring.metricWriter"
replace PROJECT_NAME and SERVICE_ACCOUNT_EMAIL with proper values from your environment.
I have been configuring AWS CodeDeploy for a few days and my first deployment is failing. The error message I get reads "The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available for deployment, or some instances in your deployment group are experiencing problems."
To get more detailed info I have installed the AWS CodeDeploy agent on the Windows instance and it appears not to be working. All what I manage to read in the code-deploy-agent-log.txt file are the repetitive lines.
2016-05-31 16:05:24 DEBUG [codedeploy-agent(4872)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Sleeping 90 seconds.
2016-05-31 16:06:55 DEBUG [codedeploy-agent(4872)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Calling PollHostCommand:
2016-05-31 16:06:55 INFO [codedeploy-agent(4872)]: Version file found in C:/ProgramData/Amazon/CodeDeploy/.version.
2016-05-31 16:06:55 ERROR [codedeploy-agent(4872)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Missing credentials - please check if this instance was started with an IAM instance profile
My question is how can I get more information about the error message I am getting over the deployments. Which credentials am I missing (specifying incorrectly) that cause to the error message in the log file?
I think you are missing service-role-arn while creating your deployment group. The service role ARN allows AWS CodeDeploy to act on the user's behalf when interacting with AWS services. The service role ARN is of the code deploy role that you may have created it earlier.
In addition please make sure that your deployment policy is set to CodeDeployDefault.OneAtATime. This is to avoid taking all instances down if you push incorrect or failing build.
I tried Suken Shah's steps it didn't solve for me. What solved for me are:
1)Creating an IamInstanceProfile say Webserver.
2)Adding AWSCodeDeployRole to the IamInstanceProfile Webserver.
3)Adding the following to AWSCodeDeployRole's Trust Relationship: "codedeploy.amazonaws.com", "ec2.amazonaws.com", "codedeploy.MY_REGION.amazonaws.com"
4)Rebooting the ec2
Make sure the role you use for EC2 has 'AWSCodeDeployRole' policy and trust relationship has 'ec2.amazonaws.com' service. if you need to change the role then restart the EC2