JFrog Xray installation Docker install on CentOS - permission denied - artifactory

Trying to install JFrog Xray on a CentOS machine, using the Docker installer.
I've created a /opt/xray directory, where I've downloaded the install file into.
Then ran chmod +x xray on this file.
When I try to install using sudo "./xray install", I get the following output:
[root#xray xray]# sudo ./xray install
INFO: Using XRAY_MOUNT_ROOT=/root/.jfrog/xray
Verifying Xray prerequisites ...
WARNING: Running with 3GB Total RAM
WARNING: Running with 1 CPU Cores
The System resources are not aligned with Xray minimal prerequisites, Do you want to proceed with the process? [Y
touch: cannot touch '/data/installer.info': Permission denied
Are you adding this node to an existing cluster? (not relevant for the first cluster node) [Y/n]: n
mkdir: cannot create directory '/xray_global_mount_root/xray': Permission denied
./wrapper.sh: line 583: /xray_global_mount_root/xray/ha/ha-node.properties: No such file or directory
./wrapper.sh: line 586: /data/installer.info: Permission denied
./wrapper.sh: line 589: /data/installer.info: Permission denied
./wrapper.sh: line 592: /data/installer.info: Permission denied
ERROR: Installation failed
Any ideas what may be causing this?

I had a similar issue on RHEL and it was selinux getting in the way. To fix it, change the following line in the xray script: -
XRAY_VOLUMES="-v ${XRAY_MOUNT_ROOT}/xray-installer:/data -v ${XRAY_MOUNT_ROOT}:/xray_global_mount_root"
To this: -
XRAY_VOLUMES="-v ${XRAY_MOUNT_ROOT}/xray-installer:/data:z -v ${XRAY_MOUNT_ROOT}:/xray_global_mount_root:z"
(basically adding :z to each volume).
This makes sure the folder is labelled to be used by multiple containers in selinux.

Related

OpenVAS installation and running errors

I've installed Greenbone Security Assistant Version 9.0.1 (OpenVAS) by this instruction on my VirtualBox's Ubuntu 20.4.
sudo apt install postgresql
sudo add-apt-repository ppa:mrazavi/gvm
sudo apt install gvm
greenbone-nvt-sync
sudo greenbone-scapdata-sync
sudo greenbone-certdata-sync
Unfortunately, it does not works.
When I'm trying to create a task by Wizard, I have the task completed just in moment, with an empty log. And that's all.
I've tried three commands:
systemctl status ospd-openvas # scanner
systemctl status gvmd # manager
systemctl status gsad # web ui
Everything is okay, except ospd-openvas. The status is green and active, but there are some errors too:
Jul 20 15:00:27 alex-VirtualBox ospd-openvas[833]: OSPD - openvas:
ERROR: (ospd_openvas.daemon) Failed to create feed lock file
/var/run/ospd/feed-update.lock. [Errno 2] No such file or directory:
'/var/run/ospd/feed-update.lock'
From the error message it looks like the directory /var/run/ospd/ does not exist.
Create the directory and try to restart the service.
In ubuntu 20.04 /var/run points to /run which is a temporary file system. That means that if you create the directory /var/run/ospd manually, it will be gone after the next reboot. To fix it permanently (in case the missing directory is the issue), please refer to this post.
This may help some people with some of the issues I've been facing:
mkdir -p /var/run/ospd/
touch /var/run/ospd/feed-update.lock
chown gvm:gvm /var/run/ospd/feed-update.lock

Permission issues with external ntfs HDD, gitlab-ctl reconfigure changing permissions: "Operation not permitted"

I'm using gitlab on a rasberry pi model 3 B. Following some information about my setup (sudo gitlab-rake gitlab:env:info):
System information
System: Raspbian 8.0
Current User: git
Using RVM: no
Ruby Version: 2.3.6p384
Gem Version: 2.6.13
Bundler Version:1.13.7
Rake Version: 12.3.0
Redis Version: 3.2.11
Git Version: 2.14.3
Sidekiq Version:5.0.5
Go Version: go1.3.3 linux/arm
GitLab information
Version: 10.6.0-rc3
Revision: 52fa89e
Directory: /opt/gitlab/embedded/service/gitlab-rails
DB Adapter: postgresql
URL: http://gitlab.example.com
HTTP Clone URL: http://gitlab.example.com/some-group/some-project.git
SSH Clone URL: git#gitlab.example.com:some-group/some-project.git
Using LDAP: no
Using Omniauth: no
GitLab Shell
Version: 6.0.3
Repository storage paths:
- default: /mnt/SeagateExpansion/GitLab/repositories
Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks
Git: /opt/gitlab/embedded/bin/git
After the gitlab update to version 10.6.0 I need to change the url again but when I do the necessary changes in /etc/gitlab/gitlab.rb and run sudo nano gitlab-ctl reconfigure I get the following error messages:
========================================================================
Error executing action `run` on resource 'ruby_block[directory resource:
/mnt/SeagateExpansion/GitLab]'
========================================================================
and
============================================================================
Error executing action `create` on resource
'storage_directory[/mnt/SeagateExpansion/GitLab]'
============================================================================
The result message says:
There was an error running gitlab-ctl reconfigure:
storage_directory[/mnt/SeagateExpansion/GitLab] (gitlab::gitlab-rails line 42) had an error: Mixlib::ShellOut::ShellCommandFailed: ruby_block[directory resource: /mnt/SeagateExpansion/GitLab] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/package/resources/storage_directory.rb line 33) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '1'
---- Begin output of chmod 00700 /mnt/SeagateExpansion/GitLab ----
STDOUT:
STDERR: chmod: changing permissions of ‘/mnt/SeagateExpansion/GitLab’: Operation not permitted
---- End output of chmod 00700 /mnt/SeagateExpansion/GitLab ----
Ran chmod 00700 /mnt/SeagateExpansion/GitLab returned 1
So the problem seems to be, that the execution of the run and create command on the resource storage (GitLab folder on the external HDD [HDD = SeagateExpansion]) expects the permissions to be 700, right?
According to this errors I tried to change the permission of
the external HDD folder /mnt/SeagateExpansion/GitLab see the ls -l output:
drwxrwxrwx 1 root GitLabUser 0 Jan 4 17:55 GitLab
With the help of this post I tried to change the permission with the command:
sudo find /mnt/SeagateExpansion/GitLab -type d -exec chmod 700 {} \;
to the required permission 700. But the changes don't take affect. I also tried chmod -R 700 /mnt/SeagateExpansion/GitLab and executed the commands as root but the changes don't take effect. Even after restarting the raspberry pi. What am I doing wrong?
I also tried to change the options settings/flag of the HDD in /etc/fstab to user but this doesn't help ether.
I'm thankful for every hint and answer :).
Best regards,
Bredjo
I finally figured it out. The solution is to change the mount settings in the /etc/fstab. Because if you have the wrong options settings (see: https://en.wikipedia.org/wiki/Fstab) you are not able to change the permissions because its a ntfs filesystem.
So my old fstab entry was this:
UUID=FE820568820526AD /mnt/SeagateExpansion ntfs defaults,gid=GitLabUser 0 0
And the new entry is this:
UUID=FE820568820526AD /mnt/SeagateExpansion ntfs-3g permissions 0 0
Note that you need to install ntfs-3g to use it in fstab. And the permissions options only comes with ntfs-3g. See: https://www.tuxera.com/community/ntfs-3g-advanced/ownership-and-permissions/
After this change I executed again:
sudo gitlab-ctl reconfigure
Now the error disappeared and the permission 700 of the folder /mnt/SeagateExpansion/GitLab could be set. I also noticed that the owner of the GitLab folder was also changed to user git after the reconfiguration:
drwx------ 1 git root 0 Jan 4 17:55 GitLab
That's because I don't need the option gid=GitLabUserany more.
Now everything works again :).

Error: Error trying install composer runtime. Error: Connect Failed

Prog:dist abhishek$ composer network deploy -a my-network.bna -p hlfv1 -i PeerAdmin -s randomString
Deploying business network from archive: my-network.bna
Business network definition:
Identifier: my-network#0.1.6
Description: My Commodity Trading network
✖ Deploying business network definition. This may take a minute...
Error: Error trying deploy. Error: Error trying install composer runtime. Error: Connect Failed
Command failed
when trying to install the composer runtime,returns
Prog:dist abhishek$ composer runtime install -n my-network -p hlfv1 -i PeerAdmin -s randomString
✖ Installing runtime for business network my-network. This may take a minute...
Error: Error trying install composer runtime. Error: Connect Failed
Command failed
I've been working through the Hyperledger Composer tutorial (https://hyperledger.github.io/composer/tutorials/developer-guide.html) on an older Mac, running OS X Mavericks 10.9.5, which means I'm using Docker Toolbox instead of Docker for Mac. I encountered the same error message when deploying the sample Trading network .bna file on my local dev environment Fabric network.
Here is the command in Terminal:
$ composer network deploy -a my-network.bna -p hlfv1 -i PeerAdmin -s randomString -A admin -S
And here is the error log:
Error: Error trying deploy. Error: Error trying install composer runtime. Error: Connect Failed
In my case, it was because Docker Toolkit answers to on an IP address assigned when you start docker, instead of localhost, 127.0.0.1, etc.
If you are also using Docker Toolkit and are getting the same error, first find the docker IP number, which should be listed under the Docker Whale logo in Terminal when you started it, and then edit the following files (TextEdit should be fine), changing all references to localhost and 127.0.0.1 to the IP number (leave the ports, such as :7050, there):
fabric-tools/fabric-scripts/hlfv1/composer/configtx.yaml
fabric-tools/fabric-scripts/hlfv1/composer/docker-compose.yml
fabric-tools/fabric-scripts/hlfv1/createComposerProfile.sh
fabric-tools/fabric-scripts/hlfv1/createPeerAdminCard.sh
Then, back in Terminal, navigate back to fabric-tools, and if Fabric is already started, stop it, and then recreate the Composer Profile, as documented:
$ ./stopFabric.sh
$ ./createComposerProfile.sh
The log should now show the Docker Toolkit IP for the orderers, CA and peers. Now restart Fabric:
$ ./startFabric.sh
Navigate back to fabric-tools/my-network/dist and re-run the compose command, and if all goes well, it should connect properly.
Is your Fabric running? What is the output of docker ps?
Try doing the next:
Pick a directory that you want and install Hyperledger Fabric and Hyperledger Composer Playground running:
curl -sSL https://hyperledger.github.io/composer/install-hlfv1.sh | bash
Then run your command.
Try the code below:
$composer runtime install -c PeerAdmin#hlfv1 -n basic
$composer network deploy -a basic.bna -A admin -S adminpw -c PeerAdmin#hlfv1 -f admincard

Rstudio server on Ubuntu 16.04.2 LTS, RStudio initialization error: unable to connect to service

I have successfully installed Rstudio server (open source) on VM located on Ubuntu 16.04.2 LTS in the institute cluster. I can access the URL on port 8787. But when I try to sign in to Rstudio using my username and password, it processes for few seconds and then shows the following:
RStudio initialization error: unable to connect to service
I did not get any error when I ran command sudo rstudio-server verify-installation. But when I checked /var/log/syslog which shows the following:
ERROR system error 13 (Permission denied) [path=/home/biology/.rstudio, target-dir=]; OCCURRED AT: rstudio::core::Error rstudio::core::FilePath::createDirectory(const string&) const /home/ubuntu/rstudio/src/cpp/core/FilePath.cpp:826; LOGGED FROM: int main(int, char* const*) /home/ubuntu/rstudio/src/cpp/session/SessionMain.cpp:3303
PS: R version 3.3.2 (2016-10-31); rstudio-server-1.0.136-amd64.deb
Suggestions please.
Thanks!
I got the solution for this. I was already having the root access and I proceeded as follows:
1) mkdir /home/biology/.rstudio
2) mkdir /home/biology/.rstudio/graphics-r3
3) sudo chown -R biology:my_group .rstudio
and it worked :)
I had the same issue as #gbioinfo (R version 3.4.2; rstudio-server-1.1.383-amd64.deb; ubuntu 16.04) and had to run the first two commands as sudo.
This is most likely Permission for the home directory of the system user that you are trying to use to login to rstudio.
lets assume that the username is "rstudio_user". simply make sure that you have a home directory created for this user and this user has full permissions or ownership permission to access the directory.
At least for my experience, when I created the username, the username didn't have a home directory. so simply follow the below
sudo mkdir /home/rstudio_user
sudo chown -R rstudio_user rstudio_user

Compile node projects without using sudo

I feel like this is more of a unix question, but I'm looking to compile node projects without using the sudo command each time.
Example:
$ node server.js
Results in the following error:
node.js:63
throw e;
^
Error: EACCES, Permission denied
....
Is there any way to permanently give node root access?
Thanks!
Matt
Root has permanent root access, so just become root.
$ sudo su
Or:
Install node.js without using sudo
Double-check that your directories you are working in are actually writable by a non-root user.

Resources