I am running a newly created OpenStack Cluster using the latest version (Mitaka)
and I want to use salt-cloud to prevision and manage some vm's. Form what I can see salt-cloud does not handle keystone identity V3 api and therefore it can not authorities and access the OpenStack ack api's
sudo salt-cloud --list-images=my-nova
my current provider config looks like the following since it looks like the openstack driver is being deprecated I am using nova. the identity url is identical to the one listed in horizon and I have tested using curl that the master can talk to OpenStack
my-nova:
identity_url: 'http://controller:35357/v3'
compute_region: nova
user: admin
password: pass
project-user: default
project-domain: default
tenant: default
driver: nova
running the above command I get the following message
Failed to get the output of 'nova.avail_images()': The request you have made requires authentication. (HTTP 401)
running a tcp dump on keystone I get the following:
..#.,..VPOST /v3/v2.0/tokens HTTP/1.1
Host: controller:35357
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: application/json
User-Agent: python-novaclient
Content-Type: application/json
Content-Length: 101
{"auth": {"tenantName": "admin", "passwordCredentials": {"username": "admin", "password": "pass"}}}
By the looks of it salt-stack / python-nova is using the old v2.0 auth api which is not available in Mitaka. Have not seen any documentation, I proably missing something the the salt-cloud providers config to tell nova to use the v3 API
Related
I created a new Blazor (Server-side) application with Windows Authentication and run it using IIS Express. It will display a message of "Hello Domain\User!" from the following razor component (...\BlazorApp1\BlazorApp1\Shared\LoginDisplay.razor) on top right.
<AuthorizeView>
Hello, #context.User.Identity.Name!
</AuthorizeView>
If running using Kestrel, the message is not shown. So I tried the following steps to make it work in Kestrel.
Import NuGet package Microsoft.AspNetCore.Authentication.Negotiate
Add the following code in ConfigureService() in Startup.cs.
services.AddAuthentication(NegotiateDefaults.AuthenticationScheme).AddNegotiate();
Add the following code in Configure() in Startup.cs. They are added between app.UseRouting(); and app.UseEndpoints(...;
app.UseAuthentication();
app.UseAuthorization();
It still doesn't show the Hello message. And I read "Anonymous requests are allowed. Use ASP.NET Core Authorization to challenge anonymous requests for authentication." in the document, so I did the following to disable anonymous requests.
In _Host.cshtml, added the following lines after #namespace BlazorApp1.Pages.
#using Microsoft.AspNetCore.Authorization
#attribute [Authorize]
However, the message is still not displayed? Does it mean the authorization is not working?
Update:
I updated the file ...\BlazorApp1\BlazorApp1\Shared\LoginDisplay.razor to
<AuthorizeView>
<Authorized>
Hello, #context.User.Identity.Name!
</Authorized>
<NotAuthorized>
You are not authorized to view that page...
</NotAuthorized>
</AuthorizeView>
It shows "You are not authorized to view that page...". It seems the Windows Authentication is not working?
Update2:
The following is mentioned in the doc.
Windows environment configuration
The Microsoft.AspNetCore.Authentication.Negotiate component performs User Mode authentication. Service Principal Names (SPNs) must be added to the user account running the service, not the machine account. Execute setspn -S HTTP/mysrevername.mydomain.com myuser in an administrative command shell.
I tried to run the following command in Administrator powershell console on my personnel PC at home.
setspn -S HTTP/mypcname myusername
However, it got the error
PS C:\WINDOWS\system32> setspn -S HTTP/desktop8930 nkucw
Ldap Error(0x51 -- Server Down): ldap_connect
Failed to retrieve DN for domain "" : 0x00000051
Warning: No valid targets specified, reverting to current domain.
FindDomainForAccount: Call to DsGetDcNameWithAccountW failed with return value 0x0000054B
Unable to locate account nkucw
Here is the output: (It shows "Authorization was successful." a few times in the log, but the last showes Authorization failed)
info: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[0]
User profile is available. Using 'C:\Users\nkucw\AppData\Local\ASP.NET\DataProtection-Keys' as key repository and Windows DPAPI to encrypt keys at rest.
info: Microsoft.Hosting.Lifetime[0]
Now listening on: https://localhost:5001
info: Microsoft.Hosting.Lifetime[0]
Now listening on: http://localhost:5000
info: Microsoft.Hosting.Lifetime[0]
Application started. Press Ctrl+C to shut down.
info: Microsoft.Hosting.Lifetime[0]
Hosting environment: Development
info: Microsoft.Hosting.Lifetime[0]
Content root path: C:\Users\nkucw**strong text**\source\repos\TestPS\BlazorApp1
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://localhost:5001/
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed.
info: Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler[12]
AuthenticationScheme: Negotiate was challenged.
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished in 135.0172ms 401
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://localhost:5001/
info: Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler[0]
None
info: Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler[1]
Incomplete Negotiate handshake, sending an additional 401 Negotiate challenge.
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished in 16.6473ms 401
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://localhost:5001/
info: Microsoft.AspNetCore.Authentication.Negotiate.NegotiateHandler[0]
None
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[1]
Authorization was successful.
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[0]
Executing endpoint '/_Host'
info: Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker[3]
Route matched with {page = "/_Host"}. Executing page /_Host
info: Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker[103]
Executing an implicit handler method - ModelState is Valid
info: Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker[104]
Executed an implicit handler method, returned result Microsoft.AspNetCore.Mvc.RazorPages.PageResult.
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[1]
Authorization was successful.
info: Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker[4]
Executed page /_Host in 206.51090000000002ms
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
Executed endpoint '/_Host'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished in 270.6847ms 200 text/html; charset=utf-8
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://localhost:5001/css/bootstrap/bootstrap.min.css
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://localhost:5001/css/site.css
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://localhost:5001/_framework/blazor.server.js
info: Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware[6]
The file /css/site.css was not modified
info: Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware[6]
The file /_framework/blazor.server.js was not modified
info: Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware[6]
The file /css/bootstrap/bootstrap.min.css was not modified
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished in 26.105700000000002ms 304 text/css
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished in 21.6629ms 304 application/javascript
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished in 21.6629ms 304 text/css
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://localhost:5001/css/open-iconic/font/css/open-iconic-bootstrap.min.css
info: Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware[6]
The file /css/open-iconic/font/css/open-iconic-bootstrap.min.css was not modified
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished in 7.1119ms 304 text/css
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 POST https://localhost:5001/_blazor/negotiate text/plain;charset=UTF-8 0
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[0]
Executing endpoint '/_blazor/negotiate'
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
Executed endpoint '/_blazor/negotiate'
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished in 22.780900000000003ms 200 application/json
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://localhost:5001/css/open-iconic/font/fonts/open-iconic.woff
info: Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware[6]
The file /css/open-iconic/font/fonts/open-iconic.woff was not modified
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET https://localhost:5001/_blazor?id=ase9fodeUXavBCDTwk1Suw
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
Request finished in 7.676900000000001ms 304 application/font-woff
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[0]
Executing endpoint '/_blazor'
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed.
Update3:
Found out it works in Edge, but not in Chrome. Is it a bug of the server-side Blazor?
Update4:
Even with Edge, keeping refreshing the page shows that it may not get the authentication sometimes.
I found your question while tackling a similar issue. I think I know the answer to your problem though - you can use a simple middleware which will challenge the authentication and display the login.
Add this in your Configure method:
app.UseMiddleware<ValidateAuthentication>();
Here is the middleware itself:
internal class ValidateAuthentication : IMiddleware
{
public async Task InvokeAsync(HttpContext context, RequestDelegate next)
{
if (context.User.Identity.IsAuthenticated)
await next(context);
else
await context.ChallengeAsync();
}
}
And in ConfigureServices :
services.AddSingleton<ValidateAuthentication>();
You should not need a constructor.
According to your description, I guess you may enable the IE user authentication automatic logon with current username and password setting, since the chrome also use this setting to avoid showing the popup for the windows auth.
I suggest you could try to follow below steps to modify the setting and try again.
1.Open the IE and find the internet options.
2.Modify the user authentication mode to promot for username and password
3.Close the ie and chrome and try again.
I'm trying to execute my jobs automatically from Gitlab webhooks with this instructions:
https://github.com/jenkinsci/gitlab-plugin
Now I have a Gitlab webhook when I test it the response is 200, but the response headers is
Response headers:
Server: nginx/1.10.3 (Ubuntu)
Date: Wed, 24 Oct 2018 20:43:43 GMT
Transfer-Encoding: chunked
Connection: close
X-Content-Type-Options: nosniff
Without response body
This is the expected response or an error?, my job is a multibranch pipeline, in Jenkins the job is not executed. My Jenkins work behind a proxypass with Nginx and the structure of my webhook url in Gitlab is https://jenkinsuser:jenkinsuserapiid#my.jenkins.server/project/myjob
In the Jenkins global configuration, in the Gitlab plugin in my Jenkins I can do a success test of the connection from Jenkins to Gitlab. I not have any idea about what is wrong
But in https://jenkinsuser:jenkinsuserapiid#my.jenkins.server/project/myjob what is myjob?
This: DOT_testing-webhook
or this: view/DevOps/job/DOT_testing-webhook/job/master/
The execution of curl -X POST https://USER:API_ID#my.jenkins.com/project/DOT_testing-webhook/dev response:
HTTP ERROR 404
Problem accessing /project/DOT_testing-webhook/dev. Reason:
Not FoundPowered by Jetty:// 9.4.z-SNAPSHOT
Response 200 looks OK. Response body depends on the plugin I guess. I use Generic Webhook Trigger Plugin and my response body has the Jenkins job name that was/ will be triggered. In your case maybe response body is blank because webhook could not find the job you configured in your webhook url or the plugin doesn't send any response back.
Your webhook URL should be in the below format as your job is within DOT_testing-webhook folder:
https://USERID:APITOKEN#JENKINS_URL/project/DOT_testing-webhook/master (if using global authentication - https://github.com/jenkinsci/gitlab-plugin#configuring-global-authentication)
https://JENKINS_URL/project/DOT_testing-webhook/master (if using per-project authentication - https://github.com/jenkinsci/gitlab-plugin#configuring-per-project-authentication) You will need to configure token in the Secret Token field in GitLab
Scenario
Attempting to curl archive from generic repository in Artifactory which worked for me the past few days.
Code
curl -i -H 'X-JFrog-Art-Api: <api-key>' -XGET https://<host>/artifactory/api/archive/download/<repo-name>/<dir>?archiveType=zip -o <out-file>
Problem
Today I tried running my curl command again and I get the below error
HTTP/1.1 400 Bad Request
Date: Thu, 09 Mar 2017 13:49:14 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Server: Artifactory/4.16.0
X-Artifactory-Id: <removed>
X-Artifactory-Node-Id: <removed>
{
"errors" : [ {
"status" : 400,
"message" : "There are too many folder download requests currently running, try again later."
} ]
}
Question
How can I resolve this, I have tried waiting it out but it's been more than 12 hours since I cannot pull down what I need?
This error message indicates that you have more than 10 concurrent download requests for folder archives. This is the default configuration, but it can be altered.
You can configure the max number of concurrent folder download in Admin > General Configuration > Folder Download Settings > Max Parallel Folder Downloads.
I'm running rabbitmq-server v3.3.5-1.1 on the Debian v8.2. I have enabled rabbitmq_web_stomp and rabbitmq_web_stomp_examples as per suggestion in the docs:
rabbitmq-plugins enable rabbitmq_web_stomp
rabbitmq-plugins enable rabbitmq_web_stomp_examples
All examples exposed at http://127.0.0.1:15670 work as intended, but they all use SockJS rather than native browser's WebSocket:
// Stomp.js boilerplate
var ws = new SockJS('http://' + window.location.hostname + ':15674/stomp');
var client = Stomp.over(ws);
I would like to stick to the WebSocket so I tried what was suggested in the docs:
var ws = new WebSocket('ws://127.0.0.1:15674/ws');
This throws an error to my face:
WebSocket connection to 'ws://127.0.0.1:15674/ws' failed: Error during WebSocket handshake: Unexpected response code: 404
Further tests with netcat confirm 404:
# netcat -nv 127.0.0.1 15674
127.0.0.1 15674 open
GET /ws HTTP/1.1
Host: 127.0.0.1
HTTP/1.1 404 Not Found
Connection: close
Content-Length: 0
Date: Sat, 23 Jan 2016 20:15:13 GMT
Server: Cowboy
Obviously cowboy does not expose /ws path, so I wonder:
Is it possible to reconfigure cowboy in this situation? How? Is it worth it?
May I use nginx in the place of the cowboy (preferred option)? How?
What other options do I have?
EDIT
RabbitMQ docs are misleading. Correct WebSocket URI:
http://127.0.0.1:15674/stomp/websocket
good job, but:
new WebSocket('http://127.0.0.1:15674/stomp/websocket')
VM98:2 Uncaught DOMException: Failed to construct 'WebSocket': The URL's scheme must be either 'ws' or 'wss'. 'http' is not allowed.(…)(anonymous function) ...
need to use ws/wss-schema:
new WebSocket('ws://127.0.0.1:15674/stomp/websocket')
WebSocket {url: "ws://127.0.0.1:15674/stomp/websocket", readyState: 0, bufferedAmount: 0, onopen: null, onerror: null…}
I can upload a file to my Apache web server using Curl just fine:
echo "[$(date)] file contents." | curl -T - http://WEB-SERVER/upload/sample.put
However, if I put a Squid proxy server in between, then I am not able to:
echo "[$(date)] file contents." | curl -x http://SQUID-PROXY:3128 -T - http://WEB-SERVER/upload/sample.put
Curl reports the following error:
Note: This error response was in HTML format, but I've removed the tags for ease of reading.
ERROR: The requested URL could not be retrieved
ERROR
The requested URL could not be retrieved
While trying to retrieve the URL:
http://WEB-SERVER/upload/sample.put
The following error was encountered:
Unsupported Request Method and Protocol
Squid does not support all request methods for all access protocols.
For example, you can not POST a Gopher request.
Your cache administrator is root.
My squid.conf doesn't seem to be having any ACL/rule that should disallow based on the src or dst IP addresses, or the protocol, or the HTTP method... as I can do an HTTP POST just fine between the same client and the web server, with the same proxy sitting in between.
In case of the failing HTTP PUT case, to see the request and response traffic that was actually occurring, I placed a netcat process in between Curl and Squid, and this is what I saw:
Request:
PUT http://WEB-SERVER/upload/sample.put HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: WEB-SERVER
Pragma: no-cache
Accept: */*
Proxy-Connection: Keep-Alive
Transfer-Encoding: chunked
Expect: 100-continue
Response:
HTTP/1.0 501 Not Implemented
Server: squid/2.6.STABLE21
Date: Sun, 13 May 2012 02:11:39 GMT
Content-Type: text/html
Content-Length: 1078
Expires: Sun, 13 May 2012 02:11:39 GMT
X-Squid-Error: ERR_UNSUP_REQ 0
X-Cache: MISS from SQUID-PROXY-FQDN
X-Cache-Lookup: NONE from SQUID-PROXY-FQDN:3128
Via: 1.0 SQUID-PROXY-FQDN:3128 (squid/2.6.STABLE21)
Proxy-Connection: close
<SNIPPED the HTML error response already shown earlier above>
Note: I have anonymized the IP addresses and server names throughout for readability reasons.
Thanks to Amos Jeffries for answering this on squid-users forum. The issue is basically that Squid before version 3.1 does not implement HTTP 1.1 and thus rejects the chunked transfer encoding.