I'm trying to deploy one in my project with DeployBundle and made the following settings:
parameter.yml
jordi_llonch_deploy:
config:
project: delivve
vcs: git
servers_parameter_file: app/config/parameters_deployer_servers.yml
local_repository_dir: /home/deploy/local_repository
clean_max_deploys: 7
ssh:
proxy: cli
user: user
password: 'password'
public_key_file: '/home/user/.ssh/id_rsa.pub'
private_key_file: '/home/user/.ssh/id_rsa'
private_key_file_pwd: 'password'
zones:
prod_myproj:
deployer: delivve
environment: prod
checkout_url: 'https://user#bitbucket.org/user/project-webservice.git'
checkout_branch: master
repository_dir: /var/www/production/delivve/deploy
production_dir: /var/www/production/delivve/code
parameters_deployer_servers.yml
prod_myproj:
urls:
- user#localhost:22
It has also the service and the setting but it seems this working out that part.
My problem is when I give the command:
sudo php app/console deployer:initialize --zones=prod_myproj
of the following error:
[prod_myproj]
[2016-01-04 18:25:55] app.CRITICAL: Not implemented
ROLLBACK [prod_myproj]
[2016-01-04 18:25:55] app.CRITICAL: Not implemented
Anyone know what can this happening, and how could solve, or to deploy with this bundle?
This looks like comming from the password authentication (https://github.com/jordillonch/DeployBundle/blob/3f8e679eb2ac87d0cef9ea9dd4765afd24c6a266/SSH/CLISshProxy.php#L60).
Try removing jordi_llonch_deploy.config.ssh.password from your config.yml (https://github.com/jordillonch/DeployBundle/blob/3f8e679eb2ac87d0cef9ea9dd4765afd24c6a266/SSH/SshClient.php#L76).
Related
We are using S2i Build command in our Azure Devops pipeline and using the below command task.
`./s2i build http://azuredevopsrepos:8080/tfs/IT/_git/shoppingcart --ref=S2i registry.access.redhat.com/ubi8/dotnet-31 --copy shopping-service`
The above command asks for user name and password when the task is executed,
How could we provide the username and password of the git repository from the command we are trying to execute ?
Git credential information can be put in a file .gitconfig on your home directory.
As I looked at the document*2 for s2i cli, I couldn't find any information for secured git.
I realized that OpenShift BuildConfig uses .gitconfig file while building a container image.*3 So, It could work.
*1: https://git-scm.com/book/en/v2/Git-Tools-Credential-Storage
*2: https://github.com/openshift/source-to-image/blob/master/docs/cli.md#s2i-build
*3: https://docs.openshift.com/container-platform/4.11/cicd/builds/creating-build-inputs.html#builds-gitconfig-file-secured-git_creating-build-inputs
I must admit I am unfamiliar with Azure Devops pipelines, however if this is running a build on OpenShift you can create a secret with your credentials using oc.
oc create secret generic azure-git-credentials --from-literal=username=<your-username> --from-literal=password=<PAT> --type=kubernetes.io/basic-auth
Link the secret we created above to the builder service account, this account is the one OpenShift uses by default behind the scenes when running a new build.
oc secrets link builder azure-git-credentials
Lastly, you will want to link this source-secret to the build config.
oc set build-secret --source bc/<your-build-config> azure-git-credentials
Next time you run your build the credentials should be picked up from the source-secret in the build config.
You can also do this from the UI on OpenShift, steps below are a copy of what is done above, choose one but not both.
Create a secret from YAML, modify the below where indicated:
kind: Secret
apiVersion: v1
metadata:
name: azure-git-credentials
namespace: <your-namespace>
data:
password: <base64-encoded-password-or-PAT>
username: <base64-encoded-username>
type: kubernetes.io/basic-auth
Then under the ServiceAccounts section on OpenShift, find and edit the 'builder' service account.
kind: ServiceAccount
apiVersion: v1
metadata:
name: builder
namespace: xxxxxx
secrets:
- name: azure-git-credentials ### only add this line, do not edit anything else.
And finally, edit your build config for the build finding where the git entry is and adding the source-secret entry:
source:
git:
uri: "https://github.com/user/app.git"
### Add the entries below ###
sourceSecret:
name: "azure-git-credentials"
I'm trying to run dagster using celery-k8s and using the examples/celery-k8s as a start. upon running the pipeline from playground I get
Initialization of resources [s3, io_manager] failed.
botocore.exceptions.NoCredentialsError: Unable to locate credentials
I have configured aws credentials in env variables as mentioned in the document
deployments:
- name: "user-code-deployment-test"
image:
repository: "somasays/dagster-usercode-example"
tag: "0.5"
pullPolicy: Always
dagsterApiGrpcArgs:
- "-f"
- "/workspace/repo.py"
port: 3030
env:
AWS_ACCESS_KEY_ID: AAAAAAAAAAAAAAAAAAAAAAAAA
AWS_SECRET_ACCESS_KEY: qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
AWS_DEFAULT_REGION: eu-central-1
and I can also see these values are set in the env variables of the pod and can also access the s3 location after pip install awscli and aws s3 ls see the screenshot below the job pod however throws Unable to locate credentials
Please help
The deployment configuration applies to the user code servers. Meanwhile the celery executor runs your pipeline code in separate kubernetes jobs. To provide your secrets there, you will want to configure the env_secrets field of the celery-k8s executor in your pipeline run config.
See https://github.com/dagster-io/dagster/blob/master/python_modules/libraries/dagster-k8s/dagster_k8s/job.py#L321-L327 for details on the config.
I'm using a fresh installation of Debian Stretch, and installed PHP7 and MariaDB as recommended:
sudo apt-get install nginx mariadb-server mariadb-client php-mysqli php7.0-fpm php7.0-curl
Then using sudo mysql_secure_installation I followed the prompts to remove test users etc.
MariaDB seems to use unix_socket authentication (which is a new concept to me). I like how it restricts root access to sudoers and allows me to grant DB permissions to specific OS users.
However I'd prefer to assign individual user/passwords for each web application running on the server. They all run as www-data user on the system and I see no reason to let them share databases.
So I created a user for my first PHP script and granted access to a new database:
CREATE USER 'telemetry'#'localhost' IDENTIFIED BY 'yeah_toast';
UPDATE mysql.user SET plugin='mysql_native_password' WHERE user='telemetry';
GRANT ALL PRIVILEGES ON telemetry TO 'telemetry'#'localhost';
FLUSH PRIVILEGES;
But it refuses to let me connect from the application:
[error] 19336#19336: *20 FastCGI sent in stderr: "PHP message: PHP Warning: mysqli::real_connect(): (HY000/1045): Access denied for user 'telemetry'#'localhost' (using password: YES) in /path/to/database.inc.php on line 30
The credentials I'm using from the application are as follows:
Host: localhost (also tried 127.0.0.1)
Username: telemetry
Password: yeah_toast
Database: telemetry
I tried deleting and re-creating the username in case it was a password problem, and creating a user #'localhost' and #'%' but none seem to work. In fact when I log in using the same credentials from the command line without sudo it works great (mysql -utelemetry -p).
Am I missing a MariaDB configuration step here?
I am able to do following
install salt master, minion (using root user)
login in master machine and execute salt command to install java / tomcat into minion server
result : java/tomcat is installed via root user
What i want to do is
install java / tomcat in minion server by user name 'tomcatuser'
As per my understanding only way of doing this is if i install my minion via tomcatuser.
Is my understanding correct ?
Any other way ?
I think you mix up the saltstack controller and how it control the application configuration.
For salt master and minion to communicate, you need to start both services as root, to control most of the configuration process. Then from there on, you can specify the user and group for application deployment inside your sls configuration.
Now come to your Tomcat/java/whatever package, you can refer to the salt stack configuration, to specify your own user group of the configuration and even startup(with other modification). e.g.
Deploy foo configuration:
file.managed:
- name: /etc/foo.conf
- source:
- salt://foo.conf
- user: foo
- group: users
- mode: 644
Then to startup your tomcat, you can do the similar by using a crontab and specify the user you want (as long as it is not load under service port smaller than 1024) . Or you can check whether salt.states.tomcat is helpful to start the services : https://docs.saltstack.com/en/latest/ref/states/all/salt.states.tomcat.html
I developed a little management application with Symfony. It works a lot on local. I put it all on my webserver (called Planethoster), and I've got the following message when I try to login in my application using app.php:
SQLSTATE[HY000] [1045] Access denied for user 'root'#'localhost' (using password: NO)
But in my parameters.yml file, I have not put the root user, it's another standard user that can only SIUD. I believe that app.php does not load my parameters.yml or config.yml file.
The last but not the least, I can log in using app_dev.php. It works but not with app.php.
Verify your Database settings in app/config_prod.yml for production use.
clear your cache by php app/console cache:clear --env=prod