I have downloaded Usergrid to run on my local environment. I am having issues starting up with it though . For starters I am not able to login Usergrid console. I used the default password test/test & superuser/superpassword but I am not able to get into the console. Any suggestions how I can get around this?
On the log I see the following message:
29-Nov-2014 11:28:52,413][ERROR][AWT-EventQueue-0] org.apache.usergrid.launcher.Server.getAccessTokenForAdminUser(Server.java:603) Unable to get user: test#usergrid.com
[29-Nov-2014 11:28:52,413][ERROR][AWT-EventQueue-0] org.apache.usergrid.persistence.cassandra.EntityManagerImpl.validate(EntityManagerImpl.java:1760) Unable to load entity: 00000000-0000-0000-0000-000000000001
[29-Nov-2014 11:28:52,423][ERROR][AWT-EventQueue-0] org.apache.usergrid.launcher.Server.getAdminUUID(Server.java:615) Unable to get user: test#usergrid.com
[29-Nov-2014 11:28:52,423][ERROR][AWT-EventQueue-0] org.apache.usergrid.persistence.cassandra.EntityManagerImpl.validate(EntityManagerImpl.java:1760) Unable to load entity: 00000000-0000-0000-0000-000000000001
[29-Nov-2014 11:28:52,433][ERROR][AWT-EventQueue-0] org.apache.usergrid.launcher.Server.getAccessTokenForAdminUser(Server.java:603) Unable to get user: test#usergrid.com
[29-Nov-2014 11:28:52,433][ERROR][AWT-EventQueue-0] org.apache.usergrid.persistence.cassandra.EntityManagerImpl.validate(EntityManagerImpl.java:1760) Unable to load entity: 00000000-0000-0000-0000-000000000001
[29-Nov-2014 11:28:52,443][ERROR][AWT-EventQueue-0] org.apache.usergrid.launcher.Server.getAdminUUID(Server.java:615) Unable to get user: test#usergrid.com
-S
Be sure to create an Organization and an admin user for it. Nothing happens until that is done.
curl -X POST \ -d 'organization=myfirstorg&username=myadmin&name=Admin&email=admin#example.com&password=password' \ http://localhost:8080/management/organizations
At this point you will have an Org and Admin User, so you should be good to go.
Related
So I am using vault approle with airflow as secret backend and it keeps throwing permission denied error on $Vault_ADDR/v1/auth/approle/login. I tried using approle from CLI like:
vault write auth/approle/login role_id="$role_id" secret_id="$secret_id"
and it works fine.
But if I try it using API:
curl --request POST --data #payload.json $VAULT_ADDR/v1/auth/approle/login
where payload.json contains secret and role id. It fails with permission denied.
Here is my policy:
vault policy write test-policy -<<EOF
path "kv/data/airflow/*" {
capabilities = [ "read", "list" ]
}
EOF
It works fine for reading on this path.
and role:
vault write auth/approle/role/test-role token_ttl=4h token_max_ttl=5h token_policies="test-policy"
Don't know why it is failing with API.
An important thing to mention is that I am using cloud based HCP Vault.
The problem is with your app_role authentication.You need to provide admin namespace in your url.
Change this:
curl --request POST --data #payload.json $VAULT_ADDR/v1/auth/approle/login
To this:
curl --request POST --data #payload.json $VAULT_ADDR/v1/admin/auth/approle/login
Furthermore, if you are trying to access from a third party tool like airflow then try adding "namespace=admin" in your config file.
Found the problem. HCP vault uses namespace (default = admin). Namespace was needed in url :
$VAULT_ADDR/v1/admin/auth/approle/login
but the problem still exists in Airflow's Hashicorp provider. Changing the auth_mount_point still concatenates it at the end as :
$VAULT_ADDR/v1/auth/{$auth_mount_point}
I am running nginx-ingress v0.44.0 on Kubernetes version v1.20.2, install ingress using helm chat ingress-nginx-3.23.0. nginx taking the traffic from the log file I see this error message.
E0209 23:21:41.300842 6 token_source.go:152] Unable to rotate token: failed to read token file "/var/run/secrets/kubernetes.io/serviceaccount/token": open /var/run/secrets/kubernetes.io/serviceaccount/token: permission denied
E0209 23:21:41.316286 6 token_source.go:152] Unable to rotate token: failed to read token file "/var/run/secrets/kubernetes.io/serviceaccount/token": open /var/run/secrets/kubernetes.io/serviceaccount/token: permission denied
Nignx is running uid 101 but serviceaccount directory owned by root user.
How to fix this error message?
Thanks
It's kinda odd, as I've tested I haven't experienced such a error.
You could use securityContext, set
fsGroup: 101 or
runAsUser/runAsGroup
But still the ingress-nginx sets appropriate securityContext (for example to bind on 80/443), so it should work.
As #sfgroups mentioned solution is to make nignx not running uid 101 but 0.
Add flag to installation command: --set controller.image.runAsUser=0.
Read: helm-nginx-ingress-installation.
Install OpenStack using RDO packstack --allinone, got stuck at the prompt asking for password.
Which password is it asking for?
Welcome to the Packstack setup utility
Installing:
Clean Up [ DONE ]
Discovering ip protocol version [ DONE ]
Password:
Password:
Password:
Setting up ssh keys [ ERROR ]
ERROR : Failed to run remote script, stdout:
I tried every password that I've ever set and none of them worked out. I also reset my root password using passwd and problem remains.
Anyone has the similar issue could you please help me out? Thanks!
There are several passwords that are used during the install. You can see which ones are being asked for by saving the input to an answer file.
From here you can see you to save the answer file.
https://www.rdoproject.org/install/packstack/
sudo packstack --allinone --answer-file
This page lists all of the passwords that are used for the installation.
I try to install https://github.com/roots/bedrock-ansible to get a bedrock deployment (http://roots.io/wordpress-stack/) running.
When I run "vagrant up", after some time I get the error:
TASK: [capistrano-setup | Setup deploy group] *********************************
skipping: [default]
TASK: [capistrano-setup | Setup deploy user] **********************************
skipping: [default]
TASK: [capistrano-setup | Adding public key to server] ************************
fatal: [default] => could not locate file in lookup: ~/.ssh/id_rsa.pub
FATAL: all hosts have already failed -- aborting
PLAY RECAP ********************************************************************
to retry, use: --limit #/Users/johannes/site.retry
default : ok=46 changed=16 unreachable=1 failed=0
Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.
I do not have a clou how i can fix this. Do you have an idea?
It seems the role is trying to find your local public key. It should be in the location in the error message '~/.ssh/id_rsa.pub', but it's not. So either you don't have one, or you keep it in another location.
If you're not familiar with generating SSH keys you probably don't have one. I personally like the GitHub help page for this: https://help.github.com/articles/generating-ssh-keys/
(you only have to perform steps 1 and 2).
If you do have SSH keys, but in a different location, the capistrano-install role in bedrock uses some variables:
deploy_user: deploy
deploy_keys:
- "~/.ssh/id_rsa.pub"
So you can set (multiple) public key files in the deploy_keys list and they will be added to the deploy_user's authorized keys.
All this is needed because Capistrano will use the deploy user to connect to the remote server later. http://blakesmith.me/2010/02/08/understanding-public-key-private-key-concepts.html
How can we verify that SFTP access has been granted on a server, without installing any software/tools?
Most servers have curl and scp installed, which you can use to log into an SFTP server. To test if your credentials work using curl, you could do this:
$ curl -u username sftp://example.org/
Enter host password for user 'username':
Enter your password and if it works you'll get a listing of files (like ls -al), if it doesn't work you'll get an error like this:
curl: (67) Authentication failure
You could also try using scp:
$ scp username#example.org:testing .
Password:
scp: testing: No such file or directory
This verifies that you that you were able to log in, but it couldn't find the testing file. If you weren't able to log in you'd get a message like this:
Permission denied, please try again.
Received disconnect from example.org: 2: ...error message...
One of the many ways to check for SFTP access using password based authentication:
sftp username#serverName
or
sftp username#serverIP
And then entering password.
You will get "Permission denied, please try again." message if it fails otherwise you will be allowed inside the server with screen-
sftp>
You can test it fully works with commands like ls, mkdir etc.
Try logging in.
Not being snarky -- that really is probably the simplest way. By 'verify[ing] that SFTP access has been granted," what you're really doing is checking is a particular l/p pair is recognized by the server.
Alternatively, other than doing the "sftp -v" command mentioned above, you can always cat the SSH/SFTP logs stored on any server running sshd and direct them to a file for viewing.
A command set like the following would work, where 1.1.1 would be the /24 of the block you are trying to search.
cd /var/log/
cat secure.4 secure.3 secure.2 secure.1 secure |grep sshd| grep -v 1.1.1> /tmp/secure.sshd.txt
gzip -9 /tmp/secure.sshd.txt
G'day,
What about telnet on to port 115 (if we're talking Simple FTP) and see what happens when you connect. If you don't get refused try sending a USER command, then a PASS command, and then a QUIT command.
HTH
cheers,
In SFTP , the authentication can be of following types :
1. Password based authetication
2. Key based authentication
But if u r going for key based authentication then u have to prepare setup according to that and
proceed the login procedure.If the key based authentication fails it automatically asks for password means it automatically switches to password based mode. By the way if u want to verify u can use this on linux :
"ssh -v user#IP "
It will show u all the debug messages , and if the authentication is passed u will be logged in otherwise u will get "Permission denied". Hope this will help u.