I am trying to login to Rundeck community (4.5.0) that I installed on a AWS ECS cluster behind an Application Load Balancer. The health checks on target groups are good/healthy and I can reach the landing page of Rundeck too.
Once I enter default admin credentials, the page keeps loading for more an hour and times out eventually. There are no error logs in Cloudwatch as well. Same image works locally but not on AWS setup.
Any ideas or suggestions on how to solve this is welcome.
You need to set RUNDECK_SERVER_FORWARDED=true env var in your deployment. Take a look at this.
Related
I am trying to have users access Keycloak from a different hostname through a proxy. Instead of the actual AWS hostname aws.exampleurl.com:8080 I have a proxy which routes all traffic from example.hostname.com/auth to the AWS url. I am able to access the Keycloak welcome screen and kick off the administrator login (with failed CSS loads which I assume is due to the same issue but I'm not sure), but when I input a set of credentials I am told that there was no cookie found. I have the cookies set to allow all in my browser (Brave).
I have set the HOSTNAME_URL env var to example.hostname.com/auth, tried using a mixture of the HOSTNAME and HOSTNAME_PATH env vars. I have tried setting HOSTNAME_STRICT to false, but to no luck. I've tried restarting the service and restarting the database I have running with Keycloak but these changes have also not worked.
Any ideas on how to get this running correctly would be amazing. Let me know if more info is needed to reproduce.
This is driving me crazy, been trying to get this to work for 3 days now: I'm trying to connect a kubernetes deployment to my Cloud SQL database in GCP.
Here's what I've done so far:
Set up the cloud SQL proxy to work as a sidecar in my deployment
Created a GKE service account and attached it to my deployment
Bound the GKE service account to my GCP service account
Edited to the service account (to what I can tell) is owner permission
Yet what I run the deployment in GKE I still get:
the default Compute Engine service account is not configured with sufficient permissions to access the Cloud SQL API from this VM. Please create a new VM with Cloud SQL access (scope) enabled under "Identity and API access". Alternatively, create a new "service account key" and specify it using the -credential_file parameter
How can I fix this? I can't find any documentation on how to set up the service account to have the correct permissions with Cloud SQL or how to debug this issue. Every single tutorial I can find ends with "bind your service account" and then stops. Nothing that describes what permissions are needed, and nothing about how to actually connect to the DB from my code (how would my code talk to the proxy?).
Please help
FINALLY got it to work!
Two major pieces that the main article on this (cloud.google.com/sql/docs/mysql/connect-kubernetes-engine) glosses over:
Properly setting up workload identity, for which I found these links to be very helpful:
a) https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
b) https://www.youtube.com/watch?v=l-nws1e4B8M
To connect to the DB you have to have your code use the DB host 127.0.0.1
We're trying to get our first containerized build running in Azure Devops Server.
The build runs fine in the container, but, unfortunately, it needs to access resources on another server. As such, I need this to be running as a domain user (GMSA account will work) so that it can authenticate the network share to access those resources.
I can't seem to find any documentation on running a containerized build as a specific user.
Can anyone point me to how to setup the yml for passing credentials, or gmsa account? That would be great.
Thanks in advance
Alright... so I figured it out.
First you have to create a credential spec
In powershell New-CredentialSpec -AccountName GMSAAccountName
Then add this in the yml file beneath the container declaration:
options: --security-opt "credentialspec=file://Domain_GMSAAccountName.json"
That was it... and now it works.
Have you tried using PAT(Personal Access Token) to run in agent build?
When setup asks for your authentication type, choose PAT. Then paste the PAT token you created into the command prompt window.
https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/v2-windows?view=azure-devops#permissions
Trying to simply connect to the master ui ui interface.
I guess we got it all in the title, Just tried any commands related to auth, nothing to do. kubectl config view won't provide a user and its associated password.
Hope that'll sound obvious to some;
Best
If you are running the Google gke, you may not find your admin pass(web-ui too) with kubectl config view.
However, you can get it from https://console.cloud.google.com/ --> Container Engine --> Show Credentials.
Hi I am trying to deploy the Custom Login application give in
Github
to Bluemix I deployed the .wlapp to the container. But I could not deploy the AuthAdapter provided. It is failing to get deployed.
Keeping that aside I tried to deploy the starter application provided in the
https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/7.1/ibm-containers/sample-app/
It is giving Error shown is as below
The request is coming to my localhost mobilefirst server
What should I do to solve this problem and get the apps deployed on bluemix mfp container
How to deploy custom auth adapters which is not getting deployed to Bluemix
You did not mention if you are using the pre-configured evaluation container, or your own container.
Pre-configured: https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/7.1/ibm-containers/evaluate/
Your own container: https://mobilefirstplatform.ibmcloud.com/tutorials/en/foundation/7.1/ibm-containers/run/
You can't open a question and say "deployment fails". It's not going to help anyone solve your problem. mention the error you're getting during the deployment attempt.
An "auth adapter" implies it is using some security test(s). If your server on Bluemix (see "your own container") was not configured correctly with said security test(s) in its authenticationConfig.xml file, this could fail an adapter deployment.
The screen shot in your question clearly shows a CORS issue. Chrome does not allow CORS (attempting to get data for different domains).
Make sure that your application points to the correct server - not your local host one, since you want to use your Bluemix server, right? So in its worklight.plist file or wlclient.properties file, make sure the wlHost property is pointing to the correct server.