how to re-install Kerberos client for ambari while wizard interrupt? - kerberos

The story was like this:
I wanted to enable the Kerberos service in ambari.I configured the server node kdc configuration but forgot to sync them to slave nodes. Then ran the wizard to enable kerberos, it got a failure after had already installed kerberos clients by the first step.
The error message shows that the client use admin#12 which realm is defalult by install kerberos server to client the kerberos server, while I configured the realm is EXAMPLE.COM. After I synced the configuration and re-ran the wizard, it has still shown the error.
I had tried every method to re-do. And also checked the operation in a new ambari environment.I guess the wrong realm is cached in the kerberos client. And every time re-run of the wizard, it skipped the install client step while it had been installed.
So, I come here to ask if there is a way to re-install the kerberos client.

The only option is to cleanup Kerberos completely and try enabling it again. Please use these set of cURL commands to clean up residual Kerberos configuration from Ambari (follow the sequence):
curl -H "X-Requested-By:ambari" -u admin:admin -i -X delete http://localhost:8080/api/v1/clusters/bahubali/hosts/bali1.openstacklocal/host_components/KERBEROS_CLIENT
curl -H "X-Requested-By:ambari" -u admin:admin -i -X delete http://localhost:8080/api/v1/clusters/bahubali/hosts/bali2.openstacklocal/host_components/KERBEROS_CLIENT
curl -H "X-Requested-By:ambari" -u admin:admin -i -X delete http://localhost:8080/api/v1/clusters/bahubali/hosts/bali3.openstacklocal/host_components/KERBEROS_CLIENT
curl -H "X-Requested-By:ambari" -u admin:admin -i -X GET http://localhost:8080/api/v1/clusters/bahubali/services/KERBEROS/components/KERBEROS_CLIENT
curl -H "X-Requested-By:ambari" -u admin:admin -i -X DELETE http://localhost:8080/api/v1/clusters/bahubali/services/KERBEROS/components/KERBEROS_CLIENT
curl -H "X-Requested-By:ambari" -u admin:admin -i -X GET http://localhost:8080/api/v1/clusters/bahubali/services/KERBEROS
curl -H "X-Requested-By:ambari" -u admin:admin -i -X DELETE http://localhost:8080/api/v1/clusters/bahubali/services/KERBEROS

Related

How do I access PostgreSQL by both socket and port?

I have started a PostgreSQL process as follows:
pg_ctl start -w -D /path/to/data -l /path/to/log -o "-F -k /path/to/unix/socket -h ''"
(alternatively -h '*' instead of -h '')
Aside, references for pg_ctl (the outer function) and postgres (the -o parameter)
and created a user (with password) and database:
createuser -P admin
createdb -O admin db
I can connect to the database via the unix socket (does not trigger a password prompt):
psql -h /path/to/unix/socket -U admin -d dbname
but connecting via the TCP port fails:
psql -h localhost -U admin -d dbname
Password for user snaprevs_admin:
psql: FATAL: password authentication failed for user "admin"
What do I need to change so that both the unix socket and TCP connections work as expected?
If you are performing a custom pg_ctl launch, you should check that there isn't a default service already running. If there is it will consume the default TCP port.
To stop the default service and prevent it from starting on next boot:
sudo systemctl disable postgresql --now
If you only want to stop it temporarily:
sudo service postgresql stop
You should now be able to stop and re-start your custom service (with -h '*'), then log in over TCP.

Can't change port of composer-rest-server

I want to change the port of the composer-rest-server and I'm using the -p flag as the help says
However the terminal says that I am missing a parameter
Input:
composer-rest-server -p 8919
Output:
Missing parameter. Please run composer-rest-server -h to see usage details
And when I type the -h flag:
-p, --port The port to serve the REST API on [number]
So, how do I run the composer-rest-server on a different port from 3000?
Use full format for running a business network in different port using this:
composer-rest-server -c admin#sample-network -p 8919
or you can add more parameter like authentication, multiple user support etc.
composer-rest-server -c admin#sample-network -p 8919 -a false -m true
Know all parameters meaning by using this command.
composer-rest-server --help
You must specify business network card name (required)
composer-rest-server -c businessNetworkCardName -p portNumber
For help
composer-rest-server -h
use
composer-rest-server -P portNumber
you are using -p which is use for connection profile name and
-P use for port number

Mongorestore command doesn't work as expected

i am trying to import my database to my mongoLab database, but it keep showing the following error:
2016-10-19T21:05:49.183+0800 Failed: error connecting to db server: server returned error on SASL authentication step: Authentication failed.
-bash: vd: command not found
This is how I ran my command:
mongorestore -h 243253423.mlab.com:2131242 -d meteor -u <Username> -p <Password> /Users/directory/desktop/mongo/dump
I ran across this error message and I am not sure this was your specific problem but this ended up working for me
mongorestore -d production-db \
-u myusername -p MyPassword \
--authenticationDatabase admin --host mydomain.com \
~/tmp/mongodump/local-production-db/
(be sure to check firewall sudo ufw status and net.bindIp sudo nano /etc/mongod.conf to confirm that you have access and your mongo process is listening on an external port)

how to seed data to Riak using REST API from remote host

I installed riak as per mentioned in the tutorial riak quick start.
I can upload/seed data to riak as described in REST API using curl client. The example curl commands as follows
curl -v -X PUT http://localhost:10018/riak/favs/db \
-H "Content-Type: text/html" \
-d "My new favorite DB is RIAK"
The same when I try to GET,
curl -i -X GET http://localhost:10018/riak/favs/db
HTTP/1.1 200 OK
Whereas when I try uploading/seeding data from another machine (remote machine) things do not work as expected.
curl -i -X GET http://10.0.77.81:10018/riak/stats
curl: (7) couldn't connect to host
But I could ping the host,
ping 10.0.77.81
PING 10.0.77.81 (10.0.77.81) 56(84) bytes of data.
64 bytes from 10.0.77.81: icmp_req=1 ttl=61 time=576 ms
64 bytes from 10.0.77.81: icmp_req=1 ttl=61 time=576 ms
Could connect to tomcat server,
hariharankumar#pc170233-ThinkCentre-M70e:~/softwares/riak-1.4.2/rel/riak$ curl -i -X GET http://10.0.77.81:8080
HTTP/1.1 200 OK
When connecting to riak host alone curl throws me error saying could not connect to host.
The cluster built in the Riak quick start is intended as a local development cluster and it is therefore by default set up to only accept connections from 127.0.0.1. You can change this in the app.config file for each node, which can be found in the /etc directory, and instead make it bind to e.g. 0.0.0.0.

Using psql to connect to PostgreSQL in SSL mode

I am trying to configure ssl certificate for PostgreSQL server. I have created a certificate file (server.crt) and key (server.key) in data directory and update the parameter SSL to "on" to enable secure connection.
I just want only the server to be authenticated with server certificates on the client side and don't require the authenticity of client at server side. I am using psql as a client to connect and execute the commands.
I am using PostgreSQL 8.4 and Linux. I tried with the below command to connect to server with SSL enabled
psql "postgresql://localhost:2345/postgres?sslmode=require"
but I am getting
psql: invalid connection option "postgresql://localhost:2345/postgres?sslmode"
What am doing wrong here? Is the way I am trying to connect to server with SSL mode enabled is correct? Is it fine to authenticate only server and not the client ?
psql below 9.2 does not accept this URL-like syntax for options.
The use of SSL can be driven by the sslmode=value option on the command line or the PGSSLMODE environment variable, but the default being prefer, SSL connections will be tried first automatically without specifying anything.
Example with a conninfo string (updated for psql 8.4)
psql "sslmode=require host=localhost dbname=test"
Read the manual page for more options.
psql --set=sslmode=require -h localhost -p 2345 -U thirunas \
-d postgres -f test_schema.ddl
Another Example for securely connecting to Azure's managed Postgres database:
psql --file=product_data.sql --host=hostname.postgres.database.azure.com --port=5432 \
--username=postgres#postgres-esprit --dbname=product_data \
--set=sslmode=verify-full --set=sslrootcert=/opt/ssl/BaltimoreCyberTrustRoot.crt.pem
Well, you could provide all the information with the following command in CLI, if a connection requires in SSL mode:
psql "sslmode=verify-ca sslrootcert=server-ca.pem sslcert=client-cert.pem sslkey=client-key.pem hostaddr=your_host port=5432 user=your_user dbname=your_db"
Found the following options useful to provide all the files for a self signed postgres instance
psql "host={hostname} sslmode=prefer sslrootcert={ca-cert.pem} sslcert={client-cert.pem} sslkey={client-key.pem} port={port} user={user} dbname={db}"
On psql client v12, I could not find option in psql client to activate sslmode=verify-full.
I ended up using environment variables :
PGSSLMODE=verify-full PGSSLROOTCERT=server-ca.pem psql -h your_host -U your_user -W -d your_db
psql "sslmode=require host=localhost port=2345 dbname=postgres" --username=some_user
According to the postgres psql documentation, only the connection parameters should go in the conninfo string(that's why in our example, --username is not inside that string)
psql -h <host> -p <port> -U <user> -d <db>
and update /var/lib/pgsql/10/data/pg_hba.conf to change the auth method to cert. Check the following link for more information:
https://www.postgresql.org/docs/9.1/auth-pg-hba-conf.html
Another pattern that worked with v8 is
psql -h host_name -p port -U user_name "dbname=db sslmode=require"