This looks like is should be a simple command run described here which shows a simple example:
./artemis user add --username guest --password guest --role admin
But it gives an error:
Found unexpected parameters: [--username, guest]
What am I missing here? I'm in the broker directory (/var/lib/broker1/bin)
What could I have wrong here?
The parameter name --username is invalid. You should use --user instead.
For what it's worth you can see the valid parameters by running the help command, e.g.:
./artemis help user add
Here's the output of that command:
NAME
artemis user add - Add a new user
SYNOPSIS
artemis user add [--entry <entry>] [--password <password>] [--plaintext]
[--role <role>] [--silent] [--user <username>] [--verbose]
OPTIONS
--entry <entry>
The appConfigurationEntry (default: activemq)
--password <password>
the password (Default: input)
--plaintext
using plaintext (Default false)
--role <role>
user's role(s), comma separated
--silent
It will disable all the inputs, and it would make a best guess for
any required input
--user <username>
The user name (Default: input)
--verbose
Adds more information on the execution
I've committed a change to fix the documentation.
Related
I'm using documentdb with the password being automatically rotated via aws secret manager. I want to script up a fast way to connect to the database via command line. Since the password changes frequently that means having a command that will load the password from aws secerts and pass it to the mongo connect string. I had come up with this hideous one liner to connect to mongo:
mongo --ssl --host *my_host*:27017 --sslCAFile rds-combined-ca-bundle.pem --username admin --password `aws secretsmanager get-secret-value --secret-id documentDB_login | jq .SecretString | jq fromjson | jq .password`
I had already run aws configure and secretmanager does return my password correctly.
I swear this worked at first, but it is now failing, saying authentication failed when it tries to connect to my mongo instance. If I echo the above ugly one liner, so that i can see the result of the aws secretmanager call, and then copy and paste the echo response into my commandline it connects correctly, so not sure why the functionally equivalent command does not.
How can I script up an easy way to connect to to documentdb via commandline? Is there a cleaner approach (preferably one that doesn't require yum install of jp) to do this?
I can not say for sure why your command was working before but does not now, but it looks like it is not stripping double quotes. Also the AWS cli can do JSON parsing for you, but unfortunately, it can not parse the nested JSON in the secret itself. For that you will still need jq. However, combining the CLI JSON parsing with jq you could simplify it a bit (though it is no shorter):
mongo --ssl --host *my_host*:27017 --sslCAFile rds-combined-ca-bundle.pem --username admin --password `aws secretsmanager get-secret-value --secret-id documentDB_login --query 'SecretString' --output text | jq -r .password`
it shows an error "we are sorry an internal error occurred" while entered username password and confirm password. How can i create initial admin user?
If you are running Keycloak in docker container then you can define admin name and password during startup:
docker run --name keycloak -p 8080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin jboss/keycloak
Otherwise, you can add the user as follows (this actually what is done in docker container behind the scenes):
/opt/jboss/keycloak/bin/add-user-keycloak.sh --user "$KEYCLOAK_USER" --password "$KEYCLOAK_PASSWORD"
The admin console is available at:
http://localhost:8080/admin
I have PostgreSQL 9.4(not installed, rather self configured) which is also installed as a Windows service. Now I am trying to check the status of the server using pg_ctl.exe status -D data_dir_path, but it only shows the status when I start the console as admin.
My final goal is to be able to shutdown/ start the database server without admin rights. Is it possible to configure PostgreSQL so that I can start/stop the servers locally without admin rights?
As far I read in the PostgreSQL documentation, the services can be registered to a user using [-U username] [-P password] arguments but I am not sure whether this is the database user or the local windows user. I tried registering the service using the following code but it does not install it. And I do not see any logs too. The commnd follows:
pg_ctl.exe register -N service_name -U database_user -P database_user_password -D data_dir_path -S auto -o "-p port"
Thanks in advance
In my Kerberos system:
run kinit test and input passwd, succeed.
generate keytab by kadmin.local -q "xst -k test.keytab test".
run kinit test and input passwd, failed:
kinit: Password incorrect while getting initial credentials
run kinit -k -t test.keytab test, succeed.
Is this normal ? If not, what are possible reasons?
Thanks.
I found that the attribute krbLastPwdChange(a timestamp value) in kerberos's database changed after I run:
kadmin.local -q "xst -k test.keytab test"
While add the option -norandkey will just create the keytab without changing password:
kadmin.local -q "xst -norandkey -k test.keytab test"
I can not find the detail document about kadmin xst.
This is by design. You cannot have both a password and a keytab in Kerberos. The reason is if both were enabled, if someone was able to pull a keytab on your behalf or was in possession of a copy of your keytab, then they could masquerade as you and you would never know it. They would be able to generate a TGT via kinit.
By pulling a keytab, the password is invalidated, so if you then tried to log in with a password, you would get an error. And even if you didn't know exactly what was going on, if you reset your password, it would invalidate the keytab.
For one simple reason:
kinit tells you that the client has not been found in the database, right? By default, when kinit is invoked with a keytab it uses the default server pricipal to obtain TGT. In your case host/<hostname>#REALM but your keytab contains a key for principal test#REALM.
I had this issue too until I have asked the MIT Kereros mailing list.
I am using tilelite to serve up maps. I need it to run at the time the server is started. I have built a script that runs the following command at startup:
/usr/local/bin/liteserv.py /home/Uname/bin/mapnik/my_osm.xml --caching --debug=False
The process is failing with:
FATAL: Ident authentication failed for user "user_name" (encountered during parsing of layer 'leisure')
According to this page:
http://wiki.openstreetmap.org/wiki/Mapnik#Authentication_failed
I ran the following command:
./generate_xml.py osm.xml my_osm.xml --accept-none --dbname gis --symbols ./symbols/ --world_boundaries ./world_boundaries/
Now I get:
RuntimeError: PSQL error:
FATAL: Ident authentication failed for user "root" (encountered during parsing of layer 'leisure')
I am really new to postgres so could someone give me some very simple insructions on how to fix this.
If you call ./generate_xml.py --help you will see the various options. One of them is --user. If you do not supply it and also pass --accept-none then no specific user will be written into the Mapnik XML, which means that when Mapnik attempts to connect to the postgres database the current user will be used. So, if you run that script as root, 'root' will be used.
So, you need to either run that script as a unix user that can connect to postgres, or you need to go back and regenerate the XML and embed the name of a user that can connect to postgres. The latter is likely easier. Here is what I would do:
Assuming your normal unix use is named 'heman' do:
$ sudo su postgres
$ createuser heman # make superuser
$ exit
$ ./generate_xml.py osm.xml --accept-none --user heman --dbname gis --symbols ./symbols/ --world_boundaries ./world_boundaries/
$ liteserv.py osm.xml --caching --debug=False
More details on postgres and how to enable "trust" so that you can connect as the "postgres" user here: http://dbsgeo.com/foss4g2010/html/troubleshooting.html#troubleshooting-postgresql-connections