iam following the keycloak.org doc to backup my keycloak Data:
https://www.keycloak.org/docs/latest/server_admin/index.html#_export_import
bin/standalone.sh -Dkeycloak.migration.action=export Dkeycloak.migration.provider=dir -Dkeycloak.migration.dir=/opt/keycloak/backup
My problem is, that this works only when the keycloak service is stopped. How can i export this data while my keycloak is running? On Production i cant stop my server.
Any ideas?
I found not really helpful information about this ...
Related
This is driving me crazy, been trying to get this to work for 3 days now: I'm trying to connect a kubernetes deployment to my Cloud SQL database in GCP.
Here's what I've done so far:
Set up the cloud SQL proxy to work as a sidecar in my deployment
Created a GKE service account and attached it to my deployment
Bound the GKE service account to my GCP service account
Edited to the service account (to what I can tell) is owner permission
Yet what I run the deployment in GKE I still get:
the default Compute Engine service account is not configured with sufficient permissions to access the Cloud SQL API from this VM. Please create a new VM with Cloud SQL access (scope) enabled under "Identity and API access". Alternatively, create a new "service account key" and specify it using the -credential_file parameter
How can I fix this? I can't find any documentation on how to set up the service account to have the correct permissions with Cloud SQL or how to debug this issue. Every single tutorial I can find ends with "bind your service account" and then stops. Nothing that describes what permissions are needed, and nothing about how to actually connect to the DB from my code (how would my code talk to the proxy?).
Please help
FINALLY got it to work!
Two major pieces that the main article on this (cloud.google.com/sql/docs/mysql/connect-kubernetes-engine) glosses over:
Properly setting up workload identity, for which I found these links to be very helpful:
a) https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity
b) https://www.youtube.com/watch?v=l-nws1e4B8M
To connect to the DB you have to have your code use the DB host 127.0.0.1
I am trying to login to Rundeck community (4.5.0) that I installed on a AWS ECS cluster behind an Application Load Balancer. The health checks on target groups are good/healthy and I can reach the landing page of Rundeck too.
Once I enter default admin credentials, the page keeps loading for more an hour and times out eventually. There are no error logs in Cloudwatch as well. Same image works locally but not on AWS setup.
Any ideas or suggestions on how to solve this is welcome.
You need to set RUNDECK_SERVER_FORWARDED=true env var in your deployment. Take a look at this.
I’ve spent several hours scouring forums about how I can avoid the dreaded Your token is invalid. It might have expired or you might be using a token from a different project., but to no avail.
My setup:
Using prisma generate to make a Prisma client and connect it with
graphql-yoga Prisma service running on Heroku
Prisma service is pointed to an Amazon RDS instance
This setup works when I’m not using the secret property in my prisma.yml. However, when I add something like secret: mysecret and prisma deploy the service, then use something like prisma playground to play with the service, I get the above error. This also happens when I manually generate a token using prisma token and use it in an HTTP Authorization header.
What am I missing to make this work?
Make sure that you add the secret to your environment variables. E.g. via a .env file:
PRISMA_SECRET="mysecret"
When running prisma cli commands make sure to first set the environment variables. E.g. via something like dotenv:
dotenv -- prisma admin
For more information check out: https://www.prisma.io/docs/prisma-server/authentication-and-security-kke4/#prisma-services
I'm trying to setup Rancher to use Keycloak as an authentication provider and following the setups laid out here. The last step says to export the metadata in the SAML Metadata IDPSSODescriptor format but I only see SAML Metadata SPSSODescriptor as an option. I've tried using that but authentication isn't working - it opens another window with the same Keycloak setup page when clicking the Authenticate with Keycloak button to validate the setup. There are no errors in the Docker logs for either the Rancher or Keycloak containers when running docker logs CONTAINER command.
I'm wondering if I need to do something specific to setup Keycloak as an IDP to get the correct metadata option but I can't find anything in their documentation.
For Keycloak 6.0 and up, along with the location of the IDPSSODescriptor even its format has changed. This doc explains how that can be edited to be used by Rancher
From the Installation tab, choose the SAML Metadata IDPSSODescriptor format option and download your file.
Or you can directly visit Keycloak URL with IDPSSODescriptor metadata:
https://<keycloak-domain>/auth/realms/<realm>/protocol/saml/descriptor
I created a Node-Red flow on Bluemix, did some development and it was working ok for a few weeks. Suddenly the server won't start and logs "[Error: No cloudant service found]". The cloudant db credentials in VCAP look ok to me. How can I look at other files which are used by the Node server to setup and run? I don't see any way to access them in Bluemix or via cf.
Node-RED looks for a cloudant instance with the name <your-app-name>.cloudantNoSQLDB as that is what the boilerplate/quick-start deploy processes uses when deploying your instance.
One explanation for it not finding the bound cloundant instance is if you have renamed your app.
The specific code deployed is available: https://github.com/node-red/node-red-bluemix-starter
The expected name of the cloudant instance is generated here: https://github.com/node-red/node-red-bluemix-starter/blob/25f216a61fba182c4f8d2594124e2e4bbbebc3a6/bluemix-settings.js#L80