Recently, I started seeing an issue when trying to setup secure gateway within API Connect on IBM Cloud, I previously had it working but looks like they changed this wizard interface and its broken since then
here is what I did to recreate the issue:
Setup new APIC instance on IBM Cloud
API connect Manager UI > Admin > Secure Gateways > Add (name & save)
once created, in Secure Gateway Clients section, click on +Set Up
I see no ID or Token generated
no matter what type of client I choose (DataPower, Docker or Installer)
Anyone facing the same issue?
Empty ID and Token when trying to setup Secure Gateway Client
turned out that creating SecureGateway from within the APIC is deprecated feature anyway.
you will need to create standalone SecureGateway resource on Bluemix and call it from your API assembly.
here is the instructions
https://www.ibm.com/support/knowledgecenter/en/SSFS6T/com.ibm.apic.apionprem.doc/task_api_secure_gateway.html
Related
I am trying to install Kubeflow on Google Cloud Platform (GCP) and Kubernetes Engine (GKE), following the GCP deployment guide.
I created a GCP project of which I am the owner, I enabled billing, set up OAuth credentials and enabled the following APIs:
Compute Engine API
Kubernetes Engine API
Identity and Access Management (IAM) API
Deployment Manager API
Cloud Resource Manager API
Cloud Filestore API
AI Platform Training & Prediction API
However, when I want to deploy Kubeflow using the UI, I get the following error:
So I doublechecked and those APIs are already enabled:
The log messages at the bottom of the screen are:
2020-03-0614:14:04.629: Getting enabled services for project <projectname>..
2020-03-0614:14:16.909: Could not configure communication with GCP, exiting
The Could not configure communication with GCP, exiting is triggered when _enableGcpServices() fails.
The line Getting enabled services for project ... is printed but not the line Proceeding with project number: ..., so the error must be triggered somewhere in the block of code between those lines.
The call to Gapi.cloudresourcemanager.getProjectNumber(project) has its own try/catch with a slightly different error message and title (only talks about the cloud resource manager API, not the IAM API), so I assume it is the call to Gapi.getSignedInEmail() that fails??
I'd suggest having a look at the service management API, IAM service credentials API and cloud identity aware proxy API possibly. I've only used the CLI install tool previously and not run into these problems, but you might require these services for the IAP deployment?
I faced the same issue and was able to solve by correcting the project id.
Make sure that the project id on the UI form is specified correctly as it is on the GCP project - and that it does not have any leading or trailing spaces if you copy pasted from the GCP project details like I did.
I had the same issue. I was using in trial. Seems they allow a limited project to use billing account at same time. So I shut down unused ones . Went to Billing-->my projects. Disabled unused with 3 dots. Then tried to enable the billing account for current project. It worked.
Trying to make use of the Server to Server OAuth flow defined here:
https://developers.google.com/identity/protocols/OAuth2ServiceAccount
Since I'm running from a local dev environment, I've created a service account in GCP and downloaded the JSON file with the private key, but cannot find any Node.js code examples on how to:
1) load the json file
2) set delegated credentials (for G Suite domain-wide authorization)
Places I've looked (besides stackoverflow) are Google's git wiki for the node.js client library, which does talk about server to server auth, but seems to assume you're running from appengine or google cloud and don't need to load a key file:
https://github.com/googleapis/google-api-nodejs-client#service-to-service-authentication
The Admin SDK Activities Reports API has a Node example, but it's using the web-based flow assuming a user is present:
https://developers.google.com/admin-sdk/reports/v1/quickstart/nodejs
Buried deep in the Node.js samples is use of the Directory API, which does seem to take a keyfile as input, but when I try running locally it says getClient is not a constructor, and still this example doesn't show how to set the G Suite admin user for context (which is generally when a refresh token and access token are loaded into the app):
https://github.com/googleapis/google-api-nodejs-client/blob/master/samples/directory_v1/group-delete.js
So... does anybody have an example of this? I really don't want to switch to a Python runtime but Google seems to have left out important examples on this topic.
I use this tutorial to deploy a business network on a free bluemix cluster: https://ibm-blockchain.github.io/
I also deploy the REST Server and communicate via Web apps.
All went fine till yesterday. The REST Server was not accessible anymore.
I deleted everything on the cluster using the script delete_all available in the ibm-container-service repository.
I followed the install procedure using the create_all script. I could access the composer playground (port 31080) again but was not really able to deploy an online business network using the "profile" hlfv1. Now it asks at the bottom of the "deploy UI" for credentials.
I don't know what to fill in. I tried to use ID+Password. On this way I was able to deploy but I got access error by clicking on "connect now". I was able to start the REST server then but if i try to access it in the browser (port 31090), I get the feedback that I'm not authorized.
Any ideas?
And do you know which changes have been made in the last month, which could bring these troubles?
Thx
Phil
The tutorial pointed to only covers playground when used with a Web Browser connection not a real fabric. When you deploy to a real fabric you have to provide an initial identity that you want bound to an initial participant in the business network. The initial participant will be of type org.hyperledger.composer.system.NetworkAdmin and given a name of the initial identity name you provide.
This dialog looks like this
To get you started you should select the ID and Secret radio button. Then for Enrollment ID enter admin and for the Enrollment Secret enter adminpw.
This is the name and secret of the bootstrap identity that exists in the fabric-ca server that has been deployed as part of the scripts.
By providing this information that identity will be enrolled and it's public certificate will be bound to a NetworkAdmin participant which will be called admin. This identity admin will then have access to the business network as only identities that are bound to a participant in the business network can have any sort of access.
I'm having trouble connecting to the Bluemix Object Store using the instructions presented by this link: https://knowledgelayer.softlayer.com/procedure/connect-object-storage-using-sftp
It's unclear to me what the username and account ID are so I would appreciate it if someone can clarify
The instructions are valid
Where I can find the values for SLOS/IBMOS etc?
I do not have access to the Softlayer customer portal as this service as created in Bluemix.
I can confirm that an sftp server is listening at the appropriate region endpoint.
Brien, it is not possible to use SFTP to access the Bluemix Object Storage if you create it from the Services catalog area of the Bluemix UI:
https://console.ng.bluemix.net/catalog/services/object-storage
This one can be accessed via swift cli or REST API.
To use SFTP to access your Object Storage you need to create it from the Infrastructure are of the Bluemix UI - that is the legacy Softayer that is now integrated with Bluemix.
https://console.ng.bluemix.net/catalog/infrastructure/object_storage/
Also, to create the Object Storage from the Infrastructure catalog you need to first link your Bluemix and Softlayer accounts:
https://console.ng.bluemix.net/docs/admin/softlayerlink.html
According to the documentation it only seems possible to authenticate against the windows azure service management API by attaching a certificate to each request which I previously have uploaded to the management portal.
The new management API has been built using the service management API, but it uses windows live authentication. Is it possible to use windows live to get the windows azure subscription ID and the certificate, so I can use the same authentication mechanism the management portal uses?
What makes you think that the Service Management API uses Live ID for authentication? It is just the portal that uses Live ID for authentication.
If you dig a bit you will notice that all the service requests from the management portal are made against https://manage.windowsazure.com/Service while The Base URI for management service is: https://management.core.windows.net
So, No, you can't authenticate against the Management API with Live ID. Moreover, it is the Management API is not new. The portal is New. The management API has been there for a while and is updated from time to time to reflect new services that are coming.
UPDATE AFTER THE 2 COMMENTS
Following Gaurav's explanation I will just add a simple architecture diagram (super simplified and totally my thought, but this is how would I build it in very minimalistic way):
[User's browser (portal)] ==> Sends XmlHttpRequest (AJAX) to ==> [Portal Service]
then
[Portal service backend] ==> signs request with predefined certificate and sends request to ==> [management.core.windows.net/subscription-id/whatever/service/command]
This actually is a very common practice to provide UI to a (web) service.
This way both conditions are implemented:
You use Live ID to authenticate with the portal
The Windows Azure Service Management API are yet, still and only protected by a Certificate.