I am trying to integrate ubuntu docker container with FreeIPA and getting below error while installing FreeIPA-client --install
Created /etc/ipa/default.conf
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm BLABS.COM
trying https://vilma.com/ipa/json
Forwarding 'ping' to json server 'https://vilma.com/ipa/json'
Forwarding 'ca_is_enabled' to json server 'https://vilma.com/ipa/json'
Systemwide CA database updated.
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
Forwarding 'host_mod' to json server 'https://vilma/ipa/json'
SSSD enabled
SSSD service restart was unsuccessful.
Configured /etc/openldap/ldap.conf
Unable to find 'admin' user with 'getent passwd admin#vilma.com'!
Unable to reliably detect configuration. Check NSS setup manually.
NTP enabled
I tried to start sssd manually by typing sssd and getting below message
ldb: unable to open modules directory '/usr/lib/x86_64-linux-gnu/ldb/modules/ldb' - Permission denied
(Sun Oct 14 20:55:17:078716 2018) [sssd] [load_configuration] (0x0010): The confdb initialization failed
(Sun Oct 14 20:55:17:078750 2018) [sssd] [main] (0x0020): SSSD couldn't load the configuration database.
I appreciate your help
In case anyone else runs into this, the problem is that the overlayfs that docker uses causes problems with the ldb database that sssd is using.
So you need to:
move /usr/lib/x86_64-linux-gnu/ldb/modules/ldb to another path (e.g. /usr/lib/x86_64-linux-gnu/ldb/modules/ldb-orig) in your Dockerfile
then, before starting sssd in your container, you have to create an empty volume and mount it into /usr/lib/x86_64-linux-gnu/ldb/modules/ldb
then copy the original contents of /usr/lib/x86_64-linux-gnu/ldb/modules/ldb from /usr/lib/x86_64-linux-gnu/ldb/modules/ldb-orig into the new volume
then start sssd
This seems to be fixed with Linux 5.8. I think it was this fix, but I'm not sure.
I could able to manage workaround by not using sssd (--no-sssd option)
Related
Operating system: Red Hat Entreprise Linux server release 7.7
nexus version: 3.18.1-01
When renewing the SSL certificate of Nexus on the server, I first replaced the old certificate under /opt/nexus/etc/ssl with the new one.
I put a new keystore with the new certificate and the same password as before with the same name in the same place and then ran /opt/nexus/bin/nexus restart.
Before the service was running and the URL was reachable, but since then I get the following error:
Could not find or load main class
com.install4j.runtime.launcher.UnixLauncher.
And the command journalctl -u nexus gives the following error:
Failed to start nexus service.
Failed at step EXEC spawning /var/nexus/bin/nexus: Permission denied.
i tried a lot of things i found on the internet to fix this but unfortunately without success.
put the nexus user in the nexus.rc file
run_as_user="nexus"
In the beginning it was like this:
#run_as_user=""
That means, the nexus server is run with root and I tried to run it with the user nexus. Unfortunately this did not work.
I also tried the following:
changed the permission and owner for the "/opt/nexus" and "/var/nexus" folders (tested with root and nexus too).
moved the file .install4j to /opt/nexus/
at the end I wanted to test again with the old certificate and renamed the new one und the new key. I thought it was because of the new certificate.... But I still get the same error:
Could not find or load main class
com.install4j.runtime.launcher.UnixLauncher
Something is wrong since I stopped and restarted the nexus service but i don't know what exactly.
Can you help me please? I would be very grateful.
Check the ownership of the PID file:
https://help.sonatype.com/display/NXRM3/Run+as+a+Service#RunasaService-PIDFile
My operating system: ubuntu 16.04 eclipse 4.0 docker image
While doing import project -> from Git, I get the error:
ssh://... Auth Failed: invalid password or missing ssh key
I am sharing the local .ssh folder with container using -v /Users/name/.ssh:/root/.ssh:ro and can successfully import project on eclipse on host without Docker.
Any idea why this error occurs?
[Update]
I can clone from command line after login via shell in Docker container.
I thought issue could be Windows->Preferences->General->Network Connections-> SSH2 [Authentication Methods], tried selecting only public key | password and other combinations all throw same error once saved/restated eclipse. I do see keys etc populated properly in network settings - > ssh2 tabs.
First, make sure the Eclipse running inside the container do so as root.
Because an SSH URL will look for its key in ~/.ssh, and the container has its /root/.ssh filled with your shared files, not ~<auser>/.ssh.
Second, check if your SSH key is passphrase-protected (which means you would need, on your host, where SSH is working, an ssh-agent to cache the passphrase)
After install pgAdmin III from Ubuntu Software Center, I opened it and it required to add a connection to a server. So I filled in information as below:
Upon clicking on Ok Button, it showed the error message
Error connecting to the server: could not translate host name
"http://127.0.0.1" to address: Name or service not known
As message indicated, I thought the postgres service was not started. Therefore, I went on go terminal console and start service by entering sudo service postgresql start, but it returned Failed to start postgresql.service: Unit postgresql.service failed to load: No such file or directory.
. What's wrong or missing for my pgAdmin III? I'm just using Ubuntu earlier and I have never this problem on windows. Thanks.
http://127.0.0.1 is more a URL, that field is looking for a host so simply remove the http:// to leave the localhost's IP address 127.0.0.1 or type localhost if that resolves to the correct address (it should, usually, via /etc/hosts or the like)
Also, Debian/Ubuntu tend to ship the database servers separately. For Ubuntu, the postgresql package (which requires postgresql-common) package should include /lib/systemd/system/postgresql.service therefore you should be able to sudo systemctl start postgresql
Do you have postgresql (as opposed to postgresql-client) installed?
I am attempting to deploy a war file (Oracle's APEX Listener) to a GlassFish 3.1.2.2 server deployed on an RHEL server (I am also seeing the same issues on an Ubuntu server at home).
I used the following command to create the domain:
$GLASSFISH_HOME/bin/asadmin create-domain --portbase 8100 myDomain
[I am also creating multiple domains on the same GlassFish server (one GF instance with multiple domains) using values of 8200, 8300, and 8400 for the portbase value and using different domain names.]
I then start the domain using:
$GLASSFISH_HOME/bin/asadmin start-domain myDomain
Next, I attempt to deploy the APEX.WAR file using:
$GLASSFISH_HOME/bin/asadmin deploy --contextroot apex apex.war
But, I get the following error:
Remote server does not listen for requests on [localhost:4848]. Is the server up? Unable to get remote commands. Closest matching local
command(s):
help Command deploy failed.
I have also used the following commands with the same result:
$GLASSFISH_HOME/bin/asadmin deploy apex.war
$GLASSFISH_HOME/bin/asadmin deploy --target myDomain apex.war
$GLASSFISH_HOME/bin/asadmin deploy --target domain apex.war
And I get the same error each time.
I can deploy the file using the admin gui, but this is for a customer installation and I would really like to do as much as possible from the bash shell script I have created.
I am also installing the Java 1.7.0_45 JDK and modifying the $GLASSFISH_HOME/config/asenv.conf file to include AS_JAVA=
The error is actually correct because the admin port is 8148. But, how do I get GlassFish to "know" to use 8148 instead of 4848.
I have also tried this by:
$GLASSFISH_HOME/bin/asadmin create-domain --adminport 8148
--domainproperties http.ssl.port=8152
but this gets the same results as above.
Thanks for reading this tome of a post and any info on how to fix this would be greatly appreciated!
/dave
You can specify the port to which asadmin should connect as a parameter like this:
asadmin --port 4949 start-domain
If this isn't enough you can even specify the hostname with --host.
Have a look at the official documentation to see all possible parameters.
i get the same error ,you should do like this:
$GLASSFISH_HOME/bin/asadmin --port 8148 deploy apex.war
and input username and password the default user is admin and password is adminadmin
good luck for you!
I want a easy way to save, copy and edit files on a remote server. I'm using Eclipse as an IDE, what could be better for these tasks than RSE(Remote System Exlporer) plugin for Eclipse. The thing is that I dont know how to make a connection using a public key. I have file that I downloaded from my Amazon account, *.pem. But I don't see any forms or inputs for this, when I try to connect to my remote Linux server. It is just User-id and password. I also tried to open the public key using the system's text editor and copy everything to my password field, but it didn't worked. Pls help me
this was baking my noodle for a while too. you put the keys in a folder not in the RSE config but in the whole of eclipse
check this: http://siteadmin.gforge.inria.fr/eclipse-ssh.html
Not mentioned (at least in explicitly) is the fact that RSE (and for what I've seen, Eclipse in general) only seems to work with 1024 bit keys https://bugs.eclipse.org/bugs/show_bug.cgi?id=404714
I also had issues, because my privatekey was 2048, but I added a new key to authorized hosts and then I could connect.
I added my local computer's ~/.ssh/id_rsa.pub to the remote /home/ec2-user/.ssh/authorized_keys.
Then just set the user to connect in RSE to ec2-user when connecting.
Someone asked for root login. It works too: update /root/.ssh/authorized_keys, and edit /etc/ssh/sshd_config to allow root login:
#PermitRootLogin forced-commands-only
PubkeyAuthentication yes
Then reload the sshd daemon: service sshd restart