I have install rabbitmq 3.6.10 on centos7. When I want to do something with rabbitmqctl ,it ask me the password. I have tried su password or the guest which as raddbitmq default password,but it appeard su: Cannot make/remove an entry for the specified session .Is there anyway to fix it?
rabbitmqctl has not a password, it asks the sudo password.
The problem: Cannot make/remove an entry for the specified session is not related to RabbitMQ but you have another kind of the problem.
There are several posts, check for example this:
https://unix.stackexchange.com/questions/152098/what-does-cannot-make-remove-an-entry-for-the-specified-session-mean
The rabbitmq user account created by the RabbitMQ package doesn't have a password.
You need to run rabbitmqctl and rabbitmq-plugins as root. rabbitmqctl wants to switch to the rabbitmq user for most operations, using su(1). Running it as root won't ask for any password.
Related
everyone.
I hope that someone can help to answer my question.
I am joining a project in which I have to use various docker containers. I was told that I just needed to use docker-compose to pull down all the necessary containers. I tried this, and got two different errors, based on whether I used sudo or not. My machine is Ubuntu bionic beaver 18.04.4LTS
I have docker-engine installed according to the installation instructions for Bionic on the github page, and docker-compose is likewise installed according to its instructions. I did not create a "docker" group since I have sudo access.
We have two repos that I have to log in to before I can do anything. In order to prevent my passwords from being stored unencrypted in config.json, I followed this guide to set up a secure credential store:
https://www.techrepublic.com/article/how-to-setup-secure-credential-storage-for-docker/
However, rather than asking me for the password and/or passphrase mentioned in this article, the login process makes me enter the actual passwords to the repos. So, the secure credential store may not be working, which might be causing the problem.
At any rate, once I log in and the two commands show login succeeded, I then try to do a
docker-compose pull
on the repos. When I do
sudo docker-compose pull
I get this final error:
docker.errors.DockerException: Credentials store error: StoreError('Credentials store docker-credential-pass exited with "exit status 2: gpg: WARNING: unsafe ownership on homedir '/home/myuser/.gnupg'\ngpg: decryption failed: No secret key".')
an ls of the .gnupg directory is
myuser#myhost$ ls -lA ~ | grep gnupg
drwx------ 4 myuser myuser 226 Feb 9 13:35 .gnupg
gpg --list-secret-keys shows my keypair when I run it as myuser.
I am assuming that what is happening is that because I am running as sudo the user trying to access this directory is root, not myuser, and so it is failing. However, if I leave off the sudo
docker-compose pull
docker.errors.DockerException: Error while fetching server API version: ('Connection aborted.', PermissionError(13, 'Permission denied'))
I am guessing that this is because my normal user doesn't have the ability to connect to the docker daemon's Unix socket.
So, how do I make these play together? Is the answer to add a docker group so that the command still runs as myuser and not as root? or is there another way to do this?
Also, why is my credential store not asking me for the password set by docker-credential-pass or the GPG passphrase? I suspect these two are related. Perhaps the pull is trying to send my authentication tokens over again and can't because it doesn't have access to the secure credentials store.
All of the above are guesses. Does anyone know what is going on here?
Thanking you in advance,
Brad
I just wanted to follow up with a solution to this question that worked for me.
Firstly, you need to add your user to the docker group that was created during docker-engine's installation.
sudo usermod --append --groups docker your_user_name
Because I had already used sudo to try this, there were a few files that ended up being created by root.
So, you have to chown a few things.
sudo chown your_user_name:your_group_name ~/.docker/config.json
Note that for the group name I used
docker
but I'm not sure if that's necessary.
Then, there were files inside the ~/.password-store directory that needed to be changed.
sudo chown -R your_user_name:your_group_name ~/.password-store
Most of these files are already owned by you, but the recorded credentials are not.
Then, the magic that fixed it all. From
https://ask.csdn.net/questions/5153956
you have to do this.
export GPG_TTY=$(tty)
and it is this last that makes gpg work.
Then, you can log in to your repos if you have to without using sudo
docker login -u repo_user_name your_repo_host
and then log in with your repo password.
Note that I don't know why you have to use the repo password instead of using the stored credentials.
Once you log in, you should be able to do a
docker-compose pull
without sudo
from the directory where you want the containers to be placed.
Note that you will probably have to provide your GPG passphrase at first. I'm not sure about this because I had already unlocked the key by following the steps in the above link to check to see if docker-credential-pass had the right credential store password stored.
and that should do it.
Following the documentation guide, I have booted up a master and slave and I can see it connected via the logs:
Boot up master
$ domain.sh --host-config=host-master.xml
Boot up slave
$ domain.sh --host-config=host-slave.xml
I've also followed the steps to set up the admin user via the add-user.sh. Further research indicated that I should use the add-user-keycloak.sh script to add an initial admin user:
./add-user-keycloak.sh -u john
Press ctrl-d (Unix) or ctrl-z (Windows) to exit
Password:
Added 'john' to '../standalone/configuration/keycloak-add-user.json', restart server to load user
Reran the master and slave, but cannot login to admin console.
However, what's interesting is when I tried to boot up in standalone mode I was able to the admin console as john:
./standalone.sh
Is this a bug or am I missing something (most likely) that's not in the documentation?
Thanks in advance...
Figured it out, hope this helps somebody.
Before you start in domain cluster mode:
./domain --host-config=host-master.xml
./domain --host-config=host-slave.xml
you must first create the admin so you can log in to admin console using the --sc tag, otherwise add-user-keycloak.sh only adds the admin user for the standalone mode. To do that:
./add-user-keycloak.sh --sc ../domain/servers/server-one/configuration -u john -p password
if configuration folder does not exist, then create the directory.
The ./add-user-keycloak.sh script seems to be a little outdated. Currently (as of Keycloak 12.0.2 version) it creates keycloak-add-user.json file in ./domain/configuration/ directory - That is wrong!
The file should be in ./domain/servers/server-one/configuration.
Now you just have to move the file to that directory, restart the server and it should work properly.
I found this solution on this 2-year old email thread:
https://lists.jboss.org/pipermail/keycloak-user/2018-January/012642.html
We use Mattermost using the 'Production Docker' setup as described in Mattermost documentation. For authentication, we federate using GitHub:Enterprise.
To setup our Mattermost team, I imported the whole Slack history. This lead to the problem that everyone who did not yet log into Mattermost via GitHub:Enterprise was not able to login. Mattermost helpfully returned the error message
"An existing user is already attached to your gitlab account"
How can I fix this issue without having to setup a new Mattermost instance and force everyone to login once before importing the Slack data?
Prerequisites
In order for this to work, you need
GitHub:Enterprise Administrator permissions
On the Mattermost machine, either root permissions or an account that is allowed to control docker, and, if psql is not installed, a way to install the psql command-line tool.
Steps
ssh into the Mattermost vm/machine (where the mattermost docker containers are running).
Change to an account with docker permissions (root; or the account you setup during Mattermost installation; or ... )
Use docker ps and note the hash of the container mattermostdocker_db. We will assume it starts with 5c23.
Run docker inspect 5c23 | grep IPAddress. Note the IP address of the container. We will assume it is 172.17.0.2.
Ensure that the psql commandline tool is installed on the machine where mattermost/docker is running.
On debian: apt-get install postgresql-client
Connect to the mattermost db of postgresql running inside the docker container:
psql -h 172.17.0.2 -p 5432 -d mattermost -U postgres -W
The (default?) password seems to be postgres.
Verify that a user account with the correct email exists. Assume the email of the account that has the problem is 'john#example.com`
mattermost-# select email, authdata from users where email = 'john#example.com';
Connect to GitHub:Enterprise and open the admin console. We will assume the local github enterprise instance is at https://github.example.com.
Click on the rocket symbol, or
https://github.example.com/stafftools
Click on all users and find the user that cannot login. We assume the github username is john, which would correspond to https://github.example.com/john
Visit the stafftools user security page for that user.
https://github.example.com/stafftools/users/john/security
Click on the 'Search logs' link under the 'Audit logs' header. This will open a page with a query field. On this page, you will find the internal github user number for that user. Note this number. We will assume the number is 37.
Back in the psql console, update the user entry with the correct number:
update users set authservice = 'gitlab', authdata = '37' where email = 'john#example.com' ;
Exit the psql console with \q:
mattermost-# \q
Done. The user can now log into Mattermost with GitHub:Enterprise user authentication.
Notes
Don't forget to complete each statement in psql with a ;
It's gitlab, not github, even if you use GitHub:Enterprise
Tested with Mattermost 3.0, GitHub:Enterprise 2.6.2
I have installed & setup the Rabbitmq on Centos remote server. Later I created an file "rabbitmq.config" and added the line
[{rabbit, [{loopback_users, []}]}]
and then restarted the rabbitmq server. Again tried to login the rabbitmq management web interface from my local machine using the guest credentials, but getting
login failed
error message.What is the proper way to empty the loopback user settings for Rabbitmq in Centos.
First of all connect to your rabbitmq server machine using ssh client so as to be able to run rabbitmqctl (like puTTY) & get into the sbin directory of rabbit installation
you need to create a user for any vhost on that system (here I use default vhost "/")
$ rabbitmqctl add_user yourName yourPass
Set the permissions for that user for default vhost
$ rabbitmqctl set_permissions -p / yourName ".*" ".*" ".*"
Set the administrator tag for this user (to enable him access the management pluggin)
$ rabbitmqctl set_user_tags yourName administrator
... and you are ready to login to your rabbitmq management gui using yourName and yourPass from any browser by pointing it to http://"*********":15672 where ***** is your server IP
hope it helps...
:-)
There is an example config file, on centos do:
cp /usr/share/doc/rabbitmq-server-3.4.2/rabbitmq.config.example /etc/rabbitmq/rabbitmq.config
Find and remove comments (and comma):
{loopback_users, []}
Then, stop rabbitmq:
rabbitmqctl stop
Now start the server:
service rabbitmq-server start
Now user "guest" can access from anywhere.
Since RabbitMQ 3.3.0 there you can't use default guest/guest credentials except via localhost, (see release notes for 3.3.0 for details).
As a possible solution you can (and probably should) create custom secured user to be used for monitoring, management, etc.
Also you can use proxy setup.
P.S.:
if you enabled loopback_users check that proper config loaded (for running NODENAME), it is well-formed (has valid syntax and ended with .), management plugin activated and started and no firewall blocking rules exists.
P.P.S.:
Check that default user is guest, it exists and has default (guest) password. If you use some library to access to RabbitMQ, check that it has the same defaults as remote (guest:guest) or specify them explicitly.
I have a capistrano deployment recipe I've been using for some time to deploy my web app and then restart apache/nginx using the sudo command. Recently cap deploy is hanging when I try to execute these sudo commands. I see the output:
"[sudo] password for "
With my server name and the remote login, but this is not a secure login prompt. The cap shell is just hanging waiting for more output and does not allow me to type my password in to complete the remote sudo command.
Is there a way to fix this or a decent work around? I did not want to remove the sudo password prompt of my remote user for web restart commands.
This seems to happen when connecting to CentOS machines as well. Add the following line in your capistrano deploy file:
default_run_options[:pty] = true
Also make sure to use the sudo helper instead of executing sudo in your run commands directly. For example:
# not
run "sudo chown root:root /etc/my.cnf"
# but
sudo "chown root:root /etc/my.cnf"
The other advice may be sound, but I found that once I updated to Capistrano 2.5.3 the problem went away. I have to make sure I stop running the default versions of tools that came with my O/S.
# prevent sudo prompting for password
set :sudo_prompt, ""