I have been playing around with the sandbox and am having an issue after i enabled kerberos where services were not starting.
I found that the reason is because it is trying to kinit like so:
/usr/bin/kinit -kt /etc/security/keytabs/smokeuser.headless.keytab ambari-qa-Sandbox#HORTONWORKS.COM;
And it should be:
/usr/bin/kinit -kt /etc/security/keytabs/smokeuser.headless.keytab ambari-qa-sandbox#HORTONWORKS.COM;
(notice lowercase s in sandbox)
I have change it to lowercase in Ambari for the user "hbase-sandbox#HORTONWORKS.COM" under hbase>configs>advanced but i cannot find where to change it for ambari-qa-Sandbox which causes Zookeeper not to start.
Figured it out, you cannot change it in Ambari directly however you can change it using ./configs.sh like so:
cd /var/lib/ambari-server/resources/scripts
Details on how to use configs.sh can be found by:
./configs.sh usage
Then use something like this to change the value:
./configs.sh -u admin -p password set localhost sandbox cluster-env smokeuser_principal_name ambari-qa-sandbox#HORTONWORKS.COM
You can change this directly in the Ambari UI.
Login to the Ambari UI and click the Admin tab at the top right and select the kerberos option.
On this screen you will see the principals and other kerberos configuration for the services in the cluster and can modify them as necessary.
Related
I'm trying to use Keycloak in order to success a login configuration with Kerberos. (Which is a big failure)
I've made a mistake which is Kerberos : Required.
In other word I opened Authentication > Select Browser > Requirement : Required on Kerberos
So I can't connect anymore, I got a "Invalid username or password" when logging on "http://localhost:8080/auth"
Has someone had an issue to resolve this without deleting and reconfiguring the server?
Found something which help me a lot. I solved my problem so, i will explain how
I've used in my bin directory : kcadmin.bat (or .sh)
Opened in a CMD
Login with kcadmin
kcadm.bat config credentials --server http://localhost:8080/auth --realm master --user admin
Next, i get the ID i need to update the flow (master) :
kcadmin.bat get authentication/flows/{FLOW}/executions
Next, i put in a JSON file {"id":"ID_of_my_flow", "requirement":"ALTERNATIVE"}
Save my file and finaly just wrote
kcadmin.bat update authentication/flows/master/executions -r REALM -f myfile.json
Thanks.
I'm trying to create a user for ceph dashboard with admin role. Version is Nautilus 14.2.19 and deployed with manuel installation.
I've installed dashboard module, installed all dependencies and enabled it. My dashboard is reachable from the monitor ip and default port of 8443.
When I run te command:
ceph dashboard ac-user-create <user> <pw> administrator
I get the following error:
Please specify the file containing the password/secret with "-i" option.
After digging for information about this it says there must be a file in bcrypt format. Is there a default created file for this? Or if it's needed to create one how can I do it?
Nevermind, it seems you just need to create a text file and write your password in it.
When you run the command like this:
ceph dashboard ac-user-create <user> -i /file/location administrator
It creates the user and applies the password in an encrypted format.
Following the documentation guide, I have booted up a master and slave and I can see it connected via the logs:
Boot up master
$ domain.sh --host-config=host-master.xml
Boot up slave
$ domain.sh --host-config=host-slave.xml
I've also followed the steps to set up the admin user via the add-user.sh. Further research indicated that I should use the add-user-keycloak.sh script to add an initial admin user:
./add-user-keycloak.sh -u john
Press ctrl-d (Unix) or ctrl-z (Windows) to exit
Password:
Added 'john' to '../standalone/configuration/keycloak-add-user.json', restart server to load user
Reran the master and slave, but cannot login to admin console.
However, what's interesting is when I tried to boot up in standalone mode I was able to the admin console as john:
./standalone.sh
Is this a bug or am I missing something (most likely) that's not in the documentation?
Thanks in advance...
Figured it out, hope this helps somebody.
Before you start in domain cluster mode:
./domain --host-config=host-master.xml
./domain --host-config=host-slave.xml
you must first create the admin so you can log in to admin console using the --sc tag, otherwise add-user-keycloak.sh only adds the admin user for the standalone mode. To do that:
./add-user-keycloak.sh --sc ../domain/servers/server-one/configuration -u john -p password
if configuration folder does not exist, then create the directory.
The ./add-user-keycloak.sh script seems to be a little outdated. Currently (as of Keycloak 12.0.2 version) it creates keycloak-add-user.json file in ./domain/configuration/ directory - That is wrong!
The file should be in ./domain/servers/server-one/configuration.
Now you just have to move the file to that directory, restart the server and it should work properly.
I found this solution on this 2-year old email thread:
https://lists.jboss.org/pipermail/keycloak-user/2018-January/012642.html
We unfortunately had a developer leave without sharing our CircleCI unlock password, so I am in the process of trying to pull it out of our VM. I am wondering where the Unlock the console password is stored in CircleCI, if it is plain text or maybe if its hiding in MongoDB or some other mechanism. Thanks for the help.
Picture attached for clarity
UPDATE We are using Enterprise and I was able to surface this out of the docs
curl https://s3.amazonaws.com/circleci-enterprise/init-builder-0.2.sh | \
SERVICES_PRIVATE_IP=<private ip address of services box> \
CIRCLE_SECRET_PASSPHRASE=<passphrase entered on system console (services box port 8800) settings> \
CIRCLE_CONFIG_OPTION_1=<value> \
CIRCLE_CONFIG_OPTION_2=<value> \
bash
```
After looking at the bash script though it doesn't look like its actually DOING anything with the var? Weirdness....
Can you please try the following?
SSH into the services box and run sudo replicated auth reset. Then, visit https://<YOUR_CCIE_HOSTNAME>:8800/create-password to create a new console password. Replace <YOUR_CCIE_HOSTNAME> with the hostname CircleCI Enterprise is running on. Please let us know if it works/doesn't work.
-Ricardo
Developer Evangelist, CircleCI
I have installed & setup the Rabbitmq on Centos remote server. Later I created an file "rabbitmq.config" and added the line
[{rabbit, [{loopback_users, []}]}]
and then restarted the rabbitmq server. Again tried to login the rabbitmq management web interface from my local machine using the guest credentials, but getting
login failed
error message.What is the proper way to empty the loopback user settings for Rabbitmq in Centos.
First of all connect to your rabbitmq server machine using ssh client so as to be able to run rabbitmqctl (like puTTY) & get into the sbin directory of rabbit installation
you need to create a user for any vhost on that system (here I use default vhost "/")
$ rabbitmqctl add_user yourName yourPass
Set the permissions for that user for default vhost
$ rabbitmqctl set_permissions -p / yourName ".*" ".*" ".*"
Set the administrator tag for this user (to enable him access the management pluggin)
$ rabbitmqctl set_user_tags yourName administrator
... and you are ready to login to your rabbitmq management gui using yourName and yourPass from any browser by pointing it to http://"*********":15672 where ***** is your server IP
hope it helps...
:-)
There is an example config file, on centos do:
cp /usr/share/doc/rabbitmq-server-3.4.2/rabbitmq.config.example /etc/rabbitmq/rabbitmq.config
Find and remove comments (and comma):
{loopback_users, []}
Then, stop rabbitmq:
rabbitmqctl stop
Now start the server:
service rabbitmq-server start
Now user "guest" can access from anywhere.
Since RabbitMQ 3.3.0 there you can't use default guest/guest credentials except via localhost, (see release notes for 3.3.0 for details).
As a possible solution you can (and probably should) create custom secured user to be used for monitoring, management, etc.
Also you can use proxy setup.
P.S.:
if you enabled loopback_users check that proper config loaded (for running NODENAME), it is well-formed (has valid syntax and ended with .), management plugin activated and started and no firewall blocking rules exists.
P.P.S.:
Check that default user is guest, it exists and has default (guest) password. If you use some library to access to RabbitMQ, check that it has the same defaults as remote (guest:guest) or specify them explicitly.