Openstack - Change Admin password for the Dashboard - centos

Where can I change the Admin Password for the Dasboard in Openstack?
I installed openstack with the packstack installer...
the password in the keystonerc_admin file doesn't work, too.
I use a CentOS 6.3 (and I have access to the config files)
username: admin
password: admin/password/123/etc. don't work..

SOLVED
$ export OS_SERVICE_TOKEN=$servicetoken(/etc/keystone/keystone.conf)
$ export OS_SERVICE_ENDPOINT=$http://ipoftheserver/v2.0
then use this syntax to change the password
$ keystone user-password-update --pass <password> <user id>

openstack user password set --password <new-password> --original-password <current-admin-password>

Related

Disable ssl in Keycloak 20.0.1

I'm trying to disable https:
I started the sever using bin/kc.sh start-dev
And then I tried to disable ssl using:
root#server:/opt/keycloak#
root#server:/opt/keycloak# /opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin –-password admin
Logging into http://locahost:8080/auth as user admin of realm master
Enter password: *****
null [RESTEASY003210: Could not find resource for full path: http://localhost:8080/auth/realms/master/protocol/openid-connect/token]
root#server:/opt/keycloak#
Do you know what is the proper way to execute the command?
PS:
Working commands:
/opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080 --realm master --user admin –-password admin
/opt/keycloak/bin/kcadm.sh update realms/master -s sslRequired=NONE
If you're using Spring Boot you can configure it in application.yml
keycloak:
ssl-required: none
Since you're using Keycloak 20.0.1 you don't need /auth in server path, therefore, you need to modify command for configuring Keycloak as shown bellow:
/opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080 --realm master --user admin –-password admin
After that you should be able to disable SSL:
/opt/keycloak/bin/kcadm.sh update realms/master -s sslRequired=NONE

how to decrypt ansible vault httppassword that is set for django site

I am very new to Ansible vaults, I am a developer trying to access django site but there is a basic auth window pops up asking me to enter username and password before I can access the site, I asked the company that developed it and they suggested me to decrypt the below ansible vault for it, below are the steps I tried:
Basic auth
k8s_container_htpasswd: !vault |
$ANSIBLE_VAULT;1.1;AES256
33646232363535613765323564653861663464383261306630326161326564346533346364666539
3563323661333661363361623731366363383666643366370a393864303239303230623933326132
62393466393036393837396562646362613331336366666132626562376438643535333430663934
6537633864333962360a396564393035313564383730613465363762363866323766336163643030
65623064323137373231323639313834326661393362363033396137353539376236616434333262
64653833343463306362343637323663663463383966653866
here is what I tried:
$ ansible localhost -e '#/home/delphini/dash-123/dashboard/deploy/group_vars/staging_shared.yml' --ask-vault-pass -m debug -a 'var=k8s_container_htpasswd'
I entered the 64 characters length password and the output is below
[WARNING]: No inventory was parsed, only implicit localhost is available
localhost | SUCCESS => {
"k8s_container_htpasswd": "staging:$jun1$YRfgzEhO$c/iY6BSItTJhYhSOIaXmK."
}
so the username is: staging
password: $jun1$YRfgzEhO$c/iY6BSItTJhYhSOIaXmK.
but this username and password isn't working, am I doing something wrong? is there something else that I can try?
stack is Django, Docker, AWS EKS & ECR deployed in a private VPC.

Can't create user for ceph dashboard

I'm trying to create a user for ceph dashboard with admin role. Version is Nautilus 14.2.19 and deployed with manuel installation.
I've installed dashboard module, installed all dependencies and enabled it. My dashboard is reachable from the monitor ip and default port of 8443.
When I run te command:
ceph dashboard ac-user-create <user> <pw> administrator
I get the following error:
Please specify the file containing the password/secret with "-i" option.
After digging for information about this it says there must be a file in bcrypt format. Is there a default created file for this? Or if it's needed to create one how can I do it?
Nevermind, it seems you just need to create a text file and write your password in it.
When you run the command like this:
ceph dashboard ac-user-create <user> -i /file/location administrator
It creates the user and applies the password in an encrypted format.

Can't create initial admin user in keycloak

it shows an error "we are sorry an internal error occurred" while entered username password and confirm password. How can i create initial admin user?
If you are running Keycloak in docker container then you can define admin name and password during startup:
docker run --name keycloak -p 8080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin jboss/keycloak
Otherwise, you can add the user as follows (this actually what is done in docker container behind the scenes):
/opt/jboss/keycloak/bin/add-user-keycloak.sh --user "$KEYCLOAK_USER" --password "$KEYCLOAK_PASSWORD"
The admin console is available at:
http://localhost:8080/admin

"You need local access to create the initial admin user" error while keycloak startup in docker

While starting keycloak server on docker, I am getting this error: "You need local access to create the initial admin user". But running it locally, it's working fine.
Another thing is that if I want to use Postgres db instead of embedded H2 db then should I create tables to store user, clients and scope, etc? If yes how can I get db structure for all tables?
You can let the container create the admin user by providing the environment variables KEYCLOAK_USER and KEYCLOAK_PASSWORD:
docker run -e KEYCLOAK_USER=<USERNAME> -e KEYCLOAK_PASSWORD=<PASSWORD> jboss/keycloak
Or add the account to an existing container( Service or container restart required afterwards) with:
docker exec <CONTAINER> /opt/jboss/keycloak/bin/add-user-keycloak.sh -u <USERNAME> -p <PASSWORD>
And either restart container
docker restart <container>
Or restart the service (#Madeo's answer)
docker exec -it <container> /opt/jboss/keycloak/bin/jboss-cli.sh --connect --command=:reload
The above commands come from the Keycloak Docker image page on Docker Hub.
Regarding your database question, you don't have to provide the tables by hand.
You can refer to chapter 6 (§6.4, §6.5) of the Keycloak documentation for the details of how to configure a PostgreSQL DB.
Open container bash console
cd /keycloak/bin
bash ./add-user-keycloak.sh -u admin
Enter desired password
Restart the container
Go to following URL for login
http://dockerIP:8080/auth/admin/
For Keycloak 17, you can use lynx locally to create the admin user:
lynx localhost:8080
Then just Tab to navigate fields and press Enter on the Create button:
Keycloak
Welcome to Keycloak
[user.png] Administration Console
Please create an initial admin user to get started.
Username ____________________
Password ____________________
Password confirmation ____________________
(BUTTON) Create
[user.png] Administration Console
Centrally manage all aspects of the Keycloak server
[admin-console.png] Documentation
User Guide, Admin REST API and Javadocs
[keycloak-project.png] Keycloak Project
[mail.png] Mailing List
[bug.png] Report an issue
JBoss and JBoss Community
None of the tips above worked. Finally I use Environment Variables:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
The full code of the docker-compose.yml:
version: '3'
volumes:
postgres_data:
driver: local
services:
postgres:
image: postgres
volumes:
- postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
keycloak:
image: quay.io/keycloak/keycloak:17.0.1
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres
DB_DATABASE: keycloak
DB_USER: keycloak
DB_SCHEMA: public
DB_PASSWORD: password
KEYCLOAK_USER: admin
KEYCLOAK_PASSWORD: admin
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
entrypoint: ["/opt/keycloak/bin/kc.sh", "start-dev"]
ports:
- 8080:8080
depends_on:
- postgres
The answer with docker is incomplete and it won't work
If you add the user via docker container you must restart jboss server
docker exec -it keycloak-container /opt/jboss/keycloak/bin/add-user-keycloak.sh -u admin -p admin
and then:
docker exec -it keycloak-container /opt/jboss/keycloak/bin/jboss-cli.sh --connect --command=:reload
This worked for me:
cd /opt/keycloak/bin
sudo ./add-user-keycloak.sh -u admin -p yourpass
Open 'keycloak.conf' file from Keycloak folder (in my case keycloak-18.0.0/conf)
db-username=postgres
db-password=password
db-url=jdbc:postgresql://yourhostname:5432/keycloak-db-name
If you start keycloak service, postgres DB will be created automatically
Using the Operator https://www.keycloak.org/guides#operator, I had the same issue.
The username and password provided by this step
kubectl get secret example-kc-initial-admin -o jsonpath='{.data.username}' | base64 --decode
kubectl get secret example-kc-initial-admin -o jsonpath='{.data.password}' | base64 --decode
https://www.keycloak.org/operator/basic-deployment#_accessing_the_keycloak_deployment
did not work.
What apparently solved it for me was deleting all Keycloak CRs, deployments, services, etc. and starting the tutorial from the beginning. Then, I omitted this optional step:
We suggest you to first store the Database credentials in a separate Secret, you can do it for example by running:
kubectl create secret generic keycloak-db-secret \
--from-literal=username=[your_database_username] \
--from-literal=password=[your_database_password]
(with made up Postgres username and password filling in the brackets)
I am not sure how the Database secret relates to the Admin User secret, but now the username and password in example-kc-initial-admin work. Perhaps Postgres was inaccessible to Keycloak. This was not indicated in the Keycloak logs.
I don't believe starting fresh was the solution, because I already tried that. Omitting keycloak-db-secret seems to have been important. I will need to fully understand where the DB secret is set, now; it may be insecure.