I'm using registry release 3.2.4 on Windows environnement (dev).
I want to change the default admin password.
According the documentation I just need to define security.user.password on my application-*.yml file.
So my central-config/application-dev.yml become
jhipster:
security:
authentication:
jwt:
secret: my-secret-token-to-change-in-production
registry:
password: admin123
I start my registry java -jar jhipster-registry/jhipster-registry-3.2.4.war --spring.profiles.active=swagger,dev,native (the parameter --spring.profiles.activeis set here just to be sure my config file is correctly load).
I try to connect on http://127.0.0.1:8761/#/ with admin user...but my new password doesn't work (just the default "admin" password still work).
When the registry launch, i've got these warnings
WARN 1152 --- [ main] c.n.c.sources.URLConfigurationSource : No URLs will be polled as dynamic configuration sources.
WARN 1152 --- [ main] o.s.j.e.a.AnnotationMBeanExporter : Bean with key 'zuulEndpoint' has been registered as an MBean but has no exposed attributes or operations
And when i try to connect, this warning
WARN 1152 --- [ XNIO-2 task-1] o.s.c.n.zuul.web.ZuulHandlerMapping : No routes found from RouteLocator
When i look the config load on my application, it's look all right
My cloud configuration
I try to add -e JHIPSTER_SECURITY_AUTHENTICATION_JWT_SECRET=my-secret-token-to-change-in-production and -e SECURITY_USER_PASSWORD=admin123 when i launch my registry, but still don't work.
Any ideas?
Thanks
Password has to be set in 2 places; in the application.yml of the registry and in the registry clients (the services and gateways) in their own bootstrap.yml because properties in central-config are read only once the app has been able to connect to the registry.
You can also set it in an environment variable SECURITY_USER_PASSWORD and use placeholders in those files to avoid exposing it in your git repo while managing it in a single place.
I just had to cope with the same issue with JHipster Registry 4.1.1. As the documentation and the command line option stated to use spring.security.user.password property I've updated my application.yml as follow
jhipster:
security:
authentication:
jwt:
secret: my-secret-token-to-change-in-production
spring:
security:
user:
password: admin1234
It works as expected for me.
Related
I'm newguy in Openshift, and trying to install fluent-bit to collect logs from applications.
I've installed fluent-bit via this helm using this documentation.
daemonSet starts and looks good but in logs of fluent-bit I see
[2022/08/24 15:33:56] [ warn] [input:tail:tail.0] error scanning path: /var/log/containers/*.log
[2022/08/24 15:34:56] [error] [input:tail:tail.0] read error, check permissions: /var/log/containers/*.log
Not sure where I've mistaken in configuration or what additional steps I need.
I've tried to play with SCC and set diffirent values in fsGroup, runAs, SELinux and even tried to add sa default to priveleged SCC. Nothing did help.
OpenShift version: 4.10.15
Fluent-bit version: 1.9.7
If you uses the AWS console or even the command line, you won't get any issue in setting a default keypair to your Elasticbeanstalk environment.
But you do if using boto3.
Surprisingly, there's no any single mention about setting a keypair in the official boto3 documentation for elasticbeanstalk: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/elasticbeanstalk.html.
Tried also to create a zip file containing the most basic files to make a simple website works. And supposedly, I can set a keypair name in the .elasticbeanstalk/config.yml". I did in this way:
branch-defaults:
default:
environment: app10-env
group_suffix: null
global:
application_name: app10
branch: null
default_ec2_keyname: main4
default_platform: PHP 7.4 running on 64bit Amazon Linux 2
default_region: us-east-1
include_git_submodules: true
instance_profile: null
platform_name: null
platform_version: null
profile: null
repository: null
sc: null
workspace_type: null
Yes, the "main4" exists in my AWS account. But creating an environment to my application with a zip containing it, it seems that it have no effect at all. After my environment has sucessfully deployed, I can check afterwards through console and see that have no keypair setted to environment. I need to go to a further step on console to set the keypair and await a new environment deployiment to perform the update.
Is there a real issue with the boto3 elasticbeanstalk when dealing with environment keypairs or I am doing something wrong?
I would set the OptionSettings when calling create_environment or include the keyname in the .ebextensions. Boto3 is not reading the EB CLI default config you are using i guess.
Refs
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/elasticbeanstalk.html#ElasticBeanstalk.Client.create_environment
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environment-configuration-methods-before.html
Option to set
Namespace: aws:autoscaling:launchconfiguration
Option Names: IamInstanceProfile, EC2KeyName, InstanceType
The response of #f7o is not accurate, but helped to solve the problem.
There's no option for setting an keypair using "create_environment" command from boto3 client. Tried to use a "EC2KeyName", but it returned an exception of invalid value.
But using the "ebextensions" do the work. If someone else are interested in do the same task that I am, so everything that is needed to do is create a folder called ".ebextensions" with a file called "customkey.config" (the file name can be anything, but must be suffixed with .config), and with the following content:
option_settings:
- namespace: aws:autoscaling:launchconfiguration
option_name: EC2KeyName
value: <your_keypair_name>
I am currently trying to run jhipster-registry in dev profile to serve the configurations to a jhipster microservice application.
I've followed this official jhipster registry doc and:
have built it from sources, and launched it as follow:
./jhipster-registry-3.0.0.war --spring.profiles.active=dev
And as the doc states, i have put the central-config directory containing <mymicrosericeappname>-dev.yml alongside the jhipster-registry generated war file.
When i launch jhipster-registry, everything is ok,
but when i run my microservice application, it connects to the registry (i can see it in the jhipster-registry dashboard), but i realize that it is reading the application-dev.yml file located at src/main/resources/config/ inside the microservice app.
I dont know if i misplaced the central-config folder...
That said, i really need to know what's wrong.
Thanks
The config directory is specified in bootstrap.yml in search-locations property.
spring:
cloud:
config:
server:
native:
search-locations: file:./central-config
Rather than specifying a relative path (relative to where you launched the regsitry from), you may want to specify an absolute path:
search-locations: file:/home/something/central-config
Also rather than using dev profile, you can use prod with native :
./jhipster-registry-3.0.0.war --spring.profiles.active=prod,native
Thanks to #GaelMarziou, his answer helped me found why the central-config was not being rode.
In fact the Spring Cloud Config bootstrap configuration for the "dev" profile bootstrap.yml file gives this:
cloud:
config:
server:
git:
uri: https://github.com/jhipster/jhipster-registry-sample-config
native:
search-locations: file:./central-config
So each time i ran jhipster-registry, it was pointing the git repo and not the central-config directory.
To get it work, i had to launch the registry in dev,native profile :
./jhipster-registry-3.0.0.war --spring.profiles.active=dev,native
Nevertheless the documentation states this:
Using the dev profile will run the JHipster Registry with the dev and the native profiles.
Which is not really true... considering my struggling.
I'm deploying a Django based project on AWS Elastic Beanstalk.
I have been following the Amazon example, where I add my credentials (ACCESS_KEY/SECRET) to my app.config under the .ebextentions directory.
The same config file has:
container_commands:
01_syncdb:
command: "django-admin.py migrate --noinput"
leader_only: true
02_collectstatic:
command: "django-admin.py collectstatic --noinput"
leader_only: true
Problem is that this is forcing me to store my credentials under Version Control, and I will like to avoid that.
I tried to remove the credentials and then add them with eb setenv, but the problem is that the two django commands require the these settings to be set on the environment.
I'm using the v3 cli:
eb create -db -c foo bar --profile foobar
where foobar is the name of the profile under ~/.aws/credentials, and where I want to keep my secret credentials.
What is the best security practices for the AWS credentials using EB?
One solution is to keep the AWS credentials, but create a policy that ONLY allows them to POST objects on the one bucket used for /static.
I ended up removing the collecstatic step from the config file, and simply take care of uploading statics on the build side.
After that, all credentials can be removed and all other boto commands will grab the credentials from the security role on the EC2 instance.
I am trying jhipster and ran into the following error while starting the application which is configured to use mysql as the backend:
Your database connection pool configuration is incorrect! The applicationcannot start. Please check your Spring profile, current profiles are: [dev]
I have the database created and mysql is up and running at the right ports
From troubleshooting this in my IDE, it appears that the datasource properties are null while trying to configure liquibase.
My application-dev.yml
server:
port: 8080
spring:
profiles: dev
datasource:
dataSourceClassName: com.mysql.jdbc.jdbc2.optional.MysqlDataSource
url: jdbc:mysql://localhost:3306/test
databaseName:test
serverName:localhost
username: admin
password: xxxxx
cachePrepStmts: true
prepStmtCacheSize: 250
prepStmtCacheSqlLimit: 2048
useServerPrepStmts: true
jpa:
database-platform: org.hibernate.dialect.MySQLInnoDBDialect
database: MYSQL
openInView: false
show_sql: true
Any thoughts on what should I try next to get past this erorr?
I don't think you should write the database name in the url AND in the databaseName properties.
-> can you remove the databaseName configuration and see what happens?
Otherwise, please send the stacktrace.
If you're using Eclipse, it may be that the source folders configuration is wrong. When I imported the project, for some reason the src/main/resources and src/test/resources folders had all files excluded.
Check your build path and make sure all files are included.