I'm trying to configure a p-config-server instance to use GitLab.The account has a password. I have tried both the http and ssh urls with username and password for the http url and a private key for the ssh url.
The service reports that it failed to start. But I can't get any more information as to why it failed.
How do I configure this correctly to connect to a GitLab instance?
Where are the logfiles for the service failure so that I can find the issues?
Cheers
The username and password eventually worked.
I used -c with a file containing :-
{
"git": {
"uri": "http://host:port/xyz.git",
"label": "master",
"username": "demo",
"password": "demouser"
}
}
Related
I want to add application in IIS. I have EC2 instance on AWS Amazon - Windows 2019 Server Base. I want to add application to my folder created in wwwroot folder. When I press test I get error:
Authorization Cannot verify access to path (C:\inetpub\wwwroot\myapp)
Authentication is ok
I was looking in the Internet and I've installed everything in IIS.
And when I go to my website http://localhost/myapp/ I have error:
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
Detailed Error Information:
Module IIS Web Core
Notification BeginRequest
Handler Not yet determined
Error Code 0x8007000d
Config Error
Config File \\?\C:\inetpub\wwwroot\myapp\web.config
Requested URL http://localhost:80/myapp/
Physical Path C:\inetpub\wwwroot\myapp\
Logon Method Not yet determined
Logon User Not yet determined
I've resolved the error. It was the problem with certificate for Identity server. I had to add certificate and configuration for that in appsettings.json:
"IdentityServer": {
"Key": {
"Type": "File",
"FilePath": "Certificates\\certificatefile.pfx",
"Password": "mypsw"
},
"Clients": {
"FtblrApp": {
"Profile": "IdentityServerSPA"
}
}
},
Now it works
Can hyperledger-fabric get the peer node running status without entering the docker container? If so, how should I get it?
In docker-compose file, for peer service add following env variable. (You may add a different port for different services)
- CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:9440
expose the port(You may expose port number as per availability). Export different port for different peer
ports:
- 9440:9440
Once all services up hit the following path for specific service(As per port defined)
curl -X GET localhost:9440/healthz
You will get a following response if the service is running.
{
"status": "OK",
"time": "2009-11-10T23:00:00Z"
}
If service is not available, you will get the following response.
{
"status": "Service Unavailable",
"time": "2009-11-10T23:00:00Z",
"failed_checks": [
{
"component": "docker",
"reason": "failed to connect to Docker daemon: invalid endpoint"
}
]
}
The Operations Service might be what you are looking for, the simple check is for "Health" and the more complex check is to look the "metrics".
It is covered in the Fabric docs.
I cannot get a deployment of an Azure Function by private repository, using then new Github artifact repo for Docker to work (https://github.com/features/packages).
My linux_fx_version is:
'linux_fx_version': 'DOCKER|{}'.format(self.docker_image_id)
with docker_image_id having the value organisation/project-name/container-name:latest
For the other settings, I am using
{ "name": "DOCKER_REGISTRY_SERVER_PASSWORD", "value": self.docker_password },
{ "name": "DOCKER_REGISTRY_SERVER_USERNAME", "value": self.docker_username },
{ "name": "DOCKER_REGISTRY_SERVER_URL", "value": self.docker_url },
with the docker_url being https://docker.pkg.github.com/, and the password being the token with read:packages
Things look good, and yet I get the following (I am not able to fetch any deployment logs as the runtime is unreachable).
Error:
Azure Functions Runtime is unreachable. Click here for details on storage configuration.
Solution found.
Use https://docker.pkg.github.com/ as the docker URL,
and docker.pkg.github.com/<org>/<project-name>/<container-name>:<version> as the linux_fx_version
My IAM account has "admin" privilege, at least supposedly. I can perform all operations as far as I can tell in web console. For example,
Recently I downloaded aws-cli and quickly configured it by supplying access keys, default region and output format. I then tried to issue some commands and found most of them, but not all, have permission issues. For example
$ aws --version
aws-cli/1.16.243 Python/3.7.4 Windows/10 botocore/1.12.233
$ aws s3 ls s3://test-bucket
An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied
$ aws ec2 describe-instances
An error occurred (UnauthorizedOperation) when calling the DescribeInstances operation: You are not authorized to perform this operation.
$ aws iam get-user
{
"User": {
"Path": "/",
"UserName": "xxx#xxx.xxx",
"UserId": "xxxxx",
"Arn": "arn:aws:iam::nnnnnnnnnn:user/xxx#xxx.xxx",
"CreateDate": "2019-08-21T17:09:25Z",
"PasswordLastUsed": "2019-09-21T16:11:34Z"
}
}
It appears to me that cli, which is authenticated using access key, has a different permission set from web console, which is authenticated using MFA.
Why is permission inconsistent between CLI and GUI? How to make it consistent?
It turns out following statement in one of my policies blocked CLI access due to lacking MFA.
{
"Condition": {
"BoolIfExists": {
"aws:MultiFactorAuthPresent": "false"
}
},
"Resource": "*",
"Effect": "Deny",
"NotAction": [
"iam:CreateVirtualMFADevice",
"iam:EnableMFADevice",
"iam:GetUser",
"iam:ListMFADevices",
"iam:ListVirtualMFADevices",
"iam:ResyncMFADevice",
"sts:GetSessionToken"
],
"Sid": "DenyAllExceptListedIfNoMFA"
},
If you replace BoolIfExists with Bool, it should work. Your CLI requests would not be denied because of not using MFA.
Opposite of https://aws.amazon.com/premiumsupport/knowledge-center/mfa-iam-user-aws-cli/
To remain really secure check this good explanation: MFA token for AWS CLI
In few steps
Get a temporary 36 hours session token.
aws sts get-session-token --serial-number arn:aws:iam::123456789012:mfa/user --token-code code-from-token
{
"Credentials": {
"SecretAccessKey": "secret-access-key",
"SessionToken": "temporary-session-token",
"Expiration": "expiration-date-time",
"AccessKeyId": "access-key-id"
}
}
Save these values in a mfa profile configuration.
[mfa]
aws_access_key_id = example-access-key-as-in-returned-output
aws_secret_access_key = example-secret-access-key-as-in-returned-output
aws_session_token = example-session-Token-as-in-returned-output
Call with the profile
aws --profile mfa
Ps: Don't do the cron job as suggested, it goes again the security.
I had this same issue and I fixed it by adding my user to a new group with administrator access in IAM.
to do this go to IAM, Users, click on your user and then [add permissions]
in the next screen click [Create group] and then pick administrator access
When I run pm2 deploy development setup I get the following error. Which is strange because this key has no password set.
Enter passphrase for key '/Users/spongebob/.ssh/dev.pub':
Permission denied (publickey,keyboard-interactive).
setup paths failed
Deploy failed
I have created a key pair with no password, and trasnfered it to my development machine like so:
ssh-copy-id -i ~/.ssh/virtualbox_dev -o "IdentityFile /Users/spongebob/.ssh/dev" -f dev#192.168.0.17
I can log into SSH fine with no password:
ssh -o 'IdentityFile /Users/spongebob/.ssh/dev' 'dev#192.168.0.17'
Last login: Sun May 27 12:39:57 2018 from 192.168.0.11
I have added this key as a deployment key to Github as this is a private repo (and also added the virtualbox_dev key just incase). And tested whether it works ...
Hi MyUsername/blue-mask-api! You've successfully authenticated, but GitHub does not provideshell access.
And here is my deployment configuration (I have this in package.json):
"deploy": {
"development": {
"key": "/Users/spongebob/.ssh/dev.pub",
"user": "dev",
"host": "192.168.0.17",
"ref": "origin/master",
"path": "/home/dev/",
"repo": "git#github.com:MyUsername/blue-mask-api.git",
"post-deploy": "echo 999999999999",
"ssh_options": [
"StrictHostKeyChecking=no",
"PasswordAuthentication=no"
]
}
It's confusing because it's asking for a password and there isn't one set. And when I leave it blank I still get permission denied.
Enter passphrase for key '/Users/spongebob/.ssh/dev.pub':
It appears that you're trying to use the wrong key file. The file with the ".pub" extension is the public key file. The corresponding file without the ".pub" extension is the private key file. When you run an ssh client to connect to a remote server, you have to provide the private key file to the ssh client. The contents of the public key file are stored on the server (github in this case), where it's used by the ssh server software to confirm that this key can be accepted for authentication.
You ought to have a private key file with the same name as the public file, except without the ".pub" extension:
"development": {
"key": "/Users/spongebob/.ssh/dev",
^^^--note no .pub