ubuntu#ubuntu-14-lts:~$ export OS_USERNAME=admin
ubuntu#ubuntu-14-lts:~$ export OS_TENANT_NAME=admin
ubuntu#ubuntu-14-lts:~$ export OS_PASSWORD=admin
ubuntu#ubuntu-14-lts:~$ export OS_AUTH_URL=http://localhost:35357/v2.0/
Executed the command to create the Admin tenant
ubuntu#ubuntu-14-lts:~$ sudo keystone tenant-create --name admin --description "Admin Tenant"
got the below error
Expecting an auth URL via either --os-auth-url or env[OS_AUTH_URL]
modified the url
ubuntu#ubuntu-14-lts:~$ export OS_AUTH_URL="http://localhost:35357/v2.0/"
re-run the same command and same error thrown
ubuntu#ubuntu-14-lts:~$ sudo keystone tenant-create --name admin --description "Admin Tenant"
Expecting an auth URL via either --os-auth-url or env[OS_AUTH_URL]
Is there any Issues in running the command ?
The issue is probably with sudo - sudo may not maintain environment variables. Depends on configuration.
Why do you need sudo anyway? The keystone command does not require it. Either drop sudo, or add
--os-auth-url http://localhost:35357/v2.0/
to your command. You can also do
sudo -e keystone ...
You have failed to create a new user or tenant because you have no access to keystone... just like you need to login to mysql to create new tables and all, the same is here. The following steps will help you through:
# unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
# keystone --os-username=ADMIN_USERNAME --os-password=ADMIN_PASSWORD --os-auth-url=http://controller:35357/v2.0 token-get
# source admin_creds //this is the file where you have saved the admin credentials
# keystone token-get
# source creds // this is the other file where you have backed up your admin credentials
now you can run your keystone commands normally. Please put a tick mark if it helped you! lol
Related
The application (bin) loads the (service account) credentials fine when it has "normal" permissions. This is the run script:
#!/bin/bash
export GOOGLE_APPLICATION_CREDENTIALS=/home/user/config/gcloud/key.json
./bin
However when bin permission are changed:
chown root:root bin
chmod u+s bin
I get this error:
E1003 10:02:07.563899584 60263 credentials_generic.cc:35] Could not get HOME environment variable.
E1003 10:02:10.563621247 60263 google_default_credentials.cc:461] Could not create google default credentials: UNKNOWN:creds_path unset {created_time:"2022-10-03T10:02:07.563943484+09:00"}
Any advice would be appreciated.
Thanks.
As far as I can tell, this is expected behavior for gRPC. gRPC uses secure_getenv() to get all environment variables. In your case, that means the gRPC ignores the GOOGLE_APPLICATION_CREDENTIALS set.
You may need to change your application to use explicit service account credentials. Something like:
auto is = std::ifstream(filename);
auto json_string =
std::string(std::istreambuf_iterator<char>(is.rdbuf()), {});
auto credentials =
google::cloud::MakeServiceAccountCredentials(json_string);
auto publisher = pubsub::Publisher(
pubsub::MakePublisherConnection(
pubsub::Topic(project_id, topic_id),
google::cloud::Options{}
.set<google::cloud::UnifiedCredentialsOption>(
credentials)));
I use the mcr.microsoft.com/mssql/server:2017 docker container to run a mssql server. I tried to change the collation like this:
echo "SQL_Latin1_General_CP1_CI_AS" | /opt/mssql/bin/mssql-conf set-collation
Unfortunately I get this error:
No passwd entry for user 'mssql'
How is it possible to fix this error?
I created a new user with useradd mssql, but now I get this error if I run the command:
sqlservr: Unable to open /var/opt/mssql/.system/instance_id: File: pal.cpp:566 [Status: 0xC0000022 Access Denied errno = 0xD(13) Permission denied]
/opt/mssql/bin/sqlservr: PAL initialization failed. Error: 101
It looks the latest mcr.microsoft.com/mssql/server fix such issue, if you insist on the old, next could be the procedure to fix all user/permission issue:
cake#cake:~/20211012$ docker run --rm -it mcr.microsoft.com/mssql/server:2017-latest /bin/bash
SQL Server 2019 will run as non-root by default.
This container is running as user root.
To learn more visit https://go.microsoft.com/fwlink/?linkid=2099216.
root#4fd0bdf1d21c:/# useradd mssql
root#4fd0bdf1d21c:/# mkdir -p /var/opt/mssql
root#4fd0bdf1d21c:/# chmod -R 777 /var/opt/mssql
root#4fd0bdf1d21c:/# echo "SQL_Latin1_General_CP1_CI_AS" | /opt/mssql/bin/mssql-conf set-collation
Enter the collation: Configuring SQL Server...
The SQL Server End-User License Agreement (EULA) must be accepted before SQL
Server can start. The license terms for this product can be downloaded from
http://go.microsoft.com/fwlink/?LinkId=746388.
You can accept the EULA by specifying the --accept-eula command line option,
setting the ACCEPT_EULA environment variable, or using the mssql-conf tool.
I configured odoo in aws ec2 and connecting Postgresql from rds when I run the command ./odoo-bin --config=/etc/odoo.conf and try to access from a browser, I'm getting the following error:
ERROR odoo_db odoo.modules.loading: Database odoo_db not initialized, you can force it with `-i base`
File "/opt/odoo/odoo/odoo/modules/registry.py", line 176, in __getitem__
return self.models[model_name]
KeyError: 'ir.http' - - -
and also I'm getting this error as well:
STATEMENT: SELECT latest_version FROM ir_module_module WHERE name='base'
ERROR odoo_db odoo.sql_db: bad query: SELECT latest_version FROM ir_module_module WHERE name='base'
ERROR: relation "ir_module_module" does not exist
In command line run:
./odoo-bin --addons-path=addons --database=odoo --db_user=odoo --db_password=odoo --db_host=localhost --db_port=5432 -i INIT
explicitly give db name, user and password, "-i INIT" option initialises the odoo database
The first glance issue is though the DB has created in Postgres but it has not the required odoo related setup records i.e. base setup. You can verify by directly accessing the DB and see the number of tables or browsing some tables.
It happens sometimes that you create the DB [specifically giving similar DB names as you have already created before and deleted later [its dropped from PG but still has traces in session or DB location path], it will not get initialized properly.
Solution:
Create sample DB with different name initial 4 characters different completely and check
Initialize the DB from odoo.conf file add db_name = < Your DB Name > {for experiment purpose put completely different name} and restart odoo services and check
Hope it will help. Njoy troubleshooting!
First do what #FaisalAnsari says in here (what I reference below):
*
Go to RDS and create a database in PostgreSQL and configure the
server.conf file as the given below.
;This is the password that allows database operations:
;admin_passwd = admin
db_host = rds_endpoint (after creating database you will get
rds_endpoint)
db_port = False
db_user = "user name which is created by you to the database"
db_password = "password which is created"
;addons_path =
/home/deadpool/workspace/odoo_13_community/custom_addons,
/home/deadpool/workspace/odoo_13_community/custom_addons
Then go to the command line and do the following.
Stop your odoo instance
~$ service odoo stop
Enable command line for the user odoo
~$ chsh -s /bin/bash odoo
execute odoo from command line as user odoo
~$ runuser -l odoo -c "odoo -i base -d YourRDSDatabase --db_host YourAmazonRDSHost.Address.rds.amazonaws.com -r YourRDSDatabaseUserName -w YourRDSDatabasePassword --stop-after-init"
After the initialization finished, start odoo service
~$ service odoo start
Troubleshooting :
if odoo doesn't start correctly make sure that the database user in your RDS instance have privileges at least on the database you are using.
~$ psql --host=YourAmazonRDSHost.Address.rds.amazonaws.com --port=5432 --username=YourRDSDatabaseUserName --password --dbname=YourRDSDatabase
and when you are inside postgresql type the following:
~$ grant all privileges on database YourRDSDatabase to YourRDSDatabaseUserName;
~$ \q
and try again from step 3.
Hope that Helps!!
I am trying to find out how to create a new user in OpenShift enterprise.
According to the documentation (on https://docs.openshift.com/enterprise/3.0/architecture/core_concepts/projects_and_users.html):
Regular users are created automatically in the system upon first login...
This sounds illogical. How does a user login if they dont have a username and password?
Can someone please clarify this - I'm sure there must be some command for creating a new user, but it is not clear.
Thanks
The OpenShift master-config (/etc/openshift/master/master-config.yaml) describes the configuration about authentication. By default the master-config shows something like this for the authentication-part:
identityProviders:
- challenge: true
login: true
name: anypassword
provider:
apiVersion: v1
kind: AllowAllPasswordIdentityProvider
This means that every user with every password can authenticate. By performing oc get users as system:admin you'll see all the users.
This configuration is not recommended. You're able to configure another form of authentication (htpasswd, ldap, github, ...).
I'm using htpasswd. So than you have to create a file (with htpasswd) which will contain your username + encrypted password. After that you'll need to edit your master-config.yaml. You have to tell it to use HTPasswdPasswordIdentityProvider and link to your file.
You can find those steps here. Don't forget to restart your OpenShift master after performing those steps: sudo service openshift-master restart (origin-master for origin).
After creating users you can assign roles to users
Log in with the default admin (system:admin) and assign roles.
I am creating a script for simply adding a user if OpenShift using HTPasswdPasswordIdentityProvider
wget https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64
mv jq-linux64 jq && chmod 755 jq
FILE=$(cat /etc/origin/master/master-config.yaml | python -c 'import sys, yaml, json; y=yaml.load(sys.stdin.read()); print json.dumps(y,indent=4, sort_keys=True)' | ./jq '.oauthConfig.identityProviders[0].provider.file')
FILE=$(sed -e 's/^"//' -e 's/"$//' <<<"$FILE")
htpasswd $FILE user1
I'm deploying a Django based project on AWS Elastic Beanstalk.
I have been following the Amazon example, where I add my credentials (ACCESS_KEY/SECRET) to my app.config under the .ebextentions directory.
The same config file has:
container_commands:
01_syncdb:
command: "django-admin.py migrate --noinput"
leader_only: true
02_collectstatic:
command: "django-admin.py collectstatic --noinput"
leader_only: true
Problem is that this is forcing me to store my credentials under Version Control, and I will like to avoid that.
I tried to remove the credentials and then add them with eb setenv, but the problem is that the two django commands require the these settings to be set on the environment.
I'm using the v3 cli:
eb create -db -c foo bar --profile foobar
where foobar is the name of the profile under ~/.aws/credentials, and where I want to keep my secret credentials.
What is the best security practices for the AWS credentials using EB?
One solution is to keep the AWS credentials, but create a policy that ONLY allows them to POST objects on the one bucket used for /static.
I ended up removing the collecstatic step from the config file, and simply take care of uploading statics on the build side.
After that, all credentials can be removed and all other boto commands will grab the credentials from the security role on the EC2 instance.