I am a newbie in pulumi. I am having an issue. When I do pulumi login in GCP backend It appears an error:
stderr: error: getting secrets manager: passphrase must be set with
PULUMI_CONFIG_PASSPHRASE or PULUMI_CONFIG_PASSPHRASE_FILE environment
variables
When I do pulumi logout the deployment works - pulumi api automation. Does anyone have an idea how to fix this?
Tried to set pulumi_config_passphrase.
When using the self-managed backends for Pulumi, you need to provide a pass phrase to encrypt secret values.
This can be done by setting a global environment variable which will depend on the operating system you're using. In Unix like environments (eg MacOs or Linux) you can do:
export PULUMI_CONFIG_PASSPHRASE=<a password you can remember>
In Windows on Powershell this can be done using:
$env:PULUMI_CONFIG_PASSPHRASE=<a password you can remember>
If you don't wish to use a passphrase, you can leverage the Pulumi service as your state store, or configure a cloud secrets provider.
This is done when initializing your stack, more information on that can be found here
Related
Hello
i am working on the IBM webseal authentication. i want to implement the webseal authentication into my application.
while configuring the runtime component i am getting the following error.
Unable to verify the management domain location DN in the
LDAP server: (secAuthority=Default).
If the location does not exist on the server, create it,
otherwise specify a different location that does exist.
Error: DPWAP0003I An error occurred while executing the command: /opt/PolicyDirector/sbin/PDMgr_config -s TRUE -y no -v TRUE -d CN=jony mittal,OU=dev,DC=dgad,DC=com -w XXXX -L 389 -C fips -D Default -m XXXX -l 1460 (0x1)
anyone please help me to resolve this issue.
thanks
When you are configuring ISAM/ISVA PD runtime, PDMgr_config will deploy its registry into your LDAP directory server. This requires modifying the schema of the LDAP server. To do this, it requires administrator rights on the directory. Commonly this will be an account such as cn=root, cn=admin, cn=DM, etc. depending on your directory server.
I believe what may work better for you, if you are configuring ISAM from scratch, is likely deploy using the internal/embedded LDAP. When configuring the runtime choose the local LDAP server option. You can set the credentials on the local/embedded LDAP server on the tab where you configure the runtime. Just set a password on it, then feed that password into the runtime configuration.
Then, if you are needing to tie into another directory, which I expect is the case since you are trying to do this now, then use basic user mode with a "federated registry" so you don't have to deploy the ISAM "registry" and hence do not have to modify the existing directory. This way you can authenticate and authorize users off an existing directory without having to modify that directory specifically to support ISAM.
Additional information here:
Embedded (local) LDAP server instructions
Configuring PD runtime
Basic user mode instructions
Setup federated repository
I am trying to authenticate gcloud using json key and even doing everything as per docs it requires for password when I run gcloud compute ssh root#production
Here is snapshot of steps I performed.
1. Authorizing access to Google Cloud Platform with a service account
tahir#NX00510:~/www/helloworld$ gcloud auth activate-service-account 1055703200677-compute#developer.gserviceaccount.com --key-file=gcloud_key.json
Activated service account credentials for: [1055703200677-compute#developer.gserviceaccount.com]
2. Initializing the gcloud
tahir#NX00510:~/www/helloworld$ gcloud init
Welcome! This command will take you through the configuration of gcloud.
Settings from your current configuration [default] are:
compute:
region: us-central1
zone: us-central1-b
core:
account: 1055703200677-compute#developer.gserviceaccount.com
disable_usage_reporting: 'True'
project: concise-hello-122320
Pick configuration to use:
[1] Re-initialize this configuration [default] with new settings
[2] Create a new configuration
Please enter your numeric choice: 1
Your current configuration has been set to: [default]
You can skip diagnostics next time by using the following flag:
gcloud init --skip-diagnostics
Network diagnostic detects and fixes local network connection issues.
Checking network connection...done.
Reachability Check passed.
Network diagnostic passed (1/1 checks passed).
Choose the account you would like to use to perform operations for
this configuration:
[1] 1055703200677-compute#developer.gserviceaccount.com
[2] Log in with a new account
Please enter your numeric choice: 1
You are logged in as: [1055703200677-compute#developer.gserviceaccount.com].
API [cloudresourcemanager.googleapis.com] not enabled on project
[1055703200677]. Would you like to enable and retry (this will take a
few minutes)? (y/N)? N
WARNING: Listing available projects failed: PERMISSION_DENIED: Cloud Resource Manager API has not been used in project 1055703200677 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project=1055703200677 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
- '#type': type.googleapis.com/google.rpc.Help
links:
- description: Google developers console API activation
url: https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project=1055703200677
Enter project id you would like to use: concise-hello-122320
Your current project has been set to: [concise-hello-122320].
Do you want to configure a default Compute Region and Zone? (Y/n)? n
Your Google Cloud SDK is configured and ready to use!
* Commands that require authentication will use 1055703200677-compute#developer.gserviceaccount.com by default
* Commands will reference project `concise-hello-122320` by default
Run `gcloud help config` to learn how to change individual settings
This gcloud configuration is called [default]. You can create additional configurations if you work with multiple accounts and/or projects.
Run `gcloud topic configurations` to learn more.
Some things to try next:
* Run `gcloud --help` to see the Cloud Platform services you can interact with. And run `gcloud help COMMAND` to get help on any gcloud command.
* Run `gcloud topic --help` to learn about advanced features of the SDK like arg files and output formatting
3. SSHing to gcloud
tahir#NX00510:~/www/helloworld$ gcloud compute ssh root#production
No zone specified. Using zone [us-central1-b] for instance: [production].
root#compute.1487950061407628967's password:
I don't know which password should I enter here, also I believe it should not ask for password in the first place because I have used json key file for authentication.
Could you guys please help me out to fix this.
Thanks !
I am following the APIC tutorial documented here:
Publishing a project from the command line
I have gone through the steps in the tutorial to get into the APIConnect dashboard in Bluemix and into the Sandbox catalog.
I get the baseURL under api management:
e.g. https://api.us.apiconnect.ibmcloud.com/FREDusibmcom-dev/sb
Then I use that to
apic config:set
catalog=apic-catalog://api.us.apiconnect.ibmcloud.com/orgs/FREDusibmcom-dev/catalogs/sb
app=apic-app://api.us.apiconnect.ibmcloud.com/orgs/FREDusibmcom-dev/apps/acme-bank-Fred
After this as per the instructions, I try to login using my Bluemix credentials
apic login --server api.us.apiconnect.ibmcloud.com -u fred -p mypassword
This fails with:
ERROR Login to api.us.apiconnect.ibmcloud.com failed, please verify the servername and credential
Am I doing something wrong in regards to the servername or credentials that I am using? Thanks!
For your server argument in the login command, use us.apiconnect.ibmcloud.com instead. I think the api portion is throwing things off.
Once successful there, I also recommend that you run apic edit and proceed to Log in with Bluemix there, as that will ensure that you're able to publish applications to Bluemix from the CLI or API Designer.
I assume you used your actual username/password, and not "fred/mypassword".
If so, then the problem may be with the Bluemix URL. There's now a simpler way to get the app identifier and catalog identifier (and to make sure you have the right Bluemix base URL). The catalog & app tiles now have a link icon that you can click to easiy copy the catalog/app identifers:
Geting the catalog identifier
The Bluemix base URL will the part immediately following apic-catalog:// in the catalog identifier.
We're in the process of updating the docs with this.
I am new to WebSphere (as you can tell by my dated username) and I have made a mistake. While trying to address security concerns in my organization I deleted the self-signed certificates in WebSphere. This seems to have caused the Integrated Solutions Console to break. Our application hosted in WebSphere is still working fine.
Is there a way to use a Jython or Jacl script to recreate these certs and configure them properly? Or is there perhaps another way to get access to the Console?
The web browser (IE) complains about TLS errors when trying to load the Console page.
You can create a new certificate using the createSelfSignedCertificate command from wsadmin. You'll have to run wsadmin unconnected to the server.
So roughly
start wsadmin eg.
wsadmin -conntype none
Then run the createSelfSignedCertificate task. The keystore is likely NodeDefaultKeyStore if you are on a stand alone app server or CellDefaultKeyStore if you are on a ND environment. You have to provide a management scope if running unconnected. You can get the list or management scope with the listManagementScopes command. Fill in your hostname for the certificateCommonName parameter.
eg.
to get the list of management scopes
wsadmin> AdminTask.listManagementScopes()
to create a self-signed certificate
AdminTask.createSelfSignedCertificate('[-keyStoreName -keyStoreScope -certificateAlias -certificateCommonName -certificateOrganization ibm -certificateState us ]')
to save the changes
AdminConfig.save()
If you just need to get into the console you can disable security in /config/cells/../security.xml
Just set "enabled=false" and restart the server. Using the console to create a new certificate should be easier than using wsadmin
Has anyone find to use the GAE remote api but instead of connecting to AppEngine to connect to localhost?
For dev purposes of course
i was able to get this working by adding the following to the app.yaml file
builtins:
- remote_api: on
and then from the command line you can access the db, users, urlfetch or memcache modules
remote_api_shell.py -s localhost:8080
This will prompt you for the email and password but this is not important right now. the remote_api_shell.py is on my path from the google app engine directory
Have you tried the development console? To access it, go to this URL: http://localhost:8080/_ah/admin.
If you really want to use the remote API, have a look at this article. I believe you can use the dev_server by passing the local host url to the interactive console script.
For Java see this document which explains both local and remote access
https://developers.google.com/appengine/docs/java/tools/remoteapi#Configuring_Remote_API_on_the_Client
If there are some like me who prefer to execute from a python script rather than a shell:
from google.appengine.ext.remote_api import remote_api_stub
remote_api_stub.ConfigureRemoteApiForOAuth('localhost:8081', '/_ah/remote_api', secure=False)
os.environ['SERVER_SOFTWARE'] = 'Development'
os.environ['HTTP_HOST'] = 'localhost:8080'
... do stuff ...
I run the dev server with the option "--api_port 8081" otherwise just look at the port used in the dev server logs ("Starting API server at ...").
The environ tweaks are to be able to use cloudstorage api against the dev server too.