Not able to open the deck UI for spinnaker - spinnaker

I installed spinnaker using the command
bash <(curl --silent https://spinnaker.bintray.com/scripts/InstallSpinnaker.sh)
on a local ubuntu machine.
After installation I am not able to connect to the Deck UI of spinnaker using URL: http://localhost:9000

Check logs in /var/log/apache2 for errors, and /etc/apache2/ports.conf to see if it is is listening on 127.0.0.1:9000
The install script should have made those changes for you, but maybe you had a permissions issue or some other kind of local system policy preventing the installation from working properly.

Related

Can't login with root user in native templates of environments Jelastic

When I create a new environment in some nodes, (i.e. with the Nginx) I can't access to this node with root user
I logged with user a not with root.
Using username "251X-XXX".
Authenticating with public key "rsa-key-XXXXXXXX"
Last login: Thu Sep 28 09:11:56 2017
nginx#node251X-delete ~ $ sudo date
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for nginx:
Sorry, try again.
Brief:
I didn't receive root password to my email (I'm the owner of this environment).
I can't change this node to a Docker image
There's no Reset Password option on Dashboard
Sudo it doesn't work.
Also it happens with other non-docker nodes (Tomcat, MySQL,...)
Any alternative or configuration to enter with root user to this node.
Thanks
Jelastic doesn't provide root access to separate containers. At the same time while accessing containers via SSH, a user receives all required permissions and additionally can manage the main services with sudo commands of the following kind (and others):
sudo /etc/init.d/jetty start
sudo /etc/init.d/mysql stop
sudo /etc/init.d/tomcat restart
sudo /etc/init.d/memcached status
sudo /etc/init.d/mongod reload
sudo /etc/init.d/nginx upgrade
sudo /etc/init.d/httpd help
For example, you can restart nginx with the following command:
sudo /etc/init.d/nginx restart
No password will be requested.
Note: If you deploy any application, change the configurations or add any extra functionality via SSH to your Jelastic environment, this
will not be displayed at the Jelastic dashboard.
Using our documentation you’ll find out how to:
use SFTP and FISH protocols
manage containers via SSH with Capistrano
Root user is only provided for self-managed nodes (custom Docker / Elastic VPS).
You can execute specific whitelisted commands with sudo (e.g. sudo service nginx restart). Besides that you shouldn't need root access.
If you feel otherwise then contact your hosting provider to discuss your needs and they can find a solution for you.

Docker - How to open a debug port for AEM

I'm working with Docker to create AEM (Adobe Experience Manager) images on the basis of the following repository https://github.com/AdobeAtAdobe/aem_6-1_docker
I just can't figure out how to open a debug mode for AEM.
I have tried adding a port to EXPOSE EXPOSE 4502 30311 and adding a start file with the new JVM_OPTS CQ_JVM_OPTS="-debug -Xnoagent -Djava.compiler=none -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=30311,server=y,suspend=n ${CQ_JVM_OPTS}"
and I have also tried changing the START_OPTS START_OPTS="${START_OPTS} -debug 30311"
I'm not really comfortable with Docker yet so I'm not sure what I'm missing to startup the debug mode. Do I need to open a port in Docker via ENV or RUN?
You have to bind your host ports to container ports.
So, in your docker run add flag -p 4502:4502 -p 30311:30311

CentOS7: Are you trying to connect to a TLS-enabled daemon without TLS?

I've installed Docker on CentOS7, now I try to launch the server in a Docker container.
$ docker run -d --name "openshift-origin" --net=host --privileged \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /tmp/openshift:/tmp/openshift \
openshift/origin start
This is the output:
Post http:///var/run/docker.sock/v1.19/containers/create?name=openshift-origin: dial unix /var/run/docker.sock: permission denied. Are you trying to connect to a TLS-enabled daemon without TLS?
I have tried the same command with sudo and that works fine (I can also run images in OpenShift bash etc.) But it feels wrong to use it, am I right? What is a solution to let is work as normal user?
Docker is running (sudo service docker start). Restarting the CentOS did not help.
The error is:
/var/run/docker.sock: permission denied.
That seems pretty clear: the permissions on the Docker socket at /var/run/docker.sock do not permit you to access it. This is reasonably common, because handing someone acccess to the Docker API is effectively the same as giving them sudo privileges, but without any sort of auditing.
If you are the only person using your system, you can:
Create a docker group or similar if one does not already exist.
Make yourself a member of the docker group
Modify the startup configuration of the docker daemon to make the socket owned by that group by adding -G docker to the options. You'll probably want to edit /etc/sysconfig/docker to make this change, unless it's already configured that way.
With these changes in place, you should be able to access docker from your user account with requiring sudo.

RabbitMQ 3.3.1 can not login with guest/guest

I have installed the latest version of RabbitMQ on a VPS Debian Linux box. Tried to get login through guest/guest but returned with the message login failed. I did a little research and found that for security reason its prohibited to get login via guest/guest remotely.
I also have tried enabling guest uses on this version to get logged in remotely by creating a rabbitmq.config file manually (because the installation didn't create one) and placing the following entry only
[{rabbit, [{loopback_users, []}]}].
after restart the rabbitmq with the following command.
invoke-rc.d rabbitmq-server stop -- to stop
invoke-rc.d rabbitmq-server start -- to start
It still doesn't logged me in with guest/guest. I also have tried installing RabbitMQ on Windows VPS and tried to get log in via guest/guest through localhost but again i get the same message login failed.
Also provide me a source where I could try installing the old version of RabbitMQ that does support logging remotely via guest/guest.
I had the same Problem..
I installed RabbitMQ and Enabled Web Interface also but still couldn't sign in with any user i newly created, this is because you need to be administrator to access this.
Do not create any config file and mess with it..
This is what i did then,
Add a new/fresh user, say user test and password test:
rabbitmqctl add_user test test
Give administrative access to the new user:
rabbitmqctl set_user_tags test administrator
Set permission to newly created user:
rabbitmqctl set_permissions -p / test ".*" ".*" ".*"
That's it, enjoy :)
I tried on Debian the same configuration with the following steps:
Installed RabbitMQ.
Enabled the web-management plug-in (not necessary).
When I tried to login I had the same error:
So I created a rabbitmq.config file (classic configuration file) inside the /etc/rabbitmq directory with the following content (notice the final dot):
[{rabbit, [{loopback_users, []}]}].
Alternatively, one can create instead a rabbitmq.conf file (new configuration file) inside the same directory with the following content:
loopback_users = none
Then I executed the invoke-rc.d rabbitmq-server start command and both the console and the Java client were able to connect using the guest/guest credentials:
So I think you have some other problem if this procedure doesn't work. For example your RabbitMQ might be unable to read the configuration file if for some reason you have changed the RABBITMQ_CONFIG_FILE environment variable.
This is a new features since the version 3.3.0. You can only login using guest/guest on localhost. For logging from other machines or on ip you'll have to create users and assign the permissions. This can be done as follows:
rabbitmqctl add_user test test
rabbitmqctl set_user_tags test administrator
rabbitmqctl set_permissions -p / test ".*" ".*" ".*"
Adding the below line in the config file and restarting the server worked for me. Kindly try in your setup.
loopback_users.guest = false
I got this line from the example RabbitMQ config file from Github as linked here.
notice: check your PORT is 15672 ! (version > 3.3 ) if 5672 not works
First of all, check the "choosen answer above":
rabbitmqctl add_user test test
rabbitmqctl set_user_tags test administrator
rabbitmqctl set_permissions -p / test ".*" ".*" ".*"
and if still can't make connection work, check if your port is correct!
for me, this command works:
$ rabbitmqadmin -H 10.140.0.2 -P 15672 -u test -p test list vhosts
+------+----------+
| name | messages |
+------+----------+
| / | |
+------+----------+
for the completed ports , check this:
What ports does RabbitMQ use?
to verify your rabbit mq server, check this: Verify version of rabbitmq
p.s.
For me, after I created the "test" user and run set_user_tags, set_permissions , I can't connect to rabbitmq via port 5672. but I can connect via 15672.
However, port 15672 always gives me a "blank response". and my code stop working.
so about 5 minutes later, I switched to 5672, everything worked!
Very wired problem. I have no time to dig deeper. so I wrote it down here for someone meeting the same problems.
for other guys which use Ansible for RabbitMQ provisioning, what I missed for rabbitmq_user module was tags: administrator
here is my working Ansible configuration to recreate "guest" user (for development environment purpose, don't do that in production environment):
- name: Create RabbitMQ user "guest"
become: yes
rabbitmq_user:
user: guest
password: guest
vhost: /
configure_priv: .*
read_priv: .*
write_priv: .*
tags: administrator
force: yes # recreate existing user
state: present
and I also had to setup a file /etc/rabbitmq/rabbitmq.config containing the following:
[{rabbit, [{loopback_users, []}]}].
in order to be able to log using "guest"/"guest" from outside of localhost
#Create rabbitmq.conf file with
rabbitmq.conf
loopback_users = none
Dockerfile:
FROM rabbitmq:3.7-management
#Rabbitmq config
COPY rabbitmq.conf /etc/rabbitmq/rabbitmq.conf
#Install vim (edit file)
RUN ["apt-get", "update"]
RUN ["apt-get", "-y", "install", "vim"]
#Enable plugins rabbitmq
RUN rabbitmq-plugins enable --offline rabbitmq_mqtt rabbitmq_federation_management rabbitmq_stomp
Run:
$ docker build -t my-rabbitmq-image .
$ docker run -d --hostname my-rabbit --name some-rabbit -p 8080:15672 my-rabbitmq-image
Check that the rabbitmq.conf file has been copied correctly.
$ docker exec -it my_container_id /bin/bash
$ vim /etc/rabbitmq/rabbitmq.conf
I had the same problem. I tried what was suggested by Gas and ran "invoke-rc.d rabbitmq-server start" it didn't start. I tried to reboot the server and the webui worked with the guest user. Maybe after adding the rabbitmq.config file, something else also needed to started.
I used rabbitmq version 3.5.3.
One more thing to note: if you're using AWS instance then you need to open inbound port 15672. (The port for RabbitMQ versions prior to 3.0 is 55672.).
Students and I stared at this problem for an hour. Be sure you've named your files correctly. In the /etc/rabbitmq directory, there are two distinct files. There is an /etc/rabbitmq/rabbitmq.config file which you should edit to get the loopback users as described, but there is another file called rabbitmq-env.conf file. Many folks were using tab completion and just adding "ig", which isn't the right file. Double check!
sometimes you don't need the comma , which is there in the configuration file by default , if nothing else is configured below rabbit tag , while starting broker
we will get a crash
like
{loopback_users, []} , I spend many times hours forgetting this and later removing the comma , it is applicable for all other configurations including SSL
Try restart your rabbitmq and login again, for me work.
For a slightly different use, but might be useful for anyone dealing with accessing the API for monitoring purposes:
I can confirm the answer given by #Oliboy50 works well, however make sure you enable it for each vhost you want the user to be able to monitor, such as:
permissions:
- vhost: "{{item.name}}"
configure_priv: .*
write_priv: .*
read_priv: .*
state: present
tags: management
with_items: "{{user_system_users}}"
With this loop I was able to get past the "401 Unauthorized" error when using the API for any vhost.
By default, the guest user is prohibited from connecting from remote hosts; it can only connect over a loopback interface (i.e. localhost). This applies to connections regardless of the protocol. Any other users will not (by default) be restricted in this way.
It is possible to allow the guest user to connect from a remote host
by setting the loopback_users configuration to none
# DANGER ZONE!
#
# allowing remote connections for default user is highly discouraged
# as it dramatically decreases the security of the system. Delete the user
# instead and create a new one with generated secure credentials.
loopback_users = none
Or, in the classic config file format (rabbitmq.config):
%% DANGER ZONE!
%%
%% Allowing remote connections for default user is highly discouraged
%% as it dramatically decreases the security of the system. Delete the user
%% instead and create a new one with generated secure credentials.
[{rabbit, [{loopback_users, []}]}].
See at "guest" user can only connect from localhost
TIP: It is advisable to delete the guest user or at least change its password to reasonably secure generated value that won't be known to the public.
If you will check the log file under info report you will get this.
`config file(s) : /etc/rabbitmq/rabbitmq.config (not found)`.
Change the config file permission using below command then login using guest , it will work
sudo chmod 777 /etc/rabbitmq/rabbitmq.config

Jenkins - j_acegi_security_check

I am trying to setup jenkins, but I cant get the authentication to work. I am running jenkins on Tomcat6 on CentOS 6.2. I enable logging in, and everything goes fine until I try to log in. After giving my credential and pressing login, tomcat gives me a error:
"HTTP Status 404 - The requested resource () is not available." on http://myserver:8080/jenkins/j_acegi_security_check
By googling I can find this:
https://issues.jenkins-ci.org/browse/JENKINS-3761
Two suggested fixes I have found:
Run jenkins on tomcat instead of running the standalone version - I
am already doing so.
Edit a file: WEB-INF/security/SecurityFilters.groovy - I tried to
edit, but I can't get it to change anything
Is there something I could do to make this work?
Spent ages wrestling with this one, make sure a Security Realm is set when you are choosing your Authorization method in Jenkins.
That is, in Manage Jenkins → Configure Global Security select an option in the Security Realm list.
For example:
You may have forgotten to select a Security Realm as specified below
https://wiki.jenkins-ci.org/display/JENKINS/Standard+Security+Setup
In case you have locked yourself out, you can revert the Jenkins config.xml file to set <useSecurity>true</useSecurity> node value to false by following instructions here
https://wiki.jenkins-ci.org/display/JENKINS/Disable+security
As mentioned on the bug page:
The error was caused by a proxy pass rule "/jenkins http://localhost:9080/jenkins/" which led to the incomming (jenkins) request "/jenkins//j_acegi_security_check" (double //). So the login page was rejected with 404 (while all other pages where served).
Make sure your /jenkins ProxyPass does not end with a trailing slash in the destination URL.
I had the same problem with 404 on the "/jenkins/j_acegi_security_check" page.
Using Jenkins with Tomcat, after a lot of tries to solve it, I came to following solution - I´m using 18080 as default port without SSL-redirection.
It´s related to the redirection, but in that case (as using Tomcat) it has to be changed in the tomcat-server-configuration:
Look in /conf/server.xml for the following entry:
<Connector port="18080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
Just commenting out the redirectPort helped for me:
<Connector port="18080" protocol="HTTP/1.1"
connectionTimeout="20000" />
I had the same HTTP 404 on the "/jenkins/j_acegi_security_check" URI problem .
And the same issue as pointed out by pga above: Tomcat was being started as user root.
This was because I had setup tomcat to restart automatically by creating a startup tomcat script at "/etc/init.d/".
Fixed the issue with:
su - tomcatuser - c /cde/pkgs/../tomcat/start.sh
I was facing the same issue on Ubuntu as well as on AIX, where I desperately needed it to work in production settings. I even tried Tomcat and Apache web servers, still the same issue.
Finally changing the class loader as follows made it work in stand-alone mode:
java -jar jenkins.war --httpPort=79802 --preferredClassLoader=java.net.URLClassLoader &
By the way, this is default settings in standard Jenkins distribution for Ubuntu, from where I got the clue.
Probably the issue is related with packaging, but for now this solution works. Check if this resolves similar issues.
My bookmarked jenkins login url was: https://jenkins.foo.com/login?from=%2F
If security is disabled and you hit that url with any credentials or blank ones, it brings up the j_acegi error.
Instead, use https://jenkins.foo.com/ and it will take you straight to the dashboard.
I had the same HTTP 404 on the "/jenkins/j_acegi_security_check" URI.
In my case, Jenkins was running on a Tomcat started by user 'root'. Stopped Tomcat, and started it again by the proper separate application user. Problem solved.
Seeing vote down: I did the steps again on fresh server.
There were ** characters and I removed that
There were missing $sign for tomcat like this $TOMCAT_VERSION
(Both corrected and it is working) (updated on 28.03.2016)
Disable the security as given below:
http://markunsworth.com/2012/02/13/locked-yourself-out-of-jenkins/
Unable to login jenkins, and can't disable login option either
Or
Locked in login with Jenkins on Tomcat.
http://xx.xxx.xxx.xxx:8080/jenkins/login?from=/jenkins/ and after filling the userId Password, which was not set up at all, will always take to this page
http://xx.xxx.xxx.xxx:8080/jenkins/j_acegi_security_check
HTTP Status 404 - description The requested resource is not available.
I had .war file installed in tomcat
It took me long to fix this issue.
I had many times completely removed Tomcat, Jenkins all folders .jenkins etc reinstalled and what not...
Remove both Tomcat and Jenkins completely once again...
The solution is proper use of user and group, let us see how to it by running the following commands one by one.
You are logged in with user(e.g. vimal) with sudo permission.
vimal#h123:~$ sudo apt-get update
vimal#h123:~$ BASE_USER=vimal
vimal#h123:~$ sudo chown -Rf $BASE_USER:$BASE_USER /opt/
vimal#h123:~$ USER=apache-tomcat
vimal#h123:~$ GROUP=myjenkins
vimal#h123:~$ TOMCAT_INSTALL_DIR=/opt
vimal#h123:~$ TOMCAT_VERSION=apache-tomcat-8.0.23
vimal#h123:~$ TOMCAT_URL=http://archive.apache.org/dist/tomcat/tomcat-8/v8.0.23/bin/apache-tomcat-8.0.23.zip
For TOMCAT_URL, copy the link that you need from archive/src (.zip) of tomcat download site
vimal#h123:~$ mkdir -p $TOMCAT_INSTALL_DIR
vimal#h123:~$ cd $TOMCAT_INSTALL_DIR
vimal#h123:~$ wget $TOMCAT_URL
vimal#h123:~$ unzip -q $TOMCAT_VERSION.zip
vimal#h123:~$ rm $TOMCAT_VERSION.zip
Before running command below you need to have JAVA_HOME set up in like JAVA_HOME="/usr/lib/jvm/java-8-oracle/" by adding this into
sudo nano /etc/environment
vimal#h123:~$ sudo chmod +x $TOMCAT_INSTALL_DIR/$TOMCAT_VERSION/bin/*.sh
vimal#h123:~$ $TOMCAT_INSTALL_DIR/$TOMCAT_VERSION/bin/catalina.sh start
vimal#h123:~$
vimal#h123:~$ cd $TOMCAT_INSTALL_DIR/$TOMCAT_VERSION/webapps/
vimal#h123:~$ wget http://mirrors.jenkins-ci.org/war-stable/latest/jenkins.war
Wait for a couple of minutes till Jenkins is fully loaded. Needs 2GB memory.
Try going to the browser on http://xx.xxx.xxx.xxx:8080/jenkins/ and it will work...
Took me one day to find the solution.
Here is how I resolved this issue:
# service tomcat status
tomcat start/running, process 996
# service tomcat stop
tomcat stop/waiting
# service jenkins status
Jenkins Continuous Integration Server is not running
# service jenkins restart
* Restarting Jenkins Continuous Integration Server jenkins [ OK ]
# service tomcat start
tomcat start/running, process 3839
# service jenkins status
Jenkins Continuous Integration Server is running with the pid 3694
Refresh your browser and Jenkins should be up and running.
Hope this helps!