I would like to use CF release of rabbit-mq and provide more BOSH release/deployment defined broker users ( for sake of tracing issues)
Is there a way to provide so ?
Currently i'm using stock release
https://github.com/pivotal-cf/cf-rabbitmq-release
and in deployment i declare single user ?
properties:
rabbitmq-server:
plugins:
- rabbitmq_management
administrators:
broker:
username: foo #user to read and send events
password: bar
Regards
You can see by looking at the spec for the rabbitmq-server that only 2 accounts are identified as valid properties. broker and management
rabbitmq-server.administrators.broker.username:
description: "RabbitMQ admin username for broker"
rabbitmq-server.administrators.broker.password:
description: "RabbitMQ admin password for broker"
rabbitmq-server.administrators.management.username:
description: "RabbitMQ admin username for operator"
rabbitmq-server.administrators.management.password:
description: "RabbitMQ admin password for operator"
https://github.com/pivotal-cf/cf-rabbitmq-release/blob/623a0bfac64ec6820175d3589ba6233435bf912f/jobs/rabbitmq-server/spec#L37
If you know rabbit internals and want to cut your own bosh release you could modify the init-script and create additional administrator users for your use case. The script already uses the same function for operator and broker accounts, and looks like a straightforward pattern to follow. https://github.com/pivotal-cf/cf-rabbitmq-release/blob/623a0bfac64ec6820175d3589ba6233435bf912f/jobs/rabbitmq-server/templates/rabbitmq-server.init.bash#L77
But when you say "tracing issues" I wonder if the operator account is indeed what you're looking for. If so just add that to the job details.
properties:
rabbitmq-server:
plugins:
- rabbitmq_management
administrators:
broker:
username: foo
password: bar
management: #operator account details
username: foo
password: bar
Related
I have Team Foundation server 4 years and suddenly all the users not authorized, even the admin users.
When I try to open the website in the server on http://localhost:8080/tfs I get error 401.1
The website work on Windows authentication.
This the failure message in the event viewer:
An account failed to log on.
Subject: Security ID: NULL SID Account Name: - Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed: Security ID: NULL SID Account
Name: ttre Account Domain: WIN-0000000
Failure Information: Failure Reason: An Error occured during Logon.
Status: 0xc0000008 Sub Status: 0x0
Process Information: Caller Process ID: 0x0 Caller Process Name: -
Network Information: Workstation Name: WIN-00000000 Source Network
Address: f280::524:66531:1525:455a Source Port: 52911
Detailed Authentication Information: Logon Process: NtLmSsp
Authentication Package: NTLM Transited Services: - Package Name (NTLM
only): - Key Length: 0
This event is generated when a logon request fails. It is generated on
the computer where access was attempted.
The Subject fields indicate the account on the local system which
requested the logon. This is most commonly a service such as the
Server service, or a local process such as Winlogon.exe or
Services.exe.
The Logon Type field indicates the kind of logon that was requested.
The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on
the system requested the logon.
The Network Information fields indicate where a remote logon request
originated. Workstation name is not always available and may be left
blank in some cases.
The authentication information fields provide detailed information
about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Any idea?
I am trying to authenticate gcloud using json key and even doing everything as per docs it requires for password when I run gcloud compute ssh root#production
Here is snapshot of steps I performed.
1. Authorizing access to Google Cloud Platform with a service account
tahir#NX00510:~/www/helloworld$ gcloud auth activate-service-account 1055703200677-compute#developer.gserviceaccount.com --key-file=gcloud_key.json
Activated service account credentials for: [1055703200677-compute#developer.gserviceaccount.com]
2. Initializing the gcloud
tahir#NX00510:~/www/helloworld$ gcloud init
Welcome! This command will take you through the configuration of gcloud.
Settings from your current configuration [default] are:
compute:
region: us-central1
zone: us-central1-b
core:
account: 1055703200677-compute#developer.gserviceaccount.com
disable_usage_reporting: 'True'
project: concise-hello-122320
Pick configuration to use:
[1] Re-initialize this configuration [default] with new settings
[2] Create a new configuration
Please enter your numeric choice: 1
Your current configuration has been set to: [default]
You can skip diagnostics next time by using the following flag:
gcloud init --skip-diagnostics
Network diagnostic detects and fixes local network connection issues.
Checking network connection...done.
Reachability Check passed.
Network diagnostic passed (1/1 checks passed).
Choose the account you would like to use to perform operations for
this configuration:
[1] 1055703200677-compute#developer.gserviceaccount.com
[2] Log in with a new account
Please enter your numeric choice: 1
You are logged in as: [1055703200677-compute#developer.gserviceaccount.com].
API [cloudresourcemanager.googleapis.com] not enabled on project
[1055703200677]. Would you like to enable and retry (this will take a
few minutes)? (y/N)? N
WARNING: Listing available projects failed: PERMISSION_DENIED: Cloud Resource Manager API has not been used in project 1055703200677 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project=1055703200677 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
- '#type': type.googleapis.com/google.rpc.Help
links:
- description: Google developers console API activation
url: https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview?project=1055703200677
Enter project id you would like to use: concise-hello-122320
Your current project has been set to: [concise-hello-122320].
Do you want to configure a default Compute Region and Zone? (Y/n)? n
Your Google Cloud SDK is configured and ready to use!
* Commands that require authentication will use 1055703200677-compute#developer.gserviceaccount.com by default
* Commands will reference project `concise-hello-122320` by default
Run `gcloud help config` to learn how to change individual settings
This gcloud configuration is called [default]. You can create additional configurations if you work with multiple accounts and/or projects.
Run `gcloud topic configurations` to learn more.
Some things to try next:
* Run `gcloud --help` to see the Cloud Platform services you can interact with. And run `gcloud help COMMAND` to get help on any gcloud command.
* Run `gcloud topic --help` to learn about advanced features of the SDK like arg files and output formatting
3. SSHing to gcloud
tahir#NX00510:~/www/helloworld$ gcloud compute ssh root#production
No zone specified. Using zone [us-central1-b] for instance: [production].
root#compute.1487950061407628967's password:
I don't know which password should I enter here, also I believe it should not ask for password in the first place because I have used json key file for authentication.
Could you guys please help me out to fix this.
Thanks !
I am running RabbitMQ version 3.7.6 in a Docker container. The management plugin is enabled.
I receive the following error when logging in to the management UI:
I am using the following rabbitmq.conf:
default_user = admin
default_pass = redacted
default_user_tags.administrator = true
default_user_tags.management = true
The confusing part is that it appears user admin does indeed have management enabled. The following is shown during boot up:
Creating user 'admin'
Setting user tags for user 'admin' to [management,administrator]
Setting permissions for 'admin' in '/' to '.*', '.*', '.*'
As requested, here is the output of list_users:
$ rabbitmqctl list_users
Listing users ...
admin [management, administrator]
Why am I unable to log in to the management console on an account that appears to have the management tag enabled?
Please see my response here:
https://groups.google.com/d/msg/rabbitmq-users/Gm2L4Yyu8jQ/RRL8QRlGAwAJ
Based on the configuration file you provide in that message thread, you are creating a user named "admin" (including the quotes).
NOTE: the RabbitMQ team monitors the rabbitmq-users mailing list and only sometimes answers questions on StackOverflow.
How to get the password of an existing user in Rabbitmq from CLI?
I got the name of the user by CLI command "sudo rabbitmqctl list_users" and the outupt is as follows:
Listing users ... guest [administrator] openstack []
I want to know the 'openstack' user password.
The user passwords are stored using a one-way hash so there is no way to retrieve their value. You should use the rabbitmqctl change_password command to change that user's password to a known value.
NOTE: the RabbitMQ team monitors the rabbitmq-users mailing list and only sometimes answers questions on StackOverflow.
If you used a deployment solution you might find the password in it's configuration. For example, when you deploy Openstack using kolla-ansible you find the password in /etc/kolla/passwords.yml.
user#deployhost:~$ grep -E ^rabbitmq_password: /etc/kolla/passwords.yml
rabbitmq_password: haH2ZPjVVKmiqoXdRPCYJcdQyzP2cqeU
It might be stored in some secure way, for example an vault if ansible is used for deployment, in this case you need to check the deployment framework on how to retrieve it.
I am installing Openstack Juno on Fedora 19. I have deleted RabbitMQ default user "guest" and create a new user named "demo". And in all nova.conf I config rabbit_userid=demo. But connected to localhost:5672 failed. From the rabbitmq log, RabbitMQ still use default user "guest" to connect.I tried to set default_user "demo" in rabbitmq.conf but it doesn't work.Why and how to resolve?
Following is the error log:
{handshake_error,starting,0,{amqp_error,access_refused, "AMQPLAIN login refused: user 'guest'- invalid credentials",'connection.start_ok'}}`
The content in rabbitmq.conf:
[ {rabbit, [{default_pass, [<<"demo">>]}], [{default_user, [<<"demo">>]}]} ].
You need to set the user and password on your application AMQP Client. RabbitMQ default user has nothing to do with that. So if you want to use user demo and password demo, then when you open a connection on the application side, you have to use those credentials