I am trying to install vanilla versions of Ranger KMS along with Ranger Admin (which I had previously installed). Ranger KMS compiled tar was unzipped, modified the Install.properties file to modify certain values. Was able to start the KMS service as well.
But When I tried to login into Ranger Admin using "keyadmin" which seems like default credentials for the Ranger KMS, it says username or password is invalid.
I can see that in HDP cluster, there is ranger-kms-properties which contains REPOSITORY_CONFIG_USERNAME which points to keyadmin.
Here in compiled version of binary, I dont see any such property or file where I can define. How does Ranger Admin recognize that the Ranger KMS is installed and plugin is enabled?
I populated the Install.properties file with the respective values but looks like I might be missing many of those properties.
I have created rangerkms/_host#REALM.COM principal and corresponding keytab and placed it on Ranger KMS server / Ranger Admin server.( both are same in my case)
KMS service seems to have started fine but I could see that the respository that I intended to use, is not created and hence i could see some errors related to that. I am unable to login into Ranger Admin using keyadmin user and password
And I dont see the KMS service enabled on the ranger admin UI where I could create this service.
Related
I read everything in this post and multiple others but nothing is working... I cannot use Google Credentials to access my git Repo in Google Cloud Platform
I have Jenkins running in a Docker Container in Google Cloud Platform. I have Source Code in a Google Cloud Repository that I want to use for a Build.
On the Google Cloud Platform side I created a Service User, gave the User the following Roles:
Project Worker
Source-Repository Admin
Storageobject creator
ComputeEngine creator
I created the JSON File and downloaded it.
On The Jenkins Side I installed the Google OAuth Credentials and the Google Container Registry Auth Plugin.
I added new Credentials "Google Service Account from private key" and added the json file.
So, if I now want to create a new Job (Freestyle or pipeline does not matter) I see the following:
I see the credentials I created but for the "Google Container Registry". As soon as I add the repository URL, "https://source.developers.google.com/p...." The Drop-down is cleared and all is gone.
I also took a look at the credentials.xml and job file, to see, if I can rewrite there something by myself. The Google Credentials do not have an credentialId like others...
<com.google.jenkins.plugins.credentials.oauth.GoogleRobotPrivateKeyCredentials plugin="google-oauth-plugin#0.6">
<module/>
<projectId>testprojekt</projectId>
<serviceAccountConfig class="com.google.jenkins.plugins.credentials.oauth.JsonServiceAccountConfig">
<jsonKeyFile>/var/jenkins_home/gauth/key8529180263669390055.json</jsonKeyFile>
</serviceAccountConfig>
</com.google.jenkins.plugins.credentials.oauth.GoogleRobotPrivateKeyCredentials>
I'm currently out of ideas... would be happy for any hint.
Thank you!
Is there a way of creating an user in InfluxDB with authentication enabled? Disclaimer: I am a novice to InfluxDB.
I created a Docker container running InfluxDB with authentication enabled by setting auth-enabled = true in http section of the influxdb.conf file.
[http]
...
# Determines whether user authentication is enabled over HTTP/HTTPS.
auth-enabled = true
...
As there are no users, I tried to create one using the following command:
docker exec influxdb influx -execute "create user admin with password 'blabla' with all privileges"
However, this fails with
"stdout": "ERR: error authorizing query: no user provided
So it is kind of a chicken-and-egg problem. You cannot create a user, because this requires logging in as a user in the first place.
It works when authentication is disabled. So I can do the following:
Create config with authentication disabled.
Start InfluxDB
Create users
Change config so authentication is now enabled.
Restart InfluxDB
but in that case I have to store the config in a specific Docker volume and it still leaves a window when anybody could log in without authentication. So it can be automated, but it is not an elegant solution.
Is there an elegant solution for this problem?
Most DB images provide a way to configure an admin-user and admin-passwort via environment variables. InfluxDB does this too:
https://hub.docker.com/_/influxdb/
Set the environment variables INFLUXDB_ADMIN_USER and INFLUXDB_ADMIN_PASSWORD in your container to create the admin user with the given password. You can also enable auth by an environment variable INFLUXDB_HTTP_AUTH_ENABLED
2021 update: apparently there might be some caveats/edge cases as it comes to automatic admin/user creation in InfluxDB in Docker - see here: https://github.com/influxdata/influxdata-docker/issues/232
If you stamp on the following message: "create admin user first or disable authentication" even if you set envs as suggested by #adebasi then the above link might help you tackle the problem.
I've just checked the latest official InfluxDB docker and it works, however, as stated in the above link, if meta directory is present (even if empty) under /var/lib/influxdb then user won't be created.
There's also another case - while using unofficial InfluxDB docker suitable for RaspberryPi Zero (https://hub.docker.com/r/mendhak/arm32v6-influxdb) this functionality of creating users is not present there or at least didn't work for me (I've checked docker image and I saw no code to create users).
I am doing the command-line installation of Apache Ranger i.e. without Ambari.
I have to configure Ranger UI username and password other than the defaults (i.e. admin/admin). Does anyone know which configuration file and what properties need to be set to do that?
I am running jenkins by extracting the jenkins.war file.I have installed role based authorization strategy plugin for jenkins security.I have created a admin who has full access to jenkins.And I have created users who have access to only their projects.But when I close the command prompt and run jenkins.war again and login as admin I find admin does not having any privilages and the users i have created does not have any access to the privilages.What might be the problem.Is there something I am doing wrong.Please help
Is anyone successfully using MsDeploy for deploying windows services with a preSync runCommand? I've got it working using an Administrator account, but can't for the life of me get it working on a standard user account. Unfortunately I can't use integrated authentication (we're deploying to an external box), and the thought of our Administrator password sitting in plaintext in logs on our build server doesn't exactly make me feel too comfortable. For that matter, neither does any user credentials - but I can't see a way around that.
The command I'm using is this:
"tools/deploy/msdeploy.exe" -verb:sync
-preSync:runCommand="tools\Deploy\PreSyncCommand.cmd",waitInterval=30000
-source:dirPath="C:\BuiltSourcePath"
-dest:computerName=https://server:8172/msdeploy.axd?site=dummysitename,userName=service-deploy,password=service-deploy-pass,authType=basic,dirPath="C:\DeployPath\"
-allowUntrusted
with rules set up in IIS for the dummy site to allow the authentication for the service-deploy windows account, with contentPath and runCommand permissions (for the moment set to C:\ as it's not entirely clear whether this needs to be set to the temporary path that MsDeploy streams to, or the deployment path?). The service-deploy account also has full control of the target directory. I get the following back:
Performing '-preSync'...
Info: Using ID '7a7d34a1-b5d8-49f1-960a-31c9cf825868' for connections to the remote server.
Info: Using ID '4d0b910c-aca4-4640-84bd-3597d22d99d1' for connections to the remote server.
Info: Updating runCommand (C:\TeamCity\buildAgent\work\aec989676b349656\tools\De
ploy\PreSyncCommand.cmd).
Warning: Access is denied.
Warning: The process 'C:\Windows\system32\cmd.exe' (command line '/c "C:\Windows
\ServiceProfiles\LocalService\AppData\Local\Temp\giz2t0kb.0ay.cmd"') exited with
code '0x1'.
This happens even if the contents of PreSyncCommand.cmd is blank. The same command runs fine if I pass in Administrator credentials. I've tried using ProcessMonitor to check if anything's being denied access but can't see any - so I'm guessing it's still a MsDeploy authentication rule. There's nothing in WmSvc.log (debugging is enabled), nor in the event log.
Any ideas? Thanks!
Since you're using Web Deploy via WmSvc, you need to setup appropriate delegation rules on the destination server:
Within IIS Manager, open the "Management Service Delegation" feature. Add a new rule which at least specifies the runCommand provider. In the Run As section, choose Specific User and provide credentials for a local administrator account on that machine. This is the identity under which your runCommand scripts will be executed. Finally, the user which you're specifying for the destination dirPath provider needs to be added to the delegation rule.
That allows you to invoke a deployment using a non-privileged account, and yet have it executed on the target machine under administrative credentials.
More information on IIS feature delegation: http://learn.iis.net/page.aspx/516/configure-the-web-deployment-handler/