Can anyone tell me why i am getting this error while trying to run this command and assign a custom role "Secret Reader" to a guest account Object Id :
az role assignment create --role "Secret Reader" --assignee-object-id "12526c57-c91b-405b-9068-2b582b23e83a" --scope "/subscriptions/Not-putting this-here/resourceGroups/pallabdev/providers/Microsoft.KeyVault/vaults/testhalvault"
The error i get is :
request failed: Error occurred in request., InvalidSchema: No connection adapters were found for 'C:/Program Files/Git/subscriptions/Not-Putting-This-Here/resourceGroups/pallabdev/providers/Microsoft.KeyVault/vaults/testhalvault/providers/Microsoft.Authorization/roleDefinitions?$filter=roleName%20eq%20%27Secret%20Reader%27&api-version=2018-01-01-preview'
From the error message, I suppose you ran the command in Git Bash of Windows, I can also reproduce this on my side, it was caused by the Auto-translation of Resource IDs in Git Bash, similar issue here.
To solve this issue, just set environment variable MSYS_NO_PATHCONV=1 or set it temporarily when you running the command.
$ MSYS_NO_PATHCONV=1 az role assignment create --role "Secret Reader" --assignee-object-id "12526c57-c91b-405b-9068-2b582b23e83a" --scope "/subscriptions/Not-putting this-here/resourceGroups/pallabdev/providers/Microsoft.KeyVault/vaults/testhalvault"
I had the same problem and I simply ran the command using the Windows powershell instead of Gitbash and it worked like a charm.
Related
WorkerExtensions.csproj : error NU1301: Unable to load the service index for source...
WorkerExtensions.csproj was trying to access our private feed, hence it did not have the permissions to do so encountered the above error.
How can it be resolved?
Nuget.exe sources update -Name “xxpackages” -UserName xxx -Password token
by running the above command in the package console, I successfully managed to resolve this error.
I have previously had Serverless installed on a server, and then when I tried to edit the function and package it back up to edit the zip file I broke it, so I have to start all over. So to begin this issue: I had Serverless running and was using it with this package - https://github.com/adieuadieu/serverless-chrome/tree/master/examples/serverless-framework/aws
When I sudo npm run deploy, I get the ServerlessError:
ServerlessError: User: arn:aws:sts::XXX:assumed-role/EC2CodeDeploy/i-268b1acf is not authorized to perform: cloudformation:DescribeStackResources on resource: arn:aws:cloudformation:us-east-1:YYY:stack/aws-dev/*
I'm not sure why it is trying to connect to a Role and not an IAM. So I check the Role, and it is in an entirely different AWS account than the account I've configured. Let's call this Account B.
When it comes to configuration, I've installed AWS CLI and entered in the key, id, and region in my Account A in AWS. Not touching Account B whatsoever. When I run aws s3 ls I see the correct s3 buckets of the account with the key/id/regioin, so I know CLI is working with the correct account. Sounds good. I check the ~/.aws/creditionals file and just has one profile [default] which seems normal. No other profiles are in here. I copied this over to the ~/.aws/config file so now both files are same. Works great.
I then go into my SSH where I've installed serverless, and run npm run deploy and it gives me the same message above. I think maybe somehow it is not using the correct account for whatever reason. So I manually set the access key and secret with the following commands:
serverless config credentials --provider aws --key XXX --secret YYY
It tells me there already is a profile in the aws creds file, so I then add --o to the end to overwrite. I run sudo npm run deploy and still same error.
I then run this command to manually set a profile in the creds for serverless, with the profile name matching the IAM user name:
serverless config credentials --provider aws --key XXX --secret YYY --profile serverless-agent
Where "serverless-agent" is the name of my IAM user I've been trying to use to deploy. I run this, it tells me there already is an existing profile in the aws creds file so I run it with --o and it tells me the aws file is now updated. In bash I go to Vim the file and I only see the single "[default]" settings, as if nothing has changed. I run sudo npm run deploy and it gives me the same Error.
I then go and manually set the access and secret:
export AWS_ACCESS_KEY_ID=XXX
export AWS_SECRET_ACCESS_KEY=YYY
I run sudo npm run deploy and it gives me the same Error.
I even removed AWS CLI, and the directory that holds the creditionals and config files - and when I manually set my account creds via serverless config it tells me there already is a profile set up in my aws file, prompting me to use the overwrite command - how is this possible when the file is literally not on my computer?
So I then think that serverless itself has a cache or something, calling the wrong file or whatever for creds, so I uninstall serverless via sudo npm uninstall -g serverless so that I can start from zero again. I then do all of the above steps and more all over again, and nothing has changed. Same error message.
I do have Apex.run set up, but that should be using my AWS CLI config file so I'm not sure if that is causing any problems. But then again I've no clue of anything deep on this subject, and I can't find any ability to remove Apex itself in their docs.
In the package I am trying to deploy, I do not have a profile:XXX set in the serverless.yml file, because I've read if you do not then it just defaults to the [default] profile you have set in the aws creds file on your computer. Just to check, I go into the serverless.yml file and set the profile: default, and the error I now get when I run npm run deploy is
Profile default does not exist
How is that possible when I have the "default" profile set in my creds file? So I remember that previously I ran the serverless config creditionals command and added the profile name of serverless-agent to it (yet didn't save in the aws creds file as I mentioned above), so I add that profile name to the serverless.yml file just to see if this works, and same error of "Profile default does not exist".
So back to the error message. The Role is an account not even related to the IAM user I'm using in my aws creds. Without knowing a lot about this, it's as if the config in serverless via ssh isn't correct or something. Is it using old creds I had set up in Apex.run? Why is the aws creds file not updated with the profile when I manually set it in serverless config command? I am using the same user account (but with new key and secret) that I used a few weeks ago when I correctly deployed and my Lambda and API was set up for me on AWS. Boy do I miss those time and wish I didn't mess up my existing Lambda functions, without setting version number prior, forcing me to start all over.
I am so confused. Any help would be greatly appreciated.
If you are using IAM role then you have to use that IAM role through assume role using powershell.
I was also facing same issue earlier, when we moved from from user to role.
I was trying to login to a docker lab host using Putty but not able to login. The error is :-
'no authentication method available server sent public key'.
If I pass both username#server name i get error.
If I only pass the server name i get to the login screen but then when i enter my username the error pops up
I tried searching the web but couldn't find.
Please can anyone help me.
You can refer to the article "PWD + SSH = ❤" (with "PWD" = "Play With Docker").
The full command should be:
ssh -p 1022 <instance_ip_with_dashes>-<short_session_id>#pwdhost
But that requires on the client side to have in $HOME/.ssh
id_rsa: the private key
id_rsa.pub: the public key registered in <instance_ip_with_dashes>-<short_session_id> home.
Since copying a private key is not a good practice, you can do the opposite (in a Git bash session, not using putty):
ssh-keygen -t rsa -P "" -f ~/.ssh/id_rsa
Copy the public generated key to ~<instance_ip_with_dashes>-<short_session_id>/.ssh/authorized_keys
Then your SSH session will be possible.
Note: All that is managed for you if you are using the docker-machine pwd driver, as shown in the article above:
As you can see, in that case, a docker-machine ssh is enough.
http://github.com/play-with-docker/play-with-docker/issues/285
Actually I had to create or generate keys on the client. In order to start the communication between the client and the server.But I was copying the private key of the server silly me.
Key generation can be done in 2 ways
1. If you are using git run ssh-keygen
2. If you want to login using putty the first generate keys using puttygen and then attached the private key .ppk while ssh.
Trying to connect to the server using Jenkins ssh plugin and executing some commands. It's connected but sesu command is not working. Jenkins is unable to recognize sesu command. It says sesu : not found no such file or directory. When trying with putty, sesu command is working. Jenkins version is 2.7. Please help me on same. Thanks in advance. :)
Use locate sesu command. It will show path of sesu command. Use that one in spite of only sesu. e.g. /opt/CA/AccessControl/bin/sesu
As we can't enter password on Jenkins at run-time. Other option for accessing server is generate ssh-key. Use that key to access server from Jenkins.
Use putty or similar tools to create key.
Firstly, log in to your server using credentials.
Then switch to user who has all access rights by using sesu or other switch user command like sudo su.
Execute below steps after that :
ssh-keygen -t rsa
hit enter for all steps without entering input.
then,
Once key is created, type cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys hit [Enter]
use created rsa private key after all these step in SSH plug and you are able to access unix server from Jenkins and execute commands on that server.
Trying to get started with a Rails Amazon EC2 deployment using https://github.com/rubber/rubber, and I keep ending up here after attempting to create a staging server with cap rubber:create_staging:
** [out :: production.foo.com] curl: (7) couldn't connect to host command finished in 2022ms
failed: "/bin/bash -l -c 'sudo -p '\\''sudo password: '\\'' bash -l /tmp/create_inputs'" on production.foo.com
I've been sticking with Rubber's quickstart guide, but can't solve this. I'm using rvm, if that makes a difference to anyone.
Any ideas?
It looks like you are trying to connect to production.foo.com. Change your configuration to connect to the right remote server or if you are running locally in the EC2 instance you can make it localhost.
Make sure you setup your public ssh key in the ~/.ssh/authorized_keys for the user that you are trying to deploy as. This is to allow capistrano/rubber to do passwordless ssh authentication.
Reviving an old post here but there's another possible cause of this issue that I've just encountered so figured this might help someone else.
I had to re-create and download a new keypair for my ec2 instances. When I moved it to ~/.ec2/gsg-keypair I forgot to alter the permissions.
When SSH'ing directly into the instance you get the full warning, which makes debugging it easy:
UNPROTECTED PRIVATE KEY FILE! permissions 0644 for 'xxxxx.pem' are
too open. It is recommended that your private key files are NOT
accessible by others. This private key will be ignored. bad
permissions: ignore key: xxxxx.pem Permission denied (publickey).
But when running a rubber task you simply get a generic CURL error. If this is the case for you too just update the permissions like this:
chmod 600 ~/.ec2/gsg-keypair