I am currently trying to use the bluemix container service (in beta)
When I want to create a new container, I follow the steps, and just choose the name and the ports to open. I paste a SSH, and at the end I get the error :
"Unable to create container. Error message returned is: Bad Request".
Whereas if I do not paste my key, there is no problem.
I have tried with another key, created with puttygen, and I still get the same error.
I don't know what is wrong, as I basically chose the default options.
I have tried with the browsers firefox & opera on windows.
How can I solve this?
Use a public key of the form "ssh-rsa", space, 200+ characters ending in ==, space, username#hostname. I generated mine using ssh-keygen -t rsa. I pasted the entire contents of the generated .pub file.
Related
does anyone know if this is possible?
All I can find in docs is reference to enabling docker experimental features, but not the kubernetes experimental features.
I tried this, but still get error.
k alpha debug -it exchange-pricing-865d579659-s8x6d --image=busybox --target=exchange-pricing-865d579659-s8x6d
error: ephemeral containers are disabled for this cluster (error from server: "the server could not find the requested resource").
Thanks
I had the same intent (as have others in this feature request). After several hours of trial and error, I finally found out a way to do so.
Steps:
Depending on which file you're trying to edit, you may need to fully shut down Docker Desktop, and restart WSL. (right-click tray-icon and press "Quit Docker Desktop", then run wsl --shutdown, then run wsl)
Open the [...]/kubeadm/manifests folder, in the Docker filesystem.
On Windows, navigate Windows Explorer to:
For Docker Desktop 4.2.0: \\wsl$\docker-desktop-data\version-pack-data\community\kubeadm\manifests
For Docker Desktop 4.11.0: \\wsl$\docker-desktop-data\data\kubeadm\manifests
Open the kube-controller-manager.yaml, kube-apiserver.yaml, and kube-scheduler.yaml files, adding the line below:
spec:
containers:
- command:
[...]
- --feature-gates=EphemeralContainers=true <-- add this line
Start Docker Desktop again.
It looks so easy when its already figured out, huh? Well trust me, it was a pain to find out.
Some of the slowdowns I hit:
It took me quite a while to even find those manifest files. (eventually found it using grepWin, searching through the whole \\wsl$\docker-desktop-data folder for any matches of a line I grabbed from the kube-apiserver-docker-desktop pod's config, which I viewed using Lens)
Once I found it, I got confused by this documentation. When I read FEATURE STATE: Kubernetes v1.22 [alpha], I thought that meant you needed version 1.22 or higher of Kubernetes for the feature to be available. This caused a huge wild goose chase where I tried to change the version of Kubernetes that was being launched in Docker Desktop, which Docker Desktop didn't seem to like. (in retrospect, the issue may have just been the minor one in point 3 below...)
When I first made changes to the manifest files, I was using Notepad++. And despite my liking Notepad++, it's apparently not quite as smart as vscode in the following regard: it does not automatically detect the indentation type for yaml files. Thus, when I pressed tab to create an indent, so I could add the new flag to the argument list, it added it as a tab character rather than spaces. This caused Kubernetes to fail reading of the file. That might not be so bad if Kubernetes gave a sane error message for that, but instead it merely gave the message unexpected EOF. And I didn't even see that error message at first because it was not being propagated to the kube-controller-manager-docker-desktop pod (which was the only relevant one that wasn't immediately erroring/closing). Anyway, I didn't realize this was the problem at the time, so...
I decided to try bypassing the manifest-files and applying my modification to the etcd data-store directly. In retrospect, this was not a good idea, because the etcd data-store is pretty complex, the tooling is substandard, and the documentation is substandard. I spent a ton of time just trying to figure out how to send commands to read and write data to it (eventually managed to do so by calling etcdctl within the etcd-docker-desktop pod). I spent further time still writing up a NodeJS script capable of reading all the data as JSON, storing it in a dump file, and being able to write changes to entries back despite there being 3+ levels of quoting involved (I eventually was able to use stdin to pass the value rather than as part of the command string, to avoid quotation-mark-inception). After all the work on etcd reading/writing above, I found it didn't work anyway because Kubernetes invariably "breaks" if anyone else writes to its etcd data-store. (even if you write the exact same value that had been there before -- as verified by comparing the dumps before and after)
After all of the above, I decided to have one last go with just adding the flags to mentioned manifest files. Was still getting the startup failure/error, but at the very end, I decided I wanted to see exactly what about my changes was causing Kubernetes to reject them. So I tried commenting out my added line; the error remained. I thought maybe it was a checksum-based rejection then. But then I thought, maybe the YAML parser that Kubernetes is using is just outdated and is finicky about what comments it is able to recognize. So I tried moving the comment around to different places, and was puzzled when the manifest was being accepted just by moving the comment to the root level. I moved it back to various locations, with it working and not working, until I thought to try making the line "half-indented" since it's "in-between" the working and non-working versions. That's when I noticed the line had a tab as its indent. And then it hit me; are the other lines also using tabs? I checked, and nope, they were using spaces. And that's when I realized I had wasted the last few hours on something I coulda just fixed with a simple indent change.
The moral of the story for some is that YAML is a bad configuration format, because it makes it easy to make trivial errors like this. But I actually place the blame more on whatever parser Kubernetes is using for the YAML files; it is unacceptable that a YAML parser would encounter an indentation mismatch and give a message so generic as unexpected EOF. I don't know what the identity of that YAML parser is, but I'm tired enough of the subject that I'm not even going to look into it right now. If one of you finds it, please make an issue report for it -- perhaps including this story as a real-world example of the pain that ambiguous error messages can cause.
Since Ephemeral Containers is still an alpha feature, it is disabled by default.
As you can read here, for this to work, it requires the EphemeralContainers feature gate to be enabled, and Kubernetes client and server version v1.16 or later.
As to the 2nd requirement I assume both your Kuberntes server and client versions are v1.16 or later but it looks like, for the time being, the 1st requirement cannot be met on Docker Desktop. According to this issue, it currently doesn't support enabling Feature Gates.
However you may still try to ssh to your master node and edit the following files:
/etc/kubernetes/manifests/kube-apiserver.yaml
/etc/kubernetes/manifests/kube-scheduler.yaml
by adding inside the command section:
--feature-gates=EphemeralContainers=true
Then you need to delete those pods so they are recreated with new settings applied. You'll find them by running:
kubectl get pods -n kube-system
I want to change the homepage in the Edge browser via Registry but it's encrypted and I see (Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy) in Registry. Please help me to edit homepage in Registry or find where it's a violation of Windows policy to modify. See aka.ms/browserpolicy
ProtectedHomepages value is not really encrypted, instead it is an obfuscated buffer which contains homepages strings and the cryptographic hash for these strings. Buffer is obfuscated using the random generated seed which is also stored as a part of the buffer. I have done some reverse engineering research and published the results here.
So, basically, reading and decrypting this value is easier than modifying due to the required crypto-hash. However, reading capability is the only required for anti-malware software. I don't know what reasons you have to modify this value, hopefully you are not writing a piece of malware...
If it is only the homepage in Edge you want to set then change the URL below to your preference and then save this as a .reg file:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main]
"HomeButtonEnabled"=dword:00000001
"HomeButtonPage"="https://www.google.com/"
Currently it is not possible to change the startpage of Microsoft Edge writing string or binary value into the registry. The entry to change is "Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy" -> Value "ProtectedHomepages". The value is a encrypted binary value, in which the current homepage is not readable.
When you have to set a specific homepage more than one time and you want to do it with C# here a Workaround:
Set the startpage you want via UI of the Microsoft Edge browser. After Change of it restart the browser and export the registrykey named above. Open the exported file and copy the binary data into a string constant or resource in your C# Solution. In the function to write this Setting you can copy the string into a byte-Array and than writing as binary value into the registry. This entry has effect after restart of Microsoft Edge.
The same way you should use also when you want to Change the Default Search Provider. But in this case in addition to the value "ProtectedSearchScopes" one more registrykey is to use -> "OpenSearch". This key does/should exists by third Party search Providers only. This key should be deleted or does not exist if the search Provider is Bing.
Disable your computer's network interface
Launch MS Edge. The recovery page will error out
Open a new MS Edge tab
Close the MS Edge tab containing the error message
Close MS Edge
Enable your computer's network interface
Launch MS Edge
Also...
Some malware will change the Edge homepage. You can see the malicious URL in address bar, record it.
Kill Edge with Task Manager or reboot.
Edit your hosts file in c:\windows\system32\drivers\etc, from an Administrative command prompt go to that directory and type notepad hosts and hit Enter.
Add a host entry like this
127.0.0.1 bad.url (substitute the URL you recorded above for bad.url)
Save the hosts file then open Edge. This method is helpful when you are remoted in and cannot disconnect the network connection.
No need to do it in registry. You can now change the homepage via the settings in Microsoft Edge
I have a problem with Recaptcha gem. I'm using Ubuntu on a virtual machine (VirtualBox). It uses bridged network interface card, so I have internet access there and I can see this Ubuntu from my host computer.
When I run rails s and than go to
127.0.0.1:3000 on virtual machine everything is fine.
192.168.0.103:3000 on host machine there is an error with recaptcha box.
Input error: Invalid referer is where the box is supposed to be.
Why is it like that and how to fix this?
But, when we tried to host the same application to any server with the same pair of keys, it will not generate an error but, it will display like "input error - invalid referer" instead of captcha in your form.
Because, when we are getting the pair of keys from Google API, we will specify the domain name there. In that, to use those keys in your local system, we will enter domain as "localhost". But, these pair of keys will not work when we deploy that application in any server.
So, for the application to work in the remote host, we should get the pair of keys from Google API with the domain name, where we are going to deploy your application. And use them in your application.
Note:
We can have a new pair of keys for recaptcha using following link:
http://www.google.com/recaptcha/whyrecaptcha
I am trying to run a driver I created as a service. I managed to create a service out of the driver (using "sc.exe create ..."): The service now appears in the registry (under HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/services/mydriver). However the service cannot be started! When I use net start [myservice], I get the following output:
error 1275: This driver has been blocked from loading
One thing looked suspicious to me: The entry in the registry for my driver: The value of "ImagePath" was "\??[correct path]". I manually removed the "\??\" so that the correct path was left. However it did not solve the problem, instead I got an other error message (Error 123: The filename, directory name, or volume label syntax is incorrect).
By searching on the internet, I found out that this error 1275 indicates that a key in the registry is missing or corrupted. This makes sense as I modified it manually, so the value of "ImagePath" is probably corrupted. However I don't see anything wrong with the value I entered:
"C:\ledrivertest\driver1\bin\hello.sys"
Is there some kind of special syntax for the path of a driver binary which I don't know about?
I use Windows 7.
Thanks in advance
Since you are running on a 64 bit system, and you haven't signed the driver, the most likely explanation for error 1275 is that Windows blocked the driver due to it being unsigned.
I've got some large problems with my ruby on rails deployment on EY. Support has said I need to SSH in to clear the errors... but I get the following:
###########################################################
# WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! #
###########################################################
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
80:4c:5f:dd:98:bb:cb:01:6c:a9:11:41:29:56:66:86.
Please contact your system administrator.
Add correct host key in /Users/jameshughes/.ssh/known_hosts to get rid of this message.
Offending key in /Users/jameshughes/.ssh/known_hosts:1
RSA host key for ec2-184-73-167-153.compute-1.amazonaws.com has changed and you have requested strict checking.
Host key verification failed.
[Process completed]
How do I add the correct key to the Known_hosts file?
Open up known_hosts in your favorite text editor, find the entry for "ec2-184-73-167-153.compute-1.amazonaws.com" and delete the entire line. The next time you ssh in, it will add the correct key to the known_hosts file.
Note that this error is for security purposes, so I'm assuming that you know that there is not a "man-in-the-middle" attack going on and that the server key has actually changed. If it has not, there might be something else going on.
To fix your "Permission denied (public key)" problem, you'll need to add your public key to engineyard via the Tools menu, then apply your changes to your environment (by clicking apply).
Hope that helps.
Update
Please see #womble's comment below and my reply. As #womble notes, if you use StrictHostKeyChecking no you will be open to man in the middle attacks. I've talked with EngineYard about this (last time I checked, StrictHostKeyChecking no was what they were recommending in their help documentation). I believe using StrictHostKeyChecking=ask is a better alternative. Does anyone else know if there is a better solution than using StrictHostKeyChecking=ask?
I ran into the same issue and this seemed to work for me. You just need to add "StrictHostKeyChecking no" to after "'~/.ssh/config'':"
Engine yard has a pretty good article on it. The Man in the middle issue is near the bottom.
http://docs.engineyard.com/ssh-keys-and-configuration.html
Now when I SSH I still get the warning, but am able to access the server. I started getting the warning after I stopped and restarted my instance.