I'm getting a deploy-time permissions error related to a Secret referenced with Secret.from_secret_attributes.
# Both param 2 and secret_complete_arn need to populate from env vars.
secret = Secret.from_secret_attributes(self, "AmazonMSK_AdminSecret", secret_complete_arn="somearn" )
# MSK, the one, the only.
# Defaults to the sandbox_ideas2IT MKS instance Sampath set up while prototyping.
mks = os.getenv('MKS_ARN', 'somearn')
# Lambda layer.
lambdaLayer = lambda_.LayerVersion(self, 'lambda-layer',
code = lambda_.AssetCode('utils/lambda-deployment-packages/lambda-layer.zip'),
compatible_runtimes = [lambda_.Runtime.PYTHON_3_7],
)
# Source for the lambda.
with open("src/Blah/BlahIngest.py", encoding="utf8") as fp:
Blah_code = fp.read()
# Config for it.
lambdaFn = lambda_.Function(
self, "QFDS",
code=lambda_.InlineCode(Blah_code),
# role=QFDSrole,
handler="lambda_handler",
timeout=Duration.seconds(300),
runtime=lambda_.Runtime.PYTHON_3_7,
layers=[lambdaLayer],
)
# Set up the event (managed Kafka).
lambdaFn.add_event_source(ManagedKafkaEventSource(
cluster_arn=mks,
topic="foreign.blah.availabilty.notify",
secret=secret,
batch_size=100, # default
starting_position=lambda_.StartingPosition.TRIM_HORIZON
))
This fails to deploy with errors similar to:
Resource handler returned message: "Invalid request provided: Cannot access secret manager value arn:aws:secretsmanager:arn_stuff. Please ensure the role can perform the 'secretsmanager:GetSecretValue' action on your broker in IAM.
However, I am unsure what role would be needed for this. CDK seems to be creating several roles all on its own to perform tasks and to set up a role for the stack itself. I've attempted manually creating a role and trying to assign permissions to that, but I get no end of weird error messages with that, and I suspect that it's some misunderstanding on my part. If the secret is being included into the lambda event source by CDK, is it the CDK role itself that needs permission to access this secret?
Using fedonev's answer seems to get farther than I used to, but I still receive similar errors:
Do you wish to deploy these changes (y/n)? y
ZZZ: deploying... [1/1]
[10:14:11] Retrieved account ID 4### from disk cache
[10:14:11] Assuming role 'some_arn'.
[10:14:11] Waiting for stack CDKToolkit to finish creating or updating...
[0%] start: Publishing 55ce025aa43e61714e9a9eed823a61b7008f6994a8aee67cd1bed9689e2342ad:current_account-current_region
[0%] start: Publishing 8cb1c33ae6d9c870bb9fdd5c36a8d8fa9655d03004f85a79994a33c41690efce:current_account-current_region
[10:14:12] Retrieved account ID 4### from disk cache
[10:14:12] Assuming role 'some_arn'.
[10:14:12] Retrieved account ID 4### from disk cache
[10:14:12] Assuming role 'some_arn'.
[10:14:12] [0%] check: Check s3://cdk-hnb659fds-assets-445841279194-us-east-1/8cb1c33ae6d9c870bb9fdd5c36a8d8fa9655d03004f85a79994a33c41690efce.json
[10:14:12] [0%] check: Check s3://cdk-hnb659fds-assets-445841279194-us-east-1/55ce025aa43e61714e9a9eed823a61b7008f6994a8aee67cd1bed9689e2342ad.zip
[10:14:13] [0%] found: Found s3://cdk-hnb659fds-assets-445841279194-us-east-1/55ce025aa43e61714e9a9eed823a61b7008f6994a8aee67cd1bed9689e2342ad.zip
[50%] success: Published 55ce025aa43e61714e9a9eed823a61b7008f6994a8aee67cd1bed9689e2342ad:current_account-current_region
[10:14:13] [50%] found: Found s3://cdk-hnb659fds-assets-445841279194-us-east-1/8cb1c33ae6d9c870bb9fdd5c36a8d8fa9655d03004f85a79994a33c41690efce.json
[100%] success: Published 8cb1c33ae6d9c870bb9fdd5c36a8d8fa9655d03004f85a79994a33c41690efce:current_account-current_region
[10:14:13] Found existing stack ZZZ that had previously failed creation. Deleting it before attempting to re-create it.
[10:14:14] Waiting for stack ZZZ to finish creating or updating...
[10:14:14] Stack ZZZ has an ongoing operation in progress and is not stable (DELETE_IN_PROGRESS (User Initiated))
[10:14:20] Call failed: describeStacks({"StackName":"ZZZ"}) => Stack with id ZZZ does not exist (code=ValidationError)
[10:14:20] Stack ZZZ does not exist
[10:14:20] ZZZ: checking if we can skip deploy
[10:14:20] ZZZ: no existing stack
[10:14:20] ZZZ: deploying...
[10:14:20] Attempting to create ChangeSet with name cdk-deploy-change-set to create stack ZZZ
ZZZ: creating CloudFormation changeset...
[10:14:21] Initiated creation of changeset: some_arn; waiting for it to finish creating...
[10:14:21] Waiting for changeset cdk-deploy-change-set on stack ZZZ to finish creating...
[10:14:21] Changeset cdk-deploy-change-set on stack ZZZ is still creating
[10:14:26] Initiating execution of changeset some_arn on stack ZZZ
[10:14:27] Execution of changeset some_arn on stack ZZZ has started; waiting for the update to complete...
[10:14:27] Waiting for stack ZZZ to finish creating or updating...
[10:14:27] Stack ZZZ has an ongoing operation in progress and is not stable (CREATE_IN_PROGRESS (User Initiated))
ZZZ | 0/7 | 10:14:20 AM | REVIEW_IN_PROGRESS | AWS::CloudFormation::Stack | ZZZ User Initiated
ZZZ | 0/7 | 10:14:27 AM | CREATE_IN_PROGRESS | AWS::CloudFormation::Stack | ZZZ User Initiated
ZZZ | 0/7 | 10:14:32 AM | CREATE_IN_PROGRESS | AWS::Lambda::LayerVersion | lambda-layer (lambdalayerAEB0E7A7)
ZZZ | 0/7 | 10:14:32 AM | CREATE_IN_PROGRESS | AWS::CDK::Metadata | CDKMetadata/Default (CDKMetadata)
[10:14:33] Stack ZZZ has an ongoing operation in progress and is not stable (CREATE_IN_PROGRESS)
ZZZ | 0/7 | 10:14:33 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | QFDS/ServiceRole (QFDSServiceRole9EF8ABD9)
ZZZ | 0/7 | 10:14:33 AM | CREATE_IN_PROGRESS | AWS::IAM::Role | QFDS/ServiceRole (QFDSServiceRole9EF8ABD9) Resource creation Initiated
ZZZ | 0/7 | 10:14:35 AM | CREATE_IN_PROGRESS | AWS::CDK::Metadata | CDKMetadata/Default (CDKMetadata) Resource creation Initiated
ZZZ | 1/7 | 10:14:35 AM | CREATE_COMPLETE | AWS::CDK::Metadata | CDKMetadata/Default (CDKMetadata)
[10:14:38] Stack ZZZ has an ongoing operation in progress and is not stable (CREATE_IN_PROGRESS)
ZZZ | 1/7 | 10:14:40 AM | CREATE_IN_PROGRESS | AWS::Lambda::LayerVersion | lambda-layer (lambdalayerAEB0E7A7) Resource creation Initiated
ZZZ | 2/7 | 10:14:40 AM | CREATE_COMPLETE | AWS::Lambda::LayerVersion | lambda-layer (lambdalayerAEB0E7A7)
[10:14:44] Stack ZZZ has an ongoing operation in progress and is not stable (CREATE_IN_PROGRESS)
ZZZ | 3/7 | 10:14:47 AM | CREATE_COMPLETE | AWS::IAM::Role | QFDS/ServiceRole (QFDSServiceRole9EF8ABD9)
[10:14:49] Stack ZZZ has an ongoing operation in progress and is not stable (CREATE_IN_PROGRESS)
ZZZ | 3/7 | 10:14:50 AM | CREATE_IN_PROGRESS | AWS::IAM::Policy | QFDS/ServiceRole/DefaultPolicy (QFDSServiceRoleDefaultPolicyDDA95578)
ZZZ | 3/7 | 10:14:51 AM | CREATE_IN_PROGRESS | AWS::IAM::Policy | QFDS/ServiceRole/DefaultPolicy (QFDSServiceRoleDefaultPolicyDDA95578) Resource creation Initiated
[10:14:54] Stack ZZZ has an ongoing operation in progress and is not stable (CREATE_IN_PROGRESS)
[10:15:00] Stack ZZZ has an ongoing operation in progress and is not stable (CREATE_IN_PROGRESS)
ZZZ | 4/7 | 10:15:04 AM | CREATE_COMPLETE | AWS::IAM::Policy | QFDS/ServiceRole/DefaultPolicy (QFDSServiceRoleDefaultPolicyDDA95578)
[10:15:05] Stack ZZZ has an ongoing operation in progress and is not stable (CREATE_IN_PROGRESS)
ZZZ | 4/7 | 10:15:08 AM | CREATE_IN_PROGRESS | AWS::Lambda::Function | QFDS (QFDSA3E8E14E)
[10:15:10] Stack ZZZ has an ongoing operation in progress and is not stable (CREATE_IN_PROGRESS)
ZZZ | 4/7 | 10:15:15 AM | CREATE_IN_PROGRESS | AWS::Lambda::Function | QFDS (QFDSA3E8E14E) Resource creation Initiated
[10:15:16] Stack ZZZ has an ongoing operation in progress and is not stable (CREATE_IN_PROGRESS)
[10:15:21] Stack ZZZ has an ongoing operation in progress and is not stable (CREATE_IN_PROGRESS)
ZZZ | 5/7 | 10:15:21 AM | CREATE_COMPLETE | AWS::Lambda::Function | QFDS (QFDSA3E8E14E)
ZZZ | 5/7 | 10:15:23 AM | CREATE_IN_PROGRESS | AWS::Lambda::EventSourceMapping | QFDS/KafkaEventSource:ZZZQFDSD3CBC52Eforeign.engrain.availabilty.notify (QFDSKafkaEventSourceZZZQFDSD3CBC52EforeignengrainavailabiltynotifyEFE73996)
ZZZ | 5/7 | 10:15:26 AM | CREATE_FAILED | AWS::Lambda::EventSourceMapping | QFDS/KafkaEventSource:ZZZQFDSD3CBC52Eforeign.engrain.availabilty.notify (QFDSKafkaEventSourceZZZQFDSD3CBC52EforeignengrainavailabiltynotifyEFE73996) Resource handler returned message: "Invalid request provided: Cannot access secret manager value some_arn. Please ensure the role can perform the 'secretsmanager:GetSecretValue' action on your broker in IAM. (Service: Lambda, Status Code: 400, Request ID: 54dd811e-ede9-4de2-aace-839344aab72f)" (RequestToken: 7c072ae3-b566-3b19-f0b0-d6ff51960f29, HandlerErrorCode: InvalidRequest)
[10:15:27] Stack ZZZ has an ongoing operation in progress and is not stable (CREATE_IN_PROGRESS)
ZZZ | 5/7 | 10:15:27 AM | ROLLBACK_IN_PROGRESS | AWS::CloudFormation::Stack | ZZZ The following resource(s) failed to create: [QFDSKafkaEventSourceZZZQFDSD3CBC52EforeignengrainavailabiltynotifyEFE73996]. Rollback requested by user.
[10:15:32] Stack ZZZ has an ongoing operation in progress and is not stable (ROLLBACK_IN_PROGRESS)
ZZZ | 5/7 | 10:15:32 AM | DELETE_IN_PROGRESS | AWS::CDK::Metadata | CDKMetadata/Default (CDKMetadata)
ZZZ | 4/7 | 10:15:33 AM | DELETE_COMPLETE | AWS::CDK::Metadata | CDKMetadata/Default (CDKMetadata)
[10:15:37] Stack ZZZ has an ongoing operation in progress and is not stable (ROLLBACK_IN_PROGRESS)
This github issue mentions the same error in the same context. It suggests the problem is due to missing Lambda permissions on the (customer-managed) KMS key used to encrypt the MKS cluster secret.
If so, the solution -- shamelessly stolen from the linked issue -- is something like:
# get a reference to the MSK cluster key
cluster_key = aws_kms.Key.from_key_arn(this, 'ClusterKey', CLUSTER_ENCRYPTION_KEY_ARN)
# add the key reference to the secret reference
secret = Secret.from_secret_attributes(self, "AmazonMSK_AdminSecret",
secret_complete_arn="somearn",
encryption_key=cluster_key
)
# give the Lambda permission to decrypt the Cluster Key
cluster_key.grant_decrypt(lambdaFn.role)
Related
I have migrated a spring-boot project from MySQL to SQL Server. I don't have the necessary roles to use hibernate.hbm2ddl.auto = update.
How can I update without having access to sysadmin?
I need to update because I can't lose the records
2021-07-21 | 13:30:17.660 | INFO | main | o.h.t.h.SchemaUpdate | HHH000228: Running hbm2ddl schema update
2021-07-21 | 13:30:17.692 | WARN | main | .e.j.s.SqlExceptionHelper | SQL Error: 229, SQLState: S0005
2021-07-21 | 13:30:17.692 | ERROR | main | .e.j.s.SqlExceptionHelper | The SELECT permission was denied on the object 'sequences', database 'mssqlsystemresource', schema 'sys'.
2021-07-21 | 13:30:17.692 | WARN | main | ddedWebApplicationContext | Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in class path resource [org/springframework/boot/autoconfigure/orm/jpa/HibernateJpaAutoConfiguration.class]: Invocation of init method failed; nested exception is javax.persistence.PersistenceException: [PersistenceUnit: default] Unable to build Hibernate SessionFactory
2021-07-21 | 13:30:17.692 | INFO | main | o.a.c.c.StandardService | Stopping service [Tomcat]
I don't know how you are invoking hbm2ddl but you can specify an output file and then apply these statements manually. You can configure this through the javax.persistence.schema-generation.scripts.create-target parameter. See the documentation for details: https://docs.jboss.org/hibernate/orm/5.5/userguide/html_single/Hibernate_User_Guide.html#configurations-hbmddl
By using command line(ssh), I can get switch interfaces status like below(just demo):
Cisco-Switch# show int status
Port Name Status Vlan Duplex Speed
Eth0/1 test_alias connected 1 a-full a-100
Eth0/2 notconnect 1 auto auto
Eth0/3 connected 3 a-full a-100
Eth0/4 connected 3 a-full a-100
Eth0/5 potchann linkFlapE 255 auto auto
Eth0/6 notconnect 300 auto auto
Eth0/7 sfpAbsent routed auto auto
Eth0/8 sfpAbsent routed auto auto
Eth0/9 connected trunk full a-10G
By using SNMP walk(oid:.1.3.6.1.2.1.2.2.1 or .1.3.6.1.2.1.31.1.1.1), I can get every interface name, adminStatus, operStatus and so on.
I got these after the summary:
| adminStatus | OperStatus | commandLine Port Status |
| up | up | connected |
| up | down | notconnect |
| up | down | linkFlapE |
| up | down | sfpAbsent |
| down | down | disable |
| down | down | sfpAbsent |
abviosly, there are 3 staus when AdminStatus is up and OperStatus is down in snmp oid "1.3.6.1.2.1.2.2.1".
So, I think the commandLine port status cannot be fetched by this snmp oid.
finnaly, I don't find a way to get switch interface status(like "connected","notconnect","disable","sfpAbsent") in SNMP.
hoping someone can tell me the oid to resolve it.
Thx for your help.
Most of the interface information is retrievable using this OID:
.1.3.6.1.2.1.2.2.1.7
Maybe u can try this oid .1.3.6.1.2.1.2.2.1.8 (ifOperStatus). It should have this (1-up, 2-down, 3-testing, 4-unknown, 5-dormant, 6-notPresent, 7-lowerLayerDown) from the site I have been search for. link
I am unable to shutdown my activemq gracefully after enabling jmx. Please help and tell me what am I doing wrong. Here is what I am trying to do.
start activemq:-
[mwapp#JMNGD1BAO150V02 ~]$ /app/apache-activemq-5.14.0/bin/activemq start xbean:/app/apache-activemq-5.14.0/conf/activemq-security.xml
INFO: Loading '/app/apache-activemq-5.14.0//bin/env'
INFO: Using java '/usr/java/jre1.7.0_79//bin/java'
INFO: Starting - inspect logfiles specified in logging.properties and log4j.properties to get details
INFO: pidfile created : '/app/apache-activemq-5.14.0//data/activemq.pid' (pid '16917')
activemq.log:- To me it's looking fine
2017-10-12 13:48:18,936 | INFO | Refreshing org.apache.activemq.xbean.XBeanBrokerFactory$1#2142b533: startup date [Thu Oct 12 13:48:18 IST 2017]; root of context hierarchy | org.apache.activemq.xbean.XBeanBrokerFactory$1 | main
2017-10-12 13:48:20,008 | INFO | Loading properties file from URL [file:/app/apache-activemq-5.14.0//conf/credentials-enc.properties] | org.jasypt.spring31.properties.EncryptablePropertyPlaceholderConfigurer | main
2017-10-12 13:48:20,975 | INFO | Loaded the Bouncy Castle security provider. | org.apache.activemq.broker.BrokerService | main
2017-10-12 13:48:21,283 | INFO | Using Persistence Adapter: KahaDBPersistenceAdapter[/jms_nas/kahadb] | org.apache.activemq.broker.BrokerService | main
2017-10-12 13:48:21,308 | INFO | JMX consoles can connect to service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi | org.apache.activemq.broker.jmx.ManagementContext | JMX connector
2017-10-12 13:48:21,594 | INFO | KahaDB is version 6 | org.apache.activemq.store.kahadb.MessageDatabase | main
2017-10-12 13:48:21,653 | INFO | Recovering from the journal #1105:27118028 | org.apache.activemq.store.kahadb.MessageDatabase | main
2017-10-12 13:48:21,657 | INFO | Recovery replayed 58 operations from the journal in 0.046 seconds. | org.apache.activemq.store.kahadb.MessageDatabase | main
2017-10-12 13:48:21,719 | INFO | PListStore:[/app/apache-activemq-5.14.0/data/localhost/tmp_storage] started | org.apache.activemq.store.kahadb.plist.PListStoreImpl | main
2017-10-12 13:48:21,903 | INFO | Apache ActiveMQ 5.14.0 (localhost, ID:JMNGD1BAO150V02-59661-1507796301746-0:1) is starting | org.apache.activemq.broker.BrokerService | main
2017-10-12 13:48:22,786 | INFO | Listening for connections at: ssl://JMNGD1BAO150V02:61616?needClientAuth=true&maximumConnections=1000&wireFormat.maxFrameSize=104857600 | org.apache.activemq.transport.TransportServerThreadSupport | main
2017-10-12 13:48:22,787 | INFO | Connector ssl started | org.apache.activemq.broker.TransportConnector | main
2017-10-12 13:48:22,787 | INFO | Apache ActiveMQ 5.14.0 (localhost, ID:JMNGD1BAO150V02-59661-1507796301746-0:1) started | org.apache.activemq.broker.BrokerService | main
2017-10-12 13:48:22,787 | INFO | For help or more information please see: http://activemq.apache.org | org.apache.activemq.broker.BrokerService | main
2017-10-12 13:48:22,788 | WARN | Store limit is 102400 mb (current store usage is 1397 mb). The data directory: /jms_nas/kahadb only has 91534 mb of usable space. - resetting to maximum available disk space: 91534 mb | org.apache.activemq.broker.BrokerService | main
2017-10-12 13:48:23,646 | INFO | No Spring WebApplicationInitializer types detected on classpath | /admin | main
2017-10-12 13:48:23,755 | INFO | ActiveMQ WebConsole available at http://localhost:8161/ | org.apache.activemq.web.WebConsoleStarter | main
2017-10-12 13:48:23,755 | INFO | ActiveMQ Jolokia REST API available at http://localhost:8161/api/jolokia/ | org.apache.activemq.web.WebConsoleStarter | main
2017-10-12 13:48:23,799 | INFO | Initializing Spring FrameworkServlet 'dispatcher' | /admin | main
2017-10-12 13:48:24,068 | INFO | No Spring WebApplicationInitializer types detected on classpath | /api | main
2017-10-12 13:48:24,185 | INFO | jolokia-agent: Using policy access restrictor classpath:/jolokia-access.xml | /api | main
stop activemq:-
[mwapp#JMNGD1BAO150V02 ~]$ /app/apache-activemq-5.14.0/bin/activemq stop xbean:/app/apache-activemq-5.14.0/conf/activemq-security.xml
INFO: Loading '/app/apache-activemq-5.14.0//bin/env'
INFO: Using java '/usr/java/jre1.7.0_79//bin/java'
INFO: Waiting at least 30 seconds for regular process termination of pid '16917' :
Java Runtime: Oracle Corporation 1.7.0_79 /usr/java/jre1.7.0_79
Heap sizes: current=63488k free=61608k max=932352k
JVM args: -Xms64M -Xmx1G -Djava.util.logging.config.file=logging.properties -Djava.security.auth.login.config=/app/apache-activemq-5.14.0//conf/login.config -Dactivemq.classpath=/app/apache-activemq-5.14.0//conf:/app/apache-activemq-5.14.0//../lib/: -Dactivemq.home=/app/apache-activemq-5.14.0/ -Dactivemq.base=/app/apache-activemq-5.14.0/ -Dactivemq.conf=/app/apache-activemq-5.14.0//conf -Dactivemq.data=/app/apache-activemq-5.14.0//data
Extensions classpath:
[/app/apache-activemq-5.14.0/lib,/app/apache-activemq-5.14.0/lib/camel,/app/apache-activemq-5.14.0/lib/optional,/app/apache-activemq-5.14.0/lib/web,/app/apache-activemq-5.14.0/lib/extra]
ACTIVEMQ_HOME: /app/apache-activemq-5.14.0
ACTIVEMQ_BASE: /app/apache-activemq-5.14.0
ACTIVEMQ_CONF: /app/apache-activemq-5.14.0/conf
ACTIVEMQ_DATA: /app/apache-activemq-5.14.0/data
Connecting to JMX URL: service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi
ERROR: java.lang.NullPointerException
java.lang.NullPointerException
at org.apache.activemq.console.command.AbstractCommand.handleException(AbstractCommand.java:167)
at org.apache.activemq.console.command.AbstractJmxCommand.execute(AbstractJmxCommand.java:390)
at org.apache.activemq.console.command.ShellCommand.runTask(ShellCommand.java:154)
at org.apache.activemq.console.command.AbstractCommand.execute(AbstractCommand.java:63)
at org.apache.activemq.console.command.ShellCommand.main(ShellCommand.java:104)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.activemq.console.Main.runTaskClass(Main.java:262)
at org.apache.activemq.console.Main.main(Main.java:115)
...............................
INFO: Regular shutdown not successful, sending SIGKILL to process
INFO: sending SIGKILL to pid '16917'
As you can see, the system is forcefully shutting down using pid which is not expected. I am currently using apache-activemq-5.14.0 and the configuration file will look something like below. I am not sure why activemq gave two separate file to enable JMX i.e. env and activemq-security.xml. Or the env file has some different role to play. I read the documentation, and I got more confuse when they mention from V.5.12.0 onwards they are supporting OCSP. Do I need to enable that too?
${ACTIVEMQ_HOME}/bin/env
#!/bin/sh
# Active MQ installation dirs
# ACTIVEMQ_HOME="<Installationdir>/"
# ACTIVEMQ_BASE="$ACTIVEMQ_HOME"
# ACTIVEMQ_CONF="$ACTIVEMQ_BASE/conf"
# ACTIVEMQ_DATA="$ACTIVEMQ_BASE/data"
# ACTIVEMQ_TMP="$ACTIVEMQ_BASE/tmp"
ACTIVEMQ_OPTS_MEMORY="-Xms64M -Xmx1G"
if [ -z "$ACTIVEMQ_OPTS" ] ; then
ACTIVEMQ_OPTS="$ACTIVEMQ_OPTS_MEMORY -Djava.util.logging.config.file=logging.properties -Djava.security.auth.login.config=$ACTIVEMQ_CONF/login.config"
fi
#ACTIVEMQ_OPTS="$ACTIVEMQ_OPTS -Dorg.apache.activemq.audit=true"
# ACTIVEMQ_SUNJMX_START="$ACTIVEMQ_SUNJMX_START -Dcom.sun.management.jmxremote.port=1099"
# ACTIVEMQ_SUNJMX_START="$ACTIVEMQ_SUNJMX_START -Dcom.sun.management.jmxremote.password.file=${ACTIVEMQ_CONF}/jmx.password"
# ACTIVEMQ_SUNJMX_START="$ACTIVEMQ_SUNJMX_START -Dcom.sun.management.jmxremote.access.file=${ACTIVEMQ_CONF}/jmx.access"
# ACTIVEMQ_SUNJMX_START="$ACTIVEMQ_SUNJMX_START -Dcom.sun.management.jmxremote.ssl=true"
ACTIVEMQ_SUNJMX_START="$ACTIVEMQ_SUNJMX_START -Dcom.sun.management.jmxremote"
#ACTIVEMQ_SUNJMX_CONTROL="--jmxurl service:jmx:rmi:///jndi/rmi://127.0.0.1:1099/jmxrmi --jmxuser controlRole --jmxpassword abcd1234"
ACTIVEMQ_SUNJMX_CONTROL=""
if [ -z "$ACTIVEMQ_QUEUEMANAGERURL" ]; then
ACTIVEMQ_QUEUEMANAGERURL="--amqurl tcp://localhost:61616"
fi
if [ -z "$ACTIVEMQ_SSL_OPTS" ] ; then
#ACTIVEMQ_SSL_OPTS="-Djava.security.properties=$ACTIVEMQ_CONF/java.security"
ACTIVEMQ_SSL_OPTS=""
fi
#ACTIVEMQ_DEBUG_OPTS="-Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005"
if [ -z "$ACTIVEMQ_KILL_MAXSECONDS" ]; then
ACTIVEMQ_KILL_MAXSECONDS=30
fi
ACTIVEMQ_USER=""
# ACTIVEMQ_PIDFILE="$ACTIVEMQ_DATA/activemq.pid"
JAVA_HOME="/usr/java/jre1.7.0_79/"
${ACTIVEMQ_HOME}/conf/activemq-security.xml
<broker xmlns="http://activemq.apache.org/schema/core" brokerName="localhost" dataDirectory="${activemq.data}">
----------------------------------------------
<managementContext>
<!--managementContext createConnector="true" connectorPort="1099"/-->
<managementContext createConnector="true">
<property xmlns="http://www.springframework.org/schema/beans" name="environment">
<map xmlns="http://www.springframework.org/schema/beans">
<entry xmlns="http://www.springframework.org/schema/beans" key="jmx.remote.x.password.file" value="${activemq.base}/conf/jmx.password"/>
<entry xmlns="http://www.springframework.org/schema/beans" key="jmx.remote.x.access.file" value="${activemq.base}/conf/jmx.access"/>
</map>
</property>
</managementContext>
</managementContext>
----------------------------------------------
<shutdownHooks>
<bean xmlns="http://www.springframework.org/schema/beans" class="org.apache.activemq.hooks.SpringContextHook"/>
</shutdownHooks>
</broker>
I'm writing a program to test update scripts for Azure sql.
The idea is to
- first clone a database (or fill a clone with the source schema and content)
- then run the update script on the clone
Locally I have this working, but for azure I have the probem that I don't see any file names. If I restore one database to another on the same azure "server", don't I have to rename the data files during restore too?
For local restore I do this:
restore.Devices.AddDevice(settings.BackupFileName, DeviceType.File);
restore.RelocateFiles.Add(new RelocateFile("<db>", Path.Combine(settings.DataFileDirectory, settings.TestDatabaseName + ".mdf")));
restore.RelocateFiles.Add(new RelocateFile("<db>_log", Path.Combine(settings.DataFileDirectory, settings.TestDatabaseName + "_1.ldf")));
restore.SqlRestore(srv);
Is something similar required for cloning a database on azure?
Lots of Greetings!
Volker
You can create a database as a copy of [source]:
CREATE DATABASE database_name [ COLLATE collation_name ]
| AS COPY OF [source_server_name].source_database_name
{
(<edition_options> [, ...n])
}
<edition_options> ::=
{
MAXSIZE = { 100 MB | 500 MB | 1 | 5 | 10 | 20 | 30 … 150…500 } GB
| EDITION = { 'web' | 'business' | 'basic' | 'standard' | 'premium' }
| SERVICE_OBJECTIVE =
{ 'basic' | 'S0' | 'S1' | 'S2' | 'S3'
| 'P1' | 'P2' | 'P3' | 'P4'| 'P6' | 'P11'
| { ELASTIC_POOL(name = <elastic_pool_name>) } }
}
[;]
My environment: Ansible 1.7.1/Ubuntu
I have a private OpenStack network, it works correctly if I use the neutron command:
$ env | grep OS_
OS_PASSWORD=cai
OS_AUTH_URL=http://demo-controller:35357/v2.0
OS_USERNAME=larry
OS_TENANT_NAME=demo
$ neutron net-list
+--------------------------------------+---------+--------------------------+
| id | name | subnets |
+--------------------------------------+---------+--------------------------+
| 5ecc0fbb-091b-4c6a-b905-c73e66e1ffda | ext-net | 3aa6539d-24d3-4c06-.. |
| 76506b52-1980-470c-b438-094e8b4bb3e7 | demo-1 | 52cd943d-7f25-4a11-.. |
+--------------------------------------+---------+--------------------------+
Now I want to get the network-id using the quantum_network module:
$ ansible localhost -m quantum_network -a "state=present login_username=larry login_password=cai login_tenant_name=demo name=demo-1 auth_url=http://demo-controller:35357/v2.0/" -v
But that throws an authentication error:
... File \"/usr/lib/python2.7/dist-packages/keystoneclient/utils.py\", line 318, in
inner\n return func(*args, **kwargs)\n File \"/usr/lib/python2.7/dist- packages/keystoneclient/session.py\", line 251, in request\n raise exceptions.from_response(resp, method, url)\nkeystoneclient.apiclient.exceptions.Forbidden: You are not authorized to perform the requested action, admin_required. (HTTP 403)\n",
"parsed": false
What is the problem?
It is the bug in quantum_network module, see issue #7275, it requires admin permission to get tenant id, which is not needed always.
Not sure which ansible release will include this.
I use the commit as patch in my release