Hashicorp Vault Server UI loads a blank screen - windows

I am trying to run hashicorp vault server as windows service in windows 10 system.
Vault server UI is showing as blank screen.
Please refer my configuration details.
config.hcl
ui = true
backend "consul" {
address = "127.0.0.1:8500"
path = "vault/"
}
listener "tcp" {
address = "127.0.0.1:8200"
tls_disable = 1
tls_cert_file = "c:/vault/config/certificate.crt"
tls_key_file = "c:/vault/config/privkey.key"
}
By default vault server is running in this (http://localhost:8200/ui/) local URL. When i navigate to this 8200 port , Blank ui screen is displayed.
Console log of Vault UI
But at the same time hashicorp vault server UI is loading if we run vault as container based application.
Windows service command I used to run vault service:
sc.exe create VaultAgent binPath= "C:\vault\vault.exe server -config=C:\vault\config\config.hcl" displayName= "Vault Agent" start= auto
Note: vault.exe is downloaded from vault windows amd64 version this url.
I am able to receive the response from vault server. Please refer the image.
vault server backend response
Note: Consul service is up and running. Please refer the image.
consul server up and running
How to bring up the Vault server UI up and running? Am i missing something.?
Note: Below are the Vault server UI console logs
unseal:1 Refused to execute script from 'https://localhost:8200/ui/assets/vendor-dd308e6ebdb070a5a829a0c0d6e74f61.js' because its MIME type ('text/plain') is not executable, and strict MIME type checking is enabled.
unseal:1 Refused to execute script from 'https://localhost:8200/ui/assets/vault-8a8f62829e5ad33487e21f63af47c80d.js' because its MIME type ('text/plain') is not executable, and strict MIME type checking is enabled.
unseal:1 Refused to execute script from 'https://localhost:8200/ui/sw-registration-1b862bc1e33e4a8a41781d56c3469209.js' because its MIME type ('text/plain') is not executable, and strict MIME type checking is enabled.

Latest version of the Hashicorp is having an bug and it is in opened stage. Please refer the url.
GitHub issue link
So you can little go back with old version(1.8.8) of vault and try to run it as windows service and UI should be up and running.
Note: v 1.8.8 is having it's own feature and not having all the features of the latest vault version.
Download the 1.8.8 vault for windows

Related

Cannot SSH into Azure Windows Server VM

I created a new Virtual Machine in Azure. (Windows Server 2016 Datacenter Server Core)
The VM creation process allowed me to enable SSH access (and I did):
Image of VM Creation Wizard
However I find myself unable to establish a SSH connection to the Windows Server.
I learned that in situations like this, it is sometimes necessary to reset the "configuration password":
"Reset Password" for VM
This action allowed me to successfully use the "troubleshoot the connection" tool (built into Azure) to "stage" a SSH connection (from my IP to the Azure VM). However I still find myself unable to establish a SSH connection. (The connection continues to "time out".)
Image of Inbound Network Rules
Image of Azure "Connection troubleshooter"
Any ideas?
I had to follow these instructions to manually install the sshd service:
https://365adviser.com/powershell/install-use-openssh-windows-powershell-core-remoting-via-ssh/
It's worth noting that Step #2 refers to a depreciated GitHub project. As such I needed to tweak the URI. I also needed to append the the -UseBasicParsing option. Here is the final result:
Invoke-WebRequest -Uri http://mengelsen.000webhostapp.com/shared-items/OpenSSH-Win64.zip -UseBasicParsing -OutFile openssh.zip

How to run portworx backup to minio server

Trying to configure portworx volume backups (ptxctl cloudsnap) to localhost minio server (emulating S3).
First step is to create cloud credentials using ptxctl cred c
e.g.
./pxctl credentials create --provider s3 --s3-access-key mybadaccesskey --s3-secret-key mybadsecretkey --s3-region local --s3-endpoint 10.0.0.1:9000
This results in:
Error configuring cloud provider.Make sure the credentials are correct: RequestError: send request failed caused by: Get https://10.0.0.1:9000/: EOF
disabling SSL (which is not configured as this is just a localhost test) gives me:
./pxctl credentials create --provider s3 --s3-access-key mybadaccesskey --s3-secret-key mybadsecretkey --s3-region local --s3-endpoint 10.0.0.1:9000 --s3-disable-ssl
Which returns:
Not authenticated with the secrets endpoint
I've tried this with both minio gateway (nas) and minio server - same result.
Portworx container is running within Rancher
Any thoughts appreciated
Resolved via instructions at https://docs.portworx.com/secrets/portworx-with-kvdb.html
i.e. set secret type to kvdb in /etc/pwx/config.json
"secret": {
"cluster_secret_key": "",
"secret_type": "kvdb"
},
Then login using ./pxctl secrets kvdb login
After this, credentials create was successful and subsequent cloudsnap backup. Test was using --s3-disable-ssl switch
Note - kvdb is plain text so not suitable for production obvs.

Can't connect remotely to WAS 8.5 full profile installed on Ubuntu 14.04 from RAD 9.5 installed on OSX

WAS 8.5 full profile isn't officially supported on OSX by IBM so the only option to perform development from OSX is to install stub runtime and connect to WAS installed remotely. I'm trying to install such scenario but something done wrong and can't connect to my WAS.
There's my installation:
On OSX El Capitan Installed:
RAD 9.5 with WAS 8.5 stub runtime (WebSphere Application Server traditional V8.5 stub)
Installed Virtual Box with Ubuntu Desktop edition 14.04
Ubuntu's hostname: anatoly-ubuntu-vm and it's accessible from host, i.e. ping anatoly-ubuntu-vm works fine
On Ubuntu installed:
WAS 8.5 full profile at /opt/IBM/WebSphere
Created AppSrv01 profile at /opt/IBM/WebSphere/AppServer/profiles
WAS installed with root user, IBM Installation Manager required root permission when was started
My connection settings in RAD:
server name: WebSphere Application Server traditional V8.5 stub at anatoly-ubuntu-vm
hostname: anatoly-ubuntu-vm
Runtime environment: WebSphere Application Server traditional V8.5 stub
Connection type:
I've tried RMI 2809 and SOAP 8880 both options didn't work
Enable the server to start remotely is checked and Select the operating system running the remote server: checked Linux option with my username and password. I've tried my regular Ubuntu account and root, both option didn't work.
Server profile path defined as /opt/IBM/WebSphere/AppServer/profiles/AppSrv01
When I try to start server I get the following exception:
The following problems has occurred when starting the server.
CTGRI0001E The application could not establish a connection to
anatoly-ubuntu-vm .
What am I doing wrong?
UPDATE 1:
After I've written this post I've figured out that SSH server isn't installed and configured at all as described here: Requirements for using Remote Execution and Access (RXA) Now, I've installed and it seems like connecting but stuck at 23% at stage Preparing launch delegate, after a while it throw the following error:
The following problems has occurred when starting the server. The
server may not be started in the correct mode. You can restart the
server to desired mode if it is started. CTGRI0075E A file transfer to
or from the system named [anatoly-ubuntu-vm] timed out before the
transfer could complete. The current timeout interval is set to 240000
milliseconds, and might need to be increased.
UPDATE 2:
As I can see despite error message server is started and I even can connect to web console anatoly-ubuntu-vm:9060/console/ibm but it looks that not SOAP connection, neither RMI connection don't work. When I run Test Connection from Settings overview page in RAD, I get the following error:
The connection failed after trying to use all the available connection
types.
Verify the port values are correct and the server has been started. If
the security of the server is enabled, verify the "Security is enabled
on this server" check box is selected, and the user ID and password
are provided. You can specify this in the server editor or when
creating a new server.
For a Technote with details on the most common server connection
problem, see http://www.ibm.com/support/docview.wss?uid=swg21266028.
The last connection attempt failed with the following exception:
ADMC0016E: The system cannot create a SOAP connector to connect to
host anatoly-ubuntu-vm at port 8880.
UPDATE 3
As #DanielBarbarian guessed I tried to run ./wsadmin.sh -port 8880 and it worked and returned
Connected to process "server1" on node anatoly-ubuntu-vmNode01 using SOAP connector; The type of process is: UnManagedProcess`
This is settings of my ports:
UPDATE 4
When I trying to run telnet anatoly-ubuntu-vm 8880 from OSX host I get the following response (ip address changed to non real due to privacy issue):
anatoly-mac:~ anatoly$ telnet anatoly-ubuntu-vm 8880
Trying 192.168.10.10...
Connected to anatoly-ubuntu-vm
Escape character is '^]'.
HTTP/1.1 408 Request Timeout
Content-Type: text/html
Content-Length: 117
Connection: close
<HTML><TITLE>408 - Request Timeout</TITLE><BODY>
<h1>408 Connection timed out while reading request</h1></BODY>
</HTML>Connection closed by foreign host

Unable to load SiteMinder host configuration object or host configuration file

The application log in the event viewer shows
Unable to load SiteMinder host configuration object or host configuration file
for Siteminder 12.51 on IIS 7.5 (64bit) OS Windows 2008 (64bit).
When do you get the error? Is it when you're configuring the Webagent?
Anyway, verify the following.
Verify your environment variables are set correctly, if must have references to the Webagent files, you may need to export the envvars in the webagent or policy server folder (nete_wa_env...) file.
if the host config object you're using exists? Verify this using the
Admin UI
If the hostname is configured in the policy server as a trusted host
Verify if the settings are correct in the corresponding SmHost.conf file in the webagent folder
Verify and eliminate any duplicate or conflicting lines in your IIS config files which refer to siteminder.
Verify the host config object and the agent config object settings.
make sure WebAgent.conf is pointing to the correct SmHost.conf and SmHost.conf has the correct HostConfigObject defined (with the exact case that is used in the Policy Store).
If the HCO in the Policy Store is named "DefaultHostSettings" and SmHost.conf contains HostConfigObject=defaulthostsettings you will get this type of error.
Try re-registering the web agent with the policy server using the smreghost command.

Heroku Database Connection Properties

I'm trying to perform a relatively trivial task: I want to connect to a Heroku database. I have created the database and have been issued credentials from the Heroku site. However, when I try to connect to this database using anything besides the terminal 'heroku' command line client, I get fatal errors or cannot connect errors.
The two tools that I tried to connect with outside of the Heroku terminal application are: Navicat and IntelliJ.
The error that I receive in Navicat when trying to connect to the database is:
could not connect to server: Host is down
Is the server running on host "ec2-107-21-112-215.compute-1.amazonaws.com" and accepting
TCP/IP connections on port 5432?
My connection settings are as follows:
Connection Name Heroku Dev Test
Host Name/IP Address ec2-107-21-112-215.compute-1.amazonaws.com
Port 5432
Navicat doesn't even seem to be making an attempt to connect to that hostname.
When I try to connect with IntelliJ, using the full credentials, I get the following error:
java.sql.SQLException: FATAL: no pg_hba.conf entry for host "75.168.4.146", user "rphbqggxeokuxl", database "dc008iqk0rq4j5", SSL off
Again, I'm using the credentials that the Heroku application provides me with when accessing my database on their website.
Has anyone ran into this Heroku connection issue before?
I also had the issue with the FATAL: no pg_hba.conf entry for host error message.
I solved the connection issue to my Heroku Postgres database by adding the following to my JDBC string: &ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory.
Example
jdbc:postgresql://host:port/database?user=username&password=secret&ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory
You will need the SSL option only if SSL is enabled for your Postgres database (which is the default).
Hint
If you want to check your database connection properties, then just run the following command with the Heroku Toolbelt: heroku pg:info --app your-heroko-appname (make sure that you have Postgres insalled to run this command in your terminal)
The pg:info command will also tell you that sslmode is set to require.
To test the database connection I recommend SQL Power Architect as it is the tool which I was using to check my solution.
Heroku provides this information for connecting from external sources:
https://devcenter.heroku.com/articles/heroku-postgresql#external-connections-ingress
The second error message indicates PostgreSQL is not configured to accept the connection you're trying to make. Given the information Heroku provides, a good guess is that you're not connecting with SSL. Try to enable that on your connection.
Here are instructions for using SSL with Navicat: http://mirror.navicat.com/manual/online_manual/en/navicat/rv_manual/ClientCert.html.
This may be helpful in configuring Intellij to use SSL: https://devcenter.heroku.com/articles/connecting-to-relational-databases-on-heroku-with-java#connecting-to-a-database-remotely.
IntelliJ -> Datasources and Drivers
After you've configured the host, database and user details under the General tab switch to the Advanced tab and ensure that you've added the following:
ssl = true
sslfactory = org.postgresql.ssl.NonValidatingFactory
sslmode = require
You may consider setting a ENVIRONMENT CONFIG VARIABLE 'PGSSLMODE' to 'require' via Heroku's web interface or CLI.
Case: Postgres dB set up as a Heroku add-on and attached to app on a Heroku Dyno.
Heroku's instructions unfortunately leave out any mention of how to activate SSL, even though it is required for any dB tier starting with Standard-0 by default.
Follow all of the pg-copy or pg-upgrade steps (preferred approach depends on your version of Postgres) in Heroku instructions; however, before decommissioning the old database (if relevant) -- add the PGSSLMODE environment variable.
The instructions sufficiently cover how to promote the new database (and, consequently set the DATABASE_URL), so no changes/modifications to them should be required.
Wanted to help others who might run into this.
If you're supplying the Username and Password in seperate fields rather than on the command line, you need to use a ? between the database name and ssl=true and discard the first &
jdbc:postgresql://host:port/database?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory
That's the command line that finally allowed me to connect to a PostgreSQL database using SQL Power Architect
For those who might be using Spring Boot and having the configuration provided through the DATABASE_URL environment property (not system property), the suffix can be added to the property:
?ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory
and passed through with a slight modification to the config bean:
#Bean
public BasicDataSource dataSource() throws URISyntaxException {
URI dbUri = new URI(System.getenv("DATABASE_URL"));
String username = dbUri.getUserInfo().split(":")[0];
String password = dbUri.getUserInfo().split(":")[1];
StringBuilder dbUrl = new StringBuilder(128);
dbUrl.append("jdbc:postgresql://")
.append(dbUri.getHost()).append(":")
.append(dbUri.getPort())
.append(dbUri.getPath());
String query = dbUri.getQuery();
if (null != query && !query.isEmpty()) {
dbUrl.append("?").append(query);
}
BasicDataSource basicDataSource = new BasicDataSource();
basicDataSource.setUrl(dbUrl.toString());
basicDataSource.setUsername(username);
basicDataSource.setPassword(password);
return basicDataSource;
}
I'm using node.js and was trying to run my knex migrations for my Heroku app. I tried appending ?sslmode=require to the connection URL but it didn't work. I added ?ssl=true instead and now it works perfectly.
Here's an example Heroku PostgreSQL connection URL that works:
postgres://user:password#ec2-12-34-56-78.compute-99.amazonaws.com:port/databasename?ssl=true
Add or edit the following line in your postgresql.conf file :
listen_addresses = '*'
Add the following line as the first line of pg_hba.conf. It allows access to all databases for all users with an encrypted password:
TYPE DATABASE USER CIDR-ADDRESS METHOD
host all all 0.0.0.0/0 md5
Restart postgresql service:
net stop postgresql-9.0 & net start postgresql-9.0
(version should be based on your installation) -- On windows (run cmd as an administrator).
sudo service start postgresql -- On linux (or according to your linux distribution.)
const pool = new Pool({
connectionString: process.env.DATABASE_URL,
ssl: {
rejectUnauthorized: false
}
});

Resources