traefik - basic auth for entry point via key/value store - consul

I would like to configure basic auth for one of my entry points via key/value store (consul in my case). But traefik seems to ignore the directives.
I tried the following configurations:
traefik/entrypoints/http/auth/basic/users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
traefik/entrypoints/http/auth/basic/users = test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
traefik/entrypoints/http/auth/basic/users/0 = test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
I get the following error
-------------------------------------
/var/log/containers/traefik-c9f95e2d3a98-stdouterr.log
-------------------------------------
2017/06/12 15:58:34 Error loading configuration: 1 error(s) decoding:
* error decoding 'EntryPoints[http].Auth.Basic.Users': illegal base64 data at input byte 5
The toml file seems to be ignored if I specify a key/value store...
What am i doing wrong?

I figured out what was wrong.
If you provide a key/value store like consul it will override the configuration in your config file.
The correct key or path to store basic auth users looks like this
traefik/entrypoints/http/auth/basic/users/0
and the value you is the username and the hash separated by a colon
test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
If you get the above error message regarding base64 encoding you have to escape the $ with $ so your hash looks like $$apr1$$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/

Related

elastic search issue with Open Distro

we have defined the following in .ini file:
Assigned Values:
opendistro_security.ssl.http.enabled= True
Kesystore type = PKCS12
keystore_filepath = /relativepath.pfx
truststore_type = PKCS12
truststore-filepath =/relativepath.pfx
opendistro_security.ssl.transport.keystore_password=""
opendistro_security.ssl.transport.truststore_password=""
We are getting below error message when we execute .Net application:
Error:
Caused by: org.elasticsearch.ElasticsearchSecurityException: Error while initializing transport SSL layer: java.io.IOException: keystore password was incorrect
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
Resolutions we tried:
Changed different passwords of Pfx as well as defined in setting_override.ini (eg. “changeit”). Also added Pfx file to respective directory.
Checked PFX file by both import/ export by creating new password and also added that in MMC and checked.
Added default password for Truststore type and Keystore Type as per the this URL
Placed Pfx file inside config folder of Elastic Search
But still we are facing issue.
In this URL they have mentioned the following settings such as:
ELASTIC_PASSWORD=password
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.keystore.path=/usr/share/elasticsearch/config/elastic-certificates.p12
- xpack.security.http.ssl.truststore.path=/usr/share/elasticsearch/config/elastic-certificates.p12
- xpack.security.http.ssl.keystore.password=password
- xpack.security.http.ssl.truststore.password=password
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/config/elastic-certificates.p12
- xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/config/elastic-certificates.p12
- xpack.security.transport.ssl.keystore.password=password
- xpack.security.transport.ssl.truststore.password=password
Queries:
Do we need to mention all this settings for our application?
Is the above setting applicable for XPack (or) it will get applicable for Open Distro also?
Is elastic search will have separate password? If so where can we check password related to Elastic Search?
Do we need to assign same password of Elastic search to Truststore type and Key store type?

Invalid Yaml: mapping values are not allowed here

Can anyone help me to figure out the following error while deploying react app on AWS elastic beanstalk -
2019-08-01 04:37:21 ERROR The configuration file .ebextensions/nodecommand.
config in application version app-5466-190801_100700 contains invalid YAML or JS
ON. YAML exception: Invalid Yaml: mapping values are not allowed here
in "<reader>", line 3, column 16:
option_settings:
^
, JSON exception: Invalid JSON: Unexpected character (/) at position 0.. Update
the configuration file.
2019-08-01 04:37:21 ERROR Failed to deploy application.
Following is my nodecommand.config file -
option_settings:
aws: elasticbeanstalk:container:nodejs:
NodeCommand: "node server.compiled.js"
Update -
I followed this link to deploy React app on AWS elastic beanstalk and stuck on above error -
https://medium.com/#wlto/how-to-deploy-an-express-application-with-react-front-end-on-aws-elastic-beanstalk-880ff7245008
This is what's shown in the linked tutorial:
option_settings:
aws:elasticbeanstalk:container:nodejs:
NodeCommand: "node server.compiled.js"
This is the YAML in your question:
option_settings:
aws: elasticbeanstalk:container:nodejs:
NodeCommand: "node server.compiled.js"
Can you spot the difference?
Spoiler: You've put a space after aws:. This causes the YAML parser to assume aws: is a mapping key with the value "elasticbeanstalk:container:nodejs:". However, the next line, which also starts with a mapping key (NodeCommand), is indented more, which would only be allowed if the previous line was a mapping key without a value.
If you remove the space, it correctly parses aws:elasticbeanstalk:container:nodejs as a mapping key and the following line as its value.
I was not actually had the problem fixed. I found this document[1] that says because my environment is using Amazon Linux 2, the ebextensions is not recommended. (But some of my ebextensions are still working. I have no idea about that). Instead, Buildfile, Procfile, and platform hooks are recommended. Therefore, I created a Procfile with the following content to make the Node server run with the command node index.js.
Procfile
web: node index.js
[1] https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/platforms-linux-extend.html

Databrick - Reading BLOB from Mounted filestorage

I am using Azure databricks and I ran the following Python code:
sas_token = "<my sas key>"
dbutils.fs.mount(
source = "wasbs://<container>#<storageaccount>.blob.core.windows.net",
mount_point = "/mnt/gl",
extra_configs = {"fs.azure.sas.<container>.<storageaccount>.blob.core.windows.net": sas_token})
This seemed to run fine. So I then ran:
df = spark.read.text("/mnt/gl/glAgg_LE.csv")
Which gave me the error:
shaded.databricks.org.apache.hadoop.fs.azure.AzureException: com.microsoft.azure.storage.StorageException: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
Not sure what I'm doing wrong though. I'm pretty sure my sas key is correct.
Ok if you are getting this error - double check both the SAS key and the container name.
Turned out I had pointed it to the wrong container!

Error while connecting Elastic Map Reduce ruby client

I am following the steps mentioned on the AWS to use an interactive Hive session using SSH.
I used the following resources
https://github.com/ucbtwitter/getting-started/wiki/Using-Elastic-Map-Reduce-via-Command-Line
http://docs.amazonwebservices.com/ElasticMapReduce/latest/GettingStartedGuide/SignUp.html
I was getting this error initially "Error: Missing key access-id" and then I fixed my JSON file. The JSON file is in the same format as mentioned in the above links.
When I run this command
./elastic-mapreduce
I am getting the following error :-
Error: Unable to parse credentials.json: can't convert String into Integer.
I checked the values required in JSON at AWS as well.
Does anyone has an idea why am I getting this error?
The region value in the credentials.json must be of int type.
{......
......
"region": 1
}

LDAP config on Amazon Linux

I am trying to install openldap on Amazon Linux and got the following error:
olcRootPW: value #0: <olcRootPW> can only be set when rootdn is under suffix
config error processing olcDatabase={1}monitor,cn=config: <olcRootPW> can only be set when rootdn is under suffix
slaptest: bad configuration file!
I also tried putting the olcRootPW in the olcDatabase={2}bdb.ldif file, but that just gives the same error. Any advise?
The message is quite clear. You can only set a password on the monitor database if the rootDN is under the suffix of the database. In other words the rootDN has to end with 'cn=monitor,cn=config'.
Try the to add it like below, in the file olcDatabase={2}hdb.ldif
olcSuffix: dc=my-domain,dc=com
olcRootDN: cn=manager,dc=my-domain,dc=com
olcRootPW: {SSHA}---password---

Resources