I'm having an issue with the Shield plugin for Elasticsearch. I have installed elasticsearch so that it runs as a service, and I can see that it is running on port 9200.
If I enter curl http://localhost:9200 in my Mac terminal I get the correct elasticsearch output...
Recently I have been trying to upgrade from basic authentication to shield authentication. I installed shield and license using the following commands:
/usr/share/elasticsearch/bin/plugin install license/latest
/usr/share/elasticsearch/bin/plugin install shield/latest
This successfull installs shield and license plugins. They are contained within my /usr/share/elasticsearch/plugins directory on my Vagrant box.
So, now if I try to use curl -XGET http://localhost:9200 again, I get the following response:
{"error":{"root_cause":[{"type":"security_exception","reason":"missing
authentication token for REST request
[/]","header":{"WWW-Authenticate":"Basic
realm=\"shield\""}}],"type":"security_exception","reason":"missing
authentication token for REST request
[/]","header":{"WWW-Authenticate":"Basic
realm=\"shield\""}},"status":401}
This is good. I can not reach elasticsearch without proper authentication. So now I want to create a user to authenticate to elasticsearch. I use the command:
sudo ./esusers useradd testuser -p password -r admin
This creates a user 'testuser' with password 'password' with admin privileges.
I can verify that this user has been created using the following command:
sudo ./esusers list
This returns:
testuser : admin
So I now try to run the curl command again with this user:
curl -u testuser:password -XGET http://localhost:9200
But I get the same error message as before when I tried without the admin user.
What is the issue here? Why is my admin user not authenticating?
You said that your verified the user is created using sudo ./esusers list but still the curl command fails. Chances are that you are using custom directory for elasticsearch even though the home dir is /usr/share/elasticsearch. And due to this, the esusers creates the users in /etc/elasticsearch/shield/ directory but they need to be copied to the custom dir, in case you are using one.
I know you've solved this differently but I'm answering this in the hope that it helps someone else in future. Can you confirm regarding the custom dir? For e.g in my case, the custom dir was /data/elasticsearch and the home dir was /usr/share/elasticsearch
Related
I'm writing a simple bash script to pull an image from Azure Container Registry. If I type the command on the shell, I get authenticated and the images are pulled without any issue. However, when I run the same commands using the bash script, I get the unauthorized error.
Script
#!/bin/sh
sudo service docker start
docker logout
az logout
docker login myregistry.azurecr.io
sudo docker pull myregistry.azurecr.io/rstudio-server:0.1
Error
Error response from daemon: Get "https://myregistry.azurecr.io/v2/": unauthorized: aad access token with sp failed client id must be guid
Error response from daemon: Head "https://myregistry.azurecr.io/v2/rstudio-server/manifests/0.1": unauthorized: authentication required, visit https://aka.ms/acr/authorization for more information.
I don't understand why it's happening even when I'm logged in.
Tested in my environment working fine for me.
Make sure Your password will be stored unencrypted in /root/.docker/config.json if not try to authenticate it manually by providing username and password in bash script.
sudo service docker start
docker logout
az logout
docker login myregistry.azurecr.io --username $SP_APP_ID --password $SP_PASSWD
sudo docker pull myregistry.azurecr.io/rstudio-server:0.1
You can also use the username and password of ACR as prvided in below picture inplace of APP_ID and SP_PASSWD
Would Suggest you to please follow this Microsoft Document for more information about authentication of ACR from Docker
I tried using Jenkins or my admin username as user and password. For password, I tried to update using sudo passwd jenkins, so I am fine on that. However, I am skeptical about the user name. How do I confirm the username for Jenkins? Can someone pls help me?
During the initial run of Jenkins a security token is generated and printed in the console log. The username is admin
The token should look something like,
*************************************************************
Jenkins initial setup is required. A security token is required to proceed.
Please use the following security token to proceed to installation:
41d2b60b0e4cb5bf2025d33b21cb
*************************************************************
For me the initial admin password was in a log at ~/.jenkins/secrets/initialAdminPassword
after installing with homebrew.
source
If you pod is running in a Kubernetes cluster, just look at the running process … Your initial password will be shown…
e.g.
--argumentsRealm.passwd.admin=**3kJQtPDkhk** --argumentsRealm.roles.admin=admin
Username: admin
For password,
cat /Users/$(whoami)/.jenkins/secrets/initialAdminPassword
you will get similar to this token 2762710d8dab4c88a59fea0a2e559069
The requirements for odoo 9 are successfully installed. I'm vaulting the software from the source directory without installing it using the command
./openerp-server -r <USER> -w <PASSWORD> --db_port 5432 -d <DATABASE>
When I first ran the command as postgres user, the browser at the address localhost:8069 asked me to create a new database with a database name (although I already gave DATABASE as mydb in the command line above) using an admin user password. I gave odootest as database name along with the admin password (postgres user password) and checked the load demonstration data checkbox. The new instance was created and the list of apps were displayed. Everything was fine till that point
After logging out, I'm unable to log back in as the screen now shows this
I don't remember giving any email id with a password for this. How am I supposed to log in now? Is there any default entry for this?
OS: Mac OS-X 10.9
You can use in every OS
user: admin
psw: admin
it's default for all odoo/openerp version
createdb foo gives an invalid password for user (my username)
I can't login with
sudo psql
How do I reset my postgres user accounts?
Is it something I can do in the hba_conf file?
EDIT:
I was beginning a Postgres tutorial and wanted to have a fresh install. I ran
brew update
brew uninstall postgresql
brew install postgresql
pg_ctl -D some/path
createdb
This could be two things: you lost/misset the password, or Postgres might be configured in a way that prevents you from logging in.
Resetting the password:
Most of the time Postgres runs as user "postgres". Try su - postgres as root, and then run psql. If that doesn't work, you'll need to figure out what user postgres is running as, and su to that user. From there you can reset the password for the user. Also, make sure that your user is allowed to log in -- the default is to disable login for a new role .
Changing the configuration:
Find the pg_hba.conf file and edit it to permit password login. This file is usually loacted in /var/lib somewhere. On my Scientific Linux server its at: /var/lib/pgsql/9.2/data/pg_hba.conf, but on my Gentoo server its at /etc/postgresql-9.3/pg_hba.conf -- so locate pg_hba.conf might help you find it. This file is usually fairly well commented, and there is a manual page for it here: http://www.postgresql.org/docs/devel/static/auth-pg-hba-conf.html.
I am trying to setup a basic ldap server/client scenario. I downloaded openldap for windows and installed it. I am starting the server successfully with the command,
slapd -d 1
I tried to use various clients (commandline, LDAP Browser, phpLDAPadmin) to connect and do a search, it works with 'anonymous access' but it fails every time I try the same with root user/password and says 'failed to connect to ldap://localhost:389'. Same thing works if i connect anonymously.
What could be the problem ?
Here's my slapd.conf
ucdata-path ./ucdata
include ./schema/core.schema
pidfile ./run/slapd.pid
argsfile ./run/slapd.args
database bdb
suffix "dc=guessant,dc=org"
rootdn "cn=Manager,dc=guessant,dc=org"
rootpw secret
directory ./data
I am using Login DN as "cn=Manager,dc=guessant,dc=org" and password as "secret"
It has been fixed now .. problem was with PHP mcrypt and phpLdapAdmin. Apparantly there's an issue with PHP 5.2. and figured out that upgrading to 5.3 + or removing mcrypt usage, would fix it. I chose the later, for the timebeing atleast