I am unable to load secrets from my encrypted data bag on Windows. I have copied the file to c:\chef\encrypted_data_bag_secret, which is the default path.
I first tried this:
credentials = Chef::EncryptedDataBagItem.load("system", "deploy")
This failed with this error:
10.0.1.20 [2014-09-12T19:51:45+00:00] FATAL: ArgumentError: No secret specified
to load_secret and no secret found at C:\chef\encrypted_data_bag_secret
I then attempted to specify it explicitly:
secret = Chef::EncryptedDataBagItem.load_secret("c:/chef/encrypted_data_bag_secret")
credentials = Chef::EncryptedDataBagItem.load("system", "deploy", secret)
This also failed:
10.0.1.20 [2014-09-12T19:53:18+00:00] FATAL: Errno::ENOENT: No such file or directory - file not found 'c:/chef/encrypted_data_bag_secret'
Finally, I tried specifying backslashes in case this didn't work:
secret = Chef::EncryptedDataBagItem.load_secret("c:\\chef\\encrypted_data_bag_secret")
credentials = Chef::EncryptedDataBagItem.load("system", "deploy", secret)
And that also failed:
10.0.1.20 [2014-09-12T19:54:49+00:00] FATAL: Errno::ENOENT: No such file or directory - file not found 'c:\chef\encrypted_data_bag_secret'
I've tried also editing the permissions so everyone can view the encrypted_data_bag_secret file but this had no effect. Surely there is something very obvious I'm missing here.
I am running chef-client as an administrator.
I created a text file to contain the secret over an RDP session, but forgot that the default in Windows Explorer is to not show the file extension. Once I renamed the file to have the correct name and extension, it started working as expected.
Related
I am writing a simple recipe to create file like:
file '/myfile' do
content 'Welcome to Technical Guftgu'
action :create
end
but on chef-client -zr "recipe[test::recipe1]"
i am getting the following error:
[2022-03-08T10:54:16+00:00] ERROR: Running exception handlers
Running handlers complete
[2022-03-08T10:54:16+00:00] ERROR: Exception handlers complete
Chef Infra Client failed. 0 resources updated in 02 seconds
[2022-03-08T10:54:16+00:00] FATAL: Stacktrace dumped to /home/vagrant/.chef/local-mode-cache/cache/chef-stacktrace.out
[2022-03-08T10:54:16+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2022-03-08T10:54:16+00:00] FATAL: Errno::EACCES: file[/myfile] (test::recipe1 line 7) had an error: Errno::EACCES: Permission denied # rb_sysopen - /myfile
It seems that your app does not have access to the file /myfile.
Try this, to allow access to all: sudo chmod a+rw /myfile
Errno::EACCES Means "Permission Denied"
The Errno class is mapped to your system call errors at runtime. You can find this (confusingly) documented in:
SystemCallError#errno
Errno
In particular:
Errno.constants.include? :EACCES
#=> true
on most *nix sytems Errno::EACCES maps to the libc error code for "permission denied". Specifically:
Macro: int EACCES
"Permission denied." The file permissions do not allow the attempted operation.
That generally means your #create action doesn't have permissions to read, write, or traverse the path to the file you are trying to manage, so you need to change your implementation (which you don't show in your original post) to ensure that your Ruby process has the needed file or filesystem permissions to perform the requested operations.
See Also
Understanding Ruby's strange "Errno" exceptions
errno Lookup
errno.h from The Open Group Base Specifications Issue 7, 2018 edition
I downloaded greenplum-cc-web-4.6.1-LINUX-x86_64.zip for my greenplum db with 5.18, and followed this link (https://gpcc.docs.pivotal.io/460/topics/setup-collection-agents.html) to install command center. Everything is OK while there is a failure about gpccinstall. It showed following errors:
RunCommandOnEachHost fail on host: client-gp03.bj
Error when unzip remote binary on sdw3 bin/gpccws
bin/ccagent
bin/gpcc
conf/app.conf
gpcc_path.sh
bin/start_agent.sh
bin/queryinfocat.sh
bin/gpcc_md5
ccdata/
alert-email/alertTemplate.html
alert-email/send_alert.sh.sample
languages/
languages/zh.json
languages/en.json
Error when unzip remote binary on client-gp00.bj bin/gpccws
bin/ccagent
bin/gpcc
conf/app.conf
gpcc_path.sh
bin/start_agent.sh
bin/queryinfocat.sh
bin/gpcc_md5
ccdata/
alert-email/alertTemplate.html
alert-email/send_alert.sh.sample
languages/
languages/zh.json
languages/en.json
Error when unzip remote binary on client-gp01.bj bin/gpccws
bin/ccagent
bin/gpcc
conf/app.conf
gpcc_path.sh
bin/start_agent.sh
bin/queryinfocat.sh
bin/gpcc_md5
ccdata/
alert-email/alertTemplate.html
alert-email/send_alert.sh.sample
languages/
languages/zh.json
languages/en.json
Error when unzip remote binary on client-gp02.bj bin/gpccws
bin/ccagent
bin/gpcc
conf/app.conf
gpcc_path.sh
bin/start_agent.sh
bin/queryinfocat.sh
bin/gpcc_md5
ccdata/
alert-email/alertTemplate.html
alert-email/send_alert.sh.sample
languages/
languages/zh.json
languages/en.json
Error when unzip remote binary on client-gp03.bj Warning: the ECDSA host key for 'client-gp03.bj' differs from the key for the IP address '10.136.173.8'
Offending key for IP in /home/gpadmin/.ssh/known_hosts:10
Matching host key in /home/gpadmin/.ssh/known_hosts:17
tar: bin/gpccws: Cannot open: File exists
tar: Exiting with failure status due to previous errors
RunCommandOnEachHost failure happened
Can anyone encounter this issue before? I did some search in google and pivotal community, but failed to find some solution. Any help is appreciated.
BTW, when I ignored above errors, and continued, I found the gpcc web server can be started successfully. And when I logged in, only "Query Monitor" UI section show one warning: "GPCC is no longer receiving updates. Check your network status or gpcc status and refresh this page.", other part of UI seems OK.
From here:
Error when unzip remote binary on client-gp03.bj Warning: the ECDSA host key for 'client-gp03.bj' differs from the key for the IP address '10.136.173.8'
Offending key for IP in /home/gpadmin/.ssh/known_hosts:10
Matching host key in /home/gpadmin/.ssh/known_hosts:17
tar: bin/gpccws: Cannot open: File exists
tar: Exiting with failure status due to previous errors
You have duplicate ssh fingerprint keys in your /home/gpadmin/.ssh/known_hosts file. I recommend removing both lines 10 and 17 from that file, then running ssh-keyscan client-gp03.bj >> /home/gpadmin/.ssh/known_hosts
After this is complete, try ssh-ing to the host, to see that the fingerprint error is cleared up, and if so, try the gpcc installation again.
The former xxx.BrokerImport is expired, and I generate a new key with the same name 'xxx.Import' and import it into remote server. But I can't delete the former one. They have same name, when I use 'xxx.Import' to encrypt, it will failed, I guess it used the former one not the new import one.
I want to delete one expired key in remote server.
Use root user to execute commands:
[root#ip-xxx xxx_ansible]#gpg --delete-key B7C1CB35
But get following error:
gpg: WARNING: unsafe ownership on homedir `/XXX/XXX_Import_tools/Keys'
I used root user to execute this, no idea why I haven't permission.
And I try:
[root#ip-xxx xxx_ansible]# sudo gpg --delete-key B7C1CB35
then get another error:
gpg: key "B7C1CB35" not found: Unknown system error
gpg: B7C1CB35: delete key failed: Unknown system error
However the public key is exist.
[root#ip-xxx xxx_ansible]# gpg --list-keys
gpg: WARNING: unsafe ownership on homedir `/xxx/xxx_Import_tools/Keys'
/xxx/xxx_Import_tools/Keys/pubring.gpg
------------------------------------------------
pub 2048R/B7C1CB35 2016-05-12 [expired: 2018-04-24]
uid xxx.Import <xxx#xxx.com>
pub 2048R/B75F015E 2018-07-23
uid xxx.Import <xxx#xxx.com>
sub 2048R/65AED995 2018-07-23
Does anyone has idea about this? Hope to get your help.
Since I have resolve this issue, I'd like to share my solution.
I want to delete the key with command directly, but due to permission deny, I delete the pubring.gpg / secring.gpg / trustdb.gpg in remote server. And After next deployment, these key will be import by ansible script. And these file will be generated.
I am trying to figure out why my GitHub for Mac crashes on start when I choose a local repository. I added this local repository from a folder I had cloned. Unfortunately, I was playing around with the git command line and I must have done something to corrupt the local repository.
Now my GitHub for Mac is trying to access this corrupted repository on reopen and I can't change it within the program before it crashes. I would rather not purge the system of files because I have other repositories saved in GitHub for Mac.
How exactly would I be able to solve this issue or delete the reference to this local repository that is causing me massive issues? I have attempted to get an answer from the people at GitHub but they have not responded to me yet. Thank you. The error I am getting is below.
*** Terminating app due to uncaught exception
NSInternalInconsistencyException', reason: 'Received error from <RACDynamicSignal: 0x600000e3dca0> name: in binding for key path` "headerContentViewModel" on <GHChangesViewModel: 0x600000129420>:
NSError { domain: GTGitErrorDomain, code: -12, description: "Failed to create reference to tracking branch from <GTBranch: 0x600000e20c00> name: refs/heads/master, shortName: master, sha:
b5db93cacaf51cde5ad27c605c4bdb114cd23605, remoteName: (null), repository: <GTRepository: 0x60000041b4e0> fileURL: file:///Users/name/Desktop/personalWebsite/", underlying error: NSError { domain:
GTGitErrorDomain, code: -12, description: "'https://github.com/name/git.git' is not a valid remote name." } }'
terminating with uncaught exception of type NSExceptionabort() called
I had this same problem, the source turned out to be an incorrect line in my .git/config file.
The master branch had these lines:
[branch "master"]
remote = git#github.com:/.git
which matched most of the url value for the [remote "origin"] line.
Changing the line to this:
remote = origin
Fixed the problem immediately, and no more "Unable to create tracking branch" errors like I've had for quite some time.
Be sure to make a copy of that line in case it doesn't work.
GitHub support verified that this was the correct solution - at least in my case.
It looks like you've changed the config file, specifically for the repo location. If you're not able to repair the git config file yourself, can you do cat ./.git/config for us?
I am trying to install openldap on Amazon Linux and got the following error:
olcRootPW: value #0: <olcRootPW> can only be set when rootdn is under suffix
config error processing olcDatabase={1}monitor,cn=config: <olcRootPW> can only be set when rootdn is under suffix
slaptest: bad configuration file!
I also tried putting the olcRootPW in the olcDatabase={2}bdb.ldif file, but that just gives the same error. Any advise?
The message is quite clear. You can only set a password on the monitor database if the rootDN is under the suffix of the database. In other words the rootDN has to end with 'cn=monitor,cn=config'.
Try the to add it like below, in the file olcDatabase={2}hdb.ldif
olcSuffix: dc=my-domain,dc=com
olcRootDN: cn=manager,dc=my-domain,dc=com
olcRootPW: {SSHA}---password---