As per offical documentation by Openshift , we can get kubadmin password as below:
crc console --credentials
To login as a regular user, run 'oc login -u developer -p developer https://api.crc.testing:6443'.
To login as an admin, run 'oc login -u kubeadmin -p gALwE-jY6p9-poc9U-gRcdu https://api.crc.testing:6443'
However , I can login successfully with developer/developer .kubeadmin will fail with "Login failed (401 Unauthorized)" . Restart CRC muiltiple times . Still not works ... Any idea about this ?
$ oc login -u developer -p developer https://api.crc.testing:6443
Login successful.
You have one project on this server: "demo"
Using project "demo"
$ oc login -u kubeadmin -p gALwE-jY6p9-poc9U-gRcdu https://api.crc.testing:6443
Login failed (401 Unauthorized)
Verify you have provided correct credentials.
Any inputs will be appreciated . Thanks in advance..
You said you restarted CRC. Have you tried deleting and recreating the cluster?
One of the first steps in productionizing a cluster is to remove the kubeadmin account - is it possible that you've done that and the "crc console --credentials" is now only displaying what it used to be?
If you have another admin account try:
$ oc get -n kube-system secret kubeadmin
The step to remove that account (see: https://docs.openshift.com/container-platform/4.9/authentication/remove-kubeadmin.html) is to simply delete that secret. If you've done that at some point in this cluster's history you'll either need to use your other admin accounts in place of kubeadmin, or recreate the CRC instance (crc stop; crc delete; crc setup)
Just in case others are having this issue and the issue persists even after trying crc stop, crc delete, crc cleanup, crc setup, crc start, I was able to sign in as kubeadmin by NOT using the following command after crc start got my CodeReady Container up and running.
eval $(crc oc-env)
Instead, I issue the crc oc-env command. In this example that the output returns /home/john.doe/.crc/bin/oc.
~]$ crc oc-env
export PATH="/home/john.doe/.crc/bin/oc:$PATH"
# Run this command to configure your shell:
# eval $(crc oc-env)
I then list the contents of the /home/john.doe/.crc/bin/oc directory which shows that the /home/john.doe/.crc/bin/oc directory is symbolically linked to the /home/john.doe/.crc/cache/crc_libvirt__amd64/oc file.
~]$ ll /home/john.doe/.crc/bin/oc
lrwxrwxrwx. 1 john.doe john.doe 61 Jun 8 20:27 oc -> /home/john.doe/.crc/cache/crc_libvirt_4.10.12_amd64/oc
And I was then able to sign in using the absolute path to the oc command line tool.
~]$ /home/john.doe/.crc/cache/crc_libvirt_4.10.12_amd64/oc login -u kubeadmin -p 28Fwr-Znmfb-V6ySF-zUu29 https://api.crc.testing:6443
Login successful.
I'm sure I could dig a bit more into this, checking the contents of my users $PATH, but suffice to say, this at least is a work around for me that gets me to be able to sign in as kubeadmin.
Related
Screenshot of the installation process
As you can see at the image (link above) I started an installation of mysql by typing
mysql_secure_installation
on the Ubuntu 20.04 terminal.
But now I just want to cancel (exit) the installation. The process is now in the password setting section (like in the image above).
I tried ctrl+x, ctrl+q, ctrl+d, ESC but none of them worked.
Should I just close the terminal window? (I want that nothing will be saved of the process)
I'm waiting for your help, thanks in advance.
The Solution
From another terminal:
sudo kill $(ps aux | grep mysql_secure_installation | grep -v grep | awk '{print $2}')
Per qt-x's comment, if your system supports pgrep you can use:
sudo kill $(pgrep mysql_secure_installation)
You can then run 'mysql_secure_installation' again. But you may want to read the "Why I Know This" section below first....., which may explain why you have to exit 'mysql_secure_installation' in the first place [for some people].
Why I Know This
For some reason, recently I've had to set my root password first before running this script:
> mysql
mysql> ALTER USER 'root'#'localhost' IDENTIFIED WITH mysql_native_password by 'mynewpassword';
Or I end up in an endless loop where I can't set the password, and the message is:
Failed! Error: SET PASSWORD has no significance for user ‘root’#’localhost’ as the authentication method used doesn’t store authentication data in the MySQL server
ctrl+c will work, but only at the following position:
Do you wish to continue with the password provided?(Press y|Y for Yes,
any other key for No) :
Maybe a simpler command to kill mysql_secure_installation
sudo pkill -f mysql_secure_installation
pgrep -af mysql_secure_installation to get the current state.
very easy, just type ctrl+c
it worked for me, don't know about you
I'm trying to setup a backup system for MySQL from PHP by using mysqldump command but I'm having a Permission denied error.
I'm on MacOS Catalina 10.15.6, using system PHP and Homebrew mysql#57.
After many attempts, I could reproduce this issue in Terminal. If I run the command as me, it works fine and the backup file is correctly created, but when I run it as _www I get the error.
This works:
% mysqldump --defaults-extra-file="crd" --extended-insert mydb > backup.sql.gz
And this does not work:
% sudo -u _www mysqldump --defaults-extra-file="crd" --extended-insert mydb > backup.sql.gz
sudo: unable to execute /usr/local/opt/mysql#5.7/bin/mysqldump: Permission denied
I checked and mysqldump can be executed by user, group and other:
% ls -la /usr/local/opt/mysql#5.7/bin | grep mysqldump
-r-xr-xr-x 1 jbogdani staff 3853364 Aug 17 21:22 mysqldump
Other attempts to provide username and password in the command also fail.
mysqldump will need a password for the mysql user root. If you don't supply that password it won't work, sudo or no sudo.
instead of using sudo -u _www just execute it with current mysql user account.
if you need further reading
You need to use a full path on the output.
You do not have permissions to write to /usr/local/opt/mysql#5.7/bin/backup.sql.gz. Specify full path of the target backup archive to another directory
I think you'll find the _www user is restricted in some way. It might not have a valid shell, it might be locked, or there might be apparmour/selinux restrictions preventing it from running.
Check the output of dmesg and /var/log/secure for useful logs, otherwise check and change the shell and status of the user using usermod to find and isolate the issue.
Make sure you consider the security ramifications before doing anything in production though.
I have set up an openshift 3.11 cluster and want to change the admin password. Below are the steps I have run. The final command to my understanding is supposed to apply the change but it prompts me to set the password again which I think is the problem.
ssh to cluster as root then I ran these commands:
htpasswd -c -b /etc/origin/master/htpasswd ocadmin NEWPASSWORD
htpasswd -v /etc/origin/master/htpasswd ocadmin
The new password verified correctly
htpasswd /etc/origin/master/htpasswd ocadmin
This just prompted me to edit the password again. It returns a result stating the password is updating but nothing changes
Issue is I have multiple master nodes in my cluster. After updating the file and copying it to each of the master nodes it worked:
Final process is:
ssh to master00 node
htpasswd -c -b /etc/origin/master/htpasswd ocadmin NEWPASSWORD
scp /etc/origin/master/htpasswd clusternamemaster-01:/etc/origin/master/htpasswd
scp /etc/origin/master/htpasswd clusternamemaster-02:/etc/origin/master/htpasswd
etc
I'm trying to use the command sudo -i -u postgres for PostgreSQL, and the Google Compute Engine VM is asking me for my password for my account (not root).
As I never issued a password, and I always login to my server via SSH key, I'm not sure what the password is, how I can reset it, or where it can be found.
Please tell me where I can get my password?
To become another non-root user on a GCE VM, first become root via password-less sudo (since that's how sudo is configured on GCE VM images):
sudo su -
and then switch to the user you want to become or run a command as another use, e.g., in your case, that's:
sudo -i -u postgres
Per https://cloud.google.com/compute/docs/instances ,
The instance creator and any users that were added using the metadata
sshKeys value are automatically administrators to the account, with
the ability to run sudo without requiring a password.
So you don't need that non-existent password -- you need to be "added using the metadata sshKeys value"! The canonic way to do that, and I quote from that same page:
$ echo user1:$(cat ~/.ssh/key1.pub) > /tmp/a
$ echo user2:$(cat ~/.ssh/key2.pub) >> /tmp/a
$ gcloud compute project-info add-metadata --metadata-from-file sshKeys=/tmp/a
or you can use the Google Developers Console for similar purposes, see https://cloud.google.com/compute/docs/console#sshkeys if you'd prefer that.
Summary
While creating the VM, specify the ssh user in the "Enter the entire key data" box.
Details
generate the ssh key pair and identify the public key:
if ssh-keygen, a file ending with ".pub"
if PuTTYgen, the text in box "Public key for pasting ..."
Notice the fields, all one one line, separated by spaces: "protocol key-blob username".
For username, you may find your Windows user name or a string like "rsa-key-20191106". You will replace that string with your choice of Linux user name.
Paste the public key info into the "Enter the entire key data" box.
Change the 3rd field to the actual user that you want to create on the VM. If, for example, "gcpuser", then:
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAjUIG3Z8wKWf+TZQ7nVQzB4s8U5rKGVE8NAt/LxlUzEjJrhPI5m+8llLWYY2PH4atZzuIYvYR0CVWhZvZQzLQc33vDOjQohxV9Lg26MwSqK+bj6tsr9ZkMs2zqNbS4b2blGnr37+dnwz+FF7Es9gReqyPxL9bn5PU/+mK0zWMHoZSEfUkXBrgqKoMQTsYzbMERluByEpZm9nRJ6ypvr9gufft9MsWC2LPhEx0O9YDahgrCsL/yiQVL+3x00DO9sBOXxi8kI81Mv2Rl4JSyswh1mzGAsT1s4q6fxtlUl5Ooz6La693IjUZO/AjN8sZPh03H9WiyewowkhMfS0H06rtGQ== gcpuser
create your VM. (Debian, for example)
Connect to the VM
directly from ssh or PuTTY (not browser window)
use the private key
specify the user
Notice that your public key is present:
gcpuser#instance-1:~/.ssh$ cat authorized_keys
# Added by Google
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAjUIG3Z8wKWf+TZQ7nVQzB4s8U5rKGVE8NAt/LxlUzEjJrhPI5m+8llLWYY2PH4atZzuIYvYR0CVWhZvZQzLQc33vDOjQohxV9Lg26MwSqK+bj6tsr9ZkMs2zqNbS4b2blGnr37+dnwz+FF7Es9gReqyPxL9bn5PU/+mK0zWMHoZSEfUkXBrgqKoMQTsYzbMERluByEpZm9nRJ6ypvr9gufft9MsWC2LPhEx0O9YDahgrCsL/yiQVL+3x00DO9sBOXxi8kI81Mv2Rl4JSyswh1mzGAsT1s4q6fxtlUl5Ooz6La693IjUZO/AjN8sZPh03H9WiyewowkhMfS0H06rtGQ== gcpuser
Notice that you are in group google-sudoers
gcpuser#instance-1:~/.ssh$ id
uid=1000(gcpuser) gid=1001(gcpuser) groups=1001(gcpuser),4(adm),30(dip),44(video),46(plugdev),1000(google-sudoers)
sudo to root with no password
gcpuser#instance-1:~$ sudo -i -u root
root#instance-1:~#
Notice the sudoers file:
root#instance-1:~# cat /etc/sudoers.d/google_sudoers
%google-sudoers ALL=(ALL:ALL) NOPASSWD:ALL
Conclusion
Specifying the username in "Enter the entire key data" has these results:
creating the user in the virtual machine.
uploading the key to ~/.ssh
membership in a passwordless sudo group
i have downloaded and installed mySQL my double clicking on its icon. It was installed successfully.
When i goto startup and preference i see the icon of mysql added and when i click on it i see a screen where it says 'MySQL server instance is running'.
But when i open terminal and cd to /usr/local/mysql and then when i type sudo ./bin/mysqld_safe i was prompted for a password. and i have not added a password when i installed mySQL, so i tried leaving it blank, and then i tried various passwords to login but all attempts failed.
So now i need to know how to login to mySQL via the terminal ?
mysql version - 5.5.24-osx10.6x86_64
my Mac OS - 10.7.3
What I found installing mysql on MacOs, there are a few differences. One is that it installs it without a password. The other thing is that it by default allows for anonymous logins.
Use this to set the password:
mysqladmin -u root -h localhost password yourpassword
You can remove anonymous logins this way:
shell> mysql -u root -p
Enter password: (enter root password here)
mysql> DROP USER ''#'localhost';
mysql> DROP USER ''#'host_name';
The other thing is that I found that the install does not modify the path variable. What I did to run mysql from the command line was to add /usr/local/mysql/bin to path by adding it to /etc/paths or /etc/paths.d . This may be what you need in order to run mysql. Like someone said in the comments, mysqld_safe is one way to start the mysql server, and it seems that is already set to run.
Here are specific instructions to add something to /etc/paths.d
$ cd /etc/paths.d
$ cat > mysql
/usr/local/bin/mysql
(and then type Ctrl-D
that should put a file there)
you may have to sudo if you do not have permissions.
The sudo command, by default, lets anyone in the admin group run a command as root by giving his own password. That's why it asked for your password when you typed "sudo ./bin/mysqld_safe". It has nothing whatsoever to do with mysql.
If you don't have a password, you cannot use sudo in the default configuration. Either give yourself a password, or edit the sudoers file. (I would strongly suggest the former over the latter, especially if you have no idea what sudo does.)
For more information, type "man sudo" (and then "man sudoers") from your Terminal.
Meanwhile, the reason "it says -bash: mysql: command not found when i type mysql in the terminal" is because you've clearly installed it into /usr/local/mysql/bin/mysql, and that isn't on your path. If it were on your path, you could have just done "sudo mysqld_safe" above, instead of "sudo ./bin/mysqld_safe". Since it's not, you have to do "./bin/mysqld_safe".
For more information, consult a good primer on the Unix shell.
Finally, if you've got the mysql daemon running, and are trying to start the client, it's "mysql" that you want to run, not "mysqld_safe".