I'm trying to build custom image for AWS EKS managed node group, Note: my custom image (ubuntu) already has MFA and private key based authentication enabled.
I cloned github repository to build eks related changes from the below url.
git clone https://github.com/awslabs/amazon-eks-ami && cd amazon-eks-ami
Next i made few changes to run the make file
cat eks-worker-al2.json
{
"variables": {
"aws_region": "eu-central-1",
"ami_name": "template",
"creator": "{{env `USER`}}",
"encrypted": "false",
"kms_key_id": "",
"aws_access_key_id": "{{env `AWS_ACCESS_KEY_ID`}}",
"aws_secret_access_key": "{{env `AWS_SECRET_ACCESS_KEY`}}",
"aws_session_token": "{{env `AWS_SESSION_TOKEN`}}",
"binary_bucket_name": "amazon-eks",
"binary_bucket_region": "eu-central-1",
"kubernetes_version": "1.20",
"kubernetes_build_date": null,
"kernel_version": "",
"docker_version": "19.03.13ce-1.amzn2",
"containerd_version": "1.4.1-2.amzn2",
"runc_version": "1.0.0-0.3.20210225.git12644e6.amzn2",
"cni_plugin_version": "v0.8.6",
"pull_cni_from_github": "true",
"source_ami_id": "ami-12345678",
"source_ami_owners": "00012345",
"source_ami_filter_name": "template",
"arch": null,
"instance_type": null,
"ami_description": "EKS Kubernetes Worker AMI with AmazonLinux2 image",
"cleanup_image": "true",
"ssh_interface": "",
"ssh_username": "nandu",
"ssh_private_key_file": "/home/nandu/.ssh/template_rsa.ppk",
"temporary_security_group_source_cidrs": "",
"security_group_id": "sg-08725678910",
"associate_public_ip_address": "",
"subnet_id": "subnet-01273896789",
"remote_folder": "",
"launch_block_device_mappings_volume_size": "4",
"ami_users": "",
"additional_yum_repos": "",
"sonobuoy_e2e_registry": ""
After adding user and private key build getting failed with below error.
logs
amazon-ebs: Error waiting for SSH: Packer experienced an authentication error when trying to connect via SSH. This can happen if your username/password are wrong. You may want to double-check your credentials as part of your debugging process. original error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain.
for me just changue region for aws o delete aws region in packer.
Related
I am trying to deploy my application with Heroku from my Github.
I placed my dotenv values in the config vars but one value refer to a json file, that heroku can not access
GCS_KEYFILE = file.json
And this is the json :
{
"type": "service_account",
"project_id": "",
"private_key_id": "",
"private_key": "=\n-----END PRIVATE KEY-----\n",
"client_email": "",
"client_id": "",
"auth_uri": "",
"token_uri": "",
"auth_provider_x509_cert_url": "",
"client_x509_cert_url": "
}
How can I make heroku access the file?
Update
I tried the answer below, that didn't worked for me. In the config vars I tried to add the json. Now I get the following error message :
2020-04-14T14:40:53.370477+00:00 app[web.1]: Error: Could not authenticate request
2020-04-14T14:40:53.370493+00:00 app[web.1]: ENOENT: no such file or directory, open '/app/{
type": "service_account",
"project_id": "",
"private_key_id": "",
"private_key": "=\n-----END PRIVATE KEY-----\n",
"client_email": "",
"client_id": "",
"auth_uri": "",
"token_uri": "",
"auth_provider_x509_cert_url": "",
"client_x509_cert_url": "
2020-04-14T14:40:53.370500+00:00 app[web.1]: at /app/node_modules/gcs-resumable-upload/build/src/index.js:235:19
2020-04-14T14:40:53.370501+00:00 app[web.1]: at /app/node_modules/google-auto-auth/index.js:27:9
2020-04-14T14:40:53.370501+00:00 app[web.1]: at /app/node_modules/google-auto-auth/index.js:233:9
This is the error message when I try the answer below :
Error: You have to specify credentials key file for Google Cloud Storage to work.
The code I try to deploy can be found here
Heroku does not give you a filesystem so this is not trivial.
It looks there is a workaround using heroku-google-application-credentials-buildpack, but I have solved this in a different way: I package my application in a Docker image (which includes the JSON file wherever it expects it) and push/deploy that to Heroku.
The json file (which includes sensitive information) is not on my code repository and it is only pushed inside the image when the image is built.
Hope this helps.
I have a nodejs application which runs on pm2 and I need to be able to send email notifications whenever a crash/ restart occurs. My idea is to monitor the application for crashes and trigger a mail action from pm2-health. The documentation of pm2-health module is here but I'm unable to use it for sending email alerts. Can anyone explain how to use it for this purpose?
P.S: Also, it would be great if you could explain about SMTP configuration for gmail.(I have configured postfix to use gmail smtp according to this and it works fine for test gmail but doesn't work with pm2-health)
This is how I could get pm2-health working with my Gmail account:
Install pm2-health module:
pm2 install pm2-health
Open PM2 module config file:
vim ~/.pm2/module_conf.json
Update it with the Gmail account’s SMTP parameters:
{
"pm2-health": {
"smtp": {
"host": "smtp.gmail.com",
"port": 465,
"user": "EXAMPLE_sender#gmail.com",
"password": "PASSWORD",
"secure": true,
"disabled": false
},
"mailTo": "NOTIFICATION_RECIPIENT_EMAIL_ADDRESS",
"replyTo": "EXAMPLE_SENDER#gmail.com",
"events": [
"exit"
],
"exceptions": true,
"messages": true,
"messageExcludeExps": [],
"metric": {},
"metricIntervalS": 60,
"aliveTimeoutS": 300,
"addLogs": false,
"appsExcluded": [],
"snapshot": {
"url": "",
"token": "",
"auth": {
"user": "",
"password": ""
},
"disabled": false
}
},
"module-db-v2": {
"pm2-health": {}
}
}
Save and close it
Restart pm2-health:
pm2 restart pm2-health
Test it by restarting one of your PM2-managed Node processes. You should receive an email about that event.
For anyone trying to use with 2FA enabled Gmail, you need to use an App Password. More information here: https://support.google.com/accounts/answer/185833
I am unable to create an OVA using packer in virtualbox with id_rsa.From the host machine I am able to ssh to the vbox host using same private key. The error is as given
"Error waiting for SSH: ssh: handshake failed: ssh: unable to
authenticate, attempted methods [none publickey], no supported methods
remain". Using "ssh_password" the OVA is created successfully. But
my objective is to create an OVA using private key.
{
"builders": [{
"type": "virtualbox-ovf",
"source_path": "/root/Documents/OVA_idrsa.ova",
"ssh_username": "support",
"ssh_private_key_file": "id_rsa",
"ssh_pty": "true",
"ssh_port": 22,
"vrdp_bind_address": "0.0.0.0",
"guest_additions_mode": "disable",
"virtualbox_version_file": "",
"headless": true,
"ssh_skip_nat_mapping": "true",
"boot_wait": "120s",
"ssh_wait_timeout": "1000s",
"shutdown_command": ""
}]
}
I have tried using the ssh_password instead. It was successfull. But with private_key file the issue is recurrent.
{
"builders": [{
"type": "virtualbox-ovf",
"source_path": "/root/Documents/OVA_idrsa.ova",
"ssh_username": "support",
"ssh_private_key_file": "id_rsa",
"ssh_pty": "true",
"ssh_port": 22,
"vrdp_bind_address": "0.0.0.0",
"guest_additions_mode": "disable",
"virtualbox_version_file": "",
"headless": true,
"ssh_skip_nat_mapping": "true",
"boot_wait": "120s",
"ssh_wait_timeout": "1000s",
"shutdown_command": ""
}]
}
Error:
"Error waiting for SSH: ssh: handshake failed: ssh: unable to
authenticate, attempted methods [none publickey], no supported methods
remain"
I'm trying to get the status of a host with the CheckMK WebAPI. Can someone point me in the right direction how to get these data?
We're currently using CheckMK enterprise 1.4.0.
I've tried:
https://<monitoringhost.tld>/<site>/check_mk/webapi.py?action=get_host&_username=<user>&_secret=<secret>&output_format=json&effective_attributes=1&request={"hostname": "<hostname>"}
But the response does not have any relevant information about the host itself (e.g. state up/down, uptime, etc.).
{
"result": {
"attributes": {
"network_scan": {
"scan_interval": 86400,
"exclude_ranges": [],
"ip_ranges": [],
"run_as": "api"
},
"tag_agent": "cmk-agent",
"snmp_community": null,
"ipv6address": "",
"alias": "",
"management_protocol": null,
"site": "testjke",
"tag_address_family": "ip-v4-only",
"tag_criticality": "prod",
"contactgroups": [
true,
[]
],
"network_scan_result": {
"start": null,
"state": null,
"end": null,
"output": ""
},
"parents": [],
"management_address": "",
"tag_networking": "lan",
"ipaddress": "",
"management_snmp_community": null
},
"hostname": "<host>",
"path": ""
},
"result_code": 0
The webapi is only for getting/setting the configuration of a host or other objects. If you want't to get the live status of a host use livestatus.
If you enabled livestats on port 6557 (default) you could query the status of a host via network. If you are logged into a shell locally you can use 'lq'.
OMD[mysite]:~$ lq "GET hosts\nColumns: name"
Why:
The CheckMK webapi if for accessing WATO. WATO is the source for creating the nagios configuration. Nagios will do the monitoring of the hosts and the livestatus api is an extension of the nagios core.
http://<monitoringhost.tld>/<site>/check_mk/view.py?view_name=allhosts&output_format=csv
You can use all the views that you see in the webui by adding output_format=[csv|json|python].
You will the data of the table that you see.
You also need to add the creditals as seen in yout question.
I am using Azure Edge V1 with Ubuntu, I have created 1 IoT Hub with the name say X and then created 2 Devices say dev1 & dev2. After that I changed simulated_device_cloud_upload_lin.json file.
modules:
IotHub - "args": {
"IoTHubName": "X",
"IoTHubSuffix": "azure-devices.net",
"Transport": "MQTT",
"RetryPolicy": "EXPONENTIAL_BACKOFF_WITH_JITTER"}
mapping - "args": [
{
"macAddress": "01:01:01:01:01:01",
"deviceId": "dev1",
"deviceKey": "primary key of dev1"
},
{
"macAddress": "02:02:02:02:02:02",
"deviceId": "dev2",
"deviceKey": "Primary key of dev2"
} ] }
And then I go inside build folder and run command
./samples/simulated_device_cloud_upload/simulated_device_cloud_upload_sample ../samples/simulated_device_cloud_upload/src/simulated_device_cloud_upload_lin.json
And this start sending messages to IoT Hub, but when I checked to IoTHub with iothub-explorer it will show me error given below-
error receiving reply from Event hub management end point : undefined.
And also messages did not reach at IoT Hub.
Could you please tell me what have I done wrong?