This is the first time I am working with Openshift. I have successfully installed Redhat Openshift on a single EC2 server ( Single Node ).
I will be installing IBM Cloud Data Pak on this Openshift Server.
I was trying to create a separate admin user for the same.
I have executed the following commands :
oc login -u system.admin
Then
oc create user bob
But I am facing the following error :
Error from server (Forbidden): users.user.openshift.io is forbidden: User "system.admin" cannot create users.user.openshift.io at the cluster scope: no RBAC policy matched
I am not able to understand the root cause of the issue.
It will be great if someone could help me to resolve this and help me understand the root cause of this issue.
It's "system:admin", not "system.admin"
And be sure client-cert and client-key is present for system:admin user in your .kube/config
Related
I have an azure app service, using the latest wordpress image from docker hub. The screenshot for the azure app service:
Then in the azure app service -> application setting, I added the following key/value pairs which will be used to connect Azure database for mysql:
WORDPRESS_DB_HOST
WORDPRESS_DB_NAME
WORDPRESS_DB_PASSSWORD
WORDPRESS_DB_USER
screenshot:
Inside my Azure database for mysql, I have enabled public access / allow public access from any azure service / also add my client ip and this ip range 0.0.0.0 - 255.255.255.255. I can access it from my client and create the database which will be used by azure app service. Screenshot like below:
in server parameters, I also turn off the require_secure_transport setting:
At last, I tried to launch the site, but it throws the error "Error establishing a database connection", screenshot below:
I'm new to wordpress / docker, and don't know how to fix this issue. I also reviewed some videos / docs, and didn't see any other configuration differences. Could you please guide me how to fix this issue? Thanks very much.
You received this error message.
Warning: mysqli_real_connect(): (HY000/1045)>: Access denied for user 'ivan'#'52.xx.xxx.xx' (using password: YES)
It means MySQL received, processed, and rejected your WordPress instance's attempt to connect. So you know the hostname is right and your cloud provider's firewall settings allow your WordPress instance to exchange network data with your MySQL instance.
What's wrong?
MySQL's user name / account name setup has a quirk. An account name can look like 'ivan'#'localhost' or 'ivan'#'%' (or even something like 'ivan'#'192.0.22.33').
The first of those only allows login from localhost (or via tunneling via ssh). The second allows login from '%', meaning any host. You need the second one for your WordPress instance to get access to MySQL.
When you're logged in to MySQL from your machine, do this.
SELECT host, user FROM mysql.user WHERE user='ivan';
You should see two rows, like these
host user
---- ---
% ivan
localhost ivan
It's possible the account with '%' as the host is missing. If so that means you need to create another MySQL account and give it access to your database. Do that like this.
CREATE USER 'ivan'#'%' IDENTIFIED BY 'your_password';
FLUSH PRIVILEGES;
Next, make sure the user account you just created -- the one your WordPress software will use to connect to MySQL -- has access to your database.
GRANT ALL PRIVILEGES ON wordpress.* TO 'ivan'#'%';
FLUSH PRIVILEGES;
If you still get the error message, it's possible the password on your 'ivan'#'%' account doesn't match what you put into your WordPress configuration. You can change it with
ALTER USER 'ivan'#'%' IDENTIFIED BY 'your_password';
FLUSH PRIVILEGES;
If it still gives the same error message, it's possible that your cloud vendor requires TLS to connect to MySQL. You may want to consult their support team about that.
(This is a common stumbling block setting up new WordPress instances.)
ok just to keep and make things clear. all IPs can connect to the DB but are you actually authorized to read/write date in the DB?
I.E. this might be a permission/privilege issue.
I suggest double checking user privileges and determine who can do what on your DB
Best Regards. :-)
I am trying to understand PCF concepts and thinking that once i am done with creating mysql services in PCF, how i can manage that database like creating tables and maintaining that table just like we do in pur traditional environment using mySqldeveoper. I came across one service like PivotalMySQLWeb and tried but didnt liked it much. So if somehow i can get connection details of mysql service , i can use that to connect using sql developer.
The links #khalid mentioned are definitely good.
http://docs.pivotal.io/p-mysql/2-0/use.html
https://github.com/andreasf/cf-mysql-plugin#usage
More generally, you can use an SSH tunnel to access any service, not just MySQL. This also allows you to use whatever tool you would like to access the service.
This is documented here, but if for some reason that goes away here are the steps.
Create your target service instance, if you don't have one already.
Push an app, any app. It really doesn't matter, it can be a hello world app. The app doesn't even need to use the service. We just need something to connect to.
Either Bind the service from #1 to the app in #2 or create a service key using the service from #1. If you bind to the app, run cf env <app> or if you use a service key run cf service-key MY-DB EXTERNAL-ACCESS-KEY and either one will give you your service credentials.
Run cf ssh -L 63306:us-cdbr-iron-east-01.p-mysql.net:3306 YOUR-HOST-APP, where 63306 is the local port you'll connect to on your machine and us-cdbr-iron-east-01.p-mysql.net:3306 are the host and port from the credentials in step #3.
The tunnel is now up, use whatever client you'd like to connect to your service. For example: mysql -u b5136e448be920 -h localhost -p -D ad_b2fca6t49704585d -P 63306, where b5136e448be920 and ad_b2fca6t49704585d are the username and database name from step #3 and 63306 is the local port you picked from step #4.
Additionally, if you want to connect aws-rds-mysql (instantiated from Pivotal Cloud Foundry) from IntelliJ, you can use the DB-Navigator Plugin (https://plugins.jetbrains.com/plugin/1800-database-navigator) inside IntelliJ, through which, database manipulation can be performed.
After creating the ssh tunnel $ cf ssh -L 63306:<DB_HOSTNAME>:3306 YOUR-HOST-APP (as also mentioned in https://docs.pivotal.io/pivotalcf/2-4/devguide/deploy-apps/ssh-services.html),
Go to DB Navigator plugin and click on custom under new connection.
Enter the URL as: jdbc:mysql://:password>#localhost:63306/<database_name>
The following thread might be helpful for you as well How do I connect to my MySQL service on Pivotal Cloud Foundry (PCF) via MySQL Workbench or CLI or MySQLWeb Database Management App?
I got stuck in using ejabberd and JSXC after installing with default configuration and move from Mnesia to MySQL, I could not login to admin site anymore. I checked log as below :
2015-08-06 15:50:32.972 [error] <0.3196.0>#ejabberd_auth:is_user_exists:313 The authentication module ejabberd_auth_odbc returned an error
when checking user <<"ejabberd">> in server <<"10.30.173.89">>
Error message: <<"Unknown Host">>
By the way, could you please help me to create MUC (multi-user chat), I don't know how to config it in JSXC and ejabberd.
This is an error in your configuration. "Unknown Host" error for the SQL query means that ejabberd could not find any MySQL database configured for that domain.
You need to check and fix your ejabberd configuration file.
I also have same question in same scenario.
I can add a new user from command line and also view it in my MySQL DB
./ejabberdctl register test2 localhost test2
But getting unknown host error when the user is trying to connect from client.
I am following the etherpad tutorial.
I created a container on ubuntu and ran it locally. The push to bluemix worked. However when I try to run the container on bluemix I get the following error:
Sorry, an error occurred on our side: Unable to create the network. No
tenant network is available for allocation. [Incident ID
e1d83d17ff51f0ae]
Is this temporary failure or my fault?
I ran the following command
$ sudo ice run -p 9080 --name ethernotes registry-ice.ng.bluemix.net/alicesbox/notes:latest
This is a temporary failure. The response says "an error occurred on our side". When an IBM Container is created it is given a private IP address reachable only by other containers sharing the account. The system was unable to give your instance that address.
Try again.
After your instance has been created you can make it public-facing by giving it a public IP address.
I created an app called "world" following the instructions from:
https://blog.openshift.com/12-tips-for-hosting-wordpress-on-openshift/.
It's a hosted Wordpress blog, with PHP 5.4 scalable up to 1GB, with a Web Load Balancer and MySQL 5.5.
Everytime I try to check for the space used, I get the same error.
rhc show-app world --gears quota
Unable to connect to gear 54d48383fcf933f91f0000aa#54d48383fcf933f91f0000aa-laurapons.rhcloud.com
Unable to connect to gear 54d48383fcf933f91f0000a9#world-laurapons.rhcloud.com
Gear Cartridges Used Limit
------------------------ ------------------- ----- -----
54d48383fcf933f91f0000aa mysql-5.5 error 1 GB
54d48383fcf933f91f0000a9 haproxy-1.4 php-5.4 error 1 GB
I tried to restart the application (using restart and stop&start commands) but nothing seems to work.
I am also facing some other connection problems (probably related to the same issue):
I have the same problem when trying to clone the application with git clone:
ssh: connect to host world-laurapons.rhcloud.com port 22: Bad file number
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.
And also with the rhc port-forward world
I copied the URL for git clone from the openshift online dashboard, and I can open the wordpress blog and see all the information, but somehow, I'm unable to access to the data.
I have already created a default Public Key and 2 authorisations (one to access through the browser and the other to access through RHC)...
What should I try?
How can I get the usage?
Do I need to set up anything else?
I am stuck... any suggestion?
Sounds like your SSH key is not working properly. Make sure you installed your keys and that they are working. Try running 'rhc setup'. If that still doesn't work try
ssh -vvv 54d48383fcf933f91f0000a9#world-laurapons.rhcloud.com
and look at the output.
You can also try using
ssh -i /path/to/your/ssh.key 54d48383fcf933f91f0000a9#world-laurapons.rhcloud.com
And see if that works (specifies what ssh key to use)
rhc with some ruby version will have issue with pageant (putty). I closed pageant, ran again rhc command then it worked.