I made a mistake and delete the keystone identity endpoints, and when I want to create the endpoints again I receive this error:
admin endpoint for identity service not found
Also I can't execute other commands of keystone.
I managed to do something similar and fixed it with these commands:
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
keystone-manage bootstrap --bootstrap-password ADMIN_PASS --bootstrap-admin-url http://example.com:35357/v3/ --bootstrap-internal-url http://example.com:35357/v3/ --bootstrap-public-url http://example.com:35357/v3/ --bootstrap-region-id RegionOne
Based on the Docs at http://docs.openstack.org/newton/install-guide-rdo/keystone.html
Related
My Service Principal has the following two roles on the whole Resource Group Playground
CDN Endpoint Contributor
CDN Profile Contributor
I am trying to run the following commands
az login --service-principal --username="ca85199a-7e86-40eb-b6c8-a774a9edc010" --password="<pwd>" --tenant="<tenant-id>"
az cdn endpoint purge -n mopar --profile-name mopar-poc --content-paths "/*" --resource-group Playgroud --no-wait
I am getting the following error.
AuthorizationFailed: The client 'acd5dfea-f69a-4178-812c-4204963c6959' with object id 'acd5dfea-f69a-4178-812c-4204963c6959' does not have authorization to perform action 'Microsoft.Cdn/profiles/endpoints/purge/action' over scope '/subscriptions/b19669be-bfa2-4e86-b7d4-f1b4d98dd2a5/resourceGroups/Playgroud/providers/Microsoft.Cdn/profiles/mopar-poc/endpoints/mopar' or the scope is invalid. If access was recently granted, please refresh your credentials.
What am I missing here?
The two roles are enough, the command works fine on my side, please follow the steps below to troubleshoot.
1.Double-check the RBAC roles in the azure portal, make sure the correct service principal has the correct role in the correct scope.
2.Run az account clear first, then login again to make sure you are using the correct service principal.
3.Make sure you logged in to the correct subscription, just use az account set --subscription <subscription-id> after login to set it.
The error was misleading.
Turns out I had misspelled Playground in the command below.
az cdn endpoint purge -n mopar --profile-name mopar-poc --content-paths "/*" --resource-group Playgroud --no-wait
Im trying to test out this demo on my own windows machine: https://github.com/Autodesk-Forge/forge-bim360-clashissue
Ive successfully started had the template running with these commands.
npm install
set FORGE_CLIENT_ID=<<YOUR CLIENT ID FROM DEVELOPER PORTAL>>
set FORGE_CLIENT_SECRET=<<YOUR CLIENT SECRET>>
set FORGE_CALLBACK_URL=<<YOUR CALLBACK URL>>
npm run nodemon
Ive added a new app within the Forge My Apps interface.
Ive added the provisions for the the BIM 360 Account interface.
I can connect to my localhost, and when i press ALLOW to try to authenticate and login to the autodesk account, i get redirected to the following website with the following error:
http://localhost:3000/api/forge/oauth/callback?code=TOAq...
Cannot GET /api/forge/oauth/callback
How can i get past this error?
It looks like a configuration mismatch. You have configured the callback to be http://localhost:3000/api/forge/oauth/callback but according to https://github.com/Autodesk-Forge/forge-bim360-clashissue/blob/master/server/endpoints/oauth.endpoints.js#L72 your server actually expects the callback on a different URL: http://localhost:3000/api/forge/callback/oauth.
I am completely new to WSO2 and I am facing the problem described below.
After deploying the API (composite application *.car file) I am unable to invoke the services of the defined endpoints from WSO2 ESB.
The REST API I am trying to invoke is found deployed on a local tomcat installation, and is located at:
http://localhost:8080/CustomerInfoRestService/customers/
To retrieve a json customer object I would simply add the customer id, like so:
http://localhost:8080/CustomerInfoRestService/customers/2
All the services operations (Get, POST, PUT, DELETE) are tested and invoked successfully. For testing I used the tool 'PostMan'.
I created an ESB project using the WSO2 Integration Studio.
First I defined an endpoint with a URI Template of:
http://localhost:8080/CustomerInfoRestService/customers/{uri.var.custId}
Then I defined a REST API. The properties of the API Resource are as follows:
URL-Style: URI_Template
URI-Template: /customers/{custId}
Methods: GET
In the In-Sequence I added a log mediator, having:
Log Category: INFO
Log Level: CUSTOM
and I defined its message as:
Property Name: message
Property value type: LITERAL
Property Value: Welcome to Customer Service
Directly next to the log mediator is a 'Send' mediator, and I included the defined endpoint above.
Then I deploy the composite application as: right-click -> Export Composite Application Project.
I include both the API and and the endpoint in the generated *.car file.
Now to invoke an API request, I call the service using 'curl':
curl -v http://localhost:8280/CustomerInfoRestService/customers/2
and I get the response:
* Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8280 (#0)
> GET /CustomerInfoRestService/customers/2 HTTP/1.1
> Host: localhost:8280
> User-Agent: curl/7.55.1
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Date: Thu, 13 Jun 2019 10:09:06 GMT
< Transfer-Encoding: chunked
<
* Connection #0 to host localhost left intact
It seems not to be found (404 error)
I followed the WSO2 documentation, specifically the integration tutorial "Sending a Simple Message to a Service" to create this project, for reference it is found at:https://docs.wso2.com/display/EI650/Sending+a+Simple+Message+to+a+Service
Any help is greatly appreciated.
Thanks in advance,
Kind Regards,
This kind of response comes when the API is not deployed or active in the ESB. Did you deploy the car file you created? You did not mention that in your steps. Please make sure that you are able to see the API in the management console (Home -> Service Bus -> API).
I cannot create a virtual machines in GCE.. While creating it is showing the error message, i have attached my screen-shot of error message.. i will briefly explain what i have done..
--> I have deleted my compute engine default service account from my service account list.. later i created new service account..
--> While creating virtual machines i selected newly created service account, vm creating was failed but the error shows the deleted service account id is not found under service account..
--> While creating vm's it is referring my deleted service account id..
Now what i need to do? Is there is any solution to reactivate my Compute Engine default service account..
Completely iam struck now i cannot create new vms and kubernetes.
To restore your google compute default service account, run the following gcloud command within your project:
gcloud services enable compute
In previous versions the command was known to be:
gcloud service-management enable compute.googleapis.com
As stated in this issue: https://issuetracker.google.com/issues/69612457
You can now "undelete" service accounts by doing a curl request as below:
curl -X POST -H "Authorization: Bearer $(gcloud auth print-access-token)" -H "Content-length: 0" "https://iam.googleapis.com/v1/projects/-/serviceAccounts/SERVICE_ACCOUNT_ID:undelete"
SERVICE_ACCOUNT_ID is the id of the account you want to recover
You can get a list of service accounts by running:
gcloud logging read "resource.type=service_account" --freshness=10y
Reference:
https://cloud.google.com/iam/docs/creating-managing-service-accounts#undeleting_a_service_account
There are two default service accounts and I am not sure which one you are referring to:
Google API service account, in your case it is called: 933144605699#cloudservices.gserviceaccount.com. It is a special service account. It is always created but never listed in gcloud or the web console. It is intended to be used by some of the internal Google processes on user's behalf. GKE may be one of the services that uses this account (I am not sure).
It is impossible to delete this account, the only thing you could do is to remove it from any roles on the project. By default it is an Editor. You can add it back any time.
Default service account: 933144605699-compute#developer.gserviceaccount.com. This is a normal service account, which you may delete.
In the error message you pasted there is a different service account name, is it the new one you created? If this is the case, you might only need to go to IAM settings on the web console and add your user to service account actor. Take a look at this manual page: https://cloud.google.com/compute/docs/access/iam#the_serviceaccountactor_role
First you need to find the removed SERVICE_ACCOUNT_ID. Using Logging advanced queries is:
resource.type = "service_account"
protoPayload.authorizationInfo.permission = "iam.serviceAccounts.delete"
Example here:
==> unique_id value is SERVICE_ACCOUNT_ID
Use the API provided by #sherief-el-feky :
curl -X POST -H "Authorization: Bearer $ (gcloud auth print-access-token)" -H "Content-length: 0" https://iam.googleapis.com/v1/projects/-/serviceAccounts/SERVICE_ACCOUNT_ID : undelete "
Logging advanced queries: https://cloud.google.com/logging/docs/view/advanced-queries
As of Feb 2022, use
gcloud beta iam service-accounts undelete <ACCOUNT ID>
ACCOUNT ID is the 21 digit unique id (uid) which last part of the deleted service account.
For example,
deleted:serviceAccount:abc-project#kubeflow-ml.iam.gserviceaccount.com?uid=123451234512345123451
uid is the last part of the above service account.
I setup 'ice' on my mac as per instruction in Bluemix docs.
I can successfully run 'ice login':
API endpoint: https://api.ng.bluemix.net
Username> XXXXXX#XXX.XXX
Password>
Authenticating...
OK
API endpoint: https://api.ng.bluemix.net (API version: 2.23.0)
User: XXXXXX#XXX.XXX
Org: XXXXXX#XXX.XXX
Space: dev
Authentication with container cloud service at https://api-ice.ng.bluemix.net/v2/containers completed successfully
You can issue commands now to the container service
Proceeding to authenticate with the container cloud registry at registry-ice.ng.bluemix.net
WARNING: login credentials saved in /Users/giovanni/.dockercfg.
Login Succeeded
but when I issue any other 'ice' command I receive an error.
E.g. 'ice images':
Refreshing cf tokens
Unauthorized failure
Any advice on where to look for logs or what's the issue?
Cheers, Giovanni
Per your comment, the issue appears to be one of not being authorized to access the beta IBM Containers offering. We have just enabled all users queued from yesterday for the beta, so you should be authorized to access the beta service now.
Yep, I confirm that after trying to create a container using Bluemix UI (website) and once received a confirmation email that I was authorised to use Container, 'ice' commands started working.
e.g.
$ ice images
Image Id Created Image Name
d0feae99-b91d-4ce3-bcb4-6128886f6968 Mar 24 03:44:59 2015 registry-ice.ng.bluemix.net/ibmliberty:latest
74831680-1c9c-424e-b8ea-ceede4aa0e40 Mar 24 03:41:24 2015 registry-ice.ng.bluemix.net/ibmnode:latest
Cheers, Giovanni