Fossil: not authorized to write - fossil

What am I doing wrong? I realize I havent read up on any user management but I'm completely local here and never created any users myself so why wouldnt it work?
pc#pc-desktop:~/Desktop$ ./fossil test-hash-passwords test-fossil
pc#pc-desktop:~/Desktop$ ./fossil server
Listening for HTTP requests on TCP port 8080
pc#pc-desktop:~/testcheckout$ ./fossil clone http://localhost:8080 bla
pc#pc-desktop:~/testcheckout$ ./fossil add .
current directory is not within an open checkout
pc#pc-desktop:~/testcheckout$ ./fossil open bla
pc#pc-desktop:~/testcheckout$ ./fossil add .
pc#pc-desktop:~/testcheckout$ ./fossil test-hash-passwords test-fossil
pc#pc-desktop:~/testcheckout$ ./fossil push
Push to http://localhost:8080
Round-trips: 1 Artifacts sent: 0 received: 0
Error: not authorized to write
Round-trips: 1 Artifacts sent: 0 received: 0
Push finished with 385 bytes sent, 303 bytes received

[I can't comment, but...]
You can also add the user credentials when cloning the repository:
fossil clone http://username:pass#URL:8080 repository_name
I'm the only one working on my projects so I set up auto-sync - whenever I commit I can commit local and send remote in one step [just fossil commit].

You are receiving that error because you do not have permissions to modify the remote repository. When you do not supply any credentials, your login name (pc in this case) is used and the pc user probably doesn't exist in the remote repository (or you'd have received a password prompt).
To make this work, you'll need to create an account on the remote repository and use those credentials while doing fossil push.

See if the following works for you.
$ whoami
pc
$ fossil version
This is fossil version 1.34 [62dcb00e68] 2015-11-02 17:35:44 UTC
Clone the remote repository (the local username, pc, has a namesake account on the remote repository).
$ fossil clone http://localhost:8080 bla.fossil
What's the remote repository URL for this clone?
$ fossil remote-url -R bla.fossil
http://localhost:8080
OK, let's specify the remote username; we'll use the same as the local username, $USER:
$ fossil remote-url -R bla.fossil http://$USER#localhost:8080
password for bla:
remember password (Y/n)? y
Let's start working:
$ mkdir bla
$ cd bla
$ fossil open ../bla.fossil
In the end, commit to your local repository bla.fossil. Finally, push to remote:
$ fossil push
Because remote-url now has the username (and you memorized the password when prompted) it should work.

Related

Travis CI Deploy by SSH Script/Hosts issue

I have a django site which I would like to deploy to a Digital Ocean server everytime a branch is merged to master. I have it mostly working and have followed this tutorial.
.travis.yml
language: python
python:
- '2.7'
env:
- DJANGO_VERSION=1.10.3
addons:
ssh_known_hosts: mywebsite.com
git:
depth: false
before_install:
- openssl aes-256-cbc -K *removed encryption details* -in travis_rsa.enc -out travis_rsa -d
- chmod 600 travis_rsa
install:
- pip install -r backend/requirements.txt
- pip install -q Django==$DJANGO_VERSION
before_script:
- cp backend/local.env backend/.env
script: python manage.py test
deploy:
skip_cleanup: true
provider: script
script: "./travis-deploy.sh"
on:
all_branches: true
travis-deploy.sh - runs when the travis 'deploy' task calls it
#!/bin/bash
# print outputs and exit on first failure
set -xe
if [ $TRAVIS_BRANCH == "master" ] ; then
# setup ssh agent, git config and remote
echo -e "Host mywebsite.com\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config
eval "$(ssh-agent -s)"
ssh-add travis_rsa
git remote add deploy "travis#mywebsite.com:/home/dean/se_dockets"
git config user.name "Travis CI"
git config user.email "travis#mywebsite.com"
git add .
git status # debug
git commit -m "Deploy compressed files"
git push -f deploy HEAD:master
echo "Git Push Done"
ssh -i travis_rsa -o UserKnownHostsFile=/dev/null travis#mywebsite.com 'cd /home/dean/se_dockets/backend; echo hello; ./on_update.sh'
else
echo "No deploy script for branch '$TRAVIS_BRANCH'"
fi
Everything works find until things get to the 'deploy' stage. I keep getting error messages like:
###########################################################
# WARNING: POSSIBLE DNS SPOOFING DETECTED! #
###########################################################
The ECDSA host key for mywebsite.com has changed,
and the key for the corresponding IP address *REDACTED FOR STACK OVERFLOW*
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
###########################################################
# WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! #
###########################################################
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
* REDACTED FOR STACK OVERFLOW *
Please contact your system administrator.
Add correct host key in /home/travis/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/travis/.ssh/known_hosts:11
remove with: ssh-keygen -f "/home/travis/.ssh/known_hosts" -R mywebsite.com
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
Permission denied (publickey,password).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Script failed with status 128
INTERESTINGLY - If I re-run this job the 'git push' command will succeed at pushing to the deploy remote (my server). However, the next step in the deploy script which is to SSH into the server and run some postupdate commands will fail for the same reason (hosts fingerprint change or something). Or, it will ask for travis#mywebsite.com password (it has none) and will hang on the input prompt.
Additionally when I debug the Travis CI build and use the SSH url you're given to SSH into the machine Travis CI runs on - I can SSH into my own server from it. However it takes multiple tries to get around the errors.
So - this seems to be a fluid problem with stuff persisting from builds into the next on retries causing different errors/endings.
As you can see in my .yml file and the deploy script I have attempted to disable various host name checks and added the domain to known hosts etc... all to no avail.
I know I have things 99% set up correctly as things do mostly succeed when I retry the job a few times.
Anyone seen this before?
Cheers,
Dean

Run a ESP local for development

When i try to run a local ESP then i get this error.
ERROR:Fetching service config failed(status code 403, reason Forbidden, url ***)
I have a new created service account this account works fine with gcloud cli.
System: OSX Sierra with Docker for MAC
this is the command that i use to start the container:
docker run -d --name="esp" --net="host" -v ~/Downloads:/esp gcr.io/endpoints-release/endpoints-runtime:1.0 -s 2017-02-07r5 -v echo.endpoints.****.cloud.goog -p 8082 -a localhost:9000 -k /esp/serviceaccount.json
UPDATE:
I have found the error i have set for the service name the verision and for the version the servicename.
Now i get no error but it not works, this is the console output from the container. From my view is all fine but it not works, i can't call the proxy with localhost:8082/***
INFO:Constructing an access token with scope https://www.googleapis.com/auth/service.management.readonly
INFO:Service account email: aplha-api#****.iam.gserviceaccount.com
INFO:Refreshing access_token
INFO:Fetching the service configuration from the service management service
nginx: [warn] Using trusted CA certificates file: /etc/nginx/trusted-ca-certificates.crt
This is the used correct command:
docker run -d --name="esp-user-api" --net="host" -v ~/Downloads:/esp gcr.io/endpoints-release/endpoints-runtime:1.0 -s echo.endpoints.***.cloud.goog -v 2017-02-07r5 -p 8082 -a localhost:9000 -k /esp/serviceaccount.json
Aron, I assume:
(1) you are following this user guide: https://cloud.google.com/endpoints/docs/running-esp-localdev
(2) And you do have a backend running on localhost:9000
Have you issued a curl request as suggested in that user guide to localhost:8082/***? does curl command get stuck or returns any error message?
If you don't have a local backend running yet, I would recommend you to follow the user guide above to run a local backend. Note this guide will instruct you to run it at port 8080, so you'll need to change your docker run command from "-a localhost:9000" to "-a localhost:8080" as well.
Also, please note this user guide is for linux env. We haven't tried this set up in a Mac env yet. We do notice some user gets this working on Windows docker with extra work, where he sets backend to "IP of docker NIC". Note "-a" is short for "--backend".
see https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/google-cloud-endpoints/4sRaSkigPiU/KY8g46NSBgAJ

Authentication or permission failure, did not have permissions on the remote directory

I am using ansijet to automate the ansible playbook to be run on a button click. The playbook is to stop the running instances on AWS. If run, manually from command-line, the playbook runs well and do the tasks. But when run through the web interface of ansijet, following error is encountered
Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the remote directory. Consider changing the remote temp path in ansible.cfg to a path rooted in "/tmp". Failed command was: mkdir -p $HOME/.ansible/tmp/ansible-tmp-1390414200.76-192986604554742 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1390414200.76-192986604554742 && echo $HOME/.ansible/tmp/ansible-tmp-1390414200.76-192986604554742, exited with result 1:
Following is the ansible.cfg configuration.
# some basic default values...
inventory = /etc/ansible/hosts
#library = /usr/share/my_modules/
remote_tmp = $HOME/.ansible/tmp/
pattern = *
forks = 5
poll_interval = 15
sudo_user = root
#ask_sudo_pass = True
#ask_pass = True
transport = smart
#remote_port = 22
module_lang = C
I try to change the remote_tmp path to /home/ubuntu/.ansible/tmp
But still getting the same error.
By default, the user Ansible connects to remote servers as will be the same name as the user ansible runs as. In the case of Ansijet, it will try to connect to remote servers with whatever user started Ansijet's node.js process. You can override this by specifying the remote_user in a playbook or globally in the ansible.cfg file.
Ansible will try to create the temp directory if it doesn't already exist, but will be unable to if that user does not have a home directory or if their home directory permissions do not allow them write access.
I actually changed the temp directory in my ansible.cfg file to point to a location in /tmp which works around these sorts of issues.
remote_tmp = /tmp/.ansible-${USER}/tmp
I faced the same problem a while ago and solved like this . The possible case is that either the remote server's /tmp directory did not have enough permission to write . Run the ls -ld /tmp command to make sure its output looks something like this
drwxrwxrwt 7 root root 20480 Feb 4 14:18 /tmp
I have root user as super user and /tmp has 1777 permission .
Also for me simply -
remote_tmp = /tmp worked well.
Another check would be to make sure $HOME is present from the shell which you are trying to run . Ansible runs commands via /bin/sh shell and not /bin/bash.Make sure that $HOME is present in sh shell .
In my case I needed to login to the server for the first time and change the default password.
Check the ansible user on the remote / client machine as this error occurs when the ansible user password expires on the remote / client machine.
==========
'WARNING: Your password has expired.\nPassword change required but no TTY available.\n')
<*.*.*.*> Failed to connect to the host via ssh: WARNING: Your password has expired.
Password change required but no TTY available.
Actual error :
host_name | UNREACHABLE! => {
"changed": false,
"msg": "Failed to create temporary directory.In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\", for more error information use -vvv. Failed command was: ( umask 77 && mkdir -p \"` echo /tmp/ansible-$USER `\"&& mkdir /tmp/ansible-$USER/ansible-tmp-1655256382.78-15189-162690599720687 && echo ansible-tmp-1655256382.78-15189-162690599720687=\"` echo /tmp/ansible-$USER/ansible-tmp-1655256382.78-15189-162690599720687 `\" ), exited with result 1",
"unreachable": true
===========
This could happen mainly because on the Remote Server, there is no home directory present for the user.
The following steps resolved the issue for me -
Log into the remote server
switch to root
If the user is linux_user from which Host (in my case Ansible) is trying to connect , then run following commands
mkdir /home/linux_user
chown linux_user:linux_user /home/linux_user

Heroku app cannot be pushed

I tried deploying my first heroku code, but when I run git push heroku master, i get an error as:
ssh: connect to host github.com port 22: Connection timed out
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
git remote -v gives,
heroku git#heroku.com:dry-stream-5959.git (fetch)
heroku git#heroku.com:dry-stream-5959.git (push)
what is the problem?why wont the code be deployed?
I find strange that a git push heroku master references "github.com".
If you have to push to heorku.com, try a:
git remote set-url heroku git#heroku.com:dry-stream-5959.git
Then repeat your git push.
If the problem persists, and ssh port is blocked, then followed the aforementioned link, but replacing github.com by heroku.com.
SSH is probably blocked on port 22.
Check out this answer, it might help you out.
It is usually usefull to make a:
ssh -vvv yourlogin#heroku
in order to dispay all the operations taking place during the ssh communication.
Various causes can be at the origin of these,
from a $HOME not correctly defined (usual on Windows where the
environment variable %HOME% isn't defined at all by default)
to an IP conflict address (see this thread) for the SSH daemon.
See also answer:// Unable to Git-push master to Github

Change Domain Problems

I have been trying to change the domain and have been running into issues. I hope someone can help me out here, I have documented the steps I went through below.
I requested the DNS resouuce from our dns admin team.
.mike-cf.company.com canonical name = mike-cf.company.com.
Name: mike-cf.company.com
Address: 10.52.88.123
I then installed with the -D switch:
bash < <(curl -s -k -B http ://raw.github.com/cloudfoundry/vcap/master/dev_setup/bin/vcap_dev_setup -D mike-cf.company.com)
I noticed that not all the config files in ~/cloudfoundry/.deployments/devbox/config changed, so I changed those using sed command:
$ cd ~/cloudfoundry/.deployments/devbox/config
$ sed -i 's/.vcap.me/.newdomain.com/g' *.yml
I restarted and things were looking good, I was able to run vmc target with no problem but I was not able to register a user.
$ vmc target http://api.mike-cf.company.com/
Successfully targeted to [http://api.mike-cf.company.com]
$ vmc register --email mike#company.com --passwd password
Creating New User: Error 100: Bad request
There was no entried in uaa.log only this in the cloud_controller.log
[2012-09-25 09:06:46.712110] cc - pid=20400 tid=8ee9 fid=4757 DEBUG -- ---> async\nrequest: post http://uaa.mike-cf.company.com/oauth/token\nheaders: {"content-type"=>"application/x-www-form-urlencoded", "accept"=>"application/json", "authorization"=>"Basic Y2xvdWRfY29udHJvbGxlcjpjbG91ZGNvbnRyb2xsZXJzZWNyZXQ="}\nbody: grant_type=client_credentials
[2012-09-25 09:06:46.718338] cc - pid=20400 tid=8ee9 fid=4757 DEBUG -- <---\nresponse: 404\nheaders: {"SERVER"=>"nginx", "DATE"=>"Tue, 25 Sep 2012 16:06:46 GMT", "CONTENT_TYPE"=>"text/html", "CONTENT_LENGTH"=>"162", "CONNECTION"=>"close"}\nbody: \r\n404 Not Foundhttp://uaa.mike-cf.company.com: 404 trace ["/home/mike/cloudfoundry/.deployments/devbox/deploy/rubies/ruby-1.9.2-p180/lib/ruby/gems/1.9.1/bundler/gems/uaa-dad29c9030f4/gem/lib/uaa/http.rb:56:in json_parse_reply'", "/home/mike/cloudfoundry/.deployments/devbox/deploy/rubies/ruby-1.9.2-p180/lib/ruby/gems/1.9.1/bundler/gems/uaa-dad29c9030f4/gem/lib/uaa/token_issuer.rb:157:inrequest_token'", "/home/mike/cloudfoundry/.deployments/devbox/deploy/rubies/ruby-1.9.2-p180/lib/ruby/gems/1.9.1/bundler/gems/uaa-dad29c9030f4/gem/lib/uaa/token_issuer.rb:128:in client_credentials_grant'", "/home/mike/cloudfoundry/cloud_controller/cloud_controller/app/models/uaa_token.rb:80:inaccess_token'", "/home/mike/cloudfoundry/cloud_controller/cloud_controller/app/models/uaa_token.rb:96:in user_account_instance'", "/home/mike/cloudfoundry/cloud_controller/cloud_controller/app/controllers/users_controller.rb:13:increate'", "/home/mike/cloudfoundry/.deployments/devbox/deploy/rubies/ruby-1.9.2-p180/lib/ruby/gems/1.9.1/gems/actionpack-3.0.14/lib/action_controller/metal/implicit_render.rb:4:in send_action'", "/home/mike/cloudfoundry/.deployments/devbox/deploy/rubies/ruby-1.9.2-p180/lib/ruby/gems/1.9.1/gems/actionpack-3.0.14/lib/abstract_controller/base.rb:150:inprocess_action'", "/home/mike/cloudfoundry/.deployments/devbox/deploy/rubies/ruby-1.9.2-p180/lib/ruby/gems/1.9.1/gems/actionpack-3.0.14/lib/action_controller/metal/rendering.rb:11:in process_action'", "/home/mike/cloudfoundry/.deployments/devbox/deploy/rubies/ruby-1.9.2-p180/lib/ruby/gems/1.9.1/gems/actionpack-3.0.14/lib/abstract_controller/callbacks.rb:18:inblock in process_action'", "/home/mike/cloudfoundry/.deployments/devbox/deploy/rubies/ruby-1.9.2-p180/lib/ruby/gems/1.9.1/gems/activesupport-3.0.14/lib/active_support/callbacks.rb:446:in `run_3844132275556875466__process_action_2824786929479189233_callbacks'"]
[2012-09-25 09:06:46.896386] cc_events - pid=20400 tid=8ee9 fid=4757 INFO -- [2012-09-25 09:06:46 -0700, :USER, "N/A", "POST:/users", "mike#company.com", :FAILED, "Bad request"]
I have found the problem, there seemed to be an issue with the vmc I was using. Once I downgraded VMC I am now able to connect.
gem uninstall vmc
gem install --version '= 0.3.18' vmc
Here is the thread that lead me to the answer
https://groups.google.com/a/cloudfoundry.org/forum/?fromgroups=#!topic/vcap-dev/enY2qKnSJWI
is it possible to see the content of the uaa config file? Make sure it has the correct IP address specified for the NATS message bus, the line should look something like this;
mbus: nats://nats:nats#192.168.1.10:4222/
If that IP address is incorrect, it needs to be changed. I take it the server it is installed on has a static IP address? was it assigned before you installed VCAP?