search

vmware-archive / cfops

This is simply an automation that is based on the supported way to back up Pivotal Cloud Foundry
http://www.cfops.io
Apache License 2.0
35 stars 24 forks source link

1.7 backups require uaa admin user on ops manager to have scopes added #86

Closed xchapter7x closed 7 years ago

xchapter7x commented 8 years ago

1.7 backups require uaa admin user on ops manager to have scopes added

must add: opsman.admin or opsman.user

cloudmadch commented 8 years ago

Hi,

cfops v2.1.7 ERT 1.7.3 opsmanager 1.7.4

I have verified my admin user has both opsman.admin and opsman.user scopes. but still getting following error when I run cfops backup tool

2016/06/22 16:11:29 E0622 16:11:29.683384 2095 opsmanager.go:145] error in save http request%!(EXTRA *errors.errorString={"error":"Your UAA access token has expired and Your UAA access token does not have either \"opsman.admin\" or \"opsman.user\" scope"}) 2016/06/22 16:11:29 E0622 16:11:29.683442 2095 createCliCommand.go:48] there was an error getting tile from registry: failure to connect to ops manager host: {"error":"Your UAA access token has expired and Your UAA access token does not have either \"opsman.admin\" or \"opsman.user\" scope"} NAME:

Thanks, M

xchapter7x commented 8 years ago

The version of cfops you are using does not support the 1.7 uaa changes in PCF. please upgrade to the latest cfops release from http://www.cfops.io/downloads/release/ (v2.2.x)

-John

2016-06-22 16:16 GMT-04:00 cloudmadch notifications@github.com:

Hi,

cfops v2.1.7 ERT 1.7.3 opsmanager 1.7.4

I have verified my admin user has both opsman.admin and opsman.user scopes. but still getting following error when I run cfops backup tool

2016/06/22 16:11:29 E0622 16:11:29.683384 2095 opsmanager.go:145] error in save http request%!(EXTRA *errors.errorString={"error":"Your UAA access token has expired and Your UAA access token does not have either \"opsman.admin\" or \"opsman.user\" scope"}) 2016/06/22 16:11:29 E0622 16:11:29.683442 2095 createCliCommand.go:48] there was an error getting tile from registry: failure to connect to ops manager host: {"error":"Your UAA access token has expired and Your UAA access token does not have either \"opsman.admin\" or \"opsman.user\" scope"} NAME:

Thanks, M

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/pivotalservices/cfops/issues/86#issuecomment-227863481, or mute the thread https://github.com/notifications/unsubscribe/AAqI0w-rsEcJwUSycN31oi8y40RjSomjks5qOZgpgaJpZM4Im3sO .

cloudmadch commented 8 years ago

I just upgraded to latest v2.2.29. getting same error

I'm running as below

cfops backup --omh 10.x.x.x --dp xxxxxx --omp xxxxxx -t elastic-runtime --du admin --omu ubuntu -d SB4test

and, admin user has required scopes. Did I miss anything here?

xchapter7x commented 8 years ago

the omh flag must be the domain you created the ops manager with. otherwise the uaa will not allow the connection. Also, does your ops manager have saml or ldap configured?

-John

2016-06-22 16:45 GMT-04:00 cloudmadch notifications@github.com:

I just upgraded to latest v2.2.29. getting same error

I'm running as below

cfops backup --omh 10.x.x.x --dp xxxxxx --omp xxxxxx -t elastic-runtime --du admin --omu ubuntu -d SB4test

and, admin user has required scopes. Did I miss anything here?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/pivotalservices/cfops/issues/86#issuecomment-227870890, or mute the thread https://github.com/notifications/unsubscribe/AAqI0-ymiGh-LNCfjqtMqx5XybTJp8Lpks5qOZ7SgaJpZM4Im3sO .

cloudmadch commented 8 years ago

Ahh okay, it started exporting database now after I gave full dns name.

No, we haven't configured saml or ldap yet but we are planning to. but only one user can login at a time to webUI. have you guys tested out with AD users?

Thanks, M

Murryy79 commented 7 years ago

@xchapter7x i am using the full domain name for --omh but still getting this error. cfops version: v3.0.4 OpsMan version 1.9

Here's my error when trying to restore opsman from backup using cfops ubuntu@Jumpbox:~$ ./cfops_linux64 restore -t ops-manager --omh rwvcfitest.rw.discoverfinancial.com --clientid admin --clientsecret --omu ubuntu --omp -d 20170322/ops-manager 2017/03/27 15:09:47 I0327 15:09:47.632495 2561 opsmanager.go:147] falling back to basic auth for legacy system 2017/03/27 15:09:47 E0327 15:09:47.975922 2561 opsmanager.go:162] error in save http request {"errors":{"base":["Your UAA access token has expired and Your UAA access token does not have either \"opsman.admin\" or \"opsman.user\" scope"]}} 2017/03/27 15:09:47 I0327 15:09:47.976167 2561 opsmanager.go:219] Starting restore for Opsman 2017/03/27 15:38:55 E0327 15:38:55.233246 2561 opsmanager.go:265] error uploading installation: %s Request for https://rwvcfitest.rw.discoverfinancial.com/api/installation_asset_collection failed with status: 422 Unprocessable Entity 2017/03/27 15:38:55 E0327 15:38:55.233449 2561 createCliCommand.go:52] there was an error: Request for https://rwvcfitest.rw.discoverfinancial.com/api/installation_asset_collection failed with status: 422 Unprocessable Entity running restore on ops-manager tile:tile

any help with cfops is appreciated.

henryaj commented 7 years ago

Hi @Murryy79,

It may be worth using uaac-cli to see if your client ID/secret are usable - you can do this by following the instructions at http://www.cfops.io/#authentication-connection-errors.

If you're still having trouble, we'd recommended opening a support ticket with Pivotal Support.

Thanks,

Henry