I'm changing an attribute from:
default['splunk']['auth'] = "admin:changeme"
to:
default['splunk']['auth']['username'] = "admin"
default['splunk']['auth']['password'] = "changeme"
and I want to be sure that I don't miss / forget something...
It's easy enough to be sure I didn't miss anything in cookbooks:
nickh#BONHENRY:~/Repositories/chef$ ack-grep "\[.splunk.?\]\[.auth.?\]"
cookbooks/splunk_cookbook/attributes/default.rb
36:default['splunk']['auth']['username'] = "admin"
37:default['splunk']['auth']['password'] = "changeme"
cookbooks/splunk_cookbook/attributes/README.md
72:* `node['splunk']['auth']['username']` - The default admin username to use instead of splunks "admin"
73:* `node['splunk']['auth']['password']` - The default admin password to use instead of splunks "changeme"
cookbooks/splunk_cookbook/recipes/server.rb
219: command "#{splunk_cmd} edit user admin -password #{node['splunk']['auth']['password']} -roles admin -auth admin:changeme && echo true > /opt/splunk_setup_passwd"
228: command "#{splunk_cmd} enable listen #{node['splunk']['receiver_port']} -auth #{node['splunk']['auth']['username']}:#{node['splunk']['auth']['password']}"
326: command "#{splunk_cmd} edit licenser-localslave -master_uri 'https://#{node['splunk']['dedicated_search_master']}:8089' -auth #{node['splunk']['auth']['username']}:#{node['splunk']['auth']['passwor
391: command "/opt/splunk/bin/splunk login -auth #{node['splunk']['auth']['username']}:#{node['splunk']['auth']['password']}"
cookbooks/splunk_cookbook/recipes/forwarder.rb
78:execute "#{splunk_cmd} edit user admin -password #{node['splunk']['auth']['password']} -roles admin -auth admin:changeme && echo true > /opt/splunk_setup_passwd" do
However, I'm not sure of a good way to grep/search JSON roles/environments for the same...
This works:
nickh#BONHENRY:~/Repositories/chef$ knife search environment "override_attributes_splunk_auth:*" -i
1 items found
prod-acme
However, do you have any idea why this works:
nickh#BONHENRY:~/Repositories/chef$ knife search environment "*:*" -i
108 items found
but this doesn't? :
nickh#BONHENRY:~/Repositories/chef$ knife search environment "*splunk_auth:*" -i
ERROR: knife search failed: invalid index name or query
Is there an easy / better way to do it that I'm not thinking of / unaware of? Can I change something w/ my Solr query that would make it work?
Thanks in advance :-)
Because *:* is a special case in the search system that bypasses Solr entirely. Chef's search index uses a transformed version of the query such that I don't think it would be safe to use a glob in the facet name like that. I would recommend running knife download environments/ (and similar for roles) and then doing your grep on the local JSON files.
Related
I am newbie in network monitoring field and I have just started my work on nagios. So I have some basic doubts related to nagios.
we have a localhost.cfg at /usr/local/nagios/etc/objects/localhost.cfg
define service{
use local-service ; Name of service template to use
host_name blah-16.10
service_description Sample Check
check_command check_http_services!-H mydomain.com -u "/sample_url" --string "foo bar" -t 60
}
My questions:
1.) I know this script checks "http service" for the url "www.mydomain.com/sample_url" and find the text "foo bar" on that web page.
but I do not know the meaning/usage of the options (-H, -u, -t 60, --string)
i have googled but I can not find proper documentation where I can find the meaning of these parameters. Can anyone please suggest some link/urls for this?
2.) I want to implement kind of negative logic in my alarm. For example: I want to raise the alarm only when I find "status closed"`string on my web page (www.mydomain.com/sample_url)
How can I achieve this in nagios?
Note: During my searching, I found all those examples which worked like "If 'sample string' found within specific time then 'No Alarm'. If 'sample string' not found in specific time, then only 'Raise Alarm'".
But i need exact opposite.
I'm trying to connect my ldap with the geonetwork database but every time I log in it doesn't show the administrator button. Then I check the database and it is empty. I am using GeOrchestra 13.09 in a localhost enviroment, the geoserver and mapfishapp are running well and they log in without a problem.
My config-security.properties is
Core security properties
logout.success.url=/index.html
passwordSalt=secret-hash-salt=
# LDAP Connection Settings
ldap.base.provider.url=ldap://localhost:389
ldap.base.dn=dc=geobolivia,dc=gob,dc=bo
ldap.security.principal=cn=admin,dc=geobolivia,dc=gob,dc=bo
ldap.security.credentials=geobolivia
ldap.base.search.base=ou=users
ldap.base.dn.pattern=uid={0},${ldap.base.search.base}
#ldap.base.dn.pattern=mail={0},${ldap.base.search.base}
# Define if groups and profile information are imported from LDAP. If not, local database is used.
# When a new user connect first, the default profile is assigned. A user administrator can update
# privilege information.
ldap.privilege.import=true
ldap.privilege.export=true
ldap.privilege.create.nonexisting.groups=false
# Define the way to extract profiles and privileges from the LDAP
# 1. Define one attribute for the profile and one for groups in config-security-overrides.properties
# 2. Define one attribute for the privilege and define a custom pattern (use LDAPUserDetailsContextMapperWithPa$
ldap.privilege.pattern=
#ldap.privilege.pattern=CAT_(.*)_(.*)
ldap.privilege.pattern.idx.group=1
ldap.privilege.pattern.idx.profil=2
# 3. Define custom location for extracting group and role (no support for group/role combination) (use LDAPUser$
#ldap.privilege.search.group.attribute=cn
#ldap.privilege.search.group.object=ou=groups
#ldap.privilege.search.group.query=(&(objectClass=posixGroup)(memberUid={0})(cn=EL_*))
#ldap.privilege.search.group.pattern=EL_(.*)
#ldap.privilege.search.privilege.attribute=cn
#ldap.privilege.search.privilege.object=ou=groups
#ldap.privilege.search.privilege.query=(&(objectClass=posixGroup)(memberUid={0})(cn=SV_*))
#ldap.privilege.search.privilege.pattern=SV_(.*)
ldap.privilege.search.group.attribute=cn
ldap.privilege.search.group.object=ou=groups
ldap.privilege.search.group.query=(&(objectClass=posixGroup)(memberUid={1})(cn=EL_*))
ldap.privilege.search.group.pattern=EL_(.*)
ldap.privilege.search.privilege.attribute=cn
ldap.privilege.search.privilege.object=ou=groups
ldap.privilege.search.privilege.query=(&(objectClass=posixGroup)(memberUid={1})(cn=SV_ADMIN))
ldap.privilege.search.privilege.pattern=SV_(.*)
# Run LDAP sync every day at 23:30
# Run LDAP sync every day at 23:30
#ldap.sync.cron=0 30 23 * * ?
ldap.sync.cron=0 * * * * ?
#ldap.sync.cron=0 0/1 * 1/1 * ? *
ldap.sync.startDelay=60000
ldap.sync.user.search.base=${ldap.base.search.base}
ldap.sync.user.search.filter=(&(objectClass=*)(mail=*#*)(givenName=*))
ldap.sync.user.search.attribute=uid
ldap.sync.group.search.base=ou=groups
ldap.sync.group.search.filter=(&(objectClass=posixGroup)(cn=EL_*))
ldap.sync.group.search.attribute=cn
ldap.sync.group.search.pattern=EL_(.*)
# CAS properties
cas.baseURL=https://localhost:8443/cas
cas.ticket.validator.url=${cas.baseURL}
cas.login.url=${cas.baseURL}/login
cas.logout.url=${cas.baseURL}/logout?url=${geonetwork.https.url}/
<import resource="config-security-cas.xml"/>
<import resource="config-security-cas-ldap.xml"/>
# either the hardcoded url to the server
# or if has the form it will be replaced with
# the server details from the server configuration
geonetwork.https.url=https://localhost/geonetwork-private/
#geonetwork.https.url=https://geobolivia.gob.bo:443
#geonetwork.https.url=https://localhost:443
The geonetwork.log shows these results:
2014-03-11 13:41:00,004 DEBUG [geonetwork.ldap] - LDAPSynchronizerJob starting ...
2014-03-11 13:41:00,006 DEBUG [org.springframework.ldap.core.support.AbstractContextSource] - Got Ldap context on server 'ldap://localhost:389/dc=geobolivia,dc=gob,dc=bo'
2014-03-11 13:41:00,008 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Returning cached instance of singleton bean 'resourceManager'
2014-03-11 13:41:00,026 DEBUG [geonetwork.ldap] - LDAPSynchronizerJob done.
2014-03-11 13:41:26,429 INFO [geonetwork.lucene] - Done running PurgeExpiredSearchersTask. 0 versions still cached.
2014-03-11 13:41:56,430 INFO [geonetwork.lucene] - Done running PurgeExpiredSearchersTask. 0 versions still cached.
and the that appear in the geonetwork.log is
2014-03-11 13:44:06,426 INFO [jeeves.service] - Dispatching : xml.search.keywords
2014-03-11 13:44:06,427 ERROR [jeeves.service] - Exception when executing service
2014-03-11 13:44:06,427 ERROR [jeeves.service] - (C) Exc : java.lang.IllegalArgumentException: The thesaurus external.theme.inspire-service-taxonomy does not exist, there for the query cannot be excuted: 'Query [query=SELECT DISTINCT id,uppc,lowc,broader,spa_prefLabel,spa_note FROM {id} rdf:type {skos:Concept},[{id} gml:BoundedBy {} gml:upperCorner {uppc}],[{id} gml:BoundedBy {} gml:lowerCorner {lowc}],[{id} skos:broader {broader}],[{id} skos:prefLabel {spa_prefLabel} WHERE lang(spa_prefLabel) LIKE "es" IGNORE CASE],[{id} skos:scopeNote {spa_note} WHERE lang(spa_note) LIKE "es" IGNORE CASE] WHERE (spa_prefLabel LIKE "***" IGNORE CASE OR id LIKE "*") LIMIT 35 USING NAMESPACE skos=<http://www.w3.org/2004/02/skos/core#>,gml=<http://www.opengis.net/gml#>, interpreter=KeywordResultInterpreter]'
The version of GeoNetwork currently used in geOrchestra does not show the "administration" button on its first page. You have to fire a search, then in "other actions" menu on the top right, you should be able to get to the administration interface. We know that it is not very intuitive, but it should change in the next months (we recently planned an upgrade of GeoNetwork before the end of the year).
Did you solve it? I think in your config-security.properties, at this place ldap.base.dn.pattern=uid={0},${ldap.base.search.base}
you need to replace {0} with the username typed in the sign-in screen of geonetwork
I'm adding some attributes from live to staging for testing purposes, I'm using ldifde:
D:\Shared>ldifde -i -v -f attr3.ldf -j .
Connecting to "myDomain.com"
Logging in as current user using SSPI
Importing directory from file "attr3.ldf"
Loading entries
1: CN=myAttribute,CN=Schema,CN=Configuration,DC=myDomain,DC=com
Entry modified successfully.
1 entry modified successfully.
The command has completed successfully
D:\Shared>
But when I try to update it using vbs, I got:
C:\Users\update.vbs(8, 1) Active Directory: The requested operation did not
satisfy one or more constraints associated with the class of the object.
Please notice that other attributes, the original ones, are able to be updated, this issue is only for the ones I'm importing.
So, I wonder if I'm missing some step like link or detach the new attribute after imported.
This is attr3.ldf
#attr3.ldf
#adding my new attribute
dn: CN=myAttribute,CN=Schema,CN=Configuration,DC=myDomain,DC=com
changetype: add
objectClass: top
objectClass: attributeSchema
cn: my-Attribute
distinguishedName: CN=my-Attribute,CN=Schema,CN=Configuration,DC=myDomain,DC=com
instanceType: 4
whenCreated: 20100401175340.0Z
whenChanged: 20100401175341.0Z
uSNCreated: 24154
attributeID: 2.16.840.1.113805.111
attributeSyntax: 2.5.5.12
isSingleValued: TRUE
rangeLower: 0
rangeUpper: 1
uSNChanged: 24163
showInAdvancedViewOnly: TRUE
adminDisplayName: my-Attribute
adminDescription: my-Attribute
oMSyntax: 64
searchFlags: 0
lDAPDisplayName: myAttribute
name: my-Attribute
schemaIDGUID:: tonVW6suWUu1Gev/D1pI9Q==
isMemberOfPartialAttributeSet: TRUE
objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=myDomain,DC=com
#The following attributes were removed because I was getting:
#Add error on entry starting on line 1: Unwilling To Perform
#The server side error is: 0x20e7 The modification was not permitted for security
#reasons.
#The extended server error is:
#000020E7: SvcErr: DSID-03152D2C, problem 5003 (WILL_NOT_PERFORM), data 0
#objectGUID:: eTKYtnXbCE2fPMgc8UIe0w==
#attributeSecurityGUID:: VAGN5Pi80RGHAgDAT7lgUA==
And this is the vbs code,
'update.vbs
Set objUser = GetObject("LDAP://CN=John Lennon,CN=Users,DC=myDomain,DC=com")
objUser.myAttribute="someValue" 'Also tried with integers but not luck
objUser.SetInfo
Thanks,
m0dest0.
Thank you JPBlanc, you are right, I was missing to add the attr to the class and then refresh the schema,
Register the dll, regsvr32 schmmgmt.dll
Open Run and type mmc.exe
Add Active directory schema snap-in
Right click on the class, properties and hit the Add button and so on.
Finally, refresh the schema:
C:\Users>admod -sc refreshschema
AdMod V01.17.00cpp Joe Richards (joe#joeware.net) March 2011
Modifying ROOTDSE...
DN Count: 1
Using server: myServer.myDomain.com:389
Directory: Windows Server 2008 R2
Modifying specified objects...
DN: ROOTDSE...
The command completed successfully
Regards,
Adding an attribute to the Schema is not enought, you must also add the attribute to the user class (in the schma) if you want to use it in a user object. You must modify your LDIF file:
# Define your attribute
# Reload the schema
dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
# modify user class
Have a look to your Schema using Microsoft MMC (registering schmmgmt.dll)
If you still have trouble, I can help again tomorow morning.
I'm using the Google App Engine Launcher to deploy my app to the GAE servers. Is there a way to save my user account and password so I don't have to type it in every time I redeploy?
I'm still in the learning stages of using GAE so typing my 16 odd character password gets tiresome when I redeploy 15+ times per evening.
You can make a .bat file that has the following text:
echo <password> | c:\python25\python.exe "C:\Program Files\Google\google_appengine\appcfg.py" --email=username --passin update <directory of app on your pc>
(According to GAE docs you cannot specify the password as a command line option)
Use oauth to save an OAuth2 token so you don't need to keep re-typing your password.
The accepted solution didn't work for me. Using pipes did
echo <password> | c:\python25\python.exe "C:\Program Files\Google\google_appengine\appcfg.py" --email=username --passin update <directory of app on your pc>
appcfg already does this for you. Per the docs:
appcfg.py gets the application ID from
the app.yaml file, and prompts you for
the email address and password of your
Google account. After successfully
signing in with your account,
appcfg.py stores a "cookie" so that it
does not need to prompt for a password
on subsequent attempts.
If this isn't occurring for you, you might want to try deleting any .appcfg* config files.
Other tips & trick: using command line as below:
To get appcfg.py to accept --password on the command line instead of being prompted for it:
Change: *appengine/google_appengine/google/appengine/tools/appcfg.py*
add the following in the parser.add_option section:
parser.add_option("-p","--password", action="store", dest="password",
metavar="PASSWORD", default=None,
help="The password")
Then modify the GetUserCredentials function:
def GetUserCredentials():
"""Prompts the user for a username and password."""
email = self.options.email
if email is None:
email = self.raw_input_fn("Email: ")
password = self.options.password
if password is None:
password = self.raw_input_fn("Password: ")
# password_prompt = "Password for %s: " % email
# if self.options.passin:
# password = self.raw_input_fn(password_prompt)
# else:
# password = self.password_input_fn(password_prompt)
return (email, password)
That's it, now you can call:
appcfg.py update demos/guestbook --email=email#gmail.com --password=xxxx
Ref: http://samalolo.blogspot.com/2009/04/appcfgpy-tweak-to-allow-passing.html
I just wanted to say thank you to Friar Broccoli, it's exactly what I was looking for. To clarify for other beginners like myself, my final batch file ended up looking like the following,
c:\python27\pythonw.exe "C:\Program Files (x86)\Google\google_appengine\appcfg.py" --oauth2 update "C:\Users\[username]\[directory]\app.yaml"
Worked perfectly, wish this solution was higher up.
For windows 7, .appcfg_cookies under C:\Users\username\.appcfg_cookies
You could write a command line script that executes appcfg.py to do this.
You can specify the email to use with the --email= command line parameter.
You can pass in the password from stdin by using the --passin parameter.
It's amazingly simple. Just put this in a batch file:
appcfg.py --oauth2 update "X:\local\path\to\your\app.yaml\file"
The first time you run it google will authenticate, after that it's all automatic.
How can i change the value of "urlbase" param globally in bugzilla ?
If you are an administrator, it's under Administration > Parameters.
Had the same problem recently installing bugzilla3 on Ubuntu 10.04LTS
Rather than edit the /usr/share/perl5/Bugzilla/Constants.pm file, I saw that if the variable debian_webpath is set to the value of the environment variable X_BUGZILLA_WEBPATH.
If not set, then it defaults to /bugzilla3/ .
Make sure that mod_env is enabled in your apache setup (a2enmod env).
Then in my apache configuration file (/etc/apache/hosts-available/default), I added lines
<VirtualHost *:80>
...
SetEnv X_BUGZILLA_WEBPATH /bugzilla/
...
</VirtualHost>
Also logged in to bugzilla and set the urlbase in the section: Administration > Parameters.
urlbase = http://my-server-name/bugzilla/
It didn't work well in Ubuntu 9.04, it still doesn't in Ubuntu 10.10.
Change the following line in /usr/share/perl5/Bugzilla/Constants.pm
$overwritten_locations{'debian_webpath'} = '/your_url_prefix_here/';
/etc/apache2/conf.d/bugzilla3.conf
Alias /your_url_prefix_here /usr/share/bugzilla3/web
sudo vi /etc/bugzilla3/params
'urlbase' => 'http://your_domain.tld/your_url_prefix/'
maybe also you'll need to adjust /usr/share/bugzilla3/debian/params
(same as item #3 above)
Good luck! ;)