Develop Reference

How can I get Logstash-Keystore to find its password?

For background: I'm attempting to automate steps to provision and create a multitude of Logstash processes within Ansible, but want to ensure the steps and configuration work manually before automating the process.
I have installed Logstash as per Elastic's documentation (its an RPM installation), and have it correctly shipping logs to my ES instance without issue. Elasticsearch and Logstash are both v7.12.0.
Following the keystore docs, I've created a /etc/sysconfig/logstash file and have set the permissions to the file to 0600. I've added the LOGSTASH_KEYSTORE_PASS key to the file to use as the environment variable sourced by the keystore command on creation and reading of the keystore itself.
Upon running the sudo /usr/share/logstash/bin/logstash-keystore --path.settings /etc/logstash create command, the process spits back the following error:
WARNING: The keystore password is not set.
Please set the environment variable `LOGSTASH_KEYSTORE_PASS`.
Failure to do so will result in reduced security.
Continue without password protection on the keystore? [y/N]
This should not be the case, as the keystore process should be sourcing my password env var from the aforementioned file. Has anyone experienced a similar issue, and if so, how did you solve it?

This is expected, the file /etc/sysconfig/logstash will be read only when you start logstash as a service, not when you run it from command line.
To create the keystore you will need to export the variable with the password first, as explained in the documentation.
set +o history
export LOGSTASH_KEYSTORE_PASS=mypassword
set -o history
sudo -E /usr/share/logstash/bin/logstash-keystore --path.settings /etc/logstash create
After that, when you start logstash as a service it will read the variable from the /etc/sysconfig/logstash file.

1 - you should write your password for KEYSTORE itself.
It is under config/startup-options.
E.g. LOGSTASH_KEYSTORE_PASS=mypassword (without export)
2 - Then you should use the Keystore password to create your keystore file.
set +o history
export LOGSTASH_KEYSTORE_PASS=mypassword
set -o history
..logstash/bin/logstash-keystore --path.settings ../logstash create
Note: logstash-keystore and logstash.keystore are different things. you created the one with dot. It is in config/.. directory where your startup.options is.
History command is to hide your password to be seen. Because if somebody uses "history" to list all the commands used previously, they can see your password.
3 - Then you can add your first password into keystore file. You should give your keystore password beforehand.
set +o history
export LOGSTASH_KEYSTORE_PASS=mypassword
set -o history
./bin/logstash-keystore add YOUR_KEY
Then it will ask for your VALUE. If you do not give your keystore password, you get an error: Found a file at....but it's not a valid Logstash keystore
4 - Once you give your password. You can list the content of your keystore file, or remove. Replace "list" with "remove".
./bin/logstash-keystore list

Docker login to gcp using json credentials

I want to log into docker on google cloud from the command line in Windows using credentials in json format.
Firstly, I generated the keys of the service accounts in google cloud IAM & Admin. Afterwards, I tried to login as advised using the following commands:
set /p PASS=<keyfile.json
docker login -u _json_key -p "%PASS%" https://[HOSTNAME]
The json that is generated from google, though, has newline characters and the
above set command couldn't read the whole file.
Then, I edited the file to be a single line. But still, the set command is not reading the whole file. Any advice on how to read a json file using the set command and pass it to the docker login command below?

The solution on this is to run the following command:
docker login -u _json_key --password-stdin https://gcr.io < keyfile.json

psql asks for password and does not read from pgpass.conf

I have installed my Postgresql database on a Windows server environment. I'd like to schedule a job using Windows Task scheduler to run every night so I need to run the following command without asking for password:
psql -U myUserName-d myDBName -c "select MyFunctionName()"
When I run the above query in my cmd shell, it asks me for password. When I enter the password manually, the function is correctly run.
So my solution is to read from the pgpass.conf file so no password is required.
Here are the things I have done to achieve this:
I created the pgpass.conf file in a directory I created in the %appdata% (AppData\Roaming\postgresql to be precise).
Here are the contents of this file:
localhost:5432:myDBName:myUserName:myPassword
I have also tried with the value 127.0.0.1 instead of localhost above.
I, then, added the an environment variable (in the user variables for administrator list) called PGPASSFILE and gave it the pgpass.conf location.
;C:\Users\administrator\AppData\Roaming\postgresql\pgpass.conf
Finally I stopped and restarted my Postgres service on Windows services and re-ran the command. But it is still asking for password.
How can I let my command know from where to read the password?

If you don't want to set the PGPASSFILE environment variable, put the password file in the standard location %APPDATA%\postgresql\pgpass.conf as described by the documentation.

creating keytab to automate scripts

I am having trouble creating a keytab in order to automate the script I am running.
I am using this website for reference here
This is what I did so far:
$ ktutil
ktutil: addent -password -p bli1#testtesttest.corp.supernice.net -k 1 -e arcfour-hmac
Password for bli1#testtesttest.corp.supernice.net:
ktutil:
ktutil: wkt bli1.keytab
ktutil: quit
When I tried to run the script, I got this error:
$ kinit bli1#testtesttest.corp.supernice.net -k -t bli1.keytab; python3 -m pytrinity.monitors.rate_monitor test
kinit: Cannot find KDC for requested realm while getting initial credentials
I'm not sure if I created the keytab correctly as I am having a hard time finding in-depth documentation on each argument during the keytab creation process. I'm not sure what -k is used for.
addent: add entry
-password: add password
-p: principal
-e: encryption

I think the problem is with connectivity to your KDC as per error message. What's in your kerberos configuration file? /etc/krb5.conf is usually the name for it.

ruby script to enter prompt command from a system command

I'm trying to write a simple script to mysqldump some dbs. I'm getting stuck on the password prompt though.
I'd like to just have a config file that contains all the db creds, then the script can use those to connect to the db.
Problem is a command such as:
system('mysqldump -u username -p')
then prompts for
Enter password:
even when I do something like:
system('mysqldump -u username -p some_password')
I still get prompted for the password...
I don't do a whole lot of scripting in Ruby so I'm at a loss as to how my script can automatically enter this info so the user running the script doesn't have to.

If you already know the password why aren't you passing it to the command?
system('mysqldump -u username --password=mypassword')

you need to delete space after -p
system('mysqldump -uusername -psome_password')
or without password just
system('mysqldump -uusername')
or
system('mysqldump -uusername --password=')

you could always check the application that uses the database for the password, check the config file file for the connection string. Failing that change the password in the database.