Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I have a strange behavior which i do not understand:
I'm running haproxy as loadbalancer and security shield in front of other web containers.
The haproxy is running fine and uses my configured letsencrypt file.
So far so fine.
When the ssl certificate is running out, a new one including all needed key files is generated and replaces the key files.
After that, the haproxy must reload its config.
Now: when i call
cd /etc/haproxy
service haproxy reload
or the script itself from commandline, everything runs absolutely fine.
As soon as i call it via cron, it doesn't work!?!?
There is no error, and the reconfigure script is run till its end.
/etc/haproxy/bin/request_letsencrypt_certificate.sh:
#!/bin/bash
cd /etc/haproxy
service haproxy reload
crontab -e as root:
# LetsEnrcrypt | recert
* * * * * /etc/haproxy/bin/request_letsencrypt_certificate.sh
(i changed to run every minute for testing purposes)
When using echo test>run.txt the file is created every minute, so the script is started successfully, but the service command seems to be not executed?
What could be thy problem, why on commandline it works, but from cron not?
Both action are taken with root permissions as root itself (and when dumping the user in cron-call via whoami in the script, "root" is confirmed at runtime)
Does it work if you change service to /sbin/service to ensure that it's in the PATH? You also probably don't need cd /etc/haproxy in the script.
Related
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 12 months ago.
Improve this question
Context
After having been able to add a GitLab personal access token using bash with:
add_gitlab_personal_access_token(){
local gitlab_username="$1"
local token_name="$2"
local personal_access_token="$3"
local docker_container_id="$4"
output="$(sudo docker exec -i "$docker_container_id" bash -c "gitlab-rails runner \"token = User.find_by_username('$gitlab_username').personal_access_tokens.create(scopes: [:api], name: '$token_name'); token.set_token('$personal_access_token'); token.save! \"")"
}
Attempts I
Using the docker exec and bash -c command as used in setting the token allows one to revoke the token:
revoke_token(){
local docker_container_id="$1"
local token="sometokenpersonalgitlabtoken"
output="$(sudo docker exec -i "$docker_container_id" bash -c "gitlab-rails runner \"PersonalAccessToken.find_by_token('$token').revoke! \"")"
echo "output=$output"
}
Issue
However, after trying to add the token again, it is still in GitLab, and GitLab returns:
DETAIL: Key (token_digest)=(somelongkeysasdfasdfasdfkeyending=) already exists.
so the revoke method does not actually delete the token, it merely revokes it.
Question
I was wondering how: *How can one delete the GitLab personal token in the docker container using bash (based on the $token_name)?
The answer to this question I think is: It's a feature, not a bug. I assume it is bad security practice to re-use a token, so instead of trying to delete an old token, I wrote a method that automatically generates random tokens.
The revoke method in the question works. It has been manually verified by checking whether the GitLab personal access token disappeared in GitLab browser.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
I have a problem using system 'reboot' on my Sinatra application.
I got a success response, but the reboot action doesn't happen.
I also tried exec 'reboot', but got the same response.
If I run this without the Docker container it works.
Use Semaphore Flags to Signal the Host
You can't directly reboot a host from within a Docker container. That would violate basic security principles. Pragmatically, though, you can mount host directories inside your Docker container. That opens up a number of possibilities.
In your case, if you're sure you want to do this and that it won't create disruption for other containers, services, or users, then one approach would be to:
Mount a subdirectory from the host’s /tmp or /var/tmp inside your Docker container.
Have your Sintra application write an empty semaphore file like trigger_reboot into the mounted subdirectory when the route is triggered.
Have a cron job on the host that looks for the semaphore file each minute, and then executes a privileged shutdown script when it's present.
Caveats and Considerations
This will work, but be aware of a few simple caveats:
Your privileged script should be separate from the semaphore file to avoid executing arbitrary commands on the host from within a container.
Your priviliged script should remove the semaphore file before triggering the shutdown or reboot.
You should have an init script, #reboot cron job, or initialization routine in your web application to ensure that:
The necessary directory structures in your temporary directory are recreated when the computer or web application restarts.
The semaphore flag was really removed after a restart, so you don't get stuck in a reboot loop.
Your privileged reboot script will need to run SUID root, or at least as a pre-authorized command defined in your sudoers file.
It's possible to do what you want with semaphores and a related set of processes on the host system, but you definitely need to take security and robustness into consideration to do this safely and reliably.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
CentOS Linux release 7.5.1804 (Core)
Configuring a production cluster, and ES refuses to start:
1:33:56,454][INFO ][o.e.t.TransportService ] [node-68795-C] publish_address {192.168.200.162:9300}, bound_addresses {192.168.200.162:9300}
[2018-10-28T21:33:56,467][INFO ][o.e.b.BootstrapChecks ] [node-68795-C] bound or publishing to a non-loopback address, enforcing bootstrap checks
[2018-10-28T21:33:56,494][ERROR][o.e.b.Bootstrap ] [node-68795-C] node validation exception
[1] bootstrap checks failed
[1]: system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk
OK, so I go to check the presence of seccomp:
[$]# cat /boot/config-`uname -r` | grep CONFIG_SECCOMP=
CONFIG_SECCOMP=y
[$]# CONFIG_SECCOMP=y
So, looks and smells like seccomp is present.
What next?
The root cause: /tmp was mounted as noexec
It turns out that two or three bootstrap checks fail if /tmp is noexec.
Solve for /tmp, and all the other issues are resolved!
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I am getting this error:
Windows could not start the OracleDBConsoleOracleInstance2 on Local Computer. For more information, review the System Event Log. If this is a non-Microsoft service, contact the system vendor, and refer to service-specific error code 1
I installed Oracle 11g on Windows 7 and created my 1st database instance (oracleInstance1) successfully with a listener and service configured. I could access this database using DBconsole URL: https://localhost:1158/em.
I see the services started for:
OracleDBConsoleOracleInstance1
OracleOraDb11g_home1TNSListener
OracleServiceOracleInstance1
Next, I created a second database instance (oracleInstance2) and have configured a new service for this database. I am using the same listener as I intend to use one database instance at any point of time.
However, I got this warning message during configuration:
Enterprise manager configuration succeeded with the following warning - Error starting Database Control. Please execute the following command(s).
1. Set the environment variable ORACLE_UNQNAME to Database unique name.
2. C:\Oracle\product\11.2.0\dbhome_1\bin\emctl.bat start dbconsole
To start the new database console, I stopped the previously running DBConsole, OracleDBConsoleOracle1 and started the new DBConsole OracleDBConsoleOracle2 and get the above error.
When I try to start dbconsole manually using emctl dbconsole start, it starts OracleDBConsoleOracle1 instead.
I changed environment variables ORACLE_SID=oracle2 and ORACLE_UNQNAME=oracle2
What am I missing here?
Are you sure your env vars are applied correctly? If you set them in a DOS window then they'll only be visible there, you need to set them in the windows 'environment variables' screen.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about programming within the scope defined in the help center.
Improve this question
I have an "automatic" mode process say "BPSAuto".
I need to keep thi process shut for certain time and later restart it.
I used bat file and sheduled the task to stop and start.
I used -->net start BPSAuto --- To start
And --> net stop BPSAuto --- To stop.
Now my problem is once I stop the process it again starts automatically. May be this is because it is in "Automatic" mode. Plesae help me to stop completely. And later restart.
Thanks in Advance...
sc config ServiceName start= <setting string>
note the space between start= and the setting for the service
Setting string can be one of:
boot
system
auto
demand
disabled
from sc config /?:
Modifies a service entry in the registry and Service Database.
SYNTAX:
sc config [service name] ...
CONFIG OPTIONS:
NOTE: The option name includes the equal sign.
type= <own|share|interact|kernel|filesys|rec|adapt>
start= <boot|system|auto|demand|disabled>
error= <normal|severe|critical|ignore>
binPath= <BinaryPathName>
group= <LoadOrderGroup>
tag= <yes|no>
depend= <Dependencies(separated by / (forward slash))>
obj= <AccountName|ObjectName>
DisplayName= <display name>
password= <password>