Until yesterday I was successfully getting the IAM Security Credentials in a .net application using:
var securtiyCredentials = EC2InstanceMetadata.IAMSecurityCredentials;
But now it's returning a null for that call.
A curl of the service is timing out when I try it in powershell:
curl http://169.254.169.254/latest/meta-data/
However when I navigate in a browser to:
http://169.254.169.254/latest/meta-data/
It returns the following list (notice that IAMSecurityCredentials is missing):
ami-id
ami-launch-index
ami-manifest-path
block-device-mapping/
hostname
iam/
instance-action
instance-id
instance-type
local-hostname
local-ipv4
mac
metrics/
network/
placement/
profile
public-keys/
reservation-id
security-groups
services/
Any idea what could have cause the IAMSecurityCredentials from not being returned?
The proxy's on the effected EC2 box was changed to resolve a different issue inadvertently causing the problem posted here.
Related
I'm running solana catchup with my solana blockchain node, and I keep getting this error:
Error: Bad parameter: OUR_VALIDATOR_PUBKEY (and possibly OUR_URL) must be specified unless --our-localhost is given
I've tried adding --our-localhost and a few other flags to add our internal http endpoint, but nothing seems to work. Any thoughts?
--url is taken from your config file. You can use -u t or -u m to override it to testnet or mainnet.
You don't need a local key if you use --our-validator. If that doesn't work, either the public APIs are being slammed or you have a networking problem.
I tried to download files from google drive using wget (on windows) using the script shown here:
[JULY 2020 - Windows users batch file solution]wget/curl large file from google drive.
It works well, but when computer is behind proxy, it will work ONLY if I will set environment variables PROXY_HTTP and PROXY_HTTP (It may be that it can also set by flag in the command, but I didn't try it)
The fact that I can download files from google drive using Chrome without these environment variables and without setting chrome for the proxy gives me the understanding that there is a way to download behind proxy without setting an application for the proxy.
How can I make wget works without need to set it manually (by flag or by environment variables) for the proxy?
In all likelyhood your Chrome also has a proxy set up in some way. In any case, the simplest way to define the proxy for wget is to create a .wgetrc file in your local home folder and set the following:
> vi ~/.wgetrc
use_proxy=on
http_proxy=http://[proxy_ip]:[proxy_port]
https_proxy=https://[proxy_ip]:[proxy_port]
ftp_proxy=http://[proxy_ip]:[proxy_port]
That should be all you need to do.
I found the solution after #Wilmar comment which he pointed out here (thanks!).
An application can automatically finds if it is behind a proxy by sending "http://wpad/wpad.dat".
If a proxy server is behind, it will answer with a message that contains PAC file with proxy details. The application then can extract the proxy details for any needed settings. Thats how Chrome can set itself for automatically for proxy.
Example using wget in windows to find proxy details
In Windows, you can use wget as follows to get the proxy server details. The details must be extracted from the text messages and you can use tool like jrepl for such task. Here I only show where the details are.
call wget "http://wpad/wpad.dat" -o "ProcessLog.txt" -O "PAC.txt"
There are three possible scenarios here:
In case there is no proxy behind, then PAC.txt is empty and ProcessLog.txt contains text message similar to this one.
ProcessLog.txt
--2020-09-01 08:38:29-- http://wpad/wpad.dat
Resolving wpad (wpad)... failed: The requested name is valid, but no data of the requested type was found. .
wget: unable to resolve host address 'wpad'
In case there is a proxy server behind, and windows environment variables for proxy are set:
http_proxy=http://proxy.mc.company.com:777
https_proxy=https://proxy.mc.company.com:777
then wget already knows the proxy address so PAC.txt is empty and ProcessLog.txt contains text message similar to the follow one that contains the proxy details. In this example, the proxy details are [proxy_ip]:[proxy_port] = proxy.mc.company.com:777
ProcessLog.txt
--2020-09-01 08:29:59-- http://wpad/wpad.dat
Resolving proxy.mc.company.com (proxy.mc.company.com)... 10.100.200.150
Connecting to proxy.mc.company.com (proxy.mc.company.com)|10.100.200.150|:777... connected.
Proxy request sent, awaiting response... 302 Found
Location: http://www.wpad.com/wpad.dat [following]
--2020-09-01 08:30:00-- http://www.wpad.com/wpad.dat
Connecting to proxy.mc.company.com (proxy.mc.company.com)10.100.200.150|:777... connected.
Proxy request sent, awaiting response... 403 Forbidden
2020-09-01 08:30:00 ERROR 403: Forbidden.
In case there is a proxy server behind, but no windows environment variables for proxy are set, then wget gets the proxy details from proxy server. In this case PAC.txt contains long text message similar to the follow one that contains the proxy details. In this example, the proxy details are [proxy_ip]:[proxy_port] = proxy.mc.company.com:777
PAC.txt
function FindProxyForURL(url,host) {
var me=myIpAddress();
var resolved_ip = dnsResolve(host);
if (host == "127.0.0.1") {return "DIRECT";}
if (host == "localhost") {return "DIRECT";}
if (isPlainHostName(host)) {return "DIRECT";}
if (url.substring(0,37) == "http://lyncdiscoverinternal.company.com") {return "DIRECT";}
if (!resolved_ip) { if (url.substring(0,6) == "https:") {return "PROXY proxy-mc.company.com:778";} else {return "PROXY proxy-mc.company.com:777";}}
if (host == "moran-for-localhost-only.com") {return "DIRECT";}
...
...
Simplifying using wget in windows to find proxy details
When using wget to find proxy details, we can command it to ignore proxy environment variables (if are set) using the flag --no-proxy. This leaves us with only two possible scenarios (1) and (3) described above. So we just need the ProxyInfo file. If it is empty (scenario 1) then no proxy is behind, if it contains text (scenario 3), it is behind a proxy and you can extract the proxy details from it.
call wget --no-proxy "http://wpad/wpad.dat" -O "PAC.txt"
I have written a Terraform template that creates an Azure Windows VM. I need to configure the VM to Enable PowerShell Remoting for the release pipeline to be able to execute Powershell scripts. After the VM is created I can RDP to the VM and do everything I need to do to enable Powershell remoting, however, it would be ideal if I could script all of that so it could be executed in a Release pipeline. There are two things that prevent that.
The first, and the topic of this question is, that I have to run "WinRM quickconfig". I have the template working such that when I do RDP to the VM, after creation, that when I run "WinRM quickconfig" I receive the following responses:
WinRM service is already running on this machine.
WinRM is not set up to allow remote access to this machine for management.
The following changes must be made:
Configure LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.
Make these changes [y/n]?
I want to configure the VM in Terraform so LocalAccountTokenFilterPolicy is set and it becomes unnecessary to RDP to the VM to run "WinRM quickconfig". After some research it appeared I might be able to do that using the resource azure_virtual_machine_extension. I add this to my template:
resource "azurerm_virtual_machine_extension" "vmx" {
name = "hostname"
location = "${var.location}"
resource_group_name = "${var.vm-resource-group-name}"
virtual_machine_name = "${azurerm_virtual_machine.vm.name}"
publisher = "Microsoft.Azure.Extensions"
type = "CustomScript"
type_handler_version = "2.0"
settings = <<SETTINGS
{
# "commandToExecute": "powershell Set-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System' -Name 'LocalAccountTokenFilterPolicy' -Value 1 -Force"
}
SETTINGS
}
When I apply this, I get the error:
Error: compute.VirtualMachineExtensionsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: autorest/azure: Service returned an error. Status=<nil> Code="OperationNotAllowed" Message="This operation cannot be performed when extension operations are disallowed. To allow, please ensure VM Agent is installed on the VM and the osProfile.allowExtensionOperations property is true."
I couldn't find any Terraform documentation that addresses how to set the allowExtensionOperations property to true. On a whim, I tried adding the property "allow_extension_operations" to the os_profile block in the azurerm_virtual_machine resource but it is rejected as an invalid property. I also tried adding it to the os_profile_windows_config block and isn't valid there either.
I found a statement on Microsoft's documentation regarding the osProfile.allowExtensionOperations property that says:
"This may only be set to False when no extensions are present on the virtual machine."
https://learn.microsoft.com/en-us/dotnet/api/microsoft.azure.management.compute.models.osprofile.allowextensionoperations?view=azure-dotnet
This implies to me that the property is True by default but it doesn't actually say that and it certainly isn't acting like that. Is there a way in Terraform to set osProfile.alowExtensionOperations to true?
Running into the same issue adding extensions using Terraform, i created a Windows 2016 custom image,
provider "azurerm" version ="2.0.0"
Terraform 0.12.24
Terraform apply error:
compute.VirtualMachineExtensionsClient#CreateOrUpdate: Failure sending request: StatusCode=0
-- Original Error: autorest/azure: Service returned an error.
Status=<nil>
Code="OperationNotAllowed"
Message="This operation cannot be performed when extension operations are disallowed. To allow, please ensure VM Agent is installed on the VM and the osProfile.allowExtensionOperations property is true."
I ran into same error, possible solution depends on 2 things here.
You have to pass provider "azurerm" version ="2.5.0 and you have to pass os_profile_windows_config (see below) parameter in virtual machine resource as well. So, that terraform will consider the extensions that your are passing. This fixed my errors.
os_profile_windows_config {
provision_vm_agent = true
}
I placed plugin manager in "lib\ext" folder and tried to open it showed error:
java.io.IOException: Repository responded with wrong status code: 407
Jmeter version - 3.3
Plugin version - 0.16
Jmeter is invoked from command line by using the following parameters:
C:\Users\princen\Performance Testing\Software\apache-jmeter-3.3\bin\jmeter.bat -H Proxyserver -P 1234 -u princen -a ***
Parameters modified as suggested here
JVM_ARGS="-Dhttps.proxyHost=Proxyserver -Dhttps.proxyPort=1234 -Dhttp.proxyUser=princen -Dhttp.proxyPass=***" C:\Users\princen\Performance Testing\Software\apache-jmeter-3.3\bin\jmeter.bat
Above try gives the following error message
Windows cannot find "JVM_ARGS="-Dhttps.proxyHost=Proxyserver -Dhttps.proxyPort=1234 -Dhttp.proxyUser=princen -Dhttp.proxyPass=***
When I tried to changes command to the following:
C:\Users\princen\Performance Testing\Software\apache-jmeter-3.3\bin\jmeter.bat -Dhttps.proxyHost=Proxyserver -Dhttps.proxyPort=1234 -Dhttp.proxyUser=princen -Dhttp.proxyPass=***
I received an error:
java.io.IOException: Repository responded with wrong status code: 407
Can someone please correct parameters required to load the plugin manager?
Ensure you use last version of jmeter-plugins download manager.
Regarding your parameters, you're mixing different configurations, just set (for both http and https):
JVM_ARGS="-Dhttps.proxyHost=myproxy.com -Dhttps.proxyPort=8080 -Dhttps.proxyUser=john -Dhttps.proxyPass=password -Dhttp.proxyHost=myproxy.com -Dhttp.proxyPort=8080 -Dhttp.proxyUser=john -Dhttp.proxyPass=password"
Where password is your real password.
None of above methods working for me. Its really tough to work with Java(due to Loadrunner background). I added Ultimate thread alone and its working fine.
Thank you all for your inputs..
JMeter is using the official proxy configuration from Oracle (like here: https://memorynotfound.com/configure-http-proxy-settings-java/)
The problem is that the jmeter documentation is wrong about the password parameter: it should be http.proxyPassword not http.proxyPass.
Also you must use the https. properties for secured urls you want to access using the proxy. And the http. properties for non secured.
I have a Go program that uses aws-sdk-go to talk to dynamodb. Dependencies are vendored. Go version 1.7.1. aws-sdk-go version 1.6.24. The program works as expected in all the following environments:
dev box from shell (Arch Linux)
docker container running on my dev box (Docker 1.13.1)
Ec2 instance from shell (Ubuntu 16.04)
When I run the docker container on kubernetes (same one I tested on my dev box), I get the following error:
2017/03/02 22:30:13 DEBUG ERROR: Request dynamodb/GetItem:
---[ REQUEST DUMP ERROR ]-----------------------------
net/http: invalid header field value "AWS4-HMAC-SHA256 Credential=hidden\n/20170302/us-east-1/dynamodb/aws4_request, SignedHeaders=accept-encoding;content-length;content-type;host;x-amz-date;x-amz-target, Signature=483f56dd0b17d8945d3c2f2044b7f97e531190602f132a4d5f828264b3a2cff2" for key Authorization
-----------------------------------------------------
2017/03/02 22:30:13 DEBUG: Response dynamodb/GetItem Details:
---[ RESPONSE ]--------------------------------------
HTTP/0.0 000 status code 0
Content-Length: 0
Based on:
https://golang.org/src/net/http/transport.go
https://godoc.org/golang.org/x/net/lex/httplex#ValidHeaderFieldValue
It looks like the problem is with the header value validation, yet I am at a loss to understand why it works everywhere except on my k8s cluster. The cluster is composed of Ec2 instances running the latest CoreOS stable ami (CoreOS stable 1235.8.0)
The docker image that works on my dev machine is scratch based. To troubleshoot I created an image based on Ubuntu latest with a separate go program that just does a simple get item from dynamodb. When this image is run on my k8s cluster and the program run from an interactive shell, I get the same errors. I have confirmed I can ping the dynamodb endpoints from this env.
I am having a hard time troubleshooting this issue: am I missing something stupid here? Can someone point me in the right direction or have an idea of what is going on?
remember the "-n" when you do this:
echo -n key | base64
The \n after hidden is certainly invalid. Not sure if it is actually there or somehow got inserted when you were cleansing for posting.
Consider:
package main
import (
"fmt"
"golang.org/x/net/lex/httplex"
)
func main() {
fmt.Println("Is valid (without new line)", httplex.ValidHeaderFieldValue("AWS4-HMAC-SHA256 Credential=hidden/20170302/us-east-1/dynamodb/aws4_request, SignedHeaders=accept-encoding;content-length;content-type;host;x-amz-date;x-amz-target, Signature=483f56dd0b17d8945d3c2f2044b7f97e531190602f132a4d5f828264b3a2cff2"))
fmt.Println("Is valid (with new line)", httplex.ValidHeaderFieldValue("AWS4-HMAC-SHA256 Credential=hidden\n/20170302/us-east-1/dynamodb/aws4_request, SignedHeaders=accept-encoding;content-length;content-type;host;x-amz-date;x-amz-target, Signature=483f56dd0b17d8945d3c2f2044b7f97e531190602f132a4d5f828264b3a2cff2"))
}
One guess would be wherever the real hidden value is getting pulled from (config file etc) mistakenly has the \n in there and it's happily getting pulled into your header, but only in this case.