For a couple of weeks I'm struggling with puppet. I do have it pretty much working but i keep getting issues to add a user to the built-in group "Administrators".
I do can add an user to that group, but removing is not possible. This is an local user, without a domain-controler
Here is my manifest:
#Adding user to administrators-group;
class developers {
user {'user_erik':
name => 'Erik.dev',
ensure => present,
comment => 'Developer',
groups => ['Administrators],
membership => inclusive,
password => 'blaat123',
}
}
#removing (not working);
class developers {
user {'user_erik':
name => 'Erik.dev',
ensure => present,
comment => 'Developer',
groups => [],
membership => inclusive,
password => 'blaat123',
}
}
# another way to set this up;
class developers {
user {'user_erik':
name => 'Eric.dev',
ensure => present,
comment => 'Developer',
groups => [],
membership => inclusive,
password => 'blaat123',
}
group{'admin':
name => 'Administrators',
ensure => present,
members => ['Erik.dev'],
}
}
getting error:
Error:
OLE error code:8007055B in Active Directory
" Cannot perform this operation on built-in accounts "
In UNIX I have no problems, but windows is almost killing me and I cannot find my answer on the internet.
Hope someone has it working.
thanks
Dave
I'm going to assume this is a copy pasta error:
user {'user_erik':
name => 'Erik.dev',
ensure => present,
comment => 'Developer',
groups => ['Administrators],
membership => inclusive,
password => 'blaat123',
}
note groups is missing an apostrophe. groups => ['Administrators] should be groups => ['Administrators']
Let's take a look at the remove:
user {'user_erik':
name => 'Erik.dev',
ensure => present,
comment => 'Developer',
groups => [],
membership => inclusive,
password => 'blaat123',
}
I think you are running into a derivative of PUP-3653, where you are trying to remove a user from all groups. I would instead put the user in at least one group (perhaps 'Users'?).
Group Membership
With groups, you must specify the complete list of members. Group auth_membership => minimum is ignored in less than Puppet 4.0.0. See PUP-2628 and PUP-3719 for details.
The error
Error: OLE error code:8007055B in Active Directory " Cannot perform
this operation on built-in accounts "
is most likely related to:
group{'admin':
name => 'Administrators',
ensure => present,
members => ['Erik.dev'],
}
Right now you would need to specify the complete list and you can't remove built-in accounts from the Administrators group. Because this isn't the complete list, Puppet is attempting to remove LocalSystem from the list and running into issues, generating the error you see above.
In Puppet 4.x you can specify it like the above or you can specify it like this:
group{'admin':
name => 'Administrators',
ensure => present,
members => ['Erik.dev'],
auth_membership => false,
}
Related
When a user puts in a bad password, I see it as the level of ERROR in the logs which does not seem like it deserves to be that critical. I alarm off errors so I can understand health of the system. Is there anyway to turn this down to a warning or info...
`production.ERROR: array (
'error' => 'The given data was invalid.',
'errorLine' => 71,
'errorFile' =>
/var/www/html/dashboard/vendor/laravel/framework/src/Illuminate/Validation/ValidationException.php',
'error_catch_scope' => 'report',
'error_catch_file' => '/var/www/html/dashboard/app/Exceptions/Handler.php',
)
I am using laravel 5.7
I am trying to use a gem called RubyPress which allows to use Wordpress' xml-rpc api from ruby. But it always gives me this error:
getaddrinfo: No such host is known. (SocketError)
Here's my code:
require 'rubypress'
wp = Rubypress::Client.new(:host => "localhost/wordpress",
:username => "admin",
:password => "admin")
p wp.getOptions
I am able to connect fine using another gem called wp_rpc but rubypress doesn't seem to work. Rubypress seems to be maintained so i want to use it, it also seems to have more features.
Also, even when i try connecting to a real site, it gives a 403 error which is very strange.
I am running the server using XAMPP on Windows 7. How can I get it to work?
UPDATE:
Here's the code i used for posting, now it doesn't seem to post. Not sure where i went wrong.
wp.newPost( :blog_id => 0, # 0 unless using WP Multi-Site, then use the blog id
:content => {
:post_status => "publish",
:post_date => Time.now,
:post_content => "This is the body",
:post_title => "RubyPress is the best!",
:post_name => "/rubypress-is-the-best",
:post_author => 1, # 1 if there is only the admin user, otherwise the user's id
:terms_names => {
:category => ['Category One','Category Two','Category Three'],
:post_tag => ['Tag One','Tag Two', 'Tag Three']
}
}
)
Note: This is from the rubypress github page. Those categories and tags are not present on the blog, is that the reason?
host must be a host name (e.g. "localhost" in this particular case, or, say, "google.com"):
require 'rubypress'
wp = Rubypress::Client.new(host: "localhost",
username: "admin",
password: "admin",
path: "/wordpress/xmlrpc.php")
Probably, you might need to tune the path parameter up to point exactly to where WP’s RPC endpoint is to be found.
I am trying to provision a vagrant VM to allow users to supply their own bash_profile.local but I don't want this file tracked in the vm's vcs repo. I have a tracked bash_profile.local.dist file that they can rename. How can I tell puppet to only create a file if the source file exists? It is currently working correctly but logs an error during provisioning and this is what I'm trying to avoid.
This is the manifest:
class local
{
file { '.bash_profile.local':
source => 'puppet:///modules/local/bash_profile.local',
path => '/home/vagrant/.bash_profile.local',
replace => false,
mode => 0644,
owner => 'vagrant',
group => 'vagrant',
}
}
You could abuse file in this way :
$a = file('/etc/puppet/modules/local/files/bash_profile.local','/dev/null')
if($a != '') {
file { '.bash_profile.local':
content => $a,
...
}
}
This is not exactly what you asked but you can supply multiple paths in the source, so you can have a default empty file if the user didn't supplied his own.
class local
{
file { '.bash_profile.local':
source => [
'puppet:///modules/local/bash_profile.local',
'puppet:///modules/local/bash_profile.local.default'
],
path => '/home/vagrant/.bash_profile.local',
replace => false,
mode => 0644,
owner => 'vagrant',
group => 'vagrant',
}
}
You can try something like this:
file { 'bash_profile.local':
ensure => present,
source => ['puppet:///modules/local/bash_profile.local', '/dev/null'],
path => '/home/vagrant/.bash_profile.local',
before => Exec['clean-useless-file'],
}
exec { 'clean-useless-file':
command => 'rm .bash_profile.local',
onlyif => 'test -s .bash_profile.local',
cwd => '/home/vagrant',
path => '/bin:/usr/bin',
}
If the admin don't make a copy of ".bash_profile.local" available in "modules/local/bash_profile.local", the file resource will use the second source and then create a blank file. Then, the "onlyif" test fails and the exec will remove the useless blank file.
Used this way this code can be a little cumbersome, but it's better than a provisioning failure. You may evaluate if retaining a blank .bash_profile.local file can be okay in your case. I normally use a variation of this, with wget instead of rm, to get a fresh copy of the file from the internet if it was not already made available as a source.
If you're using puppetmaster, be aware you can use it to provision the own server, presenting two versions of the catalog, according to the .bash_profile.local is present or not.
Creating new service with win32-service, what's the meaning of the failure_reset_period ?
I'll appreciate some words on other options too (failure_reboot_message, failure_command, failure_actions, failure_delay) and examples.
Thank you in advance.
an example of use:
Service.new(
:service_name => SERVICE_NAME,
:display_name => SERVICE_DISPLAYNAME,
:start_type => Service::AUTO_START,
:error_control => Service::ERROR_NORMAL,
:service_type => Service::WIN32_OWN_PROCESS,
:description => 'This service does blah blah..',
:binary_path_name => path,
:failure_reset_period => 86400, # period (in seconds) with no failures after which the failure count should be reset to 0
:failure_actions => [ Service::ACTION_RESTART ], # action to take
:failure_delay => 60000 # delay before action in milliseconds
)
failure_reset_period resets to 0 the failure count on the service after specified time, what is useful since you can configure different actions for the first, second and other failures of the service.
meaning of those options is described here, for failure_reset_period:
the number of days that must pass before the service fail count is
reset
What if I need to set second and third failure options having different failure_delay?
EC2 gives instances a new IP address when they're stopped then restarted, so I need to be able to automatically manage a route53 record set so that I can access things consistently. Sadly the documentation for the route53 portion of the sdk is not nearly as robust as it is for ec2 (understandably) and so I'm a bit stuck. From what I've seen so far, it seems like change_resource_record_sets (link) is the way to go, but I'm confused as to what needs go into :chages since it mentions a Change object but fails to provide a link to a description of said object.
Here's what my code currently looks like for a creation:
r53.client.change_resource_record_sets(:hosted_zone_id => 'MY_ID', :change_batch => {
:changes => 'I DONT KNOW WHAT GOES HERE',
:action => 'CREATE',
:resource_record_set => {
:name => #instance.instance_name,
:type => 'CNAME',
:ttl => 330,
:value => #instance.ip_address
}})
EDIT: Okay, since I haven't had any help either here or on the official forums I've been messing around with it myself. So it turns out that the documentation is just plain awful. All of the values are stored in a Change object, and not given there. So it actually looks more like this:
some_change = AWS::Route53::CreateRequest.new(#instance.instance_name,
'CNAME',
:ttl => 330,
:resource_records => [
{:value => #instance.ip_address}
])
r53.client.change_resource_record_sets(:hosted_zone_id => 'MY_ZONE', :change_batch => {
:changes => [some_change],
})
The documentation is pretty poor, though it does contain a few examples. I initially had the impression that it was necessary to create requests (and use the client object) per your solution, but there are alternatives.
An example of creating a record can be found in the ResourceRecordSetCollection reference, but it's only a little more concise than your answer:
rrsets = AWS::Route53::HostedZone.new(hosted_zone_id).rrsets
rrset = rrsets.create('foo.example.com.', 'A', :ttl => 300, :resource_records => [{:value => '127.0.0.1'}])
I wanted to update an existing record, and didn't have the hosted_zone_id to hand. It took far too long to figure out how best to do this, so I'm offering the following example in the hope it saves someone else some time:
r53 = AWS::Route53.new
domain = "example.com."
fqdn = "host." + domain
zone = r53.hosted_zones.select { |z| z.name == domain }.first
rrset = zone.rrsets[fqdn, 'A']
rrset.resource_records = [ { :value => "1.2.3.4" } ]
rrset.update
Note that that assumes you only have a single zone with that name in Route53.
The method that zts posted seems to be a much better way of updating records. However, if you're updating an alias record then you have to use DeleteRequest/CreateRequest as the alias_target instance attribute on ResourceRecordSet seems to be readonly, even though the docs don't list it as so.
Here's one way to do it. Note that the hosted zone id for the alias target (region in the code below) should not be a personal zone ID, it is actually an encrypted region ID. This doesn't seem to be documented anywhere, and the only reference for these IDs that I could find was in the source of the fog gem.
Edit: This has now moved to a separate module called fog-aws and is more up to date.
{
"ap-northeast-1" => "Z2YN17T5R711GT",
"ap-southeast-1" => "Z1WI8VXHPB1R38",
"ap-southeast-2" => "Z2999QAZ9SRTIC",
"eu-west-1" => "Z3NF1Z3NOM5OY2",
"eu-central-1" => "Z215JYRZR1TBD5",
"sa-east-1" => "Z2ES78Y61JGQKS",
"us-east-1" => "Z3DZXE0Q79N41H",
"us-west-1" => "Z1M58G0W56PQJA",
"us-west-2" => "Z33MTJ483KN6FU",
}
And the code:
change_request = {
hosted_zone_id: zone.id,
change_batch: { changes: [] }
}
alias_target = {
hosted_zone_id: region,
evaluate_target_health: false
}
# Delete the record if it already exists
if rrset.exists?
alias_target[:dns_name] = rrset.alias_target[:dns_name]
delete_request = AWS::Route53::DeleteRequest.new(fqdn, 'A', alias_target: alias_target)
change_request[:change_batch][:changes][0] = delete_request
r53.client.change_resource_record_sets(change_request)
end
# Create the new record
alias_target[:dns_name] = new_alias
create_request = AWS::Route53::CreateRequest.new(fqdn, 'A', alias_target: alias_target)
change_request[:change_batch][:changes][0] = create_request
r53.client.change_resource_record_sets(change_request)
I hacked it until it worked, and here are my results:
Don't look at the ruby route53 documentation for anything but method/object/attribute names. It is misleading, if not outright wrong. Instead, check out the rest documentation since the client just builds up a standard xml request anyway. My example of creating a simple record is as follows:
some_change = AWS::Route53::CreateRequest.new("foo.bar.com",
'CNAME', # the type of the resource record set
:ttl => 330, # The cache time to live for the current resource record set
:resource_records => [
{:value => "0.0.0.0"} # dependent on type
])
r53.client.change_resource_record_sets(:hosted_zone_id => 'MY_ZONE', :change_batch => {
:changes => [some_change],
})
I initially worked with what #slippery John did, but that proved problematic for spot instances that reclaim certain dns names often.
I found a solution I think is better, almost I identical to his:
some_change = AWS::Route53::ChangeRequest.new("UPSERT","foo.bar.com",
'CNAME', # the type of the resource record set
:ttl => 330, # The cache time to live for the current resource record set
:resource_records => [
{:value => "0.0.0.0"} # dependent on type
])
r53.client.change_resource_record_sets(:hosted_zone_id => 'MY_ZONE', :change_batch => {
:changes => [some_change],
})
it is intentionally copied from his solution with a slight modification.
For aws-sdk v2 it is like this:
[72] pry(main)> r53 = Aws::Route53::Client.new
[73] pry(main)> change
=> {:action=>"UPSERT",
:resource_record_set=>
{:name=>"myhost.example.com",
:resource_records=>[{:value=>"192.0.2.44"}],
:ttl=>60,
:type=>"A"}}
[44] pry(main)> res = r53.change_resource_record_sets(hosted_zone_id: my_zone_id, change_batch: {changes: [change]})
=> #<struct Aws::Route53::Types::ChangeResourceRecordSetsResponse
change_info=
#<struct Aws::Route53::Types::ChangeInfo
id="/change/C02195391TWJO1GT9KVRV",
status="PENDING",
submitted_at=2020-11-03 21:39:09.41 UTC,
comment=nil>>
For more info see https://docs.aws.amazon.com/sdk-for-ruby/v2/api/Aws/Route53/Client.html#change_resource_record_sets-instance_method