I can run the following command in terminal to mount an encrypted sparsebundle where the bundle password is stored in the keychain.
hdiutil attach '/Volumes/Backup/Mac1.sparsebundle'
I would like to have that command run on a schedule, so I'm using CronniX to create a cron job with that command. But, when it runs at the scheduled time, nothing happens. When I check the cron daemon mail in terminal, it says the following:
hdiutil: attach failed - Authentication error
I'm assuming that it isn't able to read the password from keychain? I don't know. Hoping somebody can shed some light on things, or point me in the right direction.
Thanks
hdiutil depends on some environment variables. Check this (ENVIRONMENT section). So, probably the environment is different when you run from terminal and from cron. According to error, I think this is due to absence of com_apple_diskimages_insecureHTTP. However the same effect will give adding -insecurehttp to the arguments or specify SSL certificate with -cacert/-capath.
Related
I have a arch linux in vm,
I imported my gpg keys and configs gpg as described here:
https://github.com/drduh/YubiKey-Guide
and also config pass & git to use gpg keys, and everything works fine,
so for example when I run git pull for first time it asks me the password,
the problem is:
when I restart my vm, before I can run any command(like git pull),I have to run this command:
gpg-connect-agent updatestartuptty /bye
then everything works fine,
How can I solve this issue?
GPG depends on pinentry to provide user interaction for typing the passwords such as the one to protect your smartcard. In order to function properly, pinentry (which, on terminal, is either pinentry-tty or pinentry-curses) needs to know which tty it should listen for user interaction.
When GPG is acting as your ssh-agent to provide git+ssh authentication, it will keep a reference of the first tty available when it started, which is not the same you will have when you connect to your VM. Unfortunately, gpg-agent has no way to know at runtime which tty you are connected to, so it will fail every time it tries to communicate with its startup tty. That's why you need to update the startup tty using that command. This behavior is shortly described on their docs.
An alternative to avoid that command every time is to use any pinentry application that does not rely on tty, such as GUI ones like pinentry-gtk-2, pinentry-gnome and so on.
I have installed Jenkins on my local, I have created my own EC2 instance, I can ssh into my instance and run some shell scripts to shut down my Wildfly server installed on my instance.
This is what I do when I do it manually on my Mac.
open my mac terminal, type
ssh -i /Users/xxx/tools/xxxx.pem ubuntu#10.206.xxx.xx
It will login to my Instance, and then I type:
cd /srv/wildfly-10.1.0.Final/bin
sudo -s
source /etc/profile
./jboss-cli.sh --connect command=:shutdown
The screen will output
{"outcome" => "success"}
Now, I want to using Jenkins, when I click build button, it will ssh into that instance and run these shell scripts for me. The output is expected the same as I run it after I ssh into the instance.
My question is: what steps should I follow, after I login to my Jenkins local environment: localhost:8080
Create a New Item, which one? Is there some plugin I can use? Where to put my shell scripts, will it run successfully?
A guide would be helpful, thanks a lot!
Additon:
when I try to login: using my ssh command, I get this error:
Pseudo-terminal will not be allocated because stdin is not a terminal.
Host key verification failed.
Too many questions to answer in one post. but this should get you started.
ssh from jenkins to your ec2 should be password less, should you need to set the keys in jenkins. use the credential manager and create one, by pasting the private key
https://www.cloudbees.com/blog/using-ssh-jenkins
Refer remote command execution over ssh for the rest of the task.
you will find how to do this in tons.. but this should give you an idea. https://www.cyberciti.biz/faq/unix-linux-execute-command-using-ssh/
For the question on job type, at this point just go with the freestyle .. And later, you may plan for fancy stuff.
You need to add the PEM file details in place where it asks for Private Key
I have Jenkins running on OSX 10.8.2. I will often leave a session logged in and su'd into the Jenkins account.
On occasion I will get a cryptic call/email/text from a socially inept user who say simply that "Jenkins is broken" and attaches a useless log snippet indicating that Jenkins could not talk to a remote host because the keys were invalid. The Jenkins build fails. The first thing I do is a "whoami" on the session I'm logged into.
whoami -> _assetcache
I type "exit"
whoami -> root
sudo su - jenkins
whoami -> jenkins
What causes it to think the user has become _assetcache? Why is it fixed by simply logging back into the account? When I check ownership on the jenkins user files they show _assetserver for the user and group too, but logging out and back in seems to clear the issue every time. Any idea what may be causing the issue?
Thanks
I would still like to know what causes this, but I have a hack that addresses the issue and for whatever reason, as strange as it may seem, it works:
As root I run a cron script once a hour that executes: sudo su - jenkins
I don't consider the problem solved, but at least that's a workaround. Longer term, I'm recommending that we simply move off the OSX platform and onto a AWS platform.
I cannot change the permissions on files when I run Hadoop in Cygwin:
java.io.IOException: Failed to set permissions of path: \tmp\hadoop-James\mapred\staging\James-1143336710\.staging to 0700
From what I've gathered you can't really run Cygwin as root since Windows doesn't really have a notion of root (reference), and I've tried to run Cygwin as the Administrator user but this option isn't available to me when I right click on the Cygwin shortcut in Windows XP (I've also tried changing the Cygwin shortcut's properties to allow me to run as another user but that option is disabled).
Can anyone advise me as to how I can get past this issue? Thanks in advance for your help.
Here is a simple-to-use workaround for this particular problem:
https://github.com/congainc/patch-hadoop_7682-1.0.x-win
This issue is not about file permissions per se. Rather, it is an issue with the Java VM's support for setting file permissions on Windows, and an intransigent attitude among the Hadoop committers not to work around the problem. See HADOOP-7682 for the gory details:
https://issues.apache.org/jira/browse/HADOOP-7682
run ssh-host-config. it will set up the prvileged user "cyg_server" and set up sshd
as a windows service.
in "/etc/passwd" give the user a home "/home/cyg_server" and shell "/bin/bash".
create a password for the user. then create the ssh keys and add them to
~/.ssh/authorized_keys.
start the windows service. in a cygwin shell, "ssh cyg_server#localhost".
--- edit ---
forgot to mention: when you create the password for the cyg_server user, you need a root cygwin shell (run cygwin bash as Administrator). also give the user a valid shell (/bin/bash).
I have a complex script - that Jenkins executes on build - which needs to check for events in /var/log/syslog. In order to do so, I added the user "jenkins" to the group syslog belongs to and set the file permissions to 0640.
The script above runs perfectly fine when manually executed, but when invoked by Jenkins build system it fails: indeed, the output console shows that the script has not the permission to read /var/log/syslog when invoked via Jenkins.
A quick check with whoami shows that the building process runs with "jenkins" as user, though. Hence, I cannot understand why the script behavior is different.
I haven't used jenkins, so this might not be what's going on, but do you know if you are running under SELinux or any other sort of mandatory-access-control system?
That tends to be my knee-jerk reaction to strange permissions issues.
If SELinux is enabled, try checking /var/log/audit/audit.log to see if there are any denials to read /var/log/syslog.
If you are on Linux, the command "getenforce" should tell you whether SELinux is running or not.