How to set Recovery options in Windows services using SaltStack - windows-services

I'm creating a custom Windows Service and deploying it on my salt-minions using Salt master.
The code for it is as follows:
create_service_{{servicename}}:
module.run:
- name: service.create
- m_name: {{servicename}}
- bin_path: {{deploydir}}\path-to-service\{{servicename}}\{{servicename}}.exe
- display_name: {{servicename}}
- start_type: auto
- onfail:
- module: availibility_of_service_{{servicename}}
The service is getting created and deployed on all the minions as required however, I also want to set the recovery options via Salt as highlighted in the below screenshot. The below screenshot is just for reference and my actual service is a different one.
I tried finding salt commands to set this but couldn't. Can someone help me in this if I can set this to Restart via salt or its not available?
If this isn't available via Salt then what is the other option?

You will need to use powershell for that. the issue is the the function salt uses to handle creating the service doesn't handle that functionality. in fact the only way to change that functionality in windows is with the sc command.
see https://evotec.xyz/set-service-recovery-options-powershell/ for information on what to do to change those settings programmatically.

Related

How to enable caching in ArangoDB via Docker or arangojs?

I would like to enable caching in ArangoDB, automatically when my app start.
I'm using docker-compose to start the whole thing but apparently there's no simple parameter to enable caching in ArangoDB official image.
According to the doc, all the files in /docker-entrypoint-initdb.d/ are executed at container start. So I added a js file with that code:
require('#arangodb/aql/cache').properties({mode: 'on'});
It is indeed executed but caching doesn't seem to be enabled (from what I see with arangosh within the container).
My app is a JS app using arangojs, so if I can do it this way, I'd be happy too.
Thanks!
According to the performance and server config docs, you can enable caching in several ways.
Your method of adding require("#arangodb/aql/cache").properties({ mode: "on" }); to a .js file in the /docker-entrypoint-initdb.d/ directory should work, but keep an eye on the logs. You may need to redirect log output with a different driver (journals, syslog, etc.) to see what's going on. Make sure to run the command via arangosh to see if it works.
If that's a bust, you might want to see if there is a way to pass parameters at runtime (such as --query.cache-mode on). Unfortunately, I don't use Docker Compose, so I can't give you direct advice here, but try something like -e QUERY.CACHE-MODE=ON
If there isn't a way to pass params, then you could modify the config file: /etc/arangodb3/arangod.conf.
And don't forget about the REST API methods for system management. You can access AQL configuration (view and alter) in the Web UI by clicking on the Support -> Rest API -> AQL.
One thing to keep in mind - I'm not sure if the caching settings are global or tied to a specific database. View the configuration on multiple databases (including _system) to test the settings.

Add a URL path prefix to artifactory installation (Docker)

I'm running Artifactory CPP CE 7.7.3 and Traefik v2.2 using docker-compose. The service is only available over http://localhost/ui/. Now, what I need is an option which allows to add a URL path-prefix (e. g. http://localhost/artifactroy/ui).
My Setup
I used the described setup process from the Artifactory Docs suggest it.
My docker.compose.yaml is the official extracted from the jfrog-artifactory-cpp-ce-7.7.3-compose.tar.gz: ./templates/docker-compose.yaml.
I'm using a reverse proxy (traefik). For this, I've added the necessary traefik configuration lines to the docker-compose-file. Here is a small extract what I've added:
[...]
labels:
- "traefik.http.routers.artifactory.rule=Host(`localhost`) && PathPrefix(`/ui`)"
- "traefik.http.routers.artifactory.middlewares=artifactory-stripprefix"
- "traefik.http.middlewares.artifactory-stripprefix.stripprefix.prefixes=/"
- "traefik.http.services.artifactory.loadbalancer.server.port=8082"
With this I managed to access artifactory over http://localhost/ui/.
Problem:
I have multiple small services running on my server, each of this service is accusable via http://localhost/<service-name>. This is very convenient and want to make clear that this URL is related to this service on my production server.
Because of this, I want to have an URL like http://localhost/artifactroy/ui/... instead of http://localhost/ui/...
I struggled getting artifactory setup in that way. I already managed to get a redirection from typing e. g. http://localhost/artifactroy/ to http://localhost/ui/ but this is not what I want on my production server.
What I did
Went through the documentation in hope of finding an option which I just can passt to artifactroy to add a prefix (Not successful).
Tried configure traefik two full days, to alter headers to get the repose point to http://localhost/artifactroy/ui/... (Only partially successful, redirection didn’t work afterwards)
Tried finding the configuration which is responsible for configure artifactory in $JFROG_HOME/artifactory/var/etc (Not successful)
Is this even possible? Help is highly appreciated..
This example (even though not traefic example) gives you a direction to implement it. There are certain routes already used within the product. You need to add a context over and above it to ensure all comes via the new context path.
https://jfrog.com/knowledge-base/how-to-remove-artifactory-from-the-context-url-in-artifactory-7/

Prometheus Deployer properties for Scrape

I noticed that my app running in Kubernetes doesn't actually get registered in grafana unless I add the following deployer properties:
deployer.*.kubernetes.podAnnotations=prometheus.io/path:/actuator/prometheus,prometheus.io/port:8080,prometheus.io/scrape:true
Is that supposed to be the case? If so, how can I add add these deployer properties to always be there for every deployment without having to manually add it in the Freetext section before deployment.
Thank you! That helped me track down the answer. I tried putting those properties in (and I might have messed up putting them in) but they kept showing up as app properties and not deployer properties. Then I tried something very similar in the skipper config:
data:
application.yaml: |-
spring:
cloud:
skipper:
server:
platform:
kubernetes:
accounts:
default:
podAnnotations: 'prometheus.io/path:/actuator/prometheus,prometheus.io/port:8080,prometheus.io/scrape:true'
...
And it worked beautifully. Sabby, thanks again!
What you're attempting to accomplish can be solved with the help of "global" property configuration in SCDF.
See: Common Application Properties
However, please note that this method will apply the desired configurations to every stream application that SCDF deploys on the targeted platform. IMO, it is a valid use of it since you'd need metrics scraping for all the deployed apps anyway.
Also, as a FYI, a similar property is available for Task apps.

How to use Gradle behind a firewall without setting a password, just a user?

Title says it all, I'm currently using a file in my '.gradle' directory called 'gradle.properties' to set systempProp.http.proxy* stuff. I've noticed that with Grails you don't need to set a http.proxy.proxyPassword just the http.proxHost, http.proxyPort, and http.proxyUser in the '.grails\ProxySettings.groovy' file.
Is there some systemProp/configuration I can use so I don't need to put my password in plaintext using Gradle?
Gradle cannot eliminate the need for a password, if your proxy requires it. If you however do not want to check your password into code (clearly, that is a stupid thing to do :) ), you should use environment variables to hide it.
You can either set the env variable: http.proxyPassword to your password, or run gradle with a -D parameter:
gradle -Dhttp.proxyHost=*** -Dhttp.proxyPort=*** -Dhttp.proxyUser=**** -Dhttp.proxyPassword=****
Keep in mind that if someone else is building your code without proper env variables set, their build might fail, so remember to include proper instructions.
Also note that there is a different set of properties for https. Oh and if your proxy interferes with SSL certificates, you might also have to import your proxy certificates into your truststore.

DirContextOperations is null

So I have an application that works perfectly on my desktop, and also works perfectly when deployed to tomcat on a windows machine. However, when I attempt to use this application while deployed on the same version of tomcat, but on AIX, it fails to retrieve data out of LDAP.
A user is able to successfully authenticate, but the context is null. DirContextOperations is passed into my ContextMapper as null. Does anyone know what ports that need to be open to get this data or what other configuration may need to be done? Based on what I am seeing it has to be a server configuration issue somewhere.
If you are using Spring Security LDAP plugin then it will be easy to co-relate the below mentioned configuration in AIX with the app. I prepared few snapshots for the configuration so that I do not clutter the answer space here. Have a look at LDAP config in AIX and try to setup the same in AIX Server.
Now coming to the LDAP plugin, there is nothing much other than setting up a bunch of properties is required. Values for these properties will be available once the LDAP configuration is done in AIX (as mentioned in the above mentioned slide).
Note:-
After creating a standalone LDAP, you might need to add realm if the user is associated to a group. I have not mentioned the same in the slides since I do not have an active LDAP host available now.
UPDATE
Instead of using BindAuthenticator can you try switching to PasswordComparisonAuthenticator for authentication.
Using the below setting in Config forces to use PasswordComparisonAuthenticator to authenticate and return back the DirContextOperations. Can this setting be tried?
grails.plugins.springsecurity.ldap.authenticator.useBind = false
#Refer LdapAuthentication Implementations.
I am not sure if this will be the answer in your case. I was also getting null in DirContextOperations object when trying to obtain values from Active Directory.
I was trying to get ldap attributes like this as the Grails LDAP plugin Documentation states:
String mail = ctx.originalAttrs.attrs['mail'].values[0]
and all those were null. So I have changed the line above for this one instead and it works for me:
String mail = ctx.attributes.getAt('mail').values[0].toString()

Resources