Chocolatey Self-Sevice how it works? - windows-services

Can somebody explain me how does chocolatey self-service agent work? I ask it in the sense of its design. I know that the agent runs as a windows service under defined local admin account. I am interested how this installing software without non-admin work. You execute choco commands from cmd.exe and it sends information to the agent service, and then service executes these command on behalf of you? Does it use some IPC to communicate with agent service? Named pipes maybe? How is this secure, it resembles in some way on reverse shell design. could something like this be accomplish with PowerShell OneGet?

Your best bet for the information that is public is https://chocolatey.org/docs/features-agent-service. The security aspects of this are also covered on that page.

Related

How to make a Docker Container interact with a software inside the Host Machine through Console Commands?

I have built a working application that communicates with IBM Doors through console commands like this one:
"C:\Program Files\IBM\Rational\DOORS\9.7\\bin\doors.exe" -dxl "string parameter = \"PARAMETER\";#include <file.dxl>" -f "%TEMP%" -b "doNothing.dxl" -d PORT#HOST -user USER -password PASSWORD
The problem is that I need to containerize this application. My plan is to containerize the application and use the IBM Doors client that is installed inside the Container Host Machine, since I don't know how to containerize IBM Doors for Windows which is the one I have the licence for.
I had no problem containerizing the applicaton but I dont know how to make the container interact with IBM Doors without altering the application source code.
The application needs to use console commands, like the one above, to communicate with the IBM Doors Client and Database. IBM Doors needs to be able to access the container file system to write and read files.
I know for sure that I need to use Volumes but I dont know how to make that configuration and I didn't find any similar cases to mine.
Is this even possible? If not, how should I tackle this problem?
Thank you for your time.

Why is it unadvisable to run Jenkins on the same computer one develops on?

I have read four tutorials about getting started with Jenkins, and whilst they say it is possible to run Jenkins on the same computer on develops on they also all recommend installing it on a separate one, most commonly a Mac Mini. However: I only own a MacBook Pro; am short on cash; and am only person contributing to my iOS projects currently (I want to learn Jenkins for future client work). So it would be better for me for now to use my MacBook for both purposes.
Whilst I appreciate this is a matter of opinion somewhat, I am wondering what the reason is for the recommendation of separation, and whether I might be able to run Jenkins on the MacBook for now?
Thank you for reading.
The reason it is advised to have a master server and a number of slave server is only valid in company (or big team) environment. It is that build job can be CPU and memory intensive and often many developer starts jobs on the server. In cases like that one machine (being the master and slave server ot once) will be slow. Not only the jobs will take longer to finish, but even the web interface may become unresponsive.
For learning the basic configuration steps one machine is totally enough and you can even run your builds with your Jenkins instance.
I'm not entirely sure what the reason for that is in those tutorials, however, I can suggest an easy way to get started with Jenkins for free (That's how I usually run jenkins for personal use). You can create a free account with one of the Cloud providers like AWS, GCP or Azure and have your jenkins running there. For example, in AWS you can have a 1-year free trial account where you can spin up some free servers. There are many tutorials online, like this one, which will show you step by step of how to get started with Jenkins on AWS. Here are some high-level steps:
Create a free account in AWS (or any other cloud provider)
Spin up an EC2 instance - it can be any linux version or windows, whatever you are more comfortable with
SSH or RDP to the instance and install jenkins - there are exact installation steps for any flavor of your OS out there
Once the installation is complete, you will be able to access jenkins on your browser - in case of AWS, it would be the public ip of the server and default port 8080

Install Chocolatey using TFS build

I would like to silently install chocolatey on a series of test agents, and I'm trying to use a TFS build to do so. I have a build step that uses the "Run Powershell on Remote Machines" task. This in turn invokes the ps1 to install chocolatey, from https://chocolatey.org/install.ps1, and I supply the powershell switches as documented on the chocolatey website:
-NoProfile -InputFormat None -ExecutionPolicy Bypass
When I run the build, I receive this error:
System.Management.Automation.RuntimeException: A command that prompts the user failed because the host program or the command type does not support user interaction. Try a host program that supports user interaction, such as the Windows PowerShell Console or Windows PowerShell ISE, and remove prompt-related commands from command types that do not support user interaction, such as Windows PowerShell workflows. ---> System.Management.Automation.RuntimeException: A command that prompts the user failed because the host program or the command type does not support user interaction. Try a host program that supports user interaction, such as the Windows PowerShell Console or Windows PowerShell ISE, and remove prompt-related commands from command types that do not support user interaction, such as Windows PowerShell workflows.
What am I doing wrong? Seems odd that the chocolatey installer required user interaction, I think the whole point of chocolately was silent installs?
It seems you have wrong settings in task "PowerShell on Target Machines". Follow the steps below:
Create a .ps1 file on the target machine and specify the text below:
Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object
System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
In "PowerShell on Target Machines" task, specify the location of the .ps1 file just created.
Queue the build.
Check the screenshot below:
What am I doing wrong? Seems odd that the chocolatey installer
required user interaction, I think the whole point of chocolately was
silent installs?
Typically it goes fully silent, unless there is something (like a proxy) that requires input. It would be best to determine what might be causing the issue by running the install directly on the machine and seeing what happens.
Details
The install.ps1 passes over to chocolateyInstall.ps1, which calls chocolateySetup.psm1.
As you look over that script, you may notice that the install.ps1 uses Write-Output, but that psm1 uses Write-Host in some places. This may or may not cause issues, but it's unlikely given that the script works fine with PowerShell DSC.
So it could be a few things:
Make sure whatever runs that script has Administrator privileges, otherwise you will get an access denied error (unless you specify a different Chocolatey installation location).
Make sure you are not getting hit by needing to put in proxy credentials (which is fixed by the Offline Recommendation below).
Make sure you are not getting hit with not being able to access internet resources (which is also fixed by using offline resources).
It could be something else causing a popup, like needing to install .NET 4.x. Recommend you have the latest .NET Framework in the 4.x series installed prior to installing Chocolatey.
Offline Recommendation
The best recommendation we can give - don't use the internet for any part of this script. If you want reliability, you should have everything internal. That includes the install.ps1 script you are going to use for Chocolatey and the chocolatey.nupkg itself.
Take a read over at https://chocolatey.org/install#completely-offline-install to understand our recommendations.

Restart IBM Web Application Servers in Jenkins

I am looking for a simple way to restart IBM Web Application Server from Jenkins. Right now there are two steps involved to restart servers in Jenkins.
Executing shell command
Invoke Ant
I feel that there should be a simpler way than above. Please share your tips, tricks, or tweaks. I do not have access to IBM Web Application Servers. But I do have access to IBM Web Sphere console.
Thanks in advance.

Elevated privileges required for MsDeploy runCommand?

I'm attempting to use MsDeploy runCommand provider to uninstall and reinstall a Windows service during an automated deployment.
So far, I've been somewhat successful when following the advice in this question and this blog post.
To perform the actual install/uninstall operations, I'm calling a batch file on the remote host. The batch file works as expected when I log into the host directly and use the 'Run as Administrator' option from the shell. When simply running the batch file by double-clicking (or when running the batch file with the MsDeploy runCommand provider), the batch file doesn't have sufficient permissions to perform the install or uninstall operation. In all cases, I'm running the batch file with a user account that is a local administrator on the host.
I've confirmed that runCommand is using an administrator account through the Management Service Delegation tool, and restarted the Management Service just for the heck of it.
My questions know are:
1) How can I emulate the 'Run As Administrator' with the runCommand provider?
2) If I use a Powershell script instead of a batch file, would this still be a problem?
3) Is there something basic I'm missing here?
I would really not have to write real software to perform this action on the remote host!
Any advice would be appreciated.
Have you tried the runas MSDOS command?
runas /user:mycomputer\myusername somecommand

Resources