I'm trying to write an Ant script to retrieve an URL via port tunnelling.
It works great when I use a password (the names xxxx'd out for privacy):
<project default="main">
<target name="main">
<sshsession host="xxxx"
username="xxxx"
password="xxxx">
<LocalTunnel lport="1080" rhost="xxxx" rport="80"/>
<sequential>
<get src="http://localhost:1080/xxxx" dest="/tmp/xxxx"/>
</sequential>
</sshsession>
</target>
</project>
But it doesn't work when I use a keyfile, like this:
<sshsession host="xxxx"
username="xxxx"
keyfile="/Users/xxxx/.ssh/id_dsa"
passphrase="xxxx">
<LocalTunnel lport="1080" rhost="xxxx" rport="80"/>
<sequential>
<get src="http://localhost:1080/xxxx" dest="/tmp/xxxx"/>
</sequential>
</sshsession>
I get this exception:
/tmp/build.xml:8: com.jcraft.jsch.JSchException: Auth cancel
at com.jcraft.jsch.Session.connect(Session.java:451)
at com.jcraft.jsch.Session.connect(Session.java:150)
at org.apache.tools.ant.taskdefs.optional.ssh.SSHBase.openSession(SSHBase.java:223)
I'm sure I'm using the correct keyfile (I've tried using the wrong name, which gives a legitimate FileNotFoundException).
I can successfully ssh from the command line without being prompted for a password.
I'm sure I'm using the correct passphrase for the keyfile.
What's the cause of this error and what can I do about it?
I debugged the code. This was failing because my private key was failing authentication; JSch silently fell back to password authentication, which was canceled, because I didn't specify a password.
JSch error handling sucks a lot. Retrace your steps, regenerate a (separate) private key file, use ssh -i to guarantee you're using the right file, and keep your fingers crossed.
To get the jsch connection to work, you must specify the paths to both the known_hosts file and to the file containing the private key. This is done using the setKnownHosts and addIdentity methods.
jsch.setKnownHosts("/path/to/.ssh/known_hosts");
jsch.addIdentity("/path/to/.ssh/id_rsa");
If the key has a passphrase, you can add it to the addIdentity argument list:
jsch.addIdentity("/path/to/.ssh/id_rsa", myPassPhrase);
See Javadocs
I had the same issue while using sshexec task. I added passphrase attibute too and it worked fine. create a passphrase for your private key and add this as a attribute in your task. Also don't forget to convert your private key to open ssh format if you generated the key using puttygen on windows.
There is a brand new fork of Jsch out now. The exception handling is far more comprehensive. No more swallowing or defaulting. Head over to https://github.com/vngx/vngx-jsch to check it out. If something doesn't work the way you expect, please raise it as an issue, or send a pull request as we are actively maintaining it. We are also looking to get it up on the maven central repos soon.
I had a similar Issue today. So i thought i will share my solution aswell. I got the same exception but the problem was in fact that i had a umlaut within my password. after choosing a new password without it everything worked fine.
Related
I am writing an Ant script where I want to forcefully sync the client workspace from depot. Below is the code snippet that I am using, but I am not able to figure it out , how to use the flag -f in the xml. Can some please help me?
<target name="sync_head_sql" description="Sync the workspace with head sql">
<taskdef name="p4sync" classname="com.perforce.p4java.ant.tasks.SyncTask" classpathref="p4_classpath"/>
<p4sync
files="//pay_import2/pay/wup2-parent/WU_DEV_ABCD_JBOSS62_V2_594_3/data- engine/conf/..."
user="abcd"
port="xx.xx.xx.xx:1669"
client="wp-nagiosmon">
</p4sync>
</target>
The code mentioned above is able to sync the code successfully, but wants to know about the option of force sync. If i want to add in the above code, then how to do that? Where should i use the -f flag?
Thanks,
Faraz
You can add the force flag into your p4sync tag like this:
<p4sync
files="//pay_import2/pay/wup2-parent/WU_DEV_ABCD_JBOSS62_V2_594_3/data- engine/conf/..."
force="true"
user="abcd"
port="xx.xx.xx.xx:1669"
client="wp-nagiosmon">
I want all OSSEC notifications to be routed to a Slack room instead of email. 2.9.Beta5 has a ossec-slack.sh active response script. The relevant parts of my ossec.conf are:
<command>
<name>ossec-slack</name>
<executable>ossec-slack.sh</executable>
<expect>srcip</expect>
<timeout_allowed>no</timeout_allowed>
</command>
<active-response>
<command>ossec-slack</command>
<location>local</location>
<level>1</level>
</active-response>
This works for SSH logins (failed and successful), but as far as I can tell doesn't trigger anything else. What am I doing wrong/how are others doing this? Is this just beta software being beta software?
First make sure your ossec-slack.sh file has the correct information in the top:
# FILE: /var/ossec/active-response/bin/ossec-slack.sh
SLACKUSER="ossec"
CHANNEL="#slack_chanel" # include the hash "#"
SITE="https://hooks.slack.com/services/TOKEN"
SOURCE="ossec2slack"
Your "SLACKUSER" is the same as the "Customize Name" field that you set in your Slack WebHook Integrations page.
Now that your ossec-slack.sh file is set up you can test your Slack integration manually:
/var/ossec/active-response/bin/ossec-slack.sh
Running the script manually will post recent entries from your alerts log file:
/var/ossec/logs/alerts/alerts.log
When this script is triggered as an active-response, it will only post the information for the current alert, rather than posting from your log file.
When you have verified that you can post Slack messages manually, add the following XML blocks to your ossec.conf file:
<!-- FILE: /var/ossec/etc/ossec.conf -->
<ossec_config>
<command>
<name>ossec-slack</name>
<executable>ossec-slack.sh</executable>
<expect></expect> <!-- no expect args required -->
<timeout_allowed>no</timeout_allowed>
</command>
<active-response>
<command>ossec-slack</command>
<location>local</location>
<level>3</level>
</active-response>
</ossec_config>
The settings above will post to your Slack channel whenever a level 3 or above alert is triggered.
Note: no arguments are required within the <expect> tag. But the <expect> tag itself, is required. See OSSEC's active-response documentation for more information.
To test this integration, restart your ossec server:
/var/ossec/bin/ossec-control restart
You should see the "OSSEC Started" alert very quickly:
If you do not see the alert, check your logs for any misconfigurations:
tail /var/ossec/etc/logs/ossec.log
tail /var/ossec/logs/active-responses.log
Not a full answer, but adding on here. To ensure this works, make sure you don't have this set in /var/ossec/etc/ossec.conf. If it's there, just remove.
<active-response>
<disabled>yes</disabled>
</active-response>
I am using the missing-link http task to push build artifacts to our artifact depository. The problem is that if I push a new artifact, I get an HTTP response code of 201. If I push over an existing artifact, I get a 204. Both of these are valid in my context. But the expected attribute of <http> only accepts a single response code. I tried expected="201,204" and expected="201 204" but I get a NumberFormatException when executing that ant node. Is there a way to allow both 201 and 204 but treat any other responses as a failure?
No, Not directly as you tried. You'd have to modify and rebuild it. I checked the code, expected is an int. as you found it won't take a list.
It would be an ugly workaround but you could set failonunexpected=false.
you could make it less ugly if you continued no matter what the http return was by setting failonunexpected=false and then put the status in a property statusProperty="http.status" which you could use to fail the build if http.status wasn't either 201 or 204. something like:
<condition property="http.status.ok">
<matches pattern="20[14]" string="${http.status}"/>
</condition>
<fail message="Bad http status ${http.status}" unless="http.status.ok"/>
Tell me more about your artifact repository. is it maven or ivy layout? you may be able to leverage Ivy's publish task.
For some specific purpose, I need to install some fonts on the instances. It comes as no surprise when I choose StartUp Task to accomplish that goal. I've configured the Service Definitions as below:
<Startup>
<Task commandLine="Fonts\InstallFonts.vbs" executionContext="elevated" taskType="simple" />
</Startup>
Nothing special here. Click and run, it failed. However, if I changed the commandLine into a cmd file including just nonsense, namely "echo test", the instance would run without ado. So there must be some issue with my scripting:
Const FONTS = &H14&
Set objShell = CreateObject("Shell.Application")
Set objFolder = objShell.Namespace(CreateObject("Scripting.FileSystemObject").GetAbsolutePathName("."))
Set fontFolder = objShell.Namespace(FONTS)
Set rxTTF = New RegExp
rxTTF.IgnoreCase = True
rxTTF.Pattern = "\.ttf$"
Set fso = CreateObject("Scripting.FileSystemObject")
FOR EACH FontFile IN objFolder.Items()
IF rxTTF.Test(FontFile.Path) THEN
IF NOT fso.FileExists(fontFolder.Self.Path+"\\"+FontFile.Name) THEN
FontFile.InvokeVerb("Install")
END IF
END IF
NEXT
The script should come with no error because I've tested it either locally or on Azure via RDP.
Weirdly, when I put it in the startup, the role just won't start. The instance just keeps recycling and at last says "I'm unhealthy". Even if I deprecate the vbs into just one line of code - the first line Const FONTS = &H14&, it just won't start. Even if I wrap the invocation of the vbs into a cmd file, namely to put something like "cscript /B file.vbs", it won't run either.
So I'm concluding that there must be some issue regarding the communication between the script and the Windows Azure monitor. I'm not sure but I think the monitor might take the running script as a failed task. Besides, I'm wondering if there is any timeout for the startup task, which should be the problem though, because the script can guarantee that no UI interaction block the process.
Any idea would be greatly appreciated.
I am sure you must have but just for the sake of confirmation, have you checked that the InstallFonts.vbs file is exported with the package? I mean is the "Copy To Output Directory" is set to "Copy Always/Copy if newer"?
This is pretty much possible that it is not able to locate your file.
You need to write a cmd file as a start up task. In your cmd file, you can call the vbs file using the command line tool cscript.
Azure start up can compile only command line tools.
Oh god, I finally solved the problem.
Although the compiler does quite a good job usually, it allows to use subfolder as a source of command, I mean something like "Subfolder\command.cmd", which will not work always. I've seen examples in which people put whatever we do in cmd in commandLine property, such as "copy fileA fileB" and it really works. But as for vbs, you need to be cautious. Until now I still don't know what's under the cover, but there should be some problem with the path. And the solution is definitely simple, instead of doing the subfolder work for tidiness, just leave the command file in the root folder like most people do:
<Startup>
<Task commandLine="InstallFonts.vbs" executionContext="elevated" taskType="simple" />
</Startup>
And thank you all the same, Kunal. :)
I'm try to develop a cruise control step which will process database migration scripts and apply them.
I'd like to be able to get hold of a list of the modifications from the SourceControl (to see if any new database changes need to be applied).
Any ideas how I can achieve this? I know that this information is written into the log xml but I was wondering if there is an easy mechanism to get a reference to this from with an Ant builder.
I have investigated writing a custom CC Listener or Builder plugin but neither supply this in the interface.
We have "svn update" as one of the steps in ant builder, and later we use output redirected to the file (ant property also could be used):
<exec executable="svn" dir=".">
<arg line="up"/>
<redirector output="svnup.log" alwayslog="true" append="true"/>
</exec>
<property name="svnup.log" value="svnup.log"/>
this creates file named "svnup.log" in the build folder with output of "svn up" command.
I think I'm going to try to write a custom plugin implementing Publisher
#Override
public void publish(Element cruisecontrolLog) throws CruiseControlException { XMLLogHelper xmlHelper = new XMLLogHelper(cruisecontrolLog);
Set<Modification> modifications = xmlHelper.getModifications();
for (Modification modification : modifications) {
handleModification(modification);
}
}
Or another idea is to use the timestamp flag in the sscm ant task combined with the cclastbuildtimestamp property supplied to the ant builder to produce a list of files changed since last build.