2018. március 26., hétfő

Systemd over NTP

Ever wondered how to setup an NTP client controlled by systemd? Here are some short steps.
Symptom:

Mar 26 19:24:43 lokalhost systemd-timesyncd[403]: Timed out waiting for reply from 118.189.177.157:123 (0.debian.pool.ntp.org).
Mar 26 19:24:54 lokalhost systemd-timesyncd[403]: Timed out waiting for reply from 103.47.76.177:123 (0.debian.pool.ntp.org).
Mar 26 19:25:04 lokalhost systemd-timesyncd[403]: Timed out waiting for reply from 128.199.123.83:123 (0.debian.pool.ntp.org).
Mar 26 19:25:14 lokalhost systemd-timesyncd[403]: Timed out waiting for reply from 139.59.219.101:123 (0.debian.pool.ntp.org).
Mar 26 19:25:24 lokalhost systemd-timesyncd[403]: Timed out waiting for reply from 202.156.0.34:123 (1.debian.pool.ntp.org).
Mar 26 19:25:35 lokalhost systemd-timesyncd[403]: Timed out waiting for reply from 128.199.87.57:123 (1.debian.pool.ntp.org).
Mar 26 19:25:45 lokalhost systemd-timesyncd[403]: Timed out waiting for reply from 128.199.169.185:123 (1.debian.pool.ntp.org).
Mar 26 19:25:55 lokalhost systemd-timesyncd[403]: Timed out waiting for reply from 103.23.208.175:123 (1.debian.pool.ntp.org).
Mar 26 19:26:05 lokalhost systemd-timesyncd[403]: Timed out waiting for reply from 172.104.55.191:123 (2.debian.pool.ntp.org).


Solution:
1. nano /etc/systemd/timesyncd.conf
2. Set your NTP server, e.g.: NTP=172.16.36.67
3. systemctl restart systemd-timesyncd.service 
4. timedatectl set-ntp true
5. Check with: timedatectl status



2018. március 8., csütörtök

Powershell applet form

It's a little known fact that it is possible to build a complete application form with pure Powershell. (Being based on .NET.). Here is an awesome example, called login.ps1. This is an applet starts a window that cannot be closed with the regular control buttons (as they are disabled) and asks two data from the user. Then it validates the data and if the data found to be invalid, flashes the input fields with red and returns to the initial state. Yeah, this was the hardest part of the development. If the data are all OK, it flashes the input fields with green color and pushes the data to the event log. This is a very very very special use case and only useful for me, but may help someone out who is just looking for a similar data input solution and gets here with google.

[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing")
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
$objForm = New-Object System.Windows.Forms.Form
$objForm.Text = "Long Change Answer File Information"
$objForm.Size = New-Object System.Drawing.Size(455,265)
$objForm.StartPosition = "CenterScreen"

# set this to $True to enable "close" button
$objForm.ControlBox = $false
$objForm.KeyPreview = $True

# Add Ok Button
$OKButton = New-Object System.Windows.Forms.Button
$OKButton.Location = New-Object System.Drawing.Size(180,185)
$OKButton.Size = New-Object System.Drawing.Size(75,23)
$OKButton.Text = "OK"
$OKButton.Add_Click({
    # some tricky regex to validate our very custom input data
    If( $ChangeTextBox.Text -match "\b([Cc][0-9a-zA-Z]{9}|OST#?[0-9]{6})\b" -And $LoginTextBox.Text -match "\b[a-zA-Z]\w{2,19}\b") # Valid -match "^\d{0,10}$"
    {
        $LoginTextBox.BackColor = "lime";
        $ChangeTextBox.BackColor = "lime";
        Start-Sleep -Milliseconds 600;

        $objForm.Close()
    }
    # we have two input fields and both are required to be validated
    ElseIf (-Not ($LoginTextBox.Text -match "\b[a-zA-Z]\w{2,19}\b") -And ($ChangeTextBox.Text -match "\b([Cc][0-9a-zA-Z]{9}|OST#?[0-9]{6})\b"))   # Invalid
    {
        #$ErrorProvider.SetError($LoginTextBox, "Please enter valid name");
        $LoginTextBox.BackColor = "pink";
        $ChangeTextBox.BackColor = "lime";
    }
    # strange logic but this is the simpliest way in this case, here we get back to reset the form
    ElseIf (-Not ($ChangeTextBox.Text -match "\b([Cc][0-9a-zA-Z]{9}|(OST|ost)#?[0-9]{6})\b") -And ($LoginTextBox.Text -match "\b[a-zA-Z]\w{2,19}\b"))
    {
        $ChangeTextBox.BackColor = "pink";
        $LoginTextBox.BackColor = "lime";
    }
    Else
    {
        # visual warning to the user
        $ChangeTextBox.BackColor = "pink";
        $LoginTextBox.BackColor = "pink";
    }
})
$objForm.Controls.Add($OKButton)   

# Add Textbox Label
$FontBold = new-object System.Drawing.Font("Arial",8,[Drawing.FontStyle]'Bold' )

#UserID label
$objLabel = New-Object System.Windows.Forms.Label
$objLabel.Location = New-Object System.Drawing.Size(10,20)
$objLabel.Size = New-Object System.Drawing.Size(425,20)
$objLabel.Font = $fontBold
$objLabel.text = "Please enter Your UserID"
$objForm.Controls.Add($objLabel)

$objLabel1 = New-Object System.Windows.Forms.Label
$objLabel1.Location = New-Object System.Drawing.Size(30,47)
$objLabel1.Size = New-Object System.Drawing.Size(65,50)
$objLabel1.Text = "UserName:"
$objForm.Controls.Add($objLabel1)

#UserID textbox
$LoginTextBox = New-Object System.Windows.Forms.TextBox
$LoginTextBox.Location = New-Object System.Drawing.Size(120,45)
$LoginTextBox.Size = New-Object System.Drawing.Size(260,20)
#$LoginTextBox.BackColor = "green"
$objForm.Controls.Add($LoginTextBox)

#CH label
$objLabel2 = New-Object System.Windows.Forms.Label
$objLabel2.Location = New-Object System.Drawing.Size(10,100)
$objLabel2.Size = New-Object System.Drawing.Size(425,20)
$objLabel2.Font = $fontBold
$objLabel2.Text = "Please enter change number"
$objForm.Controls.Add($objLabel2)

$objLabel3 = New-Object System.Windows.Forms.Label
$objLabel3.Location = New-Object System.Drawing.Size(30,120)
$objLabel3.Size = New-Object System.Drawing.Size(65,40)
$objLabel3.Text = "CH number:"
$objForm.Controls.Add($objLabel3)

#CH textbox
$ChangeTextBox = New-Object System.Windows.Forms.TextBox
$ChangeTextBox.Location = New-Object System.Drawing.Size(120,120)
$ChangeTextBox.Size = New-Object System.Drawing.Size(260,20)
$objForm.Controls.Add($ChangeTextBox)

# Add Validation Control
$ErrorProvider = New-Object System.Windows.Forms.ErrorProvider

$objForm.Topmost = $True
$objForm.Add_Shown({$objForm.Activate()})
[void] $objForm.ShowDialog()

$change= $ChangeTextBox.TEXT
$login = $LoginTextBox.TEXT

Write-EventLog -Source "Winlogon" -LogName "Application" -EventId 666 -Message "Impersonated user logged as $login for $change implementation"

2018. január 2., kedd

User import from foreign LDAP into own AD - PART2

The script continues with STEP3

$OutFile="C:\quser\ad-userimport-scripts\ujuserekerkeztek.txt"
$LogFile="C:\quser\ad-userimport-scripts\adderlog.txt"
$InFile="C:\quser\ad-userimport-scripts\opslistanevekkel.txt"
$WinUsers = "C:\quser\ad-userimport-scripts\winjumpusers.txt"

# we have some test users which must not be disabled
$ToIgnore = "user1","user2","user3","master1","master2"

$GrA = @() # needed!
$GrA = import-csv $InFile # external LDAP group members
$GrB = gc $WinUsers # external LDAP group members who has additional administrative permission to be imported here
$GrC=(Get-ADGroupMember -identity jumpusers).SamAccountName # members who are already in the local AD

$Gone = $GrC | where {$GrA.uid -notcontains $_ } # members who are already in the local AD but not in the foreign AD - seems like deleted there and already left the team
$ToDelete=(Compare-Object $Gone $ToIgnore).InputObject # generating the user list who are to be deleted locally
# some checks to avoid stupid errors - too short list means we caught only some error message
 $i=@(Get-Content $InFile).Length
 if ( $i  -lt 15 ) {
  write-host "There is something wrong with the list, CHECK IT !" | Out-File $LogFile -Append
  exit 1
  }
    $i=@(Get-Content $WinUsers).Length
 if ( $i  -lt 10 ) {
  write-host "There is something wrong with the list, CHECK IT !" | Out-File $LogFile -Append
  exit 1
  }

# logging
Get-Date | Out-File $LogFile -Append
# handling users who are gone meanwhile from the external LDAP
if ( $ToDelete -ne $null ) {
        $ToDelete | ForEach-Object {
            #Delete-ADaccount -Member $_ -Confirm:$false # delete
            #Remove-ADGroupMember -Identity jumpusers -Member $_ -Confirm:$false # removes from the group
            Disable-ADAccount -identity $_ # disable the user
           Write-Host "DISABLED:" $_ | Out-File $LogFile -Append
        }
    }
# Collecting the users into external data file who are not added yet locally. This is the trickiest part of the script because here we just find the loginID of the user. The first and the last names come from the second list! So the loginID (SAMaccount name) needs to be found in the second list and the realname comes with that from there. 

$result = $GrB | Where {$GrC -NotContains $_}
$GrA.uid|ForEach-Object {
    $uidja = $_
    $ndx = [array]::IndexOf($GrA.uid,$uidja)
    $result|Foreach-Object {
        if ($_ -match $uidja ) {
      $GrA.FirstName[$ndx] $GrA.LastName[$ndx]
         $uidja+","+$GrA.FirstName[$ndx]+","+$GrA.LastName[$ndx] | Out-File $OutFile -Append
            }
     }
    }


#STEP4
# This is where the safe import is happening for the new users. The password is generated locally because that can't be exported from the external LDAP so won't be identical.
[...]


User import from foreign LDAP into own AD - PART1

Here is a rather complex script system I wrote. This is just for myself to remember and record my brilliant thoughts. I doubt if anyone else could use it. The goal is to get my users (including their login names and real names) from an external LDAP system and import them into my AD. (Windows based.) I'm doing the first step by using the ldapsearch from the opensource OpenLDAP package.

# STEP1: the raw list
C:\OpenLDAP\ClientTools\ldapsearch -D "cn=queryuser,dc=admin" -w "$$$$" -h 172.16.16.16 -b "dc=admin" -s sub "(&(objectclass=person)(|(gidnumber=100)(gidnumber=110)))" > C:\quser\ad-userimport-scripts\opslista.txt

# STEP2: an annoying thing here, because in the list we have both Base64 encoded and normal usernames we need to decode only the encoded ones.
$source = Get-Content "C:\quser\ad-userimport-scripts\opslista.txt" | Select-String "cn:", "displayName" #
$OutFile="c:\quser\ad-userimport-scripts\opslistanevekkel.txt"
if (Test-Path $OutFile) { Remove-Item $OutFile }
"uid,FirstName,LastName" > $OutFile
$Name_list = @()
$uid_list = @()

$source|ForEach-Object {
    if ($_ -match "displayName:: ")
              {
              $tem = ($_ -replace "displayName:: ","")
              $tam = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($tem))
            #  $Base64_list += ($_ -replace "displayName:: ","")
           $Name_list += $tam
        }
     elseif ($_ -match "displayName: ")
                {
                $tum = ($_ -replace "displayName: ","")
                 $Name_list += $tum
        }
        }
 
$source|ForEach-Object {
    if ($_ -match "cn: ")
       {
        ($_ -replace "displayName: ","")
        $uid_list += ($_ -replace "cn: ","")
        }
    }

    for($i=0;$i-le $uid_list.length-1;$i++)
        {
       $Name_list[$i]=($Name_list[$i] -replace " ","")
       $uid_list[$i]+","+$Name_list[$i] | Out-File -filepath $OutFile -Append
    }
  



 

2017. október 19., csütörtök

The RPC server is unavailable

Error 0x000006BA enumerating sessionnames
Error [1722]: The RPC server is unavailable.

Ever faced this error when tried to connect to a Windows 2012 R2 server from remote to query something ? Setting up an exception for RPC in the firewall may look easy. But... in fact, it isn't. See: Win7/2008 or Windows 10/Server 2016.
Luckily for you, for Server 2012 R2 I give you the clue!
Just enable this pre-definied rule:
Remote Service Management (NP-In) 
Tadaam. 
And I bookmark this link here, that's a funny reading.

2017. október 4., szerda

A returning to this blog

Just a small script to myself to remember. An elegant and playful way to internally daily backup a jira+confluence+gitlab machine - and avoid all the "unlikely happen" risks.

#!/bin/bash
BACKUPLOG=/var/log/backuplog
exec >  >(tee -ia $BACKUPLOG)
exec 2> >(tee -ia $BACKUPLOG >&2)
if [ ! -f /backup/MOUNTED ]; then  # temp solution for further use
    echo FATAL_BACKUP_NOT_MOUNTED >> $BACKUPLOG
    exit 1
fi

date
echo BACKUP_STARTED

# CONFLUENCE
MYPATH=/var/lib/confluence/backups
FILE=backup-`date +%F|sed 's/-/_/g'`
cp $MYPATH/$FILE.zip /backup/confluence
[[ `ls $MYPATH|wc -l` -gt 15 ]] && find $MYPATH -mtime +15 -delete # purge old backups only if there are new ones !
[[ `ls /backup/confluence|wc -l` -gt 60 ]] && find /backup/confluence/ -type f -mtime +60 -delete

#JIRA
MYPATH=/var/lib/jira/export/
# another nice way
rsync -avh $MYPATH /backup/jira/ # no autodelete!
[ $? -ne 0 ] && echo RSYNC_ERROR_IN_BACKUP # temp set for further use
[[ `ls $MYPATH|wc -l` -gt 41 ]] && find $MYPATH -type f -mtime +20 -delete # 2 backups daily! purge old backups only if there are new ones !
[[ `ls /backup/jira|wc -l` -gt 120 ]] && find /backup/jira -mtime +60 -delete
tar -czf /backup/jira/$FILE-data.tgz /var/lib/jira/data

# MYSQL SIMPLE MIRROR BACKUP
rsync -avh --delete /var/lib/automysqlbackup/ /backup/mysql/
sleep 3

# GITLAB
/opt/gitlab/bin/gitlab-rake gitlab:backup:create
sleep 3
mv /var/opt/gitlab/backups/* /backup/gitlab/

# etc
rdiff-backup /etc /backup/etc
rdiff-backup --remove-older-than 4W /backup/etc
echo BACKUP_ENDED
date

2016. október 19., szerda

SCCM in my test lab

OK that's not a big deal for anyone but for me it was a three day long battle with lots of dead-ended installs, undo's and redo's. So, at long last this is the famous screen I wanted to see so much! All green! /me happy now, thanks Prajwal Desai