2018. május 11., péntek

Docker notes #2

docker ps -a = List docker containers including the stopped ones
docker logs -f [ID] = Show the logs wrote in a container
docker logs --tail 200 [ID]

docker commit [ID] (my_new_image) = Convert a container to image
(returns value: sha256:hash)

docker save -o /path/my_new_image.tar = Save a docker image to be ready to imported
docker load -i /path/my_new_image.tar = Import (load) a foreign image
docker run -it sha256:hash /bin/bash = Spin up the image and run a command in it
(you are inside the container now)

docker export [ID] > /path/ide.tar = Export a container into a .tar file
docker diff [ID] = Show the modified files inside a container since its start
docker cp [ID]:/var/log/apache2/access.log ./access.log = Copy a file from container to host

docker-compose build = Build the correctly setup container (in its directory)
docker-compose up -d = Run it
docker rm [ID] = removes an instance of the container that was run
docker rm `docker ps -a -q` = remove all stopped containers
docker rmi image-name = removes the docker image and its dependencies

docker inspect [ID] = See the details of a container
docker run -p 8080:80 = will redirect the container's port 80 to a port 8080 on the host machine's user port
docker port [ID] = will list the port mapping information

docker top [ID] = See the running processes inside of a container
docker history [IMAGE-NAME] = See the commands the container was originally created by

2018. március 26., hétfő

Systemd over NTP

Ever wondered how to setup an NTP client controlled by systemd? Here are some short steps.
Symptom:

Mar 26 19:24:43 lokalhost systemd-timesyncd[403]: Timed out waiting for reply from 118.189.177.157:123 (0.debian.pool.ntp.org).
Mar 26 19:24:54 lokalhost systemd-timesyncd[403]: Timed out waiting for reply from 103.47.76.177:123 (0.debian.pool.ntp.org).
Mar 26 19:25:04 lokalhost systemd-timesyncd[403]: Timed out waiting for reply from 128.199.123.83:123 (0.debian.pool.ntp.org).
Mar 26 19:25:14 lokalhost systemd-timesyncd[403]: Timed out waiting for reply from 139.59.219.101:123 (0.debian.pool.ntp.org).
Mar 26 19:25:24 lokalhost systemd-timesyncd[403]: Timed out waiting for reply from 202.156.0.34:123 (1.debian.pool.ntp.org).
Mar 26 19:25:35 lokalhost systemd-timesyncd[403]: Timed out waiting for reply from 128.199.87.57:123 (1.debian.pool.ntp.org).
Mar 26 19:25:45 lokalhost systemd-timesyncd[403]: Timed out waiting for reply from 128.199.169.185:123 (1.debian.pool.ntp.org).
Mar 26 19:25:55 lokalhost systemd-timesyncd[403]: Timed out waiting for reply from 103.23.208.175:123 (1.debian.pool.ntp.org).
Mar 26 19:26:05 lokalhost systemd-timesyncd[403]: Timed out waiting for reply from 172.104.55.191:123 (2.debian.pool.ntp.org).


Solution:
1. nano /etc/systemd/timesyncd.conf
2. Set your NTP server, e.g.: NTP=172.16.36.67
3. systemctl restart systemd-timesyncd.service 
4. timedatectl set-ntp true
5. Check with: timedatectl status



2018. március 8., csütörtök

Powershell applet form

It's a little known fact that it is possible to build a complete application form with pure Powershell. (Being based on .NET.). Here is an awesome example, called login.ps1. This is an applet starts a window that cannot be closed with the regular control buttons (as they are disabled) and asks two data from the user. Then it validates the data and if the data found to be invalid, flashes the input fields with red and returns to the initial state. Yeah, this was the hardest part of the development. If the data are all OK, it flashes the input fields with green color and pushes the data to the event log. This is a very very very special use case and only useful for me, but may help someone out who is just looking for a similar data input solution and gets here with google.

[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing")
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
$objForm = New-Object System.Windows.Forms.Form
$objForm.Text = "Long Change Answer File Information"
$objForm.Size = New-Object System.Drawing.Size(455,265)
$objForm.StartPosition = "CenterScreen"

# set this to $True to enable "close" button
$objForm.ControlBox = $false
$objForm.KeyPreview = $True

# Add Ok Button
$OKButton = New-Object System.Windows.Forms.Button
$OKButton.Location = New-Object System.Drawing.Size(180,185)
$OKButton.Size = New-Object System.Drawing.Size(75,23)
$OKButton.Text = "OK"
$OKButton.Add_Click({
    # some tricky regex to validate our very custom input data
    If( $ChangeTextBox.Text -match "\b([Cc][0-9a-zA-Z]{9}|OST#?[0-9]{6})\b" -And $LoginTextBox.Text -match "\b[a-zA-Z]\w{2,19}\b") # Valid -match "^\d{0,10}$"
    {
        $LoginTextBox.BackColor = "lime";
        $ChangeTextBox.BackColor = "lime";
        Start-Sleep -Milliseconds 600;

        $objForm.Close()
    }
    # we have two input fields and both are required to be validated
    ElseIf (-Not ($LoginTextBox.Text -match "\b[a-zA-Z]\w{2,19}\b") -And ($ChangeTextBox.Text -match "\b([Cc][0-9a-zA-Z]{9}|OST#?[0-9]{6})\b"))   # Invalid
    {
        #$ErrorProvider.SetError($LoginTextBox, "Please enter valid name");
        $LoginTextBox.BackColor = "pink";
        $ChangeTextBox.BackColor = "lime";
    }
    # strange logic but this is the simpliest way in this case, here we get back to reset the form
    ElseIf (-Not ($ChangeTextBox.Text -match "\b([Cc][0-9a-zA-Z]{9}|(OST|ost)#?[0-9]{6})\b") -And ($LoginTextBox.Text -match "\b[a-zA-Z]\w{2,19}\b"))
    {
        $ChangeTextBox.BackColor = "pink";
        $LoginTextBox.BackColor = "lime";
    }
    Else
    {
        # visual warning to the user
        $ChangeTextBox.BackColor = "pink";
        $LoginTextBox.BackColor = "pink";
    }
})
$objForm.Controls.Add($OKButton)   

# Add Textbox Label
$FontBold = new-object System.Drawing.Font("Arial",8,[Drawing.FontStyle]'Bold' )

#UserID label
$objLabel = New-Object System.Windows.Forms.Label
$objLabel.Location = New-Object System.Drawing.Size(10,20)
$objLabel.Size = New-Object System.Drawing.Size(425,20)
$objLabel.Font = $fontBold
$objLabel.text = "Please enter Your UserID"
$objForm.Controls.Add($objLabel)

$objLabel1 = New-Object System.Windows.Forms.Label
$objLabel1.Location = New-Object System.Drawing.Size(30,47)
$objLabel1.Size = New-Object System.Drawing.Size(65,50)
$objLabel1.Text = "UserName:"
$objForm.Controls.Add($objLabel1)

#UserID textbox
$LoginTextBox = New-Object System.Windows.Forms.TextBox
$LoginTextBox.Location = New-Object System.Drawing.Size(120,45)
$LoginTextBox.Size = New-Object System.Drawing.Size(260,20)
#$LoginTextBox.BackColor = "green"
$objForm.Controls.Add($LoginTextBox)

#CH label
$objLabel2 = New-Object System.Windows.Forms.Label
$objLabel2.Location = New-Object System.Drawing.Size(10,100)
$objLabel2.Size = New-Object System.Drawing.Size(425,20)
$objLabel2.Font = $fontBold
$objLabel2.Text = "Please enter change number"
$objForm.Controls.Add($objLabel2)

$objLabel3 = New-Object System.Windows.Forms.Label
$objLabel3.Location = New-Object System.Drawing.Size(30,120)
$objLabel3.Size = New-Object System.Drawing.Size(65,40)
$objLabel3.Text = "CH number:"
$objForm.Controls.Add($objLabel3)

#CH textbox
$ChangeTextBox = New-Object System.Windows.Forms.TextBox
$ChangeTextBox.Location = New-Object System.Drawing.Size(120,120)
$ChangeTextBox.Size = New-Object System.Drawing.Size(260,20)
$objForm.Controls.Add($ChangeTextBox)

# Add Validation Control
$ErrorProvider = New-Object System.Windows.Forms.ErrorProvider

$objForm.Topmost = $True
$objForm.Add_Shown({$objForm.Activate()})
[void] $objForm.ShowDialog()

$change= $ChangeTextBox.TEXT
$login = $LoginTextBox.TEXT

Write-EventLog -Source "Winlogon" -LogName "Application" -EventId 666 -Message "Impersonated user logged as $login for $change implementation"

2018. január 2., kedd

User import from foreign LDAP into own AD - PART2

The script continues with STEP3

$OutFile="C:\quser\ad-userimport-scripts\ujuserekerkeztek.txt"
$LogFile="C:\quser\ad-userimport-scripts\adderlog.txt"
$InFile="C:\quser\ad-userimport-scripts\opslistanevekkel.txt"
$WinUsers = "C:\quser\ad-userimport-scripts\winjumpusers.txt"

# we have some test users which must not be disabled
$ToIgnore = "user1","user2","user3","master1","master2"

$GrA = @() # needed!
$GrA = import-csv $InFile # external LDAP group members
$GrB = gc $WinUsers # external LDAP group members who has additional administrative permission to be imported here
$GrC=(Get-ADGroupMember -identity jumpusers).SamAccountName # members who are already in the local AD

$Gone = $GrC | where {$GrA.uid -notcontains $_ } # members who are already in the local AD but not in the foreign AD - seems like deleted there and already left the team
$ToDelete=(Compare-Object $Gone $ToIgnore).InputObject # generating the user list who are to be deleted locally
# some checks to avoid stupid errors - too short list means we caught only some error message
 $i=@(Get-Content $InFile).Length
 if ( $i  -lt 15 ) {
  write-host "There is something wrong with the list, CHECK IT !" | Out-File $LogFile -Append
  exit 1
  }
    $i=@(Get-Content $WinUsers).Length
 if ( $i  -lt 10 ) {
  write-host "There is something wrong with the list, CHECK IT !" | Out-File $LogFile -Append
  exit 1
  }

# logging
Get-Date | Out-File $LogFile -Append
# handling users who are gone meanwhile from the external LDAP
if ( $ToDelete -ne $null ) {
        $ToDelete | ForEach-Object {
            #Delete-ADaccount -Member $_ -Confirm:$false # delete
            #Remove-ADGroupMember -Identity jumpusers -Member $_ -Confirm:$false # removes from the group
            Disable-ADAccount -identity $_ # disable the user
           Write-Host "DISABLED:" $_ | Out-File $LogFile -Append
        }
    }
# Collecting the users into external data file who are not added yet locally. This is the trickiest part of the script because here we just find the loginID of the user. The first and the last names come from the second list! So the loginID (SAMaccount name) needs to be found in the second list and the realname comes with that from there. 

$result = $GrB | Where {$GrC -NotContains $_}
$GrA.uid|ForEach-Object {
    $uidja = $_
    $ndx = [array]::IndexOf($GrA.uid,$uidja)
    $result|Foreach-Object {
        if ($_ -match $uidja ) {
      $GrA.FirstName[$ndx] $GrA.LastName[$ndx]
         $uidja+","+$GrA.FirstName[$ndx]+","+$GrA.LastName[$ndx] | Out-File $OutFile -Append
            }
     }
    }


#STEP4
# This is where the safe import is happening for the new users. The password is generated locally because that can't be exported from the external LDAP so won't be identical.
[...]


User import from foreign LDAP into own AD - PART1

Here is a rather complex script system I wrote. This is just for myself to remember and record my brilliant thoughts. I doubt if anyone else could use it. The goal is to get my users (including their login names and real names) from an external LDAP system and import them into my AD. (Windows based.) I'm doing the first step by using the ldapsearch from the opensource OpenLDAP package.

# STEP1: the raw list
C:\OpenLDAP\ClientTools\ldapsearch -D "cn=queryuser,dc=admin" -w "$$$$" -h 172.16.16.16 -b "dc=admin" -s sub "(&(objectclass=person)(|(gidnumber=100)(gidnumber=110)))" > C:\quser\ad-userimport-scripts\opslista.txt

# STEP2: an annoying thing here, because in the list we have both Base64 encoded and normal usernames we need to decode only the encoded ones.
$source = Get-Content "C:\quser\ad-userimport-scripts\opslista.txt" | Select-String "cn:", "displayName" #
$OutFile="c:\quser\ad-userimport-scripts\opslistanevekkel.txt"
if (Test-Path $OutFile) { Remove-Item $OutFile }
"uid,FirstName,LastName" > $OutFile
$Name_list = @()
$uid_list = @()

$source|ForEach-Object {
    if ($_ -match "displayName:: ")
              {
              $tem = ($_ -replace "displayName:: ","")
              $tam = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($tem))
            #  $Base64_list += ($_ -replace "displayName:: ","")
           $Name_list += $tam
        }
     elseif ($_ -match "displayName: ")
                {
                $tum = ($_ -replace "displayName: ","")
                 $Name_list += $tum
        }
        }
 
$source|ForEach-Object {
    if ($_ -match "cn: ")
       {
        ($_ -replace "displayName: ","")
        $uid_list += ($_ -replace "cn: ","")
        }
    }

    for($i=0;$i-le $uid_list.length-1;$i++)
        {
       $Name_list[$i]=($Name_list[$i] -replace " ","")
       $uid_list[$i]+","+$Name_list[$i] | Out-File -filepath $OutFile -Append
    }
  



 

2017. október 19., csütörtök

The RPC server is unavailable

Error 0x000006BA enumerating sessionnames
Error [1722]: The RPC server is unavailable.

Ever faced this error when tried to connect to a Windows 2012 R2 server from remote to query something ? Setting up an exception for RPC in the firewall may look easy. But... in fact, it isn't. See: Win7/2008 or Windows 10/Server 2016.
Luckily for you, for Server 2012 R2 I give you the clue!
Just enable this pre-definied rule:
Remote Service Management (NP-In) 
Tadaam. 
And I bookmark this link here, that's a funny reading.