Setting User Environment Variables for tomcat on Windows - tomcat8

I am running tomcat 8 on Windows Server 2012.
I have a web app that needs an user environment variable to be set in order to run.
I can start tomcat and retrieve the variable successfully like this:
set JAVA_HOME=C:\Program Files\Java\jdk1.8.0_65
set CATALINA_HOME=C:\TOOLS\apache-tomcat-8.0.30
set CATALINA_BASE=C:\Users\ULUser\tomcat\myapp
set MY_VAR=%CATALINA_BASE%
set PATH=%CATALINA_ROOT%\bin;%PATH%
set CATALINA_OPTS="-Djava.security.properties=%CATALINA_BASE%\conf\java.security.properties"
%CATALINA_HOME%\bin\catalina.bat run
But when I run as a windows service I cannot retrieve the MY_VAR variable using System.getenv("MY_VAR");
Googling has not helped because all the pages show how to set the Java and Tomcat variables, but not how to set user variables.
I cannot set it for the entire machine because I have several instances of tomcat and each one needs a different environment variable.
I would prefer a method that involves setting the variable in the tomcat configuration rather that with windows configuration.
My alternative is to use context.xml file in tomcat and retrieve the value with logic that retrieves context settings.

From an admin command prompt do the following command:
tomcat8 //US//YourServiceName ++Environment varname=value
You can set more than one variable by separating them with a semicolon (;) or a hash (#). The documentation is quite clear, but it's just difficult to believe anything's happened, because there's no visual indication anywhere, meaning if you run:
tomcat8w //ES//YourServiceName
to get the GUI config tool you will not see the environment variable anywhere, but if you run the service it will pick it up. It's like hidden magic. Don't know why they haven't included it somewhere in the config panel.

Related

MYSQL8 Permanently change password policy requirements

I am trying to change the password policy requirements in MYSQL8 (Note not MYSQL 5.7). I am using Ubuntu 20.04 server (so no GUI).
I can change them within mysql-8 by using lines such as SET GLOBAL validate_password.policy=LOW; and I can see the changes using SHOW VARIABLES LIKE 'validate_password%';, however when I restart mysql using service mysql restart they return the their default settings.
The Stack Overflow article 36301100 alludes to adding lines to mysqld.cnf file however there is no mysqld.cnf file just the mysql.cnf file under the /etc/mysql/ directory. When I add any lines such as SET GLOBAL validate_password.policy=LOW; it causes the mysql server to fail after the service mysql restart command.
Another suggestion given is to remove the password plugin with UNINSTALL COMPONENT 'file://component_validate_password';, however this strikes me as a bit harsh.
Any suggestions? Thanks, Greg

MsDeploy : how to have many productions environment

Today, I have a production environment hosted on IIS and using MsDeploy to be deployed. So the database connection string is set in appsetting.Production.json.
But i have to make a second production environment. So i will create a new publish profile for this environment but how can i set the connection string for this new environment ?
Thanks in advance,
Are they being deployed to separate machines? You can override the settings in appsettings.json by using Environment settings. You don't need to change your code to do this as ASP.NET Core does all the work for you.
In short, settings are read in the following order, with the later ones overriding values from the earlier ones:
Files (appsettings.json, appsettings.{Environment}.json, where
{Environment} is the app's current hosting environment)
Azure Key Vault
User secrets (Secret Manager) (in the Development environment only)
Environment variables
Command-line arguments
So, on your second production machine you can add an Environment variable to override the setting in appsettings.Production.json.
If you are using SQL Server then you can set the SQLCONNSTR_ environment variable to override your setting, add your connection name at the end e.g. SQLCONNSTR_DefaultConnection.
If you are going to use environment variables to override the settings on one machine I suggest you do it for all production machines for consistency.
Take a look at this section in the Configuration in ASP.NET Core for the full configuration sequence.
Information regarding the specific ConnectionString settings are on the same page as above.

websphere properties file

I want to store the datasource properties and the queue properties in separate property file, so WebSphere Application Server will load this properties during sturtup. Is it possible to create such property file for WAS 6.1 and 7?
No. The nearest you can get is to run a wsadmin script which will use the properties file to update the server configuration using the AdminTask.applyConfigProperties() command, but there's no way to set up the server to run such a script automatically on startup.

Creating a connection string in an Indirect Environment Variable for SSIS

I have been scouring the internet for a clear answer to this question and I haven't been able to find one.
We currently have a SQL configuration enabled across packages which stores everything in a database, (dev or prod). It is a tricky process to execute packages, figuring out which configuration the packages are mapped to, and having to change them during testing. My hope is that we can use an environment variable to always use a specific connection string to the specific sql server configuration we want to use based on the machine.
I have seen ways to set up variables with the connection string hard coded as an environment variable with an additional SQL server configuration after to manage this. I have also seen ways to manipulate the connection string using XML and calling that from a variable, or from the package itself.
Both of these solutions work and very well may be viable solutions.
My question that I'm really trying to answer is; Is it possible to develop the entire SQL Server configuration connection through the environment variable? As in combining the connection string with the configuration string so that the one environment variable connects straight to the package configuration? Has anyone tried this? Does it make sense as a solution to the problem?
Yes, we have done this and it works fine. Each package has two configurations: the first is an environment variable and the second is a SQL Server table. The environment variable is the connection string for a database containing a table with all the configurations and it is applied to a connection manager. The SQL Server configuration uses that connection manager to connect to the configuration database and retrieve the individual settings.
Because configurations are applied in order, the connection string for the connection manager is set before the SQL Server configuration tries to use it. In summary:
Create your package
Add a connection manager called "Configuration Database" or whatever
Add a SQL Server configuration to the package, use the "Configuration Database" as the Connection, and choose the settings to be stored in the table
Create an environment variable such as SSIS_PKG_CONF with the connection string to be used for the "Configuration Database" connection manager
Add an environment variable configuration to the package, use the SSIS_PKG_CONF variable, and assign it to the connection string for the "Configuration Database" connection manager
Now when you run the package, the configuration proceeds as follows:
The package processes the environment variable configuration
It assigns the value of the environment variable to the "Configuration Database" connection manager's connection string
The package processes the SQL Server configuration
It uses the "Configuration Database" connection manager to retrieve individual settings from a database table
This has worked well for us because we can change the connection string to point at a different source database for the configuration, without changing anything inside the package or the launcher (i.e. the SQL Agent job or script that runs the packages). There are other ways to do it and some people feel strongly that .dtsConfig files are the better option, but we found it easier to manage environment variables than config files
But in the end managing package configurations is a preference and a lot depends on what is easier in your environment with the tools and practices you already have.

Stop IIS 7 Application Pool from build script

How can I stop and then restart an IIS 7 application pool from an MSBuild script running inside TeamCity. I want to deploy our nightly builds to an IIS server for out testers to view.
I have tried using appcmd like so:
appcmd stop apppool /apppool.name:MYAPP-POOL
... but I have run into elevation issues in Windows 2008 that so far have stopped me from being able to run that command from my TeamCity build process because Windows 2008 requires elevation in order to run appcmd.
If I do not stop the application pool before I copy my files to the web server my MSBuild script is unable to copy the files to the server.
Has anybody else seen and solved this issue when deploying web sites to IIS from TeamCity?
This article describes using an htm file named App_offline.htm to take a site offline. Once the IIS detectes this file in the root of a web application directory,
ASP.NET 2.0 will shut-down the application, unload the application
domain from the server, and stop processing any new incoming requests
for that application.
In App_offline-htm, you can put a user-friendly message indicating that the site is currently under maintainance.
Jason Lee shows the MSDeploy calls you need to use (plus much more about integrating these steps in your build scripts!).
MSDeploy
-verb:sync
-source:contentPath="[absolute_path]App_offline-Template.htm"
-dest:contentPath="name_of_site/App_offline.htm",computerName="copmuter_name",
username=user_with_administrative priviliges,password=passwort
After deployment you can remove the App_offline.htm file using the following call:
MSDeploy
-verb:delete
-dest:contentPath="name_of_site/App_offline.htm",computerName="computer_name",
username=user_with_administrative_priviliges,password=passwort
The msbuild community tasks includes an AppPoolController that appears to do what you want (though as noted it is dated and at present only supports IIS6.) An example:
<AppPoolController ApplicationPoolName="MyAppPool" Action="Restart" />
Note that you can also provide a username and password if necessary.
Edit: Just noticed that the MSBuild Extension Pack has an Iis7AppPool task that is probably more appropriate.
this is the fairly hackey workaround I ended up using:
1) Set up a limited-access account for your service to run as. Since I'm running a CruiseControl.NET service, I'll call my user 'ccnet'. He does NOT have admin rights.
2) Make a new local user account, and assign to the Administrators group (I'll call him 'iis_helper' for this example). Give him some password, and set it to never expire.
3) Change iis_helper's access permissions to NOT allow local login or remote desktop login, and anything else you might want to do to lock down this account.
4) Log in (either locally or through remote desktop) as your non-admin user, 'ccnet' in this example.
5) Open a command terminal, and use the 'runas' command to execute whatever it is that needs to be run escalated. Use the /savecred option. Specify your new administrative user.
runas /savecred /user:MYMACHINE\iis_helper "C:\Windows\System32\inetsrv\appcmd.exe"
The first time it will prompt you for 'iis_helper's password. After that, it will be stored thanks to the /savecred option (this is why we're running it once from a real command prompt, so we can enter the password once).
6) Assuming that command executed OK, you can now log out. I then logged back in as a local admin and turned off the 'ccnet' user for local interactive login, and remote desktop. The account is only used to run a service, but no real logins. This isnt a mandatory step.
7) Set up your service to run as your user account ('ccnet').
8) Configure whatever service is running (CruiseControl.NET in my case) to execute the 'runas' command instead of 'appcmd.exe' directly, the same as before:
replace:
"C:\Windows\System32\inetsrv\appcmd.exe" start site "My Super Site"
with:
runas /savecred /user:MYMACHINE\iis_helper "\"C:\Windows\System32\inetsrv\appcmd.exe\" start site \"My Super Site\""
The thing to note there is that the command should be in one set of quotes, with all the inner quotes escaped (slash-quote).
9) Test, call it a day, hit the local pub.
Edit: I apparently did #9 in the wrong order and had a few too many before testing...
This method also doesn't completely work. It does attempt to run as the administrative account, however it still runs as a non-escalated process under the administrative user, so still no admin permissions. I didn't initially catch the failure because the 'runas' command spawns a separate cmd window then closes right away, so I wasn't seeing the failure output.
Its starting to seem like the only real possibility might be writing a windows service that will run as admin, and its only purpose is to run appcmd.exe, then somehow call that service to start/stop IIS.
Isn't it great how UAC is there to secure things, but in actuality just unsecures more servers, because anything you want to do you have to do as admin, so its easier to just always run everything as admin and forget it?
You can try changing the Build Agent Service settings to log-on as a normal user account instead of SYSTEM (the default), this can be done from the services control panel (Start | Run | services.msc).
If it doesn't help, you can also try configuring the appcmd to always run elevated, refer to this document for details.
In case such option is not available for appcmd or it still doesn't work, you can disable UAC completely for this user.
Here you go. You can use this from CC.NET with NAnt or just with NAnt:
http://nantcontrib.sourceforge.net/release/latest/help/tasks/iisapppool.html