Reindexing bamboo through a task - bamboo

I am trying to automate bamboo reindexing (Bamboo UI -> Overview -> Indexing -> Perform a full reindex)
Can this be done through a task or plugin or any other automated way?

Use REST APIs for that.
This CURL command might help you.
curl -u adminuserid:adminpassword -X POST https://localhost:8085/rest/api/latest/reindex
Please note admin should have sysadmin permisisons to perform reindexing.

Related

Automating Zope5 Database Pack

I tried asking on the Plone forums but no one had any good responses.
I am running Zope5, no ZeoServer, no Plone, with Apache as a frontend proxy.
In the old Zope2 there was a script called zodb-pack that could pack the database from the command line. This is no longer included with Zope5 and I am searching for a way to pack the db from the command line.
Also, Apache is setup for client certificate authentication, so I cannot do something like:
curl -X POST https://username:password#zope.domain.com
I also don't want to hardcode that type of curl statement because of the need to include the username and password.
My Zope is running in a Docker container, so I thought about doing something like:
source /zope5/bin/activate
python scriptname
with a python script along the lines of
from ZODB.DB import DB
from ZODB.config import databaseFromString
from transaction import commit
db = databaseFromString("<zodb_config>")
storage = db.storage
storage.pack(None, referencesf)
but I'm not sure that's the correct way to do this. Basically I just want my bash script that automates the backups for the server to pack the Zope DB before backing it up, but I need a command line command to do so.
I cannot use any solution that requires me to modify how Zope runs, nor requires me to stop Zope to perform the pack.
Of course I can manually go to the ZMI's Control Panel and click Pack, but like I said, I was trying to automate it so it could run in off peak hours.

How to find authentication SSH logs for Linux

I am trying to write a query via splunk to find SSH logs used for authentication in Linux. Any ideas as to the query needed to writer to achieve this? I am new to splunk so any information would help.
Here is what I have started but to no avail:
sshd "Invalid user" NOT port NOT "preauth]" | iplocation InvalidSSHIP
I strongly suggest you use the Splunk TA for Nix, https://splunkbase.splunk.com/app/833/
In it, you will find common inputs and field extractions for SSH event logs, as well as other common *nix formats.
If you follow this TA, you should be able to find the events you are looking for with the following search
index=os eventtype=ssh*

Permissions that need to be assigned for a RabbitMQ monitoring user

What permissions do I need to assign to a software, which will monitor my RabbitMQ server? The software agent should monitor most of the metrics explained and recommended in this document.
I think I have to create a user, e.g. monitoring and then give this user access to all virtual hosts which contain ressources that should be monitored.
I think when creating the user I have to assign it the tag monitoring which is a predefined tag.
What I do not understand is, what RegEx I need to assign to configure, write and read. The documentation contains a table with the permissions on ressources.
I think a monitoring software should not be able to create or delete ressources (configure permission) nor should it be able to ADD messages to a queue or READ and ACK messages from a queue. But for example it should be able to read the number of messages waiting in a queue to alert if a queue has a number of growing messages which are not retrieved.
Could anybody explain, what permissions and settings are required for such a monitoring user?
Here is a quick guide from the beginning to the end while you are setting up RabbitMQ queues monitoring.
1) Create an account:
rabbitmqctl add_user monitoring password
2) Add monitoring tag (you can read more about RabbitMQ tags here https://www.rabbitmq.com/management.html)
rabbitmqctl set_user_tags monitoring monitoring
3) Now get the names of your virtual hosts:
rabbitmqctl list_vhosts
4) Add permission for monitoring user to virtual host:
rabbitmqctl set_permissions -p Some_Virtual_Host monitoring "" "" ""
5) Check if access is granted successfully:
curl -s -u monitoring:password http://localhost:15672/api/queues | jq
Look at the "messages" parameter
Optional) You can publish a fake message from the command line:
rabbitmqadmin publish --vhost=Some_Virtual_Host exchange=some_exchange routing_key=outgoing_routing_key payload="hello world"
Look at the "messages" again!
Tip: make sure to enable rabbitmq_management plugin in your RabbitMQ build to be able to execute these queries.
Figured that out myself with some testing. If someone is interested:
Create an account with monitoring tag
Add that account to EVERY vhost that should be monitored and add empty strings ("") to configure, write and read permissions.
With a nice bash script you can then for example get the numbers of messages in every queue:
curl -u username:password \
--silent \
http://<ServerOrIP>:15672/api/queues/<vhostname> | jq '.[] | .name, .messages'
What is jq? An explanation is missing from the answers provided above.
The jq command is in the EPEL repository.
https://www.cyberithub.com/how-to-install-jq-json-processor-on-rhel-centos-7-8/
# yum --enablerepo=epel install jq

meteor logs <site>

I am starting with meteor [version 0.3.8 (7510b8430e) on OSX] and cloned one of the examples. I peppered my server side with a couple of console.log() statements and am trying to look at the output. According to the manual it is
meteor logs <site>
but that command asks for a authentication? What am I missing?
Did you at some point run
meteor deploy yoursite --password
or
meteor deploy yoursite -P
? If so, it's the password that you set at that time. If you're sure you didn't, maybe somebody else beat you to it (since anyone can set the password on a deployed app with no password)?

Issue with nested calls with psexec (access denied)

First of all, sorry for my poor english. I would try to explain my problem.
I am using psexec within a script to restart a cluster as follows:
script1 in node1: perform a lot of tasks (shutdown services, check status, etc..) in the node1 and after completing all task launch with psexec the script2 in node2 (psexec-d \ \ node2 script2)
script2 in node2: perform a lot of tasks and launches script3 in node1. Here is, when i recived an "access denied" in psexec when I try to run the script3 in node1. (psexec-d \ \ nodo1 script3)
I launch the script with an user that belongs to the group administrators
For security reasons I can not pass username and password, because it is not safe to leave the credentials in a .bat file.
Additional info:
I´m running the script in W2k3 server
I tried a net use and its all ok
I tried a psexec with -u username and -p username and its all ok
I tried to exec psexec with this syntax: psexec .exe -d \node1 cmd.exe "script3.bat" and returns the same error.
Thks a lot
Best Regards
Finally I have decided to use a watchdog process in the second script, so the script will be launched by this process instead of being launched by psexec.
Thanks a lot for your help and your time devoted to help me.
Best regards
It may be related with an issue that one gets from too many linked server hops using integrated authentication - a double-hop Kerberos problem.
Since Integrated Windows Authentication covers two separate authentication mechanisms:
NTLM v2 -and-
Kerberos,
if you are using Kerberos, since the user's password is never passed to the IIS server, the only way the token on the IIS server is going to hop to another machine on the network is via Kerberos Delegation. If that isn't available or allowed, then the hop won't happen (which is what it sounds like is happening).
Given that you are using default credentials, and if the current security context is an impersonation token that can not delegate, then the credentials you supply will not hop to
the other machine.
Since Windows integrated authentication creates an impersonation token, this is very likely to be the case.
Sources:
psexec problem
Windows authentification thread (forum)
Can you make the call to script2 wait for completion, rather than have script2 call back to node1:
script1 in node1: perform a lot of
tasks (shutdown services, check
status, etc..) in the node1 and after
completing all task launch with psexec
the script2 in node2 (psexec \ \ node2
script2)
script2 in node2: perform a lot of
tasks.
script1 in node1: launches script3.