settings.json
"script-torrent-done-enabled": true,
"script-torrent-done-filename": "/var/lib/transmission/.config/transmission-daemon/torrent_complete.sh"
the owner of the torrent_complete.sh - is transmission, the chmod is 777, but the script is still not executing, what I am doing wrongg?
Related
Today I found out, that just showing a diff in btrfs is extremely complicated.
While in ZFS, it's only zfs diff, in btrfs, one has to use either btrfs subv find-new <SNAPNAME> <last-gen> and this find-new does never show me files I created with touch... or empty directories I created...
or one has to use btrfs send --no-data <SNAP1> <SNAP2> | btrfs recv dump
No what I did to test this: I created an empty directory, called 'blah2' and this is what the "diff" shows me:
[andreas#archlinux data]$ ./bdiff .snaps/Fotos-20220910c .snaps/Fotos-20220910b
At subvol .snaps/Fotos-20220910b
snapshot ./Fotos-20220910b uuid=5b07b5f0-ba94-5a47-b586-6d36805b0c9e transid=6783 parent_uuid=1f25f808-28a4-f34d-98e0-fcb54acf4a8a parent_transid=6788
utimes ./Fotos-20220910b/ atime=2022-09-10T16:10:50+0200 mtime=2022-09-10T16:08:07+0200 ctime=2022-09-10T16:08:07+0200
rmdir ./Fotos-20220910b/blah2
utimes ./Fotos-20220910b/ atime=2022-09-10T16:10:50+0200 mtime=2022-09-10T16:08:07+0200 ctime=2022-09-10T16:08:07+0200
[andreas#archlinux data]$ ./bdiff .snaps/Fotos-20220910b .snaps/Fotos-20220910c
At subvol .snaps/Fotos-20220910c
snapshot ./Fotos-20220910c uuid=1f25f808-28a4-f34d-98e0-fcb54acf4a8a transid=6788 parent_uuid=5b07b5f0-ba94-5a47-b586-6d36805b0c9e parent_transid=6783
utimes ./Fotos-20220910c/ atime=2022-09-10T16:10:50+0200 mtime=2022-09-10T16:16:55+0200 ctime=2022-09-10T16:16:55+0200
mkdir ./Fotos-20220910c/o4139-6788-0
rename ./Fotos-20220910c/o4139-6788-0 dest=./Fotos-20220910c/blah2
utimes ./Fotos-20220910c/ atime=2022-09-10T16:10:50+0200 mtime=2022-09-10T16:16:55+0200 ctime=2022-09-10T16:16:55+0200
chown ./Fotos-20220910c/blah2 gid=1000 uid=1000
chmod ./Fotos-20220910c/blah2 mode=755
utimes ./Fotos-20220910c/blah2 atime=2022-09-10T16:16:55+0200 mtime=2022-09-10T16:16:55+0200 ctime=2022-09-10T16:16:55+0200
[andreas#archlinux data]$
Why the hell does it not only report a mkdir blah2, but a mkdir o4139-6788-0 with a following rename? But the otherway, it just reports one rmdir?
I have a conf file for mongod where I am trying to set log rotation, the log file size, and the number of old instances to be kept.
I have added logRotate: rename to the conf file as follows:
systemLog:
timeStampFormat: ctime
destination: file
logAppend: true
logRotate: rename
path: C:\Program Files\ApplicationName\logs\db.log
But I cannot find any documentation or examples that show how to specify the max size of the log file before it rotates and how many old instances to keep.
Also I don't know how to test this.
Apperently you need setup some kind of external process to send SIGUSR1 signal from OS to trigger rotation.
Any ideas? Has anyone actually done this successfully?
There is nothing available in MongoDB itself. Either you write all logs into one file:
systemLog
logAppend: true
or you create a new log file every time you start MonogDB server:
systemLog
logAppend: true
logRotate: rename
In either case you have to delete/compress old log files manually with a 3rd party tool or by script.
In Linux you can trigger a log rotate by kill -USR1 but I am not aware this would be available in Windows. You need to initiate log rotate from Mongo shell:
use admin
db.runCommand({ logRotate: 1 })
or
db.getSiblingDB('admin').runCommand({ logRotate: 1 })
db.adminCommand({ logRotate: 1 })
You can run it from command line with
mongo --eval "db.adminCommand({ logRotate: 1 })"
Setup such task with Windows Task Scheduler. You may have a look at LogRotateWin which is an implementation of logrotate utility for Windows Platform. I never tried it, but it seems to work as supposed to be. For sample logrotate configuration see How can I disable the logging of MongoDB?
Note, for Linux in order not to lose any logs, you first have to rename the logfile and afterwards initiate the log rotate command. I don't know whether Windows behaves in the same way.
With the help of Wernfried-Domscheit answer, a lot of research, weeks of trial and error and frustration I figured out a working solution on windows.
Prerequisites
You have a MongoDB-Service running with a configuration file mongod.cfg
LogRotateWin is installed. This is a third party package to rotate the logfiles, based on the unix implementation. It provides many customizable functionalities like compression, when rotating is applied, old file deletion and more. You can find a full option list here LogRotateWin Configuration.
Basic knowledge of Windows Taskscheduler.
Very basic knowledge of bat files.
1. Adjust the configuration file of the MongoDB-Service
Stop the service
Open the mongod.cfg and find the code lines where the systemLog is configured:
# where to write logging data.
systemLog:
destination: file
logAppend: true
path: E:\MongoDB\Server\4.4\log\mongod.log
logRotate: reopen
Be sure, that you overwrite the path to your mongod.log. Be also sure, that logAppend: true and logRotate: reopen are set.
Delete the current mongod.log file
Restart the service
2. Configure the logrotate configuration
This is my configuration. You can customize that to your own needs. But dont use copy, copytruncate and create and dont remove the postrotate commands!
E:\MongoDB\Server\4.4\log\mongod.log {
nocompress
daily
size 100m
missingok
rotate 50
postrotate
E:\logrotate\notify_mongodb_service.bat
endscript
}
This configuration rotates the logs uncompressed every day or if the size exceeded 100 megabyte. Maximum of 50 logs are stored, older files will be deleted. The postrotate script will be executed when the rotation succeeded.
3. Create the notify_mongodb_service.bat file
This file sends a command to the MongoDB-Service, that a new file will be used. If you enabled authorization you can add -u username -p password aswell.
E:\MongoDB\Server\4.4\bin\mongo.exe --eval "db.adminCommand({ logRotate: 1 })"
Change the path to mongo.exe to the location on your system.
Save the file and be sure that the path in the logrotate configuration is the same! (the line between postrotate and endscript
The command is stored in an extra file, because the LogRotateWin interprets the Brackets ({}) of the mongo command and throws an Exception.
4. Check that all is working
Open the folder of the logs. You should see a single file mongod.log.
Open a terminal and check that logrotation is working ( -f forces the logrotation even if no trigger was triggered):
logrotate logrotate.conf -f
A new log file should occur. (for me it is mongod.log.1)
The mongod.log should be empty.
Trigger something that will be logged. For example connect with monogdbCompass to your MongoDB.
Check mongod.log. The connection should be logged there.
5. Create a Taskscheduler Job to run logrotation periodically
I wont talk about taskscheduler creation but here is an example of my configuration. You can import that file and modify it to your needs.
Also change the path of the logrotate.exe to your location of your system.
This job runs every hour to check if one or multiple triggers of logrotate triggered:
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.4" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo>
<Date>2021-12-02T17:57:55.9541897</Date>
<Author>Grayknife</Author>
<Description>Execute Logrotate Hourly</Description>
<URI>\docker\LogRotate</URI>
</RegistrationInfo>
<Triggers>
<CalendarTrigger>
<Repetition>
<Interval>PT1H</Interval>
<StopAtDurationEnd>false</StopAtDurationEnd>
</Repetition>
<StartBoundary>2021-12-02T18:00:00</StartBoundary>
<ExecutionTimeLimit>PT30M</ExecutionTimeLimit>
<Enabled>true</Enabled>
<ScheduleByDay>
<DaysInterval>1</DaysInterval>
</ScheduleByDay>
</CalendarTrigger>
</Triggers>
<Principals>
<Principal id="Author">
<UserId>1234</UserId>
<LogonType>Password</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>
<UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT0S</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>E:\logrotate\logrotate.exe</Command>
<Arguments>logrotate.conf</Arguments>
<WorkingDirectory>E:\logrotate</WorkingDirectory>
</Exec>
</Actions>
</Task>
I hope i could help someone with that guide.
Edit 2022-05-01
I faced the issue that logrotate throws exception when there are more than 9 files:
E:\logrotate>E:\logrotate\logrotate.exe logrotate.conf -f
logrotate: Force option set to true
logrotate: Exception: Cannot create a file when that file already exists.
logrotate: StackTrace: at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.__Error.WinIOError()
at System.IO.File.InternalMove(String sourceFileName, String destFileName, Boolean checkHost)
at logrotate.Program.AgeOutRotatedFiles(logrotateconf lrc, FileInfo fi, String rotate_path)
at logrotate.Program.RotateFile(logrotateconf lrc, FileInfo fi)
at logrotate.Program.Main(String[] args)
E:\logrotate>E:\logrotate\logrotate.exe logrotate.conf -f
logrotate: Force option set to true
logrotate: Exception: Access to the path 'E:\MongoDB\Server\4.4\log\mongod.log.10' is denied.
logrotate: StackTrace: at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.File.InternalDelete(String path, Boolean checkHost)
at System.IO.File.Delete(String path)
at logrotate.Program.DeleteRotateFile(String m_filepath, logrotateconf lrc)
at logrotate.Program.AgeOutRotatedFiles(logrotateconf lrc, FileInfo fi, String rotate_path)
at logrotate.Program.RotateFile(logrotateconf lrc, FileInfo fi)
at logrotate.Program.Main(String[] args)
E:\logrotate>
Quickfix for now is to set a maximum of 9 files.
Create a python file logrotate.py with content:
import os
# path to your mongod.log file
path = 'D:/MongoDB/Server/5.0/log/'
# you can insert a condition here that checks the size of mongod.log first
# ...
# send logrotate command through terminal
# if you don't have mongosh(ell) installed, replace by mongo / mongod
os.system('cmd /c "mongosh --eval "db.adminCommand({ logRotate: 1 })"')
# delete rotated log file
for file in os.listdir(path):
if file.startswith('mongod.log.'):
os.remove(path+file)
quit()
Create a batch file logrotate.bat with content:
python logrotate.py
Create a task in Windows task scheduler that runs this program every X hours.
I supply the below cloud-init script through Azure portal in creating a VM. and the script never runs. appreciate if anyone can suggest what's wrong with my #cloud-config upload.
observation -
ubuntuVMexscript.sh is written
test.sh is NOT written in home directory
/etc/cloud/cloud.cfg doesn't show the change of [scripts-user, always] in final modules.
#cloud-config
package_upgrade: true
write_files:
- owner: afshan:afshan
path: /var/lib/cloud/scripts/per-boot/ubuntuVMexscript.sh
permissions: '0755'
content: |
#!/bin/sh
cat > testCat < /var/lib/cloud/scripts/per-boot/ubuntuVMexscript.sh
- owner: afshan:afshan
path: /home/afshan/test.sh
permissions: '0755'
content: |
#!/bin/sh
echo "test"
cloud_final_modules:
- rightscale_userdata
- scripts-vendor
- scripts-per-once
- scripts-per-boot
- scripts-per-instance
- [scripts-user, always]
- ssh-authkey-fingerprints
- keys-to-console
- phone-home
- final-message
- power-state-change
write_files runs before any user/group creation. Does the afshan user exist when write_files is being run? If not, attempting to set the own on the first file will throw an exception, and the write_files module will exit before attempting to create the second file. You can see if this is happening by checking /var/log/cloud-init.log on your instance.
/etc/cloud/cloud.cfg won't get updated by user data. It will stay as-is on disk, but your user data changes will get merged on top of it.
scripts-user refers to scripts written to /var/lib/cloud/instance/scripts. You haven't written anything there, so I'm not sure the purpose of your [scripts-user, always] change. If you're just looking to run a script every boot, the scripts-per-boot module (without any changes) should be fine. Every boot, it will run what's written to /var/lib/cloud/scripts/per-boot
I am trying to create a TPM-based unlock script using tpm2-tools with instructions from Tevora Secure boot tpm2. I have set up the key, loaded it with cryptsetup luksAddKey secret.bin, then tested it using tpm2_unlock -c 0x81000000 --auth pci:sha1:0,2,3,7 and returns the value of secret.bin. For extra measures, to make sure it works, I loaded secret.bin into "/etc/crypttab", ran # update-initramfs -u -k all, and rebooted. Upon reboot, the system unlocked.
I copied over the following code into "/etc/initramfs-tools/hooks/tpm2"
#!/bin/sh -e
if [ "$1" = "prereqs" ]; then exit 0; fi
. /usr/share/initramfs-tools/hook-functions
copy_exec /usr/local/bin/tpm2_unseal
copy_exec /usr/local/lib/libtss2-tcti-device.so
I appended my etc/crypttab from cryptname UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx none luks to cryptname UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx none luks,keyscript=/usr/local/bin/passphrase-from-tpm
I rewrote the following script because the tpm2-tools command was outdated, edited in the new command, and stored it in /usr/local/bin/passphrase-from-tpm:
#!/bin/sh
set -e
echo "Unlocking via TPM" >&2
export TPM2TOOLS_TCTI="device:/dev/tpm0"
/usr/local/bin/tpm2_unseal -c 0x81000000 --auth pcr:sha1:0,2,3,7
if [ $? -eq 0 ]; then
exit
fi
/lib/cryptsetup/askpass "Unlocking the disk fallback $CRYPTTAB_SOURCE ($CRYPTTAB_NAME)\nEnter passphrase: "
I ran # update-initramfs -u -k all then rebooted. In reboot, I get the following error: /lib/cryptsetup/scripts/passphrase-from-tpm: line 5: /usr/local/bin/tpm2_unseal: not found
I have tried many times to edit passphrase-from-tpm unsuccessfully, including:
Moving both passphrase-from-tpm into "/boot/efi/EFI/BOOT/" and referencing crypttab to that file
Modifying passphrase-from-tpm to use a relative file path to tpm_unseal
Before I figured out how to create a backup linux boot using:
objcopy \
--add-section .osrel=/etc/os-release --change-section-vma .osrel=0x20000 \
--add-section .cmdline=cmdline.txt --change-section-vma .cmdline=0x30000 \
--add-section .linux="/boot/vmlinuz" --change-section-vma .linux=0x40000 \
--add-section .initrd="/boot/initrd.img" --change-section-vma .initrd=0x3000000 \
/usr/lib/systemd/boot/efi/linuxx64.efi.stub /boot/EFI/BOOT/BOOT_RECX64.EFI
I would be locked out of the system completely because of the error and had to reinstall Ubuntu about 40 times. I have suffered a lot and want to quit but I am too stubborn to throw in the flag.
just copy tpm2_unseal to /usr/local/bin/
I'm trying to make a working setup following basically those instructions, plus a few others I have found. While not working 100% yet, check that both /etc/initramfs-tools/hooks/tpm2 and /usr/local/bin/passphrase-from-tpm are marked executable (sudo chmod ug+x $filename).
After making the initramfs, you can run the following to ensure that the TPM related files are actually in the image. Replace the path in the filename by whatever update-initramfs said it was generating:
$ lsinitramfs /boot/initrd.img-5.0.0-37-generic | egrep "(tpm|libtss)"
lib/cryptsetup/scripts/passphrase-from-tpm
lib/modules/5.0.0-37-generic/kernel/crypto/asymmetric_keys/tpm_key_parser.ko
lib/modules/5.0.0-37-generic/kernel/crypto/asymmetric_keys/asym_tpm.ko
lib/udev/rules.d/tpm-udev.rules
usr/local/lib/libtss2-sys.so.0
usr/local/lib/libtss2-mu.so.0
usr/local/lib/libtss2-sys.so.0.0.0
usr/local/lib/libtss2-tcti-device.so
usr/local/lib/libtss2-tcti-device.so.0
usr/local/lib/libtss2-tcti-device.so.0.0.0
usr/local/lib/libtss2-mu.so.0.0.0
usr/local/bin/tpm2_unseal
Additionally, I have modified /usr/local/bin/passphrase-from-tpm to the following:
#!/bin/sh
TPM_DEVICE=/dev/tpm0
TPM_REGISTER=0x81000001
TPM_SEAL_POLICY=sha256:0,2,4,7
export TPM2TOOLS_TCTI="device:$TPM_DEVICE"
if [ "$CRYPTTAB_TRIED" -eq 0 ]; then
echo "Unlocking via TPM" >&2
/usr/local/bin/tpm2_unseal -H $TPM_REGISTER -L $TPM_SEAL_POLICY
UNSEAL_STATUS=$?
echo "Unseal status $UNSEAL_STATUS" >&2
if [ $UNSEAL_STATUS -eq 0 ]; then
exit
fi
else
echo "TPM unlocking previously failed for $CRYPTTAB_SOURCE ($CRYPTTAB_NAME)" >&2
/lib/cryptsetup/askpass "Enter passphrase for $CRYPTTAB_SOURCE ($CRYPTTAB_NAME): "
fi
Note that the command line options to tpm2_unseal are for the 3.x versions of tpm2-tools. If you're using another version, you might need to update the options.
I pulled out various bits into variables at the top of the file. Modify TPM_REGISTER and TPM_SEAL_POLICY to match how you created the TPM object. set -e was removed since if any command failed, the whole script would exit, preventing the askpass fallback from ever running if tpm2_unseal failed.
Additionally, I noticed that if the script fails for some reason, systemd will attempt to run it again. If the secret in the TPM doesn't match the LUKS key, this will render the system unbootable, since the unseal succeeds, but unlocking fails, and systemd will run the script again.
Looking at the man page for crypttab, I discovered that one of the environment variables provided to the keyscript is CRYPTTAB_TRIED which is the number of tries it has attempted to unlock the volume. If CRYPTTAB_TRIED is 0, it'll attempt to use the TPM, as shown by this test (Running as non-root, so accessing the TPM device fails):
$ export CRYPTTAB_SOURCE=some_device
$ export CRYPTTAB_NAME=some_device_name
$ export CRYPTTAB_TRIED=0
$ ./passphrase-from-tpm
Unlocking via TPM
ERROR:tcti:src/tss2-tcti/tcti-device.c:440:Tss2_Tcti_Device_Init() Failed to open device file /dev/tpm0: Permission denied
ERROR: tcti init allocation routine failed for library: "device" options: "/dev/tpm0"
ERROR: Could not load tcti, got: "device"
Unseal status 1
When it tries running the script again, CRYPTTAB_TRIED will be greater than 0, making it display the password prompt instead:
$ export CRYPTTAB_TRIED=1
$ ./passphrase-from-tpm
TPM unlocking previously failed for some_device (some_device_name)
Enter passphrase for some_device (some_device_name):
Hopefully this is still of use to you, and helpful to anyone else trying to get the house of cards that is disk encryption with a TPM on Linux working.
I am running EasyPHP Webserver 14.1 on Win Server 2012.
When I first installed it the dashboard loaded fine.
Now that I have built up my PHPbb3 forum it no longer loads. The browser continuously states
Waiting for response from 172.0.0.1...
but nothing happens, it just keeps spinning trying to load.
Is there any way I can fix /restore / reinstall the dashboard without affecting any work I've done on PHPbb3?
If it helps after some searching on this forum I created a .bat file containing:
ews-dashboard.exe -S 127.0.0.1:10000 -c ews-dashboard.ini cmd /k
This opens a CMD window containing the following:
C:\Program Files (x86)\EasyPHP-Webserver-14.1b2\dashboard>ews-dashboard.exe -S 127.0.0.1:10000 -c ews-dashboard.ini
PHP 5.4.30 Development Server started at Tue Nov 14 14:33:33 2017
Listening on http://127.0.0.1:10000
Document root is C:\Program Files (x86)\EasyPHP-Webserver-14.1b2\dashboard
Press Ctrl-C to quit.
But this doesn't seem to change anything.
it will work if you change the current port.
start-ews.bat
ews-dashboard.exe -S 127.0.0.1:1000 -c ews-dashboard.ini cmd /k
ews-dashboard.ini
[ServiceEx]
ServiceExeFullPath = "D:/Program Files/EasyPHP-Webserver\dashboard\ews-dashboard.exe"
; program arguments to be sent to executable
options = "-S 127.0.0.1:1000"
; can program interact with desktop [true | false] (default: true)
desktop = false
; start type (valid values: Auto Manual Disabled) (default: auto)
Start=Auto
; start the service upon installation [true | false] (default: no)
StartNow=true