I need to load a https file. I use wget with option --no-check-certificate. It runs perfectly if started by the ISE-debugger. It even runs perfectly if I started in the cmd-console: ./myScript.ps1. But as soon as I set the Task Scheduler to start my script I get:
--2016-02-07 19:44:01-- https://www.dailyfx.com/calendar/
Resolving www.dailyfx.com... 104.87.22.147
Connecting to www.dailyfx.com|104.87.22.147|:443... connected.
WARNING: cannot verify www.dailyfx.com's certificate, issued by `/C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G3':
Unable to locally verify the issuer's authority.
WARNING: certificate common name `fxcm.com' doesn't match requested host name `www.dailyfx.com'.
HTTP request sent, awaiting response... 403 Forbidden
2016-02-07 19:44:01 ERROR 403: Forbidden.
Before calling I set the $ArgList and then I call wget:
$urlDFx = "https://www.dailyfx.com/calendar/"
$argList = "$urlDFx -O $rawDFx -o $logDFx --no-check-certificate"
$wg = Start-Process wget -wait -NoNewWindow -PassThru -ArgumentList $argList
The other variables are various local files.
Again, it works in the ISE and the CMD console but not if started by the Task Scheduler. The other part of the scripts are executed without any problem: I did another http-file and parse it.
What can I do?
I have found a solution even if I don't understand why this now works!
I set:
$argList = "$urlDFx -O $rawDFx -o $logDFx --no-check-certificate --verbose "
1) It works even if the task-scheduler has started the script.
2) The log-file of wget contains absolutely the same as before.
(May be now --verbose is skipped??)
Related
I am trying to run "terraform init" command using AZ CLI. Firstly it initialize the backend tfstorage container with tfstate files after that it is raising the error which is mentioned bellow.My az cli version is "2.38.0"
Error: Error building ARM Config: please ensure you have installed Azure CLI version 2.0.79 or newer. Error parsing json result from the Azure CLI: launching Azure CLI: exec: "az": executable file not found in %PATH%.**
Thanks in advance if somebody can rescue me
Navigate to the project directory path using power shell and run the command on the power shell.
C:\Users\abc\IdeaProjects\test_devopspipeline\terraform-manifest>
$ProgressPreference = 'SilentlyContinue'; Invoke-WebRequest -Uri aka.ms/installazurecliwindows -OutFile .\AzureCLI.msi; Start-Process msiexec.exe -Wait -ArgumentList '/I AzureCLI.msi /quiet'; rm .\AzureCLI.msi
Reference: https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-windows?view=azure-cli-latest&tabs=azure-powershell
I was getting this error too, in my case it was a simply that when I ran this
Provider "azurerm" {
subscription_id = "${var.subscription_id}"
tenant_id = "${var.tenant_id}"
client_id = "${var.client_Id}"
client_secret = "${var.client_secret}"
features {}
}
Terraform was not able to capture those values from the .tfvars file, In my particular case, it was a typo on client_Id => (Id) is meant to be id.
If you want to set these variables from outside of the .tf files you can check this link out
I am trying to create a TPM-based unlock script using tpm2-tools with instructions from Tevora Secure boot tpm2. I have set up the key, loaded it with cryptsetup luksAddKey secret.bin, then tested it using tpm2_unlock -c 0x81000000 --auth pci:sha1:0,2,3,7 and returns the value of secret.bin. For extra measures, to make sure it works, I loaded secret.bin into "/etc/crypttab", ran # update-initramfs -u -k all, and rebooted. Upon reboot, the system unlocked.
I copied over the following code into "/etc/initramfs-tools/hooks/tpm2"
#!/bin/sh -e
if [ "$1" = "prereqs" ]; then exit 0; fi
. /usr/share/initramfs-tools/hook-functions
copy_exec /usr/local/bin/tpm2_unseal
copy_exec /usr/local/lib/libtss2-tcti-device.so
I appended my etc/crypttab from cryptname UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx none luks to cryptname UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx none luks,keyscript=/usr/local/bin/passphrase-from-tpm
I rewrote the following script because the tpm2-tools command was outdated, edited in the new command, and stored it in /usr/local/bin/passphrase-from-tpm:
#!/bin/sh
set -e
echo "Unlocking via TPM" >&2
export TPM2TOOLS_TCTI="device:/dev/tpm0"
/usr/local/bin/tpm2_unseal -c 0x81000000 --auth pcr:sha1:0,2,3,7
if [ $? -eq 0 ]; then
exit
fi
/lib/cryptsetup/askpass "Unlocking the disk fallback $CRYPTTAB_SOURCE ($CRYPTTAB_NAME)\nEnter passphrase: "
I ran # update-initramfs -u -k all then rebooted. In reboot, I get the following error: /lib/cryptsetup/scripts/passphrase-from-tpm: line 5: /usr/local/bin/tpm2_unseal: not found
I have tried many times to edit passphrase-from-tpm unsuccessfully, including:
Moving both passphrase-from-tpm into "/boot/efi/EFI/BOOT/" and referencing crypttab to that file
Modifying passphrase-from-tpm to use a relative file path to tpm_unseal
Before I figured out how to create a backup linux boot using:
objcopy \
--add-section .osrel=/etc/os-release --change-section-vma .osrel=0x20000 \
--add-section .cmdline=cmdline.txt --change-section-vma .cmdline=0x30000 \
--add-section .linux="/boot/vmlinuz" --change-section-vma .linux=0x40000 \
--add-section .initrd="/boot/initrd.img" --change-section-vma .initrd=0x3000000 \
/usr/lib/systemd/boot/efi/linuxx64.efi.stub /boot/EFI/BOOT/BOOT_RECX64.EFI
I would be locked out of the system completely because of the error and had to reinstall Ubuntu about 40 times. I have suffered a lot and want to quit but I am too stubborn to throw in the flag.
just copy tpm2_unseal to /usr/local/bin/
I'm trying to make a working setup following basically those instructions, plus a few others I have found. While not working 100% yet, check that both /etc/initramfs-tools/hooks/tpm2 and /usr/local/bin/passphrase-from-tpm are marked executable (sudo chmod ug+x $filename).
After making the initramfs, you can run the following to ensure that the TPM related files are actually in the image. Replace the path in the filename by whatever update-initramfs said it was generating:
$ lsinitramfs /boot/initrd.img-5.0.0-37-generic | egrep "(tpm|libtss)"
lib/cryptsetup/scripts/passphrase-from-tpm
lib/modules/5.0.0-37-generic/kernel/crypto/asymmetric_keys/tpm_key_parser.ko
lib/modules/5.0.0-37-generic/kernel/crypto/asymmetric_keys/asym_tpm.ko
lib/udev/rules.d/tpm-udev.rules
usr/local/lib/libtss2-sys.so.0
usr/local/lib/libtss2-mu.so.0
usr/local/lib/libtss2-sys.so.0.0.0
usr/local/lib/libtss2-tcti-device.so
usr/local/lib/libtss2-tcti-device.so.0
usr/local/lib/libtss2-tcti-device.so.0.0.0
usr/local/lib/libtss2-mu.so.0.0.0
usr/local/bin/tpm2_unseal
Additionally, I have modified /usr/local/bin/passphrase-from-tpm to the following:
#!/bin/sh
TPM_DEVICE=/dev/tpm0
TPM_REGISTER=0x81000001
TPM_SEAL_POLICY=sha256:0,2,4,7
export TPM2TOOLS_TCTI="device:$TPM_DEVICE"
if [ "$CRYPTTAB_TRIED" -eq 0 ]; then
echo "Unlocking via TPM" >&2
/usr/local/bin/tpm2_unseal -H $TPM_REGISTER -L $TPM_SEAL_POLICY
UNSEAL_STATUS=$?
echo "Unseal status $UNSEAL_STATUS" >&2
if [ $UNSEAL_STATUS -eq 0 ]; then
exit
fi
else
echo "TPM unlocking previously failed for $CRYPTTAB_SOURCE ($CRYPTTAB_NAME)" >&2
/lib/cryptsetup/askpass "Enter passphrase for $CRYPTTAB_SOURCE ($CRYPTTAB_NAME): "
fi
Note that the command line options to tpm2_unseal are for the 3.x versions of tpm2-tools. If you're using another version, you might need to update the options.
I pulled out various bits into variables at the top of the file. Modify TPM_REGISTER and TPM_SEAL_POLICY to match how you created the TPM object. set -e was removed since if any command failed, the whole script would exit, preventing the askpass fallback from ever running if tpm2_unseal failed.
Additionally, I noticed that if the script fails for some reason, systemd will attempt to run it again. If the secret in the TPM doesn't match the LUKS key, this will render the system unbootable, since the unseal succeeds, but unlocking fails, and systemd will run the script again.
Looking at the man page for crypttab, I discovered that one of the environment variables provided to the keyscript is CRYPTTAB_TRIED which is the number of tries it has attempted to unlock the volume. If CRYPTTAB_TRIED is 0, it'll attempt to use the TPM, as shown by this test (Running as non-root, so accessing the TPM device fails):
$ export CRYPTTAB_SOURCE=some_device
$ export CRYPTTAB_NAME=some_device_name
$ export CRYPTTAB_TRIED=0
$ ./passphrase-from-tpm
Unlocking via TPM
ERROR:tcti:src/tss2-tcti/tcti-device.c:440:Tss2_Tcti_Device_Init() Failed to open device file /dev/tpm0: Permission denied
ERROR: tcti init allocation routine failed for library: "device" options: "/dev/tpm0"
ERROR: Could not load tcti, got: "device"
Unseal status 1
When it tries running the script again, CRYPTTAB_TRIED will be greater than 0, making it display the password prompt instead:
$ export CRYPTTAB_TRIED=1
$ ./passphrase-from-tpm
TPM unlocking previously failed for some_device (some_device_name)
Enter passphrase for some_device (some_device_name):
Hopefully this is still of use to you, and helpful to anyone else trying to get the house of cards that is disk encryption with a TPM on Linux working.
I'm using TigerVNC, trying to point to specific xstartup because I will need several unique startups for a given user. This is what I'm trying:
vncserver :5 -name "MyServer" -geometry 600x320 -depth 24 -AlwaysShared -fp /usr/share/X11/fonts/misc,/usr/share/X11/fonts/Type1,/usr/share/X11/fonts/100dpi -IdleTimeout 0 -SecurityTypes VncAuth -rfbauth /home/frogger123/.vnc/passwd -xstartup /home/frogger123/.vnc/mystartup
I am consistently getting
Unrecognized option: -xstartup
The docs on the TigerVNC page list this as a valid option. What am I doing wrong? Thanks
edit:From the manual :
vncserver [:display#] [−name desktop-name] [−geometry widthxheight] [−depth depth] [−pixelformat format] [−fp font-path] [−fg] [−autokill] [−noxstartup] [−xstartup script] [Xvnc-options...]
−xstartup script
Run a custom startup script, instead of %HOME/.vnc/xstartup, after launching Xvnc. This is useful to run full-screen applications.
I was using the wrong version of TigerVNC
I am working on developing post-deployment Pester validation script for my project. I need to push pester scripts into the VM as custom script extension using Azure CLI.
Following is the command I executed:
az vm extension set --resource-group SomeRG--vm-name SimpleVM --name
customScript --publisher Microsoft.Azure.Extensions --settings '{"fileUris":
["https://github.com/myname/DSCConfig/blob/master/pester.ps1"],
"commandToExecute":"powershell -ExecutionPolicy Unrestricted -File
pester.ps1"}' --version 2.0
and I got the below error in the Linux interface after executing above command:
Deployment failed. Correlation ID:
8ba16fc0-fea6-4650-bb0a-2b73c9613dfe. Handler
'Microsoft.Azure.Extensions.customScript' has reported failure for VM
Extension 'customScript' with terminal error code '1007' and error
message: 'Install failed for the plugin (name:
Microsoft.Azure.Extensions.customScript, version 2.0.6) with exception
The specified executable is not a valid application for this OS
platform.'
And while checking the extension on VM saw the status as "Transitioning " and details as Install failed for the plugin (name: Microsoft.Azure.Extensions.customScript, version 2.0.6) with exception The specified executable is not a valid application for this OS platform)
Alternatively I tried with other publishers: Microsoft.Compute and Microsoft.OSTCExtensions
Unfortunately, none of them worked. I have been stuck at this step for past two days. Any help is much appreciated.
I think you might be using the wrong custom script extension (the one you are using I believe is for Linux VMs). I think you should be using the one named "CustomScriptExtension" with a publisher of "Microsoft.Compute" and version set to "1.9" as documented here.
Specifically, try this command instead:
az vm extension set --resource-group SomeRG--vm-name SimpleVM --name CustomScriptExtension --publisher Microsoft.Compute --settings '{"fileUris": ["https://github.com/myname/DSCConfig/blob/master/pester.ps1"], "commandToExecute":"powershell -ExecutionPolicy Unrestricted -File pester.ps1"}' --version 1.9
I have a hard time to publish to azure website via command line. First of all I tried with VS generated powershell scripts which are getting generated inside .\Properties\PublishProfiles. I referred the answer in the post Publishing ASP.Net Core app to Azure silently fails in command line. I am able to pass only one parameter(which is password) as publish Properties. I tried to execute like below
PS D:\Sajan\SampleApplications\ADNext\DotNETCore\DotNetCoreWebApiSample\src\DotNetCoreWebApiSample\Properties\PublishProfiles> & '.\DotnetCoreWebApiSample - Web Deploy-publish' -pa
ckOutput 'D:\Sajan\SampleApplications\ADNext\DotNETCore\DotNetCoreWebApiSample\src\Output' -pubProfilePath 'DotnetCoreWebApiSample - Web Deploy.pubxml'-publishProperties #{'Passwor
d' = 'klk'} -verbose
The above attempt atleast trying to invoke msdeploy, but did not succeed. I got below output
Publishing with publish method [MSDeploy]
Executing command ["C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe" -source:manifest='C:\Users\579859\AppData\Local\Temp\PublishTemp\obj\Output\SourceManifest.xml' -des
t:manifest='C:\Users\579859\AppData\Local\Temp\PublishTemp\obj\Output\DestinationManifest.xml',ComputerName='https://dotnetcorewebapisample.scm.azurewebsites.net/msdeploy.axd?site
=DotnetCoreWebApiSample',UserName='$DotnetCoreWebApiSample',Password='{PASSWORD-REMOVED-FROM-LOG}',IncludeAcls='False',AuthType='Basic' -verb:sync -enablerule:AppOffline -enableRu
le:DoNotDeleteRule -retryAttempts:20]
Info: Using ID '25f52554-53e4-4a74-8392-df82e2a07806' for connections to the remote server.
I am not sure what is wrong here. I also tried to pass multiple parameters like below, but some syntax error was reported by powershell.
PS D:\Sajan\SampleApplications\ADNext\DotNETCore\DotNetCoreWebApiSample\src\DotNetCoreWebApiSample\Properties\PublishProfiles> & '.\DotnetCoreWebApiSample - Web Deploy-publish' -pa
ckOutput 'D:\Sajan\SampleApplications\ADNext\DotNETCore\DotNetCoreWebApiSample\src\Output' -pubProfilePath 'DotnetCoreWebApiSample - Web Deploy.pubxml'-publishProperties #{'usernam
e' = 'myusername' 'Password' = 'uL''AllowUntrustedCertificate' = false''AuthType' = 'Basic'} -verbose
Finally I tried to use Msdeploy directly like as below
#echo off
dotnet publish ".\DotNetCoreWebApiSample" --framework netcoreapp1.0 --output "D:\Sajan\SampleApplications\ADNext\DotNETCore\DotNetCoreWebApiSample\src\Output" --configuration Release
"C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe" -verb:sync -source:contentPath='D:\Sajan\SampleApplications\ADNext\DotNETCore\DotNetCoreWebApiSample\src\Output',-dest:contentPath='DotnetCoreWebApiSample',ComputerName='https://dotnetcorewebapisample.scm.azurewebsites.net/msdeploy.axd',UserName="myUser",Password="L",IncludeAcls="False",AuthType="Basic" -enablerule:AppOffline -enableRule:DoNotDeleteRule -retryAttempts:20 -verbose
Now I am getting the error "Error: A '-dest' argument must be specified with the 'sync' verb." I am totally clueless here. Please note that I have already provided -verb:sync and still msdeploy is complaining the same. can someone help me how to publish a .net core web app with command line to an azure web app. For msdeploy, I referred the post http://asp.net-hacker.rocks/2016/07/04/deploy-aspnetcore-to-azure.html. I am using sdk with version "1.0.0-preview2-003131".
The -source attribute in your MSDeploy call has a comma at the end but no additional flags. Replace the comma before -dest with a space:
-source:contentPath='D:\Sajan\SampleApplications\ADNext\DotNETCore\DotNetCoreWebApiSample\src\Output' -dest:contentPath='D