In Alfresco 5.0.d even anonymouse user can access deployment console http://localhost:8080/share/service/modules/deploy - how can I secure it?
The module deployment page (as with other Surf webscripts under service/ ) are restricted to admin by default.
See here for the webscript descriptor file which sets the admin authentication requirement: https://github.com/Alfresco/community-edition/blob/master/projects/surf/spring-surf/spring-surf/src/main/resources/webscripts/extensibility/moduleDeployment.get.desc.xml
<webscript>
<shortname>Module Deployment Status</shortname><description>Displays the current module deployment status.</description>
<url>/modules/deploy</url>
<family>ModuleDeployment</family>
<lifecycle>internal</lifecycle>
<authentication>admin</authentication>
</webscript>
Related
I have installed several application on a BizTalk 2020 server using BTDF 5.8 where I used to the application settings in the deployment to update any config for the BizTalk applications.
My own account is part of the SSO admin group and I use the in proc host account to install the apps into the BizTalk server. The proc host account is also part of the SSO admin group.
When I view the SSO using the admin or client utility no apps are shown. I also downloaded and run the BizTalk-Server-SSO-Application-Configuration-Tool. The tool also showed no current installed applications, but was able to add an application with it config.
But ideally I would like to view and edit current config as I am currently getting an error on a server with incorrect value.
Is there another tool to view and edit settings or am I missing something that must be enabled.
If I want to access the REST API of the openshift master server from anywhere in my company I use https://master.test04.otc-test.company.com:8443 which works just fine.
Now I'm writing an admin application that is accessing the REST API and is deployed in this openshift cluster. Is there a generic name or environment variable in openshift to get the hostname of the master server?
Background: My admin application will be deployed on multiple openshift clusters which do not have the same URL. It would be very handy to have them autodiscover the hostname of the current master server instead of configuring this value for every deployment.
Use environment variables:
https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT
In the container, unless service account details are not being mounted, you can also access the directory:
/var/run/secrets/kubernetes.io/serviceaccount
In this you can then find a token file which contains the access token for the service account the container runs as. This means you can create a separate service account for the application in that project, and use RBAC to control what it can do via the REST API.
That same directory also has a namespace file so you know what project the container is running in, and files with certificates to use when accessing the REST API over a secure connection.
This is the recommended approach, rather than trying to pass an access token to your application through its configuration.
Note that in OpenShift 4, if you need to access the OAuth server endpoint, it is on a separate URL to what the REST API is. In 3.X, they were on the same URL.
In 4.0, you can access the path /.well-known/oauth-authorization-server on the REST API URL, to get information about the separate OAuth server endpoint.
For additional information on giving REST API access to an application via a service account, see:
https://cookbook.openshift.org/users-and-role-based-access-control/how-do-i-enable-rest-api-access-for-an-application.html
Note that that page currently says you can use https://openshift.default.svc.cluster.local as URL, but this doesn't work in OpenShift 4.
I have two web servers and one service server and a database server and all these servers are domain joined. And I have set my private build agent from VSTS from where I can build my artifacts and based on build configuration. And all my DEV,QA and STAGING environments are setup on those servers.
My problem is i am looking for a way using PowerShell Desired state configuration such a way that based on the environment artifacts (DEV,QA and STAGING) the scripts has to copy the artifacts to specific location on those "TWO web-servers" and ensure the website is configured correctly with all the required permissions where these artifacts are used to host IIS website and perform the delete and creation action of particular windows service on "SERVICE service" and should also perform the migration activities on "DATABASE server" for particular database. since I have separated database for each individual environment.
Any kind of help or suggestion would be appreciated. thank you.
My suggestions are:
Don't use DSC for deployment (i.e. deploy applications or databases)
Use DSC for configuration (e.g. install IIS)
Install the VSTS Agent on each server in Deployment Groups mode, running as a service with local administrator privileges
Use the IIS Deploy Tasks designed for Deployment Groups
Use the Powershell Task to manage the Windows Services (tip. help *-Service)
I am able to obtain information about the current deployments on the JBoss Server via JBoss CLI. (deployment-info)
I can connect to the JBoss CLI directly from the ssh terminal or from an web interface (Management console).
By using the CLI there would be much more possible then querying the deployment info.
Does anybody know if it is possible to have an user which has restricted or limited rights for the JBoss CLI?
So that this user has only rights to query the deployment information but nothing else, for instance.
You can RBAC for JBoss instance and configure user with 'monitor' role. User with this role can only perform Read-only operation. Go through documentation for more details on RBAC
I'm deploying Azure app services with Git continuous deployment and using post deployment action hooks to log the deployment to a Slack channel. My action hooks are written as PowerShell scripts.
From within my PowerShell scripts how do I access Azure or Kudu environmental variables or app settings? It's clear how to do this via deploy.cmd but I'm having no luck from PowerShell.
Ideally I'd like to be able to access things like:
Azure app service name
Deployment slot name
Deployment source/target paths
App settings and/or connection strings
Ok figured this out, apparently all of the Azure environment variables available within your website app service are available to PowerShell scripts running as post deployment actions.
To get the site name within PowerShell:
$siteName = [environment]::GetEnvironmentVariable("WEBSITE_SITE_NAME");
In addition to site name there are dozens of other Azure environment variables plus your app settings and connection strings.