Configure Windows Container as NAT Router [duplicate] - nat

This question already exists:
Windows Container Outbound NAT Options [closed]
Closed 5 months ago.
Preface: Similar to this post, but need a windows specific solution.
I need to route traffic from a cluster of windows containers through another windows container within that same cluster. The goal is for the outbound traffic for those containers to route to the edge router under the same source IP which will allow existing routing policies to be applied which might differ from the host's IP routing policies. The container I want to route through will have its own static IP on the host's external network (via docker network create -d l2bridge ...).
One thing that will work is using network_mode: "service:router-container", however since the majority of my services expose the same port there will be port collisions and other unknown issues. For this reason (and others), I cannot specify different ports for these containers, w/o breaking existing infrastructure, therefore joining these containers to the same network (via network_mode) is not a workable solution for my situation.
I tried configuring RRAS on a server core container, however, I kept getting an error about source files which lead me down an unproductive rabbit hole (pointing Source to install.wim, etc).
PS C:\> Install-WindowsFeature RemoteAccess
Install-WindowsFeature : The request to add or remove features on the specified server failed.
Installation of one or more roles, role services, or features failed.
The source files could not be found.
Use the "Source" option to specify the location of the files that are required to restore the feature. For more
information on specifying a source location, see http://go.microsoft.com/fwlink/?LinkId=243077. Error: 0x800f081f
At line:1 char:1
+ Install-WindowsFeature RemoteAccess
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (#{Vhd=; Credent...Name=localhost}:PSObject) [Install-WindowsFeature],
Exception
+ FullyQualifiedErrorId : DISMAPI_Error__Failed_To_Enable_Updates,Microsoft.Windows.ServerManager.Commands.AddWind
owsFeatureCommand
I also stooped down to trying to set up ICS but also ran into errors creating the com object. Tried copying over the relevant DLLs (C:\Windows\System32\hnet*.dll) but still couldn't get it to work.
PS C:\> regsvr32 hnetcfg.dll /s
PS C:\> $m = New-Object -ComObject HNetCfg.HNetShare
New-Object : Retrieving the COM class factory for component with CLSID {00000000-0000-0000-0000-000000000000} failed
due to the following error: 80040154 Class not registered (Exception from HRESULT: 0x80040154 (REGDB_E_CLASSNOTREG)).
At line:1 char:6
+ $m = New-Object -ComObject HNetCfg.HNetShare
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (:) [New-Object], COMException
+ FullyQualifiedErrorId : NoCOMClassIdentified,Microsoft.PowerShell.Commands.NewObjectCommand
Since I am using windows containers, I think I have a little bit less flexibility compared to using a linux container, so looking for a solution that will work within a windows container if possible.
Refer to my existing post (which was closed w/o explanation) for WHY I am needing to do this along with more details on my infrastructure.

Related

Grakn Error; trying to load schema for "phone calls" example

I am trying to run the example grakn migration "phone_calls" (using python and JSON files).
Before reaching there, I need to load the schema, but I am having trouble with getting the schema loaded, as shown here: https://dev.grakn.ai/docs/examples/phone-calls-schema
System:
-Mac OS 10.15
-grakn-core 1.8.3
-python 3.7.3
The grakn server is started. I checked and the 48555 TCP port is open, so I don't think there is any firewall issue. The schema file is in the same folder (phone_calls) as where the json data files is, for the next step. I am using a virtual environment. The error is below:
(project1_env) (base) tiffanytoor1#MacBook-Pro-2 onco % grakn server start
Storage is already running
Grakn Core Server is already running
(project1_env) (base) tiffanytoor1#MacBook-Pro-2 onco % grakn console --keyspace phone_calls --file phone_calls/schema.gql
Unable to create connection to Grakn instance at localhost:48555
Cause: io.grpc.StatusRuntimeException
UNKNOWN: Could not reach any contact point, make sure you've provided valid addresses (showing first 1, use getErrors() for more: Node(endPoint=/127.0.0.1:9042, hostId=null, hashCode=5f59fd46): com.datastax.oss.driver.api.core.connection.ConnectionInitException: [JanusGraph Session|control|connecting...] init query OPTIONS: error writing ). Please check server logs for the stack trace.
I would appreciate any help! Thanks!
Nevermind -- I found the solution, in case any one else runs into a similar problem. The server configuration file needs to be edited: point the data directory to your project data files (here: the phone_calls data files) & change the server IP address to your own.

NoSuchAlgorithmException when using migration tool

I am trying to use the migration tool utility from within PingFederate but I keep getting the following error:
List adapters... Downloading adapter index from source... ERROR:
Unable to download from source.
java.security.NoSuchAlgorithmException: E rror constructing
implementation (algorithm: Default, provider: SunJSSE, class:
sun.security.ssl.SSLContextImpl$DefaultSSLContext) Done.
From the configcopy.log:
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation
Caused by: java.io.IOException: Invalid keystore format
Windows 7 Professional SP1
java version "1.8.0_144" Java(TM) SE Runtime Environment (build
1.8.0_144-b01) Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode)
PingFederate: 8.4.2
I am attempting this because we want to automate a deployment process which has currently been manual. I am only trying to use the listadapters.conf template and have set the source.conf to output to a file. The command I am entering is:
configcopy.bat -Dconfigcopy.conf.file=configcopy_templates\\source.conf;configcopy_templates\
\listadapters.conf
and I am running this from the <PF_HOME>/bin directory. The contents of the two files I mentioned are:
source.conf
source.connection.management.service.url =
<my local install url on port 9999>/pf-mgmt-ws/ws/ConnectionMigrationMgr
source.connection.management.service.user = Administrator
source.connection.management.service.password =
OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoibGJhaGtDZlNiSiIsInZlcnNpb24iOiI4LjQuMi4wIn0..ryNLCcpzwEx6KGzXi1FboA.34NbypXUud45R77TLwMvjg.dQFNb9NpbDY_EWIePb9hMA
configcopy.connection.trust.keystore = C:\Program Files\Ping
Identity\pingfederate-8.4.2\pingfederate\server\default\data\pf.jwk
output.file = c:\temp\pf-config.txt
The Administrator is the default one from install with all three roles added to it and the password was obfuscated using obfuscate.bat in the bin directory.
listadapters.conf
cmd=listadapters
debug=true
select.adapter.role = idp
Even though it doesn't look like it above all backslashes are escaped that just hasn't come through here.
I have tried:
removing the path to the keystore altogether
ERROR: Unable to download from source.
sun.security.validator.ValidatorException : PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target Done.
Setting the path to cacerts in jre/lib (same error as above)
I have installed the data.zip from the DotNet-Integration-Kit-2-5-2.zip and that is the only set up on this PC. (my dev box)
The integration kit puts two certificates (maybe the same one twice, not sure) that can be viewed through
Server Configuration > Trusted CAs
Server Configuration > SSL Server Certificates
And I have also added one into
Server Configuration > SSL Client Keys & Certificates
The kits certs show as RSA1024 and the one I created shows as RSA2048.
Questions:
Why does the error state algorithm:default (key store format?)
Is there a setting I am missing that would change it from default
Does anyone know of any docs other than the admin manual (almost know
it by heart now)
Why is pf.jwk the wrong format
Any other ideas at all please.
[update] Dam, I have been trying to use the migration utility but as I am on a version over 7.2 I should be using the administrative API. Back to the drawing board. Still looking for advice though!
The pf.jwk file is an encrypted Java web key. The truststore is a standard jks file that you add PingFed's SSL key to, or its signing CA's public key.
However, as you have found, you should use the admin API. Configcopy is no longer being developed.

Publishing ASP.Net Core app to Azure silently fails in command line

I'm trying to publish a dotnet core app to Azure. I've created a publish profile and using visual studio it all works fine. But since I'd like to setup continuous deployment I need to run the deployment using command line.
The official documentation was pretty helpful in identifying that the [ProfileName].ps1 is the best plan of attack.
However it gives no clues on how to use it.
First I ran it without parameters and got this error:
Production-publish.ps1 : The term 'Production-publish.ps1' is not recognized as the name of a cmdlet, function, script
file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct
and try again.
At line:1 char:1
+ Production-publish.ps1
+ ~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Production-publish.ps1:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Next I added the needed parameters:
.\Production-publish -packOutput 'C:\code\my-dotnetcore-proj\publish' -pubProfilePath 'Production.pubxml'
Which ran without error but didn't do ANYTHING!
How can I make the Azure depoyment via Powershell work?
After debugging through the publish-module.psm1 to figure out why nothing was getting deployed I noticed that the command is required to supply more parameters. This is how:
.\Production-publish -packOutput 'C:\code\my-dotnetcore-proj\publish' -pubProfilePath 'Production.pubxml' -publishProperties #{
'username' = '%PublishProfile.Username%'
'Password' = '%PublishProfile.Password%'
'AllowUntrustedCertificate' = false
'AuthType' = 'Basic'}
You obviously have to replace %PublishProfile.Username% and %PublishProfile.Password% and possibly modify Production-publish and Production.pubxml
Note that only the Password parameter is required (considering that the UserName is provided in your .pubxml file)
I actually ended up writing blog article on how to compile and deploy asp.net core sites with TeamCity:
How to deploy ASP.NET Core sites using Teamcity to Azure/IIS … or just command line

Ethereum: could not open database: resource temporarily unavailable

I am getting started with Ethereum and building a Dapp (what the hell does this mean by the way?). On the basic installation of the application (https://github.com/ethereum/wiki/wiki/Dapp-using-Meteor#connect-your-%C3%90app), I get this error upon attempting to connect.
geth --rpc --rpccorsdomain "http://localhost:3000"
I0804 23:48:24.987448 ethdb/database.go:82] Alloted 128MB cache and 1024 file handles to /Users/( . )Y( . )/Library/Ethereum/chaindata
Fatal: Could not open database: resource temporarily unavailable
I literally just got started, I set up ethereum through homebrew and made an account with geth. Can't get past right here.
Thank you!
Your geth client is already running in the background. You can attach to it by typing:
$ geth attach
in your command line. This will allow you to run commands on the geth client console.

Spring Integration Sftp Outbound Gateway to IBM mainframe

I have reviewed spring integration sftp mainframe :failed to write file; nested exception is 3: Permission denied, but still cannot sftp a file to a remote mainframe.
If I use a command line to sftp to my account, my login directory is:
/home/users/snoopy
From here, I can issue the command "put filename //#12345" and the file is transferred. I cannot figure out how to specify "//#12345" in my outbound-gateway. Are there some sftp-options you can add to specify this same command? Does it get added to the expression?, ie expression="payload.filename + ???"
The current remote-directory is /home/users/snoopy, so I can put to that directory without any issues, I just can't get it to //#12345
If I try remote-directory set to /home/users/snoopy//#12345, or /home/users/snoopy/#12345, those paths do not exist
Here is my gateway configuration:
<sftp outbound-gateway id="sftpOutbound"
session-factory="sftpSessionFactory"
request-channel="sftpOut"
command="put"
expression="payload.filename"
remote-directory="/home/users/snoopy"
remote-filename-generator="fileNameGenerator"
use-temporary-file-name="false"
reply-channel="successChannel"/>
With this configuration, I can send the file to /home/users/snoopy, I just haven't figured out how to get it to //#12345

Resources