I'm trying to install and configure lexik/LexikJWTAuthenticationBundle in symfony 5.2 project.
When I applied the following documentation https://github.com/lexik/LexikJWTAuthenticationBundle/blob/master/Resources/doc/index.md#installation, it gave me this error:
You must either configure a "public_key" or a "secret_key".
So, I applied another configuration :
lexik_jwt_authentication:
secret_key: '%env(resolve:JWT_SECRET_KEY)%'
public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
pass_phrase: '%env(JWT_PASSPHRASE)%'
token_ttl: '%env(JWT_TTL)%'
and in my .env file I have this :
###> lexik/jwt-authentication-bundle ###
JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem
JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem
JWT_PASSPHRASE=mypassphrase
JWT_TTL=3600 # 1 hour expiration
###< lexik/jwt-authentication-bundle ###
Then I ran these commands to generate the keys (the keys are generated successfuly under my directory config/jwt):
- openssl genpkey -out config/jwt/private.pem -aes256 -algorithm rsa -pkeyopt rsa_keygen_bits:4096
- openssl pkey -in config/jwt/private.pem -out config/jwt/public.pem -pubout
But, when I run this command to check if it works, I have this error :
curl -X POST -H "Content-Type: application/json" http://localhost:8000/api -d '{"username":"johndoe","password":"test"}'
"An error occurred","status":400,"detail":"Invalid
JSON.","class":"Symfony\Component\HttpKernel\Exception\BadRequestHttpException
And I obtain this error when I test this method in my controller as explained here: https://github.com/lexik/LexikJWTAuthenticationBundle/blob/master/Resources/doc/7-manual-token-creation.md :
"Cannot autowire argument $user of
"App\Controller\DefaultController::getTokenUser()": it references
interface "Symfony\Component\Security\Core\User\UserInterface"
but no such service exists. Did you create a class that implements
this interface?"
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\Security\Core\User\UserInterface;
use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface;
class ApiController extends Controller
{
public function getTokenUser(UserInterface $user, JWTTokenManagerInterface $JWTManager)
{
// ...
return new JsonResponse(['token' => $JWTManager->create($user)]);
}
}
Is this bundle compatible with Symfony 5.2 and how can I resolve this problem ?
I would like to know how to update the connection chain from a docker command.
Example for Wordpress:
docker run --name myWordpress -d -p 8080:80 -e WORDPRESS_DB_HOST=123.123.123.123:3306 -e WORDPRESS_DB_USER=rootUser -e WORDPRESS_DB_PASSWORD=password ....
I have a blazor server application that needs to connect to a MySQL database, here's the connection chain (appsetting.json)
"ConnectionStrings": {
"MySqlConnection": "server=YourDatabase;user id=username;password=YourPassword;database=yourDb"
},
I'd like to be able to do a docker command:
docker run -d -e server=123.123.123.123 -e uid=UserName -e password=MyPass ...
and update the file appsetting.json, but How ?
Thanks for help.
I found a solution.
My appsetting.json
"ConnectionStrings": {
"MySqlConnection": "server=YOURDATABASE;user id=USERNAME;password=YOURPASSWORD;database=YOURDB"
}
In my Startup.cs
public void ConfigureServices(IServiceCollection services)
{
string connectionDb = Configuration.GetConnectionString("MySqlConnection");
string databaseAddress = Environment.GetEnvironmentVariable("DB_HOST");
string login = Environment.GetEnvironmentVariable("LOGIN_DB");
string mdp = Environment.GetEnvironmentVariable("PASSWORD_DB");
string dbName = Environment.GetEnvironmentVariable("DB_NAME");
connectionDb = connectionDb.Replace("USERNAME", login)
.Replace("YOURPASSWORD", mdp)
.Replace("YOURDB", dbName)
.Replace("YOURDATABASE", databaseAddress);
services.AddDbContext<ApplicationDbContext>(options => options.UseMySql(connectionDb, ServerVersion.AutoDetect(connectionDb)));
// Service SQL de AccessData.
services.AddSingleton(new SqlContextAccess(connectionDb));
...
My Dockerfile
FROM mcr.microsoft.com/dotnet/aspnet:5.0-buster-slim AS base
WORKDIR /app
EXPOSE 80
EXPOSE 443
ENV DB_HOST="YourAddressdatabase"
ENV LOGIN_DB="YourLogin"
ENV PASSWORD_DB="YourPassword"
ENV DB_NAME="YourDbName"
...
and my docker command :
docker run -d -p 3030:80 \
-e LOGIN_DB=myLogin \
-e PASSWORD_DB=SuperPassword \
-e DB_NAME=nameOfMydb \
-e DB_HOST=123.123.123.123 \
--name test myImage:latest
i'm working with apache camel and i want to add one user in two differents servers.And i want to test if ssh.redundancy=true.This is my code :
<simple ${headers.op} == 1</simple>
<doTry id="try-cmd-httpd">
<setBody id="httpd.cmd.htpasswd">
<simple>htpasswd -b /etc/httpd/passwords ${header.login} ${header.passwd} {{httpd.io_redir}}</simple>
</setBody>
**<to id="to_exec_htpaswd" uri="ssh://{{ssh.user}}:{{ssh.passwd}}#{{ssh.host}}:{{ssh.port}}"/>**
<log id="htpasswdResp_log" message="response: ${body}"/>
**<to id="to_exec_htpaswd2" uri="ssh://{{ssh.user}}:{{ssh.passwd}}#{{ssh.host2}}:{{ssh.port}}"/>**
<log id="htpasswdResp_log2" message="response: ${body}"/> ```
I found the solution.Just add a choice for the parametre ssh.redundancy and invoque for the second time.
<when id="redundancytrue">
<simple>{{ssh.redundancy}} == "true"</simple>
<setBody id="httpd.cmd.htpasswd">
<simple>htpasswd -b /etc/httpd/passwords ${header.login} ${header.passwd} {{httpd.io_redir}}</simple>
</setBody>
<to id="to_exec_htpaswd2" uri="ssh://{{ssh.user}}:{{ssh.passwd}}#{{ssh.host2}}:{{ssh.port}}"/>
</when>
</choice>```
I want to create a customized openstack OpenSUSE15-image that contains some custom software and a graphical interface. I have used an existing OpenSUSE15.0 image and packer to build that image. It works fine. The packer json file is as follows:
"builders": [
{
"type" : "openstack",
"ssh_username" : "root",
"image_name": "OpenSUSE_15_custom_kde",
"source_image": "OpenSUSE 15",
"flavor": "m1.medium",
"networks": "public-network"
}
],
"provisioners":[
{
"type": "shell",
"inline": [
"sleep 10",
"sudo -s",
"zypper --gpg-auto-import-keys refresh",
"zypper -n up -y",
"zypper -n clean -a",
"zypper -n addrepo -f http://download.opensuse.org/repositories/devel\\:/languages\\:/R\\:/patched/openSUSE_Leap_15.0/ R-patched",
"zypper -n addrepo -f http://download.opensuse.org/repositories/devel\\:/languages\\:/R\\:/released/openSUSE_Leap_15.0/ R-released",
"zypper --gpg-auto-import-keys refresh",
"zypper -n install -y R-base R-base-devel R-recommended-packages rstudio",
"zypper -n clean -a",
"zypper --non-interactive install -y -t pattern kde kde_plasma devel_kernel devel_python3 devel_C_C++ office x11",
"zypper -n install xrdp",
"zypper -n clean -a",
"zypper -n dup -y",
"systemctl enable xrdp",
"systemctl start xrdp",
"cloud-init clean --logs",
"zypper -n install -y cloud-init growpart yast2-network yast2-services-manager acpid",
"cat /dev/null > /etc/udev/rules.d/70-persistent-net.rules",
"systemctl disable cloud-init.service cloud-final.service cloud-init-local.service cloud-config.service",
"systemctl enable cloud-init.service cloud-final.service cloud-init-local.service cloud-config.service sshd",
"sudo systemctl stop firewalld",
"sudo systemctl disable firewalld",
"sed -i 's/GRUB_TIMEOUT=.*$/GRUB_TIMEOUT=0/g' /etc/default/grub",
"exec grub2-mkconfig -o /boot/grub2/grub.cfg '$#'",
"systemctl restart cloud-init",
"systemctl daemon-reload",
"cat /dev/null > ~/.bash_history && history -c && sudo su",
"cat /dev/null > /var/log/wtmp",
"cat /dev/null > /var/log/btmp",
"cat /dev/null > /var/log/lastlog",
"cat /dev/null > /var/run/utmp",
"cat /dev/null > /var/log/auth.log",
"cat /dev/null > /var/log/kern.log",
"cat /dev/null > ~/.bash_history && history -c",
"rm ~/.ssh/authorized_keys"
]
},
{
"type": "file",
"source": "./cloud_init/cloud.cfg",
"destination": "/etc/cloud/cloud.cfg"
}
]
}
There are no errors in the building and provisioning phases with packer.
In a second stage, when this base image is spawned through a heat template via the openstack client, I want some personalized tasks to be completed. User creation, granting ssh-access (including adjusting the sshd_config file...). This is done through the init_image.sh file.
#!/bin/bash
useradd -m $USERNAME -p $PASSWD -s /bin/bash
usermod -a -G sudo $USERNAME
tee /etc/ssh/banner <<EOF
You are one lucky user, if you bear the key...
EOF
tee /etc/ssh/sshd_config <<EOF
## SOME IMPORTANT SSHD CONFIGURATIONS
EOF
sudo -u $USERNAME -H sh -c 'cd ~;mkdir ~/.ssh/;echo "$SSHPUBKEY" > ~/.ssh/authorized_keys;chmod -R 700 ~/.ssh/;chmod 600 ~/.ssh/authorized_keys;'
systemctl restart sshd.service
voldata_dev="/dev/disk/by-id/virtio-$(echo $VOLDATA | cut -c -20)"
mkfs.ext4 $voldata_dev
mkdir -pv /home/$USERNAME/share
echo "$voldata_dev /home/$USERNAME/share ext4 defaults 1 2" >> /etc/fstab
mount /home/$USERNAME/share
chown -R $USERNAME:users /home/$USERNAME/share/
systemctl enable xrdp
systemctl start xrdp
For this purpose, I have created the following heat template.
heat_template_version: "2018-08-31"
description: "version 2017-09-01 created by HOT Generator at Fri, 05 Jul 2019 12:56:22 GMT."
parameters:
username:
type: string
label: User Name
description: This is the user name, and will be also the name of the key and the server
default: test
imagename:
type: string
label: Image Name
description: This is the Name of the Image e.g. Ubuntu 18.04
default: "OpenSUSE Leap 15"
ssh_pub_key:
type: string
label: ssh public key
flavorname:
type: string
label: Flavor Name
description: This is the Name of the Flavor e.g. m1.small
default: "m1.small"
vol_size:
type: number
label: Volume Size
description: This is the size of the volume that should be attached in GB
default: 10
password:
type: string
label: password
description: This is the su password and user password
resources:
init:
type: OS::Heat::SoftwareConfig
properties:
group: ungrouped
config:
str_replace:
template:
{get_file: init_image.sh}
params:
$USERNAME: {get_param: username}
$SSHPUBKEY: {get_param: ssh_pub_key}
$PASSWD: {get_param: password}
$VOLDATA: {get_resource: volume}
my_key:
type: "OS::Nova::KeyPair"
properties:
name:
list_join:
["_", [ {get_param: username}, 'key']]
public_key: {get_param: ssh_pub_key}
my_server:
type: "OS::Nova::Server"
properties:
block_device_mapping_v2: [{ device_name: "vda", image : { get_param : imagename }, delete_on_termination : "false", volume_size: 20 }]
name: {get_param: username}
flavor: {get_param: flavorname}
key_name: {get_resource: my_key}
admin_pass: {get_param: password}
user_data_format: RAW
user_data: {get_resource: init}
networks:
- network: "public-network"
depends_on:
- my_key
- init
- volume
volume:
type: "OS::Cinder::Volume"
properties:
# Size is given in GB
size: {get_param: vol_size}
name:
list_join: ["-", ["vol_",{get_param: username }]]
volume_attachment:
type: "OS::Cinder::VolumeAttachment"
properties:
volume_id: { get_resource: volume }
instance_uuid: { get_resource: my_server }
depends_on:
- volume
outputs:
instance_ip:
description: The IP address of the deployed instances
value: { get_attr: [my_server, first_address] }
If I use the original image in the template I have no problems (however, the building process takes very very long) and I need to restart to have the graphical KDE interface.
However, if I use the image build with packer, my user_data are ignored? I cannot log in, the user personalized user is not created... What have I missed? Why does it not work? As you see, I clean cloud-init, restart the services... I am stuck big time...
UPDATE
Here is the accesible boot-log from the machine.
UPDATE 2
This is the output of cloud-init analyze show:
-- Boot Record 01 --
The total time elapsed since completing an event is printed after the "#" character.
The time the event takes is printed after the "+" character.
Starting stage: init-local
|`->no cache found #00.01000s +00.00000s
|`->no local data found from DataSourceOpenStackLocal #00.04700s +15.23000s
Finished stage: (init-local) 15.31200 seconds
Starting stage: init-network
|`->no cache found #16.01000s +00.00100s
|`->no network data found from DataSourceOpenStack #16.01700s +00.02600s
|`->found network data from DataSourceNone #16.04300s +00.00100s
|`->setting up datasource #16.09000s +00.00000s
|`->reading and applying user-data #16.10000s +00.00200s
|`->reading and applying vendor-data #16.10200s +00.00000s
|`->activating datasource #16.12100s +00.00100s
|`->config-migrator ran successfully #16.17900s +00.00100s
|`->config-seed_random ran successfully #16.18000s +00.00100s
|`->config-bootcmd ran successfully #16.18200s +00.00000s
|`->config-write-files ran successfully #16.18200s +00.00100s
|`->config-growpart ran successfully #16.18300s +00.46100s
|`->config-resizefs ran successfully #16.64500s +01.33400s
|`->config-disk_setup ran successfully #17.98100s +00.00300s
|`->config-mounts ran successfully #17.98500s +00.00400s
|`->config-set_hostname ran successfully #17.99000s +00.09800s
|`->config-update_hostname ran successfully #18.08900s +00.01000s
|`->config-update_etc_hosts ran successfully #18.10000s +00.00100s
|`->config-rsyslog ran successfully #18.10100s +00.00200s
|`->config-users-groups ran successfully #18.10400s +00.00200s
|`->config-ssh ran successfully #18.10700s +00.61400s
Finished stage: (init-network) 02.73600 seconds
Starting stage: modules-config
|`->config-locale ran successfully #35.00200s +00.00400s
|`->config-set-passwords ran successfully #35.00600s +00.00100s
|`->config-zypper-add-repo ran successfully #35.00700s +00.00200s
|`->config-ntp ran successfully #35.01000s +00.00100s
|`->config-timezone ran successfully #35.01100s +00.00200s
|`->config-disable-ec2-metadata ran successfully #35.01300s +00.00100s
|`->config-runcmd ran successfully #35.01800s +00.00200s
Finished stage: (modules-config) 00.05100 seconds
Starting stage: modules-final
|`->config-package-update-upgrade-install ran successfully #35.87400s +00.00000s
|`->config-puppet ran successfully #35.87500s +00.00000s
|`->config-chef ran successfully #35.87600s +00.00000s
|`->config-mcollective ran successfully #35.87600s +00.00100s
|`->config-salt-minion ran successfully #35.87700s +00.00100s
|`->config-rightscale_userdata ran successfully #35.87800s +00.00100s
|`->config-scripts-vendor ran successfully #35.87900s +00.00500s
|`->config-scripts-per-once ran successfully #35.88400s +00.00100s
|`->config-scripts-per-boot ran successfully #35.88500s +00.00000s
|`->config-scripts-per-instance ran successfully #35.88500s +00.00100s
|`->config-scripts-user ran successfully #35.88600s +00.00100s
|`->config-ssh-authkey-fingerprints ran successfully #35.88700s +00.00100s
|`->config-keys-to-console ran successfully #35.88800s +00.09000s
|`->config-phone-home ran successfully #35.97900s +00.00100s
|`->config-final-message ran successfully #35.98000s +00.00600s
|`->config-power-state-change ran successfully #35.98700s +00.00100s
Finished stage: (modules-final) 00.13600 seconds
Total Time: 18.23500 seconds
1 boot records analyzed
Update 3
Apparently, when one does not update with zypper up, cloud-init behaves well and finds the user data. Hence, I will not update the image in provisioning. However, once provisioned it makes sense to update.
In the end of your provisioning you should stop cloud-init and wipe the state. Otherwise when the image is launched cloud-init think it already executed the first launch.
systemctl stop cloud-init
rm -rf /var/lib/cloud/
I am trying to encrypt the web.config file after deploying automatically.
As per the Link :https://blogs.iis.net/msdeploy/archive/2013/07/09/webdeploy-3-5-rtw.aspx
I am using below command:
msdeploy.exe –verb:sync –source:iisapp=”sourceTestSite” –dest:iisapp=”destinationTestSite” –EnableRule:EncryptWebConfig
But then I am getting error:
Error Code: ERROR_FAILED_TO_ENCRYPT_WEB_CONFIG
I do not want to first encrypt and then deploy. I am thinking to run deployment script and after deployment it should encrypt automatically probably using MSDEploy command.
I tried below threads but did not get any help:
Failed to encrypt destination web.config when using MS build plugin in Jenkins
Also I wanted to keep my secret file in separate location but I found encryption process will not work for that
How to encrypt a file linked to a web.config
This time I am trying to run command on remote server to encrypt the web.config file by using below code. I am running below code in my machine and trying to encrypt the web.config file present on my myRemoteServer.
$currentDirectory = (Get-Location)
$user = "domain1\username1"
$section = "appSettings"
$app= "/MyWeb"
$version="v4.0.30319"
$computername ="myRemoteServer"
$pwd = ConvertTo-SecureString -String "mysecret#11" -AsPlainText -Force
$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $user,$pwd
$encryptcmd1= Set-Location "C:\windows\Microsoft.Net\Framework\$version"
$encryptCmd2 = ".\aspnet_regiis.exe -pe ""appSettings"" -app ""/MyWeb"""
$encryptCmd = "$encryptcmd1 $encryptcmd2"
try
{
invoke-command -ComputerName $computername -Credential $credential -ScriptBlock {$encryptCmd}
}
catch
{
Log-Message $_
}
Set-Location $currentDirectory
It doesn't throw any exception. However it is not working and not encrypting web.config file on that server.
I want to know where / what is wrong here.
his function will encrypt a sections of a web.config file.
function Encrypt-ConfigurationSection([int] $id, [string] $app, [string] $section, [string] $version){
$currentDirectory = (Get-Location)
Set-Location "C:\windows\Microsoft.Net\Framework\$version\"
.\aspnet_regiis.exe -pe $section -app $app -site $id -prov "RsaProtectedConfigurationProvider"
Set-Location $currentDirectory
}
Example call
Encrypt-ConfigurationSection 1 ‘/WebApplication1’ ‘connectionStrings’ ‘v4.0.30319’
This function will decrypt a sections of a web.config file.
function Decrypt-ConfigurationSection([int] $id, [string] $app, [string] $section, [string] $version){
$currentDirectory = (Get-Location)
Set-Location "C:\windows\Microsoft.Net\Framework\$version\"
.\aspnet_regiis.exe -pd $section -app $app -site $id
Set-Location $currentDirectory
}
Example Call
Decrypt-ConfigurationSection 1 ‘/WebApplication1’ ‘connectionStrings’ ‘v4.0.30319’
I got help from this website:
https://joshjoubert.wordpress.com/2013/03/28/encrypting-and-decrypting-sections-of-a-web-config-with-powershell/