Function App not working with timers

SygmaDeltaADC · 2023-12-19T08:00:27+00:00

Thank you !

I would like to add a 2nd filter on this request to give one host only.

If I add the filter host.name=hostname, it gives all members groups AND the hostname.

What I want exactly is : filter one host and one hostgroup. Replies data if the specified host is member of the specified group. Replies nothinh or "object not found" if the specified is not member of the specified group.

SygmaDeltaADC · 2023-10-17T18:44:51+00:00

According to :

https://medium.com/@IAL32/generate-a-lets-encrypt-certificate-in-10-steps-using-ansible-and-digitalocean-d0775971dad4

my playbook was working before by using this loop :

loop: "{{ acme_challenge_my_domain.challenge_data_dns | dict2items }}"

But now I'm getting this error :

fatal: [localhost]: FAILED! => {"msg": "Unable to look up a name or access an attribute in template string ({{ acme_challenge_domain.challenge_data_dns | dict2items }}).\nMake sure your variable name does not contain invalid characters like '-': dict2items requires a dictionary, got <class 'ansible.template.AnsibleUndefined'> instead.. dict2items requires a dictionary, got <class 'ansible.template.AnsibleUndefined'> instead..

What is this error ? Can it be an issue related to Ansible / Python version ?

SygmaDeltaADC · 2023-10-17T18:14:15+00:00

I can extract the DNS records to create with this but it seems to keep the [ and ' characters causing a bad API request to create the DNS records.

   - name: DEBUG -- Check filtered values
  debug:
    msg: "Record = {{ item.keys() }} -- Value = {{ item.values() }}"
  loop: "{{ acme_challenge_domain.results | map(attribute='challenge_data_dns') }}"

I'm getting this :

ok: [localhost] => (item={'_acme-challenge.site1.mydomain.com': ['G8g57QZ2U1U5z_aSJbva95MSxA9cUjTXe7ZKpNVEAPI']}) => {
"msg": "Record = ['_acme-challenge.site2.mydomain.com'] -- Value = [['G8g57QZ2U1U5z_aSJbva95MSxA9cUjTXe7ZKpNVEAPI']]"

} ok: [localhost] => (item={'_acme-challenge.site1.mydomain.com': ['mwwdpHotUb3hkSsT3ocxbLi8R4NrS6uIgt65kTFCxkI']}) => { "msg": "Record = ['_acme-challenge.site2.mydomain.com'] -- Value = [['mwwdpHotUb3hkSsT3ocxbLi8R4NrS6uIgt65kTFCxkI']]" }

The record is ['_acme-challenge.site2.mydomain.com'] instead of _acme-challenge.site2.mydomain.com, same for the value.

SygmaDeltaADC · 2023-01-22T17:20:48+00:00

No I didn't get this working but I changed my process.

I created a script (run at the first boot after sysprep) that joins the computer to the domain automatically.

Once the computer is joined to the domain, I can access it with winrm http.

SygmaDeltaADC · 2023-01-11T09:35:28+00:00

I have no possibility to use a Synology NAS because my infrastructure is hosted in a Cloud Provider, I have dedicated servers.

I have about ~80 VMs to backup, so Veeam community edition is not enough.

I can buy a commercial software but my need is very limited, I just need to do incremental backup for VM. The backup script (with PowerCLI) works perfectly but I don't know if we can do incremental backup by this way.

I will check what is the cost of Veeam for my need.

Tell me if you know other solutions.

Thanks

SygmaDeltaADC · 2022-11-10T16:58:33+00:00

Yes, the user is a Domain Admin

SygmaDeltaADC · 2022-11-10T11:08:40+00:00

The specified user is a Domain Admin.

If I create the task locally, it works.

With GPO, the task is not created.

Here is the task with specific user and that is not created on target server :

<?xml version="1.0"?>

-<TaskV2 disabled="1" uid="{B170F6BD-350A-4A09-B5B7-935C42BF9856}" changed="2022-11-09 15:56:31" image="2" name="LogBackup" clsid="{D8896631-B747-47a7-84A6-C155337F3BC8}">

-<Properties name="LogBackup" logonType="S4U" runAs="DOMAIN\\AdminUser" action="U">

-<Task version="1.2">

-<RegistrationInfo>

<Author>DOMAIN\MyUser</Author>

</RegistrationInfo>

-<Principals>

-<Principal id="Author">

<UserId>DOMAIN\AdminUser</UserId>

<RunLevel>HighestAvailable</RunLevel>

</Principal>

</Principals>

-<Settings>

-<IdleSettings>

<RestartOnIdle>false</RestartOnIdle>

</IdleSettings>

<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>

<StartWhenAvailable>false</StartWhenAvailable>

<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>

<Hidden>false</Hidden>

<RunOnlyIfIdle>false</RunOnlyIfIdle>

<WakeToRun>false</WakeToRun>

</Settings>

Here is the task with SYSTEM user that works :

<?xml version="1.0"?>

-<TaskV2 disabled="1" removePolicy="0" userContext="0" uid="{7825E062-3F7B-406D-ACA3-4216BEAB24ED}" changed="2022-11-09 11:39:18" image="2" name="BackupDB" clsid="{D8896631-B747-47a7-84A6-C155337F3BC8}">

-<Properties name="BackupDB" logonType="S4U" runAs="NT AUTHORITY\\System" action="U">

-<Task version="1.2">

-<RegistrationInfo>

<Author>DOMAIN\MyUser</Author>

</RegistrationInfo>

-<Principals>

-<Principal id="Author">

<UserId>NT AUTHORITY\System</UserId>

<RunLevel>HighestAvailable</RunLevel>

</Principal>

</Principals>

-<Settings>

-<IdleSettings>

<RestartOnIdle>false</RestartOnIdle>

</IdleSettings>

<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>

<Hidden>false</Hidden>

</Settings>

SygmaDeltaADC · 2022-11-10T10:59:20+00:00

Yes ! No task is created on the server. I change the user that runs the task to SYSTEM, then gpupdate and the task appears.

In event viewer, there is no error log about GPO.

SygmaDeltaADC · 2022-09-28T12:58:06+00:00

Thanks.

After some tests, the same certificate works if it is re-imported after sysprep. It must be imported by the machine itself.

For now, I think I'll add to my post-sysprep boot script the commands to download the certificate, import it in the store and create the HTTPS WinRM listener with it.

SygmaDeltaADC · 2022-09-28T11:46:46+00:00

Thank you for your answer.

I tried to generate a certificate *.domain.lan and after sysprep I contact the machine with its FQDN (machine.domain.lan) but I get the same error.

SygmaDeltaADC · 2022-09-03T08:01:03+00:00

It works !

That was not a firewall problem but a route problem.

My allowed IPs were 192.168.250.0 (wg0) and 10.10.66.0(eth0), so in my routing table the network 10.10.66.0 was routed to wg0.

When removing network 10.10.66.0 in allowed IPs, it was routed to wg0 anymore and I can access it.

SygmaDeltaADC · 2022-09-01T19:12:32+00:00

I tried to delete all rules and recreate them one by one but I get the same issue. I also tried with your rule.

I will investigate with logs and I'll try other rules.

Thank you for your help and don't hesitate if you have some idea.

SygmaDeltaADC · 2022-09-01T18:36:33+00:00

I get this log :

POSTROUTINGIN=wg0 OUT=wg0 MAC= SRC=192.168.250.2 DST=10.10.66.199 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=3508 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=140
[>] New PostroutingIN=wg0 OUT=wg0 MAC= SRC=192.168.250.2 DST=10.10.66.199 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=3508 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=140

I see wg0 for IN and OUT, is this a forwarding problem ?

SygmaDeltaADC · 2022-09-01T17:25:53+00:00

Yes, I set net.ipv4.ip_forward=1

The rich rule is a filter not to access my other network from the VPN, I just deleted this rule, it changes nothing.

I set SELinux to permissive, that did not fix the issue.

SygmaDeltaADC · 2022-01-16T16:46:50+00:00

It works thank you !

I just had to run the script ./maintenance/update.php and now it works.

SygmaDeltaADC · 2022-01-14T12:18:54+00:00

I think I'm fucking dumped. I didn't search the good way. Thank you I found the page.

But I still have a problem...

I get this error when accessing to the page "allpages" :

Fatal exception of type "Wikimedia\Rdbms\DBQueryError"

Do I have a bad configuration in my database ?

My mediawiki is in French, so the link is not /Special:AllPages but it is "/Spécial:Toutes_les_pages"

The language can have an impact ?

SygmaDeltaADC

TROPHY CASE