I am quite new to puppet and I want to execute a command (let's call it command1) only when a HTTP server is up and running in another host. I am 100% sure that the server will get ready, so I want to create a loop which checks for port 80 in the remote ip (for example using netcat: nc -zv remote_ip 80) and it just iterates until it succeeds checking and then it executes command1. Is this possible?
Related
I use autossh to create a remote tunnel with the following command (IPs and Port Changed):
autossh -M 0 -o "ServerAliveInterval 5" -o "ServerAliveCountMax 3" -f -T -N -i /root/.ssh/id_rsa -R 1602:localhost:443 root#123.123.123.123
And the server has this config in sshd:
GatewayPort yes
ClientAliveInterval 10
ClientAliveCountMax 6
This works most of the time like a charm. Also timeouts and disconnects get handled very well.
But there is one exception:
If there is only a very short interruption of the network connection – the client notice this and start a reconnect. But the server hasn’t noticed this yet and still uses this port 1602. I can then see in server log the message: sshd[431646]: error: bind [::]:1602: Address already in use.
But autossh does not hang up and try again, it keeps the not working tunnel open. A few seconds later, the server recognise the disconnect of the old tunnel and frees the port 1602.
Now I have a autossh/ssh tunnel – doing all the watchdog stuff (I can see in log this keep alive message all 5 seconds) and staying alive. The port on the server is now unused. And the tunnel is not working, because the port is not allocated at all now.
Autossh does not recover from this state without manual interaction. There are multiple ways to recover manually, but this is not the question.
My questions are:
Why autossh does not hang up and retry if the port is in use (would solve the issue)
Or
How to force free the port and rebind to the new tunnel on reconnect?
Or
How to detect tunnels without actual ports bound to it in order to kill them (for example each minute in a cronjob)
Im searching for a way to automatically recover from this state. And I wonder why this race condition is not mentioned in any place of the internet, even if it can be reproduced easily.
You need to add -o "ExitOnForwardFailure yes" as an autossh option.
I have a Linux Server running Redhat Rhel 7 and a Device called "Compoint Lan System (Colas)" (german manufacturer). The Colas has its own firmware so I don't know if it's based on linux. The Colas is set as a TCP-Client. It receives messages from its serial 1 port. I get the messages coming from the serial port 1 of the colas on my server with rsyslog.
Now what I want is to send a string (2 letters) from my server (tcp-server) to my colas's serial port 1 (tcp-client) to get information of the device attached to serial port 1.
Is there a command in linux to accomplish that? Something like "command 'string message' destination port"? I am sorry if it isn't written well.
Install netcat
yum install nc
Make it to listen to a particular port number
nc –l portnumber &
Lets validate it using netstat from a different console:
netstat -anlp |grep yourportnumber
PS: Change the installation command based on your linux flavor.
Ranadip Dutta's answer meets your requirement. The listen there doesn't mean listen for incoming data, it rather means listen for connection request from client. Of course you can't use rsyslog and nc as the server at the same time, but with nc you get the messages coming from the Colas displayed as well as the characters you enter sent.
I have a host that starts a reverse ssh tunnel upon bootup like this:
ssh -N -R 2222:localhost:22 root#10.1.2.6
It works great and the reverse tunnel is formed. But whenever I reboot the host, the remote server that the tunnel is built to says this:
Sep 28 13:13:59 kali sshd[4547]: error: bind: Address already in use
Sep 28 13:13:59 kali sshd[4547]: error: channel_setup_fwd_listener_tcpip: cannot listen to port: 2222
In order for me to resolve this I have to wait a few minutes for the old ssh tunnel to timeout, then find the new ssh connection and kill it, then when I rebuild the ssh tunnel it works fine.
Is there an ssh command or autossh command that does something like checks if the remote host can bind that port, if not, try again in a few seconds?
I believe I have run into the same issue as the original poster. I seem to have found the solution at the end of the accepted answer of this question:
If the client reconnect before the connection has terminated on the server, you can end up in a situation where the new ssh connection is live, but has no port forwardings. In order to avoid that, you need to use the ExitOnForwardFailure keyword on the client side.
I have thus added the following line to my /etc/ssh/ssh_config file at the client side:
ExitOnForwardFailure yes
According to the ssh man page, this option will cause "a client started with -f [to] wait for all remote port forwards to be successfully established before placing itself in the background".
This seems to cause ssh to fail when attempting to start an ssh tunnel immediately after killing one. The option thus enables repeating the attempt until the tunnel is correctly re-established.
I am installing chef-server on this VPS that my friend let me borrow.
I was able to install chef and run chef-server-ctl reconfigure successfully.
I ran into problems because I need to change the iptable rules and I discovered that I cannot find chef-server running on any port or as a service.
When I run chef-server-ctl it seems to pass all the tests, so I know its API is working.
Where can I find that chef is running?
I need to change my iptables so that I can use knife to communicate with chef-server.
First off it sounds like you installed Chef Server, not Chef, important distinction :) Second, there is no specific process called chef-server. The frontend routing is handled by nginx which binds on port 443 and 80 (80 is just a redirector to 443 and can be blocked or disabled if desired). Internally we have a bunch of different smaller services like oc_erchef, bifrost, oc_id, etc. These all listen on localhost and are reached via Nginx.
You have installed Chef server and have reconfigured the server, you can't find a chef-server.
you can run below commands to check all the services that are running chef server
$ chef-server-ctl service-list
bookshelf*
nginx*
oc_bifrost*
oc_id*
opscode-chef-mover*
opscode-erchef*
opscode-expander*
opscode-solr4*
rabbitmq*
redis_lb*
postgresql*
To update the port number you need to update
/etc/chef-server/chef-server.rb - in Chef 11
/etcopscode/chef-server.rb - in Chef 12
nginx['non_ssl_port'] = portnumber
And also how are using knife command? Do you want ssl check to be passed then you need to add a line in knife.rb file
ssl_verify_mode: verify_none
'
In a linux-based system¹, I would like to be able to log on using ssh. I need to launch two (or possibly three) different executables, ideally by connecting to different ports.
Ideally I would like to open a couple of different ports, and have sshd launch different executables² depending on which port. How do I set this up? I have looked through the sshd_config, but without finding anything that looks applicable.
Another alternative that came up was to set up different users, and set up the different applications I want to launch as their respective shells.
(What I do not want to do is to have the remote user specify the executable, as in ssh user#host executable.)
Or have I missed any obvious solution?
¹It's a BuildRoot-based embedded system, running on fairly meager resources, but it's a fully-fledged recent Linux kernel and I have a working ssh connection.
²They are interactive CLI-based programs.
Most linux systems use the OpenSSH server. It looks like you can get this behavior using the Match directive. Documentation for the SSH server configuration file is here.
First, you have to make sshd listen for connections on the additional ports that you want to use. You can do this through either the Port or ListenAddress directives.
Port 22 -- Listen on the normal port 22
Port 42 -- Also listen on port 42
ListenAddress 1.2.3.4:62 -- Also listen on address 1.2.3.4, port 62
Then, you can use the Match and ForceCommand directives to take special actions for users connecting to a particular port:
Match LocalPort 42
ForceCommand /usr/local/bin/the-42-app
Match LocalPort 62
ForceCommand /usr/local/bin/the-62-app
For people who don't want to set the ssh server to listen on multiple ports, there are two other ways to make the server run "canned" apps depending on how the the user connects.
Subsystems
A subsystem is a command that's pre-configured into the server. Clients request to run the subsystem by name, and the server runs the command associated with the subsystem. This avoids the client having to know the exact command to run.
You configure subsystems in sshd by adding a line like this to sshd_config:
Subsystem someApp /usr/local/bin/someApp
Then the client calls it like this:
ssh user#host -s someApp -- "-s" means to request a subsystem
Forced Commands on Keys
For key-based authentication, sshd permits you to force a particular command to run when a particular key is used. This is done in the authorized_keys file which is documented here.
Each line of an authorized_keys file normally starts like this:
ssh-rsa AAAAB3N...
You can prepend an options field to the line. One of the options you can specify is a command to run when the key is used to authenticate:
command="/usr/local/bin/someApp" ssh-rsa AAAAB3N...
When that key is used to authenticate, the server will ignore whatever command the client requests to run, and run the specified command instead.
You can configure SSH server to listen on multiple ports. Just add additional ports in sshd_config like this:
Port 22
Port 1111
Port 2222