I am new to node applications deployment, I am using flightplan.js for automated deployments, however in most of the documents I have seen it is only about password less deployments where a user's key is added to server, I want to set up the target where I can specify the location of pem file in order to login to the server, is there a way to do that? right now the target looks like this
plan.target('staging', [
{
host: 'xxx.xxx.xxx',
username: username,
agent: process.env.SSH_AUTH_SOCK
}
]);
I would like to have something where I can pass the pem file path as well, something like this
plan.target('staging', [
{
host: 'xxx.xxx.xxx',
username: username,
key: PATH_TO_KEY
agent: process.env.SSH_AUTH_SOCK
}
]);
You can add your pem files like this,
plan.target('staging', [
{
host: 'xxx.xxx.xxx',
username: username,
privateKey: 'path/to/file/key.pem',
agent: process.env.SSH_AUTH_SOCK
}
]);
Related
"Failed to connect to all addresses" occurs while adding TLS certs to envoy.yaml, full error:
code: 14,
metadata: Metadata { _internal_repr: {}, flags: 0 },
details: 'failed to connect to all addresses'
Envoy config (Envoy is running on port 50000, and itemService on 50052):
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
"#type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
common_tls_context:
tls_certificates:
- certificate_chain:
filename: server.cert
private_key:
filename: server.key
Client code Nodejs - (NextJS on server side - getServerSideProps)
options = {
key: readFileSync("certs/client.key"),
cert: readFileSync("certs/ca.crt"),
csr: readFileSync("certs/client.crt"),
};
const creds = credentials.createSsl(
options.cert,
options.key,
options.csr
);
grpcServer.servicesList.itemsService = new ItemsServiceClient(
"localhost:50000",
creds,
{
"grpc.ssl_target_name_override": "localhost",
"grpc.default_authority": "localhost",
}
);
Request works normally when removing TLS certs from envoy.yaml.
Error I get from grpcurl tool: Failed to dial target host "localhost:50000" x509: certificate relies on legacy Common Name field, use SANs instead.
When I set GODEBUG=x509ignoreCN=0, seems like error stays same.
I encrypted password using hiera:
dsc_xADUser {'FirstUser':
dsc_ensure => 'present',
dsc_domainname => 'ad.contoso.com',
dsc_username => 'tfl',
dsc_userprincipalname => 'tfl#ad.contoso.com',
dsc_password => {
'user' => 'tfl#ad.contoso.com',
'password' => Sensitive(lookup('password'))
},
dsc_passwordneverexpires => true,
dsc_domainadministratorcredential => {
'user' => 'Administrator#ad.contoso.com',
'password' => Sensitive(lookup('password'))
},
}
but on node,when running agent -t -v password is shown as plain text in agent output and in catalog JSON file.
I also tried node_encrypt(lookup('password')) then getting content of my encrypted password (which is good) and windows complains that password doesn't meet password complexity (bad-because it's trying to set all below as password)
'password' = '-----BEGIN PKCS7-----
MIIMyQYJKoZIhvcNAQcDoIIMujCCDLYCAQAxggKdMIICmQIBADCBgjB9MXsweQYD
VQQDDHJQdXBwZXQgRW50ZXJwcmlzZSBDQSBnZW5lcmF0ZWQgb24gbXlwdXBwZXQt
eGwwZGJ5a212Z2xrYnl2eS5ldS13ZXN0LTEub3Bzd29ya3MtY20uaW8gYXQgKzIw
MTgtMTEtMDIgMTQ6MDQ6MDAgKzAwMDACAQUwCwYJKoZIhvcNAQEBBIICABkJDfGb
4CdHUntrVR1E......
hiera config:
---
version: 5
defaults:
datadir: data
data_hash: yaml_data
hierarchy:
- name: "Eyaml hierarchy"
lookup_key: eyaml_lookup_key # eyaml backend
paths:
- "nodes/%{trusted.certname}.yaml"
- "windowspass.eyaml"
options:
pkcs7_private_key: "/etc/puppetlabs/puppet/keys/private_key.pkcs7.pem"
pkcs7_public_key: "/etc/puppetlabs/puppet/keys/public_key.pkcs7.pem"
EDIT: just found this, it seems it's opened issue and related to Windows only
UPDATE: i managed to configure puppet not to cache catalog file on Windows client (adding catalog_cache_terminus="" to puppet config file on windows so i'll use this as "workaround", it seems no way to remove passwords from agent debug output
I'm using greenlock to generate certificates, I pass it three domains, and only get 2 in my altnames:
const greenlock = Greenlock.create({
agreeTos: true,
email: myemail,
communityMember: false,
version: 'draft-12',
server: 'https://acme-v02.api.letsencrypt.org/directory',
configDir: '/etc/letsencrypt',
debug: true,
log: (debug) => { console.log(debug) },
})
console.log({ domains })
return greenlock.register({
domains,
email: myemail,
challengeType: 'dns-01',
})
.then((result) => {
console.log(result)
})
here are my logs:
{ domains:
[ 'domain1',
'domain3',
'domain2' ] }
true
true
true
{ result:
{
privkey: '-----BEGIN PRIVATE KEY-----\n\n-----END CERTIFICATE-----\n',
chain: '-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----\n',
subject: 'domain2',
altnames: [ 'domain1', 'domain2' ],
_issuedAt: 2018-09-19T14:43:31.000Z,
_expiresAt: 2018-12-18T14:43:31.000Z,
issuedAt: 1537368211000,
expiresAt: 1545144211000 } }
As you can see it's not even my first two domains that end up in my altnames but rather those that where already in the old certificate (not sure this is why tho).
I'm not married to greenlock, if someone as a better alternative I'm listening as well.
I tried passing approveDomains to my greenlock constructor and it doesn't seem to change much.
I still don't have my new domain (domain2) listed in my certificate :
openssl x509 -text < /etc/letsencrypt/live/domain1/fullchain.pem | grep 'DNS:' | sed 's/\s*DNS:\([a-z0-9.\-]*\)[,\s]\?/\1 /g'
domain1 domain3
Use Greenlock v2.7+
All of the code related to certificate generation and domain name and altname association has been updated.
Now when you change the domains array to include more domains it handles them individually rather than as a group.
Also, the information about the certificate is read directly from the certificate, so there can't be a mismatch between the "cache" and "the truth".
If you encounter further issues, please let us know directly:
https://git.rootprojects.org/root/greenlock.js/issues
When I use this configuration for Nodemailer:
const transporter = nodemailer.createTransport({
service: process.env.EMAIL_SERVICE,
auth: {
user: process.env.EMAIL_USER,
pass: process.env.EMAIL_PASSWORD
}
});
Variables:
EMAIL_SERVICE: 'Hotmail',
EMAIL_USER: 'MyEmail#outlook.com',
EMAIL_PASSWORD: 'MyPassword'
And I send the email like this:
transporter.sendMail({
to: email,
subject: 'Confirmar cambio de contraseƱa',
html: `Para cambiar la contraseƱa entre a ${url} <br> Este token solo dura 24 horas.`
});
In development it works perfectly but when I deploy this in Now, It throws me this error:
How can I resolve it?
Here a little example about this:
https://github.com/MontoyaAndres/NowProblemNodemailer
And here in now:
https://nowemail-owcypiqzsr.now.sh
Thank you :)
You probably need to add a secret and then add the environment variables to your now.json.
Run these commands once to add secrets in your ZEIT Now account (use now switch if you have multiple accounts).
now secret add email-service 'Hotmail'
now secret add email-user 'MyEmail#outlook.com'
now secret add email-password 'MyPassword'
Then add the env key to your now.json file like so:
{
"version": 2,
"builds": [/* your builds go here */],
"env": {
"EMAIL_SERVICE": "#email-service",
"EMAIL_USER": "#email-user",
"EMAIL_PASSWORD": "#email-password"
}
}
Every time I try to use an adapter other than sails-disk I'll get a No find() method defined in adapter! Error.
My sails app will lift fine, but when ever I get to a point where the adapter is being called it fails. I've tried several different adapters and they all fail.
I'm using the boilerplate config files.
I had this problem too and only happened with custom adapters. So instead of using the path api/adapters, i moved the adapter to node_modules where others adapters such as sails-mongo are installed, and it did the trick.
usually, you just need to enable your new adapter in yourapp/config/adapters.js
For exemple, with mongo :
add sails-mongo dependence in your package.json file
"dependencies": {
...
"sails-mongo": "~0.9.6"
}
run $ npm install
change your config file (ie: yourapp/config/adapters.js) by editing :
module.exports.adapters = {
'default': 'mongo',
mongo: {
module: 'sails-mongo',
host: 'localhost',
user: '',
password: '',
database: 'your-prod-db'
}
};
Of course for local dev, edit yourapp/config/local.js like:
adapters : {
'default': 'mongo',
mongo: {
module: 'sails-mongo',
host: 'localhost',
user: '',
password: '',
database: 'your-local-db'
}
}