Trouble connecting via paramiko + kerberos - python-2.7

Currently when I want to connect to a node I simply do: ssh username#node and everything works fine. (thanks Kerberos :-))
Now I'm trying to develop a simple python script that connect to a specified host but I cannot connect to it using that script.The following my script:
import paramiko
import gssapi
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(hostname = 'node_name', username = 'my_uname', gss_auth = True, gss_kex = True)
But I received this error:
paramiko.ssh_exception.AuthenticationException: Authentication failed.
I tried also
ssh.connect(hostname = 'node_name', username = 'my_uname', gss_auth = True, gss_kex = True, gss_deleg_creds=True)
and the error I received changed a bit:
gssapi.error.GSSException: (131072) An invalid name was supplied. Minor code: (100001) Success. Target: node_name
Any suggestions?
Thanks!

Related

Unable to query VMs on vcenter server appliance using pyvmomi

I am getting the following error when trying to use pyvmomi to get a list of VMs from the vcenter server appliance.
pyVmomi.VmomiSupport.vim.fault.NoPermission: (vim.fault.NoPermission) {
dynamicType = <unset>,
dynamicProperty = (vmodl.DynamicProperty) [],
msg = 'Permission to perform this operation was denied.',
faultCause = <unset>,
faultMessage = (vmodl.LocalizableMessage) [],
object = 'vim.Folder:group-d1',
privilegeId = 'System.View',
missingPrivileges = (vim.fault.NoPermission.EntityPrivileges) [
(vim.fault.NoPermission.EntityPrivileges) {
dynamicType = <unset>,
dynamicProperty = (vmodl.DynamicProperty) [],
entity = 'vim.Folder:group-d1',
privilegeIds = (str) [
'System.View'
]
}
]
}
This is my python code :
import atexit
import ssl
from pyVim import connect
from pyVmomi import vim
import pdb
def vconnect(hostIP,port=None):
if (True):
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE # disable our certificate checking for lab
else:
context = ssl.create_default_context()
context.options |= ssl.OP_NO_TLSv1_3
#cipher = 'DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-GCM-SHA256'
#context.set_ciphers(cipher)
pdb.set_trace()
if (port):
service_instance = connect.SmartConnect(host=str(hostIP), # build python connection to vSphere
user="root",
pwd="HagsLoff#1324",
port=port,
sslContext=context)
else:
service_instance = connect.SmartConnect(host=str(hostIP), # build python connection to vSphere
user="root",
pwd="HagsLoff#1324",
sslContext=context)
atexit.register(connect.Disconnect, service_instance) # build disconnect logic
content = service_instance.RetrieveContent()
container = content.rootFolder # starting point to look into
viewType = [vim.VirtualMachine] # object types to look for
recursive = True # whether we should look into it recursively
containerView = content.viewManager.CreateContainerView(container, viewType, recursive) # create container view
children = containerView.view
for child in children: # for each statement to iterate all names of VMs in the environment
summary = child.summary
print(summary.config.name)
# connecting to ESX host
vconnect("192.168.160.160")
# connecting to vcsa VM
vconnect("192.168.160.170", 443)
So I am using a nested ESX that runs on my workstation 16. I have deployed the vcsa on this ESX host via the windows CLI installer. Querying the ESX host works fine whereas querying the vcenter server appliance (vcsa) gives me the above error.
I looked at this discussion which talks about setting 'global permissions'; however on my vcenter server management VM, my 'administration' tab does not look anything like this:
What it instead looks like is this:
So apparently I have a 'vcenter server management' appliance and not what is referred to as the 'vsphere client'.
So with this context set, I have some questions:
Is the error above due to my trial license?
How is the 'vcenter server management (vcsa)' appliance different from the 'vsphere client'?
Is it possible to change 'global permissions' on the vcsa or do I need to get the 'vsphere client' to do that?
I tried adding the default port (443) as mentioned here to no avail. Keen to hear from you soon

Flask mqtt works fine in the web app console (pythonanywhere) but it doesn't work in the web app itself,

I use pythonanywhere for my IoT flask server. My MQTT code runs locally (visualstudio) but fails under pythonanywhere (code below copied from my similar question on pythonanywhere forum).
I configured MQTT credentials and set tls to false and 5 seconds keepalive then I instantiate mqtt=Mqtt(app). In #mqtt.onConnect() function I printed values when rc is zero but it doesn't print in any log file (even I used sys.stderr) meaning that means it doesn't go in this function, therefore publish and onMessage() doesn't work too.
However if I open python in the bash console and import MQTT instance from app file it connects to my broker and when I call the function that publish from the console it publish the message to my broker.
I tried to mqtt=Mqtt() then in main scope mqtt.init_app(app) and also tried in main mqtt.run() didn't work.
app1.config['MQTT_BROKER_URL'] = 'mybroker'
app1.config['MQTT_BROKER_PORT'] = 1883
app1.config['MQTT_USERNAME'] = ' '
app1.config['MQTT_PASSWORD'] = ' '
app1.config['MQTT_KEEPALIVE'] = 5
app1.config['MQTT_TLS_ENABLED'] = False
mqtt_client = Mqtt(app1)
import sys as syss
#mqtt_client.on_connect()
def handle_connect(client,userdata,flags,rc):
if rc == 0:
print('Connected successfully', file = syss.stderr)
mqtt_client.subscribe('esp/copra')
else:
print('Bad connection. Code:', rc , file=syss.stderr)
testmqtt="a"
#mqtt_client.on_message()
def handle_mqtt_message(client,userdata,message):
payload = message.payload.decode()
print("payload is " + payload)
#app1.route("/testmqtt")
def testmqtt():
print("test mqtt here")
mqtt_client.publish('esp/copra',"pythonanywhere")
return{"mqtt": "mqtt"}
if name == "main":
#app.config['SESSION_TYPE'] = 'filesystem'
mqtt_client.init_app(app1)
app1.run()

Dialogflow: Agent metadata not found for agentId

I'm trying to use Dialogflow's detect_intent in Python and I keep getting:
404 com.google.apps.framework.request.NotFoundException: Agent metadata not found for agentId: ####-####-####-####-####
Here's a snippet of my code:
import google.cloud.dialogflow as dialogflow
from CONFIG import DIALOGFLOW_PROJECT_ID
os.environ["GOOGLE_APPLICATION_CREDENTIALS"] = 'credentials/dialogflow.json'
def predict_intent(text, language):
session_client = dialogflow.SessionsClient()
session = session_client.session_path(DIALOGFLOW_PROJECT_ID, SESSION_ID)
text_input = dialogflow.TextInput(text=text, language_code=language)
query_input = dialogflow.QueryInput(text=text_input)
response = session_client.detect_intent(session=session, query_input=query_input) # ERROR
return response.query_result.intent.display_name
I tried running the function multiple times and some of them succeed, but most fall in the exception.
I can train the bot using the same interface and it works fine.
I'm using Python 3.7 and the following Google Cloud modules: google-api-core==2.0.1, google-auth==2.0.2, google-cloud-dialogflow==2.7.1, googleapis-common-protos==1.53.0.

Downloading a file with LDAP authentication

I'm trying to find a way to download a CSV from a network URI (not web) that requires LDAP authentication. I have a service account made for this, but I'm not able to find a working solution:
conn = ldap.open("10.41.10.10:389") #I've tried different URIs
conn.simple_bind_s('svc_acct#company.com', 'password')
call = open(r'\\fserv03\reports\gps_List.csv')
Is there a better way to do this?
Updated: Got Python-LDAP to work for my 64 bit install after downloading Python-LDAP to work, I downloaded python_ldap-2.4.28-cp27-cp27m-win_amd64 and running the pip install on it.
I was able to get this to work with the following (using Python-LDAP library):
try:
l = ldap.initialize('ldap://LDAP SERVER HERE')
l.protocol_version = ldap.VERSION2
username = "cn=USER, o=example.com"
password = 'PASSWORD HERE'
l.simple_bind(username, password)
except ldap.LDAPError, e:
print e

How to establish authorized request with keystone using python-openstack client API v3

I have problems with python-openstackclient library.When i run this code to authorize with keystone:
from keystoneclient import session
from keystoneclient.v3 import client
from keystoneclient.auth.identity import v3
password = v3.PasswordMethod(username='idm',password='idm',user_domain_name='idm')
auth = v3.Auth(auth_url='http://127.0.0.1:5000/v3',auth_methods=[password],project_id='idm')
sess = session.Session(auth=auth)
keystone = client.Client(session=sess)
keystone.users.list()
Im getting this error:
keystoneclient.openstack.common.apiclient.exceptions.Unauthorized: The request you have made requires authentication. (HTTP 401)
But when i try openstack client program:
openstack user list
It gives me good output.
I have next global variables in my .bashrc:
export OS_SERVICE_ENDPOINT=http://127.0.0.1:35357/v3
export OS_AUTH_URL=http://127.0.0.1:5000/v3
export OS_TENANT_NAME=idm
export OS_USERNAME=idm
export OS_PASSWORD=idm
export OS_IDENTITY_API_VERSION=3
export OS_URL=http://127.0.0.1:35357/v3
What could be the problem with that python code?
Thanks!
I had the same problem but after applying proposed solution I was getting :
keystoneauth1.exceptions.connection.ConnectFailure: Unable to
establish connection to http://192.0.2.12:35357/v2.0/users:
HTTPConnectionPool(host='192.0.2.12', port=35357): Max retries
exceeded with url: /v2.0/users (Caused by
NewConnectionError(': Failed to establish a new connection:
[Errno 110] Connection timed out',))
Note that my auth_url='https://myopenstack.somewhere.org:13000/v3',
It turns out that the client was discovering and using services on a interface which by default is 'Admin', and is unreachable for me. When forcing the interface to Public it works :
keystone = client.Client(session=sess, interface='Public')
I managed to do it like this:
from keystoneclient import session
from keystoneclient.v3 import client
from keystoneclient.auth.identity import v3
auth = v3.Password(auth_url='http://127.0.0.1:5000/v3',user_id='idm',password='idm',project_id='2545070293684905b9623095768b019d')
sess = session.Session(auth=auth)
keystone = client.Client(session=sess)
keystone.users.list()