Is there a way to assert that a variable (or more specifically, a fact) in puppet has a particular value, and to abort the installation if it doesn't?
For background, here is the situation:
In most cases I can refer to hostnames, but sometimes I need to use an IP address. For example, our log collector host needs to open a port in the firewall for several specific machines (and not a whole subnet). I need to use IP addresses to open a hole in the firewall. Since the IP addresses of machines don't change, I was planning on encoding the IP address as part of the configuration, but I'd like to check on the individual hosts that the actual IP address matches the one in its configuration and fail if it doesn't. Is that possible?
I believe something like this would work:
if $ipaddress != $expectedipaddress {
fail("IP mismatch")
}
The fail() function causes a parse failure. Wrapping it in a conditional should get the assert behavior you want.
I haven't tested this specific usage, but if parsing fails a new catalog isn't compiled and the client doesn't get anything.
Related
I have code that was tested (and approved) using HTTP requests. Release was scheduled for tomorrow... but the first test of our client against the (third party) release server reveals that it demands HTTPS. At least superficially, the one (and only?) part of our code that will need to change is:
HTTPClientSession session( myUri.GetHost(), myUri.GetPort() );
And the change required seems to be:
HTTPSClientSession session( myUri.GetHost(), myUri.GetPort(), context );
What is a simple, direct way to establish that context? My closest guess is to follow the lead of this question, but...
I am blissfully ignorant of the SSL layer that supports HTTPS - do I need to obtain a certificate? This question seems to suggest that client connections like mine generally don't need a certificate (the access to the server requires a login)... but if that's the case... what do you do instead? Am I even right to use an HTTPSClientSession?
First, you'll need to add a layer of SSL functionality to Poco by installing OpenSSL. Build OpenSSL and the corresponding Poco modules (taking care to produce the correct 32- or 64-bit versions for your deployment). On Windows, this will add libssl.dll, libcrypto.dll, PocoNetSSL.dll and PocoCrypto.dll to the DLLs you are already using.
When it comes to the code, this question has two answers that both give informative examples of how to use HTTPSClientSession. The first answer adds only a single line of code to what you already have, but it uses VERIFY_NONE, and so bypasses certificate verification. The second answer uses VERIFY_STRICT and goes to the other extreme. Whether you choose either, or something in between, will depend on your application. In my application, HTTPS had essentially no benefit at all, and the first (simpler) answer worked immediately out of the box. The second answer did not immediately work, so I can't comment further on it.
i am working on a digital forensics case study and am attempting to write a c/c++ program on how to check the date and time or dates and specific times an IP address was given access to by this program. I am wondering on what would be the best way to implement this into my program. i have already checked to see if the string entered is a valid ipv4 or ipv6 address and was wondering if there is any functions or lib's that can make this process much easier.
Thanks
If I understand you correctly, you are trying to write a C++ program that takes an IP address as an input, keeps checking to see if that particular IP address is accessible by you (your program).
You could try to monitor changes in firewall (bigger scope) 2)
You could run a command line tool like ping and parser the output 3)
You could do C/C++ coding to do the pinging yourself like suggested
in this post
You could try to keep connecting, at brief intervals, to the IPaddress at a particular TCP/UDP port.
I have a WCF service, this service works perfectly well on a WSHttp endpoint, running as a Windows service under ServiceHost. However I want to move to a TCP endpoint, because of scalability. For the life of me I cannot figure out how to host it correctly. Here is my host's OnStart routine, in VB:
Protected Overrides Sub OnStart(ByVal args() As String)
If _svcHost IsNot Nothing Then
_svcHost.Close()
End If
_svcHost = New ServiceHost(GetType(AutoTestsDataService), New Uri("net.tcp://" & GetIPv4Address() & ":8000"))
Dim metaDataBehavior = _svcHost.Description.Behaviors.Find(Of ServiceMetadataBehavior)()
If metaDataBehavior Is Nothing Then
_svcHost.Description.Behaviors.Add(New ServiceMetadataBehavior() With {.HttpGetEnabled = False})
Else
metaDataBehavior.HttpGetEnabled = False
End If
_svcHost.AddServiceEndpoint(GetType(IMetadataExchange), MetadataExchangeBindings.CreateMexTcpBinding, "mex")
_svcHost.AddServiceEndpoint(GetType(AutoTestsDataService), New NetTcpBinding(SecurityMode.None, False), ServiceName)
Dim debugBehavior As ServiceDebugBehavior = _svcHost.Description.Behaviors.Find(Of ServiceDebugBehavior)()
If debugBehavior Is Nothing Then
_svcHost.Description.Behaviors.Add(New ServiceDebugBehavior() With {.IncludeExceptionDetailInFaults = My.Settings.flagDebug})
Else
debugBehavior.IncludeExceptionDetailInFaults = My.Settings.flagDebug
End If
Try
_svcHost.Open()
Catch ex As Exception
_svcHost.Abort()
End Try
End Sub
As is, the code compiles fine, installs fine, and the Windows service starts up fine. But there is nothing listening on port 8000. I have made sure the Net.Tcp Listener and Port Sharing services are running properly. I chose to not use the config file at all because I had lots of problems in the past and to me putting code in a config file is bad, nevermind what Microsoft wants me to believe. A code-first implementation is always easier to understand than XML anyways, and to me the above code puts all the right parts in the right places. It just refuses to work. Like I said I can stick with WSHttp, but I would prefer to understand why Net.Tcp is not working.
The best way to determine what the WCF Service listener is doing during startup is to enable WCF Tracing. Therefore, I recommend you configure tracing on the service, which should provide detailed information about any underlying exceptions occurring at startup.
WCF tracing provides diagnostic data for fault monitoring and analysis. You can use tracing instead of a debugger to understand how an application is behaving, or why it faults. You can also correlate faults and processing across components to provide an end-to-end experience, including traces for process milestones across all components of the applications, such as operation calls, code exceptions, warnings and other significant processing events.
http://msdn.microsoft.com/en-us/library/ms733025(v=vs.110).aspx
The only problem I could see here is the method GetIPv4Address() and what it returns. Usually best choice is to use localhost, host name, or 0.0.0.0.
The DeleteIPAddress function can be used to remove an IP address which was added at an earlier time using AddIPAddress. You obtain the net table entry context when you add the address and pass it as a parameter to DeleteIPAddress.
In my case, there must be a reboot between the time that the IP address is added and when we want to remove it. The address is persistent and remains after the reboot but we no longer have the net table entry context so DeleteIPAddress fails. How else can I remove this IP address?
I'm working with C++ on Windows 7.
Thanks.
found the following at ms; GetAdaptersInfo should be what you need
DeleteIPAddress fails in Windows XP when deleting an IP address not added using AddIPAddress
In Windows 7, I can delete an IP address using DeleteIPAddress() even though I did not add it using AddIPAddress(). I can do this by getting the NTEContext of the desired IP address of a specific network adapter via GetAdaptersInfo().
This does not seem to work on Windows XP SP3 Professional. DeleteIPAddress() returns an error ERROR_GEN_FAILURE "A device attached to the system is not functioning.". All other preceding and succeeding calls to IP Helper functions succeeds so there is nothing wrong with my device.
I am developing a C++ network application on Windows. I need to check if internet connection is there or not. I am using gethostbyname(), but it is giving incorrect information when the system is connected through a proxy. InternetCheckConnection() and InternetGetConnectedState() are also not giving reliable results under different conditions. Is there a reliable way to check for internet connectivity covering all the conditions such as proxy and VPN?
Update:
In our company network WinHttpGetProxyForUrl() is failing with the error ERROR_WINHTTP_AUTODETECTION_FAILED and WinHttpSendrequest() is failing with error ERROR_WINHTTP_NAME_NOT_RESOLVED.
In open network WinHttpSendrequest() is successful.
Plain old way !
Include:
#include <wininet.h>
#pragma comment(lib,"Wininet.lib")
In your Method:
char url[128];
strcat(url, "http://www.techtoolbox.com");
bool bConnect = InternetCheckConnection(url, FLAG_ICC_FORCE_CONNECTION, 0);
if (bConnect)
{
//internet connection exists !
}
else
{
//internet DOES NOT connection exists !
}
Hope it helps.
The best way to test the availability of any resource is to try to use it. You only care about the Internet if there is something out there you want to connect to. So, try to connect to it, in the normal course of your program, and handle the errors. Don't try to second-guess what might happen if you try. First, you're trying to predict the future. Second, you aren't necessarily exercising the same things that the actual connection would exercise. Third, your test may succeed and your subsequent use fail due to an intervening condition changing. Fourth, you have to handle the errors from the real use of the resource anyway: why write all that code twice?
A simple solution is to try to connect to a well-known host, if it succeeds then you have a connection.
In my opinion a way is to create a socket and try connecting a known host. These links will help:
For windows: http://msdn.microsoft.com/en-us/library/ms740673(VS.85).aspx and for unix http://www.tenouk.com/cnlinuxsockettutorials.html.
HTH
Anil