Justin Dearing's questions

I want to provision an azure key vault from terraform via the interactive powershell prompt. I want to login to to azure (az login) with the web browser. I want that users object id to set a limited custom access policy for it. My terraform snippet for the key vault looks like this:

resource "azurerm_key_vault" "always_encrypted_sample" {
  # . . . . SNIP . . . .
  access_policy {
    tenant_id = "${data.azurerm_client_config.current.tenant_id}"
    object_id = "${var.certificate_creator}"

    certificate_permissions = [
      "create", "get" # Terraform needs get to make the cert, probably to check its existance
    ]
  }
}

resource "azurerm_key_vault_certificate" "column_certificate" {
    # . . . . SNIP . . . .
}

I don't know how to get the object id. az account show only gives me the following:

{
  "environmentName": "AzureCloud",
  "id": "XXXXXXXXXXXX",
  "isDefault": true,
  "name": "Pay-As-You-Go",
  "state": "Enabled",
  "tenantId": "XXXXXXX",
  "user": {
    "name": "[email protected]",
    "type": "user"
  }
}

I opened a feature request for user to contain an id property. I am looking for a workaround. Is there an command in the azure cli to get my users object id or even upn so I can query the object id from that? Is that object id exposed by terraform somewhere? Its not in azurerm_client_config.

I made a self signed certificate like so on Windows 10:

$MasterKeyDNSName = 'CN=Always Encrypted Sample'
Write-Host "Creating Self Signed Certificate $($MasterKeyDNSName)"
$Cert = New-SelfSignedCertificate `
    -Subject $MasterKeyDNSName `
    -CertStoreLocation Cert:\CurrentUser\My ` 
    -KeyExportPolicy Exportable `
    -Type DocumentEncryptionCert `
    -KeyUsage DataEncipherment `
    -KeySpec KeyExchange
$CmkPath = "Cert:\CurrentUser\My\$($cert.ThumbPrint)"
Write-Verbose "Column Master Key Certificate Path: $($CmkPath)"

The cert had a thumbprint of B91A912CF632575F784CDE485DA37AB2F23DB6BA and appeared in e registry under HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\CA\Certificates\B91A912CF632575F784CDE485DA37AB2F23DB6BA.

From powershell I could access it with via both Cert:\CurrentUser\My\B91A912CF632575F784CDE485DA37AB2F23DB6BA and Cert:\CurrentUser\CA\B91A912CF632575F784CDE485DA37AB2F23DB6BA.

According to the Microsoft docs, the My folder uses the .Default store and the CA folder uses the .Default, GroupPolicy and .LocalMachine physical stores.

Is My like a symlink and CA is the authoritative location?

I have a git repo with my app, with a docker-compose.yml in the root for running an environment. It uses postgres 9.1 for the database (that will be upgraded). The postgres part of the config looks like this:

db:
  image: orchardup/postgresql:9.1
  ports:
      - 5432:5432
  environment:
      POSTGRESQL_USER: XXXXXXXXX
      POSTGRESQL_PASS: YYYYYYYYY
      POSTGRESQL_DB: my_scharona

I'd like it so that /etc/postgresql/9.1/main in the container be mounted from db/etc in the git repository so I could store the postgres configuration files in git. However, when I do this in the yml file:

    volumes:
      - ./db/etc:/etc/postgresql/9.1/main

I get the following error when starting the containers:

ERROR: Cannot link to a non running container: /ZZZZZZ_db_1 AS /ZZZZZZ_web_1/db

From what I've read in the documentation I seem to be using the right syntax. So what am I doing wrong?

The whereis command lets me find the location of a command that is on my path on linux, amongst other things. Is there an equivalent on PASE? If so, do I need a PTF?

Xperf only lets you run one kernel session. The syntax for creating a kernel session for one provider is xperf -start MySession -on 2DA81B52-908E-7DB6-EF81-76856BB47C4F However, I cannot seem to specify multiple providers. The following does not work:

• Multiple on switches -on A9377239-477A-DD22-6E21-75912A95FD08 -on BA798F36-2325-EC5B-ECF8-76958A2AF9B5
• Comma separated -on A9377239-477A-DD22-6E21-75912A95FD08,BA798F36-2325-EC5B-ECF8-76958A2AF9B5
• Space separated with or without quotes -on A9377239-477A-DD22-6E21-75912A95FD08 BA798F36-2325-EC5B-ECF8-76958A2AF9B5 or -on "A9377239-477A-DD22-6E21-75912A95FD08 BA798F36-2325-EC5B-ECF8-76958A2AF9B5"

What is the correct syntax?

I can't adapt this question for mod_wsgi.

I have a python flask application that uses gdal. I start it up the following way:

LD_PRELOAD=/opt/gdal-custom/lib/libgdal.so.1 PYTHONPATH=../somemodules/ scl enable python27 "source ../python27/bin/activate; python flaskapp.py"

However, I'd like to host it in mod_wsgi. Doing LD_PRELOAD=/opt/gdal-custom/lib/libgdal.so.1 service httpd24-httpd restart doesn't seem to work. Neither does setting the following in my apache configuration:

SetEnv LD_PRELOAD /opt/gdal-custom/lib/libgdal.so.1

LoadModule wsgi_module modules/mod_wsgi.so

WSGIPythonHome /opt/rh/httpd24/root/var/www/wsgi-virtualenv

WSGIPythonPath /opt/rh/httpd24/root/var/www/AppFolder:/opt/rh/httpd24/root/var/www/SomeModules

WSGIScriptAlias /AppFolder /opt/rh/httpd24/root/var/www/AppFolder/app.wsgi

<Directory /var/www/AppFolder>
AllowOverride none
Require all granted
</Directory>

Here is the output of ldd:

(wsgi-virtualenv)ldd /opt/rh/httpd24/root/var/www/wsgi-virtualenv/lib/python2.7/site-packages/GDAL-1.11.2-py2.7-linux-x86_64.egg/osgeo/_gdal.so
    linux-vdso.so.1 =>  (0x00007fffac9ff000)
    libpython2.7.so.1.0 => /opt/rh/python27/root/usr/lib64/libpython2.7.so.1.0 (0x00007fce43438000)
    libgdal.so.1 => /opt/gdal-custom/lib/libgdal.so.1 (0x00007fce42490000)
    libstdc++.so.6 => /usr/lib64/libstdc++.so.6 (0x00007fce42176000)
    libm.so.6 => /lib64/libm.so.6 (0x00007fce41ef2000)
    libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007fce41cdb000)
    libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fce41abe000)
    libc.so.6 => /lib64/libc.so.6 (0x00007fce4172a000)
    libdl.so.2 => /lib64/libdl.so.2 (0x00007fce41525000)
    libutil.so.1 => /lib64/libutil.so.1 (0x00007fce41322000)
    libfreexl.so.1 => /usr/lib64/libfreexl.so.1 (0x00007fce41119000)
    libgeos_c.so.1 => /usr/lib64/libgeos_c.so.1 (0x00007fce40ef2000)
    libsqlite3.so.0 => /usr/lib64/libsqlite3.so.0 (0x00007fce40c63000)
    libodbc.so.2 => /usr/lib64/libodbc.so.2 (0x00007fce409fc000)
    libodbcinst.so.2 => /usr/lib64/libodbcinst.so.2 (0x00007fce407ea000)
    libexpat.so.1 => /lib64/libexpat.so.1 (0x00007fce405c2000)
    libxerces-c-3.0.so => /usr/lib64/libxerces-c-3.0.so (0x00007fce40021000)
    libjasper.so.1 => /usr/lib64/libjasper.so.1 (0x00007fce3fdc7000)
    libnetcdf.so.6 => /usr/lib64/libnetcdf.so.6 (0x00007fce3fa82000)
    libhdf5.so.6 => /usr/lib64/libhdf5.so.6 (0x00007fce3f49a000)
    libogdi.so.3 => /usr/lib64/libogdi.so.3 (0x00007fce3f278000)
    libgif.so.4 => /usr/lib64/libgif.so.4 (0x00007fce3f06f000)
    libjpeg.so.62 => /usr/lib64/libjpeg.so.62 (0x00007fce3ee1f000)
    libgta.so.0 => /usr/lib64/libgta.so.0 (0x00007fce3ec14000)
    libpng12.so.0 => /usr/lib64/libpng12.so.0 (0x00007fce3e9ee000)
    libcfitsio.so.0 => /usr/lib64/libcfitsio.so.0 (0x00007fce3e63a000)
    libpq.so.5 => /usr/lib64/libpq.so.5 (0x00007fce3e411000)
    librt.so.1 => /lib64/librt.so.1 (0x00007fce3e209000)
    libpcre.so.0 => /lib64/libpcre.so.0 (0x00007fce3dfdd000)
    libcurl.so.4 => /usr/lib64/libcurl.so.4 (0x00007fce3dd88000)
    libxml2.so.2 => /usr/lib64/libxml2.so.2 (0x00007fce3da35000)
    libz.so.1 => /lib64/libz.so.1 (0x00007fce3d81f000)
    /lib64/ld-linux-x86-64.so.2 (0x0000003e73a00000)
    libgeos-3.4.2.so => /usr/lib64/libgeos-3.4.2.so (0x00007fce3d479000)
    libltdl.so.7 => /usr/lib64/libltdl.so.7 (0x00007fce3d270000)
    libnsl.so.1 => /lib64/libnsl.so.1 (0x00007fce3d056000)
    libhdf5_hl.so.6 => /usr/lib64/libhdf5_hl.so.6 (0x00007fce3ce24000)
    libproj.so.0 => /usr/lib64/libproj.so.0 (0x00007fce3cbd7000)
    libSM.so.6 => /usr/lib64/libSM.so.6 (0x00007fce3c9ce000)
    libICE.so.6 => /usr/lib64/libICE.so.6 (0x00007fce3c7b2000)
    libX11.so.6 => /usr/lib64/libX11.so.6 (0x00007fce3c475000)
    liblzma.so.0 => /usr/lib64/liblzma.so.0 (0x00007fce3c253000)
    libbz2.so.1 => /lib64/libbz2.so.1 (0x00007fce3c042000)
    libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007fce3bdd6000)
    libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007fce3b9f2000)
    libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007fce3b7ae000)
    libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007fce3b577000)
    libldap_r-2.4.so.2 => /lib64/libldap_r-2.4.so.2 (0x00007fce3b31e000)
    libidn.so.11 => /lib64/libidn.so.11 (0x00007fce3b0ec000)
    libldap-2.4.so.2 => /lib64/libldap-2.4.so.2 (0x00007fce3ae9c000)
    libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007fce3abb5000)
    libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007fce3a989000)
    libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007fce3a785000)
    libssl3.so => /usr/lib64/libssl3.so (0x00007fce3a545000)
    libsmime3.so => /usr/lib64/libsmime3.so (0x00007fce3a319000)
    libnss3.so => /usr/lib64/libnss3.so (0x00007fce39fda000)
    libnssutil3.so => /usr/lib64/libnssutil3.so (0x00007fce39dad000)
    libplds4.so => /lib64/libplds4.so (0x00007fce39ba9000)
    libplc4.so => /lib64/libplc4.so (0x00007fce399a4000)
    libnspr4.so => /lib64/libnspr4.so (0x00007fce39765000)
    libssh2.so.1 => /usr/lib64/libssh2.so.1 (0x00007fce3953d000)
    libuuid.so.1 => /lib64/libuuid.so.1 (0x00007fce39338000)
    libxcb.so.1 => /usr/lib64/libxcb.so.1 (0x00007fce3911a000)
    libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007fce38f0e000)
    libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007fce38d0b000)
    libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fce38af1000)
    libfreebl3.so => /lib64/libfreebl3.so (0x00007fce388ed000)
    liblber-2.4.so.2 => /lib64/liblber-2.4.so.2 (0x00007fce386de000)
    libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00007fce384c4000)
    libXau.so.6 => /usr/lib64/libXau.so.6 (0x00007fce382c0000)
    libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fce380a1000)

If I ssh into my IBMi, and start qsh, I can run db2 -S "SELECT * FROM LIB.SOMEPF" and get the results. I cannot do it from the default PASE screen. I get

$ /usr/bin/db2
/usr/bin/db2: cannot execute

Is it possible to run sql queries from PASE instead of starting QSH?

I can ssh into my IBMi and start qsh. If I type db2 with no parameters I get the standard help message:

db2
  USAGE: CMD [-v] [-S] [-s] [-t | -T<char> | -d] [-r RDBNAME [-u USERNAME -p PASSWORD] ] <"SQLSTMT" | -i | -f FILENAME DEFAULT_LIB>

However, if I run a query like db2 -S "SELECT name FROM INFORMATON_SCHEMA.tables" Nothing returns. It was working fine for the past couple of weeks. I can SELECT and UPDATE from php code just fine. However, I can't use the db2 commandline tool from qsh. What Should I do to troubleshoot?

I am doing a some PHP development on an IBMi running ZendServer6. I have to call PHP by its full path of /usr/local/zendsvr6/bin/php-cli. Is there a dotfile I can edit in my home directory or some configuration change I could make from the greenscreen, or request to someone with QSECOFR make to add that path to my startup path?

I have two python apps I'd like to run on the same server. One requires Python 2.7, the other requires Python 3.3. I'm running CentOS 6.6 with httpd 2.4 and the python 2.7 and 3.3 SCLs. The Python 2.7 app is currently deployed through apache. I'm running the python 3.3 app through the flask dev server on another port, but want to run in in the same apache instance.

When I start apache, and it tries to load the second mod_wsgi instance it tells me :

AH01574: module wsgi_module is already loaded, skipping

So I change: LoadModule wsgi_module modules/mod_python33-wsgi.so to:

LoadModule wsgi_module33 modules/mod_python33-wsgi.so

And then I get Can't locate API module structure `wsgi_module33' in file /opt/rh/httpd24/root/etc/httpd/modules/mod_python33-wsgi.so: /opt/rh/httpd24/root/etc/httpd/modules/mod_python33-wsgi.so: undefined symbol: wsgi_module33

Is this possible?

I'm trying to install powershell 4.0 on a server via chocolatey. It fails with:

[ERROR] [ERROR] Running wusa.exe with C:\Users\jdearing\AppData\Local\Temp\chocolatey\Powershell4\Powershell4Install.msu /quiet /norestart /log:"C:\Chocolatey\lib\powershell4.4.0.0.20131204\tools\PowerShell.v4.Install.log" was not success ful. Exit code was '5'.

I get nothing in the application log, and that log appears to be binary data. I can't find a list of return codes for wusa.exe.

I have to constantly switch back and forth between two installations of a web app with two different versions of an ActiveX control. Therefore I'd like to script the ability to uninstall this control. Its does not show up in Win32_Product because it was not installed via windows installer, and contrary to this answer, the Win32_ClassicCOMClass does not contain this ActiveX control.

AXHelper shows the control in HKEY_CLASSES_ROOT\CLSID. So my two questions are:

• How do I enumerate the control with WMI
• How do I uninstall the control with WMI

Lets say I want to do the very simple query in AD

dsquery user -name "John Smith" | dsget user -memberof -expand

This will output the DNs of the AD groups that this user belongs to. I can make it print the friendly group name via:

dsquery user -name "John Smith" | dsget user -memberof -expand | dsget group -samid

However if a group has a hash tag in it (e.g. "CN=#Kentucky Office,OU=#Distribution Lists,DC=myenterprise,DC=local") will fail with the following error:

dsget failed:Value for 'Target object for this command' has incorrect format.

The way to fix this is to unescape the hashes (i.e. "CN=#Kentucky Office,OU=#Distribution Lists,DC=myenterprise,DC=local"). I can do this in powershell via the oneliner:

dsquery user -name "John Smith" | dsget user -memberof -expand | ForEach-Object { $_.Replace('\#', '#')  } | dsget group -samid

Is there a solution that does not involve powershell.exe or even adding an executable to the pipe besides dsquery or dsget?

I am running scheduled daily backups using Windows 7 Backup on my Windows 7 Ultimate Laptop. It constantly gives me the following errors in the backup log:

Backup encountered a problem while backing up file C:\Users\sqlExpress2k8\Contacts. Error:(The system cannot find the file specified. (0x80070002))
Backup encountered a problem while backing up file C:\Users\sqlExpress2k8\Searches. Error:(The system cannot find the file specified. (0x80070002))

The user sqlExpress is the user that my sql server processes run as. These folders do not actually exist on my file system, and there have been several reboots to rule out any issues of stuck file handles etc.

Update: I installed Denali CTP, and ran it as a different user and I get error messages for the same two folders in the users home directory. I recently reinstalled windows on my laptop and still get the error for the sql service user:

Backup encountered a problem while backing up file C:\Users\sql_denali_service\Contacts. Error:(The system cannot find the file specified. (0x80070002))
Backup encountered a problem while backing up file C:\Users\sql_denali_service\Searches. Error:(The system cannot find the file specified. (0x80070002))

I have a T-SQL script that drops and recreates a database like so:

USE master 
GO

IF  EXISTS (SELECT name FROM sys.databases WHERE name = N'foo')
BEGIN
    ALTER DATABASE [foo]
        SET OFFLINE WITH ROLLBACK IMMEDIATE;
    DROP DATABASE [foo]
END
GO

CREATE DATABASE foo;
GO

-- OTHER DDL statements

Right now my system is in a state where the database is dropped but the LDF/MDF exists so the CREATE DATABASE statement is in the following state:

Msg 5170, Level 16, State 1, Line 2
Cannot create file 'C:\Program Files\Microsoft SQL Server\MSSQL10.PEER1\MSSQL\DATA\eventManagement.mdf' because it already exists. Change the file path or the file name, and retry the operation.
Msg 1802, Level 16, State 4, Line 2
CREATE DATABASE failed. Some file names listed could not be created. Check related errors.

The restore database command has a REPLACE option in the WITH clause for when this happens. Is there an equivalent in the CREATE DATABASE statement?

I am looking to make a user from the command line with minimal rights to run a service. cmd.exe or powershell.exe are both options, but cmd.exe is preferable. So far I got this:

net user /add testUser227e5910-d1ac-11df-bd3b-0800200c9a66
net localgroup Users testUser /delete

The next step is to grant this user the right of "Log On As a Service". I can't seem to figure out how to do this. This is for a blog article, so I want a solution that applies to Windows XP, 2003, 2008, 2008R2, Vista and Windows 7.

In a past life as a unix admin I would often remotely transfer files by taring them to stdout and piping that output through SSH. Sometimes I placed a "tar -xfp -" on the other end of the pipe as a way to transfer files with permissions. Today I revisited this strategy, except there were two monkey wrenches. The fist that I was copying to a windows machine, and the second was I could not ssh as root to the server I was backing up. Sudo only works from a TTY so logging in as my nynpriviledged account did not work.

In the end, someone found the root password, and discovered that password based root logins were allowed. So I was very easily able to create the backup:

c:\> plink -batch -pw SECRET root@someServer tar --exclude=/sys --exclude=/dev --exclude=/proc -cjvvf - / > file.tar.bz2

However, since the windows machine runs winsshd, I want to know if its possible to pull the tarball from the unix box to the windows box, instead of pushing it. The command I tried was:

tar --exclude=/dev --exclude=/sys --exclude=/proc -cjf - / | ssh [email protected] "type con > d:\foo.tar.bz2"

That lead to the file being created on the windows machine, but no data being written. Is there a way to do it the way I want to?

This question was asked on the MySQL forums in 2004 with no answers.

I'm installing MySQL 5.0.x on a Windows 2003 Server for use with Drupal. I began to configure the backup with mysqldump when it occurred to me that an ntbackup taken using shadow copying should be reliable enough for backing up the database. Is there any flaw in my logic?

I have a SQL Server 2008 instance. I have configured filestream access properly, and use it from one column on one table in one of my databases. However, I cannot access the UNC share for the filestream data. I have tried browsing to it as well as trying to open specific files and I get errors both ways.

I am running SQL Server 2008 enterprise on a Windows 7 workstation running on the domain. I've tried running the sql server service as a local user, then as network admin. The user I am logged in as is a local admin and a sysadmin in SQL server.

Other than Process Explorer and Process Hacker, what good task manager replacements exist?