May 20, 2014

Net user hidden switch

Holy moly... if only all of the internet problems were this easy to solve.

After creating and nuking 3 AWS boxes I finally broke down and regenerated the private cert. (I lost .pem file to interactively login a long time ago. Knife EC2 server create ftw!!)

Login and run my user_data script manually and get greeted with this 14 year old annoyance. Who in their right mind still runs win2k? Is it even supported?? Well, sadly we all know the answer to that question.

The password entered is longer than 14 characters.  Computers with Windows prior to Windows 2000 will not be able to use his account. Do you want to continue this operation? (Y/N) [Y]:
I nuked three boxes to find out my password was too long...

Combining last few drops of coffee with curiosity I ran the below command which to my complete and utter amazement succeeded. Half a google search later I find that this is a hidden switch in NET command... and now you know too

net user /add $user $password /yes
fyi: both /y and /yes work, and no matter how many times you type net help you wont get the answer you're looking for.

btw, here is the user data scrip:
<powershell>  #https://gist.github.com/vinyar/6735863;
  "[System Access]" | out-file c:\delete.cfg;  "PasswordComplexity = 0" | out-file c:\delete.cfg -append;  "[Version]"  | out-file c:\delete.cfg -append;  'signature="$CHICAGO$"'  | out-file c:\delete.cfg -append;    secedit /configure /db C:\Windows\security\new.sdb /cfg c:\delete.cfg /areas SECURITYPOLICY;    $user="UsernameGoesHere";  $password = "UserPasswordGoestHere";  net user /add $user $password;  net localgroup Administrators /add $user;    winrm quickconfig -q;  Enable-PSRemoting -force;  winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}';  winrm set winrm/config '@{MaxTimeoutms="1800000"}';  winrm set winrm/config/service '@{AllowUnencrypted="true"}';  winrm set winrm/config/service/auth '@{Basic="true"}';  winrm set winrm/config/service/auth '@{CredSSP="true"}';    netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" profile=public protocol=tcp localport=5985 new remoteip=any;</powershell>

Here is a random bit of awesomeness

May 9, 2014

Finding illegal characters somewhere in your chef cookbook / code

Use case:
I cant upload a cookbook / run powershell script / render web.config because something somewhere throws up on an illegal character.

One route to fix it, is to look at most critical files - web.config, json.config, README.MD and hope that the error is somewhere in there.

Well, that's one approach. About a year ago I would fire up notepad++ or BeyondCompare and look for iffy characters. It works, but it's stupid slow.

In case of Chef, the whole cookbook is processed, so theoretically the error could be anywhere. So, going through it one file at a time is just not practical. On top of that, I advocate automation, so... automation it is:

I've been learning OSX so I actually dont know the equivalent for windows, but since you dont have grep anyway, install the version that comes with -P and all is good.

brew install pcre
CD to the folder where you're breaking
pcregrep --color='auto'  -r -n "[^\x00-\x7F]" .
pcregrep --color='auto'  -r -n "[\x80-\xFF]" .

-r                              is for recursive
--exclude-dir .git      is to exclude .git from your search. You'll get a ton of hits here otherwise (not used in example above)
-n                             is to specify ascii range. Both work.

Source:
http://stackoverflow.com/questions/3001177/how-do-i-grep-for-all-non-ascii-characters-in-unix?s=4513f650-b50e-4611-8497-83fe400a3cc1

Way to test:  Grab a broken Repo and run the command to make sure you get expected broken file
Fix is here (https://github.com/stackforge/cookbook-openstack-common/commit/f4112fc77385a6044c2418f08da451aa57dfd247), so we're going to grab a pre fix commit

git clone https://github.com/stackforge/cookbook-openstack-common
git checkout 5e1a812a38c19a45b774862345f552c41836606f
pcregrep --color='auto'  -r -n "[\x80-\xFF]" .

Boom
Done