Set up the Artifactory repository authentication

To secure Artifactory repositories follow the steps below

  1. Log into Artifactory as an administrator
  2. On the left select Admin

Add users

  1. In the Security menu select Users
  2. In the upper right select New

  3. Create users for admin, writer, and reader. Make sure the Can Update Profile checkbox is NOT checked, so if someone logs in with the service account credentials cannot change the account settings.

    1. REPOSITORY-NAME_admin,
    2. REPOSITORY-NAME_writer,
    3. REPOSITORY-NAME_reader.

Create security groups and add the new users to the groups

  1. In the Admin menu select Security and Groups
  2. On the Group Management page select New
  3. Create groups for admins, writers, and readers. Add “s” to the name of the group to differentiate it from the user.
    1. REPOSITORY-NAME_admins,
    2. REPOSITORY-NAME_writers,
    3. REPOSITORY-NAME_readers.
  4. In the Users section add the appropriate user to the group

Create permissions and add the groups to the permissions

  1. In the Security menu select Permissions
  2. In the upper right corner select New
  3. Create permissions to administer, write, and read the repository
    1. REPOSITORY-NAME_administer,
    2. REPOSITORY-NAME_write,
    3. REPOSITORY-NAME_read.
      1. Select the repository, click the green arrow to add the repository to the Selected Repositories list, and click Next
      2. Click the arrow next to the name of the group to add it to the list of groups
      3. Select the appropriate check boxes
        1. For writers select Delete/Overwrite, Deploy/Cache, Annotate, and Read
      4. Click the Save & Finish button.

To allow anonymous read access to the repository

To allow everyone to read the repository without authentication, add the anonymous user to the REPOSITORY-NAME_readers group.

The User Profile Service failed the sign-in. User profile cannot be loaded.

When you try to start a remote desktop connection to a Windows computer on the domain you may get the error message:

The User Profile Service failed the sign-in. User profile cannot be loaded.

To enable the User Profile update

  1. Remote into the computer with a local administrator account,
  2. In Windows Explorer open the C:\Users\Default\AppData folder,
  3. Right click the Roaming folder and select Properties,
  4. On the Security tab click the Advanced button,
  5. In the Permission entries list select System,
  6. Check the Replace all child object permissions… check box,
  7. Click the OK button,
  8. Click the Yes button on the Windows Security popup,
  9. Close the Properties window with the OK button.

Add SSH key to a Jenkins Git step

To access a Git repository Jenkins can use an SSH key.

To add the SSH key to the Jenkins server use the following Chef script

Store the SSH key in an encrypted data bag called “keys”.

{
 "id": "ci_private_keys",
 "ci_github_key": "-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----",
}

 

Add the following to the Jenkins Chef recipe

  • Install Git
package 'git'
  • Install the Git and Credentials Jenkins plugins
jenkins_plugin 'git'
jenkins_plugin 'credentials'
  • Copy the SSH key to the Jenkins server
rsa_key = data_bag_item('keys', 'ci_private_keys')
file '/var/lib/jenkins/.ssh/id_rsa' do
  content "#{rsa_key['ci_github_key']}"
  owner 'jenkins'
  group 'jenkins'
  mode '0600'
end
  • Add github.com to the known hosts
bash 'provide github.com RSA fingerprint' do
  code <<-EOF
   ssh-keyscan github.com >> /var/lib/jenkins/.ssh/known_hosts
   chown jenkins.jenkins /var/lib/jenkins/.ssh/known_hosts
  EOF
  not_if{system('grep github.com /var/lib/jenkins/.ssh/known_hosts')}
end

 

To specify the SSH key in the Git step

  1. When the Jenkins server is operational, navigate to the Web interface
  2. Create a new Jenkins project
  3. In the Source Code Management section
    1. Select Git
    2. Enter the SSH URL of the repository
    3. When you are adding the first project, click the Add button to create the credential

      1. Click Jenkins to select the credentials provider
      2. Select SSH Username with private key as the Kind
      3. Enter the username you used when you created the SSH key for the Git repository
      4. Select From the Jenkins master ~/.ssh as the Private Key
      5. Click the Add button
    4. In the Credentials drop down select the credential you have created (the Git user name)

 

Obfuscated passwords in TeamCity

Obfuscate the password in the TeamCity UI

When a TeamCity build step needs to use a password, there is a way to obfuscate it.

  1. In the TeamCity web interface navigate to the project,
  2. On the project page open the Parameters page,
  3. Click the Add new parameter button,
  4. Enter the name of the parameter, the password value, and click the Edit button to set the special settings,
  5. Set the Display to Hidden, and the Type to Password to hide the value from the user interface. Click the Save button on this window and the on the parent window to save the parameter.
  6. To use the parameter in a build step, surround it with % signs.

Display the obfuscated password in the TeamCity UI.

To display the value of the password in the TeamCity UI again

  1. Select the attribute in the list
  2. Click the Edit button
  3. Set the type to Text and click the Save button
  4. On the Edit Parameter window click the Save button
  5. The password will be displayed in the parameter list.

Manage Windows Backups

To manage the Microsoft Windows Backups you can use a command line tool.

Open a command prompt as administrator

Show the existing backup versions

Wbadmin get versions

Clean up the backup disk

To keep a number of latest backups and delete the rest

Wbadmin delete backup -keepversions:NUMBER_OF_BACKUPS_TO_KEEP

To keep the latest backup only

Wbadmin delete backup -keepversions:1

To delete all existing backups

Wbadmin delete backup -keepversions:0

 

Chef custom resource is using the same property name as the called resource

When you create a Chef custom resource, you can call other resources including custom resources you have created. For ease of use it can be convenient to use the same property name as the called resource use.

property :delay_mins,          Fixnum, default: 3

reboot 'Hostname was changed' do
 reason reboot_reason
 delay_mins delay_mins
 action :request_reboot
end

When you you execute the code, chef will display the following error message:

property delay_mins is declared in both reboot[Hostname was changed] and utils_reboot[hostname_reboot] action :request_reboot. Use new_resource.delay_mins instead.

To tell Chef that you want to use the property you have created in this custom resource, add new_resource. in front of your property:

property :delay_mins,          Fixnum, default: 3

reboot 'Hostname was changed' do
 reason reboot_reason
 delay_mins new_resource.delay_mins
 action :request_reboot
end

Bluetooth: Not Available in Sierra on the Macintosh

After software update in Sierra on my Macintosh, my Bluetooth mouse usually stops working.

The toolbar displays the Bluetooth not available icon: 

When I click it, the “Bluetooth: Not Available” message is displayed.

There are two recommended actions we can take to bring Bluetooth back to life. If the first one does not help, try to execute them together during the same shutdown and restart cycle.

Delete the com.apple.Bluetooth.plist file from Library / Preferences

  1. Start Finder,
  2. In the Go menu select Go to Folder,
  3. Enter /Library/Preferences into the text box and click the Go button,
  4. Move the com.apple.Bluetooth.plist file to the trash,
  5. Shut down the Macintosh,
  6. Start the computer again.

Reset the SMC to reinitialize the Bluetooth module

  1. Shut down the Macintosh,
  2. Disconnect all peripherals (external display, drives, mouse, printer),
  3. Make sure the power adapter is connected to the computer,
  4. Press and hold the Shift, Control and Option buttons for 10 seconds,
  5. Start the computer with the power button, with the peripherals still disconnected,
  6. Re-connect the peripherals.

Second monitor does not work on Toshiba P-70A in Windows 10

Since I installed Windows 10 on my Toshiba P-70A laptop, the computer does not recognize the second monitor.

To make the second monitor work, I had to uninstall the display drivers and remove them from the computer:

  1. Open the File Explorer
  2. Right click This PC and select Properties
  3. In the upper left corner select Device Manager
  4. Expand the Display adapters section
  5. Right click each display adapter,
    1. Select Uninstall
    2. Check  Delete the driver software for this device
  6. The computer will reboot.

To keep your second monitor working do not update the display drivers, keep the drivers that Windows installs during the reboot.

How to secure Jenkins

When you install Jenkins, the default settings allow anyone to sign up and administer it. There are many ways to secure Jenkins, the simplest is to disable the user sign up and require login to administer the server.

  1. Click sign up in the upper right corner and create an account for yourself
  2. On the Jenkins Dashboard select Manage Jenkins
  3. On the Manage Jenkins page select Configure Global Security
  4. Make sure the circled items are set according to the picture below.