Home
Restart Wakanda service from a script with no password.
- Details
- Written by: Eric Naujock
- Category: Wakanda
- Hits: 5615
Allowing Wakanda to be restarted from a Gitlab continuous integration script.
What we will look at is making it so that you can have a script running as the wakanda user be allowed to stop, start and restart the Wakanda service while still being limited to standard user limitations in the Linux host operating system.
To do this we on a Linux server we will be working with the following. Wakanda 2.6.0 server is running on the Ubuntu 18.0.4 server platform. This is the only official Linux distro that Wakanda supports as of this writing. But the services and commands I will show would work on other distros if needed.
The plan to allow for this is to create a file for Wakanda in the sudoers structure. We will create a new file called wakanda in '/etc/sudoers.d/.
WARNING: make sure to follow these instructions carefully if you don't you may lock yourself out of your computer. This article does not take responsibility for what you may do if you do not follow safe practices in the creation of the files given.
We will use the 'visudo' command to edit the files given as that will afford us some protection against corrupting the sudoers stricture and preventing you from using sudo again until you fix the problem.
To edit our file execute the following command.
sudo visudo -f /etc/sudoers.d/wakandaThis will open your editor for the purposes of editing a sudoers file and allow you to edit the wakanda script.
Inside the editor we will create a line that will allow the user named 'wakanda' to execute start, stop, and restart the Wakanda server without entering a password. The commands allowed to execute are limited specifically since in most of my installations I restrict the wakanda user to be s standard user and not a member of the sudoers group.
Now put the following into the editor.
wakanda ALL=NOPASSWD:/usr/sbin/service wakanda restart, /usr/sbin/service wakanda stop, /usr/sbin/service wakanda start
Once you save this line you should be able to see your script be able to start, stop and restart your wakanda server from within the script. Assuming your CI (Continuous integration ) system is running as the wakanda user.
In my Gitlab CI, I have the following line to restart my Wakanda server after I finish installing the backend code on the server. This allows Wakanda to reload the required services and function for the server to run properly.
My Gitlab CI script is a script in the YAML markup needed for the Gitlab CI system to function. You CI system may have other needs, but the sudoers file should still allow your script to run as expected, as the user desired.
The following command is used to stop and start the service. Typically I have the following before I copy my backend in place.
- sudo service wakanda stopThen after I have finished copying all my backend resources in place I will execute the following. To get Wakanda back up and running I add the following to the script.
- sudo service wakanda start
That's all there is to it. Once you have this added to your sudoers files your scripts should be able to stop, start, and restart Wakanda without needing a password. But not giving a Wakanda more than is absolutely necessary to perform the tasks required.
How to get to the Wakanda admin page for Wakanda enterprise.
- Details
- Written by: Eric Naujock
- Category: Wakanda
- Hits: 5089
In Wakanda enterprise, you do have an admin web panel you can use to check databases, backup databases and run scripts. But you do have to know how to get to it.
First, you must be running with an enterprise license.
Second, you must be able to attach to the server and either be running X-Windows or custom provide access to localhost (Run A GUI)
Wakanda by default will not listen to for the admin panel on any unsecured port. so you will likely need to access the server using localhost or in a GUI view of the server.
In my case, I use Xwindows port forwarding on my SSH tunnel to view this screen. I used to use -X for forwarding my X windows but changes in the Mac OS system prevent this from working any longer. The -Y option is really not preferred.
ssh -Y myUserName@wakandaserverOnce you are connected with a local GUI, or an ssh tunnel with x-windows forwarding working you can open the following URL to get to your admin panel.
For those who like to throw caution to the wind you can manually setup in your start-up file for Wakanda a configuration to allow remote access to this admin panel, but this can result in unexpected access to the systems backend and the possibility of running things you do not want.
Keep in mind that the startup configuration for Wakanda 2.6.0 has changed and you will need to change your startup if you are running the newer version or upgrading. Wakanda 2.6.0 linux upgrade is a surprise.
Wakanda 2.6.0 linux upgrade is a surprise.
- Details
- Written by: Eric Naujock
- Category: Wakanda
- Hits: 5640
Recently Wakanda released the 2.6.0 version of their Wakanda Enterprise solution. Along with this upgrade, the was a few surprises.
- This version now requires Ubuntu 18.0.4. Ubuntu 16.04 LTS is no longer supported and in order to perform this upgrade, you will need to upgrade your running distribution.
- Ubuntu 17 was never supported. Likely will not be added.
- Versions of Wakanda 2.0.0 - 2.5.0 require Ubuntu 16.04 LTS ONLY.
- Wakanda only is supported running under Ubuntu. So if you want to play with it you had better get used to working with Ubuntu and the Debian package system.
- The new version of Wakanda 2.6.0 and later now starts and runs as a service. The /etc/init.d files are now gone and have left the package. You will need to manage the service as a systemd.
The ironic part is that this is a big surprise. There nothing in the README file about this upgrade causing this kind of changes. It may be a minor upgrade but having to upgrade your Linux Distro to accommodate the minor version change by Two full releases is a big shock.
Originally Wakanda for Linux only ran under Ubuntu 16.04 LTS.
The new installer will install all you need to get started but make sure you have your license file in the right place. The following flags will allow you to configure the startup of your new Wakanda configuration. There is a note in the README file about the proper placement for the default license file.
Usage: wakanda-enterprise-server [OPTION]... [FILE]...
http://www.wakanda.org
-s, --solution=VALUE Solution or JS file
-d, --daemon Go daemon and run in the background
Administration options:
--admin-password=VALUE Administrator login password (default: <empty>)
--admin-port=VALUE Force the Administration panel port number
--admin-ssl-port=VALUE Force Administration panel ssl port number
--admin-publish=VALUE Force Administration panel publishing mode
'https': accept only HTTPS connections
'http': accept only HTTP connections
'both': accept both HTTPS and HTTP connections
'both-but-http-local-only': accept HTTPS
connections and HTTP connections only from localhost
Service discovery options:
--no-discovery Do not start Bonjour services
--allow-data-conversion
Allow converting the database to a higher Wakanda version
Debugger settings:
-g, --debugger=VALUE Debugger to launch at startup (ignored if
--debug-off is specified) ['remote': activate the
remote web debugger, 'none': disabled] (default: none)
--debug-off Disable the Debugger features.The debugging
interface will not be launched on the server
side, which can be useful when the solution is
used in a production environment
Jobs:
--job-id=VALUE Specify the server job id
System workers:
--system-workers=VALUE Configuration file for system workers
Logging facility:
--syslog Forward Wakanda Server's log messages to the
Syslog daemon
--verbose Verbose mode
--pid=VALUE PID file containing Wakanda Server's process id
-l, --license=VALUE Path of the license file
Help:
--version Display the version and exit
-t, --test Launch backend tests
-h, --help Display the help and exit
Instead of using the old configuration file in the /etc/defaults folder you will instead update the file in
/lib/systemd/system/wakanda.service Be prepared to make a few changes. Here is an example my one of my .service files. This configuration is running on my development server hence the --debugger = 'remote'.
[Unit]
Description=Wakanda Enterprise Server
After=network-online.target
[Service]
Type=notify
User=wakanda
Group=wakanda
ExecStart=/usr/local/bin/wakanda-enterprise-server --daemon --syslog --solution="/opt/mySolution/app.waSolution" --debugger='remote' --license="/opt/mySolution/license/license.key"
Restart=always
[Install]
WantedBy=multi-user.target
Hopefully, this helps you and prepares you for the change you will get in the new Wakanda 2.6.0 release.
Wakanda Backend access with Safari not working when using certificate based authentication.
- Details
- Written by: Eric Naujock
- Category: Wakanda
- Hits: 4482
If your website uses certificate-based authentication to access the data in your Wakanda project. Keep in mind that of the major browsers out there Safari will not handle the backend certificate authenticated connection. Instead of presenting the user with a request to authenticate using the certificate it will just report a 400 error and fail to connect. This can keep your Angular project from working properly. I have tried to create a user profile for the new account but his does not work.
The solution, for the time being, is to use your front-end web server. (In my case NGINX) and have the web server forward the traffic on the https port to the backend port. In this case, you can use the following block in the server profile for the rest service. If you want to offer other backend services to your front end application you will need to add blocks for them as well.
location /rest/ {
include proxy_params;
proxy_pass http://127.0.0.1:8081;
}
This snippet will forward the traffic from the front end to the back end allowing Safari to work. In this example, I have my Wakanda server running on the same server as my front end web server.
Page 1 of 2