No more 180 day trial licensing....thanks Cisco :(
Here are the new licensing options. If you request a license type more than once, you will now only get offered a 30 day license unless you request approval for a longer license.
Coffee -> Code -> Collaboration Technologies
GO!
Exception in thread "main" run(): caught exception Stream closed
java.lang.OutOfMemoryError: unable to create new native thread
at java.lang.Thread.start0(Native Method)
at java.lang.Thread.start(Thread.java:714)
at com.cisco.cpi.common.util.cmExecCommand.exec(cmExecCommand.java:937)
at com.cisco.cpi.common.util.cmExecCommand.exec(cmExecCommand.java:842)
at com.cisco.iptplatform.cli.cmdBaseDbOSI.setDbLogMessageMethod(cmdBaseDbOSI.java:57)
at com.cisco.iptplatform.cli.cmdBaseDbOSI.<init>(cmdBaseDbOSI.java:49)
at com.cisco.iptplatform.cli.cmdRunSql.<init>(cmdRunSql.java:38)
at sun.reflect.GeneratedConstructorAccessor8.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at java.lang.Class.newInstance(Class.java:383)
at com.cisco.iptplatform.cli.cmdClassThread.setCmdInstance(cmdClassThread.java:105)
at com.cisco.iptplatform.cli.CliClassLauncher.execute(CliClassLauncher.java:285)
at sdMain.main(sdMain.java:1881)
However, I wrote a script that simply splits the loop into 400 command segments and then logs out and back in. I will look to see if the API has the same issue as well and update this post at a later time.
set network cluster publisher ip <IP ADDRESS>
utils service restart Cluster Manager
After this, you should be able to see the proper status when issuing show network cluster:
admin:show network cluster
<IP> hq-sub.collab.life hq-sub Subscriber authenticated
<IP> hq-pub.collab.life hq-pub Publisher authenticated
Enjoy!
#!/usr/bin/python3
import json, requests
from requests.auth import HTTPBasicAuth
#modify your values here
username = '<USERNAME>'
password = '<PASSWORD>'
fqdn = '<FQDN>'
name = '<GROUPNAME>'
description = '<DESCRIPTION>'
#actual script
url = 'https://' + fqdn + ':9060/ers/config/endpointgroup'
headers = {'Content-type': 'application/json', 'Accept': 'application/json'}
payload = {
"EndPointGroup" : {
"id" : "id",
"name" : name,
"description" : description,
"systemDefined" : False
}
}
resp = requests.post(url=url,
data=json.dumps(payload),
headers=headers,
verify=False,
auth=HTTPBasicAuth(username, password)
)
data = resp.text
if resp.status_code == 201:
print('EndPointGroup ' + name + ' added!')
else:
print('Status Code ' + str(resp.status_code))
print(data)
rmdir /s /q C:\Users\%USERNAME%\AppData\Roaming\Cisco\
"C:\Program Files (x86)\Cisco Systems\Cisco
Jabber\CiscoJabber.exe"
certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
Now restart your certificate services under the AD CA management pane.san:dns=<hostname>&dns=<fqdn>&ipaddress=<ip address>
Although this may seem like a trivial thing, you will cause errors in most modern browsers due to not having a correct SAN in the certificate. This allows you to override even improperly generated requests lacking a SAN. But by default Microsoft Server CA doesn't even generate Certificates with a SAN from the CUCM CSR's. As always, remember that you need your CA to be in the computer's certificate store for trust to be established.utils service restart Cisco Tomcat
#!/usr/bin/python
#Copyright 2017 Tim Nelson
#
#Redistribution and use in source and binary forms, with or without modification,
#are permitted provided that the following conditions are met:
#
#1. Redistributions of source code must retain the above copyright notice,
#this list of conditions and the following disclaimer.
#
#2. Redistributions in binary form must reproduce the above copyright notice,
#this list of conditions and the following disclaimer in the documentation and/or
#other materials provided with the distribution.
#
#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
#AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
#WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
#IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
#INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
#NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
#PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
#WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
#ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
#POSSIBILITY OF SUCH DAMAGE.
import paramiko, re, time
from paramiko_expect import SSHClientInteraction
asaHost = '<HOSTNAME OR IP OF ASA>'
hostname = '<ACTUAL HOSTNAME FIELD ON ASA>'
localHost = '127.0.0.1'
asaUser = '<ASAUSERNAME>'
asaPassword = '<ASAPASSWORD>'
enablePassword = '<ENABLEPASSWORD>'
localUser = '<LINUXUSERNAME>'
localPassword = '<LINUXPASSWORD>'
csrFilename = 'asa.csr'
logFile = '/var/log/letsRenewASA.log'
fqdn = '<YOUR FQDN>'
certString = 'CN=' + (fqdn) + ',OU=<YOUROU>,O=<ORGANIZATION>,C=US,St=<ST>,L=<CITY>'
letsEncrypt = '/usr/bin/letsencrypt/letsencrypt-auto'
email = '<YOUR ADMIN EMAIL>'
webRoot = '<ROOT DIRECTORY OF WEBSERVER>'
localPrompt = localUser + '@.*'
prompt0 = (hostname) + '> '
prompt1 = (hostname) + '# '
authPrompt = 'Password: '
confPrompt = '.*\)\# '
keyPrompt = '.*\[yes\/no\]: '
accept = 'Continue \(y\/n\)\?'
logFile = open(logFile ,'a+')
csrFile = open(csrFilename ,'w')
i = 10
logFile.write('\n\nStarting to Renew!\n')
client = paramiko.SSHClient()
client.load_system_host_keys()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(hostname=asaHost, username=asaUser, password=asaPassword)
interact = SSHClientInteraction(client, timeout=120, display=False)
try:
interact.expect(prompt0)
except Exception:
logFile.write('could not read prompt0\n')
interact.send('en')
try:
interact.expect(authPrompt)
except Exception:
logFile.write('could not read authPrompt\n')
interact.send(enablePassword)
try:
interact.expect(prompt1)
except Exception:
logFile.write('could not read prompt1\n')
interact.send('conf t')
try:
interact.expect(confPrompt)
except Exception:
logFile.write('could not read confPrompt\n')
interact.send('crypto key generate rsa label SSL-Keypair modulus 2048')
interact.expect([keyPrompt, confPrompt])
if interact.last_match == keyPrompt:
interact.send('n')
interact.send('crypto ca authenticate SSL-Trustpoint')
interact.expect(['.*delete.*', '.*unknown.*'])
if interact.last_match == '.*delete.*':
interact.send('no crypto ca trustpoint SSL-Trustpoint')
interact.expect([keyPrompt, '.*in use.*'])
if interact.last_match == '.*in use.*':
i = 0
interact.send('no crypto ikev2 remote-access trustpoint SSL-Trustpoint')
interact.expect(confPrompt)
interact.send('no crypto ca trustpoint SSL-Trustpoint')
interact.expect(keyPrompt)
interact.send('y')
interact.send('crypto ca trustpoint SSL-Trustpoint')
interact.expect(confPrompt)
interact.send('enrollment terminal')
interact.expect(confPrompt)
interact.send('fqdn ' + (fqdn))
interact.expect(confPrompt)
interact.send('subject-name ' + (certString))
interact.expect(confPrompt)
interact.send('keypair SSL-Keypair')
interact.expect(confPrompt)
interact.send('exit')
interact.expect(confPrompt)
interact.send('crypto ca enroll SSL-Trustpoint')
interact.expect(keyPrompt)
interact.send('y')
interact.expect(keyPrompt)
interact.send('n')
interact.expect(keyPrompt)
interact.send('y')
interact.expect(keyPrompt)
cert = interact.current_output_clean
cert = re.sub('Certificate Request follows:\n', '', cert)
cert = re.sub('\x00', '', cert)
interact.send('n')
interact.expect(confPrompt)
interact.send('exit')
interact.expect(prompt1)
interact.send('exit')
csrFile.write(cert)
csrFile.close()
client.connect(hostname=localHost, username=localUser, password=localPassword)
interact = SSHClientInteraction(client, timeout=120, display=False)
try:
interact.expect(localPrompt)
except Exception:
logFile.write('could not read localPrompt\n')
print('could not read localPrompt')
interact.send(
(letsEncrypt) +
' certonly --authenticator manual --server https://acme-v01.api.letsencrypt.org/directory --text --email '+
(email) + ' --csr ' + (csrFilename)
)
interact.expect('.*o: ')
interact.send('y')
interact.expect('Press Enter to Continue')
cleanOutput = interact.current_output_clean
challengeFile = cleanOutput.splitlines()[8]
challengeFile = re.sub('http://' + (fqdn) + '/', (webRoot), challengeFile)
challengeContent = cleanOutput.splitlines()[4]
logFile.write('Created challengeFile at ' + (challengeFile) + '\n')
challengeFile = open(challengeFile, 'w')
challengeFile.write(challengeContent)
logFile.write('Put the following content: ' + (challengeContent) + ' in challengeFile\n')
challengeFile.close()
interact.send('\r')
interact.expect(localPrompt)
cleanOutput = interact.current_output_clean
interact.send('exit')
certPath = (cleanOutput.splitlines()[4])
certPath = re.sub('Server issued certificate; certificate written to ', '', certPath)
logFile.write('Grabbed the certificate from: ' + (certPath) + '\n')
chainPath = (cleanOutput.splitlines()[10])
chainPath = re.sub('\s+', '', chainPath)
chainFile = open(chainPath, 'r')
certFile = open(certPath, 'r')
caFile = chainFile.read()
caCert = re.findall(
r'-----BEGIN CERTIFICATE-----(.*?)-----END CERTIFICATE-----',
caFile, re.DOTALL
)
caCert = '-----BEGIN CERTIFICATE-----' + (caCert[1]) + '-----END CERTIFICATE-----'
chainFile.close()
logFile.write('Grabbed the certificate chain from: ' + (chainPath) + '\n')
client.connect(hostname=asaHost, username=asaUser, password=asaPassword)
interact = SSHClientInteraction(client, timeout=120, display=False)
try:
interact.expect(prompt0)
except Exception:
logFile.write('could not read prompt0\n')
interact.send('en')
try:
interact.expect(authPrompt)
except Exception:
logFile.write('could not read authPrompt\n')
interact.send(enablePassword)
try:
interact.expect(prompt1)
except Exception:
logFile.write('could not read prompt1\n')
interact.send('conf t')
try:
interact.expect(confPrompt)
except Exception:
logFile.write('could not read confPrompt\n')
interact.send('crypto ca authenticate SSL-Trustpoint')
interact.expect('.*by itself.*')
for line in caCert.splitlines():
interact.send(line)
time.sleep(.1)
interact.send('quit')
interact.expect(keyPrompt)
interact.send('y')
interact.expect(confPrompt)
interact.send('crypto ca import SSL-Trustpoint certificate')
interact.expect(keyPrompt)
interact.send('y')
interact.expect('.*by itself.*')
lines2 = certFile.read().splitlines()
for line2 in lines2:
interact.send(line2)
time.sleep(.1)
certFile.close()
interact.send('quit')
interact.expect(confPrompt)
interact.send('ssl trust-point SSL-Trustpoint outside')
interact.expect(confPrompt)
if i == 0:
interact.send('crypto ikev2 remote-access trustpoint SSL-Trustpoint')
interact.expect(confPrompt)
interact.send('exit')
interact.expect(prompt1)
interact.send('wr')
interact.expect(prompt1)
logFile.write('SUCCESSFULLY installed the cert and chain to your ASA!\n')
logFile.close()
interact.send('exit')
wget https://gigenet.dl.sourceforge.net/project/guacamole/current/extensions/guacamole-auth-duo-0.9.13-incubating.tar.gz
tar xzf guacamole-auth-duo-0.9.13-incubating.tar.gz && mkdir /etc/guacamole/extensions && mv ./guacamole-auth-duo-0.9.13-incubating/guacamole-auth-duo-0.9.13-incubating.jar /etc/guacamole/extensions/
/etc/guacamole/guacamole.properties
and add the following info to it from the Duo site (minus the last key):
duo-api-hostname: <Your API key found on the Duo site>
duo-integration-key: <Integration key found on the Duo site>
duo-secret-key: <Secret Key found on Duo site>
duo-application-key: <40 random characters, I used pwgen 40 1>
add-apt-repository ppa:webupd8team/java
apt -y update
apt -y upgrade
apt -y dist-upgrade
apt -y install libcairo2-dev libjpeg-turbo8-dev libpng12-dev libossp-uuid-dev \
libfreerdp-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev \
libpulse-dev libssl-dev libvorbis-dev libwebp-dev git build-essential autoconf \
libtool oracle-java8-installer tomcat8 tomcat8-admin tomcat8-common tomcat8-docs \
tomcat8-user maven mysql-server mysql-client mysql-common mysql-utilities \
libpulse-dev libvorbis-dev freerdp ghostscript wget
git clone https://github.com/letsencrypt/letsencrypt ~/letsencrypt
cd ~/letsencrypt
./letsencrypt-auto certonly --expand --webroot --webroot-path \
/<CATALINA_HOME>/webapps/ROOT/ -d <YOURDOMAIN> --staging
openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out cert_and_key.p12 \
-name tomcat -CAfile chain.pem -caname root
keytool -importkeystore -deststorepass <changeit> -destkeypass <changeit> \
-destkeystore myKeyStore.jks -srckeystore cert_and_key.p12 -srcstoretype \
PKCS12 -srcstorepass <PasswordUsedAbove> -alias tomcat
/<CATALINA_HOME>/server.xml
with the following connector options:
scheme="https" secure="true" SSLEnabled="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/etc/letsencrypt/live/<YOURDOMAIN>/myKeyStore.jks"
keystorePass="<changeit>" keyAlias="tomcat" keyPass="<changeit>"
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8443
#!/bin/bash
export CATALINA_HOME=/opt/tomcat
export JAVA_HOME=<WHATEVERYOURJAVAHOMEIS>
export PATH=$JAVA_HOME/bin:$PATH
start() {
echo "Starting Tomcat 8..."
sh $CATALINA_HOME/bin/startup.sh
}
stop() {
echo "Stopping Tomcat 8..."
sh $CATALINA_HOME/bin/shutdown.sh
}
case $1 in
start|stop) $1;;
restart) stop; start;;
*) echo "Usage : $0 <start|stop|restart>"; exit 1;;
esac
exit 0
driver.execute_script("window.confirm = function(msg) { return true; }");
However, this simply cannot be placed after the pop up occurs, it must be pushed before the step you will use in Selenium that causes the pop up notification.
try:
driver.execute_script("window.confirm = function(msg) { return true; }");
driver.execute_script("window.confirm = function(msg) { return true; }");
elem = driver.find_element_by_name("button2")
elem.click()
elem = driver.find_element_by_xpath(".//*[@value='<WhatIamLookingFor>']")
elem.click()
This is the third step, after you have selected the server and then clicked the Add New button. While you would think you can just negate all the clicking and go directly to the URL and have shorter code, you cannot. You must click through as if you were doing it manually.
elem = driver.find_element_by_name("submit1")
elem.click()
elem = driver.find_element_by_name("button1")
elem.click()
elem = driver.find_element_by_name("communityString")
elem.send_keys(communityString)
client = paramiko.SSHClient()
client.load_system_host_keys()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(hostname=hostAddress, username=u, password=p, banner_timeout=120)
prompt = 'admin:'
accept = 'Continue \(y\/n\)\?'
interact = SSHClientInteraction(client, timeout=120, display=False)
interact.expect(prompt)
try:
interact.send('set network dns primary ' + str(args.primarydns))
cmd_output_pd = interact.current_output_clean
#split what you expect as output and do tasks for each
interact.expect([accept, prompt])
if interact.last_match == prompt:
print((threadName) + ' -> ' + str(args.primarydns) + ' -> FAIL')
if interact.last_match == accept:
print((threadName) + ' -> ' + str(args.primarydns) + ' -> SUCCESS')
interact.send('y')
interact.expect(accept)
interact.send('y')
interact.expect(prompt)
interact.send('exit')
#throw no exception, you lose connectivity when changing this
except Exception:
interact.send('exit')
import getpass
u = input("Enter the OS Administration Username: ")
p = getpass.getpass ("Enter the OS Administration Password:")
hostList = ['host1','host2']
from selenium import webdriver
from selenium.webdriver.common.keys import Keys
options = webdriver.ChromeOptions()
options.add_argument('--ignore-certificate-errors')
driver = webdriver.Chrome(chrome_options=options)
for host in hostList:
url = "https://" + host + "/cmplatform"
driver.get(url)
elem = driver.find_element_by_name("j_username")
elem.clear()
elem.send_keys(u)
elem = driver.find_element_by_name("j_password")
elem.clear()
elem.send_keys(p)
elem.send_keys(Keys.RETURN)
url = "https://" + host + "/cmplatform/"
driver.get(url)