I was asked to use Python to automate processes that download files from multiple servers. In order to connect to the servers, I must connect to the Global Protect VPN first. That said, in order to automate the process, I must also automate the VPN connection/disconnection. I tried to search for information about how to automate the GP VPN connection in Python but couldn't find any helpful posts. Could anyone please help with it? Thank you!
You can use global protect from CLI so I guess it`s easy to call the CLI commands that you need from python.
On my ubuntu system, if I want to launch the GUI I can type in my terminal:
globalprotect launch-ui
If I want to connect to a VPN server from CLI (without launching the UI) I can use:
globalprotect connect --portal <gp-portal>
You can find more information here: Palo Alto GlobalProtect.
To use the above CLI from python: Call shell/CLI from python.
Also, keep in mind:
When you use certificate-based authentication, the first time you connect without a root CA certificate, the GlobalProtect app and GlobalProtect portal exchange certificates. The GlobalProtect app displays a certificate error, which you must acknowledge before you authenticate. When you next connect, you will not be prompted with the certificate error message.
If that is the case for you, you can specify the location of the certificate:
globalprotect import-certificate --location /home/mydir/Downloads/cert_client_cert.p12
Refer to 1 for more CLI commands.
Related
Hello I coded this website that generates math problems (Here is the code: Here)
It is coded on flask and it is locally being hosted on this link that is not accessible to other people http://127.0.0.1:5000/ .I have a google domain and I want to have a website. What things / services do I need to use. I have been wait to see if I need to use AWS but I think I might need to. I have tried things like transferring it off of flask but I can't. If this is a repost sorry please post there answer thanks -Ben
I am assuming what you're asking is to host your flask web site so others can view it. The address you mention in your post is the local host address for your computer and is only accessible from your own computer. If you only want someone on your same network (WiFi) to access it, you would need to replace "127.0.0.1" with the IP address of your computer. You would also likely have to open up a firewall on your computer to allow the port 5000.
However, if you want anyone on the internet to access your site, there are a ton of ways to do this but since you mentioned AWS, you can do this easily by running a small EC2 instance (virtual server). If you have a new AWS account and have not already run any EC2 in that account, you can actually run a small EC2 instance for free for a whole year. Great for small projects. If you're just getting started with EC2, you may want to go here https://aws.amazon.com/ec2/getting-started/
Basic steps:
Spin up an EC2 instance. Choose the default Amazon Linxu 2 OS type, make sure to create/assign a key pair so you can later ssh into it, make sure the Allow SSH from anywhere setting is checked/selected and the Allow HTTP checkbox is checked (not HTTPS).
Wait for the instance to launch.
Log into your instance by clicking on your ec2 instance in the list of ec2 instnaces and click the Connect button, click the Connect button again (Instance connect tab). If that doesn't work, follow the steps on the SSH client tab.
Install flask
pip3 install flask
Clone your git repo
git clone https://github.com/some0ne14/Math-Ibex.git
Change to your repos' folder
cd Math-Ibex/Math-Practice-Website-master
Edit your main.py so that the app.run line looks like the following (you can do this on GitHub before you run git clone actually or use the nano command to edit the file easily). This allows the system to run on the standard web port 80.
app.run(host='0.0.0.0', port=80, debug=True)
Run the following to start the application. If you want to run it as a service so you can walk away or close the terminal and it will still stay running, just search on here how to run flask as a service.
python3 main.py
You can now connect to your server with any web browser using your EC2 instance's public IP address or generated AWS DNS name (available on the EC2 instnace property page).
Make sure to stop your instance when not using it to save those free runtime minutes.
I'm creating a python flask api on remote desktop and running it on localhost of remote desktop.
Is there anyway I can access this api from my local machine?
We are working in a team and I want to share this with my team members, but this is confidential and not to be deployed on open server.
We want to post and get the result with every member's local machine from api runnnig on remote desktop.
Both of our local machines and remote desktop are windows10.
Sorry for being abstract but I'm searching for any way out. Thanks.
Well, you should open your way to this API. You'll have to set up a VPN or IP address filter in the server so you can access the server from your network while still have it secured on the Internet. You can also setup a simpler proxy if you prefer it. I'll not cover the details on how to setup a VPN or proxy since it can get pretty extensive, but a Google search will help you out find the best alternative for you.
AFAIK, the Remote Desktop Protocol does not allow for any kind of VPN. However, if you can switch to TeamViewer, it does have an easy to setup VPN system that will allow you to get into the network with few configuration. Once a VPN is configured, it will work like if you were in the same network as the server, so from there you can access your API from your host machine by just going to the IP address of the server.
Do notice the security policies of whoever owns the server, since you can get into trouble if you don't have permission to enable some access from the outside. Security goes always in front of comfort.
Short term solution:
Firstly download ngrok for your operating system.
For debugging and testing purposes you can expose a secure tunnel connection to your API by running this command in your command prompt / terminal.
ngrok http <PORT_NUMBER>-host-header="localhost:<PORT_NUMBER>"
Where PORT_NUMBER is the port number in which your flask application is running.
Example if your flask application is running at port 5000 then simply execute this command:
ngrok http 5000 -host-header="localhost:5000"
Running this will give you two hostnames one with HTTP and other a secure HTTPS connected by a tunnel like this for a duration of 8 hours after which the command needs to again re-run.
Which you can call remotely
Long term solution:
Deploy flask application using FastCGI
or
To a cloud infrastructure provider like Microsoft Azure which gives readymade templates for flask applications.
I'm trying to test and distribute my python application in script or executable form (client). I already have my openshift server setup and running. I'm confused on setting up port forwarding with other users to test it out with.
Do other clients (publicly) need to download rhc and run 'rhc port-forward appname' on their own machine or are there alternatives out there which can be accomplished using python internally by code?
This is kind of confusing and any help would be much appreciated.
Thanks.
all the 'rhc port-forward appname' does is set up SSH tunnels behind the scenes. If you want people to tunnel into your appication you will need to get their public SSH key into your application as an approved key. Then you can set up an SSH tunnel whatever way you chose.
When I logon to my company's computer with the AD username/password, I find that my Outlook will launch successfully. That means the AD authentication has passed.
In my opinion, outlook retrieves the AD user information, then sends it to an LDAP server to verify.
But I don't know how it retrieves the information, or by some other methods?
You are right, there is an ongoing communication between your workstation and the Active Directory server, which can use LDAP protocol.
Since I don't know what you tried so far, I suggest that you look into the python module python-ldap. I have used it in the past to connect, query and modify information on Active-Directory servers.
I'm going to be using python to build a web-based asset management system to manage the production of short cg film. The app will be intranet-based running on a centos machine on the local network. I'm hoping you'll be able to browse through all the assets and shots and then open any of them in the appropriate program on the client machine (also running centos). I'm guessing that there will have to be some sort of set up on the client-side to allow the app to run commands, which is fine because I have access to all of the clients that will be using it (although I don't have root access). Is this sort of thing possible?
As you already guessed, you will need to have a service running on the client PC listening on a predetermined port.
When the client requests to open an asset, your webapp will send the request to the running service to download the asset and run it. As long as your port no. is above 1024 and you are not running any application which requires root access, you can run this service without root.
But this is a very bad idea as it exposes the clients to malicious attacks. You will have to ensure all requests to the client service is properly signed and that the client verifies each request as valid before executing it. There may be many other security factors you will have to consider depending on your implementation of the client service. But in general, having a service that can run arbitrary requests from a remote machine is a very dangerous thing to have.
You may also not be allowed to run such a service on client PC depending on your comany's IT policies.
You are better of having the client download the resource normally and then having the user execute the resource manually.
PS: You can have the client service run on a port below 1024, but it will have to start as root and after binding to the port drop all root privileges and change the running user to a different user using setuid (or the equivalent in your language of choice)
Note this is not a standard way. Imagine the websites out there had the ability to open Notepad or Minesweeper at their will when you visit or click something.
The way it is done is, you need to have a service which is running on the client machine which can expose certain apis and trust the request from the web apps call. this needs to be running on the client machines all the time and in your web app, you can send a request to this service to launch the application that you desire.
If you have a specific subset of applications that will be run on the client systems (aka you are distributing jobs), then you might want to consider python salt. It is a distributed RPC which uses a secure protocol and authentication to distribute jobs and deliver results:
http://docs.saltstack.org/en/latest/topics/index.html
If you are looking at automating content generation based on specific updates then you might want to consider Jenkins, which has plugins for various revision control systems and build systems:
https://wiki.jenkins-ci.org/display/JENKINS/Meet+Jenkins
It may not have integration with the particular tools you are using, but if it does then it could be a quicker setup and administration than generic salt automation.
--David