OSX SNMP Client Setup

SNMP config
518  snmpconf -g basic_setup
  519  sudo vi /etc/snmp/snmpd.conf
  520  sudo launchctl load -w /System/Library/LaunchDaemons/org.net-snmp.snmpd.plist 


buildmac-2:~ buildserver$ snmpconf -g basic_setup

The following installed configuration files were found:

   1:  /etc/snmp/snmpd.conf

Would you like me to read them in?  Their content will be merged with the
output files created by this session.

Valid answer examples: "all", "none","3","1,2,5"

Read in which (default = all): 
************************************************ 
*** Beginning basic system information setup ***
************************************************ 
Do you want to configure the information returned in the system MIB group (contact info, etc)? (default = y): 

Configuring: syslocation
Description:
  The [typically physical] location of the system.
    Note that setting this value here means that when trying to
    perform an snmp SET operation to the sysLocation.0 variable will make
    the agent return the "notWritable" error code.  IE, including
    this token in the snmpd.conf file will disable write access to
    the variable.
    arguments:  location_string

The location of the system: Beth's Desk

Finished Output: syslocation  "Beth's Desk"

Configuring: syscontact
Description:
  The contact information for the administrator
    Note that setting this value here means that when trying to
    perform an snmp SET operation to the sysContact.0 variable will make
    the agent return the "notWritable" error code.  IE, including
    this token in the snmpd.conf file will disable write access to
    the variable.
    arguments:  contact_string

The contact information: jsmith@mydomain.com

Finished Output: syscontact  jsmith@mydomain.com
Do you want to properly set the value of the sysServices.0 OID (if you don't know, just say no)? (default = y): n
************************************** 
*** BEGINNING ACCESS CONTROL SETUP ***
************************************** 
Do you want to configure the agent's access control? (default = y): 
Do you want to allow SNMPv3 read-write user based access (default = y): n
Do you want to allow SNMPv3 read-only user based access (default = y): n
Do you want to allow SNMPv1/v2c read-write community access (default = y): n
Do you want to allow SNMPv1/v2c read-only community access (default = y): y

Configuring: rocommunity
Description:
  a SNMPv1/SNMPv2c read-only access community name
    arguments:  community [default|hostname|network/bits] [oid]

The community name to add read-only access for: freerange
The hostname or network address to accept this community name from [RETURN for all]: 
The OID that this community should be restricted to [RETURN for no-restriction]: 

Finished Output: rocommunity  freerange  
Do another rocommunity line? (default = y): n
**************************************** 
*** Beginning trap destination setup ***
**************************************** 
Do you want to configure where and if the agent will send traps? (default = y): n
**************************************** 
*** Beginning monitoring setup ***
**************************************** 
Do you want to configure the agent's ability to monitor various aspects of your system? (default = y): n


The following files were created:

  snmpd.conf  

These files should be moved to /usr/share/snmp if you
want them used by everyone on the system.  In the future, if you add 
the -i option to the command line I'll copy them there automatically for you.

Or, if you want them for your personal use only, copy them to
/Users/buildserver/.snmp .  In the future, if you add the -p option to the
command line I'll copy them there automatically for you.

buildmac-2:~ buildserver$ sudo cp snmpd.conf /usr/share/snmp/





sudo launchctl unload -w /System/Library/LaunchDaemons/org.net-snmp.snmpd.plist
sudo launchctl load -w /System/Library/LaunchDaemons/org.net-snmp.snmpd.plist

buildmac-2:~ buildserver$ snmpwalk -v 2c -c freerange localhost system
SNMPv2-MIB::sysDescr.0 = STRING: Darwin buildmac 10.7.0 Darwin Kernel Version 10.7.0: Sat Jan 29 15:17:16 PST 2011; root:xnu-1504.9.37~1/RELEASE_I386 i386
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.255
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (26152) 0:04:21.52
SNMPv2-MIB::sysContact.0 = STRING: jsmith@mydomain.com
SNMPv2-MIB::sysName.0 = STRING: buildmac
SNMPv2-MIB::sysLocation.0 = STRING: "Beth's Desk"
SNMPv2-MIB::sysServices.0 = INTEGER: 76
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (3) 0:00:00.03
SNMPv2-MIB::sysORID.1 = OID: SNMP-FRAMEWORK-MIB::snmpFrameworkMIBCompliance
SNMPv2-MIB::sysORID.2 = OID: SNMP-MPD-MIB::snmpMPDCompliance
SNMPv2-MIB::sysORID.3 = OID: SNMP-USER-BASED-SM-MIB::usmMIBCompliance
SNMPv2-MIB::sysORID.4 = OID: SNMPv2-MIB::snmpMIB
SNMPv2-MIB::sysORID.5 = OID: TCP-MIB::tcpMIB
SNMPv2-MIB::sysORID.6 = OID: IP-MIB::ip
SNMPv2-MIB::sysORID.7 = OID: UDP-MIB::udpMIB
SNMPv2-MIB::sysORID.8 = OID: SNMP-VIEW-BASED-ACM-MIB::vacmBasicGroup
SNMPv2-MIB::sysORDescr.1 = STRING: The SNMP Management Architecture MIB.
SNMPv2-MIB::sysORDescr.2 = STRING: The MIB for Message Processing and Dispatching.
SNMPv2-MIB::sysORDescr.3 = STRING: The management information definitions for the SNMP User-based Security Model.
SNMPv2-MIB::sysORDescr.4 = STRING: The MIB module for SNMPv2 entities
SNMPv2-MIB::sysORDescr.5 = STRING: The MIB module for managing TCP implementations
SNMPv2-MIB::sysORDescr.6 = STRING: The MIB module for managing IP and ICMP implementations
SNMPv2-MIB::sysORDescr.7 = STRING: The MIB module for managing UDP implementations
SNMPv2-MIB::sysORDescr.8 = STRING: View-based Access Control Model for SNMP.
SNMPv2-MIB::sysORUpTime.1 = Timeticks: (3) 0:00:00.03
SNMPv2-MIB::sysORUpTime.2 = Timeticks: (3) 0:00:00.03
SNMPv2-MIB::sysORUpTime.3 = Timeticks: (3) 0:00:00.03
SNMPv2-MIB::sysORUpTime.4 = Timeticks: (3) 0:00:00.03
SNMPv2-MIB::sysORUpTime.5 = Timeticks: (3) 0:00:00.03
SNMPv2-MIB::sysORUpTime.6 = Timeticks: (3) 0:00:00.03
SNMPv2-MIB::sysORUpTime.7 = Timeticks: (3) 0:00:00.03
SNMPv2-MIB::sysORUpTime.8 = Timeticks: (3) 0:00:00.03



uildmac-2:~ buildserver$ snmpget -v 2c -c freerange localhost sysDescr.0
SNMPv2-MIB::sysDescr.0 = STRING: Darwin buildmac 10.7.0 Darwin Kernel Version 10.7.0: Sat Jan 29 15:17:16 PST 2011; root:xnu-1504.9.37~1/RELEASE_I386 i386




jameslaptop:blackberry jsmith$ snmpwalk -Os -c freerange -v 1 jamesosx system
sysDescr.0 = STRING: Darwin jameslaptop 10.8.0 Darwin Kernel Version 10.8.0: Tue Jun  7 16:33:36 PDT 2011; root:xnu-1504.15.3~1/RELEASE_I386 i386
sysObjectID.0 = OID: netSnmpAgentOIDs.255
sysUpTimeInstance = Timeticks: (22142) 0:03:41.42
sysContact.0 = STRING: jsmith@mydomain.com
sysName.0 = STRING: jameslaptop
sysLocation.0 = STRING: "jamesosx"
sysServices.0 = INTEGER: 76
sysORLastChange.0 = Timeticks: (3) 0:00:00.03
sysORID.1 = OID: snmpFrameworkMIBCompliance
sysORID.2 = OID: snmpMPDCompliance
sysORID.3 = OID: usmMIBCompliance
sysORID.4 = OID: snmpMIB
sysORID.5 = OID: tcpMIB
sysORID.6 = OID: ip
sysORID.7 = OID: udpMIB
sysORID.8 = OID: vacmBasicGroup
sysORDescr.1 = STRING: The SNMP Management Architecture MIB.
sysORDescr.2 = STRING: The MIB for Message Processing and Dispatching.
sysORDescr.3 = STRING: The management information definitions for the SNMP User-based Security Model.
sysORDescr.4 = STRING: The MIB module for SNMPv2 entities
sysORDescr.5 = STRING: The MIB module for managing TCP implementations
sysORDescr.6 = STRING: The MIB module for managing IP and ICMP implementations
sysORDescr.7 = STRING: The MIB module for managing UDP implementations
sysORDescr.8 = STRING: View-based Access Control Model for SNMP.
sysORUpTime.1 = Timeticks: (3) 0:00:00.03
sysORUpTime.2 = Timeticks: (3) 0:00:00.03
sysORUpTime.3 = Timeticks: (3) 0:00:00.03
sysORUpTime.4 = Timeticks: (3) 0:00:00.03
sysORUpTime.5 = Timeticks: (3) 0:00:00.03
sysORUpTime.6 = Timeticks: (3) 0:00:00.03
sysORUpTime.7 = Timeticks: (3) 0:00:00.03
sysORUpTime.8 = Timeticks: (3) 0:00:00.03
jameslaptop:blackberry jsmith$ 

Command /usr/bin/codesign failed with exit code 1

When signing an ios app via ANT cmd

<exec executable="/usr/bin/open">
<arg value="${env.WORKSPACE}/provisioning_profiles/${provisioning_profile}.mobileprovision"/>
</exec>
<echo>
Sleep 10 secs
</echo>
<exec executable="/bin/sleep">
<arg value="10"/>
</exec>
<echo>
/usr/bin/osascript -e tell application "Xcode" to quit
</echo>
<exec executable="/usr/bin/osascript">
<arg value="-e"/>
<arg value='tell application "Xcode" to quit'/>
</exec>
<echo>
Sleep 10 secs
</echo>
<exec executable="/bin/sleep">
<arg value="10"/>
</exec>
<echo>
/usr/bin/security unlock-keychain -p password ${keychain}
</echo>
<exec executable="/usr/bin/security" failonerror="true">
<arg value="unlock-keychain"/>
<arg value="-p"/>
<arg value="password"/>
<arg value="${keychain}"/>
</exec>
<echo>iPhone-build starting</echo>
<echo>xcodebuild clean -project MyCompany.xcodeproj -target Aggregate -configuration ${buildTarget} CODE_SIGN_IDENTITY=${codeSignIdentity} OTHER_CODE_SIGN_FLAGS="--keychain ${keychain}" PROVISIONING_PROFILE=${mopro_key}</echo>
<exec executable="xcodebuild" failonerror="true">
<arg value="clean"/>
<arg value="-project"/>
<arg value="MyCompany.xcodeproj"/>
<arg value="-target"/>
<arg value="Aggregate"/>
<arg value="-configuration"/>
<arg value="${buildTarget}"/>
<arg value="CODE_SIGN_IDENTITY=${codeSignIdentity}"/>
<arg line="OTHER_CODE_SIGN_FLAGS=&quot;--keychain ${keychain}&quot;"/>
<arg value="PROVISIONING_PROFILE=${mopro_key}"/>
</exec>
<echo>xcodebuild -project MyCompany.xcodeproj -target Aggregate -configuration ${buildTarget} CODE_SIGN_IDENTITY=${codeSignIdentity} OTHER_CODE_SIGN_FLAGS="--keychain ${keychain}" PROVISIONING_PROFILE=${mopro_key} GCC_PREPROCESSOR_DEFINITIONS='${preprocdefs}'</echo>
<echo>
SVN_INFO_URL = ${svn.info.url}
SVN_INFO_REV ="${svn.info.rev}
</echo>
<exec executable="xcodebuild" failonerror="true">
<arg value="-project"/>
<arg value="MyCompany.xcodeproj"/>
<arg value="-target"/>
<arg value="Aggregate"/>
<arg value="-configuration"/>
<arg value="${buildTarget}"/>
<arg value="CODE_SIGN_IDENTITY=${codeSignIdentity}"/>
<arg line="OTHER_CODE_SIGN_FLAGS=&quot;--keychain ${keychain}&quot;"/>
<arg value="PROVISIONING_PROFILE=${mopro_key}"/>
<arg value="GCC_PREPROCESSOR_DEFINITIONS='${preprocdefs}'"/>
</exec>

I see the error:

     [exec] CodeSign build/AdHoc-iphoneos/myapp.app
     [exec]     cd /opt/jenkins/workspace/iOS_build_3.4/client/iOS
     [exec]     setenv CODESIGN_ALLOCATE /Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/codesign_allocate
     [exec]     setenv PATH "/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin:/Developer/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11/bin"
     [exec]     /usr/bin/codesign --force --sign "iPhone Distribution: My Company" --resource-rules=/opt/jenkins/workspace/iOS_build_3.4/client/iOS/build/AdHoc-iphoneos/myapp.app/ResourceRules.plist --keychain /Users/cmuser/Library/Keychains/login.keychain --entitlements /opt/jenkins/workspace/iOS_build_3.4/client/iOS/build/company.build/AdHoc-iphoneos/iPhoneClient.build/myapp.xcent /opt/jenkins/workspace/iOS_build_3.4/client/iOS/build/AdHoc-iphoneos/myapp.app
     [exec] /opt/jenkins/workspace/iOS_build_3.4/client/iOS/build/AdHoc-iphoneos/myapp.app: User interaction is not allowed.
     [exec] Command /usr/bin/codesign failed with exit code 1
     [exec] 
     [exec] ** BUILD FAILED **
     [exec] 
     [exec] 
     [exec] The following build commands failed:
     [exec] 	CodeSign build/AdHoc-iphoneos/myapp.app
     [exec] (1 failure)
     [exec] 

BUILD FAILED
/opt/jenkins/workspace/iOS_build_3.4/clientBuildPackager/build_osx_CM.xml:136: The following error occurred while executing this line:
/opt/jenkins/workspace/iOS_build_3.4/clientBuildPackager/build_osx_CM.xml:141: The following error occurred while executing this line:
/opt/jenkins/workspace/iOS_build_3.4/clientBuildPackager/build_osx_CM.xml:147: The following error occurred while executing this line:
/opt/jenkins/workspace/iOS_build_3.4/clientBuildPackager/build_osx_CM.xml:157: The following error occurred while executing this line:
/opt/jenkins/workspace/iOS_build_3.4/clientBuildPackager/build_osx_CM.xml:283: The following error occurred while executing this line:
/opt/jenkins/workspace/iOS_build_3.4/clientBuildPackager/build_osx_CM.xml:518: The following error occurred while executing this line:
/opt/jenkins/workspace/iOS_build_3.4/client/iOS/build_CM.xml:580: The following error occurred while executing this line:
/opt/jenkins/workspace/iOS_build_3.4/client/iOS/build_CM.xml:523: The following error occurred while executing this line:
/opt/jenkins/workspace/iOS_build_3.4/client/iOS/build_CM.xml:397: exec returned: 65

Note I am already unlocking the keychain. Solution: The Key used by ${codeSignIdentity} “iPhone Distribution: My Company” Certificate does not have Access Control granted to codesign

  1. Open your keychain in Keychain Access
  2. Select Certificates category
  3. Maximize so you can see the Key under the Cert
  4. Double click the key then select “Access Control”
  5. Ensure codesign is listed in the “Always allow access by these applications:”

— If it is not:

  1. Click the +
  2. HitG & in the popup window, enter /usr/bin then click Go
  3. Select codesign & click Add
  4. Click Save Changes then enter your password

Enable SSH on OSX for Jenkins Client

In order to have a Jenkins client running on OSX, you must edit the RSAAuthentication. If you try to setup an OSX box as a Jenkins client & see the following error:

[08/16/11 11:26:46] [SSH] Opening SSH connection to cmosx01:22.
[08/16/11 11:26:46] [SSH] Authenticating as cmuser/******.
java.io.IOException: Password authentication failed.
	at com.trilead.ssh2.auth.AuthenticationManager.authenticatePassword(AuthenticationManager.java:319)
	at com.trilead.ssh2.Connection.authenticateWithPassword(Connection.java:314)
	at hudson.plugins.sshslaves.SSHLauncher.openConnection(SSHLauncher.java:590)
	at hudson.plugins.sshslaves.SSHLauncher.launch(SSHLauncher.java:198)
	at hudson.slaves.SlaveComputer$1.call(SlaveComputer.java:199)
	at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
	at java.util.concurrent.FutureTask.run(FutureTask.java:166)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
	at java.lang.Thread.run(Thread.java:679)
Caused by: java.io.IOException: Authentication method password not supported by the server at this stage.
	at com.trilead.ssh2.auth.AuthenticationManager.authenticatePassword(AuthenticationManager.java:289)
	... 9 more
[08/16/11 11:26:46] [SSH] Connection closed.
...

Then you need to ensure you enabled PasswordAuthentication in your sshd_config file. Edit /etc/sshd_config, adding PasswordAuthentication yes

...
# To disable tunneled clear text passwords both PasswordAuthentication and
# ChallengeResponseAuthentication must be set to "no".
PasswordAuthentication yes
#PasswordAuthentication no
#PermitEmptyPasswords no
...

Resign ios app

  1. CD to the dir which contains your ipa file.

    cd ~/Downloads/my_app
    
  2. Unzip the app

    unzip my_app.ipa
    
  3. Delete the Mobile Provision in the app.

    rm Payload/my_app.app/embedded.mobileprovision
    
  4. Copy your new provisioning profile into the app.

    cp ~/Downloads/ProvisionAdHoc.mobileprovision Payload/my_app.app/embedded.mobileprovision
    
  5. Export required system vars

    export EMBEDDED_PROFILE_NAME=embedded.mobileprovision
    export CODESIGN_ALLOCATE=/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/codesign_allocate
    
  6. Resign your code

    codesign -f -vv -s "iPhone Distribution: Joe Smith" Payload/my_app.app
    
  7. Recreate your ipa file.

    zip -r Payload Payload
    mv Payload.zip my_app.ipa
    

Automate software updates on OSX

So I have a cluster of OSX boxes which I control via Jenkins. I wanted to automate the system updates via a Jenkins job.

The process it must follow:
1) Run system Update
2) Reboot system
3) Login as xcodebuild requires user to already be logged in.

So how I did it:

1) Enable cmuser to execute softwareupdate & shutdown without providing password:

cmosx01:~ cmuser$ sudo visudo

....

cmuser ALL=(ALL) NOPASSWD: /usr/bin/softwareupdate
cmuser ALL=(ALL) NOPASSWD: /sbin/shutdown
...

2) Go into each box & configure cmuser to automatically log in
System Preferences
Users & Groups
Unlock so you can make changes
Login Options
Automatic login: cmuser

3) Create wulti-configuration project in Jenkins & configure it to point to all your boxes.
This project has 2 build steps (Execute Shell):

sudo /usr/sbin/softwareupdate -i -a
sudo /sbin/shutdown -r now

Enable debug logging in OSX

So I wanted to increase my logging while attempting to setup LDAP auth in OSX.

HOWTO: Edit /etc/syslog.conf & add
*.*     /var/log/debug.log

cmosx01:~ cmuser$ vi /etc/syslog.conf
...

*.*                     /var/log/debug.log

Now you can tail -f /var/log/debug.log & see what’s going on.

cmosx01:~ cmuser$ tail -f /var/log/debug.log 
Jun 20 13:33:22 cmosx01 sshd[9043]: USER_PROCESS: 9045 ttys001
Jun 20 13:33:32 cmosx01 su[9051]: in pam_sm_authenticate(): authentication failed
Jun 20 13:33:34 cmosx01 su[9051]: in pam_sm_authenticate(): OpenDirectory - The authtok is incorrect.
Jun 20 13:33:34 cmosx01 su[9051]: BAD SU user to root on /dev/ttys001
Jun 20 13:34:45 cmosx01 launchproxy[9053]: /usr/libexec/sshd-keygen-wrapper: Connection from: 192.168.0.32 on port: 50189
Jun 20 13:34:45 cmosx01 sshd[9055]: Connection closed by 192.168.0.32