rejetto forum

Deploy HFS configuration across various machines

newbie · 17 · 14799

0 Members and 1 Guest are viewing this topic.

Offline newbie

  • Occasional poster
  • *
    • Posts: 39
    • View Profile
Hi,
I would like to deploy my current HFS setup across various machines via cmdline.
https://rejetto.com/wiki/index.php?title=HFS:_Command_line_parameters

My setup has a user-password, specific permissions & DiffTemplates, and there isnt any fixed path between different machines...ie the only constant is that the data folder will be relative to hfs.exe.

I have tried the following:
1. F:\HFS\hfs.exe -a myhfs.ini F:\HFS\myData
This adds the myData  folder alright, but it doesnt have any of the permissions or DiffTemplates.

2. After saving the vfs to a myHFS.vfs, I tried
D:\Blah1\Blah2\Blah3\HFS\hfs.exe -a D:\Blah1\Blah2\Blah3\HFS\myHFS.vfs
It doesnt work, when run on a machine that doesnt have an F: drive.
It only works on the original machine since an inspection of the vfs shows that the path is hardwired to F:\HFS\myData

Is there any way to do this?

Thanks.


Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 2063
    • View Profile
answer to 2) part B
It doesnt work, when run on a machine that doesnt have an F: drive.
I may have found a solution that makes it possible to consider all subdirectories  of the exe directory as independent of the location of hfs.exe support

all directories of the vfs that are part of hfs.exe are saved in relative mode to allow portability

the resource starts with %EXEPATH% in the VFS but it remains invisible to user

it's almost the same as when hfs is run from a usb stick whose letter is not known

however, I take a feasibility reserve as long as a potential security breach by using /../ goes back beyond hfs.exe folder


« Last Edit: October 25, 2019, 11:36:56 PM by Mars »


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13523
    • View Profile
hi!
i can think of a solution based on a "script".
https://www.rejetto.com/wiki/index.php/HFS:_scripting_commands
Commands that may interest you are
- add folder|real|my data
- set item|diff template
- set ini

There are many ways to execute this script, when you finish writing it.
PRobably the easiest is to copy/paste it on Menu > debug > run script
Another possibility is that you put it in a tpl file in the [special:import] section, so that it will be executed when you drag&drop the tpl on hfs (you can also pass it through command line, directly or through -c load-tpl-from=filename).


Offline newbie

  • Occasional poster
  • *
    • Posts: 39
    • View Profile
Mars. Thanks for your response.

Could you please clarify a bit more...I read and re-read your response, and I see a hint of a solution (something to do with %EXEPATH% in the VFS), but cant seem to get the solution itself.
Something to do with %EXEPATH%. Is %EXEPATH% an environment variable to be set. How is this environment variable, saved into the vfs?

If I understand your comment correctly, there is a possible solution that will allow:
<EXEPATH>\myData to be mounted to HFS with all the info: user-password, specific permissions & DiffTemplates.

however, I take a feasibility reserve as long as a potential security breach by using /../ goes back beyond hfs.exe folder
What did you mean by this. Where would ../../ be used?


Offline newbie

  • Occasional poster
  • *
    • Posts: 39
    • View Profile
Thanks for your response Rejetto. Your response came in while I was responding to Mars.  :)

So, that looks doable.

Let me get your process straight (incl. the syntax).
1. Create a tpl file myDiffTpl.tpl
2. In the [special:import] section add:
{.add folder|real|myData.}
{.set item|diff template|WHAT GOES HERE? The entire DiffTemplate script in 1 line OR a file?}
{.set item|myData|add access=robert.}
{.set item|myData|add upload=robert.}
{.set item|myData|add delete=robert.}
{.set ini| INI VALUES separated by \n}
3. Supply the above tpl via cmdline:
hfs.exe -c load-tpl-from=myDiffTpl.tpl

Sound correct to you?
« Last Edit: October 23, 2019, 04:31:02 PM by newbie »


Offline newbie

  • Occasional poster
  • *
    • Posts: 39
    • View Profile
So, I have the followingL
1. myDiffTpl.tpl
[special:import]
{.new account|robert|password=bob|can change password|enabled=1|is group=1|notes=accounts members of this group will be allowed to change their password.}
{.set item|myData|add access=robert.}
{.set item|myData|add upload=robert.}
{.set item|myData|add delete=robert.}

2. myIni.ini
load-tpl-from=myDiffTpl.tpl

and, I call:
hfs.exe -a myIni.ini F:\Blah\myData

HFS opens up with myData published. When I look at myData properties, I see that there is an account called robert with an encrypted password.
However, it appears that the permissions supplied above for access, upload, delete are not checked.
Hence, these operations dont work, until I manually click the permissions on.

Any idea what I am doing wrong.


Offline newbie

  • Occasional poster
  • *
    • Posts: 39
    • View Profile
@Rejetto

Any thoughts on why the permissions arent setting when I add the following to the .tpl:
{.set item|myData|add access=robert.}
{.set item|myData|add upload=robert.}
{.set item|myData|add delete=robert.}

Thanks


Offline bmartino1

  • Tireless poster
  • ****
    • Posts: 911
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
is it apart of a separate tpl file?

https://www.rejetto.com/wiki/index.php/HFS:_scripting_commands#Account_manipulation

i would edit the hfs default template, make a copy of it as a dif.hfs.tpl file to copy over and have hfs load the dif.hfs.tpl

could be a issue with copy while in use or a security thin when copied.

hard to tell with info provided.
Files I have snagged and share can be found on my google drive:

https://drive.google.com/drive/folders/1qb4INX2pzsjmMT06YEIQk9Nv5jMu33tC?usp=sharing


Offline newbie

  • Occasional poster
  • *
    • Posts: 39
    • View Profile
Thanks bmartino1.

Since I posted my question, I was able to make my setup a bit more streamline, but the problem remains. Here's what I did:
1. Made a copy of hfs.tpl and called it myHFS.tpl
2. Modified myHFS.tpl to:
 i. add the few scripts I wanted.
 ii. add the user-permissions
[special:import]
{.new account|robert|password=bob|can change password|enabled=1|is group=1|notes=accounts members of this group will be allowed to change their password.}
{.set item|myData|add access=robert.}
{.set item|myData|add upload=robert.}
{.set item|myData|add delete=robert.}

3. In a cmd prompt, ran:
hfs.exe -c reload-on-startup=no\nload-tpl-from=myHFS.tpl F:\Blah\myData

The permissions still remain unset.

So, in answer to your post, I have done what you did essentially...unless it matters that the tpl file is called dif.hfs.tpl.


Offline bmartino1

  • Tireless poster
  • ****
    • Posts: 911
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
It doesn't matter what the name of hfs different template is.

But rejeto set it up to load dif.hfs.tpl next in line.


Surprised your running it though hfs via cmd execution.

Name doesn't matter aslo g as you opened hfs and told it to use etc name.tpl

(This might be a acl permissions issue or cmd copy while in use)

2 questions,

one InI file?
Did you save hfs as file to generate the ini file?

And is cmd ran as administrator?
Files I have snagged and share can be found on my google drive:

https://drive.google.com/drive/folders/1qb4INX2pzsjmMT06YEIQk9Nv5jMu33tC?usp=sharing


Offline newbie

  • Occasional poster
  • *
    • Posts: 39
    • View Profile
I wish to run this on a "clean" machine, ie there is no hfs.ini file at the beginning beside hfs.exe. Right?
Also, there will not be any registry entry  (Computer\HKEY_CURRENT_USER\Software\rejetto\HFS) or a .vfs file.
This whole exercise is to deploy it on multiple machines in as automatic a way as possible.

I am running the hfs.exe in elevated (admin) mode in the cmd prompt like so:
hfs.exe -c reload-on-startup=no\nload-tpl-from=myHFS.tpl F:\Blah\myData


Offline newbie

  • Occasional poster
  • *
    • Posts: 39
    • View Profile
Anybody else have any thought as to how I can set permissions ....
cause the following in my tpl isnt working...

{.set item|myData|add access=robert.}
{.set item|myData|add upload=robert.}
{.set item|myData|add delete=robert.}

This has turned into a blocker for me.

Thanks


Offline bmartino1

  • Tireless poster
  • ****
    • Posts: 911
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
have you tried RMC(right mouse click) the house/root within hfs.

RMC > Properties > Different template tab

and pasting the myhfs.tpl code with the permissions you need.

then save the vfs file?
Files I have snagged and share can be found on my google drive:

https://drive.google.com/drive/folders/1qb4INX2pzsjmMT06YEIQk9Nv5jMu33tC?usp=sharing


Offline newbie

  • Occasional poster
  • *
    • Posts: 39
    • View Profile
Thanks bmartino1.

But the idea is to avoid any manual step like that...the idea is to start HFS as a service, and whatever's in the tpl (including real folder, permissions etc.) should just take effect, and start on many servers.

However, I did DO something similar, TBH. I started HFS, then manually set the permissions via the Properties page, then saved to a .vfs.
Now, I use this vfs across the various machines to start HFS on them automatically.
Downside is that the path (and thats the full path) is baked into the vfs, so I have to take care that the same drive, folder exists across all the machines.
The above process is working right now, but prevents me from truly running it completely automatically .


Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 2063
    • View Profile
is the whole content of the vfs part of the exe tree? if this is the case, when hfs is executed from a usb key (removable media) then the used drive letter assigned to the key is automatically taken into account

can you tell me which version of hfs you use for these computers?