Month: April 2016

Linux get server hardware information

Get the model number of a server, tested on HP DL380 and 180’s

 

[root@cephosd4 ~]# dmidecode | grep "System Information" -A20
System Information
        Manufacturer: HP
        Product Name: ProLiant DL180 Gen9
        Version: Not Specified
        Serial Number: xxxxxxx
        UUID: xxx-3335-5541-xxx-313930303734
        Wake-up Type: Power Switch
        SKU Number: 778453-B21
        Family: ProLiant

OpenBGPD on pfSense

Here is a working config from a multi site MPLS VPN connection managed by AAPT

We terminated the connection in the data center with pfSense and OpenBGPD

Default route for all remote sites is via the data center

 

AS 64512
fib-update yes
listen on 10.252.0.18
router-id 10.252.0.18

network 0.0.0.0/0
network 192.168.30.0/24

neighbor 10.252.0.17 {
descr "TPG"
remote-as 2764
announce all  
local-address 10.252.0.18
}

deny from any
deny to any
allow from 10.252.0.17
allow to 10.252.0.17

hpacucli on Linux

Original article here – http://www.thegeekstuff.com/2014/07/hpacucli-examples/

Using hpacucli to manage RAID

Create a single disk RAID0 (How i use Ceph on my HP DL180’s)

hpacucli ctrl slot=2 create type=ld drives=1I:1:8 raid=0

 

Show all logical volumes

[root@management ~]# hpacucli controller slot=0 logicaldrive all show

Smart Array P410i in Slot 0 (Embedded)

array A

logicaldrive 1 (136.4 GB, RAID 1, OK)

array B

logicaldrive 2 (1.4 TB, RAID 5, Recovering, 52% complete)

 

Script to E-Mail in case of RAID failure

#!/bin/bash
###
#If something went wrong with the HP smartarray disks this script will send an error email
###
MAIL=notifications@domain.com.au
HPACUCLI=`which hpacucli`
HPACUCLI_TMP=/tmp/hpacucli.log

if [ `/usr/sbin/uname26 hpacucli controller slot=2 physicaldrive all show | grep -e 'Fail\|Rebuil\|err\|prob' -i | wc -l` -gt 0 ]
then
echo failure
msg="RAID Controller Errors"
#echo $msg
#$msg2=`hpacucli controller slot=1 physicaldrive all show`
logger -p syslog.error -t RAID "$msg"
echo "Hostname: " $HOSTNAME >> $HPACUCLI_TMP
/usr/sbin/uname26 $HPACUCLI controller slot=2 physicaldrive all show >> $HPACUCLI_TMP
mail -s "$HOSTNAME [ERROR] - $msg" -r RaidError@domain.com.au "$MAIL" < $HPACUCLI_TMP
rm -f $HPACUCLI_TMP
#else
#echo "Everything Good"
fi

Ceph – Generate a new key

When using puppet to rollout Ceph you may want to generate new keys for the admin keys etc

 

[root@lib-cephxx ~]# ceph-authtool --gen-print-key
AQBTuxlXlpMTNBAAykh5+4vHHnTcjhq4FWFw8g==

 

Example config for Squid reverse proxy using OWA on Exchange 2100 or 2016

/etc/squid/squid.conf

 

 

visible_hostname mail.domain.com
redirect_rewrites_host_header off
cache_mem 32 MB
maximum_object_size_in_memory 128 KB
#logformat combined %>a %[ui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %h" "%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
cache_mgr nomail_address_given
forwarded_for transparent
ssl_unclean_shutdown on

#This line is to fix the 2mb connection limit
client_persistent_connections off

https_port 443 accel cert=/etc/squid/wildcard.crt key=/etc/squid/wildcard.key defaultsite=mail.domain.com options=NO_SSLv2,NO_SSLv3,CIPHER_SERVER_PREFERENCE dhparams=/etc/squid/dhparams.pem cipher=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
#Was
#https_port 443 accel cert=/etc/squid/wildcard.crt key=/etc/squid/wildcard.key defaultsite=mail.domain.com options=NO_SSLv3:NO_SSLv2

#OWA
#This line has sslversion=3 this has something to do with the 2mb limit
cache_peer 192.168.30.147 parent 443 0 proxy-only no-query no-digest front-end-https=on originserver login=PASS ssl sslflags=DONT_VERIFY_PEER connection-auth=on name=ExchangeCAS
acl site_OWA dstdomain mail.domain.com autodiscover.domain.com
cache_peer_access ExchangeCAS allow site_OWA
http_access allow site_OWA
#miss_access allow site_OWA

#TSG
cache_peer 192.168.30.133 parent 443 0 proxy-only no-query no-digest front-end-https=on originserver login=PASS ssl sslflags=DONT_VERIFY_PEER connection-auth=on name=TSGServer
acl site_TSG dstdomain tsg.domain.com
cache_peer_access TSGServer allow site_TSG
http_access allow site_TSG

 

Fail2Ban

Unban an IP

fail2ban-client set sshd unbanip --iphere--

Show status of jails

[root@l1-adl3 ~]# fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: sshd

 

Show the Fail2Ban log

cat /var/log/fail2ban.log