SNMP: Linux software RAID state

Compile snmp-swraid
apt-get install -y git make build-essential libsnmp-dev
export GIT_SSL_NO_VERIFY=true
git clone /tmp/snmp-swraid
cd /tmp/snmp-swraid

tar cjf snmp-swraid.ubuntu-$(lsb_release -sr).tar.bz2 SWRAID-MIB.txt

# install
apt-get install -y snmpd snmp-mibs-downloader
wget -q$(lsb_release -sr).tar.bz2 -O /tmp/snmp-swraid.ubuntu.tar.bz2
tar xjf /tmp/snmp-swraid.ubuntu.tar.bz2 -C /tmp
cp /tmp/SWRAID-MIB.txt $(find /var/lib -name ietf)


Install FortiClientSSL VPN client
wget -q -O /tmp/VPN_Linux_FortiClient.tar.gz
sudo tar xzf /tmp/VPN_Linux_FortiClient.tar.gz -C /opt/
sudo /opt/forticlientsslvpn/

Install openfortigui
sudo apt-key adv --recv-keys --keyserver 2FAB19E7CCB7F415
echo "deb ./" | sudo tee /etc/apt/sources.list.d/styrion.list
sudo apt-get update
sudo apt-get install openfortigui


lm-sensors and snmpd under Ubuntu

# on server
apt-get install -y lm-sensors snmp snmpd snmp-mibs-downloader

# allow access from network (unsecure)
sed -i 's|agentAddress udp:|agentAddress udp:161|g' /etc/snmp/snmpd.conf
sed -i 's|rocommunity public default -V systemonly|rocommunity public|g' /etc/snmp/snmpd.conf

# restart snmpd server
service snmpd restart

# on client
apt install -y snmp snmp-mibs-downloader

# read data from snmpd server
snmpwalk -v 2c -c public
snmpwalk -v 2c -c public LM-SENSORS-MIB::lmFanSensorsTable
snmpwalk -v 2c -c public

Upgrade SSH to v7.3 (with include support)

echo "deb yakkety main" > /etc/apt/sources.list.d/yakkety.list
apt-get update
apt-get install -y ssh
rm /etc/apt/sources.list.d/yakkety.list
apt-get update

ssh -V
OpenSSH_7.3p1 Ubuntu-1, OpenSSL 1.0.2g 1 Mar 2016

mkdir ~/.ssh/config.d
sed -i '1iInclude config.d/*' ~/.ssh/config



# OpenShift on OpenStack

apt-get install docker-engine=1.13.1-0~ubuntu-xenial

echo "wget -q --no-check-certificate $URL -O - | bash -";
echo "

$c = curl_init();
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($c, CURLOPT_URL, $URL);
echo htmlspecialchars(curl_exec($c));
echo "


# create test project
oc cluster up --loglevel=10
oc login -u developer -p developer
oc whoami
oc new-app -L
oc projects
oc new-app openshift/ruby-20-centos7~
oc get all
oc get pod -w
oc logs -f ruby-ex-1-build
oc get services
oc expose service ruby-ex
oc get route

echo "" >> /etc/hosts

Manage OpenShift with Ansible

# Ansible playbook


Rundeck Ansible Plugin

wget -P /var/lib/rundeck/libext/

* Create a new project

Project Name: Ansible
Default Node Executor: "Ansible Ad-Hoc Node Executor"
Executable: /bin/bash
SSH Connection > SSH Authentication: privateKey

Default Node File Copier
SSH Connection: privateKey

apt-get install ansible

Rundeck (Job scheduler and Runbook automation)

ansible-playbook -i your_inventory

echo "

$c = curl_init();
curl_setopt($c, CURLOPT_URL, $URL);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
echo htmlspecialchars(curl_exec($c));
echo "


Ansible role

# install
wget -P /tmp
sudo dpkg -i /tmp/rundeck-2.7.1-1-GA.deb
sudo /etc/init.d/rundeckd start

# Rundeck CLI
sudo apt-get install rundeck-cli

# Admin

# (global)

# job database

# hosts

# add user
echo "foo:bar,user,devops" >> /etc/rundeck/

# acl

Configuration (project)
# configure nodes

# use native ssh agent to access host behind proxy / bastion
plugin.script-exec.default.command=/usr/bin/ssh ${node.username}@${node.hostname} ${exec.command}
plugin.script-copy.default.command=/usr/bin/scp ${file-copy.file} ${node.username}@${node.hostname}\:${file-copy.destination}

Email notification

# /etc/rundeck/

# restart service
service rundeckd restart

# ssh
mkdir /var/lib/rundeck/.ssh
chown rundeck:rundeck /var/lib/rundeck/.ssh
chmod 700 /var/lib/rundeck/.ssh
touch /var/lib/rundeck/.ssh/id_rsa
chown rundeck:rundeck /var/lib/rundeck/.ssh/id_rsa
chmod 600 /var/lib/rundeck/.ssh/id_rsa

# log
tail -f /var/log/rundeck/*.log

# Documentation


# scm

DockerHub images:

# Create container with shared SSH keys an forward GUI to localhost
sudo docker run --name rundeck -p 4440:4440 -v /home/${USER}/.ssh:/home/rundeck/.ssh rundeck/rundeck:SNAPSHOT

# Credentials
user: admin
pass: admin

Change default admin password
#RD_PASS=$(openssl rand -base64 16)
#echo ${RD_PASS}
#RD_PASS_MD5=$(java -cp /var/lib/rundeck/bootstrap/jetty-all-9.0.7.v20131107.jar admin ${RD_PASS} 2>&1 | grep MD5)
#sed -i "s/^admin:admin/admin:MD5:${RD_PASS_MD5}/g" /etc/rundeck/
java -jar /var/lib/rundeck/bootstrap/rundeck-*.war --encryptpwd Jetty
service rundeckd restart

# echo "framework.server.password = MD5:${RD_PASS_MD5}" >> /etc/rundeck/

# Notify icinga
Local Command:
ssh '/usr/bin/printf "[%lu] SCHEDULE_FORCED_SVC_CHECK;%s;%s;%s\n" $(date +%s) ${} APT $(date +%s) | tee -a /var/lib/icinga/rw/icinga.cmd'

# User authentification


Rundeck jobs and scripts repository

Job options
# use in bash
NODES=$(echo $RD_OPTION_NODES | sed 's/,/ /g')

# remote URL
# dep #${job.project}%2F${globals.environment}%2Foptions-hosts.json/raw?ref=master&private_token=${globals.private_token}

Pipe command
echo ${option.RSA} | tee /tmp/debug.txt

# check file size
'[[ $(find /media/backup/ -size +50M -name exp_$(date -I)_*.dmp.bz2 ) ]]'

API call with parameter from curl

curl -H "X-Rundeck-Auth-Token: ABCDEFGHIJKLMNOPRST1234567890" --data-urlencode "argString=-sku 'item1 item2 item3'" -X POST

# fix Failed loading remote option values / Exception: java.lang.Exception: Unexpected content type received: text/plain; charset=utf-8 in Rundeck Allowed Values > Remote URL with currently:
echo "framework.globals.environment=dev" >> /etc/rundeck/

# color
grep --color=always foo /path/to/file

CLI commands (draft)
rd projects create -p ops
rd projects configure set -p ops --file ~/
rd keys create --type privateKey --path keys/lib/rundeck/.ssh/github_rsa --file ~/github_rsa
rd projects scm setup -p ops --integration import --type git-import --file ~/scm-import.json
rd projects scm perform -p ops -i import --action initialize-tracking -f useFilePattern="true" filePattern=".*\\.yaml"
rd projects scm perform -i import -p ops --action import-all
rd projects scm perform -i import -p ops --action import-all --item "ops/my-job-file.yaml"

Fix "Import Status: Not Tracked" issue
apt install -y git
cd /var/rundeck/projects/DevOps/scm
git pull

job options

Ansible snippets

# login as user ubuntu, use python3 and relogin as root
- hosts:
- vm1
- vm2
become: yes
ansible_python_interpreter: /usr/bin/python3
ansible_ssh_user: ubuntu
- include: "{{ inventory_hostname }}.yml"

# show user and host
- debug:
msg="{{ ansible_user_id }}@{{ inventory_hostname }}"

# show host groups
- debug:
msg: "{{ group_names }}"

- debug:
var: hostvars[inventory_hostname]

- debug:
msg: "{{ ansible_system_vendor }}"

- debug:
msg: "ansible_default_ipv4["address"]"

- debug:
msg: "{{ vms | length

Sonoff / ITEAD ESP8266

Flash ESPEasy with a FTDI adapter
sudo apt-get install -y unzip wget python-minimal python-serial
wget -q -qO /tmp/
unzip /tmp/ -d /tmp

wget -qO /tmp/
unzip /tmp/ -d /tmp
/tmp/esptool-master/ --port /dev/ttyUSB0 write_flash --flash_mode dio --flash_size 1MB 0x0 /tmp/ESPEasy_R147_1024.bin

# Connect to temporary WiFi access point
pass: configesp