network

warning: Creating default object from empty value in /data/web/1/000/027/003/273448/htdocs/panticz.de/modules/taxonomy/taxonomy.pages.inc on line 33.

haproxy

Check configuration
haproxy -c -f /etc/haproxy/haproxy.cfg

Check status
systemctl status haproxy

unbound

/etc/unbound/unbound.conf.d/forward.conf
# unbound forward-zone output
for IP in $(consul catalog nodes | grep ctl | cut -d " " -f6); do
echo " forward-addr: ${IP}@53"
done
systemctl restart unbound

consul

echo '["abcdef123458"]' /var/consul/serf/local.keyring
service consul restart

# config
cat /etc/consul/config.json

# log
/var/log/syslog

# cli
consul catalog datacenters
consul catalog nodes
consul catalog services

# Redirect UI to localhost
ssh -L 8500:localhost:8500 root@node1.example.com -N

# UI listen on external
https://stackoverflow.com/questions/35132687/how-to-access-externally-to-consul-ui

# checks
https://www.consul.io/api/agent/check.html

Enable UEFI / PXE boot on Mellanox ConnectX NIC

# Boot GRML iso
https://grml.org/download/

# Enable SSH daemon
service ssh start
passwd
ip a

# ssh root@GRML_IP

# Install Mellanox CLI tools (MFT)
http://www.mellanox.com/page/management_tools
apt update
apt install -y gcc make dkms linux-headers-$(uname -r)
URL=http://www.mellanox.com/downloads/MFT/mft-4.11.0-103-x86_64-deb.tgz
wget -O- ${URL} | tar xvz -C /tmp
/tmp/mft-*-deb/install.sh
mst start

# show mellanox devices / state
mst status
flint -d /dev/mst/mt4119_pciconf0 q

# Enable UEFI and PXE boot
for MST in $(ls /dev/mst/* | egrep -v '\.1'); do

Ubuntu: Instlal lldpd (Link Layer Discovery Protocol)

sudo apt install -y lldpd

# optional: enable Cisco CDP protocol
cat < /etc/default/lldpd
DAEMON_ARGS="-c"
EOF
service lldpd restart

# get info
lldpctl

Identify switch port to which the server is connected

# Show LLDP neighbors
networkctl lldp

lldpctl
http://www.panticz.de/lldpd

for NIC in $(find /sys/class/net -type l -not -lname "*virtual*" -printf "%f\n" | sort); do
echo "NIC: ${NIC}"
echo "NIC MAC: $(ethtool -P ${NIC})"
timeout 300 tcpdump -nn -v -i ${NIC} -s 1500 -c 1 "ether[20:2] == 0x2000"
done

nmcli - NetworkManager command line tool

# list all connections
nmcli con

# show connection details
nmcli con show 'MY_CONNECTION_1'

# start vpn from command line (ubuntu)
nmcli con up id VPN_NAME

nmcli dev wifi list

# modify configuration
SSID="FRITZ!Box 5960"
PASS=00011090700208423311

nmcli con add con-name "${SSID}" ifname wlan0 type wifi ssid "${SSID}"
nmcli con modify "${SSID}" wifi-sec.key-mgmt wpa-psk
nmcli con modify "${SSID}" wifi-sec.psk "${PASS}"

nmcli con up "${SSID}"

Autostart delayed VPN connection
# /home/foo/.config/autostart/vpn.desktop
[Desktop Entry]

DNS

# SPF
http://wiki.hetzner.de/index.php/DNS_SPF

# dig
dig txt example.com @8.8.8.8
dig example.com | grep -v ";" | grep A
dig -x 8.9.10.11 | grep IN

Create IPfire DomU (firewall)

Check for latest IPFire version
http://downloads.ipfire.org/

wget https://raw.githubusercontent.com/panticz/xen/master/domains/ipfire.sh -O - | bash -

#!/bin/bash

URL=http://downloads.ipfire.org/releases/ipfire-2.x/2.15-core79/ipfire-2.15.xen.i586-downloader-core79.tar.bz2

# download
wget -q ${URL} -O - | tar -C /tmp -xjf -
bash /tmp/ipfire/xen-image-maker.sh

# copy data to lvm
mkdir -p /tmp/ipfire/mnt/

# copy boot filesystem
lvcreate --name fw-boot --size 256M vg0
mkfs.ext2 /dev/vg0/fw-boot
#mount /tmp/ipfire/ipfire-boot.img /tmp/ipfire/mnt/ -o loop
mount ipfire-boot.img /tmp/ipfire/mnt/ -o loop
mount /dev/vg0/fw-boot /mnt/
cp -a  /tmp/ipfire/mnt/* /mnt/
umount /tmp/ipfire/mnt/
umount /mnt/

# copy root filesystem
lvcreate --name fw-root --size 2G vg0
mkfs.ext4 /dev/vg0/fw-root
#mount /tmp/ipfire/ipfire-root.img /tmp/ipfire/mnt/ -o loop
mount ipfire-root.img /tmp/ipfire/mnt/ -o loop
mount /dev/vg0/fw-root /mnt/
cp -a  /tmp/ipfire/mnt/* /mnt/
umount /tmp/ipfire/mnt/
umount /mnt/

# copy var filesystem
lvcreate --name fw-var --size 2G vg0
mkfs.ext4 /dev/vg0/fw-var
#mount /tmp/ipfire/ipfire-var.img /tmp/ipfire/mnt/ -o loop
mount ipfire-var.img /tmp/ipfire/mnt/ -o loop
mount /dev/vg0/fw-var /mnt/
cp -a  /tmp/ipfire/mnt/* /mnt/
umount /tmp/ipfire/mnt/
umount /mnt/

# create swap
lvcreate --name fw-swap --size 1G vg0
mkswap /dev/vg0/fw-swap


# clean up
rm -r /tmp/ipfire*

# create xen config file
cat <<EOF> /etc/xen/fw
bootloader = '/usr/lib/xen-4.1/bin/pygrub'
memory = 512
name = 'fw'
acpi = 1
apic = 1
vif = [ 'mac=00:17:4e:be:b1:ba' ]
disk = [
    'phy:/dev/vg0/fw-boot,xvda1,w',
    'phy:/dev/vg0/fw-swap,xvda2,w',
    'phy:/dev/vg0/fw-root,xvda3,w',
    'phy:/dev/vg0/fw-var,xvda4,w'
]
pci = ['00:0c.0']
extra = 'iommu=soft'
EOF

# OPTIONAL: autostart
ln -s /etc/xen/fw /etc/xen/auto/01_fw

# TODO (automate)
rmmod e100
rmmod xen-pciback
modprobe xen-pciback 'hide=(00:0c.0)'
xm pci-list-assignable-devices

# start domU
xm create -c fw

# OPTIONAL
sed -i 's|phy:/dev/vg0/fw-|file:/root/ipfire-|g' /etc/xen/fw
sed -i 's|,xvda|.img,xvda|g' /etc/xen/fw

# configure ipfire in terminal

# webinterface
https://YOUR_DOMU_IP:444

# Links
http://wiki.ipfire.org/de/addons/virtualisation/howto/debian_wheezy_xen_4.1?&#debian_wheezy_mit_xen_41_als_dom0
http://wiki.ipfire.org/de/addons/virtualisation/howto/debian_als_dom0_xen#xen_und_kernel_installieren
http://wiki.ipfire.org/de/addons/virtualisation/howto/debian_xen_4.x

Compile iPXE

wget https://raw.githubusercontent.com/panticz/preseed/master/ipxe/scripts/build_ipxe.sh -qO - | bash -

#!/bin/bash

# install requirements
sudo apt-get install -y build-essential liblzma-dev

# get source
git clone git://git.ipxe.org/ipxe.git /tmp/ipxe
 
# create boot script
cat <<EOF> /tmp/ipxe/src/boot.ipxe
#!ipxe
 
dhcp && chain http://\${next-server}/\${mac} || chain http://preseed.panticz.de/\${mac}
EOF
 
# OPTIONAL: enable HTTPS support
sed -i -e '/DOWNLOAD_PROTO_HTTPS/ s/#undef/#define/' /tmp/ipxe/src/config/general.h
 
# OPTIONAL: change product name
sed -i 's|PRODUCT_NAME ""|PRODUCT_NAME "preseed.panticz.de"|g' /tmp/ipxe/src/config/general.h
 
cd /tmp/ipxe/src
 
# build CD image (/tmp/ipxe/src/bin/ipxe.iso)
make bin/ipxe.iso EMBED=boot.ipxe
 
# build USB image (/tmp/ipxe/src/bin/ipxe.usb)
make bin/ipxe.usb EMBED=boot.ipxe
 
# build PXE image (/tmp/ipxe/src/bin/ipxe.pxe)
make bin/ipxe.pxe EMBED=boot.ipxe
 
# build GRUB image (/tmp/ipxe/src/bin/ipxe.lkrn)
make bin/ipxe.lkrn EMBED=boot.ipxe
 
# build undionly image (/tmp/ipxe/src/bin/undionly.kpxe)
make bin/undionly.kpxe EMBED=boot.ipxe

# ToDo: https boot
http://ipxe.org/cfg/crosscert
http://ipxe.org/cfg/trust

Links
http://ipxe.org
http://ipxe.org/download
http://www.coreboot.org/IPXE

Syndicate content