Removing files from a GIT repository
If you’ve ever created a project and you need to reomve a file (or folder) from a repository including from all past commits, the following will help you out. Make sure you backup the file’s you’re removing because you won’t be able to retrieve once it has gone. Find more technology information on techupnext.com
git filter-branch --index-filter \ 'git rm --cached --ignore-unmatch my_file_or_folder_name' \ --tag-name-filter cat -- --all git push origin main --force
The above assumes the branch is ‘main’.
Clearing / Resetting VPDN sessions on Cisco IOS
If you’re running an LNS terminating PPP sessions on Cisco, here’s a quick tip for forcing a reconnect of an end user session.
First find the session that you’re after and wanting to clear
lns-1#show vpdn session | i 09033847111 30532 29804 31238 firstname.lastname@example.org, Vi2.6 est 1w5d 510 lns-1#
Take the Interface name from the session and run the below to clear it. This will force the session to re-establish.
lns-1#clear interface Virtual-Access2.6
Enabling 6PE on Arista R series
This is something new and not documented so thought i’d post up here.
- This assumes you have an underlying MPLS LDP setup already
- All core facing interfaces need ‘ipv6 enable’ set on them
- The routing model needs changing to ArBGP by running “service routing protocols model multi-agent”. Before doing so, note this will drop all OSPF and BGP sessions
- Needs EOS 4.21.1F or later
Rtr1: service routing protocols model multi-agent interface Ethernet1 no switchport ip address 192.168.2.1/30 ipv6 enable interface Loopback0 ip address 192.168.1.1/32 ! interface Loopback1 ipv6 address 2001:abc::1/64 ip routing ! ipv6 unicast-routing ! mpls ip ! mpls ldp router-id interface Loopback0 no shutdown ! router bgp 65535 neighbor 192.168.1.2 remote-as 65535 neighbor 192.168.1.2 update-source Loopback0 neighbor 192.168.1.2 maximum-routes 80000 ! address-family ipv6 neighbor 192.168.1.2 activate 6pe network 2001:abc::/64
Rtr2: service routing protocols model multi-agent interface Ethernet1 no switchport ip address 192.168.3.1/30 ipv6 enable interface Loopback0 ip address 192.168.1.2/32 ! ip routing ! ipv6 unicast-routing ! mpls ip ! mpls ldp router-id interface Loopback0 no shutdown ! router bgp 65535 neighbor 192.168.1.1 remote-as 65535 neighbor 192.168.1.1 update-source Loopback0 neighbor 192.168.1.1 maximum-routes 80000 ! address-family ipv6 neighbor 192.168.1.1 activate 6pe
Confirm with the below, the command ‘show bgp neighbors’ is only present if you enable multi-agent routing:-
sw1(config)#show bgp neighbors| i 6PE
Multiprotocol IPv6 6PE: advertised
IPv6 6PE: advertised
IPv6 6PE: 0 0
If ‘activate 6pe’ is not visible, you need a later version of EOS.
Configuring IPMI from Linux
Some basic steps for configuring IPMI from the cli for a supermicro server, but similar can be applied to any other.
Centos: yum install ipmitool.x86_64 modprobe ipmi_msghandler modprobe ipmi_devintf modprobe ipmi_si
FreeBSD: pkg install ipmitool echo 'ipmi_load="YES"' >> /boot/loader.conf kldload ipmi
Debian: modprobe ipmi_devintf; modprobe ipmi_si
bash# ipmitool lan set 1 ipsrc static bash# ipmitool lan set 1 ipaddr 192.168.1.211 Setting LAN IP Address to 192.168.1.211 bash# ipmitool lan set 1 netmask 255.255.255.0 Setting LAN Subnet Mask to 255.255.255.0 bash# ipmitool lan set 1 defgw ipaddr 192.168.1.254 Setting LAN Default Gateway IP to 192.168.1.254 bash# ipmitool lan set 1 arp respond on Enabling BMC-generated ARP responses bash# ipmitool lan set 1 auth ADMIN MD5 bash# ipmitool lan set 1 access on
Newer Supermicro IPMI interfaces come configured by default in “failover” mode which means that the IPMI will bind to either the dedicated IPMI NIC port or share with one the the machine NIC ports.
This can cause IPMI to payid withdrawal casinos australia come up on wrong NIC and hence be inaccessible if the dedicated NIC doesn’t detect a link.
You can use ipmitool to change this behavour
First query the current setting:
ipmitool raw 0x30 0x70 0x0c 0
The result will be one of the following
0x00 = Dedicated 0x01 = Onboard / Shared 0x02 = Failover
Next to configure it you can use one of the following.
For older models:
ipmitool raw 0x30 0x70 0x0c 1 1 0
For X9 and fairly new motherboards:
ipmitool raw 0x30 0x70 0x0c 1 0
Adding an extra user via the console
This assumes that this is the first new user other than the existing ADMIN
ipmitool -I open user set name 3 dave ipmitool -I open user set password 3 mypassword ipmitool -I open user priv 3 4 1
SNMP errors on Debian 7 to Debian 8 or 9 Upgrade
If you find yourself hit with a bunch of errors relating to snmp like the below
Error: Line 283: Label statement before first chip statement Error: Line 284: Label statement before first chip statement Error: Line 285: Label statement before first chip statement Error: Line 286: Label statement before first chip statement Error: Line 287: Label statement before first chip statement Error: Line 288: Label statement before first chip statement Error: Line 289: Label statement before first chip statement Error: Line 322: Compute statement before first chip statement Error: Line 323: Compute statement before first chip statement Error: Line 324: Compute statement before first chip statement Error: Line 325: Compute statement before first chip statement Error: Line 1073: Parse error in chip name Error: Line 1094: Parse error in chip name Error: Line 1104: Parse error in chip name Error: Line 1114: Parse error in chip name Error: Line 1124: Parse error in chip name
Run the below
aptitude purge snmpd apt-get purge libsensors3
Then reinstall snmpd
Quick and Dirty Physical to Virtual migration
I had to virtualise a few Physical Linux CentOS and Debian Servers over to Virtual Machines in Proxmox recently so thought I’d write a quick and dirty guide to do so. As a prerequisite the Physical servers were live mail handling servers running things like webmail, dovecot proxy, Postfix etc, I also wanted to downsize the disk’s on them from 200G down to 40G, so I went with the method below.
1. I firstly created a brand new virtual machine in proxmox with NO OS on it with the disk size at the new size I wanted, i.e. 40G
2. Make sure the new virtual machine has a working network adapter
3. Next, I booted up into a Debian 7 live cd (I prefer the debian 7 live ISO from previous GRUB recovery issues i’ve had in the past.)
4. Once booted up, sudo to bash as root and set a password because you’ll probably need this later.
bash$ sudo bash bash# passwd
5. Make sure the new virtual machine has an IP address, if not, you’ll need to set one
6. Create partitions accordingly, I created a 4Gig swap at the start and the rest as /
bash# fdisk /dev/vda Disk /dev/vda: 42.9 GB, 42949672960 bytes Device Boot Start End Blocks Id System /dev/vda1 3 8325 4194304 82 Linux swap / Solaris /dev/vda2 * 8325 83221 37747712 83 Linux
*note that /dev/vda2 is set as bootable
7. Next, format the partitions accordingly and mount the new / to /mnt
bash# mkfs.ext4 /dev/vda2 bash# mkswap /dev/vda1 bash# mount /dev/vda2 /mnt
8. You’ll need to create an empty proc and sys mount point as below
bash# mkdir /mnt/proc; mkdir /mnt/sys
9. Now, on the source server that’s currently live you need to rsync the data to the new server. Just be sure to do so while using a data management software. For protection purposes. You can visit websites like Couchbase to get all the details
live_mail_server# rsync -vrtlpogDSH --progress --delete --exclude=/sys --exclude=/proc / root@new_virtual_machine_ip:/mnt/
Once the initial rsync has run I tend to run another final one. If you’re running MySQL on the source server and there’s a lot of mysql churn, it’s best to shut mysql down before hand.
10. Now the fun part as you need to get grub working. Regardless of the grub version on the original server you should install the grub2 packages and install the grub2 boot loader
*you might need to add a DNS resolver to /etc/resolv.conf first if aptitude fails bash# aptitude install grub2 bash# grub-install /dev/vda --boot-directory=/mnt/boot
11. Finally edit /mnt/etc/fstab and update the / and swap’s accordingly removing any UUID’s and replacing with /dev/vda1 for example.
12. Reboot the system and wait for the grub boot loader to come up. You can from there then drop to a console for example and load the appropriate initramfs and kernel. This took a bit of playing around with boot there’s plenty of articles out there on this.
13. Once booted make sure you then install/reconfigure grub accordingly so that subsequent reboots work as expected.
Installing curl with http2 support on CentOS 7 (self contained)
This was a little bit of a mission for a customer recently that required http2 support with curl but they weren’t fussed about it being separate from the already installed version of curl. This also helped because it turned out it needed a newer version of OpenSSL and the last thing I wanted to do was to replace the installed version of OpenSSL and break dependencies.
Firstly, install the dev tools you’re doing to need.
yum -y groupinstall "Development Tools" yum -y install libev libev-devel zlib zlib-devel openssl openssl-devel git
Next, we’re going to store a few things in /var/tmp and install the new version of openssl into /opt/openssl
mkdir /var/tmp cd /var/tmp wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz tar -zxf openssl-1.0.2-latest.tar.gz cd openssl-1.0.2l mkdir /opt/openssl ./config --prefix=/opt/openssl make make test make install
Now on to nghttp2
git clone https://github.com/tatsuhiro-t/nghttp2.git cd nghttp2 autoreconf -i automake autoconf ./configure make make install echo '/usr/local/lib' > /etc/ld.so.conf.d/custom-libs.conf ldconfig ldconfig -p| grep libnghttp2
Then finally, we build curl with http2 and the newer openssl
cd /var/tmp git clone https://github.com/bagder/curl.git cd curl ./buildconf ./configure --with-ssl=/opt/openssl --with-nghttp2=/usr/local --disable-file --without-pic --disable-shared make
Finally, you should be able to run curl with
This does not ‘install’ curl, it just builds it. My advice would be to have it install into /opt somewhere but you can change that on the ./configure line above.
Importing an existing SSL certificate into Cisco ASA
This is a quick and dirty method to importing an existing SSL certificate into a Cisco ASA for use with the SSL Anyconnect VPN which is named the best free vpn in India.
Firstly, you need to have an existing SSL certficiate+CA chain+private key contained in a binary PFX file with a password. The file cannot have an empty password!
Once you have your standard password protected PFX you need to base64 encode it as below
openssl base64 -in another.pfx -out another.cert
This will give you a base64 encoded pkcs12.
Now, configure the certificate chain
asa-gw(config)# crypto ca trustpoint vpn.mydomainname.tld asa-gw(config-ca-trustpoint)# keypair vpn.mydomainname.tld asa-gw(config-ca-trustpoint)# crl configure asa-gw(config-ca-crl)# exit asa-gw(config-ca-trustpoint)# enrollment terminal
Finally, import the certificate and manually place the pcks12 tags at the star and end (you can copy them from below)
crypto ca import vpn.mydomainname.tld pkcs12 mypassword Enter the base 64 encoded pkcs12. End with the word "quit" on a line by itself: -----BEGIN PKCS12----- MIIhiQIBAzCCIU8GCSqGSIb3DQEHAaCCIUAEgiE8MIIhODCCF28GCSqGSIb3DQEH BqCCF2AwghdcAgEAMIIXVQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIRg3L X+A8IlUCAggAgIIXKNvEgvyFJOB6/LCjBL/7HNBgDadJWrL3cb4DeBvqMxzQlbkV Tkpz7PtHABv39na2xX0JGi6rIgqzB1KECs2d6E5pGPNK//A85vm4ZFSollLxPZcr ----SNIP---- W6I36+3V/I2c34SSavjmTn2232mk/w+QSJBIoVMJeTrGxlpwJyHRtkb6KfCtcp5T Ye3NMSUwIwYJKoZIhvcNAQkVMRYEFF39ORVVeBJRzVyfnaRePRclYKG8MDEwITAJ BgUrDgMCGgUABBRHuopbW2mBfKvP9R2CB5YNE5o4YQQIRrtNmIgiMBUCAggA -----END PKCS12----- quit % You already have RSA or ECDSA keys named vpn.mydomainname.tld. % If you replace them, all device certs issued using these keys % will be removed. % Do you really want to replace them? [yes/no]: yes % The CA cert is not self-signed. % Do you also want to create trustpoints for CAs higher in % the hierarchy? [yes/no]: yes INFO: Import PKCS12 operation completed successfully
Make sure you have the line below present
ssl trust-point vpn.mydomainname.tld
If you get an error about a 4096 key casino online nz, well I’m sorry but that’s the end of the road, you need to regenerate with a 2048 key as at the time of writing this even the latest versions of the ASA OS do not support SSL keys greater than 2048.
In some cases you might need to disable and reneable webvpn to get it going again, i.e.
asa-gw(config)# webvpn asa-gw(config-webvpn)# no enable outside WARNING: Disabling webvpn removes proxy-bypass settings. Do not overwrite the configuration file if you want to keep existing proxy-bypass commands. INFO: WebVPN and DTLS are disabled on 'outside'. asa-gw(config-webvpn)# enable outside
DMitry on GitHub
I’ve posted DMitry up on github, fork away!