As simple as that, if you add a new virtual hard drive using VMWare in your virtual machine with Linux and you want to force the re-scan SCSI bus to see the new hard drive when you run, for example: “fdisk -l”. You can force the SCSI bus re-scan with:
# take into account that your new hard drive could be added in different point than "host0"echo "- - -" > /sys/class/scsi_host/host0/scan
El dia 12 de febrer al vespre vaig fer una conferència a la FIB (Facultat d’Informàtica de Barcelona) dins de la UPC (Universitat Politècnica de Catalunya). En aquesta xerra vaig estar explicant com vaig convertint en realitat un somni que vaig tenir quan era petit, estic parlant de domotitzar la casa. Gràcies a enginys com l’Arduino i la Raspberry PI a més d’aplicacions com l’OpenHab podem fer assequible allò que si anem a grans marques comercials es fa caríssim pel meu pressupost.
Next commands are very useful when you don’t have access to the vSphere UI and you have to access to VMWare Hypervisor using SSH or console:
# get the list of virtual machinesvim-cmd vmsvc/getallvms# get the state of a VM with #id: VM_IDvim-cmd vmsvc/power.getstate VM_ID# turn on the virtual machine with #id: VM_IDvim-cmd vmsvc/power.on VM_ID
Another option to turn on the virtual machine using an Ansible playbook:
After several tries without success to pfSense’s SSH server the port is blocked by a service called “sshlockout”. If you need to unblock the SSH service run the command from shell:
pfctl -t sshlockout -T flush
In the end that command only removes the rules in table “sshlockout” in firewall entries.
A long time ago I wrote an entry post about how to set up the SMTP in linux boxes using a relay system you can find the post here: Relay mail from your server without MTA. Remember that SSMTP is not a SMTP service for your system but it’s more than enough for all servers that don’t work as a mail servers. Historically Unix/Linux uses sendmail command to send system notifications but usually this mails are lost because system configurations are not completed. My advice in this sense is use SSMTP.
In the past I used to use SSMTP with a GMail account but security constraints in Google mail services make it difficult to configure today. The new alternative is set up a free Mandrill account as a relay host. Mandrill is a Mailchimp service that allows you to send a lot of emails without problems and there is a free account that allows to send up to 12.000 mails per month free, more than enough usually. If you don’t know how to set up a Mailchimp account the best option to learn how to do it is follow the support documentation it’s very good IMHO.
When you have a lot of linux machines to administer you need something fastly replicable. As you know use Ansible is a very good option. Then I developed a new Ansible role to set up Mandrill accounts to SSMTP services massively using Ansible.
Firstly let me introduce a Windows service called: “Windows Remote Manager” or “WinRM”. This is the Windows feature that allows remote control of Windows machines and many other remote functionalities. In my case I have a Windows 7 laptop with SP1 and PowerShell v3 installed.
Secondly don’t forget that Ansible is developed using Python then a Python library have to manage the WinRM protocol. I’m talking about “pywinrm“. Using this library it’s easy to create simple scripts like that:
In the end it’s time to talk about how to create an Ansible Playbook to deploy anything in a Windows machine. As always the first thing that we need is a hosts file. In the next example there are several ansible variables needed to run Ansible Windows modules on WinRM, all of them are self-explanatory:
[all]10.2.0.42
[all:vars]
ansible_ssh_user=the_username
ansible_ssh_pass=the_password
ansible_ssh_port=5985 #winrm (non-ssl) port
ansible_connection=winrm
The first basic example could be a simple playbook that runs the ‘ipconfig’ command and registers the output in an Ansible variable to be showed later like a debug information:
- name: test raw module hosts: all tasks: - name: run ipconfig raw: ipconfig register: ipconfig - debug: var=ipconfig
As always Ansible have several modules, not only the ‘raw’ module. I committed two examples in my Github account using a module to download URLs and another one that runs Powershell scripts.
My examples are done using Ansible 1.8.2 installed in a Fedora 20. But main problems I’ve found are configuring Windows 7 to accept WinRM connections. Next I attach some references that helped me a lot:
Ansible is a very powerful tool. Using playbooks, something like a cookbook, is very easy to automate maintenance tasks of systems. I used Puppet and other tools like that but IMHO Ansible is the best one.
In some cases you need to manage dynamic systems and take into advantage of Ansible like a Python library is a very good complement for your scripts. This is my last requirement and because of that I decided to share some simple Python snippets that help you to understand how to use Ansible as a Python library.
Firstly an example about how to call an Ansible module with just one host in the inventory (test_modules.py):
#!/usr/bin/python import ansible.runnerimport ansible.playbookimport ansible.inventoryfrom ansible import callbacksfrom ansible import utilsimport json# the fastest way to set up the inventory# hosts listhosts = ["10.11.12.66"]# set up the inventory, if no group is defined then 'all' group is used by defaultexample_inventory = ansible.inventory.Inventory(hosts)pm = ansible.runner.Runner( module_name = 'command', module_args = 'uname -a', timeout = 5, inventory = example_inventory, subset = 'all' # name of the hosts group )out = pm.run()print json.dumps(out, sort_keys=True, indent=4, separators=(',', ': '))
As a second example, we’re going to use a simple Ansible Playbook with that code (test.yml):
- hosts: sample_group_name tasks: - name: just an uname command: uname -a
The Python code which uses that playbook is (test_playbook.py):
#!/usr/bin/python import ansible.runnerimport ansible.playbookimport ansible.inventoryfrom ansible import callbacksfrom ansible import utilsimport json### setting up the inventory## first of all, set up a host (or more)example_host = ansible.inventory.host.Host( name = '10.11.12.66', port = 22 )# with its variables to modify the playbookexample_host.set_variable( 'var', 'foo')## secondly set up the group where the host(s) has to be addedexample_group = ansible.inventory.group.Group( name = 'sample_group_name' )example_group.add_host(example_host)## the last step is set up the invetory itselfexample_inventory = ansible.inventory.Inventory()example_inventory.add_group(example_group)example_inventory.subset('sample_group_name')# setting callbacksstats = callbacks.AggregateStats()playbook_cb = callbacks.PlaybookCallbacks(verbose=utils.VERBOSITY)runner_cb = callbacks.PlaybookRunnerCallbacks(stats, verbose=utils.VERBOSITY)# creating the playbook instance to run, based on "test.yml" filepb = ansible.playbook.PlayBook( playbook = "test.yml", stats = stats, callbacks = playbook_cb, runner_callbacks = runner_cb, inventory = example_inventory, check=True )# running the playbookpr = pb.run() # print the summary of results for each hostprint json.dumps(pr, sort_keys=True, indent=4, separators=(',', ': '))
Last months in M2M Cloud Factory we have been working on MIIMETIQ. Last weeks I’ve been thinking about how to define MIIMETIQ shortly and this is my definition, please tell if you can understand something. Of course, you have to know we’re focused in Internet of Things and M2M market.
MIIMETIQ is an IoT/M2M framework, so this is the first step to setup to develop your vertical solution.
Framework: With a well defined architecture a framework is a set of functions ready to create any application. Everything else is open and adaptable.
MIIMETIQ architecture is service oriented and it uses AMQP as a message broker to connect the services.
MIIMETIQ has several modules, we define a module as a set of services. Basicly MIIMETIQ have 5 modules:
Identity Manager: manage users, groups, roles and all kind of entities the project needs and its security.
Assets Manager: a data model manager, the integrator creates the business logics and data models here.
Distribution System: this is a set of agnostitc connectivity layers to different types of devices.
A E N M: several time series and other signals flow through the AMQP, this data are events and using rules those events could be converted in alarms and some alarms have to be notified to proper services, systems or people.
Control Panel UI: this is an administration dashboard, in form of a UI to setup and monitor the most common uses of MIIMETIQ.
Using those modules usually the integrators create their own user interface to satisfy customer requiremests. In M2MCF we create those UI using ADUX (Advanced Development User Experience).
After configuring MIIMETIQ the integrator has 2 customized APIs to connect their code with MIIMETIQ. One of them is an API REST and another one is AMQP.
Finally everything inside MIIMETIQ could be customized, because the flexibility is very important when you have an horizontal solution.
OpenAM is as much powerful as complicated sometimes. In this case I spent a lot of time understanding how to set simple settings because of that I decide to take note about that in this blog entry.
First of all don’t forget to set the environment variables and go to ssoadm path:
anonymous (id=anonymous,ou=user,dc=openam) demo (id=demo,ou=user,dc=openam) serviceusername (id=serviceusername,ou=user,dc=openam) amAdmin (id=amAdmin,ou=user,dc=openam) Search of Identities of type User in realm, / succeeded.
But as you can see it doesn’t work and I don’t know how to solve it.
Taking a look to GUI get to identities list with: Access Control > / (Top Level Realm) > Privileges
In this webpage you have a list of role identities, in my case I have only this: “All Authenticated Users”. Inside this identity I can set different privileges:
REST calls for Policy Evaluation (EntitlementRestAccess)
Read and write access to all log files (LogAdmin)
REST calls for searching entitlements (PrivilegeRestReadAccess)
Read access to all log files (LogRead)
Read and write access to all federation metadata configurations (FederationAdmin)
Read and write access only for policy properties (PolicyAdmin)
Read and write access to all configured Agents (AgentAdmin)
Read and write access to all realm and policy properties (RealmAdmin)
REST calls for managing entitlements (PrivilegeRestAccess)
Write access to all log files (LogWrite)
If we want to remove a privilege:
root@vm:/opt/openam/ssoadmin/openam/bin# ./ssoadm remove-privileges -u amAdmin -f /tmp/oam.pwd -e / -g EntitlementRestAccess -i "All Authenticated Users" -t rolePrivileges were removed from identity, All Authenticated Users of type, role in realm, /.
or adding a privilege:
root@vm:/opt/openam/ssoadmin/openam/bin# ./ssoadm add-privileges -u amAdmin -f /tmp/oam.pwd -e / -g EntitlementRestAccess -i "All Authenticated Users" -t role
Using sslsnoop you can dump SSH keys used in a session and decode ciphered traffic. Supported algorithms are: aes128-ctr, aes192-ctr, aes256-ctr, blowfish-cbc, cast128-cbc.
Basic sslsnoop information:
$ sudo sslsnoop # try ssh, sshd and ssh-agent... for various things $ sudo sslsnoop-openssh live `pgrep ssh` # dumps SSH decrypted traffic in outputs/ $ sudo sslsnoop-openssh offline --help # dumps SSH decrypted traffic in outputs/ from a pcap file $ sudo sslsnoop-openssl `pgrep ssh-agent` # dumps RSA and DSA keys
