Return to Level1Techs.com

Sysadmin Mega Thread

Yeah, i have the ASA firewall still doing L2TP/IPSEC on a second carrier for that (we’re multi-homed).

The ASA is on a 100 meg pipe, pfsense is on gig, so should be OK :slight_smile:

I’m also building a second pfsense instance on another site, in case HQ goes down (which also has gig). :slight_smile:

After that i’ll look into setting up CARP failover (multiple instances on each site), but probably overkill as we already deploy “Option 1” and “Option 2” VPNs to the users.

Fucking finally there is an update for pfsense.

Software? figures, like 5 days after i commission our new VPN server :smiley:

Thank/blame me later.

edit:
Actually, just so happens i’m building another one on our DR site today, so i’ll download a new ISO. Cheers :slight_smile:

1 Like

Why does python3 require you pass “self” as an arguement in a class constructor?

Example: every class you write.

Edit: reading this - http://neopythonic.blogspot.com/2008/10/why-explicit-self-has-to-stay.html?m=1

By the guy who created Python.

Well isn’t it self evident, narccism :stuck_out_tongue:

3 Likes

Screenshot%20from%202020-03-26%2021-48-48

New toys.

2 Likes

@freqlabs, do you know where I could find rclone logs in FreeNAS from scheduled cloud sync tasks? I have multiple instances of tasks that appear to complete but are reporting as failing.

Not really a part of the system I’m familiar with but check /var/log/middlewared.log

1 Like

Goodbye uptime, hello new pfSense!

image

Looks like 10 minutes of downtime after ~102 days of uptime. Which by my math is 99.993% uptime.

God damn I love pfSense.
image

4 Likes

So, anyone here running CISCO UCS?

I have 2 UCS chassis in different locations, set up by the same vendor in different ways (:smiley: ).

I know enough to be dangerous with it, but not trained officially.

Anyway… issue.

One of them exposes AES-NI to the hypervisor
One doesn’t. The CPUs definitely have AES-NI support (as with anything since like 2011).

Any ideas where this might be configured? I’ve had a look in the service profiles for the blades but can’t find it…

edit:
Alternatively, its a VMWare hypervisor thing. but i can’t see anywhere to turn that on/off, unless there’s some busted CPU feature flag in my VM. But it’s a new vSphere 6.7 virtual machine… Unless its in the hypervisor settings somewhere…

edit2:
Ah i think i found it. VMware EVC mode for the cluster is set to Penryn. Which is pre AES. :slight_smile:

Quick question:

Would anyone object to using cp -a for copy the contents from one disk to another given the following constraints:

  • Block level copy (aka dd) is out of the question because the first drive is 200GB larger than the second.
  • Unfamiliar with the content of the drive such as permisions, symlinks etc.
  • Need to maintain modes/timestamps/attributes/permissions/etc.

In other words, is cp -a going to create a ‘complete’ filesystem level ‘clone?’

Respectfully,

cotton

PS I have a backup.

ssh <box> -D 8080 just saved my life when trying to access IPMI/BMC interface! How have I never used this before?

1 Like

I have successfully copied dozens of TB with cp -a when I was in a relative rush (~48 hours). rsync -acHAX is technically safer and more complete but will take longer.

2 Likes

Can you elaborate on what exactly you did? I think I understand you’re situation but not 100% sure.

Archwiki has this one listed for file system clone.

rsync -qaHAXS SOURCE_DIR DESTINATION_DIR

Why do you include the “c” flag?

I see it skips based on checksum rather than weaker methods. What does it skip? The same file?

Sure, basically pointed my browser to use 127.0.0.1:8080 as a SOCKS5 proxy and then ran the ssh command to create a tunnel to the remote box. I was using a jump server as well so I figured it would be easier to do all this via .ssh/config:

Host jump-server
    Hostname <some-ip>
    User <user>

Host <box-name>-proxy
    Hostname <some-ip>
    User <user>
    Port <remote-port>
    ProxyCommand ssh -W %h:%p jump-server   # this lets us route through the jump server
    DynamicForward 8080    # equivalent to '-D 8080' on the CLI

Then I was able to access the IPMI web UI from the browser

1 Like

Timestamp and size are the other methods (checks both). Tbh, I don’t actually remember if this has any effect if you’re copying a new file to the destination (does it checksum after the copy or assume the copy completed successfully?). It definitely works when you are resuming a copy or syncing to a destination that already has some of the source files.

Also, I don’t actually know what the -S “handle sparse files efficiently” does under the hood… sounds like a good thing, but then why isn’t it always on?

That’s what I figured, but if you had access to the box, why couldn’t configure IPMI from there?

The boxes I needed access to were actually behind the one I ssh’d too. The box I ssh’d to had an interface on the IPMI VLAN.

Oh I see. And I assume it was headless so you couldn’t use the web interface from the intermediary machine?

openipmi and freeipmi both provide remote cli access to ipmi functions including SOL. If you ever want to explore those, it would make a good forum post. Documentation on them is kind of sparse.

yep…

I’ll have to check those out though. If I end up putting them to use I’ll try and put a post together for the “community knowledge bank”.

1 Like