среда, 26 августа 2015 г.

Sandbox with openvswitch and virtualbox

Let assume, that you already have installed openvswitch and virtulabox.

First you also need to create virtual switch

~ # ovs-vsctl add-br lan0

You can add script shown below to /etc/rc.local or somewhere to startup scripts.

#!/bin/bash

br=lan0
ip=192.168.189.1/24

for tap in `seq 0 15`; do
        ip tuntap del mode tap dev lan0p$tap
        ip tuntap add mode tap lan0p$tap
done;

for tap in `seq 0 15`; do
        ip link set lan0p$tap up
done;

for tap in `seq 0 15`; do
        ovs-vsctl -- --if-exists del-port $br lan0p$tap
        ovs-vsctl add-port $br lan0p$tap
done;

ip addr add $ip dev $br0
ip link set $br up

This small script will create switch lan0 with 16 ports. After this we can use virtalbox VMs and attache them to created ports.
This is just beginning...

понедельник, 17 августа 2015 г.

IPIP over IPSEC on Linux

In this article, I'm just posting working config files for ipsec tunnel. You can use it either with strongswan or with openswan package. There three main files:

- /etc/ipsec.conf
- /etc/ipsec.secrets
- /etc/ipsec.d/tunnel.conf

I'm very lazy, that's why I'm not going to explain my config line by line, if you need you can find all information in man and google.

  ~ $ cat /etc/ipsec.conf  
 version     2.0  
 config setup  
      interfaces=%none  
      protostack=netkey  
      nat_traversal=yes  
      virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12  
      nhelpers=2  
      oe=off  
      plutoopts="--perpeerlog"  
 conn %default  
      ike=aes128-sha1;modp2048  
      phase2alg=aes128-sha1;modp2048  
      ikelifetime=12h  
      salifetime=2h  
      keyingtries=%forever  
      rekey=yes  
      pfs=yes  
      compress=no  
      dpddelay=30  
      dpdtimeout=120  
      dpdaction=restart_by_peer          # hold, restart_by_peer, restart, clear  
 include /etc/ipsec.d/*.conf  


 ~ $ cat /etc/ipsec.secrets  
 #Tunnel 1  
 1.1.1.1     2.2.2.2     : PSK     "Your first PSK" 
 #Tunnel 2
 1.1.1.1     3.3.3.3     : PSK     "Your second PSK"

 ~ $ cat /etc/ipsec.d/tunnel1.conf   
 #Connection name shown in network configuration files  
 conn tunnel1  
      auto=start  
      type=transport  
      authby=secret  
      pfs=yes  
      ike=aes128-sha1-modp2048  
      phase2alg=aes128-sha1;modp2048  
      left=1.1.1.1  
      leftprotoport=ipencap  
      right=2.2.2.2  
      rightprotoport=ipencap  

In the end of this small note, I decided to post small example of configuring connection IPIP over IPSEC. Often you need to configure IPIP over IPSEC or GRE over IPSEC or something else over IPSEC =) . Below you can find configuration of one side of tunnel:

 auto tunnel1  
 iface tunnel1 inet static  
     address YOUR-TUNNEL-IP  
     netmask NETMASK-IN-TUNNEL  
     pointopoint YOUR-TUNNEL-NEIGHBOUR-IP  
     mtu MTU-SIZE-OPTIONAL  
     pre-up ip tunnel add $IFACE mode ipip local 1.1.1.1 remote 2.2.2.2 ttl 64 tos inherit || true  
     post-down ip tunnel del $IFACE  

воскресенье, 16 августа 2015 г.

Adding RAM and CPU in Linux Vmware Guest

Again I'm posting simple lifehack, which you can just copy, paste and use.
Everybody using cool vmware features, like adding ram, cpu and network cards, this is just simple actions in gui, but how to say linux guest vm to recognise new ram and cpu, use for it code shown below.
Adding RAM

 for ram in /sys/devices/system/memory/memory*/online; do echo "1" > "$ram"; done  

Adding CPU

 for cpu in /sys/devices/system/cpu/cpu*/online; do echo "1" > "$cpu"; done  

Another method is adding udev rule file, but I'm lazy... anyway, below is example for cpu:

 cat /etc/udev/rules.d/99-vmware-cpuhotplug-udev.rules  
 ACTION=="add", SUBSYSTEM=="cpu", ATTR{online}="1"   

пятница, 14 августа 2015 г.

Full server copy using tar

Just in case when you need to full clone your server, you can use the command shown below:

 tar -zcvpf /backups/fullbackup.tar.gz --directory=/ --exclude=proc --exclude=sys --exclude=dev/pts --exclude=backups .  

To untar created archive you can use another options of tar shown below

 tar -zxvpf /fullbackup.tar.gz  

четверг, 13 августа 2015 г.

Using TAR over SSH example

Today I decided to post this little note regarding transferring data (many small files) with preserving ownership and permissions in Linux

Example #1

You want copy data from remote server to server on which you're logged in

 ssh user@remote-server "tar czpf - /your/important/data" | tar xzpf - -C /new/location/on/current/server  


Example #2

Reverse, you want to copy data from server on which you're logged in, to remote server.

 tar cpf - /your/important/data | ssh user@remote-server "tar xpf - -C /new/location/on/remote/server"