Did you just find a thisserver.crt file on your machine and you want to check the details of what it’s for? In other words you have a SSL certificate that you want to decode.
You need to be on Linux and have OpenSSL installed. Then use the x509 module:
openssl x509 -text -in thisserver.crt
I do file restores from snapshots using a linux server. In my case it’s Centos.
I do this by creating a disk resource from a snapshot on my IPStor SAN. Then I assign the new resource to all nodes of my HQ VMWare cluster.
- Create a disk resource from a snapshot on my IPStor SAN.
- Assign the new resource to all nodes of my HQ VMWare cluster.
- In VMWare, set the path settings for the new FC resource to round robin. (Do this on each node in the cluster.)
- Add the resource to the restore linux server as a Raw Device Mappings.
- SSH into Linux server used for doing restores.
- Rescan the SCSI bus in order to make the new device available for mount. Replace the “X” with the proper host number.
echo “- – – ” > /sys/class/scsi_host/hostX/scan
- View the /var/log/messages file in order to determine what block device ID this resource has showed up as. In the example output, you will notice in green that this resource is registered as block device sdb1. Look for some output like this:
Aug 4 10:48:28 zenoss ntfs-3g: Unmounting /dev/sdb1 (Users) Aug 4 11:06:22 zenoss kernel: Vendor: VMware Model: Virtual disk Rev: 1.0 Aug 4 11:06:22 zenoss kernel: Type: Direct-Access ANSI SCSI revision: 02 Aug 4 11:06:22 zenoss kernel: target0:0:1: Beginning Domain Validation Aug 4 11:06:22 zenoss kernel: target0:0:1: Domain Validation skipping write tests Aug 4 11:06:22 zenoss kernel: target0:0:1: Ending Domain Validation Aug 4 11:06:22 zenoss kernel: target0:0:1: FAST-40 WIDE SCSI 80.0 MB/s ST (25 ns, offset 127) Aug 4 11:06:22 zenoss kernel: SCSI device sdb: 1572864000 512-byte hdwr sectors (805306 MB) Aug 4 11:06:22 zenoss kernel: sdb: Write Protect is off Aug 4 11:06:22 zenoss kernel: sdb: cache data unavailable Aug 4 11:06:22 zenoss kernel: sdb: assuming drive cache: write through Aug 4 11:06:22 zenoss kernel: SCSI device sdb: 1572864000 512-byte hdwr sectors (805306 MB) Aug 4 11:06:22 zenoss kernel: sdb: Write Protect is off Aug 4 11:06:22 zenoss kernel: sdb: cache data unavailable Aug 4 11:06:22 zenoss kernel: sdb: assuming drive cache: write through Aug 4 11:06:22 zenoss kernel: sdb: sdb1 Aug 4 11:06:22 zenoss kernel: sd 0:0:1:0: Attached scsi disk sdb Aug 4 11:06:22 zenoss kernel: sd 0:0:1:0: Attached scsi generic sg1 type 0
- Make sure that you can see the new resource.
- Mount the new resource to a available mount spot.
mount /dev/sdb1 /mnt/recover1
- Do your restore by copying off the files that you need….yada yada yada
- Now it is time to unmount and disconnect the restore resource.
- unmount the block device:
umount /dev/sdb1 /mnt/recover1
- Delete the SCSI resource from the SCSI bus:
echo “scsi remove-single-device a b c d” > /proc/scsi/scsi
a == hostadapter id (first one being 0)
b == SCSI channel on hostadapter (first one being 0)
c == ID
d == LUN (first one being 0)
- Make sure the resource is gone.
- Now remove the RDM from the virtual host.
- Remove SAN assignment of the snapshot resource from VMWare cluster.
- Have vmware hosts rescan their FC connectsions.
- Delete snap shot resource from SAN.
- You are done.
I just switched over to using Empathy for my IM client. I really like it better then Pidgin because it has much smoother integration with GNOME3 and is slicker looking. However, one of the things that it is really lacking is the fact that it doesn’t have plugins. Since it doesn’t have plugins, I can’t use encryption such as OTR (Off The Record).
I hope the Empathy fairies here this and that OTR gets added some time.
If you need to TFTP new software (or any other file for that fact) onto a ASA from a TFTP server that is on the other side of a VPN tunnel, you will need to specify the source interface for the TFTP client to use.
The easiest way to do this, is to specify it inline with the copy command:
copy tftp://192.168.1.30/ASA/asa842-k8.bin;int=INSIDE-management disk0:/asa842-k8.bin
Where, 192.168.1.30 is the IP of the TFTP server. INSIDE-management should be replaced with whatever interface you want to use as source.
Great quick reference article on suid, sguid and sticky bit.
Ever wonder what all the default colors outputed by ls in BASH mean? These are some of the common default ones:
Executable files: Green
* Normal file : Normal
* Directory: Blue
* Symbolic link : Cyan
* Pipe: Yellow
* Socket: Magenta
* Block device driver: Bold yellow foreground, with black background
* Character device driver: Bold yellow foreground, with black background
* Orphaned syminks : Blinking Bold white with red background
* Missing links ( – and the files they point to) : Blinking Bold white with red background
* Archives or compressed : Red (.tar, .gz, .zip, .rpm)
* Image files : Magenta (.jpg, gif, bmp, png, tif)
dd if=/dev/sr0 of=/tmp/your-iso.iso
For other great tips see:
Well, we are working feverishly to migrate all of our Linux and Windows servers off of our old trusty Virtual Iron cluster to our shiny new VMWare ESX cluster.
Good Bye Virtual Iron, I’ll miss you. Let’s remember how Virtual Iron was eaten alive by the Oracle Monster.
You need the following serial settings to access the console port on a Cisco Aitonet 1200 Series AP.
Hardware Flow Control = OFF
Software Flow Control = OFF
If you can see output from the console, but your keystrokes are ignored; check the flow control settings.
Recently I was trying to bring up a EtherChannel connection between a Catalyst 3750 and a Catalyst 4507.
I was going to join 4 ports together. One from each of the first 4 blades on the 4507. It is good to use several blades to protect against a blade failure.
However, when I went to bring up the bundle using LACP, within seconds all bundled ports were shut down and this logging message popped up:
%PM-4-ERR_DISABLE: channel-misconfig (STP) error detect on GigabitEthernet1/0/45.
I was really stumped as to what was causing this. Google searching did not really return any clear answers.
The message was stating that there error was somehow related to Spanning Tree Protocol. I turned on all Spanning Tree debugs and re-enabled just the first port again, but the debugs didn’t show anything unusual happening. What was interesting is that this error was only occurring on the 3750, no errors were showing up on the 4507. I double checked the STP root bridge priorities, etc.
I started to comb the running-config with a fine toothed comb on the 3750. It was then that I noticed this config towards the top:
spanning-tree etherchannel guard misconfig
This config intrigued me. I had not noticed it before and I was unclear as to what it might do. I no’d out the command and again tried to bring up just the first interface in the bundle. No cigar, same epic fail. At this point, I saved the config (write me) and reloaded the switch. Once the switch was back up, I again tried to bring the the bundle members, but in reverse order, starting with gi1/0/48 and moving towards gi1/0/45. One by one, they were each able to join the bundle. Finally, I went to bring up the last interface, gi1/0/45. It came up, however the command show etherchannel 2 summary showed that it was in the waiting state. This is indicated by state w. It seemed to stay in waiting for about a minute until it changed to I. The status I indicates that the port is individual and not part of the bundle.
I thought that it was strange for gi1/0/45 to go to individual mode. I then traced the cabling from gi1/0/45 on the 3750 to fa3/3 on the 4507. “Now just you wait a sec!” I found that I had accidentally cabled to port fa3/5 instead. This was the wrong port and was not configured to be part of the etherchannel.
spanning-tree etherchannel guard misconfig
Was trying to tell me that I had a mis-cabled port! That’s pretty sweet. I did a quick google search on the command and found that essentially it allows EtherChannel to use STP to attempt to find misconfigurations (including messed up cabling).
This story has two morals:
1) Definitely configure STP etherchannel guard misconfig. That command is just another of those that will watch your back. You just gotta love those commands.
2) If your ports are going err-diable and your getting that odd STP misconfig error. Remember to go check your cabling and which ports are config’d.