Even though the number of configured vCPUs in the VM wasn't changed nor excessive, a VM wouldn't cross-migrate (got an EVC error) hot.

After powering off the VM and migrating to another cluster, which was on the same EVC level, powering on the VM resulted in the error "Module 'CPUID' power on failed."

Inspecting the CPU Identification Mask settings (Edit Settings -> CPU > CPUID Mask -> Advanced) and resetting to default did not resolve the issue.

I assumed the VMX had some clues, and found multiple lines of cpuid-related flags:

[aners@derp:/vmfs/volumes/vsan:5..2]grep -i cpu *.vmx:

...
sched.cpu.units = "mhz"
cpuid.80000001.edx = "---- ---- ---0 ---- ---- ---- ---- ----"
cpuid.80000001.eax.amd = "---- ---- ---- ---- ---- ---- ---- ----"
cpuid.80000001.ebx.amd = "---- ---- ---- ---- ---- ---- ---- ----"
cpuid.80000001.ecx.amd = "---- ---- ---- ---- ---- ---- ---- ----"
cpuid.80000001.edx.amd = "---- ---- ---0 ---- ---- ---- ---- ----"
sched.cpu.latencySensitivity = "normal"
...

Removing all 'cpuid...'-lines from the VMX resolved the issue, the VM was now able to boot.

When removing large snapshots, the task status is progressing towards 100%, or so it should be; sometimes it goes to 0% in the web UI and the user is left clueless.

Updating the web UI doesn't bring the current progress back. Luckyli the shell on the host can be used to retrieve the progress:

Chaining a few commands, will get the progress of the "Snapshot.remove"-task:

1) Get a list of all VMs and filter by the name of your VM: vim-cmd vmsvc/getallvms|grep -i garg|awk '{print $1}'

[root@virt58:/vmfs/volumes/vsan:5...2/4...9] vim-cmd vmsvc/getallvms|grep -i garg|awk '{print $1}'
72

The Vmid is returned, in this example 72

2) Verify the Vmid is in fact the VM you're interested in, fetch it's name: vim-cmd vmsvc/get.summary 72|grep name

[root@virt58:/vmfs/volumes/vsan:5...2/4...9] vim-cmd vmsvc/get.summary 72|grep name
name = "Gargoil",

3) Having verified the Vmid, get the running tasks: vim-cmd vmsvc/get.tasklist 72

(ManagedObjectReference) [
   'vim.Task:haTask-72-vim.vm.Snapshot.remove-138283664'
]

4) Copy the vim.Task identifier and get task_info, filter "state" and "progress": vim-cmd vimsvc/task_info haTask-72-vim.vm.Snapshot.remove-138283664|grep "state|progress"

   state = "running",
   progress = 86,

What the web UI failed to display, is that the "Snapshot.remove"-task is running and 86% complete, I guess this is why CLI is usually my favourite goto.

For more verbose output, remove the pipe to grep

When "Placement and Availability status" is "Unknown" for storage objects in vSAN, it can be as simple as an ISO mounted from another cluster. If so, simply unmount the ISO and return to the overview.

Consider the following scenario:

Wireguard (daemon) is running on a *:123/udp

Not always a great way out from a hotel network, since NTP is usually rate-limited - sometimes a great way out. Things change.

Instead of deciding on 1 service-port for Wireguard, having Wireguard transparently serve on more ports, seems like a good solution and does not require running multiple interfaces or services.

In the following example, iptables will translate requests coming in at port 8443/udp and redirect them to where Wireguard is actually listening; 123/udp

iptables -t nat -I PREROUTING -i ens160 -d 10.87.132.254/32 -p udp -m multiport --dports 8443  -j REDIRECT --to-ports 123

Now connecting to :8443/udp (and still 123/udp, obviously) will access Wireguard, just that it's translated internally.

As always, change the arguments to fit your environment.

I needed an encoder-service waiting to handle ffmpeg-workloads, and decided to use systemctl and a fifo pipe, so jobs could be queued without the need of RabbitMQ/other.

I'm aware of DLQ and fancy scaling, however this does the trick and hasn't failed for years.

1) Create script for initiating the fifo pipe, save it at /opt/createWorkerPipe.sh:

#!/bin/bash
# pipe location
pipe=/tmp/ffmpeg-pipe

trap "rm -f $pipe" EXIT

# Initiate pipe
[[ -p $pipe ]] || mkfifo $pipe

while true; do
    exec 3<> $pipe
    read line < $pipe
    bash <<< "/opt/ffmpeg-worker.sh $line"
done

2) Create your ffmpeg-worker, with your ffmpeg args, at /opt/ffmpeg-worker.sh:

#!/bin/bash 
# Do ffmpeg stuff
/usr/bin/ffmpeg -y input.avi [yourargs] output.mp4

3) Create service file at /etc/systemd/system/ffmpeg-encoder.service:

[Unit]
Description=ffmpeg encoder service
DefaultDependencies=no
After=network.target

[Service]
Type=simple
User=www-data
Group=www-data
ExecStart=/opt/createWorkerPipe.sh:
TimeoutStartSec=0
RemainAfterExit=yes

[Install]
WantedBy=default.target

3) Reload systemctl daemon: systemctl daemon-reload

4) Enable service: systemctl enable ffmpeg-encoder.service

Verify the service state with: systemctl status ffmpeg-encoder.service

Verifying service status programatially can be done by running:

systemctl is-active --quiet ffmpeg-encoder.service

where exitcode 0 is the active state of the service.

I also wrote a simple ffmpeg-log-parser for polling state via PHP, but that's for another post.

Programatically fetching your quota/active utilization, etc. from Wasabi (wasabi.com) is pretty straightforward with their API.

1) Create a user at https://console.wasabisys.com/users with API-access

2) Create access keys for new subuser and assign permissions via policies. My user has the following policies assigned: WasabiReadOnlyAccess, WasabiViewAuditLogs, WasabiViewBillingAccess and WasabiViewEventNotifications

Query their API like so:

curl -H "Authorization: ACCESS-KEY:SECRET-KEY" https://billing.wasabisys.com/utilization

Note that no type of Authorization is set, no "Basic", "Digest", etc.

Getting this via jQuery is trivial, I've written a simple script for it you can try out.

Replace ACCESS-KEY and SECRETKEY on line 7 with your credentials.

For scaling a video with ffmpeg with a target of 1280px width or height, I use the following filters:

If the source width or height is less than 1280px, the original dimensions will be kept.

If the source width or height is larger than 1280px, the output is scaled to 1280px

Since scaling requires division by 2, the dimensions are calculated and ensured to add up

Change (both) '1280' to fit your output needs.

Escaping ruins the formatting, click here to get the source in plain text

One of my Veeam Backup Copy jobs failed for every VM in the job, reporting IO errors:

10/08/2023 08.29.02 :: Processing vSRX-18.3 Error: File does not exist. File: [vSRX-18.3.1D2023-08-09T020227_4DE4.vib]. Failed to open storage for read access. Storage: [vSRX-18.3.1D2023-08-09T020227_4DE4.vib]. Failed to restore file from local backup. VFS link: [summary.xml]. Target file: [MemFs://frontend::CDataTransferCommandSet::RestoreText_{13faea43-f648-4fee-8abb-630907bd1df7}]. CHMOD mask: [0]. Agent failed to process method {DataTransfer.RestoreText}. ...

The volume holding the VIBs, an external USB-drive forwarded to the Veeam guest within ESXi, was gone. Seemingly a failed drive.

VCSA failed to remove the USB Host device, with the error:

Invalid configuration for device '0'

Not being able to remove a missing device (the USB-controller), even when the VM is powered off, I had no choice but to manually delete it:

Simply remove the VM from the inventory - obviously not deleting it from VMFS.

Locating the device in the .VMX for the VM and removing the line from the configuration:

usb_xhci.autoConnect.device0 = "path:0/1/1/5 host:esxi7.rotteslottet.lan hostId:71 05 57 47 bf 16 10 d6-2c 0e 3c 7c 3f 11 9a f0 autoclean:1 deviceType:remote-host"

After trashing the failed drive, replacing it with a new one, and re-powering the USB-controller, I simply registered the VM via VCSA and started over with the local backup.

I wish it was possible to forcefully remove a virtual device via VCSA

Veeam suddenly failed backing up one of my VMs, a VM homed at a datastore with multiple other VMs - these VMs were backed up just fine.

My first thought was that the device backing the datastore, an old piece of spinning rust, was about to fail. The S.M.A.R.T.-info from ESXi was no help. Zero errors and a interesting runtime of 42 hours?

Retrying the backup didn't help. This single VM still failed to be backed up.

I tried booting of a live Ubuntu ISO to run fsck and found some bad sectors on the volume. Surely the physical drive will be replaced, but for now the backup can run without errors.

Details:

fsck arguments: -ccfky

ESXi version: 7.0.0, 16324942

VMFS version: 6

Veeam VBR version: 10.0.1.4854

Create an encrypted container for storage with LUKS

Change the names and paths to reflect your environment and needs

1) Make sure cryptsetup is installed: sudo apt update && apt install cryptsetup -y

2) Create an empty file for the container: sudo dd if=/dev/zero bs=1M of=/path/to/lukscontainer count=10240 (I prefer using a flat file, instead of a device, for portability)

3) Create the LUKS volume within the flat file: sudo cryptsetup luksOpen /path/to/lukscontainer container_crypt

4) Create a filesystem within the LUKS volume: sudo mkfs.ext4 /dev/mapper/container_crypt

5) Create a mountpoint for the container: sudo mkdir -p /storage/container/

6) Mount the container in your newly created mountpoint: sudo mount /dev/mapper/container_crypt /storage/container/

To easily unmount and mount the container in the future, create 2 simple scripts:

luksUnmountContainer.sh:

#!/bin/sh /usr/bin/umount /dev/mapper/container_crypt /sbin/cryptsetup luksClose /dev/mapper/container_crypt

luksMountContainer.sh:

#!/bin/sh /sbin/cryptsetup luksOpen /path/to/lukscontainer container_crypt /usr/bin/mount /dev/mapper/container_crypt /storage/container/

(the editor in htmly isn't playing nice, insert linebreaks manually)

Make the scrips executable with chmod +x luks*Container.sh and run them with ./

Make sure to upgrade your KDF to argon2id (default for latest version at the time of writing): https://mjg59.dreamwidth.org/66429.html

In case monitoring of vSRX/SRX-licensing isn't available from the official solutions from Juniper, one still might want to be in the know, before Junos stops pushing packets.

Managing a growing number of vSRX'es deployed around the world, I didn't want to manually check licenses. I had to make a quick'n'dirty solution. So I did.

The "solution" is rather simple; create a read-only user in Junos. Run a command via SSH, store the result and repeat. It has been a while, so you'd need some old repo's or rewrite some stuff.

Tested with versions:

php-cli 5.5.9
sed (GNU sed) 4.2.2

0) Create read-only users on each device (assuming 'readonlyuser' in this example) and replace 'SECRETPASSWORD' with your set password for 'readonlyuser'.

0.1) Connect to the devices with ssh to accept their keys. There might be a way to accomplish this blindly, however that is beyond the scope of this post.

1) Create a table for storing license data:

CREATE TABLE `vsrx-licenses` (
  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
  `timestamp` int(12) DEFAULT NULL,
  `host` varchar(64) DEFAULT NULL,
  `expirationdate` varchar(10) DEFAULT NULL,
  `daystoexpire` int(3) DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;

2) Create file parseXML.php in /home/derp/vsrx-fetch-license/

<?php
// Configure database connection
function connectToDatabase($database) {
  $link = mysql_connect("DBHOST","DBUSER","DBPASS");
  $db = mysql_select_db($database, $link);
  mysql_set_charset('utf8',$link);
}

// Define function to calc days to expire
function daysToExpire($expireDate) {
  $todaysDate = date("Y-m-j");
  $origin = new DateTime($todaysDate);
  $target = new DateTime($expireDate);
  $interval = $origin->diff($target);
  return $interval->format('%a');
}

// Execute magics
connectToDatabase('DBNAME');
$timeNow = time();

$xmlFile = '/home/derp/vsrx-fetch-license/'.$argv[1];
$licenses = json_decode(json_encode((array) simplexml_load_file($xmlFile)), 1);
$licenseDetails = array_column($licenses, 'feature-summary');

// 
$deviceNoExt = substr($argv[1], 0, -4);
$deviceClean = substr($deviceNoExt, 34);

// Clear existing count to reduce db-size, optional
#mysql_query("DELETE FROM `vsrx-licenses`");

foreach ($licenseDetails[0] as $element) {
    if ($element['licensed'] != 0 && isset($element['end-date'])) {
    $deviceEndDate = $element['end-date'];
    $deviceDaysToExpire = daysToExpire($deviceEndDate);

    mysql_query("INSERT INTO `vsrx-licenses`
    (id, timestamp, host, expirationdate, daystoexpire)
    VALUES (null, '$timeNow', '$deviceNoExt', '$deviceEndDate', '$deviceDaysToExpire')") or die(mysql_error());
        echo 'License for device '.$deviceNoExt.' expires: '.$deviceEndDate.'
';
    }
}

3) Create file fetch-licenses.sh in /home/derp/vsrx-fetch-license/. Replace vsrx01.domain.tld ... with the hostnames of your devices

#!/bin/bash
# Clear old logs
napTime=3
/bin/rm /home/derp/vsrx-fetch-license/*.xml
/usr/bin/php /home/derp/vsrx-fetch-license/wipeDB.php
vsrxDevices=("vsrx01.domain.tld" "vsrx02.domain.tld" "vsrx03.domain.tld")
echo "Fetching licenses..."
for device in ${vsrxDevices[@]}; do
  echo "Fetching license details for device $device"
  /home/derp/vsrx-fetch-license/vsrx-expect.sh $device > /home/derp/vsrx-fetch-license/$device.xml
  /bin/sed -i -n '2,$p' /home/derp/vsrx-fetch-license/$device.xml
  /bin/sed -i -n '2,$p' /home/derp/vsrx-fetch-license/$device.xml
  /usr/bin/php /home/derp/vsrx-fetch-license/parseXML.php $device.xml
  echo "Napping for $napTime seconds..."
  sleep $napTime
done
echo "All done!"

4) Add execution to cron:

0 * * * * /bin/bash /home/derp/vsrx-fetch-license/fetch-licenses.sh > /home/derp/vsrx-fetch-license/fetch.log 2>&1

5) Create file vsrx-expect.sh in /home/derp/vsrx-fetch-license/ and replace values.

#!/usr/bin/expect -f
set timeout 20000
match_max 100000
set vsrxhost [lindex $argv 0];
spawn ssh -o "StrictHostKeyChecking=no" readonlyuser@$vsrxhost "show system license usage |display xml|no-more"
expect "Password:"
send "SECRETPASSWORD\r"
expect "*>"
expect eof

If all goes well, the database is updated every hour. Each run takes around 5 minutes in my case. Check the logfile /home/derp/vsrx-fetch-license/fetch.log for details after the first run.

I've added a panel in Grafana:

Query is configured as follows:

SELECT host as "Hostname", FROM_UNIXTIME(timestamp-3600) as "Licens opdateret", expirationdate as "Udløbsdato", daystoexpire as "Dage til udløb"
FROM `vsrx-licenses`
ORDER BY daystoexpire asc

Good luck.

To upgrade the PoE controller software in the device, run the following command with your fpc-slot id:

request system firmware upgrade poe fpc-slot 0

To get the status of the upgrade, issue the following command for details:

root> show poe controller
Controller  Maximum   Power         Guard    Management   Status        Lldp
index       power     consumption   band                                Priority
   0**      124W      0.00W           0W                  DOWNLOAD_INIT Disabled

...

root> show poe controller
Controller  Maximum   Power         Guard    Management   Status        Lldp
index       power     consumption   band                                Priority
   0**      124W      0.00W           0W                  SW_DOWNLOAD(43%) Disabled

The download requires no network connectivity, as the sofware is stored on the device.

On my EX2300-C, the download progress went to a halt at 95%, I figured it was simply installing:

Controller  Maximum   Power         Guard    Management   Status        Lldp
index       power     consumption   band                                Priority
   0**      124W      0.00W           0W                  SW_DOWNLOAD(95%) Disabled

a few minutes later, the install process had ended:

Controller  Maximum   Power         Guard    Management   Status        Lldp
index       power     consumption   band                                Priority
   0        124W      0.00W           0W                  AT_MODE       Disabled

As per intructions; Please Reboot the system after Upgrade is complete

Should you for some reason need to install a Wordpress-site, here are the basics:

1) Install packages, run:

apt install libapache2-mod-php apache2 php-gd php-mysql php-zip mariadb-server -y

2) Secure MariaDB, run:

mysql_secure_installation

and go through the wizard:

<Enter> to set password if empty
N for no Unix socket
Y to change root pass
Y to remove anonymous users
Y to disallow remote root login
Y to remove test db
Y to reload privilege table

3) Create a user, a database and set permissions

Connect to MariaDB, run:

mysql -uroot -p

Create a user, run:

CREATE USER 'wordpress'@'localhost' IDENTIFIED BY 'V3RY_S3CR3T_P4SSW0RD';

Create database, run:

CREATE DATABASE wordpress;

Set permissions for database and user, run:

GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpress'@'localhost';

Apply changes, run:

FLUSH PRIVILEGES;

Exit from MariaDB, run:

quit

4) Download latest version of Wordpress

cd /var/www/html/ && wget https://wordpress.org/latest.tar.gz

5) Extract Wordpress archive

tar xzf latest.tar.gz

6) Move files from newly created "wordpress"-folder and delete it, including the default index.html from the Apache install

mv wordpress/* . && rm -rf wordpress/

7) Set permissions to Wordpress-install, if not already properly configured

chown -R www-data: /var/www/html/

Browse to the webserver and complete the installation wizard.

Consider the following policy:

security {
    policies {
        from-zone untrust to-zone junos-host {
            policy pub-ping {
                match {
                    source-address any;
                    destination-address any;
                    application junos-icmp-ping;
                }
                then {
                    permit;
                }
            }
        }
    }
}

Security policy details:

Policy: pub-ping, action-type: permit, State: enabled, Index: 20, Scope Policy: 0
  Policy Type: Configured
  Sequence number: 1
  From zone: untrust, To zone: junos-host
  Source addresses:
    any-ipv4: 0.0.0.0/0
    any-ipv6: ::/0
  Destination addresses:
    any-ipv4(global): 0.0.0.0/0
    any-ipv6(global): ::/0
  Application: junos-icmp-ping
    IP protocol: icmp, ALG: 0, Inactivity timeout: 60
      ICMP Information: type=8, code=0
  Per policy TCP Options: SYN check: No, SEQ check: No, Window scale: No

When using match-policies in Junos, a match for icmp ping is not found unless the source-port is 2048.

Example matching for source-port 2049 (or any other port):

spiderpig@vsrx-lab> show security match-policies from-zone untrust to-zone junos-host source-ip 1.2.3.4 destination-ip 3.4.5.6 source-port 2049 destination-port 1234 protocol icmp
Policy: deny-all, action-type: deny, State: enabled, Index: 19
0
  Policy Type: Configured
  Sequence number: 4
  From zone: untrust, To zone: junos-host
  Source addresses:
    any-ipv4: 0.0.0.0/0
    any-ipv6: ::/0
  Destination addresses:
    any-ipv4(global): 0.0.0.0/0
    any-ipv6(global): ::/0
  Application: any
    IP protocol: 0, ALG: 0, Inactivity timeout: 0
      Source port range: [0-0]
      Destination port range: [0-0]
  Per policy TCP Options: SYN check: No, SEQ check: No, Window scale: No

The above result matches the last policy in the sequence, not the one permitting icmp ping

Example matching for source-port 2048:

spiderpig@vsrx-lab> show security match-policies from-zone untrust to-zone junos-host source-ip 1.2.3.4 destination-ip 3.4.5.6 source-port 2048 destination-port 1234 protocol icmp
Policy: pub-ping, action-type: permit, State: enabled, Index: 20
0
  Policy Type: Configured
  Sequence number: 1
  From zone: untrust, To zone: junos-host
  Source addresses:
    any-ipv4: 0.0.0.0/0
    any-ipv6: ::/0
  Destination addresses:
    any-ipv4(global): 0.0.0.0/0
    any-ipv6(global): ::/0
  Application: junos-icmp-ping
    IP protocol: icmp, ALG: 0, Inactivity timeout: 60
      ICMP Information: type=8, code=0
  Per policy TCP Options: SYN check: No, SEQ check: No, Window scale: No

The above example matches the policy permitting icmp ping.

Junos version: 18.3R1.9

When sending alerts from MegaRAID Storage Manager (MSM) fails, even though the SMTP-server configuration is correct and the network access is permitted, it might be due to what I believe is a bug in MSM.

I've seen this issue in servers with multiple NICs/servers having changes made to the pNICs after configuring MSM.

In short, the configuration utility does not bind to the correct IP-address/NIC when saving the configuration. This setting is nowhere to be seen in MSM, which is why it took me hours to figure out. To check and potentially fix the issue, do the following:

1) Open MSM and navigate to Tools > Monitor Configure Alerts

2) Make sure the settings for the SMTP-server are correct

3) Click Save Backup, store the file monitorconfig.xml on the Desktop and click "OK" to close the Configure Alerts-window

4) Edit monitorconfig.xml with Notepad or another text-editor

5) Find the <nic>-tag in the file and set it to the IP-address of the interface that should be used to access the SMTP-server

Example, see last line:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<monitor-config>
<actions>
<popup/>
<email>
<nic>10.106.22.40</nic>
...

6) Save the file and return to MSM

7) Navigate to Tools > Monitor Configure Alerts

8) Click Load Backup, then Yes, select monitorconfig.xml and click OK

9) Navigate to Tools > Monitor Configure Alerts and test again

Note: The dialog may display "The test email could not be sent. Check the mail server settings and try again." - ignore this and check if the email is delivered within a few minutes.

I don't know the mechanism MSM uses for verifying the email is sent - more often than not, the error displays but the email is delivered anyway.

Versions tested: 16.05.04.01, 17.05.00.02, 17.05.01.03

Valheim beta is regularly updated, this goes for both server and client. The client is usually updated automatically via Steeam, however the dedicated server is not. When the versions mismatch, ie: the server is behind; clients can no longer connect to the server.

Updating the server to the latest beta is easy, yet manual. I've written a few scripts to take care of this process. It could be improved in many ways, but it works so why bother.

Note: This procedure requires steamcmd

1) Create a start-script for Valheim, mine is called valheim.sh and is placed with the binary:

#!/bin/sh
export templdpath=$LD_LIBRARY_PATH
export LD_LIBRARY_PATH=./linux64:$LD_LIBRARY_PATH
export SteamAppID=892970
echo "Starting server PRESS CTRL-C to exit"
./valheim_server.x86_64 -name "valheim" -port 12345 -nographics -batchmode -world "worldname>" -password "password" -public 1
export LD_LIBRARY_PATH=$templdpath

2) Start a screen named valheim by running screen -S valheim

3) Run valheim.sh to start the dedicated server and detach from the screen

4) Create a new script called valheim_nightly_update.sh with the following content:

#!/bin/bash
VALSCREEN=valheim
echo "Sending Control+C to $VALSCREEN"
screen -S $VALSCREEN -X stuff $'�03'
echo "Sleeping 10 seconds, let Valheim server shut down..."
sleep 10
echo "Sleep done"
echo "Running update check and install..."
/bin/bash /home/aners/valheim/InstallUpdate.sh
echo "Update check and install complete, sleeping 5 seconds"
sleep 5
echo "Starting Valheim-server"
screen -S valheim -X stuff 'sh /home/aners/valheim/valheim.sh'`echo -ne '�15'`

5) Create a crontab for the script with a runtime of your chosing

Mine looks like this:

# m h  dom mon dow   command
0 5 * * * /bin/bash /home/aners/valheim_nightly_update.sh

Every morning, my Valheim server is stopped, updated and restarted.

First use the storcli binary to identify failed drives on each controller (sure, multiple instances of grep could be improved with regex)

./storcli /cALL/eALL/sALL show all|grep Failure|grep -vi predict

   Example output:

Status = Failure
/c0/e1/s5  Failure    46 -

  Start locating the failed drive:

./storcli /c0/e1/s5 start locate

  Example output:

CLI Version = 007.1017.0000.0000 May 10, 2019
Operating system = VMkernel 6.7.0
Controller = 0
Status = Success
Description = Start Drive Locate Succeeded.

   Stop locating the failed drive:

./storcli /c0/e1/s5 stop locate

  Example output:

CLI Version = 007.1017.0000.0000 May 10, 2019
Operating system = VMkernel 6.7.0
Controller = 0
Status = Success
Description = Stop Drive Locate Succeeded.

  To stop locate for all controllers, run the following command:

./storcli /cALL set activityforlocate=off

1) Go to Network Preferences

2) Configure IP-address on the wired connection: 10.39.105.2/24

3) Edit a new file for the server-configuration, run sudo nano /etc/bootpd.plist and add:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
    <dict>
      <key>bootp_enabled</key>
      <false/>
      <key>detect_other_dhcp_server</key>
      <integer>1</integer>
      <key>dhcp_enabled</key>
      <array>
        <string>en0</string>
      </array>
      <key>reply_threshold_seconds</key>
      <integer>0</integer>
      <key>Subnets</key>
      <array>
        <dict>
          <key>allocate</key>
          <true/>
          <key>dhcp_router</key>
          <string>10.39.105.1</string>
          <key>lease_max</key>
          <integer>86400</integer>
          <key>lease_min</key>
          <integer>86400</integer>
          <key>name</key>
          <string>10.39.105</string>
          <key>net_address</key>
          <string>10.39.105.0</string>
          <key>net_mask</key>
          <string>255.255.255.0</string>
          <key>net_range</key>
          <array>
            <string>10.39.105.100</string>
            <string>10.39.105.200</string>
          </array>
        </dict>
      </array>
    </dict>
</plist>

Save the file by hitting Ctrl+X then typing y and then hit the enter-key

4) Start the DHCP-daemon: sudo /bin/launchctl load -w /System/Library/LaunchDaemons/bootps.plist  

5) Stop the DHCP-daemon: sudo /bin/launchctl unload -w /System/Library/LaunchDaemons/bootps.plist

Use ovftool to deploy the image directly to the ESXi-host instead:

ovftool -dm=thick -ds=<DATASTORENAME> -n=<VMNAME> --net:"VM Network"="<VMNETWORKNAME>" "junos-media-vsrx-x86-64-vmdisk-18.2R1.9.scsi.ova" vi://[email protected]

Replace with your own settings

Enable IKE debug logging in Junos by configuring the following:

set security ike traceoptions file ike-debug
set security ike traceoptions file size 10m
set security ike traceoptions file files 2
set security ike traceoptions flag all
set security ike traceoptions level 15
set security ike traceoptions gateway-filter local-address 10.0.0.123 remote-address 172.16.0.123

The log file is written to /var/log/ - disable the configuration when it's no longer needed, to not wear down the CF/SSD in the device.

Extras:

request security ike debug-enable local 10.0.0.123 remote 172.16.0.123

show security ike traceoptions

show security ike debug-status

Add the following line to /etc/fstab to create an 8 GB RAM-drive in Linux with tmpfs

tmpfs           /mnt/ramdisk tmpfs      defaults,size=8192M 0 0

Mount with sudo mount -a and use /mnt/ramdisk/

If a snapshot seems stuck, use the console to verify a task is actually running:

1) Run vim-cmd vmsvc/getallvms and note the relevant VM-ID 2) Run vim-cmd vmsvc/get.tasklist <VM-ID> and note the Task-id 3) Run vim-cmd vimsvc/task_info <Task-id> to get task status 4) Browse to the VMs location on the datastore and run watch -d 'ls -lut | grep -E "delta|flat|sesparse"' to monitor the process

First fetch a list of VMFS:

esxcli storage filesystem list

For VMFS' where unmapping is supported, run:

esxcli storage vmfs unmap --volume-label=<label> | --volume-uuid=<uid>  [--reclaim-unit=<blocks>]

To save monitoring to a pcap-file in Junos, use the write-file argument:

monitor traffic interface ge-0/0/1.0 write-file test.pcap

The file will be saved in /cf/var/home/<userid>/test.pcap

To read back the file in the Junos CLI, use the read-file argument:

monitor traffic read-file test.pcap

Set TERM to xterm, before running esxtop to get a usable output, when the terminal/tty is not supported; run the following command to do so:

TERM=xterm esxtop

Run vim-cmd vmsvc/getallvms to get a list of VM IDs (pipe to grep -i to filter)

With the ID from the second column, use the following command to fetch the uptime (replace 12345 with your VMs ID)

vim-cmd vmsvc/get.summary 12345 |grep "uptimeSeconds"

Crop 8 seconds of a video, starting from 3 seconds, using the copy method (no reencode)

ffmpeg -i input.mp4 -ss 00:00:03 -t 00:00:08 -c copy output-crop.mp4

Rip 3 seconds of audio from a video, starting from the 7 second mark:

ffmpeg -ss 7 -t 3.0 -i source.mp4 output.mp3

EX3400 is boot looping. The kernel cannot be found, reinstall is required.

Power off the EX3400

1) Download the appropriate image for the device (ex: "junos-install-media-usb-arm-32-15.1X53-D59.4-limited.img.gz")

2) Extract the image

3) Write the extracted image to a USB-device using dd with bs=1m or bs=1M depending on version

4) Insert the USB-device and power on the EX3400

5) Hit 5 for [M]ore options and 5 again for [B]oot prompt

6) Run lsdev and confirm device disk1s1a exists

7) Run set currdev="disk1s1a"

8) Run include /boot/loader.rc to reboot the device

9) Wait for the installation to complete - be patient.

Disable vmkusb module in ESXi 6.5 and switch to legacy stack:

esxcli system module set -m=vmkusb -e=FALSE

Reenable vmkusb:

esxcli system module set -m=vmkusb -e=TRUE

Either change requires rebooting of ESXi

Disable native driver and revert to sata-ahci:

esxcli system module set --enabled=false --module=vmw_ahci

Reenable native driver from sata-ahci:

esxcli system module set --enabled=true --module=vmw_ahci

./pyproxy.py --tcp -s 172.16.16.81:12345 -d domain.tld:12345 -v

Script source-code: download here

Use wget and perl to reboot a Netgear ISP provided CPE/modem/router from comandline. Replace IP-address and 'REALPASSWORD' with your own settings

id=$(wget --quiet -O- --http-user admin --http-password password http://192.168.100.1/RouterStatus.htm | perl -lne '/id=([0-9]+)/ && print $1'); wget --quiet --http-user admin --http-password REALPASSWORD --post-data 'buttonSelect=2' http://192.168.100.1/goform/RouterStatus?id="$id"

openssl pkcs12 -inkey certificate.key -in certificate.pem -export -out certificate.pfx