zabbix говорит
23549:20170713:062500.637 SNMP agent item "ifOutMulticastPkts.5" on host "router1.tech.com" failed: another network error, wait for 15 seconds
# snmpget -v2c -c public router1.tech.com ifOutMulticastPkts.5
IF-MIB::ifOutMulticastPkts.5 = Counter32: 0
Как бы все просто, в users.conf вяжем MAC аппарата c учеткой
[121](phones)
username=121
secret=qdfsdfsdwrsdf86
callerid=121 <121>
autoprov=yes
profile=YealinkT21PE2
macaddress=001565E36E4C
#!version:1.0.0.1
### This file is the exported MAC-all.cfg.
account.1.enable = 1
account.1.password = qdfsdfsdwrsdf86
account.1.label =
account.1.user_name = 115
#!version:1.0.0.1
### This file is the exported MAC-all.cfg.
account.1.enable = 1
account.1.password = ${SECRET}
account.1.label = ${LABEL}
account.1.user_name = ${USERNAME}
account.X.enable = 1
На компьютере три интерфейса:
eth0:
# ifconfig eth0 |grep "inet addr"
inet addr:192.168.1.38 Bcast:192.168.1.255 Mask:255.255.255.0
# ifconfig tun0 |grep "inet addr"
inet addr:172.16.238.1 P-t-P:172.16.238.2 Mask:255.255.255.255
# ifconfig tun1 |grep "inet addr"
inet addr:172.16.206.127 P-t-P:172.16.206.127 Mask:255.255.255.255
За интерфейсом tun1 есть сети:
Задача при выходе трафика через локальные интерфейсы:
включать натацию трафика.
Я вот так это вижу:
iptables -t nat -D POSTROUTING -s 172.16.206.0/24 -d 172.16.238.0/24 -j SNAT --to-source 172.16.238.1
iptables -t nat -D POSTROUTING -s 172.16.206.0/24 -d 192.168.1.0/24 -j SNAT --to-source 192.168.1.38
iptables -t nat -D POSTROUTING -s 192.168.206.0/24 -d 172.16.238.0/24 -j SNAT --to-source 172.16.238.1
iptables -t nat -D POSTROUTING -s 192.168.206.0/24 -d 192.168.1.0/24 -j SNAT --to-source 192.168.1.38
Дано:
iperf говорит про VPN туннель:
[ 5] local 172.16.3.1 port 5001 connected with 172.16.3.4 port 47046
[ 5] 0.0-12.9 sec 2.62 MBytes 1.70 Mbits/sec
[ 5] local 172.16.3.1 port 5001 connected with 172.16.3.4 port 47049
[ 5] 0.0-12.5 sec 2.50 MBytes 1.68 Mbits/sec
Меняем Asus на Mikrotik RB951Ui-2HnD и получаем скорсоть в VPN туннеле:
[ 3] local 172.16.3.4 port 48122 connected with 172.16.3.1 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-11.7 sec 896 KBytes 629 Kbits/sec
При (вроде) верной настройке сервера и клиента, свой манифест хост клиента не видит. Получает каталог но он пустой, всегда не ставит пакеты mc, ntp, screen.
puppetmaster
# puppet --version
3.8.4
# uname -a
Linux puppet 3.2.0-4-amd64 #1 SMP Debian 3.2.68-1+deb7u6 x86_64 GNU/Linux
# cat /etc/puppet/environments/souz/manifest/souz.pp
node 'souz' {
$base_packages = [ 'mc', 'ntp', 'screen']
package { $base_packages:
ensure => present,
}
}
puppet
# puppet --version
3.8.7
# uname -a
Linux souz 2.6.32-504.23.4.el6.x86_64 #1 SMP Tue Jun 9 20:57:37 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
# cat /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
pluginsync = true
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
server=puppet.local
report=true
environment=souz
Запускает puppet agent
# puppet agent --verbose --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for souz
Info: Applying configuration version '1499021530'
Notice: Finished catalog run in 0.14 seconds
Jul 2 21:52:10 puppet puppet-master[30373]: Compiled catalog for souz in environment souz in 0.05 seconds
Jul 2 21:52:10 puppet puppet-master[30373]: (//souz/Puppet) Finished catalog run in 0.14 seconds
[2017-07-02 21:52:05] 77.183.123.133 - - [02/Jul/2017:21:52:05 MSK] "GET /souz/node/souz?fail_on_404=true&transaction_uuid=33c7019b-2b88-4881-bce8-afda1179be7c HTTP/1.1" 200 4029
[2017-07-02 21:52:05] - -> /souz/node/souz?fail_on_404=true&transaction_uuid=33c7019b-2b88-4881-bce8-afda1179be7c
[2017-07-02 21:52:05] 77.183.123.133 - - [02/Jul/2017:21:52:05 MSK] "GET /souz/file_metadatas/pluginfacts?recurse=true&checksum_type=md5&links=manage&ignore=.svn&ignore=CVS&ignore=.git HTTP/1.1" 200 298
[2017-07-02 21:52:05] - -> /souz/file_metadatas/pluginfacts?recurse=true&checksum_type=md5&links=manage&ignore=.svn&ignore=CVS&ignore=.git
[2017-07-02 21:52:06] 77.183.123.133 - - [02/Jul/2017:21:52:06 MSK] "GET /souz/file_metadatas/plugins?recurse=true&checksum_type=md5&links=manage&ignore=.svn&ignore=CVS&ignore=.git HTTP/1.1" 200 32765
[2017-07-02 21:52:06] - -> /souz/file_metadatas/plugins?recurse=true&checksum_type=md5&links=manage&ignore=.svn&ignore=CVS&ignore=.git
[2017-07-02 21:52:10] 77.183.123.133 - - [02/Jul/2017:21:52:10 MSK] "POST /souz/catalog/souz HTTP/1.1" 200 566
[2017-07-02 21:52:10] - -> /souz/catalog/souzr
[2017-07-02 21:52:10] 77.183.123.133 - - [02/Jul/2017:21:52:10 MSK] "PUT /souz/report/souz HTTP/1.1" 200 22
[2017-07-02 21:52:10] - -> /souz/report/souz
При включени питания GoIP4 вижу
GOIP41/GOIP41 192.168.2.34 D No No A 5060 OK (7 ms)
GOIP42/GOIP42 192.168.2.34 D No No A 5060 OK (8 ms)
GOIP43/GOIP43 192.168.2.34 D No No A 5060 OK (8 ms)
GOIP44/GOIP44 192.168.2.34 D No No A 5060 OK (211 ms)
GOIP41/GOIP41 (Unspecified) D No No A 0 OK (7 ms)
GOIP42/GOIP42 (Unspecified) D No No A 0 OK (8 ms)
GOIP43/GOIP43 (Unspecified) D No No A 0 OK (8 ms)
GOIP44/GOIP44 (Unspecified) D No No A 0 OK (211 ms)
call2responsible.sql
SELECT IFNULL(
(SELECT u.phone_crm_extension AS phone
FROM vtiger_account AS acc
LEFT JOIN vtiger_crmentity AS e ON e.crmid = acc.accountid
LEFT JOIN vtiger_users AS u ON u.id = e.smownerid
WHERE
(acc.phone =7930
OR acc.otherphone =7930
OR acc.fax =7930)
AND e.deleted = 0
GROUP BY phone
LIMIT 1),
IFNULL(
(SELECT u.phone_crm_extension AS phone
FROM vtiger_contactdetails AS cd
LEFT JOIN vtiger_crmentity AS e ON e.crmid = cd.contactid
LEFT JOIN vtiger_users AS u ON u.id = e.smownerid
WHERE
(cd.phone =7930
OR cd.mobile =7930
OR cd.fax =7930)
AND e.deleted =0
GROUP BY phone
LIMIT 1),
IFNULL(
(SELECT u.phone_crm_extension AS phone
FROM vtiger_leadaddress
AS la
LEFT JOIN vtiger_crmentity AS e ON e.crmid = la.leadaddressid
LEFT JOIN vtiger_users AS u ON u.id = e.smownerid WHERE(
la.phone =7930
OR la.mobile =7930
OR la.fax =7930)
AND e.deleted =0 GROUP BY phone
LIMIT 1),
'103'
)
)
);
# mysql -u root -p'573351' vtigercrm < call2responsible.sql
IFNULL(
(SELECT u.phone_crm_extension AS 'phone'
FROM vtiger_account AS acc
LEFT JOIN vtiger_crmentity AS e ON e.crmid = acc.accountid
LEFT JOIN vtiger_users AS u ON u.id = e.smownerid
WHERE
(acc.phone =7930
OR acc.other
199
phone
199
199
Машинка с Alfresco крутится, система зарекомендовала себя пользуемся. Кончается место в репозитории. Стоит задача подмонтировать к /opt/alfresco-community/alf_data большее пространство и перенести туда данные:
alf_data
├── contentstore
├── contentstore.deleted
├── keystore
├── oouser
├── postgresql
├── solr4
└── solr4Backup
Задача:
Решение:
Технологии и оборудование:
Годно? или DRBD? или на СХД потратиться?
Имею Gnome
Linux debian 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2 (2017-04-30) x86_64 GNU/LinuxPRETTY_NAME="Debian GNU/Linux 8 (jessie)"
NAME="Debian GNU/Linux"
VERSION_ID="8"
VERSION="8 (jessie)"
ID=debian
HOME_URL="http://www.debian.org/"
SUPPORT_URL="http://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/
Дано:
Необходимо:
С помощью puppet реплицировать преднастронные групповые политики на всех агентов.
Что для это уже есть?
Кто нибудь экспериментирвал с этим: Сервер терминалов для 1С по протоколу RDP на linux: рекомендации по настройке с учетом опыта реальной эксплуатации? Что с пробросом принтеров? Что со скоростью отрисовки. Стоит ли? База файловая!
Стартуем ovpn сервер
tls-server
daemon ovpn1
proto udp
port 1195
dev tap
comp-lzo
ca /usr/share/easy-rsa/keys/ca.crt
cert /usr/share/easy-rsa/keys/ovpn1.crt
key /usr/share/easy-rsa/keys/ovpn1.key
dh /usr/share/easy-rsa/keys/dh2048.pem
status /var/log/openvpn/ovpn1.log
log /var/log/openvpn/ovpn1.log
management 127.0.0.1 6001
script-security 2
up /etc/openvpn/braddif.sh
down /etc/openvpn/brdelif.sh
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.ee1b119301a1 no tap0
Посылаю broadcast на tap0
ping -b 192.168.0.255 -I tap0
ping: Warning: source address might be selected on device other than tap0.
PING 192.168.0.255 (192.168.0.255) from 192.168.206.200 tap0: 56(84) bytes of data.
From 192.168.206.200 icmp_seq=1 Destination Host Unreachable
From 192.168.206.200 icmp_seq=2 Destination Host Unreachable
From 192.168.206.200 icmp_seq=3 Destination Host Unreachable
From 192.168.206.200 icmp_seq=4 Destination Host Unreachable
From 192.168.206.200 icmp_seq=5 Destination Host Unreachable
Клиент Не вижу ниодного пакета на tap0
tcpdump -i tap0
При поднятии туннеля (--up=script.sh), загоняю интерфейс tap в существующий мост br0 скриптом:
#!/bin/sh
ifconfig $dev up
ip link set up dev $dev
brctl addif br0 $dev
ip link set up dev br0
May 28 16:56:05 pbx kernel: [537315.276478] device tap0 entered promiscuous mode
May 28 16:56:05 pbx kernel: [537315.276786] br0: port 1(tap0) entered forwarding state
May 28 16:56:05 pbx kernel: [537315.276836] br0: port 1(tap0) entered forwarding state
May 28 16:56:06 pbx kernel: [537316.274317] br0: port 1(tap0) entered forwarding state
May 28 16:56:09 pbx ntpd[10881]: Listen normally on 36 tap0 fe80::443e:3bff:fe23:4bd8 UDP 123
May 28 16:56:09 pbx ntpd[10881]: peers refreshed
May 28 16:58:05 pbx kernel: [537434.766200] br0: port 1(tap0) entered disabled state
May 28 16:58:05 pbx kernel: [537434.766457] device tap0 left promiscuous mode
May 28 16:58:05 pbx kernel: [537434.766508] br0: port 1(tap0) entered disabled state
May 28 16:58:07 pbx ntpd[10881]: Deleting interface #36 tap0, fe80::443e:3bff:fe23:4bd8#123, interface stats: received=0, sent=0, dropped=0, active_time=118 secs
На мосту br0 висит только DHCP. На tap0 пока нет соединений. brctl setfd br0 0 сделано.
Имеется hash
$phone={
'100' => { 'pass' => "qwrsdf86",
'mac' => "00:15:65:e0:68:47",
'profile' => "YealinkT21PE2",
},
'101' => { 'pass' => "qwrsdf86",
'mac' => "00:15:65:e0:68:48",
'profile' => "YealinkT21PE2",
},
'102' => { 'pass' => "qwrsdf86",
'mac' => "00:15:65:e0:68:49",
'profile' => "YealinkT21PE2",
},
}
Требуется поллучить такой вид
$vpn_name_key=["001565e06847", "001565e06848", "001565e06849"]
Пытаюсь пересобрат hash в array такой конструкцией
$vpn_name_key=[]
$phone.each |$index, $value| {
$linemac = regsubst($value['mac'], ':', '', 'G')
$vpn_name_key = $vpn_name_key + [$linemac]
}
Переменная:
$phone={
'100' => { 'pass' => "123",
'mac' => "00:15:65:e0:68:47",
'profile' => "YealinkT21PE2",
},
'101' => { 'pass' => "123",
'mac' => "00:15:65:e0:68:47",
'profile' => "YealinkT21PE2",
},
'102' => { 'pass' => "123",
'mac' => "00:15:65:e0:68:47",
'profile' => "YealinkT21PE2",
},
}
Шаблон:
<% @users.each do |val| -%>
[<%= val[0] %>](phones)
username=<%= val[0] %>
secret=<%= val[1]["pass"] %>
callerid=<%= val[0] %> <<%= val[0] %>>
autoprov=yes
profile=<%= val[1]["profile"] %>
macaddress=<%= val[1]["mac"] %>
<% end -%>
Задача у переменной
<%= val[1][«mac»] %>
убрать ":". т.е надо что бы
было 00:15:65:e0:68:47, стало 001565e06847
Хочется передать переменную $psql при инициализации класса postgresql и использовать ее в postgresql::config
3 node 'server.local' {
30 $psql = {
31 'db' => 'dbname',
32 'user' => 'username',
33 'passwd' => 'userpasswd',
34 }
38 class {'postgresql':}
58 }
1 class postgresql {
2
3 class { 'postgresql::install': }
4 class { 'postgresql::service': }
5 class { 'postgresql::config': }
6
7 }
1 class postgresql::config (
2 $psql_db = 'dbname',
3 $psql_user = 'username',
4 $psql_passwd = 'userpasswd'
5 ) {
49 }
66 опция в push dhcp-option не взлетит!?
А как тогда лучше 66 опицю послать клиенту?
Срок пришел продлиться и при продлении вижу:
root@tur:/etc/letsencrypt# certbot renew --quiet --no-self-upgrade
Attempting to renew cert from /etc/letsencrypt/renewal/tur.ru.conf produced an unexpected error: <Response [504]>. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/tur.ru/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
cat /etc/letsencrypt/renewal/tur.ru.conf
# renew_before_expiry = 30 days
version = 0.9.3
cert = /etc/letsencrypt/live/tur.ru/cert.pem
privkey = /etc/letsencrypt/live/tur.ru/privkey.pem
chain = /etc/letsencrypt/live/tur.ru/chain.pem
fullchain = /etc/letsencrypt/live/tur.ru/fullchain.pem
# Options used in the renewal process
[renewalparams]
authenticator = webroot
installer = None
account = 7e0---b8a
webroot_path = /var/www/tur.ru,
[[webroot_map]]
tur.ru = /var/www/tur.ru
Здравствуйте!
Есть МФУ сетевые. Требуется такое:
На чем можно реализовать?
| ← назад | следующие → |