На каждой площадке свою окружение (хосты и модули):
root@puppet:/etc/puppet# tree environments -L 1
environments
├── area1
├── area2
├── area3
└── area4
root@puppet:/etc/puppet# tree modules -L 1
modules
├── apt
├── bacula-fd
├── chocolatey
├── stdlib
└── zabbixagent
Ippon Back Power Pro LCD 400/500/600/700/800
Jul 18 15:49:57 pbx kernel: [170053.223696] usb 2-2: new low-speed USB device number 3 using ohci-pci
Jul 18 15:49:57 pbx kernel: [170053.442343] usb 2-2: New USB device found, idVendor=06da, idProduct=ffff
Jul 18 15:49:57 pbx kernel: [170053.442357] usb 2-2: New USB device strings: Mfr=1, Product=2, SerialNumber=4
Jul 18 15:49:57 pbx kernel: [170053.442364] usb 2-2: Product: Offline UPS
Jul 18 15:49:57 pbx kernel: [170053.442370] usb 2-2: Manufacturer: PPC
Jul 18 15:49:57 pbx kernel: [170053.442374] usb 2-2: SerialNumber: 000000000
Jul 18 15:49:57 pbx kernel: [170053.495382] hid-generic 0003:06DA:FFFF.0002: hiddev0,hidraw0: USB HID v1.00 Device [PPC Offline UPS] on usb-0000:00:02.0-2/input0
#cat /etc/nut/ups.conf
[Ippon]
driver = blazer_usb
port = auto
#port = /dev/ttyS0
#port = /dev/usb/hiddev0
desc = "Back Power Pro LCD 400/500/600/700/800"
ondelay=1
offdelay=60
# upsdrvctl start
Network UPS Tools - UPS driver controller 2.7.2
Network UPS Tools - Megatec/Q1 protocol USB driver 0.11 (2.7.2)
No supported devices found. Please check your device availability with 'lsusb'
and make sure you have an up-to-date version of NUT. If this does not help,
try running the driver with at least 'subdriver', 'vendorid' and 'productid'
options specified. Please refer to the man page for details about these options
(man 8 blazer_usb).
Driver failed to start (exit status=1)
zabbix говорит
23549:20170713:062500.637 SNMP agent item "ifOutMulticastPkts.5" on host "router1.tech.com" failed: another network error, wait for 15 seconds
# snmpget -v2c -c public router1.tech.com ifOutMulticastPkts.5
IF-MIB::ifOutMulticastPkts.5 = Counter32: 0
Как бы все просто, в users.conf вяжем MAC аппарата c учеткой
[121](phones)
username=121
secret=qdfsdfsdwrsdf86
callerid=121 <121>
autoprov=yes
profile=YealinkT21PE2
macaddress=001565E36E4C
#!version:1.0.0.1
### This file is the exported MAC-all.cfg.
account.1.enable = 1
account.1.password = qdfsdfsdwrsdf86
account.1.label =
account.1.user_name = 115
#!version:1.0.0.1
### This file is the exported MAC-all.cfg.
account.1.enable = 1
account.1.password = ${SECRET}
account.1.label = ${LABEL}
account.1.user_name = ${USERNAME}
account.X.enable = 1
На компьютере три интерфейса:
eth0:
# ifconfig eth0 |grep "inet addr"
inet addr:192.168.1.38 Bcast:192.168.1.255 Mask:255.255.255.0
# ifconfig tun0 |grep "inet addr"
inet addr:172.16.238.1 P-t-P:172.16.238.2 Mask:255.255.255.255
# ifconfig tun1 |grep "inet addr"
inet addr:172.16.206.127 P-t-P:172.16.206.127 Mask:255.255.255.255
За интерфейсом tun1 есть сети:
Задача при выходе трафика через локальные интерфейсы:
включать натацию трафика.
Я вот так это вижу:
iptables -t nat -D POSTROUTING -s 172.16.206.0/24 -d 172.16.238.0/24 -j SNAT --to-source 172.16.238.1
iptables -t nat -D POSTROUTING -s 172.16.206.0/24 -d 192.168.1.0/24 -j SNAT --to-source 192.168.1.38
iptables -t nat -D POSTROUTING -s 192.168.206.0/24 -d 172.16.238.0/24 -j SNAT --to-source 172.16.238.1
iptables -t nat -D POSTROUTING -s 192.168.206.0/24 -d 192.168.1.0/24 -j SNAT --to-source 192.168.1.38
Дано:
iperf говорит про VPN туннель:
[ 5] local 172.16.3.1 port 5001 connected with 172.16.3.4 port 47046
[ 5] 0.0-12.9 sec 2.62 MBytes 1.70 Mbits/sec
[ 5] local 172.16.3.1 port 5001 connected with 172.16.3.4 port 47049
[ 5] 0.0-12.5 sec 2.50 MBytes 1.68 Mbits/sec
Меняем Asus на Mikrotik RB951Ui-2HnD и получаем скорсоть в VPN туннеле:
[ 3] local 172.16.3.4 port 48122 connected with 172.16.3.1 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-11.7 sec 896 KBytes 629 Kbits/sec
При (вроде) верной настройке сервера и клиента, свой манифест хост клиента не видит. Получает каталог но он пустой, всегда не ставит пакеты mc, ntp, screen.
puppetmaster
# puppet --version
3.8.4
# uname -a
Linux puppet 3.2.0-4-amd64 #1 SMP Debian 3.2.68-1+deb7u6 x86_64 GNU/Linux
# cat /etc/puppet/environments/souz/manifest/souz.pp
node 'souz' {
$base_packages = [ 'mc', 'ntp', 'screen']
package { $base_packages:
ensure => present,
}
}
puppet
# puppet --version
3.8.7
# uname -a
Linux souz 2.6.32-504.23.4.el6.x86_64 #1 SMP Tue Jun 9 20:57:37 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
# cat /etc/puppet/puppet.conf
[main]
# The Puppet log directory.
# The default value is '$vardir/log'.
logdir = /var/log/puppet
# Where Puppet PID files are kept.
# The default value is '$vardir/run'.
rundir = /var/run/puppet
# Where SSL certificates are kept.
# The default value is '$confdir/ssl'.
ssldir = $vardir/ssl
pluginsync = true
[agent]
# The file in which puppetd stores a list of the classes
# associated with the retrieved configuratiion. Can be loaded in
# the separate ``puppet`` executable using the ``--loadclasses``
# option.
# The default value is '$confdir/classes.txt'.
classfile = $vardir/classes.txt
# Where puppetd caches the local configuration. An
# extension indicating the cache format is added automatically.
# The default value is '$confdir/localconfig'.
localconfig = $vardir/localconfig
server=puppet.local
report=true
environment=souz
Запускает puppet agent
# puppet agent --verbose --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for souz
Info: Applying configuration version '1499021530'
Notice: Finished catalog run in 0.14 seconds
Jul 2 21:52:10 puppet puppet-master[30373]: Compiled catalog for souz in environment souz in 0.05 seconds
Jul 2 21:52:10 puppet puppet-master[30373]: (//souz/Puppet) Finished catalog run in 0.14 seconds
[2017-07-02 21:52:05] 77.183.123.133 - - [02/Jul/2017:21:52:05 MSK] "GET /souz/node/souz?fail_on_404=true&transaction_uuid=33c7019b-2b88-4881-bce8-afda1179be7c HTTP/1.1" 200 4029
[2017-07-02 21:52:05] - -> /souz/node/souz?fail_on_404=true&transaction_uuid=33c7019b-2b88-4881-bce8-afda1179be7c
[2017-07-02 21:52:05] 77.183.123.133 - - [02/Jul/2017:21:52:05 MSK] "GET /souz/file_metadatas/pluginfacts?recurse=true&checksum_type=md5&links=manage&ignore=.svn&ignore=CVS&ignore=.git HTTP/1.1" 200 298
[2017-07-02 21:52:05] - -> /souz/file_metadatas/pluginfacts?recurse=true&checksum_type=md5&links=manage&ignore=.svn&ignore=CVS&ignore=.git
[2017-07-02 21:52:06] 77.183.123.133 - - [02/Jul/2017:21:52:06 MSK] "GET /souz/file_metadatas/plugins?recurse=true&checksum_type=md5&links=manage&ignore=.svn&ignore=CVS&ignore=.git HTTP/1.1" 200 32765
[2017-07-02 21:52:06] - -> /souz/file_metadatas/plugins?recurse=true&checksum_type=md5&links=manage&ignore=.svn&ignore=CVS&ignore=.git
[2017-07-02 21:52:10] 77.183.123.133 - - [02/Jul/2017:21:52:10 MSK] "POST /souz/catalog/souz HTTP/1.1" 200 566
[2017-07-02 21:52:10] - -> /souz/catalog/souzr
[2017-07-02 21:52:10] 77.183.123.133 - - [02/Jul/2017:21:52:10 MSK] "PUT /souz/report/souz HTTP/1.1" 200 22
[2017-07-02 21:52:10] - -> /souz/report/souz
При включени питания GoIP4 вижу
GOIP41/GOIP41 192.168.2.34 D No No A 5060 OK (7 ms)
GOIP42/GOIP42 192.168.2.34 D No No A 5060 OK (8 ms)
GOIP43/GOIP43 192.168.2.34 D No No A 5060 OK (8 ms)
GOIP44/GOIP44 192.168.2.34 D No No A 5060 OK (211 ms)
GOIP41/GOIP41 (Unspecified) D No No A 0 OK (7 ms)
GOIP42/GOIP42 (Unspecified) D No No A 0 OK (8 ms)
GOIP43/GOIP43 (Unspecified) D No No A 0 OK (8 ms)
GOIP44/GOIP44 (Unspecified) D No No A 0 OK (211 ms)
call2responsible.sql
SELECT IFNULL(
(SELECT u.phone_crm_extension AS phone
FROM vtiger_account AS acc
LEFT JOIN vtiger_crmentity AS e ON e.crmid = acc.accountid
LEFT JOIN vtiger_users AS u ON u.id = e.smownerid
WHERE
(acc.phone =7930
OR acc.otherphone =7930
OR acc.fax =7930)
AND e.deleted = 0
GROUP BY phone
LIMIT 1),
IFNULL(
(SELECT u.phone_crm_extension AS phone
FROM vtiger_contactdetails AS cd
LEFT JOIN vtiger_crmentity AS e ON e.crmid = cd.contactid
LEFT JOIN vtiger_users AS u ON u.id = e.smownerid
WHERE
(cd.phone =7930
OR cd.mobile =7930
OR cd.fax =7930)
AND e.deleted =0
GROUP BY phone
LIMIT 1),
IFNULL(
(SELECT u.phone_crm_extension AS phone
FROM vtiger_leadaddress
AS la
LEFT JOIN vtiger_crmentity AS e ON e.crmid = la.leadaddressid
LEFT JOIN vtiger_users AS u ON u.id = e.smownerid WHERE(
la.phone =7930
OR la.mobile =7930
OR la.fax =7930)
AND e.deleted =0 GROUP BY phone
LIMIT 1),
'103'
)
)
);
# mysql -u root -p'573351' vtigercrm < call2responsible.sql
IFNULL(
(SELECT u.phone_crm_extension AS 'phone'
FROM vtiger_account AS acc
LEFT JOIN vtiger_crmentity AS e ON e.crmid = acc.accountid
LEFT JOIN vtiger_users AS u ON u.id = e.smownerid
WHERE
(acc.phone =7930
OR acc.other
199
phone
199
199
Машинка с Alfresco крутится, система зарекомендовала себя пользуемся. Кончается место в репозитории. Стоит задача подмонтировать к /opt/alfresco-community/alf_data большее пространство и перенести туда данные:
alf_data
├── contentstore
├── contentstore.deleted
├── keystore
├── oouser
├── postgresql
├── solr4
└── solr4Backup
Задача:
Решение:
Технологии и оборудование:
Годно? или DRBD? или на СХД потратиться?
Имею Gnome
Linux debian 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2 (2017-04-30) x86_64 GNU/LinuxPRETTY_NAME="Debian GNU/Linux 8 (jessie)"
NAME="Debian GNU/Linux"
VERSION_ID="8"
VERSION="8 (jessie)"
ID=debian
HOME_URL="http://www.debian.org/"
SUPPORT_URL="http://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/
Дано:
Необходимо:
С помощью puppet реплицировать преднастронные групповые политики на всех агентов.
Что для это уже есть?
Кто нибудь экспериментирвал с этим: Сервер терминалов для 1С по протоколу RDP на linux: рекомендации по настройке с учетом опыта реальной эксплуатации? Что с пробросом принтеров? Что со скоростью отрисовки. Стоит ли? База файловая!
Стартуем ovpn сервер
tls-server
daemon ovpn1
proto udp
port 1195
dev tap
comp-lzo
ca /usr/share/easy-rsa/keys/ca.crt
cert /usr/share/easy-rsa/keys/ovpn1.crt
key /usr/share/easy-rsa/keys/ovpn1.key
dh /usr/share/easy-rsa/keys/dh2048.pem
status /var/log/openvpn/ovpn1.log
log /var/log/openvpn/ovpn1.log
management 127.0.0.1 6001
script-security 2
up /etc/openvpn/braddif.sh
down /etc/openvpn/brdelif.sh
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.ee1b119301a1 no tap0
Посылаю broadcast на tap0
ping -b 192.168.0.255 -I tap0
ping: Warning: source address might be selected on device other than tap0.
PING 192.168.0.255 (192.168.0.255) from 192.168.206.200 tap0: 56(84) bytes of data.
From 192.168.206.200 icmp_seq=1 Destination Host Unreachable
From 192.168.206.200 icmp_seq=2 Destination Host Unreachable
From 192.168.206.200 icmp_seq=3 Destination Host Unreachable
From 192.168.206.200 icmp_seq=4 Destination Host Unreachable
From 192.168.206.200 icmp_seq=5 Destination Host Unreachable
Клиент Не вижу ниодного пакета на tap0
tcpdump -i tap0
При поднятии туннеля (--up=script.sh), загоняю интерфейс tap в существующий мост br0 скриптом:
#!/bin/sh
ifconfig $dev up
ip link set up dev $dev
brctl addif br0 $dev
ip link set up dev br0
May 28 16:56:05 pbx kernel: [537315.276478] device tap0 entered promiscuous mode
May 28 16:56:05 pbx kernel: [537315.276786] br0: port 1(tap0) entered forwarding state
May 28 16:56:05 pbx kernel: [537315.276836] br0: port 1(tap0) entered forwarding state
May 28 16:56:06 pbx kernel: [537316.274317] br0: port 1(tap0) entered forwarding state
May 28 16:56:09 pbx ntpd[10881]: Listen normally on 36 tap0 fe80::443e:3bff:fe23:4bd8 UDP 123
May 28 16:56:09 pbx ntpd[10881]: peers refreshed
May 28 16:58:05 pbx kernel: [537434.766200] br0: port 1(tap0) entered disabled state
May 28 16:58:05 pbx kernel: [537434.766457] device tap0 left promiscuous mode
May 28 16:58:05 pbx kernel: [537434.766508] br0: port 1(tap0) entered disabled state
May 28 16:58:07 pbx ntpd[10881]: Deleting interface #36 tap0, fe80::443e:3bff:fe23:4bd8#123, interface stats: received=0, sent=0, dropped=0, active_time=118 secs
На мосту br0 висит только DHCP. На tap0 пока нет соединений. brctl setfd br0 0 сделано.
Имеется hash
$phone={
'100' => { 'pass' => "qwrsdf86",
'mac' => "00:15:65:e0:68:47",
'profile' => "YealinkT21PE2",
},
'101' => { 'pass' => "qwrsdf86",
'mac' => "00:15:65:e0:68:48",
'profile' => "YealinkT21PE2",
},
'102' => { 'pass' => "qwrsdf86",
'mac' => "00:15:65:e0:68:49",
'profile' => "YealinkT21PE2",
},
}
Требуется поллучить такой вид
$vpn_name_key=["001565e06847", "001565e06848", "001565e06849"]
Пытаюсь пересобрат hash в array такой конструкцией
$vpn_name_key=[]
$phone.each |$index, $value| {
$linemac = regsubst($value['mac'], ':', '', 'G')
$vpn_name_key = $vpn_name_key + [$linemac]
}
Переменная:
$phone={
'100' => { 'pass' => "123",
'mac' => "00:15:65:e0:68:47",
'profile' => "YealinkT21PE2",
},
'101' => { 'pass' => "123",
'mac' => "00:15:65:e0:68:47",
'profile' => "YealinkT21PE2",
},
'102' => { 'pass' => "123",
'mac' => "00:15:65:e0:68:47",
'profile' => "YealinkT21PE2",
},
}
Шаблон:
<% @users.each do |val| -%>
[<%= val[0] %>](phones)
username=<%= val[0] %>
secret=<%= val[1]["pass"] %>
callerid=<%= val[0] %> <<%= val[0] %>>
autoprov=yes
profile=<%= val[1]["profile"] %>
macaddress=<%= val[1]["mac"] %>
<% end -%>
Задача у переменной
<%= val[1][«mac»] %>
убрать ":". т.е надо что бы
было 00:15:65:e0:68:47, стало 001565e06847
Хочется передать переменную $psql при инициализации класса postgresql и использовать ее в postgresql::config
3 node 'server.local' {
30 $psql = {
31 'db' => 'dbname',
32 'user' => 'username',
33 'passwd' => 'userpasswd',
34 }
38 class {'postgresql':}
58 }
1 class postgresql {
2
3 class { 'postgresql::install': }
4 class { 'postgresql::service': }
5 class { 'postgresql::config': }
6
7 }
1 class postgresql::config (
2 $psql_db = 'dbname',
3 $psql_user = 'username',
4 $psql_passwd = 'userpasswd'
5 ) {
49 }
66 опция в push dhcp-option не взлетит!?
А как тогда лучше 66 опицю послать клиенту?
| ← назад | следующие → |