Configure snmp traps with ESXi 5.1 and Debian

* Read the current configuration of SNMP


ESX_SERVER # esxcli system snmp get
Authentication:
Communities:
Enable: false
Engineid:
Hwsrc: indications
Loglevel: info
Notraps:
Port: 161
Privacy:
Remoteusers:
Syscontact:
Syslocation:
Targets:
Users:
V3targets:

* Configure traps, and enable snmp service


~ # esxcli system snmp set --targets=destination_server@162/yourcommunity
// FOR v2c, might not work : ~ # esxcli system snmp set --v3targets=destination_server@162/yourcommunity/none/trap
~ # esxcli system snmp set --enable yes
~ # esxcli system snmp set --syscontact=you@yourdomain.com
~ # esxcli system snmp set --syslocation=yoursite

* Configure snmpd on Debian


/etc/default/snmpd.conf
SNMPDRUN=yes
TRAPDRUN=yes

/etc/snmpd/snmptrapd.conf
authCommunity log yourcommunity

$ /etc/init.d/snmpd restart

* Test the snmp MIB browsing


snmp_server$ snmpwalk -v2c -c yourcommunity esxi_server

....
iso.3.6.1.2.1.5.30.1.3.2.220 = Counter32: 0
iso.3.6.1.2.1.5.30.1.3.2.221 = Counter32: 0
iso.3.6.1.2.1.5.30.1.3.2.228 = Counter32: 0
iso.3.6.1.2.1.5.30.1.3.2.229 = Counter32: 0
...

* Test the snmp traps

on the ESXi :


esxcli system snmp test

on the destination_server (snmp server) : tail -f /var/log/*log
Sep 10 22:04:45 monitoring snmptrapd[10001]: 2014-09-10 22:04:45 youresxi.yourdomain [192.168.1.y] (via UDP: [192.168.1.y]:51788->[192.168.1.x]) TRAP, SNMP v1, community yourcommunity#012#011iso.3.6.1.4.1.6876.4.90 Enterprise Specific Trap (401) Uptime: 0:13:50.00#012#011iso.3.6.1.4.1.6876.4.30.3.0 = Hex-STRING: 07 DE 09 12 09 09 1D 00

Sync Active Directory with OpenLDAP in Perl

This perl script will help you synchronize an OpenLDAP directory,
when your data source is an Active directory


# Define Active directory credentials
my $ad_login="readonly\@your.domain.controler";
my $ad_pass="password";

# Define OpenLDAP credentials
my $ldap_login="cn=admin,dc=mycompany,dc=fr";
my $ldap_pass="password";
my $ldap_server = "ldap01.mycompany";

# Connect to AD
my $ad_cnx = Net::LDAP->new($ad_server, version => 3);
my $mesg = $ad_cnx->start_tls(verify=>0);
$mesg = $ad_cnx->bind($ad_login,password=>$ad_pass);
if ( $mesg->code ){
my $errstr = $mesg->code;
print "AD: Service Login Error code: $errstr\n";
$errstr = ldap_error_text($errstr);
print "$errstr\n";
exit;
}

# Connect to LDAP
my $ldap_cnx = Net::LDAP->new($ldap_server, version => 3);
my $mesg2 = $ldap_cnx->start_tls(verify=>0);
$mesg2 = $ldap_cnx->bind($ldap_login,password=>$ldap_pass);

if ( $mesg2->code ){
my $errstr = $mesg2->code;
print "LDAP: Service Login Error code: $errstr\n";
$errstr = ldap_error_text($errstr);
print "$errstr\n";
# exit;
}

# Search
$result = $ad_cnx->search(
base => "dc=your,dc=companyk,dc=local",
#filter to list only user accounts.
filter => "(&(sAMAccountType=805306368)(sAMAccountName=*))",
# Attributes you want to be copied
attrs => [ 'dn', 'cn', 'uid','displayName', 'objectClass', 'sn', 'Email', 'mobile', 'thumbnailPhoto','mail','userAccountControl' ]
);
die "Erreur de recherche".$result->error."\n" if ($result->code);

# Copy
foreach my $entry ($result->entries) {

# Do some cleanup, if required
$entry->add(jpegPhoto => $entry->get_value("thumbnailPhoto"));
$entry->delete('thumbnailPhoto');

# Write to OpenLDAP server
$result = $ldap_cnx->add($entry);
die $result->error if $result->code;

}

More informations on Net::LDAP Perl library : http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP/Examples.pod

HP Raid monitoring with hpacucli on Wheezy

First add the deb ‘http://hwraid.le-vert.net/debian wheezy main’ repository to your apt sources.

then install the package with aptitude install hpacucli.

Then try the following commands:

<pre>

root@proxmox:/etc/apt/sources.list.d# hpacucli ctrl slot=0 logicaldrive all show status

FIRMWARE UPGRADE REQUIRED: A firmware update is recommended for this controller
to prevent rare potential data write errors on a
RAID 1 or RAID 1+0 volume in a scenario of
concurrent background surface analysis and I/O write
operations. Please refer to Customer Advisory
c01587778 which can be found at hp.com.
logicaldrive 1 (136.7 GB, RAID 5): OK

</pre>

 You can try hpacucli ctrl slot=0 pd all show status too

Upgrade your iDRAC 7

iDrac7 has a huge bug in its version 1.50.50+.

idrac7_bug

 

Upload procedure is quite simple:

Go to download page:

http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverid=XH6FX

Then, find the File Format:Update Package for Microsoft® Windows® 64-Bit.,
and download it

Connect your iDRAC Web interface, select Overview/IDRAC Settings/Update and Rollback

Upload the firmware and start flashing

flash_drac

 

 

 

 

Cisco trunk configuration for ESXi

Switch configuration for trunk over link aggregate:


interface Port-channel5
switchport access vlan X
switchport trunk encapsulation dot1q
switchport trunk native vlan Y
switchport trunk allowed vlan A,B,…
switchport mode trunk
switchport nonegotiate
logging event trunk-status
logging event bundle-status
logging event spanning-tree
logging event status
logging event subif-link-status
storm-control broadcast level bps 2m

interface GigabitEthernetX
switchport access vlan X
switchport trunk encapsulation dot1q
switchport trunk native vlan Y
switchport trunk allowed vlan A,B,….
switchport mode trunk
switchport nonegotiate
logging event trunk-status
logging event bundle-status
logging event spanning-tree
logging event status
logging event subif-link-status
udld port aggressive
storm-control broadcast level bps 2m
no cdp enable
channel-group 5 mode active

… thx Cedric

CISCO: upgrade ASA 5510 firmware

We will use tftp protocol to copy the firmware image.

– Linux TFTP server: 192.168.10.10
– CISCO ASA client : 192.168.10.11.

* Test Cisco Networking

conf t
myass(config)# interface Ethernet 0/0
myasa(config-if)# ip address 192.168.10.11 255.255.255.0
ping 192.168.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.3.9.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

* Test Linux Networking

linux # ifconfig eth0 192.168.10.10 255.255.255.0
linux # ping 192.168.10.11
linux # sudo pacman -S tftp-hpa

* Firmware copy

myasa(config)# copy tftp://192.168.10.10/cisco/softwares/asa904-k8.bin disk0:/asa904-k8.bin

MySQL: Audit your storage performance

It’s very important to measure your storage’s performamnce when you run a MySQL server.
Running periodic tests ensures:

- There is no performance drop due to some vicious HW Failure
- Define the storage caracteristics to optimize configuration (ex : io_limit setting)

The tools:

– iozone
– sysbench
– dd
– munin diskstats
– top, iotop

I personnaly use sysbench because :

‘sysbench –test=fileio –file-total-size=150G –file-test-mode=rndrw –init-rng=on –max-time=300 –max-requests=0 run’

Stingray’s behaviour with HTTP Redirect

Riverbed Stingray load balancers have a strange behaviour when you try to send http redirects from an https page to another http page.
It rewrites the protocol in the Location header, and you can’t leave https.

This is the default behaviour, but hopefully, you can disable it :

Stingray_https_http_redirect