$ whois -h whois.ripe.net POEM-RIPE55-SONG [...] % Information related to 'POEM-RIPE55-SONG' poem: POEM-RIPE55-SONG form: FORM-PROSE descr: At his first RIPE meeting, Gary wrote this and performed at descr: the closing plenary. It was truly awesome. descr: http://www.youtube.com/watch?v=_y36fG2Oba0 descr: text: A long long time ago text: I can still remember text: when my laptop could connect elsewhere. text: text: And I tell you all there was a day text: the network card I threw away text: had a purpose - and it worked for you and me. text: text: But 18 years completely wasted text: with each address we've aggregated text: the tables overflowing text: the traffic just stopped flowing... text: text: And now we're bearing all the scars text: and all my traceroutes showing stars. text: The packets would travel faster in cars text: the day the routers died. [... continued ...]
WordPress behing OpnSense and hosted on FreeBSD-14.0-p6
1. To be able to correct “Too many redirection”
Add this code to the backend pool. Services -> HAProxy -> Settings -> Virtual Service -> Backend Pools -> your backend pool -> Edit -> Advanced Mode -> Option pass-through:
#force SSL redirect redirect scheme https if !{ ssl_fc } # close open connections option http-server-close # add X-FORWARDED-FOR option forwardfor # add X-Forwarded-Proto http-request set-header X-Forwarded-Proto https if { ssl_fc }
Thanks to : https://www.moonsmile.ch/en/blog/2019/12/05/wordpress-behind-haproxy-on-opnsense/
2.To be able to correct : “Database connection problem”
You need to configure your host as :
/** MySQL hostname */ define('DB_HOST', 'localhost:/var/run/mysql/mysql.sock');
OpnSense & ACME & NSUpdate (bind9 journal problem)
If you need to use ACME plugin to register certificate (by using nsupdate (RFC2136)), you could be faced on the problem below
Nov 6 07:58:24 Sagitarius named[121]: client @0x7f68640c70d0 10.20.3.1#50544/key opnsense: signer "opnsense" approved Nov 6 07:58:24 Sagitarius named[121]: client @0x7f68640c70d0 10.20.3.1#50544/key opnsense: updating zone 'clucas.fr/IN': adding an RR at '_acme-challenge.cloud-home.clucas.fr' TXT "-_UEEMEIYvUxwoHWhBbdxiSzil62dgNoHCBfZJCzIiE" Nov 6 07:58:24 Sagitarius named[121]: /etc/bind/clucas.fr.zone.jnl: create: permission denied Nov 6 07:58:24 Sagitarius named[121]: client @0x7f68640c70d0 10.20.3.1#50544/key opnsense: updating zone 'clucas.fr/IN': error: journal open failed: unexpected error
You can try to ‘touch’ this file, here “clucas.fr.zone.jnl”. Even if you change owner, permission (even 777), you will not ble able to make it work. You will be face this time on :
Nov 6 11:55:25 Sagitarius named[121]: client @0x7f68640d5860 10.20.3.1#59062/key opnsense: signer "opnsense" approved Nov 6 11:55:25 Sagitarius named[121]: client @0x7f68640d5860 10.20.3.1#59062/key opnsense: updating zone 'clucas.fr/IN': adding an RR at '_acme-challenge.cloud-home.clucas.fr' TXT "eOTvsiOSI0I0eenYb2hfiD0KAAf2kXSPZjDo_5IY1yQ" Nov 6 11:55:25 Sagitarius named[121]: client @0x7f68640d5860 10.20.3.1#59062/key opnsense: updating zone 'clucas.fr/IN': error: journal open failed: no more
I have read lot of blog posts, reddit post, and so on. The only solution I found is to change directory of journal file by means if :
include "/etc/bind/keys/opnsense.key"; [...] zone "clucas.fr" { type master; file "/etc/bind/clucas.fr.zone"; journal "/var/lib/bind/clucas.fr.jnl"; also-notify { 217.169.242.186 port 53; 51.222.24.32 port 53; }; allow-transfer { 217.169.242.186; 51.222.24.32;}; notify yes; allow-update { key "opnsense"; }; };
From an OpnSense point of view you will be have something like this :
- A Let’s Encrypt account in my case ;
- A challenge type : configured to use NSUPDATE ;
- A certificate generated by using the two above ;
In my case, even if as you could probably have seen I have a master bind9 and this one notify two slaves bind9 server, I have configured a 5 minutes (300 seconds) sleep time to be sure DNS propagation is OK.
When you will (re)cert you will normally see this :
BFD between IOSXE and IOS XR
I don’t really easily documentary to configure BFD (RFC5880 and you could read precedent blog-post : BFD : Bidirectional Forwarding Detection (RFC5880)) between IOSXE and IOSXR boxes.
Here it comes 🙂
IOSXE :
R0# show run | sec bfd bfd fast-timers-on-slow-interface bfd-template single-hop BFD interval min-tx 200 min-rx 200 multiplier 3 [...] R0#show run int port-ch 14 Building configuration... Current configuration : 373 bytes ! interface Port-channel14 description *** Vers R1_Be10000 *** mtu 9202 ip address 172.18.255.29 255.255.255.252 ip ospf authentication message-digest ip ospf message-digest-key 10 md5 7 XXXXXXXXXXXXXXXXXX ip ospf network point-to-point ip ospf bfd ip ospf cost 20000 no negotiation auto mpls ip port-channel bfd destination ipv4 172.18.255.30 BFD end R0#
IOS XR :
RP/0/RSP0/CPU0:R1#show conf run int be10000 Tue Feb 14 14:49:35.026 CET interface Bundle-Ether10000 description *** Vers R0_Po14 *** bfd mode ietf bfd address-family ipv4 multiplier 3 bfd address-family ipv4 destination 172.18.255.29 bfd address-family ipv4 fast-detect bfd address-family ipv4 minimum-interval 200 mtu 9216 ipv4 address 172.18.255.30 255.255.255.252 ! RP/0/RSP0/CPU0:R1#
Python3 and plotly.express : if it fails to import…
AS me if you want to use plotly.express module and you fail with somethink like :
ImportError: Plotly express requires pandas to be installed.
It seems obvious : “pip3 install pandas”. But it can fail with :
>> import pandas Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/root/src/tango-batch/venv/lib/python3.9/site-packages/pandas/__init__.py", line 48, in <module> from pandas.core.api import ( File "/root/src/tango-batch/venv/lib/python3.9/site-packages/pandas/core/api.py", line 47, in <module> from pandas.core.groupby import ( File "/root/src/tango-batch/venv/lib/python3.9/site-packages/pandas/core/groupby/__init__.py", line 1, in <module> from pandas.core.groupby.generic import ( File "/root/src/tango-batch/venv/lib/python3.9/site-packages/pandas/core/groupby/generic.py", line 77, in <module> from pandas.core.frame import DataFrame File "/root/src/tango-batch/venv/lib/python3.9/site-packages/pandas/core/frame.py", line 171, in <module> from pandas.core.generic import NDFrame File "/root/src/tango-batch/venv/lib/python3.9/site-packages/pandas/core/generic.py", line 148, in <module> from pandas.core.describe import describe_ndframe File "/root/src/tango-batch/venv/lib/python3.9/site-packages/pandas/core/describe.py", line 43, in <module> from pandas.io.formats.format import format_percentiles File "/root/src/tango-batch/venv/lib/python3.9/site-packages/pandas/io/formats/format.py", line 105, in <module> from pandas.io.common import ( File "/root/src/tango-batch/venv/lib/python3.9/site-packages/pandas/io/common.py", line 8, in <module> import bz2 File "/usr/local/lib/python3.9/bz2.py", line 18, in <module> from _bz2 import BZ2Compressor, BZ2Decompressor ModuleNotFoundError: No module named '_bz2'
the way to correct it (if as me you have compiled your version of Python) :
apt-get install libbz2-dev
And go to :
./configure --prefix=/usr/local && make && make install
You could normally do some :
(venv) root@SERVER:~/src/project# python3 Python 3.9.14 (main, Sep 20 2022, 17:54:59) [GCC 5.4.0 20160609] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import pandas >>> import plotly.express as px
Have fun !
[FR] — Parce qu’on a tjs des bonnes intentions en début d’année…
J’ai eu de bonnes intentions en début d’années de produire du contenu en Français sur différents sujets réseaux et télécoms de niveau basiques, mais j’avoue que cela s’est vite arrêté.
Le but était de fournir tout en un :
- Video explicative ;
- Une fiche d’étude rapide au format cheatsheet ;
- Un guide de travail ;
- Un accès à un lab guidé
Bon j’avoue cela prend énormément de temps et d’autres projets personnels sont venus s’intercalés.
Bref autant partagé ce qu’il en reste et amusez-vous bien :
- http://www.ip-expert.fr/documents/VTP/
- http://www.ip-expert.fr/documents/OSI-Niveau2/Vlan_Trunking_DTP/
Soyez pas trop durs …
L’accès à la partie Lab est bien évidemment depuis périmé (on peut donner des durées d’utilisation avec pnetlab :)).
A plus,
Christophe
xrv9k-full, qemu, AMD Ryzen
If as me you have EVE-NG (2.0.3) and lab some Cisco XRV9K-Full on a virtualized box running AMD Ryzen processor, you have probably encountered problem to start the image. After reading lot of website, it seems the answer is change the command line.
My original command line is :
-enable-kvm -smbios type=1,manufacturer="cisco",product=\"Cisco IOS XRv 9000\",uuid=[...] -cpu host
I correct to :
-enable-kvm -smbios type=1,manufacturer="cisco",product="Cisco IOS XRv 9000",uuid=[...] -cpu qemu64,+ssse3,+sse4.1,+sse4.2
Proxmox and replacing disk in ZFS pool
For one time this blog post will not be around Telecom and Cisco/Juniper/Nokia or something like this.
Just to keep in mind how to replace a faulty device in a ZFS pool.
I have :
root@pve:~# zpool status -x root@pve:~# zpool status pool: pve-zfs state: DEGRADED status: One or more devices could not be used because the label is missing or invalid. Sufficient replicas exist for the pool to continue functioning in a degraded state. action: Replace the device using 'zpool replace'. see: http://zfsonlinux.org/msg/ZFS-8000-4J scan: resilvered 41.9M in 0 days 00:00:11 with 0 errors on Sun Jul 24 13:38:51 2022 config: NAME STATE READ WRITE CKSUM pve-zfs DEGRADED 0 0 0 mirror-0 DEGRADED 0 0 0 wwn-0x50014ee267b78b52 ONLINE 0 0 0 2534239155907356895 FAULTED 0 0 0 was /dev/sdb1 mirror-1 ONLINE 0 0 0 wwn-0x50014ee267b63342 ONLINE 0 0 0 wwn-0x50014ee2bd0cf6b4 ONLINE 0 0 0 errors: No known data errors
But how to replace this faulty device when all the howto on the net talk about replace/make offline the old disk… But in my situation I have made an RMA on the disk and don’t have mind to make the faulty device offline.
Nevertheless, I have replaced my 2TB disk with a new one, such as :
But If I made :
root@pve:~# zpool replace pve-zfs 2534239155907356895 ata-WDC_WD20EFRX-68EUZN0_WD-WCC4M1EUJ8KN invalid vdev specification use '-f' to override the following errors: /dev/disk/by-id/ata-WDC_WD20EFRX-68EUZN0_WD-WCC4M1EUJ8KN-part1 contains a filesystem of type 'ntfs'
After make a little apt-get install parted :
root@pve:~# parted /dev/sda GNU Parted 3.2 Using /dev/sda Welcome to GNU Parted! Type 'help' to view a list of commands. (parted) print Model: ATA WDC WD20EFRX-68E (scsi) Disk /dev/sda: 2000GB Sector size (logical/physical): 512B/4096B Partition Table: msdos Disk Flags: Number Start End Size Type File system Flags 1 1049kB 2000GB 2000GB primary ntfs (parted) rm 1 (parted) print Model: ATA WDC WD20EFRX-68E (scsi) Disk /dev/sda: 2000GB Sector size (logical/physical): 512B/4096B Partition Table: msdos Disk Flags: Number Start End Size Type File system Flags (parted) mklabel GPT Warning: The existing disk label on /dev/sda will be destroyed and all data on this disk will be lost. Do you want to continue? Yes/No? Yes (parted) q Information: You may need to update /etc/fstab. root@pve:~#
So :
root@pve:~# zpool replace pve-zfs 2534239155907356895 ata-WDC_WD20EFRX-68EUZN0_WD-WCC4M1EUJ8KN
root@pve:~# zpool status -x
pool: pve-zfs
state: DEGRADED
status: One or more devices is currently being resilvered. The pool will
continue to function, possibly in a degraded state.
action: Wait for the resilver to complete.
scan: resilver in progress since Sun Jul 24 14:23:11 2022
10.5G scanned at 716M/s, 4.04G issued at 276M/s, 450G total
0B resilvered, 0.90% done, 0 days 00:27:37 to go
config:
NAME STATE READ WRITE CKSUM
pve-zfs DEGRADED 0 0 0
mirror-0 DEGRADED 0 0 0
wwn-0x50014ee267b78b52 ONLINE 0 0 0
replacing-1 DEGRADED 0 0 0
2534239155907356895 FAULTED 0 0 0 was /dev/sdb1
ata-WDC_WD20EFRX-68EUZN0_WD-WCC4M1EUJ8KN ONLINE 0 0 0
mirror-1 ONLINE 0 0 0
wwn-0x50014ee267b63342 ONLINE 0 0 0
wwn-0x50014ee2bd0cf6b4 ONLINE 0 0 0
errors: No known data errors
root@pve:~#
How I get the new device name :
root@pve:~# ls -l /dev/disk/by-id | grep J8KN lrwxrwxrwx 1 root root 9 Jul 24 14:23 ata-WDC_WD20EFRX-68EUZN0_WD-WCC4M1EUJ8KN -> ../../sda lrwxrwxrwx 1 root root 10 Jul 24 14:23 ata-WDC_WD20EFRX-68EUZN0_WD-WCC4M1EUJ8KN-part1 -> ../../sda1 lrwxrwxrwx 1 root root 10 Jul 24 14:23 ata-WDC_WD20EFRX-68EUZN0_WD-WCC4M1EUJ8KN-part9 -> ../../sda9 root@pve:~#
Where “J8KN” is a pattern of the Serial Number you can pick on the new disk.
Happy to share : JNCIA-JunOS passed.
I am happy to share that I have achieved something that could be normal as usual but important to me : use different vendor in certification tracks.
I have passed JNCIA-Junos.
Musical Annual French cities festival and ridiculous thoughts
For the annuary musical amateur festival in all roads and cities of France, my prefered song :
Sorry for me music stops in April 5, 1994. Perhaps I have not enough searched on jamendo or independant scene. I don’t have ever found a music with all this primitive energy I can feel with Nirvana music. Maybe life should have stopped in the 90s, it would have been better considering all the shit that we can see, live, with all these media, this escalation in the presence on social networks. What would Kurt think living in 2022? I know this post is in that movement. I only ever wrote on this rag to share my bullshit, my feelings and hacks on free systems (BSD my love come here :-)) that I have been around since 1997.