Testing hhtp2 with curl

9 01 2017

Testing a domain resolving different IP in http2:
# curl --http2 -I --resolve http://www.domain.com:443:192.168.1.1 https://www.domain.com





Install OpenLDAP in Debian 8

21 12 2016

This guide is the best, by far, that covers the installation of a LDAP server and the configuration of the loging of a server through it.

https://www.unixmen.com/install-openldap-in-ubuntu-15-10-and-debian-8/

http://www.unixmen.com/configure-linux-clients-to-authenticate-using-openldap/





Linode ssh login problem

14 12 2016

If you try to connect to a Linode server by ssh and receive the following message:

Received disconnect from 1.1.1.1: 2: Too many authentication failures

It’s related to the ssh keys, try again with the following argument:

ssh -o PubkeyAuthentication=no user@1.1.1.1

More info:
http://superuser.com/questions/187779/too-many-authentication-failures-for-username





Split Haproxy configuration in multiple files working with Systemd

9 12 2016

Splitting Haproxy configuration in multiple files it’s a bit tricky due the Systemd startup behaviour. One workaround who works ok it’s the following:

1.- Split the Haproxy configuration file in multiple files.

1.1.- One file called “00-haproxy.conf” with the basic haproxy conf (in my case global, defaults and listen stats). This must have the 00- at the begining for listed it at first place in the script.

1.2.- One file for each listen section for the different services balanced, “some_name_a.conf”. Each new balanced service will have a new file.

Note: In this case, each balanced service is inside a listen section, not using fronted and backed.

# ls /etc/haproxy/
00-haproxy.conf service1.conf service2.conf

# cat /etc/haproxy/00-haproxy.conf
global
...
defaults
...
listen proxy-stats
...
# cat /etc/haproxy/corebalv1.conf
listen xxx
bind ...
server ...
server ...

2.- Create a small script into “/usr/local/bin/haproxy-multiconf” with this content:

#!/bin/bash
for file in /etc/haproxy/*.conf; do
test -f $file
CNF="$CNF -f $file"
done
echo "CONF='$CNF'" > /etc/haproxy/haproxy-multiconf.lst

3.- Create a new systemd unit for create the conf list before launching the main Haproxy unit.
# cat /etc/systemd/system/haproxy-multiconf.service
[Unit]
Description=HAProxy Load Balancer Multiconf
After=network.target
Before=haproxy.service
[Service]
Type=oneshot
ExecStart=/usr/local/bin/haproxy-multiconf
[Install]
WantedBy=multi-user.target

4.- Modify the default systemd unit file of Haproxy:
# cat haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=network.target
Requires=haproxy-multiconf.service
[Service]
EnvironmentFile=/etc/haproxy/haproxy-multiconf.lst
ExecStartPre=/usr/local/sbin/haproxy -c -q $CONF
ExecStart=/usr/local/sbin/haproxy-systemd-wrapper -p /run/haproxy.pid $CONF
ExecReload=/bin/kill -USR2 $MAINPID
KillMode=mixed
Restart=always
[Install]
WantedBy=multi-user.target

5.- Refresh systemd and run it:

systemctl daemon-reload
systemctl restart haproxy.service





Quick vsftp install and configuration

4 12 2016

This is the simple method for install and have a basic configuration for log into the ftp server with the local users of the system:
apt-get install vfstp
vi /etc/vsftpd.conf
Uncomment the following lines:
local_enable=YES
write_enable=YES

Restart the service and enjoy!
/etc/init.d/vsftpd restart





USB sound card 0d8c:013c C-Media Electronics, Inc. CM108 not work

20 10 2016

If you have the following sound card:

ID 0d8c:013c C-Media Electronics, Inc. CM108 Audio Controller

And you don’t want to use any other audio device excep this card, the solution is to blacklist all the modules listed here except the snd_usb_audio:

cat /proc/asound/modules
0 snd_bcm2835
1 snd_usb_audio
2 snd_hda_intel

Create teh following file with the other non-usb sound modules:

/etc/modprobe.d/blacklist.conf
blacklist snd_hda_intel
blacklist snd_bcm2835

And restart. After googling and didn’t fall into the right solution, except this one.

References:
http://raspberrypi.stackexchange.com/questions/40831/how-do-i-configure-my-sound-for-jasper-on-raspbian-jessie
http://alsa.opensrc.org/MultipleCards





Testing virtual interface inside a multihost VxLAN one-to-one (unicast) or one-to-multi (multicast)

12 09 2016

– First of all, enable ip forward:

echo 1 > /proc/sys/net/ipv4/ip_forward

– Set up the VxLAN:

For unicast, define the local and remote IPs:
ip link add vxlan1 type vxlan id 42 remote 10.1.1.1 local 10.1.1.2 dev eth0 dstport 4789

For multicast, define the IP for the multicast group:
ip link add vxlan1 type vxlan id 42 group 239.1.1.1 dev eth0 dstport 4789

– Bring up the VxLAN:

ip link set up dev vxlan1

– Create the bridge and bring it up:

ip link add name br0 type bridge
ip link set br0 up

– Create the virtual ethernet interface, a veth pair, and bring up one side:

ip link add veth0 type veth peer name veth1
ip link set veth0 up

– Create the namespace and include the other side of the veth pair:

ip netns add blue
ip link set veth1 netns blue

– Set an IP address to the veth1 and bring it up, the same for lo:

ip netns exec blue ifconfig veth1 192.168.1.1/24 up
ip netns exec blue ip link set dev lo up

– Include the VxLAN and the veth interface into the bridge:

ip link set vxlan1 master br0
ip link set veth0 master br0

– If you choose the unicast way, repeat this process in the other hosts changing the “remote” and “local” IPs in the set up VxLAN step and the veth IP address when set up the veth1 address (in this example 192.168.1.3). You can only set up a one-to-one configuration.

– If you choose multicast, repeat the same process in each host changing only the veth IP address when set up the veth1 address (in this example 192.168.1.3). More than one host can register into the multicast group without problem.

– Test conectivity between different hosts:

Host1:
ip netns exec blue ping 192.168.1.3
PING 192.168.1.3 (192.168.1.3) 56(84) bytes of data.
64 bytes from 192.168.1.3: icmp_seq=1 ttl=64 time=0.313 ms

ip netns exec blue traceroute 192.168.1.3
traceroute to 192.168.1.3 (192.168.1.3), 30 hops max, 60 byte packets
1 192.168.1.3 (192.168.1.3) 0.329 ms 0.273 ms 0.253 ms

Host2:
ip netns exec green ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.234 ms

ip netns exec green traceroute 192.168.1.1
traceroute to 192.168.1.1 (192.168.1.1), 30 hops max, 60 byte packets
1 192.168.1.1 (192.168.1.1) 0.256 ms 0.230 ms 0.209 ms

– View VxLAN information:

bridge fdb show dev vxlan1
00:00:00:00:00:00 dst 10.1.1.1 via eth0 self permanent
36:33:16:6a:4f:8b dst 10.1.1.1 self
36:33:16:6a:4f:8b vlan 0 master br0
b2:1f:24:b9:1a:39 vlan 0 master br0 permanen