Cómo respaldar y restaurar el archivo de configuración de inicio en Dell Networking OS 10
Instrucciones
Para restaurar una configuración de respaldo, copie un archivo local o remoto en la configuración de inicio y vuelva a cargar el switch. Después de que un usuario descargue una configuración de respaldo, ingrese la reload comando, de lo contrario, la configuración no surtirá efecto hasta que se reinicie.
Copiar archivo en la configuración de inicio
OS10# copy {config://filepath | home://filepath |
ftp://userid:passwd@hostip/filepath | scp://userid:passwd@hostip/filepath |
sftp://userid:passwd@hostip/filepath | tftp://hostip/filepath} config://startup.xml
Respaldar archivo de inicio
OS10# copy config://startup.xml config://backup-9-28.xml
Restaure el archivo de inicio a partir de la copia de seguridad.
OS10# copy config://backup-9-28.xml config://startup.xml OS10# reload System configuration has been modified. Save? [yes/no]:no
Respaldar el archivo de inicio en el servidor
OS10# copy config://startup.xml scp://userid:password@hostip/backup-9-28.xml
Restaurar el archivo de inicio desde el servidor.
OS10# copy scp://admin:admin@hostip/backup-9-28.xml config://startup.xml OS10# reload System configuration has been modified. Save? [yes/no]:no
Affected Products
How to backup and restore startup configuration file on Dell Networking OS 10
Instructions
To restore a backup configuration, copy a local or remote file to the startup configuration and reload the switch. After a user downloads a backup configuration, enter the reload command, otherwise, the configuration does not take effect until you reboot.
Copy file to startup configuration
OS10# copy {config://filepath | home://filepath |
ftp://userid:passwd@hostip/filepath | scp://userid:passwd@hostip/filepath |
sftp://userid:passwd@hostip/filepath | tftp://hostip/filepath} config://startup.xml
Back up startup file
OS10# copy config://startup.xml config://backup-9-28.xml
Restore startup file from backup.
OS10# copy config://backup-9-28.xml config://startup.xml OS10# reload System configuration has been modified. Save? [yes/no]:no
Back up startup file to server
OS10# copy config://startup.xml scp://userid:password@hostip/backup-9-28.xml
Restore startup file from server.
OS10# copy scp://admin:admin@hostip/backup-9-28.xml config://startup.xml OS10# reload System configuration has been modified. Save? [yes/no]:no
Affected Products
Products
Cómo generar y recopilar paquetes de soporte en los switches de redes OS10 de Dell EMC
Instrucciones
Contenido:
¿Qué es un paquete de soporte?
Cómo generar un paquete de soporte
¿Dónde se almacena el paquete de soporte?
Cómo verificar que se inició la generación del paquete de soporte
Cómo verificar que se haya completado la generación del paquete de soporte
Cómo recuperar el paquete de soporte desde el switch
Eliminación de un paquete de soporte existente
¿Qué es un paquete de soporte?
El paquete de soporte se basa en la herramienta sosreport. El paquete de soporte genera un archivo tar que incluye la configuración del sistema Linux e información de diagnóstico, además muestra los resultados de comandos. Los agentes de soporte técnico de Dell necesitan un paquete de soporte para hacer análisis detallados.
Cómo generar un paquete de soporte
Ejecute el siguiente comando en el modo EXEC:
- Utilice el siguiente comando para OS10 10.5.2.0 y versiones posteriores:
OS10# generate support-bundle
- En cualquier versión de OS10 anterior a 10.5.2.0, utilice el siguiente comando:
OS10# generate support-bundle enable-all-plugin-options
No intente generar otro paquete de soporte si no vio que el paquete se generara inmediatamente después de la ejecución del comando. La generación del paquete de soporte tarda un poco (puede tardar más de 15 minutos).
¿Dónde se almacena el paquete de soporte?
El paquete de soporte se almacena en el directorio supportbundle. Para ver el contenido, utilice el siguiente comando:
OS10# dir supportbundle
Resultado de muestra:
OS10# dir supportbundle Directory contents for folder: supportbundle Date (modified) Size (bytes) Name --------------------- ------------ ------------------------------------------ 2020-01-12T19:34:21Z 8070044 sosreport-OS10-20200112193142.tar.xz 2020-01-12T19:34:27Z 33 sosreport-OS10-20200112193142.tar.xz.md5
Cómo verificar que se haya iniciado la generación del paquete de soporte
Durante la generación del paquete de soporte, se ve un archivo aleatorio que se genera en el directorio supportbundle. Debe esperar hasta que se complete el proceso de generación.
Resultado de muestra
OS10# dir supportbundle Directory contents for folder: supportbundle Date (modified) Size (bytes) Name --------------------- ------------ ------------------------------------------ 2020-01-13T09:17:12Z 3932160 _proc_sys.tar <<<This is not the complete file. This files size increases during support bundle generation.
Registro
Cuando se inicia la generación del paquete de soporte, se registra.
Resultado de muestra
OS10# show logging log-file | grep "SUPPORT_BUNDLE_STARTED" <165>1 2020-01-12T19:31:11.808623+00:00 OS10 dn_svc_sw 832 - - Node.1-Unit.1:PRI [event], Dell EMC (OS10) %SUPPORT_BUNDLE_STARTED: generate support-bundle execution has started successfully:All Plugin options enabled
Cómo verificar que se haya completado la generación del paquete de soporte
Después de la generación del paquete de soporte, hay dos archivos en el directorio del paquete de soporte; uno es el archivo del paquete de soporte y el otro es un archivo con extensión MD5. El archivo md5 es un archivo de suma de comprobación que se utiliza para verificar la integridad del archivo del paquete. Envíe ambos archivos al soporte técnico.
Resultado de muestra
OS10# dir supportbundle Directory contents for folder: supportbundle Date (modified) Size (bytes) Name --------------------- ------------ ------------------------------------------ 2020-01-12T19:34:21Z 8070044 sosreport-OS10-20200112193142.tar.xz <<<Support bundle file 2020-01-12T19:34:27Z 33 sosreport-OS10-20200112193142.tar.xz.md5 <<<Md5 checksum file
En el ejemplo anterior, sosreport-OS10-20200112193142.tar.xz es el archivo del paquete de soporte y sosreport-OS10-20200112193142.tar.xz.md5 es su archivo de suma de comprobación md5.
Registro
Cuando se completa la generación del paquete de soporte, se registra.
Resultado de muestra
OS10# show logging log-file | grep "BUNDLE_COMPLETED" <165>1 2020-01-12T19:34:27.831211+00:00 OS10 dn_svc_sw 832 - - Node.1-Unit.1:PRI [event], Dell EMC (OS10) %SUPPORT_BUNDLE_COMPLETED: generate support-bundle execution has completed successfully:All Plugin options enabled
Cómo recuperar el paquete de soporte desde el switch.
Puede usar ftp, http, https, scp, sftp, tftp o usb para recopilar el paquete de soporte, o puede usar el método bash del sistema a fin de enviar scp el paquete de soporte a un nodo local en el rack y descargarlo a través de WinSCP.
Utilice el siguiente comando en el símbolo del sistema del switch:
OS10# copy supportbundle://sosreport-OS10- file-number.tar.xz XXXX://server-address/path commands
XXXX = ftp, http, https, scp, sftp o tftp. Si utilizará un USB, formatéelo en FAT32.
Resultado de muestra
OS10#copy supportbundle://sosreport-OS10-20200112193142.tar.xz tftp://10.0.0.0.1/sosreport-OS10-20200112193142.tar.xz
Utilice los siguientes comandos para emplear el método bash del sistema:
-
system bash
-
ls -ltrh /var/opt/dell/os10/support_bundle/bundle/
-
sudo scp /var/opt/dell/os10/support_bundle/bundle/sosreport* <user>@<node IP>:/target/dir
- Luego, ingrese las contraseñas correctas cuando se le solicite
Resultado de muestra
OS10# system bash admin@OS10:~$ ls -ltrh /var/opt/dell/os10/support_bundle/bundle/ total 12M -rw------- 1 root root 12M Nov 6 19:47 sosreport-os10-20241106194507.tar.xz -rw-r--r-- 1 root root 33 Nov 6 19:47 sosreport-os10-20241106194507.tar.xz.md5 admin@OS10:~$ sudo scp /var/opt/dell/os10/support_bundle/bundle/sosreport* admin@192.168.219.5:/home/admin [sudo] password for admin: The authenticity of host '192.168.219.5 (192.168.219.5)' can't be established. ED25519 key fingerprint is SHA256:SObGGFqgOZ4nY8np1sYvobZAHw2F96Goi7rdzHS+jQU. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.219.5' (ED25519) to the list of known hosts. Password: sosreport-os10-20241106194507.tar.xz 100% 12MB 1.6MB/s 00:07 sosreport-os10-20241106194507.tar.xz.md5 100% 33 4.1KB/s 00:00
Eliminación de un paquete de soporte existente
El paquete de soporte puede consumir espacio del almacenamiento del switch. Por lo tanto, después de recuperar el paquete, puede eliminarlo. Utilice el siguiente comando:
OS10# delete supportbundle://sosreport- filename.tar.extention
Resultado de muestra
OS10#delete supportbundle://sosreport-OS10-20200112193142.tar.xz
Productos afectados
DELL Networking OS10 Switch How to generate and collect Support Bundles
Instructions
Contents:
What is a Support Bundle ?
How to Generate a Support Bundle
Where is the Support Bundle Stored ?
How to Verify the Support Bundle Generation has Started
How to Verify the Support Bundle Generation is Complete
How to Retrieve the Support Bundle from the Switch
Delete an Existing Support Bundle
What is a Support Bundle ?
The support bundle is based on the sosreport tool. The support bundle generates a tar file that includes the Linux system configuration and diagnostics information, and show command outputs. Dell Technical support agents need a support bundle for detailed analysis.
How to Generate a Support Bundle
Run the following command in EXEC mode:
- Use the following command for OS10 version 10.5.2.0 and later:
OS10# generate support-bundle
- Any OS10 version before 10.5.2.0, use the following command:
OS10# generate support-bundle enable-all-plugin-options
Do not try to generate another support bundle if you did not see that the bundle generated immediately after the command execution. Support bundle generation takes some time (may be more than 15 Minutes).
Where is the Support Bundle Stored ?
Support bundle is stored in the supportbundle directory. To view the contents, use the following command:
OS10# dir supportbundle
Sample output:
OS10# dir supportbundle Directory contents for folder: supportbundle Date (modified) Size (bytes) Name --------------------- ------------ ------------------------------------------ 2020-01-12T19:34:21Z 8070044 sosreport-OS10-20200112193142.tar.xz 2020-01-12T19:34:27Z 33 sosreport-OS10-20200112193142.tar.xz.md5
How to Verify the Support Bundle Generation has Started
During support bundle generation, we see a random file that is generated in the supportbundle directory. You must wait until the generation process is complete.
Sample output
OS10# dir supportbundle Directory contents for folder: supportbundle Date (modified) Size (bytes) Name --------------------- ------------ ------------------------------------------ 2020-01-13T09:17:12Z 3932160 _proc_sys.tar <<<This is not the complete file. This files size increases during support bundle generation.
Logging
When support bundle generation starts, it is logged.
Sample output
OS10# show logging log-file | grep "SUPPORT_BUNDLE_STARTED" <165>1 2020-01-12T19:31:11.808623+00:00 OS10 dn_svc_sw 832 - - Node.1-Unit.1:PRI [event], Dell EMC (OS10) %SUPPORT_BUNDLE_STARTED: generate support-bundle execution has started successfully:All Plugin options enabled
How to Verify the Support Bundle Generation is Complete
After support bundle generation, there are two files in the support bundle directory; one is the support bundle file and the other is a file with md5 extension. The md5 file is a checksum file that is used to verify the integrity of bundle file. Send both of the files to Technical Support.
Sample output
OS10# dir supportbundle Directory contents for folder: supportbundle Date (modified) Size (bytes) Name --------------------- ------------ ------------------------------------------ 2020-01-12T19:34:21Z 8070044 sosreport-OS10-20200112193142.tar.xz <<<Support bundle file 2020-01-12T19:34:27Z 33 sosreport-OS10-20200112193142.tar.xz.md5 <<<Md5 checksum file
In the above example, sosreport-OS10-20200112193142.tar.xz is the support bundle file and sosreport-OS10-20200112193142.tar.xz.md5 is its md5 checksum file.
Logging
When support bundle generation is complete, it is logged.
Sample output
OS10# show logging log-file | grep "BUNDLE_COMPLETED" <165>1 2020-01-12T19:34:27.831211+00:00 OS10 dn_svc_sw 832 - - Node.1-Unit.1:PRI [event], Dell EMC (OS10) %SUPPORT_BUNDLE_COMPLETED: generate support-bundle execution has completed successfully:All Plugin options enabled
How to Retrieve Support Bundle from the Switch.
You can use ftp, http, https, scp, sftp, tftp, or usb to collect the support-bundle, or you can use system bash to scp the support bundle to a local node in the rack to download over WinSCP.
Use the following command from the switch prompt:
OS10# copy supportbundle://sosreport-OS10- file-number.tar.xz XXXX://server-address/path commands
Where XXXX = ftp, http, https, scp, sftp, or tftp. If you are using USB, format it in FAT32.
Sample output
OS10#copy supportbundle://sosreport-OS10-20200112193142.tar.xz tftp://10.0.0.0.1/sosreport-OS10-20200112193142.tar.xz
Use the following commands for system bash:
-
system bash
-
ls -ltrh /var/opt/dell/os10/support_bundle/bundle/
-
sudo scp /var/opt/dell/os10/support_bundle/bundle/sosreport* <user>@<node IP>:/target/dir
- Then enter correct passwords when prompted
Sample output
OS10# system bash admin@OS10:~$ ls -ltrh /var/opt/dell/os10/support_bundle/bundle/ total 12M -rw------- 1 root root 12M Nov 6 19:47 sosreport-os10-20241106194507.tar.xz -rw-r--r-- 1 root root 33 Nov 6 19:47 sosreport-os10-20241106194507.tar.xz.md5 admin@OS10:~$ sudo scp /var/opt/dell/os10/support_bundle/bundle/sosreport* admin@192.168.219.5:/home/admin [sudo] password for admin: The authenticity of host '192.168.219.5 (192.168.219.5)' can't be established. ED25519 key fingerprint is SHA256:SObGGFqgOZ4nY8np1sYvobZAHw2F96Goi7rdzHS+jQU. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.219.5' (ED25519) to the list of known hosts. Password: sosreport-os10-20241106194507.tar.xz 100% 12MB 1.6MB/s 00:07 sosreport-os10-20241106194507.tar.xz.md5 100% 33 4.1KB/s 00:00
Delete an Existing Support Bundle
Support bundle may consume some space from your switch storage. Hence, after retrieving the bundle, you can delete it. Use the following command:
OS10# delete supportbundle://sosreport- filename.tar.extention
Sample output
OS10#delete supportbundle://sosreport-OS10-20200112193142.tar.xz
Affected Products
Dell Networking SmartFabric OS10: Password Recovery
Summary: In some situations, users may forget the password for both OS10 user «admin» and Linux user «linuxadmin, » this results in users unable to log in to OS10.
Instructions
Maintenance Windows must be scheduled for password recovery operation because switch must be rebooted multiple times (three or more) during the activity.
The OS10 user guide has a similar procedure to address this situation under «Troubleshoot OS10.» If both OS10 user (admin) and Linux admin (linuxadmin) passwords have been forgotten, the linuxadmin password must be recovered first from GRUB.
Then the OS10 user (admin) password can be recovered by linuxadmin from the Linux kernel.
If only the OS10 user (admin) password has been forgotten, the operation is simpler as no console is required. Login through SSH or Telnet to the Linux kernel with linuxadmin, then reset the admin user password.
Step 1 Connect to the serial console port.
Set the serial settings 115200 baudrate, 8 data bits, and no parity.
Reboot the switch by powering off the switch then powering on the switch.
Step 2 Press E while getting the below output to open the OS10 GRUB editor menu:
If it is an older version, say 10.5.0.x or earlier, the below is seen.
Step 3 Make the following changes to set booting behavior:
If it is a newer version, say 10.5.2.x or later, use the arrow keys to move to the end of the line that has set os_debug_args=, then add init=/bin/bash to the end.
If it is an older version, say 10.5.0.x or earlier, use the arrow keys to move to the end of the line that starts with «linux,» then add init=/bin/bash at the end of the line.
Reboot the switch by pressing Ctrl + x or Alt + 0 (0 is number zero). The system boots into root shell (OS10 linux kernel) WITHOUT a password.
If it is a newer version, say 10.5.2.x or later:
Booting a command list Loading OS10 ... AF, DXE_EXIT_BOOT_SERVICES(03101019) B0, B1, [ 1.193068] intel_rapl: driver does not support CPU family 6 model 77 bash: cannot set terminal process group (-1): Inappropriate ioctl for device bash: no job control in this shell root@OS10:/#
If it is an older version, say 10.5.0.x or earlier:
Step 4 Check the Linux user «linuxadmin» status:
root@OS10:/# root@OS10:/# cat /etc/passwd | grep linuxadmin linuxadmin:x:1000:1000:,,,:/home/linuxadmin:/bin/bash ------// if there's NO "/bin/bash", reset it with below command, root@OS10:/# root@OS10:/# usermod -s /bin/bash linuxadmin ------// reset the login shell mode, usermod: no changes ------// it's already correct, so no changes, root@OS10:/#
Check if the Linux user «linuxadmin» is locked, and unlock it if it is.
root@OS10:/# root@OS10:/# passwd -S linuxadmin linuxadmin L 07/22/2022 0 99999 7 -1 ------// 'L' means user locked, root@OS10:/# root@OS10:/# passwd -u linuxadmin ------// unlock the user, passwd: password expiry information changed. root@OS10:/# root@OS10:/# passwd -S linuxadmin ------// check again, it's correct user status, linuxadmin P 07/22/2022 0 99999 7 -1 root@OS10:/#
Step 5 Reset the password for Linux user «linuxadmin.»
root@OS10:/# root@OS10:/# passwd linuxadmin ------// reset user "linuxadmin" password, New password: <reset password with the user name : linuxadmin> Retype new password: <retype new password : linuxadmin> passwd: password updated successfully root@OS10:/# root@OS10:/# sync ------// synchronize system to save the new password, root@OS10:/# After password recovery done, please remember to reset the linuxadmin password manually in running-configurations later as below : OS10(config)# system-user linuxadmin password [retype your new password] OS10(config)# exit OS10# write memory OS10# Another preferred method is to use script as below : Notes : the script will also update the new linuxadmin password in "startup.xml". If the OS10 version is 10.5.1.0, then run the following command. root@OS10: /# sed -ibak '31,41s/^/#/g' /opt/dell/os10/ bin/recover_linuxadmin_password.sh Configure the password by using the script command : root@OS10:/# /opt/dell/os10/bin/recover_linuxadmin_password.sh [plainpassword] Notes: Enter the linuxadmin password in plain text. For example : root@OS10:/# /opt/dell/os10/bin/recover_linuxadmin_password.sh P@ssw0rd123! root@OS10:/# root@OS10:/# sync ------// synchronize system to save the new password, root@OS10:/#
Step 6 Force rebooting system again.
root@OS10:/# root@OS10:/# reboot -f ------// force switch to reboot, Rebooting. [ 417.428659] reboot: Restarting system 15, 00068001, 19, 00068000, BIOS Boot Selector for S4100 Version 3.33.0.1-12 ...<output omitted>... Then try login with Linux user "linuxadmin" and new password "linuxadmin" as below. OS10 login: linuxadmin Password: linuxadmin Linux OS10 4.19.208 #1d SMP Debian 4.19.208-1 x86_64 ...<output omitted>... linuxadmin@OS10:~$ ------// login to the kernel shell mode directly, password recovered successfully to the default (the same as user name),
Log in to the Linux kernel with user «linuxadmin» successfully.
Step 7 Reset the password for OS10 user «admin.»
linuxadmin@OS10:~$ linuxadmin@OS10:~$ sudo -i ------// get the root permission, We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for linuxadmin: root@OS10:~#
root@OS10:~# passwd -S admin ------// check and make sure user status, not locked, admin P 07/25/2022 0 99999 7 -1 root@OS10:~# root@OS10:~# cat /etc/passwd | grep admin ...<output omitted>... admin:x:1003:997::/config/home/admin:/opt/dell/os10/bin/clish ------// check the shell mode and make sure it's "/opt/dell/os10/bin/clish", root@OS10:~# Reset password, root@OS10:~# root@OS10:~# passwd admin New password: <reset the password with user name : admin> BAD PASSWORD: it is too short BAD PASSWORD: is too simple Retype new password: <retype the password : admin> passwd: password updated successfully root@OS10:~#
Step 8 Exit and try logging in with user «admin.»
OS10 login: admin Password: admin Last login: Mon Jul 25 05:21:56 UTC 2022 on ttyS0 Linux OS10 4.19.208 #1d SMP Debian 4.19.208-1 x86_64 ...<output omitted>... %Warning : Default password for admin account should be changed to secure the system %Warning : Default password for linuxadmin account should be changed to secure the system. OS10# ------// login to the OS10 shell mode, password recovered successfully to the default (the same as user name),
Log in to the OS10 shell with user «admin» successfully.
Notice the %Warning logs, you should set a new password of your own choosing. Keep that new password in mind.
Step 9 Set a new password as users or admin.
OS10# OS10# configure terminal OS10(config)# OS10(config)# service simple-password ------// this is optional, if want to set simple password. OS10(config)# OS10(config)# username admin password <input customer's password> role sysadmin OS10(config)# OS10(config)# system-user linuxadmin <input customer's password> linuxadmin OS10(config)# OS10(config)# end OS10# write memory ------// save changed configuration, DO NOT forget the new password !!!! OS10#
Affected Products
Dell Networking SmartFabric OS10: recuperación de contraseña
Resumen: En algunas situaciones, los usuarios pueden olvidar la contraseña tanto para el usuario de OS10 «admin» como para el usuario de Linux «linuxadmin», lo que hace que los usuarios no puedan iniciar sesión en OS10.
Instrucciones
Las ventanas de mantenimiento deben programarse para la operación de recuperación de contraseña porque el conmutador debe reiniciarse varias veces (tres o más) durante la actividad.
La guía del usuario de OS10 tiene un procedimiento similar para abordar esta situación en «Solucionar problemas de OS10». Si se han olvidado las contraseñas de usuario (admin) y admin de Linux (linuxadmin), la contraseña de linuxadmin debe recuperarse primero de GRUB.
Luego, linuxadmin puede recuperar la contraseña de usuario (admin) de OS10 desde el kernel de Linux.
Si solo se ha olvidado la contraseña de usuario (administrador) de OS10, la operación es más sencilla ya que no se requiere consola. Inicie sesión a través de SSH o Telnet en el kernel de Linux con linuxadmin, luego restablezca la contraseña del usuario administrador.
Paso 1 Conéctese al puerto de la consola serie.
Establezca la configuración de serie 115200 velocidad en baudios, 8 bits de datos y sin paridad.
Reinicie el conmutador apagándolo y luego encendiéndolo.
Paso 2 Presione E mientras obtiene la siguiente salida para abrir el menú del editor OS10 GRUB:
Si se trata de una versión anterior, digamos 10.5.0.x o anterior, se ve lo siguiente.
Paso 3 Realice los siguientes cambios para establecer el comportamiento de arranque:
Si es una versión más reciente, digamos 10.5.2.x o posterior, use las teclas de flecha para moverse al final de la línea que tiene , luego agregue al final.set os_debug_args=init=/bin/bash
Si se trata de una versión anterior, digamos 10.5.0.x o anterior, use las teclas de flecha para moverse al final de la línea que comienza con «linux«, luego agregue al final de la línea.init=/bin/bash
Reinicie el interruptor presionando + o + (0 es el número cero). El sistema arranca en root shell (kernel de Linux OS10) SIN contraseña.
Si es una versión más reciente, diga 10.5.2.x o posterior:CtrlxAlt0
Booting a command list Loading OS10 ... AF, DXE_EXIT_BOOT_SERVICES(03101019) B0, B1, [ 1.193068] intel_rapl: driver does not support CPU family 6 model 77 bash: cannot set terminal process group (-1): Inappropriate ioctl for device bash: no job control in this shell root@OS10:/#
Si es una versión anterior, digamos 10.5.0.x o anterior:
Paso 4 Verifique el estado del usuario de Linux «linuxadmin»:
root@OS10:/# root@OS10:/# cat /etc/passwd | grep linuxadmin linuxadmin:x:1000:1000:,,,:/home/linuxadmin:/bin/bash ------// if there's NO "/bin/bash", reset it with below command, root@OS10:/# root@OS10:/# usermod -s /bin/bash linuxadmin ------// reset the login shell mode, usermod: no changes ------// it's already correct, so no changes, root@OS10:/#
Compruebe si el usuario de Linux «linuxadmin» está bloqueado y desbloquéelo si lo está.
root@OS10:/# root@OS10:/# passwd -S linuxadmin linuxadmin L 07/22/2022 0 99999 7 -1 ------// 'L' means user locked, root@OS10:/# root@OS10:/# passwd -u linuxadmin ------// unlock the user, passwd: password expiry information changed. root@OS10:/# root@OS10:/# passwd -S linuxadmin ------// check again, it's correct user status, linuxadmin P 07/22/2022 0 99999 7 -1 root@OS10:/#
Paso 5 Restablece la contraseña para el usuario de Linux «linuxadmin».
root@OS10:/# root@OS10:/# passwd linuxadmin ------// reset user "linuxadmin" password, New password: <reset password with the user name : linuxadmin> Retype new password: <retype new password : linuxadmin> passwd: password updated successfully root@OS10:/# root@OS10:/# sync ------// synchronize system to save the new password, root@OS10:/# After password recovery done, please remember to reset the linuxadmin password manually in running-configurations later as below : OS10(config)# system-user linuxadmin password [retype your new password] OS10(config)# exit OS10# write memory OS10# Another preferred method is to use script as below : Notes : the script will also update the new linuxadmin password in "startup.xml". If the OS10 version is 10.5.1.0, then run the following command. root@OS10: /# sed -ibak '31,41s/^/#/g' /opt/dell/os10/ bin/recover_linuxadmin_password.sh Configure the password by using the script command : root@OS10:/# /opt/dell/os10/bin/recover_linuxadmin_password.sh [plainpassword] Notes: Enter the linuxadmin password in plain text. For example : root@OS10:/# /opt/dell/os10/bin/recover_linuxadmin_password.sh P@ssw0rd123! root@OS10:/# root@OS10:/# sync ------// synchronize system to save the new password, root@OS10:/#
Paso 6 Forzar el reinicio del sistema nuevamente.
root@OS10:/# root@OS10:/# reboot -f ------// force switch to reboot, Rebooting. [ 417.428659] reboot: Restarting system 15, 00068001, 19, 00068000, BIOS Boot Selector for S4100 Version 3.33.0.1-12 ...<output omitted>... Then try login with Linux user "linuxadmin" and new password "linuxadmin" as below. OS10 login: linuxadmin Password: linuxadmin Linux OS10 4.19.208 #1d SMP Debian 4.19.208-1 x86_64 ...<output omitted>... linuxadmin@OS10:~$ ------// login to the kernel shell mode directly, password recovered successfully to the default (the same as user name),
Inicie sesión en el kernel de Linux con el usuario «linuxadmin» correctamente.
Paso 7 Restablezca la contraseña para el usuario OS10 «admin».
linuxadmin@OS10:~$ linuxadmin@OS10:~$ sudo -i ------// get the root permission, We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for linuxadmin: root@OS10:~#
root@OS10:~# passwd -S admin ------// check and make sure user status, not locked, admin P 07/25/2022 0 99999 7 -1 root@OS10:~# root@OS10:~# cat /etc/passwd | grep admin ...<output omitted>... admin:x:1003:997::/config/home/admin:/opt/dell/os10/bin/clish ------// check the shell mode and make sure it's "/opt/dell/os10/bin/clish", root@OS10:~# Reset password, root@OS10:~# root@OS10:~# passwd admin New password: <reset the password with user name : admin> BAD PASSWORD: it is too short BAD PASSWORD: is too simple Retype new password: <retype the password : admin> passwd: password updated successfully root@OS10:~#
Paso 8 Sal e intenta iniciar sesión con el usuario «admin».
OS10 login: admin Password: admin Last login: Mon Jul 25 05:21:56 UTC 2022 on ttyS0 Linux OS10 4.19.208 #1d SMP Debian 4.19.208-1 x86_64 ...<output omitted>... %Warning : Default password for admin account should be changed to secure the system %Warning : Default password for linuxadmin account should be changed to secure the system. OS10# ------// login to the OS10 shell mode, password recovered successfully to the default (the same as user name),
Inicie sesión en el shell de OS10 con el usuario «admin» correctamente.
Observe los registros de %Warning, debe establecer una nueva contraseña de su elección. Tenga en cuenta esa nueva contraseña.
Paso 9 Establezca una nueva contraseña como usuarios o administrador.
OS10# OS10# configure terminal OS10(config)# OS10(config)# service simple-password ------// this is optional, if want to set simple password. OS10(config)# OS10(config)# username admin password <input customer's password> role sysadmin OS10(config)# OS10(config)# system-user linuxadmin <input customer's password> linuxadmin OS10(config)# OS10(config)# end OS10# write memory ------// save changed configuration, DO NOT forget the new password !!!! OS10#
Productos afectados
Microsoft Exchange Server Vulnerabilities Mitigations – updated March 15, 2021
HAProxy – IIS and X-Forward-For Header
IIS and X-Forwarded-For Header
So, you’re using IIS and you want to track your clients by IP address in your IIS logs. Unfortunately, out of the tin, this is not directly supported. The X-Forwarded-For (XFF) HTTP header is an industry standard method to find the IP address of a client machine that is connecting to your web server via an HTTP proxy, load balancer etc. Fortunately, depending on the version of IIS being used, there are a number of ways to enable this.
A – IIS 7 & later :
Microsoft do now have a solution – it’s called IIS Advanced Logging. This is an installable IIS feature and can be downloaded here. Once installed on the IIS server, you’ll see an extra option called ‘Advanced Logging’ for the sites in IIS.
Once installed, follow the steps below to add the X-Forwarded-For log field to IIS:
1. From your Windows Server 2008 or Windows Server 2008 R2 device, open IIS Manager
2. From the Connections navigation pane, click the appropriate server, web site, or directory on which you are configuring Advanced Logging. The Home page appears in the main panel
3. From the Home page, under IIS, double-click Advanced Logging
4. From the Actions pane on the right, click Edit Logging Fields
5. From the Edit Logging Fields dialog box, click the Add Field button, and then complete the following:
-in the Field ID box, type X-Forwarded-For
-from the Category list, select Default
-from the Source Type list, select Request Header
-in the Source Name box, type X-Forwarded-For
-click the OK button in the Add Logging Field box, and then click the OK button in the Edit Logging Fields box
6. Click a Log Definition to select it. By default, there is only one: %COMPUTERNAME%-Server. The log definition you select must have a status of Enabled
7. From the Actions pane on the right, click Edit Log Definition
8. Click the Select Fields button, and then check the box for the X-Forwarded-For logging field
9. Click the OK button
10. From the Actions pane, click Apply
11. Click Return To Advanced Logging
12. In the Actions pane, click Enable Advanced Logging
Now, when you look at the logs the client IP address is included.
B – IIS 6 :
Unfortunatey the Microsoft solution mentioned above is not available for IIS 6. luckily there are a number of solutions available to address this limitation – some that cost money and others that have been released as open source. One excellent example that we’ve tested with our products is F5′s X-Forwarded-For ISAPI filter. It’s avaialable in both in 32 & 64 bit versions.
1. Download the zipped archive from here and extract to an appropriate folder
2. Navigate to the relevant version (32 or 64 bit)
3. Copy F5XForwardedFor.dll to a suitable location on your server, e.g. C:ISAPIfilters
4. Make sure you have ISAPI Filters enabled on your IIS server
5. Open IIS Manager, right-click the site and select Properties
6. Select the ISAPI Filters tab
7. Click ‘add’, then in the popup enter a suitable name and select the DLL file stored in step 3
8. Restart your website
That’s it – you should now start seeing the IP address of the client PC’s in your IIS logs rather than the IP of the load balancer.
———————————————————————————————————————————–
IIS X-Forward-For ISAPI Filter
A recent customer issue came up where they were load balancing servers but we unable to get the true client address logged in their IIS logs. They had their servers fronted by a BIG-IP and when clients would make requests the address passed to the server was the internal address of the BIG-IP and not that of the client.
This is a common issue with proxies and fortunately there is a standard for forwarding client information. It is the HTTP X-Forwarded-For header which is handled by most proxies. So, I set out to find an existing ISAPI filter to replace the c-ip (client ip) log value in IIS with the contents of the X-Forwarded-For header (if it exists). I was amazed to find that I couldn’t find a single instance of any open source (or even commercial) filter that would do this.
So, I dug out Visual Studio and whipped up a filter that does just that. It’s very basic and contains no user configuration so all you need to do is plug it into your Web Applications list of ISAPI Filters within the IIS Administration and you’re set to go.
We’ve released the source under the iControl End User License Agreement (available in any iControl SDK download). You can download it in the CodeShare section of DevCentral. If you find a way to optimize this filter, please let me know and I’ll update the sources here.
After 24-hours of posting, a customer already returned some performance testing on the filter indicating that it only effected the traffic by less than 1 percent. I’m sure there are ways to optimize the memory allocation in the filter to speed this up a bit more, but I’ll leave that for the community to work on.
Oh, and it should be noted that the X-Forwarded-For header isn’t supported the same way across all proxy products so you’ll want to make sure you test this out before using it. It is expecting the header to only contain an IP Address as it does a straight substitution on the value in the c-ip section of the log entry.
Enjoy!
HAProxy – Instalación, configuración, actualización…..
Pruebas con HAProxy. Muy buena experiencia general, estupendo balanceo con muuuchas opciones.
Para más información y detalles de HAProxy
Instalar la distribucion de linux deseada, en mi caso opté por Debian, Ubunto lo traé integrado en el repositorio.
Configurar las tarjetas de red con ip´s fijas y las que sean necesarias según el entorno, para ello editamos el fichero /etc/network/interfaces:
Como ejemplo:
nano /etc/network/interfaces
allow-hotplug eth0
auto eth0
iface eth0 inet static
address 10.0.0.1
netmask 255.255.254.0
gateway 10.0.1.254
dns-nameservers 10.0.0.21 10.0.0.22
auto eth0:0
iface eth0:0 inet static
address 10.0.1.1
netmask 255.255.254.0
gateway 10.0.1.254
dns-nameservers 10.0.0.21 10.0.0.22
——————————————————————–
Actualizar el sistema.
apt-get update
apt-get upgrade
apt-get dist-update
INSTALAMOS:
Aquí comienza la instación de los requisitos para HAProxy:
apt-get install build-essential make libpcre3 libpcre3-dev
apt-get install build-essential libssl-dev libpopt-dev git libpcre3-dev
apt-get install linux-kernel-headers (opcional)
——————————————————————————————————————————————
Opcional para evitar estos avisos o errores con versiones de kernel 2.6.xx:
PCRE library supports JIT : no (USE_PCRE_JIT not set)
PCRE library supports JIT : no (libpcre build without JIT?)
——————————————————————————————————————————————
cd /usr/src/
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.32.tar.gz
tar xzfv pcre-8.32.tar.gz
cd pcre-8.32
./configure –enable-jit –enable-utf && make
——————————————————————————————————————————————
Ahora descargamos el programa HAProxy:
cd /usr/src/
wget http://haproxy.1wt.eu/download/1.5/src/devel/haproxy-1.5-dev21.tar.gz
tar xzfv haproxy-1.5-dev21.tar.gz
cd haproxy-1.5-dev21
COMPILAMOS:
Tenemos varias opciones de compilación, yo utilizo la última (en negrita):
make TARGET=linux2628 CPU=native USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
make TARGET=linux2628 CPU=native USE_STATIC_PCRE=1 USE_LINUX_TPROXY=1
make TARGET=linux2628 CPU=native USE_PCRE=1 USE_STATIC_PCRE=1 USE_LINUX_TPROXY=1 USE_POLL=default USE_OPENSSL=1 USE_ZLIB=1
make TARGET=custom CPU=native USE_PCRE=1 USE_LIBCRYPT=1 USE_LINUX_SPLICE=1 USE_LINUX_TPROXY=1
make TARGET=linux2628 CPU=native USE_LINUX_SPLICE=1 USE_LIBCRYPT=1 USE_POLL=default USE_PCRE=1
make TARGET=linux2628 CPU=native USE_PCRE=1 USE_LIBCRYPT=1 USE_LINUX_SPLICE=1 USE_LINUX_TPROXY=1 USE_OPENSSL=1 USE_ZLIB=1
make TARGET=linux2628 CPU=native USE_LINUX_SPLICE=1 USE_LIBCRYPT=1 USE_POLL=default USE_PCRE=1 USE_ZLIB=1 USE_LINUX_TPROXY=1 USE_OPENSSL=1
make TARGET=linux2628 CPU=native USE_ZLIB=1 USE_OPENSSL=1 USE_STATIC_PCRE=1 USE_PCRE_JIT=1 PCRE_INC=/usr/src/pcre-8.32/ \PCRE_LIB=/usr/src/pcre-8.32/.libs
make TARGET=linux2628 CPU=native USE_LINUX_SPLICE=1 USE_LIBCRYPT=1 USE_POLL=default USE_ZLIB=1 USE_LINUX_TPROXY=1 USE_OPENSSL=1 USE_STATIC_PCRE=1 USE_PCRE_JIT=1 PCRE_INC=/usr/src/pcre-8.32/ \PCRE_LIB=/usr/src/pcre-8.32/.libs
make TARGET=linux2628 CPU=native ARCH=x86_64 USE_LINUX_SPLICE=1 USE_LIBCRYPT=1 USE_POLL=default USE_ZLIB=1 USE_LINUX_TPROXY=1 USE_OPENSSL=1 USE_STATIC_PCRE=1 USE_PCRE_JIT=1 PCRE_INC=/usr/src/pcre-8.32/ \PCRE_LIB=/usr/src/pcre-8.32/.libs
make install
CREAMOS LINKS y CARPETAS:
ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy
mkdir /usr/share/haproxy
nano /etc/init.d/haproxy (creamos script de inicio-parada del sevicio)
—————————————————————————
#!/bin/sh
### BEGIN INIT INFO
# Provides: haproxy
# Required-Start: $local_fs $network
# Required-Stop: $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: fast and reliable load balancing reverse proxy
# Description: This file should be used to start and stop haproxy.
### END INIT INFO
# Author: Arnaud Cornet <acornet@debian.org>
PATH=/sbin:/usr/sbin:/bin:/usr/bin
PIDFILE=/var/run/haproxy.pid
CONFIG=/etc/haproxy/haproxy.cfg
HAPROXY=/usr/sbin/haproxy
EXTRAOPTS=
ENABLED=0
test -x $HAPROXY || exit 0
test -f «$CONFIG» || exit 0
if [ -e /etc/default/haproxy ]; then
. /etc/default/haproxy
fi
test «$ENABLED» != «0» || exit 0
[ -f /etc/default/rcS ] && . /etc/default/rcS
. /lib/lsb/init-functions
haproxy_start()
{
start-stop-daemon –start –pidfile «$PIDFILE» \
–exec $HAPROXY — -f «$CONFIG» -D -p «$PIDFILE» \
$EXTRAOPTS || return 2
return 0
}
haproxy_stop()
{
if [ ! -f $PIDFILE ] ; then
# This is a success according to LSB
return 0
fi
for pid in $(cat $PIDFILE) ; do
/bin/kill $pid || return 4
done
rm -f $PIDFILE
return 0
}
haproxy_reload()
{
$HAPROXY -f «$CONFIG» -p $PIDFILE -D $EXTRAOPTS -sf $(cat $PIDFILE) \
|| return 2
return 0
}
haproxy_status()
{
if [ ! -f $PIDFILE ] ; then
# program not running
return 3
fi
for pid in $(cat $PIDFILE) ; do
if ! ps –no-headers p «$pid» | grep haproxy > /dev/null ; then
# program running, bogus pidfile
return 1
fi
done
return 0
}
case «$1» in
start)
log_daemon_msg «Starting haproxy» «haproxy»
haproxy_start
ret=$?
case «$ret» in
0)
log_end_msg 0
;;
1)
log_end_msg 1
echo «pid file ‘$PIDFILE’ found, haproxy not started.»
;;
2)
log_end_msg 1
;;
esac
exit $ret
;;
stop)
log_daemon_msg «Stopping haproxy» «haproxy»
haproxy_stop
ret=$?
case «$ret» in
0|1)
log_end_msg 0
;;
2)
log_end_msg 1
;;
esac
exit $ret
;;
reload|force-reload)
log_daemon_msg «Reloading haproxy» «haproxy»
haproxy_reload
case «$?» in
0|1)
log_end_msg 0
;;
2)
log_end_msg 1
;;
esac
;;
restart)
log_daemon_msg «Restarting haproxy» «haproxy»
haproxy_stop
haproxy_start
case «$?» in
0)
log_end_msg 0
;;
1)
log_end_msg 1
;;
2)
log_end_msg 1
;;
esac
;;
status)
haproxy_status
ret=$?
case «$ret» in
0)
echo «haproxy is running.»
;;
1)
echo «haproxy dead, but $PIDFILE exists.»
;;
*)
echo «haproxy not running.»
;;
esac
exit $ret
;;
*)
echo «Usage: /etc/init.d/haproxy {start|stop|reload|restart|status}»
exit 2
;;
esac
:
—————————————————————————————
chmod +x /etc/init.d/haproxy
update-rc.d haproxy defaults
nano /etc/default/haproxy (creamos el fichero de configuración para habilitarlo)
————————————————————————————
# Set ENABLED to 1 if you want the init script to start haproxy.
ENABLED=1
# Add extra flags here.
#EXTRAOPTS=»-de -m 16″
—————————————————————————————
groupadd haproxy
useradd -g haproxy haproxy
mkdir /etc/haproxy
mkdir /etc/haproxy/errors
cp /usr/src/haproxy-1.5-dev21/examples/errorfiles/* /etc/haproxy/errors
nano /etc/haproxy/haproxy.cfg
service haproxy restart
Ya estaría funcionando.
——————————————————————————————————————————————
Lo siguiente es para organizar los logs y que se eliminen pasado un tiempo (28 días).
nano /etc/rsyslog.d/haproxy.conf
if ($programname == ‘haproxy’ and $syslogseverity-text == ‘info’) then -/var/log/haproxy/haproxy-info.log
& ~
if ($programname == ‘haproxy’ and $syslogseverity-text == ‘notice’) then -/var/log/haproxy/haproxy-notice.log
& ~
nano /etc/logrotate.d/haproxy
/var/log/haproxy/*.log {
daily
missingok
rotate 28
compress
delaycompress
notifempty
create 644 root adm
sharedscripts
postrotate
/etc/init.d/haproxy reload > /dev/null
endscript
}
——————————————————————————————————————————————
Para actualizar o cambiar de versión de HAProxy:
cd /usr/src/haproxy-xxxxxx
make clean
make TARGET=linux2628 CPU=native ARCH=x86_64 USE_LINUX_SPLICE=1 USE_LIBCRYPT=1 USE_POLL=default USE_ZLIB=1 USE_LINUX_TPROXY=1 USE_OPENSSL=1 USE_STATIC_PCRE=1 USE_PCRE_JIT=1 PCRE_INC=/usr/src/pcre-8.32/ \PCRE_LIB=/usr/src/pcre-8.32/.libs
sudo make install
Ya estaría cambiada la versión.
——————————————————————————————————————————————
Reiniciar el servicio sin apenas parada, aunque de por sí es muy rápido.
haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid -sf $(cat /var/run/haproxy.pid)
haproxy -f configfile -sf
——————————————————————————————————————————————
Si queremos tener varios HAProxy por si falla el principal que tome el control otro, podemos utilizar Keepalived.
Primero lo instalamos.
apt-get install -y keepalived
update-rc.d keepalived defaults
echo «net.ipv4.ip_nonlocal_bind = 1» >> /etc/sysctl.conf
sysctl -p
La configuración del principal o master sería (XXX.XXX.XXX.XXX = IP Virtual deseada):
Master
nano /etc/keepalived/keepalived.conf
———————————————————————————————–
vrrp_script chk_haproxy {
script «killall -0 haproxy» # verify the pid existance
interval 2 # check every 2 seconds
weight 2 # add 2 points of prio if OK
}
vrrp_instance VI_1 {
interface eth0 # interface to monitor
state MASTER
virtual_router_id 51 # Assign one ID for this route
priority 101 # 101 on master, 100 on backup
virtual_ipaddress {
XXX.XXX.XXX.XXX # the virtual IP
}
track_script {
chk_haproxy
}
}
La configuración del backup o esclavo sería (XXX.XXX.XXX.XXX = IP Virtual deseada):
Esclavo
nano /etc/keepalived/keepalived.conf
vrrp_script chk_haproxy {
script «killall -0 haproxy» # verify the pid existance
interval 2 # check every 2 seconds
weight 2 # add 2 points of prio if OK
}
vrrp_instance VI_1 {
interface eth0 # interface to monitor
state MASTER
virtual_router_id 51 # Assign one ID for this route
priority 100 # 101 on master, 100 on backup
virtual_ipaddress {
XXX.XXX.XXX.XXX # the virtual IP
}
track_script {
chk_haproxy
}
}
————————————————————————————————–
/etc/init.d/keepalived start
ip a | grep -e inet.*eth0
cat /var/log/messages | grep VRRP_Instance
——————————————————————————————————————————————
Para comprobar si la configuración del HAProxy es correcta antes de ponerla en producción:
haproxy -f /etc/haproxy/haproxy.cfg -c
——————————————————————————————————————————————
Saber versión instalada de HAProxy y compilación:
haproxy -vv
——————————————————————————————————————————————
Ejemplo de fichero de configuración haproxy.cfg para versión 1.4 (XXX.XXX.XXX.XXX = IP Virtual):
———————————————- Inicio fichero haproxy.cfg 1.4.xx ——————————————–
global
daemon
log /dev/log local0 info
log /dev/log local0 notice
maxconn 1000
pidfile /var/run/haproxy.pid
stats socket /var/run/haproxy.stat mode 600 level admin
userlist stats-auth
group admin users Admin
user Admin insecure-password password
group readonly users user
user user insecure-password password
defaults
backlog 10000
default-server inter 3s rise 2 fall 3
log global
option contstats
option dontlognull
option redispatch
retries 3
timeout client 300s
timeout connect 30s
timeout http-keep-alive 5s
timeout http-request 15s
timeout queue 30s
timeout tarpit 1m
timeout server 300s
frontend ft_ftp_tcp
bind *:21 name ftp
mode tcp
maxconn 2000
default_backend bk_ftp_server_pool
frontend ft_sftp_tcp
bind XXX.XXX.XXX.XXX:22 name sftp
mode tcp
maxconn 2000
default_backend bk_sftp_server_pool
frontend ft_smtpsrv_tcp
bind XXX.XXX.XXX.XXX:25 name smtp
mode tcp
maxconn 2000
default_backend bk_smtpsrv_server_pool
frontend ft_web_http
bind *:80 name http
mode http
maxconn 10000
default_backend bk_web_server_pool
frontend ft_pop_tcp
bind *:110 name imap
mode tcp
maxconn 2000
default_backend bk_pop_server_pool
frontend ft_imap_tcp
bind *:143 name imap
mode tcp
maxconn 2000
default_backend bk_imap_server_pool
frontend ft_exchange_tcp
bind *:443 name https
mode tcp
maxconn 10000
default_backend bk_exchange_server_pool
frontend ft_smtpcli_tcp
bind *:587 name smtpcli
bind *:5587 name smtpcli
mode tcp
maxconn 2000
default_backend bk_smtpcli_server_pool
frontend ft_ftps_tcp
bind *:990 name imaps
mode tcp
maxconn 2000
default_backend bk_imaps_server_pool
frontend ft_imaps_tcp
bind *:993 name imaps
mode tcp
maxconn 2000
default_backend bk_imaps_server_pool
frontend ft_pops_tcp
bind *:995 name pops
mode tcp
maxconn 2000
default_backend bk_pops_server_pool
frontend ft_eset_tcp
bind *:2221-2222 name esethttp
mode tcp
maxconn 2000
default_backend bk_eset_server_pool
frontend ft_antispam_tcp
bind *:8081 name antispam_http
bind *:8481 name antispam_https
mode tcp
maxconn 2000
default_backend bk_antispam_server_pool
frontend ft_weblog_tcp
bind *:9991 name weblog
mode tcp
maxconn 2000
default_backend bk_weblog_server_pool
backend bk_ftp_server_pool
option tcplog
option abortonclose
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server FTP_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 21
server FTP_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 21
backend bk_sftp_server_pool
option tcplog
option abortonclose
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server SFTP_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 22
server SFTP_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 22
backend bk_smtpsrv_server_pool
option tcplog
option abortonclose
option smtpchk HELO dominio.com
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server SMTP_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 25
server SMTP_1.XX 10.0.1.1XXweight 1 maxconn 1000 check port 25 backup
backend bk_web_server_pool
mode http
option httpclose
option forwardfor
option httplog
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server WEB_1.XX 10.0.1.XX:80 weight 1 maxconn 5000 check port 82
server WEB_1.XX 10.0.1.XX:80 weight 1 maxconn 5000 check port 82
backend bk_pop_server_pool
option tcplog
option abortonclose
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server POP_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 110
server POP_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 110
backend bk_imap_server_pool
option tcplog
option abortonclose
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server IMAP_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 143
server IMAP_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 143
backend bk_exchange_server_pool
option tcplog
option abortonclose
option ssl-hello-chk
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server HTTPS_1.XX 10.0.1.XX:443 weight 1 maxconn 5000 check port 443
server HTTPS_1.XX 10.0.1.XX:443 weight 1 maxconn 5000 check port 443
backend bk_smtpcli_server_pool
option tcplog
option abortonclose
option smtpchk HELO dominio.com
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server SMTPCLI_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 587
server SMTPCLI_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 587
backend bk_ftps_server_pool
option tcplog
option abortonclose
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server FTPS_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 990
server FTPS_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 990
backend bk_imaps_server_pool
option tcplog
option abortonclose
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server IMAPS_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 993
server IMAPS_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 993
backend bk_pops_server_pool
option tcplog
option abortonclose
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server POPS_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 995
server POPS_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 995
backend bk_eset_server_pool
option tcplog
option abortonclose
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server ESET_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 2221
server ESET_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 2221
backend bk_antispam_server_pool
option tcplog
option abortonclose
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server ANTISPAM_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 8481
server ANTISPAM_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 8481 backup
backend bk_weblog_server_pool
option tcplog
option abortonclose
stick-table type ip size 10240k expire 60m
stick on src
balance leastconn
server WEBLOG_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 9991
server WEBLOG_1.XX 10.0.1.XX weight 1 maxconn 1000 check port 9991
listen admin
bind *:8080
mode http
acl AUTH http_auth(stats-auth)
acl AUTH_ADMIN http_auth_group(stats-auth) admin
http-check expect status 200
maxconn 10
option abortonclose
option forceclose
option httpclose
option http-server-close
stats admin if AUTH_ADMIN
stats enable
stats hide-version
stats http-request auth unless AUTH
stats refresh 30s
stats show-desc RBHAProxyD1
stats show-legends
stats uri /stats
———————————————-Final fichero haproxy.cfg 1.4.xx ———————————————-
Ejemplo de fichero de configuración haproxy.cfg para versión 1.5 (XXX.XXX.XXX.XXX = IP Virtual):
———————————————- Inicio fichero haproxy.cfg 1.5.xx ————————————–
global
daemon
log /dev/log local0 info
log /dev/log local0 notice
maxconn 1000
pidfile /var/run/haproxy.pid
stats socket /var/run/haproxy.stat mode 600 level admin
userlist stats-auth
group admin users Admin
user Admin insecure-password password
group readonly users user
user user insecure-password password
defaults
backlog 10000
compression algo gzip
compression type text/html text/html;charset=utf-8 text/plain text/css text/javascript application/x-javascript application/javascript application/ecmascript application/rss+xml application/atomsvc+xml application/atom+xml application/atom+xml;type=entry application/atom+xml;type=feed application/cmisquery+xml application/cmisallowableactions+xml application/cmisatom+xml application/cmistree+xml application/cmisacl+xml application/msword application/vnd.ms-excel application/vnd.ms-powerpoint
default-server inter 3s rise 2 fall 3
log /dev/log local0 info
log /dev/log local0 notice
maxconn 100
option contstats
option dontlognull
option log-health-checks
option redispatch
option tcp-smart-accept
option tcp-smart-connect
retries 3
timeout client 300s
timeout connect 30s
timeout http-keep-alive 30s
timeout http-request 60s
timeout queue 300s
timeout server 600s
timeout tarpit 300s
frontend f-ftp-in
bind *:21 name ftp
mode tcp
maxconn 100
stick-table type ip size 200 expire 30s store conn_cnt
tcp-request content reject if { src_updt_conn_cnt gt 3 }
default_backend b-ftp
frontend f-sftp-in
bind XXX.XXX.XXX.XXX:22 name sftp
mode tcp
maxconn 100
stick-table type ip size 200 expire 30s store conn_cnt
tcp-request content reject if { src_updt_conn_cnt gt 3 }
default_backend b-sftp
frontend f-smtpsrv-in
bind XXX.XXX.XXX.XXX:25 name smtp
mode tcp
maxconn 100
default_backend b-smtpsrv
frontend f-http-in
bind *:80 name http
mode http
maxconn 200
option forceclose
option forwardfor
option httpclose
option httplog
option http-server-close
default_backend b-http
frontend f-pop-in
bind *:110 name pop3
bind *:995 name pop3s
mode tcp
maxconn 100
default_backend b-pop
frontend f-imap-in
bind *:143 name imap
bind *:993 name imaps
mode tcp
maxconn 100
default_backend b-imap
frontend f-https-in
bind *:443 name https
mode tcp
acl aplicaciones req_ssl_sni -i aplicaciones.dominio.com
acl aplicaciones2 req_ssl_sni -i aplicaciones2.dominio.com
acl aplicaciones3 req_ssl_sni -i aplicaciones3.dominio.com
maxconn 200
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
use_backend b-aplicaciones if aplicaciones
use_backend b-aplicaciones2 if aplicaciones2
use_backend b-aplicaciones3 if aplicaciones3
default_backend b-https
frontend f-smtpcli-in
bind *:587 name smtpcli
bind *:5587 name smtpcli
mode tcp
maxconn 100
default_backend b-smtpcli
frontend f-ftps-in
bind *:990 name imaps
mode tcp
maxconn 100
stick-table type ip size 200 expire 30s store conn_cnt
tcp-request content reject if { src_updt_conn_cnt gt 3 }
default_backend b-ftps
frontend f-eset-in
bind *:2221-2222 name esethttp
mode tcp
maxconn 100
default_backend b-eset
frontend f-mysql-in
bind *:3306 name mysql
mode tcp
maxconn 200
default_backend b-mysql
frontend f-ums-in
bind *:8015 name antispam_http
mode http
maxconn 100
option forceclose
option forwardfor
option httpclose
option httplog
option http-server-close
default_backend b-ums
frontend f-antispam-in
bind *:8081 name antispam_http
mode http
maxconn 100
option forceclose
option forwardfor
option httpclose
option httplog
option http-server-close
default_backend b-antispam
frontend f-weblog-in
bind *:9991 name weblog
mode http
maxconn 100
option forceclose
option forwardfor
option httpclose
option httplog
option http-server-close
default_backend b-weblog
backend b-ftp
mode tcp
balance leastconn
option abortonclose
option persist
option redispatch
option tcp-check expect string 220
option tcplog
stick-table type ip size 10240k expire 60m
stick on src
server FTP_1.XX 10.0.1.XX:21 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server FTP_1.XX 10.0.1.XX:21 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
backend b-sftp
mode tcp
balance leastconn
option abortonclose
option persist
option redispatch
option tcp-check
option tcplog
stick-table type ip size 10240k expire 60m
stick on src
server SFTP_1.XX 10.0.1.XX:22 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server SFTP_1.XX 10.0.1.XX:22 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
backend b-smtpsrv
mode tcp
balance leastconn
option abortonclose
option persist
option redispatch
option smtpchk HELO dominio.com
option tcplog
stick-table type ip size 10240k expire 60m
stick on src
server SMTP_1.XX 10.0.1.XX:25 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server SMTP_1.XX 10.0.1.XX:25 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions backup
backend b-http
mode http
http-check expect status 200
balance roundrobin
option abortonclose
option forceclose
option forwardfor
option httpchk
option httpclose
option httplog
option http-server-close
stick-table type ip size 10240k expire 60m
stick on src
server HTTP_1.XX 10.0.1.XX:80 weight 1 maxconn 200 check port 82 inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server HTTP_1.XX 10.0.1.XX:80 weight 1 maxconn 200 check port 82 inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
backend b-pop
mode tcp
balance leastconn
option abortonclose
option persist
option redispatch
option tcplog
option tcp-check expect string +OK
stick-table type ip size 10240k expire 60m
stick on src
server POP_1.XX 10.0.1.XX:110 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server POP_1.XX 10.0.1.XX:110 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
backend b-imap
mode tcp
balance leastconn
option abortonclose
option persist
option redispatch
option tcplog
option tcp-check expect string * OK
stick-table type ip size 10240k expire 60m
stick on src
server IMAP_1.XX 10.0.1.XX:143 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server IMAP_1.XX 10.0.1.XX:143 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
backend b-https
mode tcp
balance leastconn
acl clienthello req_ssl_hello_type 1
acl serverhello rep_ssl_hello_type 2
option abortonclose
option persist
option redispatch
option ssl-hello-chk
option tcplog
stick-table type binary len 32 size 10240k expire 60m
stick on payload_lv(43,1) if clienthello
stick store-response payload_lv(43,1) if serverhello
tcp-request content accept if clienthello
tcp-request inspect-delay 5s
tcp-response content accept if serverhello
server HTTPS_1.XX 10.0.1.XX:443 weight 1 maxconn 200 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server HTTPS_1.XX 10.0.1.XX:443 weight 1 maxconn 200 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
backend b-aplicaciones
mode tcp
balance leastconn
acl clienthello req_ssl_hello_type 1
acl serverhello rep_ssl_hello_type 2
option abortonclose
option ssl-hello-chk
option tcplog
stick-table type binary len 32 size 10240k expire 60m
stick on payload_lv(43,1) if clienthello
stick store-response payload_lv(43,1) if serverhello
tcp-request content accept if clienthello
tcp-request inspect-delay 5s
tcp-response content accept if serverhello
server HTTPS_0.XX 10.0.0.XX:443 weight 1 maxconn 200 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
backend b-aplicaciones2
mode tcp
balance leastconn
acl clienthello req_ssl_hello_type 1
acl serverhello rep_ssl_hello_type 2
option abortonclose
option ssl-hello-chk
option tcplog
stick-table type binary len 32 size 10240k expire 60m
stick on payload_lv(43,1) if clienthello
stick store-response payload_lv(43,1) if serverhello
tcp-request content accept if clienthello
tcp-request inspect-delay 5s
tcp-response content accept if serverhello
server HTTPS_0.XX 10.0.0.XX:443 weight 1 maxconn 200 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
backend b-aplicaciones3
mode tcp
balance leastconn
acl clienthello req_ssl_hello_type 1
acl serverhello rep_ssl_hello_type 2
option abortonclose
option ssl-hello-chk
option tcplog
stick-table type binary len 32 size 10240k expire 60m
stick on payload_lv(43,1) if clienthello
stick store-response payload_lv(43,1) if serverhello
tcp-request content accept if clienthello
tcp-request inspect-delay 5s
tcp-response content accept if serverhello
server HTTPS_0.XX 10.0.0.XX:443 weight 1 maxconn 200 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
backend b-smtpcli
mode tcp
balance leastconn
option abortonclose
option persist
option redispatch
option smtpchk HELO dominio.com
option tcplog
stick-table type ip size 10240k expire 60m
stick on src
server SMTPCLI_1.XX 10.0.1.XX:587 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server SMTPCLI_1.XX 10.0.1.XX:587 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
backend b-ftps
mode tcp
balance leastconn
option abortonclose
option persist
option redispatch
option tcp-check
option tcplog
stick-table type ip size 10240k expire 60m
stick on src
server FTPS_1.XX 10.0.1.XX:990 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server FTPS_1.XX 10.0.1.XX:990 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
backend b-eset
mode tcp
balance roundrobin
option abortonclose
option tcplog
stick-table type ip size 10240k expire 60m
stick on src
server ESET_1.XX 10.0.1.XX:2221 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server ESET_1.XX 10.0.1.XX:2221 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
backend b-mysql
mode tcp
balance roundrobin
option abortonclose
option mysql-check user haproxy
option persist
option redispatch
option tcplog
stick-table type ip size 10240k expire 60m
stick on src
server MYSQL_1.XX 10.0.1.XX:3306 weight 10 maxconn 200 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server MYSQL_1.XX 10.0.1.XX:3306 weight 1 maxconn 200 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server MYSQL_3.XX 10.0.3.XX:3306 weight 1 maxconn 200 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions backup
backend b-ums
mode http
balance roundrobin
http-check expect status 200
option abortonclose
option forceclose
option forwardfor
option httpchk
option httpclose
option httplog
option http-server-close
stick-table type ip size 10240k expire 60m
stick on src
server UMS_1.XX 10.0.1.XX:8015 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
backend b-antispam
mode http
balance leastconn
http-check expect status 200
option abortonclose
option forceclose
option forwardfor
option httpchk
option httpclose
option httplog
option http-server-close
stick-table type ip size 10240k expire 60m
stick on src
server ANTISPAM_1.XX 10.0.1.XX:8081 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server ANTISPAM_1.XX 10.0.1.XX:8081 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions backup
backend b-weblog
mode http
balance roundrobin
option abortonclose
option forceclose
option forwardfor
option httpchk
option httpclose
option httplog
option http-server-close
stick-table type ip size 10240k expire 60m
stick on src
server WEBLOG_1.XX 10.0.1.XX:9991 weight 10 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server WEBLOG_1.XX 10.0.1.XX:9991 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
server WEBLOG_1.XX 10.0.1.XX:9991 weight 1 maxconn 100 check inter 3s rise 2 fall 3 on-marked-down shutdown-sessions
listen admin
bind *:8080
mode http
acl AUTH http_auth(stats-auth)
acl AUTH_ADMIN http_auth_group(stats-auth) admin
http-check expect status 200
maxconn 10
option abortonclose
option forceclose
option httpclose
option http-server-close
stats admin if AUTH_ADMIN
stats enable
stats hide-version
stats http-request auth unless AUTH
stats refresh 30s
stats show-desc RBHAProxyD1
stats show-legends
stats uri /stats
————————————– Final fichero haproxy.cfg 1.5.xx ———————————
Algunos enlaces con información de HAProxy:
Parte 1 : Instalacion y configuracion del servicio
Parte 2: Fichero de reglas de prueba
How to Compile HAProxy From Source and Setup a Basic Configuration
HAProxy Quickstart w/ full example config file
Configure HAProxy with TPROXY kernel for full transparent proxy
Setting up HAProxy with Transparent Mode on Centos 6.x
Setting up HAproxy with TProxy
Install HAProxy and Keepalived (Virtual IP)
HAProxy for Alfresco
Enhanced SSL load-balancing with Server Name Indication (SNI) TLS extension
Maintain affinity based on SSL session ID
Configure HAProxy to Load Balance Sites With SSL
Using HAProxy to Build a More Featureful Elastic Load Balancer
HAProxy add test-check-expect to test various http-check methods
HAProxy – route by domain name
High Availability Web Services Using HAProxy
XBMCbuntu, upgrading XBMC via ppa (Frodo 12.2 to 12.3)
Upgrading XBMC via ppa in XBMCbuntu
- see also: What might break when upgrading to v12
You dont have to necessarily wipe your current install to try a new Version of XBMC, like a nightly version or beta for example, you can just fire up Putty or a shell in Linux/OS X.
sudo apt-get install python-software-properties pkg-config sudo add-apt-repository -r ppa:whatever-ppa-you-have-now sudo add-apt-repository ppa:whatever-ppa-here sudo apt-get update sudo apt-get upgrade sudo apt-get install xbmc xbmc.bin
- See also: Connecting to XBMCbuntu via SSH
————————————————
Ubuntu
- Simple Install Instructions
- Before you run these comands type «sudo echo» into the terminal and hit Enter.
- Then copy the area below up to sudo add…
- Go back to the terminal, hit the middle mouse button and when it prompts hit Enter.
- Copy the part after sudo add… and paste it to the terminal.
- If it askes you if you want to install enter y and hit Enter
sudo apt-get install python-software-properties pkg-config sudo apt-get install software-properties-common sudo add-apt-repository ppa:team-xbmc/ppa sudo apt-get update sudo apt-get install xbmc
Repositories
- https://launchpad.net/~team-xbmc/+archive/ppa ppa:team-xbmc/ppa
- https://launchpad.net/~team-xbmc/+archive/unstable ppa:team-xbmc/unstable
- https://launchpad.net/~team-xbmc/+archive/xbmc-nightly ppa:team-xbmc/xbmc-nightly
Frodo is available from Ubuntu 11.10 (Oneiric Ocelot) to 13.04 (Raring Ringtail), you can install from the team-xbmc PPA as follows or replace the ppa with the desired from above.
sudo apt-get install python-software-properties pkg-config sudo apt-get install software-properties-common sudo add-apt-repository ppa:team-xbmc/ppa sudo apt-get update sudo apt-get install xbmc