exeral's questions

I have:

• a linux box: 10.20.0.2
• a gateway which I have no access on it: 10.20.0.1
• a Fortigate: 10.10.0.1

I would like to provide internet to 10.20.0.2 through 10.10.0.1

I can't add a route since 10.10.0.1 is not directly connected. How to achieve this ? I am thinking to a tunnel between 10.20.0.2 and 10.10.0.1, like GRE. not sure this is a good idea...

    ******
 ****    *****
**           **              ┌───────────┐                           ┌───────────┐       ┌───────────┐
**  0.0.0.0   *──────────────┤ 10.10.0.1 ├────────IPSEC─VPN──────────┤10.20.0.1  ├───────┤ 10.20.0.2 │
 *            *              └───────────┘                           └───────────┘       └───────────┘
 ******    ****
      ******

When creating VPC attachment in TGW, one step is:

For Subnet IDs, select one subnet for each Availability Zone to be used by the transit gateway to route traffic. You must select at least one subnet. You can select only one subnet per Availability Zone.

AWS autoselect 3 random subnets (like DMZ-A+ APP-B+ DATA-C)

I always change to select: APP-A + APP-B + APP-C

Is there any recommendation ? best practice ?

using different subnet types (dmz and/or app and/or data) seems the worst choice.

• I have server A: memcache server 10.0.0.1:11211
• I have server B: memcache server 192.168.0.1:11211
• I have full access to server A. I have no access to server B

I want to replicate traffic received on 10.0.0.1:11211 to 192.168.0.1:11211

I have set a this rule: iptables -t mangle -A PREROUTING -i eth0 -p TCP --dport 11211 -j TEE --gateway 192.168.0.1

I can see server B receive the packet, however the destination IP is still 10.0.0.1

How can I modify the packet on server A so it goes to the network with 192.168.0.1 destination IP ?

I connect to many servers daily. my ssh config default username is "admin"

but servers comes from different environnements and username can changes. sometimes it will be "ec2-user" or "exploitation" or "something-else" ...

Is there a way SSH remember that last connection to 192.0.2.1/server.example.org was with "ec2-user" ?

So I don't have to specify "-l ec2-user" next time.

is there an AWS service that can maintain an OS like ansible ?

I mean: install package1 and package2, create folder /foo/bar, tune sysctl, ...

I don't mean: manage AWS ressource like route53, S3 buckets, loadbalancer, ...

How to translate this command:

ip link add name vti1 type vti key VTI_KEY local LOCAL_IPv4_ADDR remote REMOTE_IPv4_ADDR

into persistent config in /etc/sysconfig/network-scripts/ifcfg-vti1 ?

in AWS, What kind of routes can be propagated to VPC route tables ?

I know:

• site-to-site VPN routes via Virtual Private Gateway

anything else ?

I have in the postfix conf:

relayhost = my.internal.relay.example.org

All the mails transit through this relay. by default, postfix will try to do a MX lookup on my.internal.relay.example.org

Why ?

It's not the purpose of MX record. I just want to send through this host, not to the domain.

I know how to fix it (with [] or postfix config). postfix manuals says how to change the behaviour but not the reason.

I have two platforms with many servers I want to connect to via ssh.

I have in resolv.conf

search domain1.net domain2.org

So I only have the machine name to type for ssh.

I want to have an ssh config per domain:

• user admin for every machine of domain1.net
• user root for every machine of domain2.org

How can I achieve that ?

Host, Hostname directives seems to only works with what you type in the ssh command, not what is expanded with DNS suffixes

I have a yum repo:

[sensu-checks-prod]
name=sensu-checks-prod
baseurl=http://our.internal.repo/pulp/repos/Sensu_checks_el6-prod/
enabled=1
gpgcheck=0

Which is composed of gem to RPMs created with fpm

I have edited this package to change the version requirement of sensu-rubygem(rest-client) which was fixed to =1.8.0 to >=1.8.0

If I download the package from the repo

# wget http://our.internal.repo/pulp/repos/Sensu_checks_el6-prod/sensu-rubygem-sensu-plugins-jenkins-1.2.0-1.x86_64.rpm

and check with rpm

# rpm -qpR sensu-rubygem-sensu-plugins-jenkins-1.2.0-1.x86_64.rpm
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
ruby  
rubygems  
sensu-rubygem(chronic_duration) = 0.10.6
sensu-rubygem(jenkins_api_client) = 1.4.2
sensu-rubygem(rest-client) >= 1.8.0
sensu-rubygem(sensu-plugin) >= 1.2
sensu-rubygem(sensu-plugin) < 2.0

Version requirement is OK: sensu-rubygem(rest-client) >= 1.8.0

If I check with yum:

# yum deplist sensu-rubygem-sensu-plugins-jenkins
Modules complémentaires chargés : fastestmirror
Recherche de dépendances :
Determining fastest mirrors    
sensu-checks-prod                                                                                                                                                                                                      | 2.1 kB     00:00     
sensu-checks-prod/primary                                                                                                                                                                                              |  17 kB     00:00     
sensu-checks-prod                                                                                                                                                                                                                       64/64  
paquet : sensu-rubygem-sensu-plugins-jenkins.x86_64 1.2.0-1
  dépendance : sensu-rubygem(jenkins_api_client) = 1.4.2
   provider: sensu-rubygem-jenkins_api_client.x86_64 1.4.2-1
  dépendance : sensu-rubygem(rest-client) = 1.8.0
   Dépendance non satisfaite
  dépendance : ruby
   provider: ruby.x86_64 1.8.7.374-4.el6_6
  dépendance : rubygems
   provider: rubygems.noarch 1.3.7-1.el6
   provider: rubygems.noarch 1.3.7-5.el6
  dépendance : sensu-rubygem(sensu-plugin) < 2.0
   provider: sensu-rubygem-sensu-plugin.x86_64 1.4.4-1
   provider: sensu-plugin.x86_64 1.0-1
   provider: sensu-rubygem-sensu-plugin.x86_64 1.4.5-1
  dépendance : sensu-rubygem(chronic_duration) = 0.10.6
   provider: sensu-rubygem-chronic_duration.x86_64 0.10.6-1
  dépendance : sensu-rubygem(sensu-plugin) >= 1.2
   provider: sensu-rubygem-sensu-plugin.x86_64 1.4.4-1
   provider: sensu-plugin.x86_64 1.0-1
   provider: sensu-rubygem-sensu-plugin.x86_64 1.4.5-1

It is NOT ok: sensu-rubygem(rest-client) = 1.8.0

yum clean all has been done of course.

Why yum does not reflect the >= that rpm shows correctly ??

thanks

• short version: a working equivalent to scp -3 http://user:[email protected]/somefile ftp://user:pass@ftpserver/my/path

• detailed version:

      +------+               +-------+             +-------------+
      | HTTP +---------------> linux +------------->  FTP server |
      +------+    WWW        +-------+    LAN      +-------------+
  

  • I have a HTTP ressource on the web. let's say http://example.org/somefile
  • I have a linux host (RaspberryPi) connected to the below FTP server
  • I have a FTP server (mediacenter box)

  I want to transfer the HTTP file to the FTP server through the linux host. without storing the whole file on the linux host, just acting as buffer between endpoints

What is the easy way to do this ?

thanks

I manage several OpenVPN links.

Sometimes while the VPN connection is UP for a few minutes/hours it suddenly gets down with the following (error) message:

event_wait : Interrupted system call (code=4)

Sep  8 11:13:46 hostname ovpn.udp[2622]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sep  8 12:05:59 hostname ovpn.udp[2622]: event_wait : Interrupted system call (code=4)
Sep  8 12:05:59 hostname ovpn.udp[2622]: TCP/UDP: Closing socket

Dec 18 02:14:12 hostname ovpn.udp[5783]: Initialization Sequence Completed
Dec 18 02:15:43 hostname ovpn.udp[5783]: event_wait : Interrupted system call (code=4)

Restarting often solves the problem.

What does this message mean? What is triggering this error?

Thanks

I have a Linux RAID6 array (mdadm) composed of 8 disks.

2 disks failed. I replaced them, now I have 2 new empty disks. I would like to rebuild the raid

but when I start a raid rebuild, the rebuild fails because a third disk is showing read errors and get ejected of the array.

It's ok to loose data on the few sectors producing read errors.

(What is | is there any) way to recover the raid array ?

according to the manpage of stunnel4

the certificates in this directory should be named XXXXXXXX.0 where XXXXXXXX is the hash value of the DER encoded subject of the cert (the first 4 bytes of the MD5 hash in least significant byte order).

How can I produce a such thing ?

I tried, unsuccessfully :s :

openssl x509 -in cert.crt -inform PEM -out cert.der -outform DER

then

openssl dgst cert.der