Gerald Schneider's questions

We have an application that used to authenticate via our Atlassian Crowd instance, but after a major rewrite that authentication source is not available anymore. Now I need a solution to authenticate users from both our Active Directory and an OpenLDAP server, which was previously handled by Crowd.

The most promising option seems to be the OpenLDAP meta backend, and I now have a configuration where I can find users from both directories with ldapsearch, but authentication only works for AD users. I found a couple of questions like this, which were very helpful, but ultimatley didn't work for me.

           Application
               │
               ▼
         OpenLDAP (meta)
             │   │
             │   │
 OpenLDAP ◄──┘   └─►  Active Directory

This is my current configuration:

moduleload back_meta.la
moduleload back_ldap.la
moduleload rwm

include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/msuser.schema

database meta

suffix "dc=openldap,dc=Example,dc=com"
uri "ldap://openldap.example.com/dc=openldap,dc=Example,dc=com"
map objectclass user inetOrgPerson
map attribute sAMAccountName uid
#map attribute unicodePwd userPassword
map attribute objectGUID entryUUID
map objectclass group groupOfUniqueNames
map attribute member uniqueMember
protocol-version 3
#rebind-as-user yes
idassert-authzFrom "dn.regex:.*"

suffix "DC=ad,DC=Example,DC=com"
uri "ldap://dc01.ad.example.com/DC=ad,DC=Example,DC=com"
rebind-as-user yes
chase-referrals no
readonly yes
protocol-version 3
idassert-bind
  bindmethod=simple
  binddn="CN=username,OU=Service-Accounts,DC=ad,DC=Example,DC=com"
  credentials="PASSWORD"
  flags=override
  mode=none
norefs yes
sizelimit 999
idassert-authzFrom "dn.regex:.*"

suffix "dc=Example,dc=com"
rootdn "cn=admin,dc=Example,dc=com"
rootpw PASSWORD

It seems that the only problem left is the password field. According to the MS documentation both unicodePwd and userPassword exist in AD, yet neither works for the OpenLDAP server (which uses userPassword). I was unable to find out how passwords are hashed in AD, the accounts stored in OpenLDAP are hashed with MD5 or SSHA, depending on the age of the password I guess.

I tried rebind-as-user on and off for the OpenLDAP server, I tried binding with a username instead of anonymous, I have no ideas left.

What is missing to be able to authenticate against both directories?

Is there any way to clear stale allocated GRES in Slurm?

I have one node where 4 GPUs are allocated while no jobs are running on the node. Rebooting the node does not release the GPUs.

user@control1:~$ scontrol show node node2
NodeName=node2 Arch=x86_64 CoresPerSocket=64
   CPUAlloc=0 CPUTot=256 CPULoad=0.05
   AvailableFeatures=(null)
   ActiveFeatures=(null)
   Gres=gpu:tesla:8
   NodeAddr=node2 NodeHostName=node2 Version=21.08.5
   OS=Linux 5.15.0-83-generic #92-Ubuntu SMP Mon Aug 14 09:30:42 UTC 2023
   RealMemory=1025596 AllocMem=0 FreeMem=1025887 Sockets=2 Boards=1
   State=IDLE ThreadsPerCore=2 TmpDisk=0 Weight=1 Owner=N/A MCS_label=N/A
   Partitions=DEFAULT
   BootTime=2023-09-19T12:58:23 SlurmdStartTime=2023-09-19T12:59:06
   LastBusyTime=2023-09-19T12:59:07
   CfgTRES=cpu=256,mem=1025596M,billing=256,gres/gpu=8,gres/gpu:tesla=8
   AllocTRES=gres/gpu=4
   CapWatts=n/a
   CurrentWatts=0 AveWatts=0
   ExtSensorsJoules=n/s ExtSensorsWatts=0 ExtSensorsTemp=n/s

user@control1:~$ squeue -w node2 --state=all
   JOBID     NAME     USER    STATE         TIME        QOS PRIORITY   TIME_LIMIT NODELIST(REASON)

How can I configure Zabbix to allow hosts to be unreachable at unplanned times?

We have some cluster running where usually not all nodes are completely utilized (VMware, Slurm, OpenStack) and we are currently evaluating where we can shut down hosts do conserve power when possible.

Both VMware and Slurm can do this easily, but they more or less randomly decide which hosts to shut down and when, so maintenance windows are out.

On Slurm I have to write a script to handle the shutdown and power up, I could add an API call there that disables and enables monitoring of the shut down server, but on VMware I can't do this.

The only way I can currently think of are trigger dependencies, but I don't really see how I could configure them in a useful way.

Some clarifications:

• I want to "pause" monitoring of nodes that are shut down intentionally
• I still need alarms to be triggered when nodes are down unintentionally
• I would prefer not to install anything on an ESXi host, except maybe as a VIB that is going to be supported in the foreseeing future
• I would prefer to have everything directly in Zabbix or on the Zabbix host
• I would prefer to have the same method for all types of hosts, so it's easier to maintain

My current idea (work in progress):

• Monitoring of the node state via control plane
• A trigger that is triggered when the state is in planned standby
• An action that either enables/disables the host or creates/deletes maintenance periods
  This needs a small script on the Zabbix host that utilizes the API, but this is fine for me

This is a Canonical Question about reverse proxies, how they work and how they are configured.

How can I serve requests from a service on a different port or from a different server with the same webserver and distinguish it via the URL?

Searching for multiline patterns in files with grep is trivial. Inverting that pattern not so much.

Background: I want to create clean variable files without passwords so I can commit them into a repository.

Example of a variable file containing an encrypted password:

ansible_user: rick
ansible_become_password: !vault |
        $ANSIBLE_VAULT;1.1;AES256
        35623732646263636163383738353230626565383533626261313564383832643334363632383134
        3833316539376436333462303564636236646662376535300a356631346166626632333365353465
        30343138313363666434343938393464343861666234633434383037393230633333333364383835
        3962383339373731610a316362326239386539633638646331636633333330633231383730323634
        33653332353239353662366631373037653135303163663365633532643535663933
never: 'gonna,give,you,up'

Intended result:

ansible_user: rick
never: 'gonna,give,you,up'

I can easily match the lines containing the passwords with this command:

grep -Pz '.+\: !vault \|(\n\s+.+){2,}' host_vars/host.yml

The problem: The parameter -v, which usually inverts the result, doesn't work with -P

How can I create a copy of the variable files without the password lines?

I'm trying to get an aggregated value over the latency from all datastores from all ESXi hosts.

I tried these variants of the grpmax aggregation function:

grpmax["Hypervisors","vmware.hv.datastore.read[{$URL},{HOST.HOST},,latency]",avg,600]
grpmax["Hypervisors","vmware.hv.datastore.read[,,,latency]",avg,600]

But for both I'm getting the error message:

Incorrect function expression: grpmax["Hypervisors","vmware.hv.datastore.read[,,,latency]",avg,600]

How do I have to enter the keys so that zabbix finds them in the aggregation?

The keys of the items I want to aggregate look like this:

vmware.hv.datastore.read[{$URL},{HOST.HOST},datastore1,latency]
vmware.hv.datastore.read[{$URL},{HOST.HOST},datastore2,latency]
vmware.hv.datastore.read[{$URL},{HOST.HOST},datastore3,latency]

I'm using keepalived to switch a floating IP between two VMs.

/etc/keepalived/keepalived.conf on VM 1:

vrrp_instance VI_1 {
    state MASTER
    interface ens160
    virtual_router_id 101
    priority 150
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass secret
    }
    virtual_ipaddress {
        1.2.3.4
    }
}

/etc/keepalived/keepalived.conf on VM 2:

vrrp_instance VI_1 {
    state MASTER
    interface ens160
    virtual_router_id 101
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass secret
    }
    virtual_ipaddress {
        1.2.3.4
    }
}

This basically works fine, with one exception: Everytime systemd gets updated (it's running Ubuntu 18.04) it reloads it's network component, resulting in dropping the floating IP because it's not configured in the system. Since both keepalived instances still can ping each other, none of them sees anything wrong and none of them reacts on this, resulting in the floating IP staying down.

I found that you can check for the IP with a simple script like this:

vrrp_script chk_proxyip {
    script "/sbin/ip addr |/bin/grep 1.2.3.4"
}

vrrp_instance VI_1 {
    # [...]
    track_script {
        chk_proxyip
    }
}

But I'm not sure if this is a working approach.

If I understand it correctly the following would happen, if I configure this script on VM1:

1. VM1 loses the IP due to a systemd restart
2. keepalived on VM1 detects the loss of the IP
3. keepalived switches to FAULT state and stops broadcasting vrrp packages
4. keepalived on VM2 detects the loss of keepalived on VM1 and puts the floating IP up

At this point the IP is working again on VM2, but VM1 would stay in this state because the IP never comes up again on VM1. If VM2 goes down (for whatever reason) VM1 wouldn't take it over, because it is still in FAULT state.

How can I ensure that the floating IP is always up on one of the VMs?

Further tests:

I tried to ping the floating IP instead of checking if it is active on a specific host in a check_script:

vrrp_script chk_proxyip {
    script "/bin/ping -c 1 -w 1 1.2.3.4"
    interval 2
}

Configuring this script on node 2 resulted in the following:

1. removed the IP on node 1 for testing
2. node 2 detected the IP loss and changed from BACKUP to FAULT
3. node 1 ignored the state change and stayed MASTER

The result: the IP stayed down.

Configuring the script on node 1 resulted in the following:

1. removed the IP on node 1
2. node 1 detected the IP loss and changed from MASTER to FAULT
3. node 2 detected the state change on node 1 and changed from BACKUP to MASTER, configuring the floating IP on node 2

Well, and then ...

Feb 13 10:11:26 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Transition to MASTER STATE
Feb 13 10:11:27 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Entering MASTER STATE
Feb 13 10:11:29 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Received advert with higher priority 150, ours 100
Feb 13 10:11:29 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Entering BACKUP STATE
Feb 13 10:11:32 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Transition to MASTER STATE
Feb 13 10:11:33 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Entering MASTER STATE
Feb 13 10:11:36 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Received advert with higher priority 150, ours 100
Feb 13 10:11:36 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Entering BACKUP STATE
Feb 13 10:11:38 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Transition to MASTER STATE
Feb 13 10:11:39 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Entering MASTER STATE
Feb 13 10:11:41 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Received advert with higher priority 150, ours 100
Feb 13 10:11:41 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Entering BACKUP STATE
Feb 13 10:11:44 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Transition to MASTER STATE
Feb 13 10:11:45 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Entering MASTER STATE
Feb 13 10:11:47 node2 Keepalived_vrrp[3486]: VRRP_Instance(VI_1) Received advert with higher priority 150, ours 100
...

I had to restart keepalived on node1 to stop the ping pong game between the nodes.

I'm using the following partman settings for automated installs of VMs for some years now:

d-i partman-auto/disk string /dev/sda
d-i partman-auto/method string regular
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-md/device_remove_md boolean true
d-i partman-lvm/confirm boolean true
d-i partman/alignment string "optimal"
d-i partman-auto/expert_recipe string                         \
      boot-root ::                                            \
              64 512 300% linux-swap                          \
                      $primary{ }                             \
                      method{ swap } format{ }                \
              .                                               \
              500 10000 1000000000 ext4                       \
                      $primary{ } $bootable{ }                \
                      method{ format } format{ }              \
                      use_filesystem{ } filesystem{ ext4 }    \
                      mountpoint{ / }                         \
              .
d-i partman/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true

This creates a small swap partition at the beginning and uses the rest of the disk for the root partition. This works well and allows easy partition extension when I need to increase the size of the virtual disk.

Now I'm trying to adapt this recipe to install a number of identical bare metal servers. To do that I just switched the partitions and set the sizes to more reasonable values for a machine with 256GB RAM and 460GB system disk (SSDs in a hardware RAID1, but that shouldn't matter):

  boot-root ::                                            \
          32768 65536 1000000000 ext4                     \
                  $primary{ } $bootable{ }                \
                  method{ format } format{ }              \
                  use_filesystem{ } filesystem{ ext4 }    \
                  mountpoint{ / }                         \
          .                                               \
          16384 16384 65536 linux-swap                    \
                  $primary{ }                             \
                  method{ swap } format{ }                \
          .                                                 

The rest of the partman* directives are identical.

As far as I understand the documentation (and additional posts like this) this should create a large root partition that spans nearly the entire disk, with a swap partition between 16 and 64 GB at the end.

Well, it doesn't. It creates a 450MB partition, followed by a 460GB swap partition.

When I install the same machine with the preseed for VMs, the partitions are created properly as defined in the preseed file:

So, what am I doing wrong with the recipe for the bare metal machine?

If it matters, the install iso is based on the Ubuntu 16.04.5 server iso.

Output of fdisk /dev/sda and parted /dev/sda print:

Some more variants I tried:

# this belongs to tha last block, as suggested by @Peter
#d-i partman-basicfilesystems/choose_label string gpt
#d-i partman-basicfilesystems/default_label string gpt
#d-i partman-partitioning/choose_label string gpt
#d-i partman-partitioning/default_label string gpt
#d-i partman/choose_label string gpt
#d-i partman/default_label string gpt

d-i partman-auto/expert_recipe string                         \
      boot-root ::                                            \
##########################
              65536 1 -1 ext4                             \
                      $primary{ } $bootable{ }                \
                      method{ format } format{ }              \
                      use_filesystem{ } filesystem{ ext4 }    \
                      mountpoint{ / }                         \
              .                                               \
              65536 65536 65536 linux-swap                    \
                      $primary{ }                             \
                      method{ swap } format{ }                \
              .                                               
##########################
#              1 1 -1 ext4                             \
#                      $primary{ } $bootable{ }                \
#                      method{ format } format{ }              \
#                      use_filesystem{ } filesystem{ ext4 }    \
#                      mountpoint{ / }                         \
#              .                                               \
#              65536 65536 65536 linux-swap                    \
#                      $primary{ }                             \
#                      method{ swap } format{ }                \
#              .                                               
##########################
#              32768 50 5242880 ext4                             \
#                      $primary{ } $bootable{ }                \
#                      method{ format } format{ }              \
#                      use_filesystem{ } filesystem{ ext4 }    \
#                      mountpoint{ / }                         \
#              .                                               \
#              16384 100 65536 linux-swap                    \
#                      $primary{ }                             \
#                      method{ swap } format{ }                \
#              .                                               
##########################
# use along with the annoted partman-* directives above
#              538 538 1075 free                           \
#                      $iflabel{ gpt }                     \
#                      $reusemethod{ }                     \
#                      method{ efi }                       \
#                            format{ }                     \
#              .                                           \
#              1 1 -1 ext4                                 \
#                  $primary{ } $bootable{ }                \
#                  method{ format } format{ }              \
#                  use_filesystem{ } filesystem{ ext4 }    \
#                  mountpoint{ / }                         \
#              .                                           \
#              65536 65536 65536 linux-swap                \
#                  $primary{ }                             \
#                  method{ swap } format { }               \              .                         
#              .

It doesn't make a difference, the resulting root partition always has only 453MB.

I'm trying to deploy OpenStack Queens with kolla-ansible (7.0.0) on Ubuntu hosts, following the official guide.

After successful bootstrap-servers and precheck the deploy command fails:

RUNNING HANDLER [haproxy : Waiting for virtual IP to appear] **********************************************************  
fatal: [testcloudcontrol01]: FAILED! => {"changed": false, "elapsed": 300, "msg": "Timeout when waiting for 10.52.41.98:3306"}  
fatal: [testcloudcontrol02]: FAILED! => {"changed": false, "elapsed": 300, "msg": "Timeout when waiting for 10.52.41.98:3306"}

The reason for the check to fail is that the kolla_internal_vip_address does not come up.

globals.yml

config_strategy: "COPY_ALWAYS"
kolla_base_distro: "ubuntu"
kolla_install_type: "binary"
openstack_release: "queens"
kolla_internal_vip_address: "10.52.41.98"
kolla_internal_fqdn: "testcloudapi.example.com"
kolla_external_vip_address: "{{ kolla_internal_vip_address }}"
kolla_external_fqdn: "{{ kolla_internal_fqdn }}"
network_interface: "ens160"
api_interface: "ens160"
storage_interface: "ens161"
keepalived_virtual_router_id: "148"

I'm currently fixed on queens because I want to replicate our production environment for testing.

The output of ip addr on one of the nodes where haproxy is supposed to deploy:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a1:6a:2c brd ff:ff:ff:ff:ff:ff
    inet 10.52.41.100/24 brd 10.52.41.255 scope global ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea1:6a2c/64 scope link
       valid_lft forever preferred_lft forever
3: ens161: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a1:7d:07 brd ff:ff:ff:ff:ff:ff
    inet 10.52.42.100/24 brd 10.52.42.255 scope global ens161
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea1:7d07/64 scope link
       valid_lft forever preferred_lft forever
4: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a1:23:6e brd ff:ff:ff:ff:ff:ff
    inet 10.52.40.100/24 brd 10.52.40.255 scope global ens224
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea1:236e/64 scope link
       valid_lft forever preferred_lft forever
5: ens256: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:a1:20:12 brd ff:ff:ff:ff:ff:ff
    inet 10.52.44.100/24 brd 10.52.44.255 scope global ens256
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea1:2012/64 scope link
       valid_lft forever preferred_lft forever
6: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:b0:8a:93:e7 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 scope global docker0
       valid_lft forever preferred_lft forever

The nodes are VMware virtual machines with VMXNet3 nics.

Output of docker logs keepalived:

+ sudo -E kolla_set_configs
INFO:__main__:Loading config file at /var/lib/kolla/config_files/config.json
INFO:__main__:Validating config file
INFO:__main__:Kolla config strategy set to: COPY_ALWAYS
INFO:__main__:Copying service configuration files
INFO:__main__:Deleting /etc/keepalived/keepalived.conf
INFO:__main__:Copying /var/lib/kolla/config_files/keepalived.conf to /etc/keepalived/keepalived.conf
INFO:__main__:Setting permission for /etc/keepalived/keepalived.conf
INFO:__main__:Writing out command to execute
++ cat /run_command
+ CMD='/usr/sbin/keepalived -nld -p /run/keepalived.pid'
+ ARGS=
+ [[ ! -n '' ]]
+ . kolla_extend_start
++ modprobe ip_vs
++ '[' -f /run/keepalived.pid ']'
+ echo 'Running command: '\''/usr/sbin/keepalived -nld -p /run/keepalived.pid'\'''
Running command: '/usr/sbin/keepalived -nld -p /run/keepalived.pid'
+ exec /usr/sbin/keepalived -nld -p /run/keepalived.pid
Thu Dec 13 12:10:26 2018: Starting Keepalived v1.3.9 (10/21,2017)
Thu Dec 13 12:10:26 2018: Opening file '/etc/keepalived/keepalived.conf'.
Thu Dec 13 12:10:26 2018: Starting Healthcheck child process, pid=11
Thu Dec 13 12:10:26 2018: Opening file '/etc/keepalived/keepalived.conf'.
Thu Dec 13 12:10:26 2018: Starting VRRP child process, pid=12
Thu Dec 13 12:10:26 2018: ------< Global definitions >------
Thu Dec 13 12:10:26 2018:  Router ID = testcloudcontrol01.example.com
Thu Dec 13 12:10:26 2018:  Default interface = eth0
Thu Dec 13 12:10:26 2018:  LVS flush = false
Thu Dec 13 12:10:26 2018:  VRRP IPv4 mcast group = 224.0.0.18
Thu Dec 13 12:10:26 2018:  VRRP IPv6 mcast group = ff02::12
Thu Dec 13 12:10:26 2018:  Gratuitous ARP delay = 5
Thu Dec 13 12:10:26 2018:  Gratuitous ARP repeat = 5
Thu Dec 13 12:10:26 2018:  Gratuitous ARP refresh timer = 0
Thu Dec 13 12:10:26 2018:  Gratuitous ARP refresh repeat = 1
Thu Dec 13 12:10:26 2018:  Gratuitous ARP lower priority delay = 4294
Thu Dec 13 12:10:26 2018:  Gratuitous ARP lower priority repeat = -1
Thu Dec 13 12:10:26 2018:  Send advert after receive lower priority advert = true
Thu Dec 13 12:10:26 2018:  Send advert after receive higher priority advert = false
Thu Dec 13 12:10:26 2018:  Gratuitous ARP interval = 0
Thu Dec 13 12:10:26 2018:  Gratuitous NA interval = 0
Thu Dec 13 12:10:26 2018:  VRRP default protocol version = 2
Thu Dec 13 12:10:26 2018:  Iptables input chain = INPUT
Thu Dec 13 12:10:26 2018:  Using ipsets = true
Thu Dec 13 12:10:26 2018:  ipset IPv4 address set = keepalived
Thu Dec 13 12:10:26 2018:  ipset IPv6 address set = keepalived6
Thu Dec 13 12:10:26 2018:  ipset IPv6 address,iface set = keepalived_if6
Thu Dec 13 12:10:26 2018:  VRRP check unicast_src = false
Thu Dec 13 12:10:26 2018:  VRRP skip check advert addresses = false
Thu Dec 13 12:10:26 2018:  VRRP strict mode = false
Thu Dec 13 12:10:26 2018:  VRRP process priority = 0
Thu Dec 13 12:10:26 2018:  VRRP don't swap = false
Thu Dec 13 12:10:26 2018:  Checker process priority = 0
Thu Dec 13 12:10:26 2018:  Checker don't swap = false
Thu Dec 13 12:10:26 2018:  SNMP keepalived disabled
Thu Dec 13 12:10:26 2018:  SNMP checker disabled
Thu Dec 13 12:10:26 2018:  SNMP RFCv2 disabled
Thu Dec 13 12:10:26 2018:  SNMP RFCv3 disabled
Thu Dec 13 12:10:26 2018:  SNMP traps disabled
Thu Dec 13 12:10:26 2018:  SNMP socket = default (unix:/var/agentx/master)
Thu Dec 13 12:10:26 2018:  Network namespace = (default)
Thu Dec 13 12:10:26 2018:  DBus disabled
Thu Dec 13 12:10:26 2018:  DBus service name = (null)
Thu Dec 13 12:10:26 2018:  Script security disabled
Thu Dec 13 12:10:26 2018:  Default script uid:gid 0:0
Thu Dec 13 12:10:26 2018: Registering Kernel netlink reflector
Thu Dec 13 12:10:26 2018: Registering Kernel netlink command channel
Thu Dec 13 12:10:26 2018: Registering gratuitous ARP shared channel
Thu Dec 13 12:10:26 2018: Opening file '/etc/keepalived/keepalived.conf'.
Thu Dec 13 12:10:26 2018: WARNING - default user 'keepalived_script' for script execution does not exist - please create.
Thu Dec 13 12:10:26 2018: Truncating auth_pass to 8 characters
Thu Dec 13 12:10:26 2018: SECURITY VIOLATION - scripts are being executed but script_security not enabled.
Thu Dec 13 12:10:26 2018: ------< Global definitions >------
Thu Dec 13 12:10:26 2018:  Router ID = testcloudcontrol01.example.com
Thu Dec 13 12:10:26 2018:  Default interface = eth0
Thu Dec 13 12:10:26 2018:  LVS flush = false
Thu Dec 13 12:10:26 2018:  VRRP IPv4 mcast group = 224.0.0.18
Thu Dec 13 12:10:26 2018:  VRRP IPv6 mcast group = ff02::12
Thu Dec 13 12:10:26 2018:  Gratuitous ARP delay = 5
Thu Dec 13 12:10:26 2018:  Gratuitous ARP repeat = 5
Thu Dec 13 12:10:26 2018:  Gratuitous ARP refresh timer = 0
Thu Dec 13 12:10:26 2018:  Gratuitous ARP refresh repeat = 1
Thu Dec 13 12:10:26 2018:  Gratuitous ARP lower priority delay = 5
Thu Dec 13 12:10:26 2018:  Gratuitous ARP lower priority repeat = 5
Thu Dec 13 12:10:26 2018:  Send advert after receive lower priority advert = true
Thu Dec 13 12:10:26 2018:  Send advert after receive higher priority advert = false
Thu Dec 13 12:10:26 2018:  Gratuitous ARP interval = 0
Thu Dec 13 12:10:26 2018:  Gratuitous NA interval = 0
Thu Dec 13 12:10:26 2018:  VRRP default protocol version = 2
Thu Dec 13 12:10:26 2018:  Iptables input chain = INPUT
Thu Dec 13 12:10:26 2018:  Using ipsets = false
Thu Dec 13 12:10:26 2018:  ipset IPv4 address set = keepalived
Thu Dec 13 12:10:26 2018:  ipset IPv6 address set = keepalived6
Thu Dec 13 12:10:26 2018:  ipset IPv6 address,iface set = keepalived_if6
Thu Dec 13 12:10:26 2018:  VRRP check unicast_src = false
Thu Dec 13 12:10:26 2018:  VRRP skip check advert addresses = false
Thu Dec 13 12:10:26 2018:  VRRP strict mode = false
Thu Dec 13 12:10:26 2018:  VRRP process priority = 0
Thu Dec 13 12:10:26 2018:  VRRP don't swap = false
Thu Dec 13 12:10:26 2018:  Checker process priority = 0
Thu Dec 13 12:10:26 2018:  Checker don't swap = false
Thu Dec 13 12:10:26 2018:  SNMP keepalived disabled
Thu Dec 13 12:10:26 2018:  SNMP checker disabled
Thu Dec 13 12:10:26 2018:  SNMP RFCv2 disabled
Thu Dec 13 12:10:26 2018:  SNMP RFCv3 disabled
Thu Dec 13 12:10:26 2018:  SNMP traps disabled
Thu Dec 13 12:10:26 2018:  SNMP socket = default (unix:/var/agentx/master)
Thu Dec 13 12:10:26 2018:  Network namespace = (default)
Thu Dec 13 12:10:26 2018:  DBus disabled
Thu Dec 13 12:10:26 2018:  DBus service name = (null)
Thu Dec 13 12:10:26 2018:  Script security disabled
Thu Dec 13 12:10:26 2018:  Default script uid:gid 0:0
Thu Dec 13 12:10:26 2018: ------< VRRP Topology >------
Thu Dec 13 12:10:26 2018:  VRRP Instance = kolla_internal_vip_148
Thu Dec 13 12:10:26 2018:    Using VRRPv2
Thu Dec 13 12:10:26 2018:    Want State = BACKUP
Thu Dec 13 12:10:26 2018:    Running on device = ens160
Thu Dec 13 12:10:26 2018:    Skip checking advert IP addresses = no
Thu Dec 13 12:10:26 2018:    Enforcing strict VRRP compliance = no
Thu Dec 13 12:10:26 2018:    Using src_ip = 10.52.41.100
Thu Dec 13 12:10:26 2018:    Gratuitous ARP delay = 5
Thu Dec 13 12:10:26 2018:    Gratuitous ARP repeat = 5
Thu Dec 13 12:10:26 2018:    Gratuitous ARP refresh timer = 0
Thu Dec 13 12:10:26 2018:    Gratuitous ARP refresh repeat = 1
Thu Dec 13 12:10:26 2018:    Gratuitous ARP lower priority delay = 5
Thu Dec 13 12:10:26 2018:    Gratuitous ARP lower priority repeat = 5
Thu Dec 13 12:10:26 2018:    Send advert after receive lower priority advert = true
Thu Dec 13 12:10:26 2018:    Send advert after receive higher priority advert = false
Thu Dec 13 12:10:26 2018:    Virtual Router ID = 148
Thu Dec 13 12:10:26 2018:    Priority = 1
Thu Dec 13 12:10:26 2018:    Advert interval = 1 sec
Thu Dec 13 12:10:26 2018:    Accept enabled
Thu Dec 13 12:10:26 2018:    Preempt disabled
Thu Dec 13 12:10:26 2018:    Promote_secondaries disabled
Thu Dec 13 12:10:26 2018:    Authentication type = SIMPLE_PASSWORD
Thu Dec 13 12:10:26 2018:    Password = 0RXbQYFF
Thu Dec 13 12:10:26 2018:    Tracked scripts = 1
Thu Dec 13 12:10:26 2018:      check_alive weight 0
Thu Dec 13 12:10:26 2018:    Virtual IP = 1
Thu Dec 13 12:10:26 2018:      10.52.41.98/32 dev ens160 scope global
Thu Dec 13 12:10:26 2018: ------< VRRP Scripts >------
Thu Dec 13 12:10:26 2018:  VRRP Script = check_alive
Thu Dec 13 12:10:26 2018:    Command = /check_alive.sh
Thu Dec 13 12:10:26 2018:    Interval = 2 sec
Thu Dec 13 12:10:26 2018:    Timeout = 0 sec
Thu Dec 13 12:10:26 2018:    Weight = 0
Thu Dec 13 12:10:26 2018:    Rise = 10
Thu Dec 13 12:10:26 2018:    Fall = 2
Thu Dec 13 12:10:26 2018:    Insecure = no
Thu Dec 13 12:10:26 2018:    Status = INIT
Thu Dec 13 12:10:26 2018:    Script uid:gid = 0:0
Thu Dec 13 12:10:26 2018: ------< NIC >------
Thu Dec 13 12:10:26 2018:  Name = lo
Thu Dec 13 12:10:26 2018:  index = 1
Thu Dec 13 12:10:26 2018:  IPv4 address = 127.0.0.1
Thu Dec 13 12:10:26 2018:  IPv6 address = ::
Thu Dec 13 12:10:26 2018:  is UP
Thu Dec 13 12:10:26 2018:  is RUNNING
Thu Dec 13 12:10:26 2018:  MTU = 65536
Thu Dec 13 12:10:26 2018:  HW Type = LOOPBACK
Thu Dec 13 12:10:26 2018: ------< NIC >------
Thu Dec 13 12:10:26 2018:  Name = ens160
Thu Dec 13 12:10:26 2018:  index = 2
Thu Dec 13 12:10:26 2018:  IPv4 address = 10.52.41.100
Thu Dec 13 12:10:26 2018:  IPv6 address = fe80::250:56ff:fea1:6a2c
Thu Dec 13 12:10:26 2018:  MAC = 00:50:56:a1:6a:2c
Thu Dec 13 12:10:26 2018:  is UP
Thu Dec 13 12:10:26 2018:  is RUNNING
Thu Dec 13 12:10:26 2018:  MTU = 1500
Thu Dec 13 12:10:26 2018:  HW Type = ETHERNET
Thu Dec 13 12:10:26 2018: ------< NIC >------
Thu Dec 13 12:10:26 2018:  Name = ens161
Thu Dec 13 12:10:26 2018:  index = 3
Thu Dec 13 12:10:26 2018:  IPv4 address = 10.52.42.100
Thu Dec 13 12:10:26 2018:  IPv6 address = fe80::250:56ff:fea1:7d07
Thu Dec 13 12:10:26 2018:  MAC = 00:50:56:a1:7d:07
Thu Dec 13 12:10:26 2018:  is UP
Thu Dec 13 12:10:26 2018:  is RUNNING
Thu Dec 13 12:10:26 2018:  MTU = 1500
Thu Dec 13 12:10:26 2018:  HW Type = ETHERNET
Thu Dec 13 12:10:26 2018: ------< NIC >------
Thu Dec 13 12:10:26 2018:  Name = ens224
Thu Dec 13 12:10:26 2018:  index = 4
Thu Dec 13 12:10:26 2018:  IPv4 address = 10.52.40.100
Thu Dec 13 12:10:26 2018:  IPv6 address = fe80::250:56ff:fea1:236e
Thu Dec 13 12:10:26 2018:  MAC = 00:50:56:a1:23:6e
Thu Dec 13 12:10:26 2018:  is UP
Thu Dec 13 12:10:26 2018:  is RUNNING
Thu Dec 13 12:10:26 2018:  MTU = 1500
Thu Dec 13 12:10:26 2018:  HW Type = ETHERNET
Thu Dec 13 12:10:26 2018: ------< NIC >------
Thu Dec 13 12:10:26 2018:  Name = ens256
Thu Dec 13 12:10:26 2018:  index = 5
Thu Dec 13 12:10:26 2018:  IPv4 address = 10.52.44.100
Thu Dec 13 12:10:26 2018:  IPv6 address = fe80::250:56ff:fea1:2012
Thu Dec 13 12:10:26 2018:  MAC = 00:50:56:a1:20:12
Thu Dec 13 12:10:26 2018:  is UP
Thu Dec 13 12:10:26 2018:  is RUNNING
Thu Dec 13 12:10:26 2018:  MTU = 1500
Thu Dec 13 12:10:26 2018:  HW Type = ETHERNET
Thu Dec 13 12:10:26 2018: ------< NIC >------
Thu Dec 13 12:10:26 2018:  Name = docker0
Thu Dec 13 12:10:26 2018:  index = 6
Thu Dec 13 12:10:26 2018:  IPv4 address = 172.17.0.1
Thu Dec 13 12:10:26 2018:  IPv6 address = ::
Thu Dec 13 12:10:26 2018:  MAC = 02:42:b0:8a:93:e7
Thu Dec 13 12:10:26 2018:  is UP
Thu Dec 13 12:10:26 2018:  MTU = 1500
Thu Dec 13 12:10:26 2018:  HW Type = ETHERNET
Thu Dec 13 12:10:26 2018: Using LinkWatch kernel netlink reflector...
Thu Dec 13 12:10:26 2018: VRRP_Instance(kolla_internal_vip_148) Entering BACKUP STATE
Thu Dec 13 12:10:26 2018: /check_alive.sh exited with status 1
Thu Dec 13 12:10:28 2018: /check_alive.sh exited with status 1
Thu Dec 13 12:10:30 2018: VRRP_Instance(kolla_internal_vip_148) Now in FAULT state
Thu Dec 13 12:10:30 2018: /check_alive.sh exited with status 1
Thu Dec 13 12:10:32 2018: /check_alive.sh exited with status 1
[message repeats until I stop the container]

That's it, both keepalived instances stay in the FAULT state, the IP address is not activated on any of the VMs.

I went through this question and the answer, even though I don't have the error messages in the log files:

• keepalived_virtual_router_id has been changed and is unique
• I ran kolla-genpwd again. I confirmed that keepalived_password is set in /etc/kolla/passwords.yml
• kolla_internal_vip_address is accessible from network_interface. The main IP on that interface is in the same network. I can manually set the additional IP address and it works.
• kolla-ansible prechecks passes
• selinux is not active on Ubuntu

On the hypervisor side I tried enabling Promiscuous mode for the port group of that interface. That didn't make a difference.

I'm using the following tasks in an ansible script that installs updates on various servers. These tasks are for CentOS machines:

- name: Check for outstanding reboot
  shell: needs-restarting > /dev/null || echo Reboot required
  when: ansible_distribution_major_version|int < 7
  register: result
- name: Check for outstanding reboot
  shell: needs-restarting -r > /dev/null || echo Reboot required
  when: ansible_distribution_major_version|int >= 7
  register: result
- name: Report reboot
  debug: msg="{{ result.stdout_lines }}"

The result:

TASK [Check for outstanding reboot] ***********************************************************************************
skipping: [host1]
skipping: [host2]
skipping: [host5]
changed: [host3]
changed: [host4]

TASK [Check for outstanding reboot] ***********************************************************************************
skipping: [host3]
skipping: [host4]
changed: [host2]
changed: [host1]
changed: [host5]

TASK [Report reboot] **************************************************************************************************
fatal: [host3]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'stdout_lines'\n\nThe error appears to have been in '/path/to/updates.yml': line 52, column 5, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n    register: result\n  - name: Report reboot\n    ^ here\n\nexception type: <class 'ansible.errors.AnsibleUndefinedVariable'>\nexception: 'dict object' has no attribute 'stdout_lines'"}
ok: [host1] => {
    "msg": [
        "Reboot required"
    ]
}
fatal: [host4]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'stdout_lines'\n\nThe error appears to have been in '/path/to/updates.yml': line 52, column 5, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n    register: result\n  - name: Report reboot\n    ^ here\n\nexception type: <class 'ansible.errors.AnsibleUndefinedVariable'>\nexception: 'dict object' has no attribute 'stdout_lines'"}
ok: [host2] => {
    "msg": [
        "Reboot required"
    ]
}
ok: [host5] => {
    "msg": [
        "Reboot required"
    ]
}
        to retry, use: --limit @/path/to/updates.retry

As you can see both check tasks store the result in a variable called "result", but only the variables for the hosts in the second task (with ansible_distribution_major_version|int >= 7) are filled, resulting in the error messages. It seems that the second check tasks unsets the results of the previous task.

Is it possible to keep the results of both tasks? Or do I have to copy the report task and add the version check to both? I'd rather have the report in one place.

Ansible version is 2.4.4.0

I've been using ansible scripts for some one shot tasks, for example doing a firstsetup after provisioning a VM.

I have a script that creates a temporary inventory file, uses it to run an ansible playbook and deletes the temporary file afterwards:

INVENTORY=$(mktemp /tmp/inst-inventory.XXXXXX)
echo "[$FLAVOR]" > $INVENTORY
echo "$HOSTNAME user_password='$USER_PASSWORD' admin_password='$ADMIN_PASSWORD'" >> $INVENTORY
ansible-playbook -i $INVENTORY `dirname $0`/firstsetup_$FLAVOR.yml --become
rm $INVENTORY

This worked perfectly, but since upgrading ansible from 2.4 to 2.5 the playbooks can't find variables defined in the group_vars directory anymore.

$ playbooks/firstsetup.sh HOSTNAME ubuntu
Password for localadmin: PASSWORD

Running ansible-playbook firstsetup_ubuntu.yml on HOSTNAME

PLAY [ubuntu] *********************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************
fatal: [HOSTNAME]: FAILED! => {"msg": "The field 'become_pass' has an invalid value, which includes an undefined variable. The error was: 'ubuntu_inisc_initialpass' is undefined"}
        to retry, use: --limit @/home/geschnei/playbooks/firstsetup_ubuntu.retry

PLAY RECAP ************************************************************************************************************
HOSTNAME                    : ok=0    changed=0    unreachable=0    failed=1

This undefined variable is defined in ~/.ansible/group_vars/ubuntu.yml and is found when I run the same playbook against a host that is listed in the regular inventory file.

The Roadmap for Ansible 2.5 lists:

Add option to set playbook dir for adhoc, inventory and console to allow for ‘relative path loading’

Which sounds like it could be related, but I am unable to find more specific information about it. The 2.5 Porting Guide doesn't mention anything about that either.

What do I have to configure so ansible-playbook finds the group_vars files again?

I have a simple Ansible playbook that I use to run updates on all the servers I manage:

- hosts: ubuntu
  tasks:
  - name: install all updates
    apt:
      upgrade: dist
      update_cache: yes
      autoremove: yes
      autoclean: yes
- hosts: centos
  tasks:
  - name: install all updates
    yum:
      name: '*'
      update_cache: yes
      state: latest
# use debug to show the output
    register: result
  - name: Show Output
    debug: msg="{{ result.stdout_lines }}"

Is there any way I can make Ansible to show me which packages get updated in the process? Neither the apt nor the yum module provide a an option for this.

Ansible version currently used is 2.4.

I'm trying to debug a timeout problem I have with Apache, for some months now.

The pattern looks like this:

On every first request of a new session (or after some time after the last request) the browser asks instantly for credentials, then sends the request with basic auth. Then the server waits exactly 1 minute before sending the result.

Subsequent requests are answered instantly, this only happens for requests after some time (couldn't pinpoint it exactly yet, between 5 and 15 minutes).

The fact that the wait time is reproducible exactly 60 seconds smells like a timeout to me. If I cancel the request and hit reload I get the requested URL instantly.

Since the password prompt appears instantly as well I can rule out a problem with the SSL handshake between client and server, or DNS problems on that leg. It doesn't matter if I request a PHP script or a blank text file, which rules a problem with scripts on the server out as well. I guess the result of the auth process is then cached for a while, so it isn't necessary for subsequent requests.

Note that the authentication always succeeds, so I can rule out a "the domain controller didn't answer" problem as well.

Apache 2.4 is running on Windows Server 2012 R2. It is configured for LDAP auth:

<Location />
    AuthType Basic
    AuthName "AD Login"
    AuthBasicProvider ldap
    LDAPReferrals Off
    #AuthLDAPUrl ldap://dc01.domain.de:3268/dc=ad,dc=domain,dc=de?sAMAccountName?sub?(objectClass=*)
    #AuthLDAPUrl ldap://ad.domain.de:389/dc=ad,dc=domain,dc=de?sAMAccountName?sub?(objectClass=*) STARTTLS
    AuthLDAPUrl ldap://ad.domain.de:389/dc=ad,dc=domain,dc=de?sAMAccountName?sub?(objectClass=*) TLS
    AuthLDAPBindDN "[email protected]"
    AuthLDAPBindPassword "secret"
    Require valid-user
    Require all denied
</Location>

As you can see I tried different connection types to the domain controllers, it doesn't really seem to matter which encryption method I use, or if I pass on encryption at all.

ad.domain.de resolves to multiple domain controllers, but the behavior is the same if I connect to a specific DC.

No entries in the error log on LogLevel info, I'm yet hesitant to increase it to debug, as I know from experience that I have trouble sifting through the generated debug information.

Is there anything I missed yet that I can use to debug the problem, or do I have to go through debug level logging?

I'm currently in the process of deploying VMware Integrated OpenStack for a testing installation which will move into production later.

In the current stage we have three ESXi hosts, more will be added later. I configured all three hosts into a single cluster, because I (apparently mis-)read the installation documentation that it is recommended to use three clusters, but possible to use a single cluster.

The cluster is currently running a vCenter instance and the VIO management vApp.

While deploying the OpenStack instance I am unable to select the cluster as a compute cluster, apparently because it is already in use as the management cluster.

So, it seems that I need:

• a management cluster with at least three hosts
• a compute cluster with at least one host

Is it possible to override these requirements for a testing environment?

This is my clients setup:

         Site A                                     Site B
     192.168.2.0/24                             192.168.0.0/24
Client A1 --|-- Server A                    Server B --|-- Client B1
            |   (192.168.2.2)           (192.168.0.2)  |
            |   (10.8.0.6)                 (10.8.0.1)  |
Client A2 --|-- Router A ---- Internet ---- Router B --|-- Client B2
            |   (192.168.2.1)         (192.168.0.254)  |
Client A3 --|                                          |-- Client B3

Server A connects to Server B via OpenVPN to connect both sites to each other. Server A and Server B were Windows Server 2003 and are now reinstalled with Windows 2012 R2. Now the routing, which used to work with the 2003 configuration doesn't work anymore.

I added the following routes on the Servers:

Server A: 192.168.0.0 mask 255.255.255.0 gw 10.8.0.1
Server B: 192.168.2.0 mask 255.255.255.0 gw 10.8.0.6

Routes pushed to the Clients via DHCP:

Clients A: 192.168.0.0 mask 255.255.255.0 gw 192.168.2.2
           default gw 192.168.2.1
Clients B: 192.168.2.0 mask 255.255.255.0 gw 192.168.0.2
           default gw 192.168.0.254

OpenVPN configuration on Server A (OpenVPN client)

client
dev tun
proto udp
remote dyndns.example.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert server-sb.crt
key server-sb.key
remote-cert-tls server
comp-lzo
verb 3

OpenVPN configuration on Server B (OpenVPN server)

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3

Pings:

• Server A -> 10.8.0.1 OK
• Server B -> 10.8.0.6 OK
• Server A -> 192.168.2.2 FAILS
• Server B -> 192.168.0.2 FAILS
• Any Device A -> Any Device B FAILS
• Any Device B -> Any Device A FAILS

Firewalls on all Windows-Machines were disabled during the tests. My diagnosis is that the VPN tunnel works, but the problem is either a setting in OpenVPN that prevents the routing, or something in my routing tables is off.

I'm pretty sure thats the same configuration as it was with windows 2003, where every device could reach every other device on both sites.

IPv4 forwarding and LAN routing is enabled in Routing and Remote Access.

Is it possible to localize a file that is overridden by a custom theme in ownCloud?

According to this issue in the bugtracker you can override theme files by just placing them in your own theme folder and editing them. In the case of the email templates, that are sent when you share a file with someone this looks like this:

print_unescaped($l->t("Hey there,\n\njust letting you know that %s shared %s with you.\nView it: %s\n\n", array($_['user_displayname'], $_['filename'], $_['link'])));

This relies on the localization feature, so when I change this text it will only be displayed in English, because the new text is not available in the language files.

I found localization files in <owncloud>/core/l10n/de_DE.php, which look like this:

$TRANSLATIONS = array(
"%s shared »%s« with you" => "%s hat »%s« mit Ihnen geteilt",
"Couldn't send mail to following users: %s " => "An folgende Benutzer konnte keine E-Mail gesendet werden: %s",
// ...
);

I assume that I could copy this file over to my theme directory too and add my translation for the new text, but that way I would lose future changes in the original localization file.

What I would like to have is the possibility to append (and ideally override) entries to the $TRANSLATIONS array in my theme directory.

The official documentation about theming is not up to date (it looks like it has been copied from the previous version without adapting it to changes) and does't cover localization at all. The documentation about translation is not helpful either.

I have a webserver that is completely locked down with Basic Auth

<Location />
    AuthType Basic
    # [...] rest of basic auth stuff
    require valid-user
    order deny,allow
    deny from all
    Satisfy any
</Location>

One subdirectory is accessible without auth:

<Location /public>
  allow from all
  Satisfy any
</Location>

This is working fine. Now I want to allow access without login to some scripts that are accessed with mod_rewrite:

RewriteRule ^phonebook/show/(.+)$ /quicksearchShow.php?uid=$1 [NC]
RewriteRule ^phonebook/(.+)$ /quicksearch.php?s=$1 [NC]
RewriteRule ^phonebook$ /quicksearch.php [NC]

Some ways I tried:

<Location ~ "/phonebook*">
    Allow from all
    Satisfy Any
</Location>

<Location /phonebook>
    Allow from all
    Satisfy Any
</Location>

<LocationMatch "^phonebook.*">
    Allow from all
    Satisfy Any
</LocationMatch>

None of these options work. I assume because /phonebook is not an actual directory on the server. So I tried some variants of the <Files> directives:

<FilesMatch "/quicksearch.*">
    Allow from all
    Satisfy Any
</FilesMatch>

<FilesMatch "^quicksearch.*">
    Allow from all
    Satisfy Any
</FilesMatch>

<Files "quicksearch.php">
    Allow from all
    Satisfy Any
</Files>

But no luck either.

So, how do I set options for a specific "virtual" directory that is mapped via mod_rewrite?

I replaced my aging fileserver with a new server running ESXi 5.1 and migrated my fileserver in a virtual machine running on it. Now I have the following problem with this VM:

• I'm getting the correct IP via DHCP (reservation via MAC address works)
• I cannot ping the gateway (10.0.0.1)
• I can ping the DHCP/DNS server (10.0.0.2)
• I can ping other machines on the network
• Pinging a host on the internet I can resolve it's IP address (due to the reachable DNS server), but cannot ping the resolved host

After changing the IP to a different, static IP I can ping the gateway as well as the internet.

I'm using a single subnet (10.0.0.0/24), the Routing table on the machine is correct.

The gateway is a Linksys E4200 router (with the original firmware).

TL;DR: How do I add a text (notice) to the content (not a header or global template) of every page?

(very) long question with background: I'm planning to migrate a MediaWiki over to another wiki. The content of the wiki has been migrated from an even older wiki before (where errors regarding formatting were generated), grown over time and is now outdated in large parts. That's why we want to start with a blank wiki and migrate the content manually, discarding and/or updating outdated pages.

To make this easier I want to add a textblock to the top of each existing page, specifically a template with a notice that this page hasn't been migrated or discarded yet and a category where all these pages are collected (e.g. category:migration_pending). Every user should then look through the pages he is responsible for, copy the content over to the new wiki and change the template to another one marking the page as migrated (category:migration_done) or discarded (category:migration_discarded). This way it should be possible to get a clean, up to date wiki without forgetting anything important.