PeteNetLive https://www.petenetlive.com Technology that 'Just Works' Fri, 25 Sep 2020 13:16:57 +0000 en-GB hourly 1 https://wordpress.org/?v=5.5.1 Windows Server 2019 (&2016): Enable Flash https://www.petenetlive.com/kb/article/0001484 https://www.petenetlive.com/kb/article/0001484#respond Thu, 24 Sep 2020 11:20:29 +0000 https://www.petenetlive.com/?p=10807 KB ID 0001484 Problem Back in server 2012 this was an easy fix; Windows Server 2012 – Enable Flash However try and do that on Server 2019 or 2016 and this happens; Solution Note: You need Server Datacenter version to do this. If you o to the flash website and it (wrongly,) thinks you are […]

The post Windows Server 2019 (&2016): Enable Flash first appeared on PeteNetLive.

]]>
KB ID 0001484

Problem

Back in server 2012 this was an easy fix;

Windows Server 2012 – Enable Flash

However try and do that on Server 2019 or 2016 and this happens;

Windows PowerShell Copyright (C) 2016 Microsoft Corporation. All rights reserved.

PS C:\Users\administrator.PNL> Install-WindowsFeature Desktop-Experience

Install-WindowsFeature : ArgumentNotValid: The role, role service, or feature name is not valid: ‘Desktop-Experience’. The name was not found. At line:1 char:1 + Install-WindowsFeature Desktop-Experience + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (Desktop-Experience:String) [Install-WindowsFeature], Exception + FullyQualifiedErrorId : NameDoesNotExist,Microsoft.Windows.ServerManager.Commands.AddWindowsFeatureCommand

Success Restart Needed Exit Code Feature Result ——- ————– ——— ————– False No InvalidArgs {}

PS C:\Users\administrator.PNL>

Solution

Note: You need Server Datacenter version to do this.

If you o to the flash website and it (wrongly,) thinks you are using Windows 10 (we it’s the same code, I’ll let them off,) and it also says “it’s already installed just enable it”, but it’s not there?

Flash Missing Server 2016

You need to install it with the following command;

Server 2019

dism /online /add-package /packagepath:”C:\Windows\servicing\Packages\Adobe-Flash-For-Windows-Package~31bf3856ad364e35~amd64~~10.0.17763.1.mum”

Install Flash on Server 2019

Server 2016

dism /online /add-package /packagepath:”C:\Windows\servicing\Packages\Adobe-Flash-For-Windows-Package~31bf3856ad364e35~amd64~~10.0.14393.0.mum”

Install Flash on server 2016

You will then need to reboot!

Post reboot, you will see Windows Server will now download updates for Flash, and it’s enabled.

Related Articles, References, Credits, or External Links

NA

The post Windows Server 2019 (&2016): Enable Flash first appeared on PeteNetLive.

]]>
https://www.petenetlive.com/kb/article/0001484/feed 0
Safari: Not Showing all Bookmarked Favourites https://www.petenetlive.com/kb/article/0001702 https://www.petenetlive.com/kb/article/0001702#respond Mon, 21 Sep 2020 08:45:37 +0000 https://www.petenetlive.com/?p=15729 KB ID 0001702 Problem Recently my Safari browser on my MacBook updated, somehow this managed to break Microsoft Edge, a reboot fixed that. The problem was, it was now only showing a ‘reduced‘ number of bookmarks from my favourites, (only 24 bookmarks) i.e. Even if I clicked in the navigation bar, (only 12 bookmarks) from […]

The post Safari: Not Showing all Bookmarked Favourites first appeared on PeteNetLive.

]]>
KB ID 0001702

Problem

Recently my Safari browser on my MacBook updated, somehow this managed to break Microsoft Edge, a reboot fixed that. The problem was, it was now only showing a ‘reduced‘ number of bookmarks from my favourites, (only 24 bookmarks) i.e.

Bookmarks Dissapeared Safari

Even if I clicked in the navigation bar, (only 12 bookmarks) from my favourites;

Safari not showing all bookmarks

 

Solution

A Google search didn’t turn up the answer, clicking on the setting logo on the home page didn’t offer any clues, neither could I find any settings in ‘Preferences’ that might have fixed it.

I found the answer quite by accident, there is an option to  ‘show more‘, but it’s hidden unless you hover over/near it. 

Safari show all bookmarks

And

Safari Show More Bookmarks

Everything is back where it belongs!

Related Articles, References, Credits, or External Links

NA

https://www.petenetlive.com/KB/Article/TechTerms#HERE!

The post Safari: Not Showing all Bookmarked Favourites first appeared on PeteNetLive.

]]>
https://www.petenetlive.com/kb/article/0001702/feed 0
Hard Drive Full? https://www.petenetlive.com/kb/article/0000012 Thu, 10 Sep 2020 09:30:44 +0000 http://www.petenetlive.com/hard-drive-filling-up-find-out-whats-hogging-your-hard-drive/ KB ID 0000012 Problem The fact that I’m going back to re-write article 0000012, should tell you this is an omnipresent problem! Either very suddenly, or slowly over time you have a drive or a volume that’s full to bursting point. These days with laptops which have smaller SSD drives it’s a common problem. I’ve […]

The post Hard Drive Full? first appeared on PeteNetLive.

]]>
KB ID 0000012

Problem

The fact that I’m going back to re-write article 0000012, should tell you this is an omnipresent problem! Either very suddenly, or slowly over time you have a drive or a volume that’s full to bursting point. These days with laptops which have smaller SSD drives it’s a common problem.

I’ve seen literally hundreds of post in forums, most of them are answered with ‘Use WinDirStat’, or ‘Use TreeSize’. Techies seem to be a fan of one or the other, and stick with the tool that’s served them best.

What If There’s No Room To Install Either Of these?

Good point, then you can use PowerShell, I’ll cover that below also. Well I said everyone has a favourite solution, here’s mine,

WinDirStat

My weapon of choice, install it and give it the drive you want to analyse;

Hard Drive Full

When it’s finished, you will see something like this;

Hard Drive Filling up

So you get a graphical representation of the drive, and you can see TWO things straight away, firstly you can spot large files, click on them and it will tell you what they are. Secondly it groups ‘Types’ of files together, if you just look at folder sizes it can be misleading e.g. The ‘red’ files above are my MP3 Collection, I know that folder is massive and I expect it to have a lot of stuff in it. But in some cases this is great! e.g. If your IIS server is churning out logs and theres a folder with millions of them in it, you will spot it straight away.

Why Do I Prefer This? I prefer the graphical front end, I can send a screen shot to client, and they understand what’s happening, and it’s always been free. (There is a free version of TreeSize in fairness). I just like this one.

TreeSize

Once you’ve installed simply select the drive in question,

You can then drill down folders which are sized based on usage. One thing I do like about TreeSize is, it knows the difference between file size and actual size, and you can swap views accordingly. But I’ve included it here so every-time I post this article link in a forum, you can see both and make your own mind up.

PowerShell

This is really a PowerShell version of using the same approach TreeSize uses. You need a PowerShell plugin called PSFolderSize, then simply navigate to the the drive in question and run Get-FolderSize.

Install-Module PSFoldersize
cd {Drive-Letter}:
Get-FolderSize

PowerShell Hard Drive Full

You can then drill down {cd folder-name} one at a time repeating the same command.

PowerShell Diagnose Hard Drive Full

 

Related Articles, References, Credits, or External Links

NA

The post Hard Drive Full? first appeared on PeteNetLive.

]]>
AnyConnect: ‘Quick and Dirty’ Duo 2FA https://www.petenetlive.com/kb/article/0001701 https://www.petenetlive.com/kb/article/0001701#respond Tue, 01 Sep 2020 07:30:59 +0000 https://www.petenetlive.com/?p=15709 KB ID 0001701 Problem Normally if I were deploying Duo 2FA with AnyConnect I’d deploy a Cisco RADIUS VPN on my LAN, (usually on my Duo Authentication Proxy). See the following article; AnyConnect: Enable Duo 2Factor Authentication However, last time I set this up, a colleague said ‘Oh by the way, you don’t need to […]

The post AnyConnect: 'Quick and Dirty' Duo 2FA first appeared on PeteNetLive.

]]>
KB ID 0001701

Problem

Normally if I were deploying Duo 2FA with AnyConnect I’d deploy a Cisco RADIUS VPN on my LAN, (usually on my Duo Authentication Proxy). See the following article;

AnyConnect: Enable Duo 2Factor Authentication

However, last time I set this up, a colleague said ‘Oh by the way, you don’t need to do that, you can just point the firewall directly at Duo‘. I was initially skeptical but I tried it, and it worked. I thought no more about it until this week when another colleague asked me to help him setup Duo for AnyConnect.

As you can see the firewall queries Duo using LDAPS, but the Duo product I’m using is called ‘Cisco RADIUS VPN’. This makes my networking OCD itch tremendously! (RADIUS and LDAPS are completely different protocols!) But it works, so here we go.

Solution

Note: For this solution you don’t even need to sync your users to Duo, (but it’s OK if you do)! As long as the users exist there.

With Duo, you need to select ‘protect an application‘ and select ‘Cisco RADIUS VPN‘. If you are unfamiliar with Duo you need to take a copy of the Integration Key, the Secret Key and the API Hostname. (Note: Don’t try using these ones, they have been changed!)

On the Firewall > Configuration > Device Management > Users/AAA > AAA Server Groups > AAA Server Groups > Add > Call it ‘DUO-EXTERNAL’ > Select LDAPS > OK.

With your DUO-EXTERNAL group selected > In the bottom window > Add.

  • Interface Name: {Your outside interface name}
  • Servername: {Your Duo API Hostname}
  • Timeout: 60 
  • Enable LDAP over SSL: Enabled
  • BaseDN: dc={Your Integration Key},dc=duosecurity,dc=com
  • Naming Attribute: cn
  • Login DN: dc={Your Integration Key},dc=duosecurity,dc=com
  • Login Password: {Your Secret Key}

OK > Apply.

TO TEST: Press Test > Select Authentication > Use the username displayed in Duo > Type push into the password box, and your phone should then prompt for 2fa authentication. (If it fails: Make sure the time is correct on the ASA, and at least do some debugging before posting below!)

Now either create a new AnyConnect profile, and use this new AAA method, or simply change the AAA method for an existing AnyConnect profile, (like below).

A word of warning, when I did this, (both in production and on my test ASA,) I got a strange error, I’ve documented that and the fix, below.

AnyConnect: Unauthorized Connection Mechanism

Related Articles, References, Credits, or External Links

NA

The post AnyConnect: 'Quick and Dirty' Duo 2FA first appeared on PeteNetLive.

]]>
https://www.petenetlive.com/kb/article/0001701/feed 0
F5: Static Load Balancing (Ratios) https://www.petenetlive.com/kb/article/0001700 https://www.petenetlive.com/kb/article/0001700#respond Tue, 01 Sep 2020 07:27:02 +0000 https://www.petenetlive.com/?p=15701 KB ID 0001700 Problem In the previous post, we deployed a web load balanced solution with three web servers. Out of the box the BIG-IP solution will use Round Robin load balancing and it will treat all Nodes or Pool Members the same, (it assigns a RATIO OF 1). Everything gets weighted the same, and […]

The post F5: Static Load Balancing (Ratios) first appeared on PeteNetLive.

]]>
KB ID 0001700

Problem

In the previous post, we deployed a web load balanced solution with three web servers. Out of the box the BIG-IP solution will use Round Robin load balancing and it will treat all Nodes or Pool Members the same, (it assigns a RATIO OF 1).

F5- Node Ratio All 1

Everything gets weighted the same, and the F5 will send requests to the Nodes or Pool members one at a time.

F5- Node Ratio Equal

But what if one of those web servers was a beast of a machine, with much better CPU/RAM than all the others? How do you ensure that gets sent the ‘Lions share’ of the traffic?

Solution

Well you can simply alter the Ratio for that server, you can do that directly on the Node, or you can do it within the Pool on a Pool Member. (That’s why you can see 6 ratios in the examples I’ve posted).

What if I change the Ratios on Nodes AND Pool Members: You can do that, but the load balancing method uses one or the other. So they wont conflict.

So let’s say 10.2.0.11 is a brand new server and has ten times the processing power of the other two nodes like so;

F5- Node Ratio Uneven

Local Traffic > Nodes > Select the node in question > Change the Ratio accordingly > Update.

F5- Change Node Ratio

Nothing will happen until you change the load balancing method of the Pool. On the properties of the Pool, change the Load Balancing Method to Ratio (node) > Update.

F5 Change Pool Load Balance

If you reset the counters and wait a while, you can see now that the server is getting (more or less*) 10 times the amount of traffic.

*Note: The maths will never be perfect, and my web pages are all ‘very slightly’ different, which is amplified over time.

F5 Change Pool Ratio Testing

Changing F5 Pool Member Ratios

The process is similar, (if you are following along, you might want to change your Node value back to ‘1, not that it will affect anything, it’s just if you are like me you will forget!) So now let’s say we’ve got a new server and its 10.2.0.13, and we want to change the ratio on the Pool Member like so;

F5- Pool Member Ratio Uneven

Open the Pool > Select the Node from here.

F5- Change Pool Member Ratio

Change there ratio here > Update.

F5- Change Pool Member Ratio

Now change the Load Balancing Method to Node (member) > Update  >Note: Here, ratios are shown on the Pool page.

F5- Change Pool Balance Ratio

Reset your counters, and wait a while, you will see the other server is now getting most of the traffic.

F5- Change Pool Balance Ratio

In large production environments, you will probably want to use Dynamic Load Balancing methods, so I’ll look at those next.

Related Articles, References, Credits, or External Links

NA

The post F5: Static Load Balancing (Ratios) first appeared on PeteNetLive.

]]>
https://www.petenetlive.com/kb/article/0001700/feed 0
AnyConnect: Unauthorized Connection Mechanism https://www.petenetlive.com/kb/article/0001699 https://www.petenetlive.com/kb/article/0001699#respond Thu, 27 Aug 2020 17:04:10 +0000 https://www.petenetlive.com/?p=15666 KB ID 0001699 Problem I was assisting a colleague to setup some AnyConnect for a client this afternoon, when all of a sudden I was met with this; VPN Logon denied, unauthorised connection mechanism, contact your administrator Solution This was a confusing one, I replicated the problem on my own test firewall. All I had […]

The post AnyConnect: Unauthorized Connection Mechanism first appeared on PeteNetLive.

]]>
KB ID 0001699

Problem

I was assisting a colleague to setup some AnyConnect for a client this afternoon, when all of a sudden I was met with this;

VPN

Logon denied, unauthorised connection mechanism, contact your administrator

Solution

This was a confusing one, I replicated the problem on my own test firewall. All I had done was change the AAA method from LOCAL to LDAP? It took me a while to figure out what was going on?

The reason why this is happening is because the GROUP POLICY your AnyConnect PROFILE is using does not have SSL enabled. (This makes no sense as it was working with LOCAL authentication, but this is how I fixed it).

You will be either using a specific group policy or the DfltGrpPolicy

IF USING THE DEFAULT GROUP POLICY
Petes-ASA(config)# group-policy DfltGrpPolicy attributes
Petes-ASA(config-group-policy)# vpn-tunnel-protocol ssl-client ssl-clientless

IF USING A SPECIFIC GROUP POLICY (Remember to include any, that already exist! e.g. l2tp-ipsec)

Petes-ASA(config)# group-policy PNL-GP-ANYCONNECT-ACCESS attributes
Petes-ASA(config-group-policy)# vpn-tunnel-protocol ssl-client ssl-clientless l2tp-ipsec 

Or, if you really HAVE TO use the ASDM.

Configuration > RemoteAccess VPN > Network (Client) Access > Group Policies > Select the Group Policy you are using > Edit.

General > More Options > Tick the SSL Options > OK > Apply.

Don’t forget to save your changes! Then try connecting again.

Related Articles, References, Credits, or External Links

NA

The post AnyConnect: Unauthorized Connection Mechanism first appeared on PeteNetLive.

]]>
https://www.petenetlive.com/kb/article/0001699/feed 0
F5: Setup Basic Web Load Balancing https://www.petenetlive.com/kb/article/0001698 https://www.petenetlive.com/kb/article/0001698#respond Thu, 27 Aug 2020 16:49:36 +0000 https://www.petenetlive.com/?p=15654 KB ID 0001698 Problem In past articles I’ve got my F5 BIG IP appliance up and running, and I’ve built some web servers to test load balancing. Now to actually connect things together and start testing things. Below is my lab setup, I will be deploying simple web load balancing (Static: Round Robin) between three […]

The post F5: Setup Basic Web Load Balancing first appeared on PeteNetLive.

]]>
KB ID 0001698

Problem

In past articles I’ve got my F5 BIG IP appliance up and running, and I’ve built some web servers to test load balancing. Now to actually connect things together and start testing things. Below is my lab setup, I will be deploying simple web load balancing (Static: Round Robin) between three web servers, each serving a simple HTTP web site.

F5 Lab Topology web load balance

Test F5 to Web Server Connectivity

For obvious reasons the F5 needs to be able to speak to the web servers, so it needs to be on the same network/VLAN and have connectivity. To test that we can log onto the the F5 console directly, and ‘ping’ the web servers.

F5 Ping Web Server

So connectivity is good, let’s make sure we can actually see the web content on those boxes, the best tool for that is to use curl, which will make a web request, and the wen server ‘should’ return some HTML.

curl http://10.2.0.11

F5 BIG-IP Load Balancing Terminology

Yeah I said ‘load balancing‘ and not ADC sue me! There are a number of building blocks that F5 uses, and you need to understand the terminology to put things together, firstly lets look at things BEHIND the F5 appliance;

F5 Nodes Pools and Pool Members

  • Node: An actual machine/appliance, (be that physical or virtual.) That provides some sort of service or a collections of services e.g. a web server, telnet server, FTP site etc.
  • Pool Member: Is a combination of a Node AND a Port/Service, e.g. 192.168.1.100:80 (IP address and TCP port 80 (or HTTP)).
  • Pool: A Logical collection on Pool Members, that provide the same service e.g a collection of pool members offering a website on TCP port 80.

F5 BIG-IP Adding Nodes

While connected to the web management portal > Local Traffic > Nodes > Create (Note: You can also press the green ‘add’ button on the Node pop-out on newer versions).

F5 Add Nodes

Specify a name > Description (optional) > IP address (or FQDN) > ‘Repeat‘ > Continue to add Nodes as required, then click ‘Finished‘.

F5 Add Nodes

F5 BIG-IP Adding Pools

Now we have our Nodes, We need to create a Pool. Local Traffic > Pools > Create, (again on newer versions theres a green add button on the pop-out).

F5 Add Pool

Add a Name > Description (Optional) > Add an applicable Health Monitor (in our case http) > Select the ‘Node List’ radio button > Select your first Node > Set the Port/Service  > Add  > Continue to Add the remaining Nodes.

Note: Here is where you add the IPs to the Port/Service and create the Pool Members.

F5 Add Web server to Pool

Sorry! Busy Screenshot

When all the Nodes are added > ‘Finished‘.

F5 Web Farm

Your web pool ‘should‘ show healthy, Note: that does not mean ALL the nodes are online!

F5 Healthy Web Pool

To make sure ‘all’ the Nodes are healthy > Go to the Members Tab.

F5 Pool Members Health

F5 BIG-IP Virtual Servers

I’m not a fan of using this term ‘Virtual Server‘ I prefer Virtual IP (or VIP,) but we are where we are! Above we’ve looked at things BEHIND the F5, now we need to present those services IN FRONT of the F5 (Note: I don’t say publicly, because we deploy plenty of BIIG-IP solutions inside  networks). So a Virtual Server is the outside IP address or FQDN of that a ‘consumer’ will connect to;

F5 Virtual Server

Local Traffic > Virtual Servers > Create.

F5 LTM Virtual Server

Supply a name > Description (optional)  > Destination Address (the ‘available outside’) IP address > Set the service/port > Scroll down to the bottom.

F5 LTM Virtual Server Address VIP

Set the ‘Default Pool’ to the pool you created (above) > ‘Finished‘.

F5 LTM Virtual Server Address Pool

For a brief overview or check what you have created  > Click Local Traffic > Network Map Note: This will look different on older versions of the F5.

F5 LTM Network Map

Then test the service form the outside, here each web server serves a different colour page so I can test it’s working properly.

My Web Page Does Not Change? If you keep seeing the same colour/page then it’s probably because you chose browser is ‘caching’ web content on your test machine, you may need to disable caching on your chosen web browser, for an accurate test.

F5 Test Load Balancing

So that’s Static Round Robin (Equal Ratio) Based Load Balancing. In the next article I’ll look at how you can manipulate the ratios, to better serve your hardware, and requirements.

Related Articles, References, Credits, or External Links

NA

The post F5: Setup Basic Web Load Balancing first appeared on PeteNetLive.

]]>
https://www.petenetlive.com/kb/article/0001698/feed 0
EVE-NG Deploying F5 BIG-IP https://www.petenetlive.com/kb/article/0001696 https://www.petenetlive.com/kb/article/0001696#respond Mon, 24 Aug 2020 13:14:29 +0000 https://www.petenetlive.com/?p=15621 KB ID 0001696 Problem I already had some F5 Images in my EVE-NG, but I wanted to run version 16.x. However, I didn’t think that was officially supported, so I thought I would try and get it running anyway! Solution Theres no need to scour the internet for ‘dodgy’ versions, F5 will quite happily give […]

The post EVE-NG Deploying F5 BIG-IP first appeared on PeteNetLive.

]]>
KB ID 0001696

Problem

I already had some F5 Images in my EVE-NG, but I wanted to run version 16.x. However, I didn’t think that was officially supported, so I thought I would try and get it running anyway!

Solution

Theres no need to scour the internet for ‘dodgy’ versions, F5 will quite happily give you the latest version, just sign up for a free account, and you can download the image. While you are there, you can apply for a trial licence, (or two if you want to test HA).

Important: I use FileZilla to upload images into EVE-NG, make sure your transfers are set for ‘binary’ I’ve seen this break things in the past, so mines already setup to use that by default;

Upload the image into EVE-NG, (I’ve shown the location, on the image below).

Upload BIG-IP to Eve-NG

Now, SSH into EVE-NG, extract/unzip the image, then copy/rename it to virtioa.qcow2, remove the ZIP file, and finally fix the permissions; (Change the values in bold (below) to match your version);

cd /opt/unetlab/addons/quemu/bigip-16.0/
unzip BIGIP-16.0.0-0.0.12.ALL.qcow2.zip
mv BIGIP-16.0.0-0.0.12.ALL.qcow2 virtioa.qcow2
rm BIGIP-16.0.0-0.0.12.ALL.qcow2.zip
/opt/unetlab/wrappers/unl_wrapper -a fixpermissions

Install F5 Big IP on EVE-NG

You can now add a BIG-IP LTM VE into your lab.

Deploy BIG-IP to Eve-NG

Select Version 16 > Scroll down.

Deploy F5 to Eve-NG

Change the Console to VNC > Save.

Deploy F5 to Eve-NG Console

Power it on.

F5 on Eve-NG

Log in, the DEFAULT USERNAMES AND PASSWORDS are;

Username: root Password:default

Username: admin Password: admin

You will be asked to change the passwords. (Note: The admin password may expire straight away so you will need to change it again when you log into the web console!)

F5 on Eve-NG default password

To ‘Get Access’ you will need to configure the Management Network on the F5, to do that run the config command.

F5 on Eve-NG Initial Setup

I don’t wish to insult your intelligence by walking though these steps, set an IP address and subnet mask on the management port.

F5 on Eve-NG MGMT Setup

In ‘Most” cases you wont want a default route on the management network, (normally that’s set on the ‘External‘ network).

F5 on Eve-NG No Default Route

Now browse to the appliance from a host on the management network, you will need to log on as the ‘admin‘ user, and (as I mentioned above), I needed to reset the password again!

F5 on Eve-NG Reset admin password

Now you can configure the appliance, when your trial licences, (unless you bought some lab licences,) come through.

F5 on Eve-NG Initial Setup

Related Articles, References, Credits, or External Links

NA

The post EVE-NG Deploying F5 BIG-IP first appeared on PeteNetLive.

]]>
https://www.petenetlive.com/kb/article/0001696/feed 0
TinyCore Linux: Build a ‘Persistent’ Web Server https://www.petenetlive.com/kb/article/0001697 https://www.petenetlive.com/kb/article/0001697#respond Mon, 24 Aug 2020 08:05:28 +0000 https://www.petenetlive.com/?p=15628 KB ID 0001697 Problem Recently I was building a lab for testing load balancing, and needed some web servers, I could have built three Windows servers, but I wanted to run them in EVE-NG, so they had to be as light as I could make them. I chose TinyCore Linux, (I know there are smaller […]

The post TinyCore Linux: Build a 'Persistent' Web Server first appeared on PeteNetLive.

]]>
KB ID 0001697

Problem

Recently I was building a lab for testing load balancing, and needed some web servers, I could have built three Windows servers, but I wanted to run them in EVE-NG, so they had to be as light as I could make them. I chose TinyCore Linux, (I know there are smaller options, but it’s light enough for me to run, and work with).

The problem occurs when you reboot the TinyCore host, it (by default) reverts back to its vanilla state, (that’s not strictly true, a couple of folders are persistent).

So I had to build a server that would let me SFTP some web content into it and allow me to reboot it without losing the web content, settings, and IP address.

Step 1: Configure TinyCore IP & Web Server

This is a two step procedure, firstly I’m going to give it a static IP.

sudo ifconfig eth0 192.168.100.110 netmask 255.255.255.0
sudo route add default gw 192.168.100.1

I don’t need DNS, if you do, then simply edit the resolve.conf file;

sudo vi /etc/resolv.conf
Add a value e.g.
Nameserver 8.8.8.8

If you are scared of  the VI editor see Using the VI Editor (For Windows Types)

To connect via SSH/SFTP you will need opnessh installing, and to run the website, we will use Busybox, to install those, do the following;

tce-load -wi busybox-httpd.tcz
tce-load -wi openssh

You will now need to set a password for the root account, (so you can log on and trasfer web files in!)

su
passwd
Type in, and confirm a new password!

Start the OpenSSH, and TFTP services;

cd /usr/local/etc/init.d/
./openssh start
cd /etc/init.d/services/
./tftpd start

Now create a basic web page, (index.html) which you can update later. Setup the website, then copy that file to a location that will be persistent (you will see why later).

cd /usr/local/httpd/bin
sudo ./busybox httpd -p 80 -h /usr/local/httpd/bin/
sudo vi index.html {ENTER SOME TEXT TO TEST, AND SAVE}
sudo mkdir /mnt/sda1/wwwsite/
sudo cp /usr/local/httpd/bin/index.html /mnt/sda1/wwwsite/index.html

At this point, (if you want) you can use your favourite SFTP client, (I recommend FileZilla or WinSCP) and copy in some live web content to /mnt/sda1/wwwsite/ But ensure the home/landing page is still index.html though!

Step 2: Make TinyCore Settings ‘Persistent’

There may be better ways to do this, this just worked for me, and made sense! There’s a shell script that is executed as the TinyCore machine boots (bootlocal.sh) so if you edit that file and put in the commands to configure the IP, copy the website files from the permanent mount folder, start the web server, then start SSH and TFTP, you end up with a server doing what you want, every time the server boots.

sudo vi /opt/bootlocal.sh

ADD THE FOLLOWING TO THE BOTTOM OF THE FILE;

sudo ifconfig eth0 192.168.100.110 netmask 255.255.255.0 
sudo route add default gw 192.168.100.1
cp /mnt/sda1/wwwsite/index.html /usr/local/httpd/bin/index.html
cd /usr/local/httpd/bin/
Sudo ./busybox httpd -p 80 -h /usr/local/httpd/bin/
cd /usr/local/etc/init.d/
./openssh start
cd /etc/init.d/services/
./tftpd start

Save and exit the file, then finally BACKUP THE CHANGES with the following command;

filetool.sh -b

Related Articles, References, Credits, or External Links

NA

The post TinyCore Linux: Build a 'Persistent' Web Server first appeared on PeteNetLive.

]]>
https://www.petenetlive.com/kb/article/0001697/feed 0
EVE-NG: Committing / Saving Qemu Virtual Machine Settings https://www.petenetlive.com/KB/Article/0001695 https://www.petenetlive.com/KB/Article/0001695#respond Thu, 20 Aug 2020 09:59:49 +0000 https://www.petenetlive.com/?p=15599 KB ID 0001695 Problem I’ve been working on a load balancing lab in EVE-NG this last week or so. I created some web servers (in TinyCore Linux,) to act as the web servers in that lab. (Essentially they serve a different colour web page so I can test the load balancing is working OK). Now […]

The post EVE-NG: Committing / Saving Qemu Virtual Machine Settings first appeared on PeteNetLive.

]]>
KB ID 0001695

Problem

I’ve been working on a load balancing lab in EVE-NG this last week or so. I created some web servers (in TinyCore Linux,) to act as the web servers in that lab. (Essentially they serve a different colour web page so I can test the load balancing is working OK).

Now I wanted to save the changes I made so that I could redeploy the configured servers to multiple labs. But when you deploy a qemu VM as a node in a lab, EVE-NG copies the VM to the lab, and the changes you make, only apply to the node, in the lab, in the pod, you are working on!

So I wanted to update the ‘Master‘ image in EVE-NG, with the one I configured. Here is how to do that;

Solution

Firstly you need to get your POD NUMBER, you can get that from the user management screen, below you can see my user, (you can see already logged on), is using pod number 1.

EVE-NG Pod Number

Now you need to get the LAB ID NUMBER. Open the lab > Shut down the machine that you want to save the changes from > Lab Details > Copy the lab ID number.

EVE-NG Lab Details

Lastly you need the NODE ID NUMBER. Either  select Nodes and take note of the number, or right click the node and the node ID is shown (in brackets).

EVE-NG Node Number

Armed with those three pieces of information, SSH into the EVE-NG host, and execute the following commands;

cd /opt/unetlab/tmp/POD-NUMBER/LAB-ID/NODE-ID/

for example;

cd /opt/unetlab/tmp/1/2277307f-b0bc-45a4-831f-a89a716b5841/3/

Now depending on the VM/Appliance in question, it may be called hda.qcow2, or virtioa.qcow2 (a quick ls command will tell you!) Take the name and commit the changes with the following command;

/opt/qemu/bin/qemu-img commit hda.qcow2

EVE-NG Commit VM Changes

Job done!

Yes but you wanted three different servers? Correct, I then copied the server (twice) edited the IP address, and the web page served on the two copies and committed the changes back to the original VMs!

Related Articles, References, Credits, or External Links

NA

The post EVE-NG: Committing / Saving Qemu Virtual Machine Settings first appeared on PeteNetLive.

]]>
https://www.petenetlive.com/KB/Article/0001695/feed 0