Florian Heigl FlorianHeigl

## cim-re
#/bin/bash -eu

PHASE=init
# tba

PHASE=prep

zimbra_users=$( zmprov -l gaa | sort )

PHASE=run

## esxi-patching.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                FlorianHeigl
                / esxi-patching.md
            
            
              Last active Jun 19, 2022
            
              
                ESXi Updates via CLI/SSH/ansible
              
          
      View esxi-patching.md
  
      
    alle laufenden vms suspenden
https://gist.githubusercontent.com/jpluimers/44c54e680b5d2887e3a5/raw/98aad36cc84376a84b608eafc686873f0376e997/esxi-suspend-all-VMs.sh
gibt einige coredumps. das sind vermutlich wieder vms mit sonderzeichen o.ae. im namen
kommando fehlt

  
## dhcpd.conf
Relevant kea-dhcp4.conf items:
{ "subnet": "172.30.248.0/22",
"pools": [
{ "pool": "172.30.248.16 - 172.30.248.31", "client-class": "BOOTP" },
{ "pool": "172.30.248.32 - 172.30.248.63", "client-class": "DHCP" }
],
"option-data": [
{ "name": "domain-name-servers",
"data": "172.16.1.15, 172.16.1.20" },
{ "name": "domain-name", "data": "company.com" },

## cli_script
# 1. dsa host key muss vorhanden sein, sonst startet server nicht
# 2. dsa auth kann man abschalten, ausser firmware ist extra alt. FW <=5.5 kann kein RSA FW >=5.6 kann RSA.
# 3. secure mode disabled alle anderen Protokolle - auch snmp!
# 4. pubkey download ist nur via tftp server (nicht usb)
# 5. RO user fuer backup funktioniert nicht wegen Problem mit `enable` ohne PW in oxidized
# 6. PW muss man manuell eingeben
# 7. telnet bleibt hier so erreichbar! (block via ipmgr)


no ssh

## alcatel-test.py
#!/usr/bin/env python3
from textfsm_aos.parser import parse
import re

sample_data = """
Local Chassis ID 1 (Master)
  Model Name:                    OS6860E-24,
  Module Type:                   0x6062203,
  Description:                   Chassis,
  Part Number:                   903708-90,

## elastiflow-tagging.py
#!/usr/bin/env python

from elasticsearch import Elasticsearch
from elasticsearch_dsl import Search
from elasticsearch_dsl import query as q
from elasticsearch_dsl import Q
from elasticsearch_dsl.query import MultiMatch, Match
from elasticsearch_dsl import UpdateByQuery
import re, sys

## docker-compose.yml
---
version: '3'
services:
   checkmk:
     image: checkmk/check-mk-raw:2.0.0-latest
     ports:
       - "162:162/udp"
       - "514:514/udp"
       - "514:514/tcp"
       - "6557:6557/tcp"

## Import-NetboxVM.ps1
# Powershell refuses to connect to the Netbox API on our setup without this.
add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }

## docker-compose.yml
---
version: '3'
services:
   checkmk:
     image: checkmk/check-mk-raw:2.0.0-latest
     ports:
       - "162:162/udp"
       - "514:514/udp"
       - "514:514/tcp"
       - "6557:6557/tcp"

## gist:7940885367332d272b1139a88e369473
if ! type gawk >/dev/null ; then
    echo "script requires gawk, please install it via apt/similar"
fi

cd ~/var/pnp4nagios/perfdata || exit 1

# out
for X in */Interface_*_outnucast.rrd; do
    rrdtool fetch $X MAX -r 300 -s -1h | gawk -v x=$X '{printf(x",\t\t %s,%8.2f,%8.2f \n",strftime("%c",$1),$2,$3) }'
done  |\
	#/bin/bash -eu

	PHASE=init
	# tba

	PHASE=prep

	zimbra_users=$( zmprov -l gaa \| sort )

	PHASE=run
	Relevant kea-dhcp4.conf items:
	{ "subnet": "172.30.248.0/22",
	"pools": [
	{ "pool": "172.30.248.16 - 172.30.248.31", "client-class": "BOOTP" },
	{ "pool": "172.30.248.32 - 172.30.248.63", "client-class": "DHCP" }
	],
	"option-data": [
	{ "name": "domain-name-servers",
	"data": "172.16.1.15, 172.16.1.20" },
	{ "name": "domain-name", "data": "company.com" },
	# 1. dsa host key muss vorhanden sein, sonst startet server nicht
	# 2. dsa auth kann man abschalten, ausser firmware ist extra alt. FW <=5.5 kann kein RSA FW >=5.6 kann RSA.
	# 3. secure mode disabled alle anderen Protokolle - auch snmp!
	# 4. pubkey download ist nur via tftp server (nicht usb)
	# 5. RO user fuer backup funktioniert nicht wegen Problem mit `enable` ohne PW in oxidized
	# 6. PW muss man manuell eingeben
	# 7. telnet bleibt hier so erreichbar! (block via ipmgr)


	no ssh
	#!/usr/bin/env python3
	from textfsm_aos.parser import parse
	import re

	sample_data = """
	Local Chassis ID 1 (Master)
	Model Name: OS6860E-24,
	Module Type: 0x6062203,
	Description: Chassis,
	Part Number: 903708-90,
	#!/usr/bin/env python

	from elasticsearch import Elasticsearch
	from elasticsearch_dsl import Search
	from elasticsearch_dsl import query as q
	from elasticsearch_dsl import Q
	from elasticsearch_dsl.query import MultiMatch, Match
	from elasticsearch_dsl import UpdateByQuery
	import re, sys
	---
	version: '3'
	services:
	checkmk:
	image: checkmk/check-mk-raw:2.0.0-latest
	ports:
	- "162:162/udp"
	- "514:514/udp"
	- "514:514/tcp"
	- "6557:6557/tcp"
	# Powershell refuses to connect to the Netbox API on our setup without this.
	add-type @"
	using System.Net;
	using System.Security.Cryptography.X509Certificates;
	public class TrustAllCertsPolicy : ICertificatePolicy {
	public bool CheckValidationResult(
	ServicePoint srvPoint, X509Certificate certificate,
	WebRequest request, int certificateProblem) {
	return true;
	}
	if ! type gawk >/dev/null ; then
	echo "script requires gawk, please install it via apt/similar"
	fi

	cd ~/var/pnp4nagios/perfdata \|\| exit 1

	# out
	for X in /Interface__outnucast.rrd; do
	rrdtool fetch $X MAX -r 300 -s -1h \| gawk -v x=$X '{printf(x",\t\t %s,%8.2f,%8.2f \n",strftime("%c",$1),$2,$3) }'
	done \|\