Best posts made by JaredBusch

Dell's OpenManage Server Administrator (OMSA) is a very useful tool to have setup on any Dell hardware. A little time on Google will result in a number of guides for this, but none of them were 100% clear on the process.

So, with a server under a Dell support contract I called support. They gave me the same instructions that I found previously. Really not a lot of help as you can see.

So I decided to make these instructions.

1. Download the most recent version of OMSA for your server model. I will be listed on the Dell support site under Systems Management.
   

2. The current version is 8.2
   

3. Once downloaded extract the files from the executable into a folder. I like 7zip for this.
   

4. Copy the extracted folders to a location accessible by the Hyper-V host. I just put it in a folder called OSMA on the C drive via admin share.
   

5. Log into the Hyper-V host, navigate to the sub directory cd \OMSA\windows\SystemsManagementx64
   

6. Run the installer msiexec /i sysmgmtx64.msi
   

7. Click yes to skip the prereq check.
   

8. Click next
   

9. Accept the license and click next again.
   

10. Ensure Typical is selected and click next.
    

11. Finally, click install and wait for it to finish.
    

12. Click Finish
    

13. Launch Powershell
    

14. Add a firewall rule to allow access to the OMSA Web GUI New-NetFirewallRule -Name Dell_OMSA -DisplayName "Dell OMSA" -Description "Dell OMSA Web Management" -Protocol TCP -Enabled True -Profile Any -Action Allow -LocalPort 1311
    

15. From your management PC, open a web browser to your Hyper-V server's IP on port 1311 and log in with domain admin credentials. https://hv01:1311
    

16. Handle anything not green
    

17. In this example, it is firmware.
    

Laughing at the birthday cookie that my sister got for her oldest.

A shit ton of new functionality announced this morning.

I like this new direction of individual tools that let you use the things you want.

SSL Monitor, new traceroute thing, ISP monitor.

Doesn't know the difference between a hub and switch

https://mangolassi.it/topic/14728/just-need-a-basic-switch-to-act-as-a-hub/

With the implosion of PBX in a Flash and Elastix, Sangoma stepped up publicly to reinforce their committment to opensource.

You can read their letter here, if you want.

The cool thing that was in that letter, for all of us wishing we could easily move to something more modern, is a new conversion tool called #Home2FreePBX.
http://wiki.freepbx.org/display/PPS/Elastix+and+PBXinaFlash+to+FreePBX+Distro+Conversion+Tool

I read these instructions completely and this is a freaking awesome tool. I wish they had made it a long time ago.

I will be implementing this soon on the two Elastix systems I have in production.

First, start with the Fedora 25 Netinstall ISO. That is a direct link to the ISO.
This is the download page.

Download the ISO and move it to your hypervisor ISO store.

Create a new VM and give it a single vCPU and say either half a gig or a gig of RAM. Connect it to your vSwitch and boot it up.

You will be greeted with this screen counting down from 60 seconds.

Arrow up to the first choice and hit enter. A few moments later you will be presented with the installation GUI. Select your language appropriately and click Continue.

Click on the installation destination

Wait for the screen to load and then click done. The single virtual disk you made will already be selected along with a default partitioning setup.

Now click on Network and hostname

Give your system a hostname and click the apply button to set it. Change your networking if desired (I generally use DHCP reservations so mostly leave this as DHCP). Then click Done

Click on Time & Date

Set your timezone as desired, then click the gear icon on the top right to setup NTP.

By default Fedora 25 only lists one time source.

I always use 3 at a minimum, so add two more. Click OK then Done

Now click on software selection. By default Fedora 25 selects Fedora Server Edition. I hate that. I want full control over what feature are going to be on every instance. I always want to start with the minimal experience.

When you click on the Minimal Install button, you will notice the add on list to the right will change.

The only add on I check is the Guest Agents, because I am always 100% of the time running this on a hypervisor.

Click done and you will be returned to the main setup screen. It should look like this. Now you click Begin Installation.
.

You will be given a screen to set a root password.

Click on it, and set a root password then click done.

I never add users at this point. I will do that later from SSH.
Wait for the install to finish and click Reboot.

While it is rebooting, make sure your hypervisor removes the ISO from the boot sequence. Hyper-V Server 2016 does not eject the ISO, but it does update the boot order when the VM is built as Generation 2. Your mileage may vary depending on the hypervisor.

Once rebooted, you will be greeted with the log in screen. Log in once as root and get the IP of the system with ip a sh then you can do everything else from SSH assuming that you have direct IP connectivity to the VM.

If you are running this under Hyper-V you will need to add the Hyper-V tools.
Log in as root and install them with dnf

dnf install -y hyperv-daemons

No, it is not worth it.

The answer is to get people to stop saving stuff local and then it all just goes away.

Tell people to buy a chromebook and a Dropbox subscription.

If you use UniFi hardware, then you need a UniFi controller. I highly recommend that you set one up on a cloud provider using a Debian 9.1 base. Ubiquiti builds on Ubuntu, but screw Ubuntu.

We use Debian because Ubiquiti has a repository for it. You can do it yourself on Fedora/RHEL but you will have to manually update.

Get Debian 9.1 installed however you desire. I have a guide here for setting up a minimal install.

Log into your console and switch to root.

su -

Install dirmngr

apt-get install dirmngr -y

Add the apt repo.

cat > /etc/apt/sources.list.d/100-ubnt.list << EOF
deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti
EOF

Add the Ubiquiti key (this is why dirmngr was needed)

apt-key adv --keyserver keyserver.ubuntu.com --recv 06E85760C0A52C50

Update apt

apt-get update

Install UniFi

apt-get install unifi -y

Setup DNS while it is installing, I like to use the unifi name as a subdomain.

Exit from root and then end your SSH session.

exit

Navigate to your URL on port 8080 or 8443
http://unifi.domain.com:8080 or https://unifi.domain.com:8443

Follow the wizard.

If you use Ubiquiti hardware outside of the UniFi line, then you are going to want to run their UNMS platform. I highly recommend that you set one up on a cloud provider using a Debian 9.1 base. Ubiquiti builds on Ubuntu, but screw Ubuntu.

Get Debian 9.1 installed however you desire. I have a guide here for setting up a minimal install.

First up, install curl and netcat

sudo apt-get install curl netcat -y

Then you download and execute the UNMS install script. It will download everything else and configure it all. Ubiquiti has chosen to use Docker for this.

curl -fsSL https://raw.githubusercontent.com/Ubiquiti-App/UNMS/master/install.sh > /tmp/unms_install.sh && sudo bash /tmp/unms_install.sh

Unless you like using self signed certs, get a FQDN setup for your system while it is installing. Something like unms.domain.com would be perfect.

When the install completes, you should see this.

Navigate to your FQDN and perform the setup, https://unms.jaredbusch.com for my demo system. If you navigate to the HTTP instance, it should redirect you to the HTTPS instance with a currently self signed certificate. Firefox puked on it, but Chrome worked. It will automatically attempt to setup a Let's Encrypt certificate.

And then you will be presented with the setup screen. Populate appropriately.

Setup email if you want.

Grab your code to put in your routers.

There you go.

This post belongs in my WTF thread

@dbeato said in What Is RAID 0? SAMIT Video:

Still people think that RAID 0 is redundancy because of the word "RAID". That is one of the problems with misconceptions.

No, people are just stupid.

@guyinpv said in Looking for some neat Server Build Projects:

Boss though it was useless to buy everyone a license, so I was only allowed to buy 5 licenses and other people in the building are using the same accounts, since they can be used on up to five devices.

Report it to MS. This is a license violation. Your boss told you to steal.

Just heard from the guy that writes the Backblaze stats will be posting a new one next Tuesday.

Something to look forward to!

So, you change a mail retention policy.
Then when people call saying where did my mail from January go..

You realize you accidentally applied it to the entire mailbox of the entire group/company/whatever.

How do you recover?

Remote Powershell of course.

If you are like me, and run Linux, install Powershell on your system first.
https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell-core-on-linux

Launch Powerhsell

[jbusch@dt-jared ~]$ pwsh
PowerShell 6.2.1
Copyright (c) Microsoft Corporation. All rights reserved.

Type 'help' to get help.

Get the credentials for your session

PS /home/jbusch> $O365Credential = Get-Credential

PowerShell credential request
Enter your credentials.
User: [email protected]
Password for user [email protected]:

Dump it all into a variable

PS /home/jbusch> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $O365Credential -Authentication Basic -AllowRedirection

Import it to your current session, this will take a moment

PS /home/jbusch> Import-PSSession -Session $Session
WARNING: The names of some imported commands from the module 'tmp_qiigu1uj.0n0' include unapproved verbs that might make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the Verbose parameter. For a list of approved verbs, type Get-Verb.                                                                                             ModuleType Version    Name                                ExportedCommands                                                        ---------- -------    ----                                ----------------                                                        
Script     1.0        tmp_qiigu1uj.0n0                    {Add-AvailabilityAddressSpace, Add-DistributionGroupMember, Add-Mailbo…

Now you can look at a single user to see what is out there.

PS /home/jbusch> Get-MailboxFolderStatistics -Identity someuser -FolderScope RecoverableItems | Format-Table Name,FolderPath,ItemsInFolder,FolderAndSubfolderSize                                                                                                                                                                                                                                      

Name              FolderPath         ItemsInFolder FolderAndSubfolderSize
----              ----------         ------------- ----------------------
Recoverable Items /Recoverable Items             0 2.29 GB (2,459,158,122 bytes)
Audits            /Audits                     1793 9.957 MB (10,440,238 bytes)
Calendar Logging  /Calendar Logging            355 1.383 MB (1,449,949 bytes)
Deletions         /Deletions                  9122 2.278 GB (2,446,420,366 bytes)
Purges            /Purges                      247 827.7 KB (847,569 bytes)
Versions          /Versions                      0 0 B (0 bytes)

I only cared about the Deletions folder, so I made this command to show them all

PS /home/jbusch> Get-Mailbox -RecipientTypeDetails UserMailbox -Filter {Alias -ne "adminuser"} | Get-MailboxFolderStatistics -FolderScope RecoverableItems | Where-Object -FilterScript {$_.Name -eq 'Deletions'} | Format-Table Identity,ItemsInFolder,FolderAndSubfolderSize

It resulted in this.

Identity          ItemsInFolder FolderAndSubfolderSize
--------          ------------- ----------------------
user_1\Deletions                1 59.01 KB (60,428 bytes)
user_2\Deletions            9122 2.278 GB (2,446,420,36…
user_3\Deletions               181 13.05 MB (13,684,452 b…
user_4\Deletions               36 2.437 MB (2,555,071 by…
user_5\Deletions             1286 134.8 MB (141,295,674 …
user_6\Deletions              22 1.333 MB (1,397,244 by…
user_7Deletions           9477 2.003 GB (2,151,109,20…
user_8\Deletions            3790 739.7 MB (775,651,062 …
.....
etc

Tweak the -Filter as desired.

Now you can recover things using whatever filter you need to be comfortable

Get-Mailbox -RecipientTypeDetails UserMailbox -Filter {Alias -ne "adminuser"} | Restore-RecoverableItems -SourceFolder RecoverableItems -NoOutput -ResultSize unlimited -MaxParallelSize 4

Fun Fact: I had to do this on Monday.

I've never installed FreePBX, from scratch, often enough, back to back, to actually script my process.

But today I decided to get off my ass and do a little more documentation. That turned in to me FFSing myself with "just fucking put it in a script Jared".

I put a new folder in my FreePBX helper scripts repo.
https://github.com/sorvani/freepbx-helper-scripts/tree/master/InitialSetup

I will turn the module deletion into a loop once I validate all the dependencies. I believe that the current order is correct though.

If I used SW helpdesk I would try this!

@scottalanmiller said in Just How Hard is University to Overcome:

So yes, you are reading that correctly. The average US high school grad who could have gone to university but chose to go into the workforce immediately rather than waiting to go to university first and invested the cost of university into an S&P 500 Index Fund instead of spending it on university would benefit to an order of $4.8M - $6M USD better than a counterpart that attended university.

Your problem here is assuming that people would invest that money.

Diet and exercise. Not even a really hard level of exercise. mostly portion control.

From 350lbs to 176lbs.

2005 out to dinner with friends at GenCon Indy

2007 at my wedding in Tokyo

So I decided to take a shot at setting up Let's Encrpyt on my NginX proxy that runs on CentOS 7. I am not sure how I want to handle the hand off between the proxy and the servers behind yet. Currently all the certificates are manually setup on both after they are generated. But that is for another day..

Important: You must turn off CloudFlare CDN functionality (make the cloud Grey instead of Orange) if you have the SSL features of CloudFlare enabled.

NginX is not fully supported for full automation at this time. That will be rectified soon and these directions will be outdated, but for now.

I started with the core instructions from here and also this [support thread]( yum install python python-devel python-pip python-setuptools python-tools python-virtualenv).

The first thing I noticed if that they tell you to just run the gitcommand. Well guess what, git is not part of CentOS 7 minimal.

The EPEL is also required, but I believe their core script checks for that. As I already had the EPEL enabled, it did nothing else. Additionally, there are Python tools missing in the dependency chain.

yum -y install git python-tools python-pip

Now on to the install. I do not want this in my home directory, so i first switched over to /etc.

cd /etc

Then I ran their git command to pull down the code.
git clone https://github.com/letsencrypt/letsencrypt

Change directories, and run the setup script.
cd letsencrypt
./letsencrypt-auto --help

With Let's Encrypt now installed, it is time to generate the certs.
Unfortunately, NginX is not currently (as of Dec 6, 2015) supported for automatic installation, though I am not sure if I will ever use the full automatic install because I rarely have a simple single vHost setup going.

The prefered method of install for Let's Encrypt seems to be the --standalone plugin over the --webroot plugin. The webroot solution looks like the better method, but I did not test it.

You have to stop NginX because the --standalone plugin will stand up its own temp webserver to answer the domain verification challenge.
systemctl stop nginx

Run Let's Encrypt to get the SSL certificates.

Note: The first time you execute Let's Encrypt it will interactively ask you for an email address and also to accept the ToS. You can include that information in the request with --email [email protected] and --agree-tos

./letsencrypt-auto certonly --standalone --email [email protected] --agree-tos -d jaredbusch.com -d www.jaredbusch.com

If you ever run this again, even for another domain on the same server, leave the email and ToS acceptance out of the script. Like this.

./letsencrypt-auto certonly --standalone -d jaredbusch.com -d www.jaredbusch.com

Assuming you did everything right, you should see this.

Updating letsencrypt and virtual environment dependencies.......
Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt certonly --standalone --email [email protected] --agree-tos -d jaredbusch.com -d www.jaredbusch.com

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/jaredbusch.com/fullchain.pem. Your cert will
   expire on 2016-03-06. To obtain a new version of the certificate in
   the future, simply run Let's Encrypt again.
 - If like Let's Encrypt, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Now start NginX back up because you do not need to keep your website down while you update the vHost files.
systemctl start nginx

You can see in the success message, that it told you where to find the certificate chain. It always save everything in a directory named after the first passed domain to the command. Check out what it does.
ls -l /etc/letsencrypt/live/jaredbusch.com

total 0
lrwxrwxrwx. 1 root root 34 Dec  7 00:29 cert.pem -> ../../archive/jaredbusch.com/cert1.pem
lrwxrwxrwx. 1 root root 35 Dec  7 00:29 chain.pem -> ../../archive/jaredbusch.com/chain1.pem
lrwxrwxrwx. 1 root root 39 Dec  7 00:29 fullchain.pem -> ../../archive/jaredbusch.com/fullchain1.pem
lrwxrwxrwx. 1 root root 37 Dec  7 00:29 privkey.pem -> ../../archive/jaredbusch.com/privkey1.pem

It symlinks everything so when you rerun this in 2 months to renew the certificates, you never have to edit your config files again. The renew process will create new files leaving the old ones in place.

Now you edit your NginX server (vHost) conf files. Mine exist in /etc/nginx/conf.d/
nano /etc/nginx/conf.d/jaredbusch.com.conf

My existing config just used a self signed cert and these two lines.

ssl_certificate /etc/ssl/cacert.pem;
ssl_certificate_key /etc/ssl/privkey.pem;

Those need updated to point to the new Let's Encrypt certificates. Additionally, with real certificates, I followed the other guide's suggestion and enabled a couple other SSL options.

    ssl_certificate /etc/letsencrypt/live/jaredbusch.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/jaredbusch.com/privkey.pem;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";

Save and close nano, then test the nginx config
nginx -t

If it is successful, restart NginX.
systemctl restart nginx

Load your page up and check your certificate.
https://i.imgur.com/wDzpfQF.jpg
https://i.imgur.com/m7SS42N.jpg
https://i.imgur.com/UBrkHyr.jpg

@Buildinglit said in Awesome new tool for checking if your building is lit with fiber or not:

@Jason Naw it's not for spamming. But good feedback that you were concerned for that.

Then remove the requirement for an email address.