Tuesday, November 14, 2017

One-Wire Temperature collection, publishing to EmonCMS using OmegaOnion

I needed a quick solution to log the temperature of my hot water cylinder at home, had an Omega Onion lying about so used that.

OmegaOnion
OmegaOnion EXP Dock
2 x DS18B20 Sensors, wired together with a 5K7 pull-up resistor

From a factory reset:


  • echo "w1-gpio-custom bus0=0,19,0" > /etc/modules.d/55-w1-gpio-custom
  • reboot
  • Find the names of the sensors, "ls /sys/devices/w1_bus_master1/
  • opkg install curl
  • opkg install nano
  • nano temp.sh
#!/bin/ash
temp1=$(awk -F= '/t=/ {printf "%.03f\n", $2/1000}' /sys/devices/w1_bus_master1/28-000006560975/w1_slave)
temp2=$(awk -F= '/t=/ {printf "%.03f\n", $2/1000}' /sys/devices/w1_bus_master1/28-0000065711e6/w1_slave)
curl --data "data={temp1:$temp1,temp2:$temp2}" "http://192.168.1.129/emoncms/input/post.json?node=55&apikey=xxxxxxxxxxxx"
printf "\n"$temp1"\t"$temp2

  • Then all you need is to create a cron job, crontab -e
*/5 * * * * /root/temp.sh >/dev/null

Sunday, November 12, 2017

SprinklePi


HL-58S V1.2

IO Ports


Pins

11
12
13
15
16
18
22
7

EFA TLS Cert with Intermediate

Export Cert from NAS

Edit /etc/postfix/ssl/rsa_smtpd.pem

Remove the current contents

Paste in your private key
Then your certificate
Then your chain
save file

restart postfix - service postfix restart

Sunday, August 27, 2017

ESXi 6.5 Install Realtek NIC Drivers

esxcfg-info | less -i

https://www.v-front.de/2015/03/vsphere-6-is-ga-ultimate-guide-to.html

Install Realtek R8168 drivers

# Lower the system's acceptance level to allow Community supported packages
esxcli software acceptance set --level=CommunitySupported
# open firewall for outgoing http requests:
esxcli network firewall ruleset set -e true -r httpClient
# Install e.g. net55-r8168 from the V-Front Online Depot
esxcli software vib install -d https://vibsdepot.v-front.de -n net55-r8168
# Reboot
reboot

Perl script to shutdown VM's on ESXi 6.5

I use this script to shutdown all my VM's when UPS battery is low, or when I need to do updates on my NAS'

#!/usr/bin/perl

# Get list of ALL VM's
# (\d{1,2})\s+([\w\d\-]+).*\n

$cmdvmlist = "vim-cmd vmsvc/getallvms";

# RegEX for running VM's
# ([\d]+\-[\w\d\s\.]+)\n\s+World ID:\s(\d+)

$cmdvmrunning = "esxcli vm process list";

$esxhost = "root\@192.168.1.26";

$vmlist = `ssh $esxhost $cmdvmlist`;

#print $vmlist;

# ([\d]+\-[\w\d\s\.]+)\n\s+World ID:\s(\d+)

my @shutdownorder;

$count=0;

print "VM Inventory on $esxhost\n";

while ($vmlist =~ /(\d{1,2})\s+([\w\d\-]+).*\n/g)
        {

        # Don't shutdown the VM running this script until last as it also controls APCUPSD

        if ($1 != 30)
                {
                $shutdownorder[$count] = $1;
                $shutdownordername[$count] = $2;
                $count++;
                }

        }

print "VMID\tName\n";

my $index;
for my $order (@shutdownorder) {
  print "$order \t $shutdownordername[$index++]\n";
}

# If shutdown argument is present, shutdown VM's

if ($ARGV[0] eq "shutdown")
        {
        open (my $fh, '>', "/tmp/esxhostscript");

        print "\nCreating Script for ESX Host\nUploading ";

        while (@shutdownorder)
                {
                $vm = shift(@shutdownorder);

                print $fh "vim-cmd vmsvc/power.shutdown $vm\n";
                }

        close $fh;

        # Copy script to ESX Host

        system("scp","/tmp/esxhostscript","root\@192.168.1.26:/tmp/esxhostscript");

        # Add Execute Permission

        system("ssh","root\@192.168.1.26","chmod +x /tmp/esxhostscript");

        # Execute Script

        system("ssh","root\@192.168.1.26","/tmp/esxhostscript");

        print "Waiting for VM's to shutdown\n";
        $timeout = 300;

        while (CheckRunning())
                {
                print "$timeout ";
                sleep 5;
                $timeout=$timeout-5;
                if ($timeout<=0){exit;}
                }
        print "\n\n";

        }

else
        {
        printf "shutdown argument not passed, no action taken\n"
        }


sub CheckRunning
        {

        $vmrun = `ssh $esxhost $cmdvmrunning`;

        while ($vmrun =~ /([\d]+\-[\w\d\s\.]+)\n\s+World ID:\s(\d+)/g)
                {

                if ($1 ne "0-Control")
                        {
                        return 1;
                        }
                }
        return 0;
        }

To start them backup I use the autostart script on the ESXi Host:

ssh root@192.168.1.26 /sbin/vmware-autostart.sh start


LetsEncrypt for EFA

Updating EFA Cert

On efa server chown -R billw:billw certs

On Ubuntu box

letsencrypt certonly --manual --preferred-challenges dns -d efa.wjw.nz

openssl x509 -outform der -in /etc/letsencrypt/live/efa.wjw.nz/cert.pem -out /etc/letsencrypt/live/efa.wjw.nz/localhost.crt
openssl rsa -outform der -in /etc/letsencrypt/live/efa.wjw.nz/privkey.pem -out /etc/letsencrypt/live/efa.wjw.nz/localhost.key
scp /etc/letsencrypt/live/efa.wjw.nz/cert.pem billw@192.168.1.46:/etc/pki/tls/certs/localhost.crt

Monday, July 3, 2017

landscape

apt-get install landscape-client

cd /etc/landscape

wget https://letsencrypt.org/certs/letsencryptauthorityx3.pem.txt

mv letsencryptauthorityx3.pem.txt letsencryptauthorityx3.pem

landscape-config --computer-title "TEMP" --account-name standalone  --url https://control.wjw.nz/message-system --ping-url https://control.wjw.nz/ping --ssl-public-key /etc/landscape/letsencryptauthorityx3.pem

Sunday, June 18, 2017

Let's Encrypt Cisco IOS

letsencrypt --manual --perferred-challenges dns certonly -d home-router.wjw.nz



openssl rsa -des -in /etc/letsencrypt/live/home-router.wjw.nz/privkey.pem -out /etc/letsencrypt/live/home-router.wjw.nz/privkey-enc.pem

cat /etc/letsencrypt/live/home-router.wjw.nz/privkey-enc.pem

openssl pkey -des -in /etc/letsencrypt/live/home-router.wjw.nz/privkey.pem -pubout /etc/letsencrypt/live/home-router.wjw.nz/pubkey.pem

crypto key import rsa home-router.wjw.nz.pem exportable pem encryption terminal @Password@

Paste the contents of public key pubkey.pem and type quit on a single line.
Paste the contents of the password protected private key privkey-enc.pem and type quit on a single line.
If the key is accepted, you should read

https://community.letsencrypt.org/t/tutorial-get-lets-encrypt-on-cisco-routers-switches/7139

Monday, June 5, 2017

Domain Suffix Search - Cisco Option 119

#!/usr/bin/python
import sys
hexlist = []
for domain in sys.argv[1:]:
    for part in domain.split("."):
        hexlist.append("%02x" % len(part))
        for c in part:
            hexlist.append(c.encode("hex"))
    hexlist.append("00")
print "".join([(".%s" % (x) if i and not i % 2 else x) \
    for i, x in enumerate(hexlist)])


root@control:/home/billw# ./ios-search.py wjw.local wjw.nz
0377.6a77.056c.6f63.616c.0003.776a.7702.6e7a.00


ip dhcp pool inside
 network 192.168.1.0 255.255.255.0
 update dns override
 dns-server 192.168.1.24 192.168.1.14 
 domain-name wjw.local
 default-router 192.168.1.1 
 option 119 hex 0377.6a77.056c.6f63.616c.0003.776a.7702.6e7a.00

Friday, June 2, 2017

FritzBox, SipGate, DTMF Tones

Edit Telephone Number
set DTMF Transmission to In-Band

Monday, May 29, 2017

TCL Script to ping subnet

foreach subnet {
1
41 } {
for {set i 1} {$i < 255} {incr i} {
ping 192.168.$subnet.$i re 2 ti 0
}
}


001d.46c2.70c0

tcl script for WakeonLAN - IOS 15

home# tclsh
home(tclsh)#

proc WakeOnLan {broadcastAddr macAddr} {
     set net [binary format H* [join [split $macAddr -:] ""]]
     set pkt [binary format c* {0xff 0xff 0xff 0xff 0xff 0xff}]

     for {set i 0} {$i < 16} {incr i} {
        append pkt $net
     }

     # Open UDP and Send the Magic Paket.
     set udpSock [udp_open]
     fconfigure $udpSock -translation binary \
          -remote [list $broadcastAddr 4580] \
          -broadcast 1
     puts $udpSock $pkt
     flush $udpSock;
     close $udpSock
}

home(tclsh)# WakeOnLan 255.255.255.255 000f13cd80a1

 00:11:32:39:87:25

00:11:32:38:E8:EF

Saturday, April 22, 2017

Using a Dynamic DNS hostname in an Access List on IOS

class-map type inspect match-any Internet_To_Trusted
 match access-group name Allowed-Traffic
 match access-group name IPv6-Allowed-Traffic
 match access-group name uk-nas
!
ip access-list extended uk-nas
 permit tcp host xxx.xxx.xxx.xxx any
!
kron occurrence day8am at 8:00 recurring
 policy-list policy-day8am
!
kron policy-list policy-day8am
 cli tclsh gethostip
!

#gethostip TCL Script on flash

tclsh
# Clear cached DNS Entry
exec clear host xxxxx.synology.me
# Remove ACL
ios_config "no ip access-list uk-nas"
# Add ACL - DNS Lookup will be done at this time.
ios_config "ip access-list extended uk-nas" "permit tcp host xxxxx.synology.me any"

Monday, April 10, 2017

mySQL Backup

nano /usr/local/bin/backup-mysql
#!/bin/bash


DB_BACKUP="/media/nas-backup/mx1.wjw.nz/mysql/`date +%Y-%m-%d`"
DB_USER="backup"
DB_PASSWD="asd"

# Create the backup directory
mkdir -p $DB_BACKUP

# Remove backups older than 10 days
# find /backups/mysql_backup/ -maxdepth 1 -type d -mtime +10 -exec rm -rf {} \;
 
# Backup each database on the system
for db in $(mysql --user=$DB_USER --password=$DB_PASSWD -e 'show databases' -s --skip-column-names|grep -viE '(staging|performance_schema|information_schema)');
do mysqldump --user=$DB_USER --password=$DB_PASSWD --events --opt --single-transaction $db | gzip > "$DB_BACKUP/mysqldump-$HN-$db-$(date +%Y-%m-%d).gz";   
done



chmod +x /usr/local/bin/backup-mysql mysql> grant select,show view, lock tables, event on *.* to 'backup'@localhost identified by 'xxxxxx';

Useful Links

https://www.exratione.com/2016/05/a-mailserver-on-ubuntu-16-04-postfix-dovecot-mysql/

https://webmail.wjw.nz/postfixadmin/list.php?table=admin

http://blog.programster.org/set-up-a-local-ubuntu-mirror-with-apt-mirror/

Friday, March 24, 2017

Autostart VM's from CLI

If VM's are configured Startup/shutdown on boot, you can start manually by running:

/sbin/vmware-autostart.sh start

on the command line.


Thursday, March 23, 2017

Login to Synology NAS with SSH Keys

On the host you want to be able to login from:

run "ssh-keygen -t rsa" make sure to have a blank passphrase

cat /root/.ssh/id_rsa.pub and save that info for later

On the Synology NAS

Edit /etc/ssh/sshd_config change

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

to this:

#RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

Add the necessary files, folders and permissions

mkdir /root/.ssh
touch /root/.ssh/authorized_keys
chmod 700 /root/.ssh
chmod 644 /root/.ssh/authorized_keys

Add your pub key to /root/.ssh/authorized_keys:

echo "ssh-rsa yourkey youruser@yourhost" >> /root/.ssh/authorized_keys

Done!

ESX VM and Host Shutdown Script

#!/usr/bin/perl

# Get list of ALL VM's
# (\d{1,2})\s+([\w\d\-]+).*\n

$cmdvmlist = "vim-cmd vmsvc/getallvms";

# RegEX for running VM's
# ([\d]+\-[\w\d\s\.]+)\n\s+World ID:\s(\d+)

$cmdvmrunning = "esxcli vm process list";

$esxhost = "root\@192.168.1.26";

$vmlist = `ssh $esxhost $cmdvmlist`;

#print $vmlist;

# ([\d]+\-[\w\d\s\.]+)\n\s+World ID:\s(\d+)

my @shutdownorder;

$count=0;

print "VM Inventory on $esxhost\n";

while ($vmlist =~ /(\d{1,2})\s+([\w\d\-]+).*\n/g)
        {

        # Don't shutdown the VM running this script until last as it also controls APCUPSD

        if ($1 != 30)
                {
                $shutdownorder[$count] = $1;
                $shutdownordername[$count] = $2;
                $count++;
                }

        }

print "VMID\tName\n";

my $index;
for my $order (@shutdownorder) {
  print "$order \t $shutdownordername[$index++]\n";
}

# If shutdown argument is present, shutdown VM's

if ($ARGV[0] eq "shutdown")
        {
        open (my $fh, '>', "/tmp/esxhostscript");

        print "\nCreating Script for ESX Host\nUploading ";

        while (@shutdownorder)
                {
                $vm = shift(@shutdownorder);

                print $fh "vim-cmd vmsvc/power.shutdown $vm\n";
                }

        print $fh "shutdown +3\n";

        close $fh;

        # Copy script to ESX Host

        system("scp","/tmp/esxhostscript","root\@192.168.1.26:/tmp/esxhostscript");

        # Add Execute Permission

        system("ssh","root\@192.168.1.26","chmod +x /tmp/esxhostscript");

        # Execute Script

        system("ssh","root\@192.168.1.26","/tmp/esxhostscript");

        print "Waiting for VM's to shutdown\n";

        while (CheckRunning())
                {
                print ".";
                sleep 5;
                }
        print "\n\n";

        # SHUTDOWN NAS

        @nasshut1 = `ssh -p 9999 192.168.1.14 shutdown -h now`;
        @nasshut2 = `ssh -p 9999 192.168.1.24 shutdown -h now`;

        }

else
        {
        printf "shutdown argument not passed, no action taken\n"
        }


sub CheckRunning
        {

        $vmrun = `ssh $esxhost $cmdvmrunning`;

        while ($vmrun =~ /([\d]+\-[\w\d\s\.]+)\n\s+World ID:\s(\d+)/g)
                {
                if ($2 ne "91789")
                        {
                        return 1;
                        }
                }
        return 0;
        }

Sunday, January 8, 2017

LetsEncrypt

apt-get install python-letsencrypt-apache

letsencrypt -w /var/lib/roundcube -d webmail.wjw.nz

/etc/letsencrypt/live/webmail.wjw.nz/fullchain.pem