MergerFS on Ubuntu 20.04

This post for my own references, is made thanks to this great article.

https://www.teknophiles.com/2018/02/19/disk-pooling-in-linux-with-mergerfs/

Start by downloading the latest version, for me it is the mergerfs_2.31.0.ubuntu-bionic_amd64.deb file:

wget https://github.com/trapexit/mergerfs/releases/download/2.31.0/mergerfs_2.31.0.ubuntu-bionic_amd64.deb

Then simply install it using dpkg:

dpkg -i mergerfs_2.31.0.ubuntu-bionic_amd64.deb 

Following the install, you can easily mount separate mounted HDDs into a common containing folder.

root@lisa:/mnt# 
root@lisa:/mnt# 
root@lisa:/mnt# pwd
/mnt
root@lisa:/mnt# ls -l
total 8
drwxr-xr-x 3 root root 4096 Oct 13 15:14 SATA.2.WD-Red.3TB-1
drwxr-xr-x 3 root root 4096 Oct 13 15:14 SATA.3.WD-Red.3TB-2
root@lisa:/mnt# mkdir virtual
root@lisa:/mnt# mergerfs -o defaults,allow_other,use_ino,fsname=mergerFS /mnt/SATA.2.WD-Red.3TB-1:/mnt/SATA.3.WD-Red.3TB-2 /mnt/virtual
root@lisa:/mnt# 
root@lisa:/mnt# df -h
Filesystem      Size  Used Avail Use% Mounted on
udev            3.9G     0  3.9G   0% /dev
tmpfs           795M  1.1M  794M   1% /run
/dev/sda2       229G  6.6G  210G   4% /
tmpfs           3.9G     0  3.9G   0% /dev/shm
tmpfs           5.0M     0  5.0M   0% /run/lock
tmpfs           3.9G     0  3.9G   0% /sys/fs/cgroup
/dev/loop0       98M   98M     0 100% /snap/core/10126
/dev/loop1       89M   89M     0 100% /snap/core/7270
/dev/sdb1       2.7T   89M  2.6T   1% /mnt/SATA.2.WD-Red.3TB-1
/dev/sdc1       2.7T   89M  2.6T   1% /mnt/SATA.3.WD-Red.3TB-2
tmpfs           795M     0  795M   0% /run/user/1000
mergerFS        5.4T  177M  5.1T   1% /mnt/virtual
root@lisa:/mnt# 

So far using mergerFS has proved easy, and very flexible. Finally we can use /etc/fstab to mount these at boot time. We can use wildcards to include the drive mount points as below:

root@lisa:/mnt# more /etc/fstab
UUID=42e23971-b35d2-4b5f-a5a5-2ade6bf39eee / ext4 defaults 0 0
# SDB1 on Slot 2
UUID=38175b20-4394-4c42-b14f-cdefw3bf4524 /mnt/SATA.2.WD-Red.3TB-1 ext4 defaults 0 0
# SDC1 on Slot 3
UUID=66ef6909-b715-4c80-ec91-acf6e734bf15 /mnt/SATA.3.WD-Red.3TB-2 ext4 defaults 0 0

# <file system>           <mount point>      <type>         <options>                                      <dump>  <pass>
/mnt/SATA.?.WD-Red.3TB-?  /mnt/virtual       fuse.mergerfs  defaults,allow_other,use_ino,fsname=mergerFS   0       0

Please consider visiting https://www.teknophiles.com/2018/02/19/disk-pooling-in-linux-with-mergerfs/ for a complete introduction.

Palo-Alto, Create Tech-Support File

admin@5250-PAN(active-secondary)> scp export tech-support to admin@10.1.2.3:/fw/
Group 'batch' suspend
Collecting command output...
configure
save config to techsupport-saved-currcfg.xml
exit
show admins all
show clock
show system software status
show jobs pending
show jobs processed
show system info
show system files
show system logdb-quota
show system disk-space
debug software disk-usage dangling-fds
show system setting url-database
request system software info
request license info
show system setting logging
debug device-server dump logging statistics
show system setting pow
show system setting ssl-decrypt memory
show system setting ssl-decrypt certificate
show system setting ssl-decrypt certificate-cache
show system setting ssl-decrypt exclude-cache
show system setting ssl-decrypt setting
show system setting ssl-decrypt dns-cache
show system setting ssl-decrypt rewrite-stats
show global-protect-portal statistics
debug dataplane show ssl-decrypt ssl-stats 
debug sslmgr view ocsp all
show system environmentals
debug dataplane internal pdt pci list
debug system disk-smart-info disk-1
debug management-server telemetry-triggers counters show 
debug log-receiver telemetry-triggers counters 
debug system disk-smart-info disk-2
debug system interface-xcvr-info aux-1
debug system interface-xcvr-info aux-2
show system packet-path-test status
debug cord stats show
debug cord corr-mgr stats show
debug log-receiver correlation stats show
debug log-receiver correlation filters show
debug log-receiver corr-mgr show filter search name *
show counter global
show counter global filter delta yes
show counter global filter delta yes
show counter interface all
set system setting target-dp s1dp0
show counter global
show counter global filter delta yes
show counter global filter delta yes
show counter interface all
set system setting target-dp s1dp1
show counter global
show counter global filter delta yes
show counter global filter delta yes
show counter interface all
set system setting target-dp s1dp2
show counter global
show counter global filter delta yes
show counter global filter delta yes
show counter interface all
set system setting target-dp none
show statistics
show session info
show session meter
show session all
set system setting target-dp s1dp0
show session distribution policy
show session distribution statistics
show session info
show session all
show sctp all
show session all filter protocol 132
set system setting target-dp s1dp1
show session info
show session allshow sctp all
show session all filter protocol 132
set system setting target-dp s1dp2
show session info
show session all
show sctp all
show session all filter protocol 132
set system setting target-dp none
debug dataplane internal pdt fpp sw stats
show zone-protection
debug dataplane memory status
debug dataplane pool statistics
debug dataplane show memory-pool top-ref
debug dataplane pow performance all
debug dataplane pow status 
debug dataplane pow status 
debug dataplane pow status 
show running resource-monitor 
debug dataplane packet-diag show setting
debug dataplane fpga state
debug dataplane show cfg-memstat statistics
show running security-policy 
show running nat-policy 
show running nat-policy 
show running application-override-policy
show running authentication-policy
show running authentication-policy
show running decryption-policy
show running decryption-policy
show running dos-policy
show running pbf-policy
show running qos-policy
show running qos-policy
show running tunnel-inspect-policy
show running nat-rule-cache 
show running nat-rule-cache 
show running global-ippool 
show running ippool
show running ipv6 address
show arp management
debug dataplane internal vif link
debug dataplane internal vif address
debug dataplane internal vif rule
debug dataplane internal vif vr
debug dataplane internal vif route 254
debug dataplane internal vif route 255
debug dataplane internal vif route 0
debug dataplane internal pdt oct pip stats
debug dataplane internal pdt oct pko stats
debug dataplane internal pdt oct gmx stats
debug dataplane packet-diag show setting
debug dataplane mmdbg status
show high-availability all
show high-availability state-synchronization
set system setting target-dp s1dp0
show high-availability state-synchronization
set system setting target-dp s1dp1
show high-availability state-synchronization
set system setting target-dp s1dp2
show high-availability state-synchronization
set system setting target-dp none
show high-availability path-monitoring
debug device-server dump idmgr high-availability state
debug user-id dump idmgr high-availability state 
show interface all
show arp all
show neighbor interface all
show neighbor ndp-monitor all
show vlan allshow mac all
debug routing socket
show routing resource
show routing summary
show routing protocol ospf area
show routing protocol ospf dumplsdb
show routing protocol ospf interface
show routing protocol ospf neighbor
show routing protocol ospf virt-link
show routing protocol ospf virt-neighbor
show routing protocol ospf summar
show routing protocol ospfv3 area
show routing protocol ospfv3 dumplsdb
show routing protocol ospfv3 interface
show routing protocol ospfv3 neighbor
show routing protocol ospfv3 virt-link
show routing protocol ospfv3 virt-neighbor
show routing protocol ospfv3 summary
show routing protocol rip interface
show routing protocol rip peer
show routing protocol rip database
show routing protocol bgp peer
show routing protocol bgp peer-group
show routing protocol bgp policy import
show routing protocol bgp policy export
show routing protocol bgp policy cond-adv
show routing protocol bgp policy aggregate
show routing protocol bgp loc-rib-detail
show routing protocol bgp rib-out-detail
show routing protocol redist all
show routing route
show routing route ecmp yes
show routing fib
show routing fib ecmp yes
debug routing fib stats
debug routing list-mib
show routing multicast route
show routing multicast fib
show routing multicast group-permission
show routing multicast group-permission
show routing multicast igmp interface
show routing multicast igmp membership
show routing multicast igmp membership
show routing multicast igmp statistics
show routing multicast pim elected-bsr
show routing multicast pim elected-bsr
show routing multicast pim neighbor
show routing multicast pim neighbor
show routing multicast pim state
show routing multicast pim state
show routing multicast pim statistics 
show routing multicast pim statistics 
show routing bfd summary
debug routing mpf stats
show vpn gateway
show vpn tunnel
show vpn ike-sa
show vpn ipsec-sa
debug ike socket
debug ike stat fqdn
debug keymgr list-sa
show vpn flow
show dhcp server lease all
show dhcp client state all 
show global-protect-gateway gateway
show global-protect-gateway flow
show global-protect-gateway statistics
show global-protect-satellite current-gateway
show global-protect-satellite interface all
show global-protect-satellite satellite
debug user-id dump hip-profile-database statistics
show running tunnel flow 
show running tunnel flow info
show running tunnel flow lookup
show running tunnel flow nexthop
debug device-server dump dynamic-url statistics
debug device-server dump dynamic-url database
debug device-server dump regips summary
show user ts-agent statistics
show user user-id-agent statistics
show user user-id-agent state all
show user user-id-agent state all
show user user-id-service statusshow user user-id-service client all
show user group-mapping state all
show user ip-port-user-mapping all
debug user-id dump ts-agent user-ids
debug user-id dump memory summary
debug user-id dump state
show user user-ids all option count
show user ip-user-mapping-mp all option count 
show user ip-user-mapping all option count 
show user ip-user-mapping all option count type UNKNOWN
show user user-id-service client all 
show user user-id-service status 
show user group list
show user credential-filter statistics
debug dataplane show ctd credential-enforcement group-mapping
debug dataplane show ctd credential-enforcement domain-credential
debug user-id dump ntlm-stats 
debug user-id dump xmlapi-stats 
debug user-id dump probing-stats 
debug user-id dump l3svc-stats
show vm-monitor source all
show object registered-ip all option count
show running application cache
show running application setting
show running application statistics
show running application-signature statistics
show system setting zip
show system setting ctd state
debug dataplane show ctd version
debug dataplane show ctd regex-group dump
debug dataplane show ctd regex-stats dump
debug dataplane show dos block-table
debug dataplane show dos classification-table
show running url-cache statistics
debug device-server bc-url-db show-stats
debug device-server pan-url-db db-perf
debug device-server pan-url-db show-stats 
show url-cloud status
show hsm servers
show hsm state
show hsm slots
show hsm info
show hsm ha-status
show hsm nshield-connect-rfs
show lacp aggregate-ethernet all
show lldp neighbors all
show lldp config all
show lldp local all
show system raid detail
show wildfire status
show wildfire statistics
show wildfire disk-usage
show wildfire cloud-info
debug wildfire content-info
debug wildfire dp-status
debug vardata-receiver statistics
show report jobs
show report cache info
show report exec_mgr info
show log-collector preference-list
show logging-status
debug cord stats show
debug cord corr-mgr stats show
debug log-receiver correlation stats show
debug log-receiver correlation filters show
debug log-receiver corr-mgr show filter search name *
debug log-receiver corr-mgr show instance summary
debug management-server conn
debug log-receiver rawlog_fwd connmgr
debug log-receiver rawlog_fwd evtmgr
request logging-service-forwarding status
request log-collector-forwarding status
Generating in ``/opt/pancfg/tmp/techsupport/1600074941.96'' with free_size 39881384.
Skipping /tmp/panorama_pushed: does not exist
Skipping /tmp/curlog: does not exist
Skipping /tmp/content_install*: does not exist
Skipping /opt/pancfg/mgmt/global/resolved_fqdns.xml: does not exist
Skipping /opt/pancfg/mgmt/global/lcs-pref.xml: does not exist
Skipping /opt/pancfg/mgmt/global/lcaas-pref.xml: does not exist
Skipping /opt/pancfg/mgmt/groups: does not exist
Skipping /opt/pancfg/opt/pan/content/pan/urlcloud_static_list.txt: does not exist
package /opt/var.dp0/cores/crashinfo
Skipping /opt/var.dp0/cores/crashinfo: entire source was excluded from packaging.
package /opt/var.dp0/log
package /opt/var.dp1/cores/crashinfo
Skipping /opt/var.dp1/cores/crashinfo: entire source was excluded from packaging.
package /opt/var.dp1/log
package /opt/var.dp2/cores/crashinfo
Skipping /opt/var.dp2/cores/crashinfo: entire source was excluded from packaging.
package /opt/var.dp2/log
Skipping /opt/var.dp2/log: entire source was excluded from packaging.
package /var/cores/crashinfo
Skipping /var/cores/crashinfo: entire source was excluded from packaging.
package /opt/panrepo/logs
package /var/log
package /opt/pancfg/mgmt/tmp
Running /usr/local/bin/remove-private-info.sh
/opt/pancfg/tmp/techsupport/1600074941.96/opt/pancfg/mgmt/tmp
package /etc/Chrystoki.conf
package /opt/nfast/kmdata/config/config
package /opt/nfast/log
Skipping /opt/nfast/log/logfile: exception encountered when trying to stat this file.
package /opt/pancfg/mgmt/audit
Running /usr/local/bin/remove-private-info.sh
/opt/pancfg/tmp/techsupport/1600074941.96/opt/pancfg/mgmt/audit
package /opt/pancfg/mgmt/sp
Running /usr/local/bin/remove-private-info.sh
/opt/pancfg/tmp/techsupport/1600074941.96/opt/pancfg/mgmt/sp
package /opt/pancfg/mgmt/template
Running /usr/local/bin/remove-private-info.sh
/opt/pancfg/tmp/techsupport/1600074941.96/opt/pancfg/mgmt/template
package /opt/pancfg/mgmt/saved-configs/running-config.xml
Running /usr/local/bin/remove-private-info.sh
/opt/pancfg/tmp/techsupport/1600074941.96/opt/pancfg/mgmt/saved-configs/running-config.xml
package /opt/pancfg/mgmt/saved-configs/techsupport-saved-currcfg.xml
Running /usr/local/bin/remove-private-info.sh
/opt/pancfg/tmp/techsupport/1600074941.96/opt/pancfg/mgmt/saved-configs/techsupport-saved
currcfg.xml
package /opt/pancfg/mgmt/saved-configs/.ha-remote-rc.xml
Running /usr/local/bin/remove-private-info.sh
/opt/pancfg/tmp/techsupport/1600074941.96/opt/pancfg/mgmt/saved-configs/.ha-remote-rc.xml
package /opt/pancfg/mgmt/saved-configs/.ha-remote2-rc.xml
Running /usr/local/bin/remove-private-info.sh
/opt/pancfg/tmp/techsupport/1600074941.96/opt/pancfg/mgmt/saved-configs/.ha-remote2-rc.xml
package /opt/pancfg/mgmt/saved-configs/.merged-running-config.xml
Running /usr/local/bin/remove-private-info.sh
/opt/pancfg/tmp/techsupport/1600074941.96/opt/pancfg/mgmt/saved-configs/.merged-running
config.xml
package /opt/pancfg/mgmt/devices/localhost.localdomain
Running /usr/local/bin/remove-private-info.sh
/opt/pancfg/tmp/techsupport/1600074941.96/opt/pancfg/mgmt/devices/localhost.localdomain
package /opt/pancfg/mgmt/updates/curav/pan_avversion
package /opt/pancfg/mgmt/updates/oldav/pan_avversion
package /opt/pancfg/mgmt/updates/curcontent/pan_appversion
package /opt/pancfg/mgmt/updates/oldcontent/pan_appversion
package /opt/pancfg/mgmt/updates/curcontent/pan_threatversion
package /opt/pancfg/mgmt/updates/oldcontent/global/global.xml
package /opt/pancfg/mgmt/updates/curcontent/global/global.xml
package /opt/pancfg/mgmt/updates/oldcontent/pan_threatversion
package /opt/pancfg/mgmt/syslogng/pan_sysng.cfg
package /opt/pancfg/mgmt/global/avinfo.current.xml
package /opt/pancfg/mgmt/global/avinfo.prev.xml
package /opt/pancfg/mgmt/global/avinfo.xml
package /opt/pancfg/mgmt/global/contentinfo.current.xml
package /opt/pancfg/mgmt/global/contentinfo.prev.xml
package /opt/pancfg/mgmt/global/contentinfo.xml
package /opt/pancfg/mgmt/global/userinfo.xml
package /opt/pancfg/mgmt/global/regip
Skipping /opt/pancfg/mgmt/global/regip: entire source was excluded from packaging.
package /opt/pancfg/opt/pan/content/pan/urlcloud_list.txt
package /opt/pancfg/hsm/config
package /opt/var.cp/cores/crashinfo
Skipping /opt/var.cp/cores/crashinfo: entire source was excluded from packaging.
package /opt/var.cp/log
package /tmp/cli.16330.dir.F6zI8B/r3SOeY/techsupport.txt
Exporting system logs...
Exporting alarm logs...
Exporting config logs...
Getting report list...
Getting sysd output...
Getting netstat verbose output...
Getting netstat interface output...
Getting pmap mgmtsrvr output...
Running pdt debug commands...
Measuring disk usage...
Group 'batch' resume
Finish generating tech support.

admin@10.1.2.3's password: 
PA_01310100f3f6173_ts.tar.gz                                                              100%  
90MB  44.8MB/s   00:02    

admin@5250-PAN(active-secondary)> exit

Connection to 10.1.2.4 closed.

A simple How-To generate a tech support file on Palo-Alto Firewalls. I've copied it all here for reference as it also shows a whole load of commands which I find a useful reference.

Shaarli Bookmark – missing icons.

In a few versions of Shaarli there appears to be a bug which stops some of the icons appearing for your sites on the picturewall. I believe this has been fixed in later versions, but this simple workaround solved the problem for me.

From you shaarli directory, simply edit the css file

root@ubuntu:/var/www/shaarli# vi ./assets/default/scss/shaarli.scss

and add the following attributes to the b-lazy class.

.b-lazy {
         min-width: 1px;
         min-height: 1px;
        }

Some of my sites still do not get an icon, but I think that is a different problem. Anyway, worked for me.

A Poem

I have no idea where this Poem originates from, but it has made a signifiant impression on a close family member. I share it here in the hope someone else stumbles across it someday.


We met and married a long time ago
We worked long hours when wages were low
No telly, no wireless, no bath, for times were hard
Just cold water tap and a walk up the yard
No holidays abroad, no carpets on floors
We put coal on the fire and never locked doors
Our children arrived to fill in those days
We bought them up without any state aid
They were quite safe to play in the park
And the old folk could go for a walk in the dark
No valium, no drugs, no LSD
We cured most our ills with a good cup of tea
If you were sick you were treated at once
No fill in the forms and come back in 6 months
No vandals, no mugging, there was nothing to rob
We felt rich with a couple of bob
People seemed happier in those far off days
Kinder and caring in so many ways
Milkmen and paperboys would whistle and sing
A night at the pictures was quite a mad fling
We all had our share of troubles and strife
We just had to face it that’s the pattern of life
But now I’m alone I look back through the years
I don’t think of the badtimes the trouble and tears
I remember the blessings, our home and the love
And that we shared together
I thank god above

RIP Nan.

Ubuntu Server + Xubuntu-core

Simple HowTo for adding a graphical display to a base Ubuntu Server 20.04 system.

user@ubuntu:~$ sudo apt update && apt upgrade -y
user@ubuntu:~$ sudo apt install lightdm tasksel
user@ubuntu:~$ sudo tasksel install xubuntu-core
user@ubuntu:~$ reboot

When the system has rebooted you will be able to log into the xubuntu desktop. The -core indicates just the core desktop environment rather than the numerous recommended / associated apps.

Other desktops are just as easy, want mate, then its ubuntu-mate-core. Lubuntu is lubuntu-core. You get the idea.

ArubaOS-CX, OSPFv2 Configuration

OSPF configuration is simple on Aruba, with a few simple differences between OS-CX and Cisco’s approach. Once both configured though, the two vendors equipment works very well, just as expected.

For clarity, to confirm the current OSPF state we can check to see if it is running. I’ve checked both the Default VRF and the FWTEST VRF whose configuration is explained here.

ArubaOS-CX# sh ip ospf
OSPF Process is not running on VRF default.
ArubaOS-CX# sh ip ospf vrf FWTEST
OSPF Process is not running on VRF FWTEST.
ArubaOS-CX# 

Initially in this example we will configure OSPFv2 to run in the FWTEST VRF, whilst leaving the Default VRF as it is. To start the process, we need to define OSPF

ArubaOS-CX# 
ArubaOS-CX# conf t
ArubaOS-CX(config)# router ospf 
  <1-63>  Specify the OSPF Process ID 
ArubaOS-CX(config)# router ospf 39 
  vrf   VRF Instance. 
  <cr>  
ArubaOS-CX(config)# router ospf 39 vrf FWTEST
ArubaOS-CX(config-ospf-39)# router ospf 39 vrf FWTEST

Much like the Cisco CLI, you can use the ? to show command help as appropriate. Here for example, we can see that Aruba use 6-bits to store the process ID. The process ID is only locally significant and good practise would be to use different process ID’s for each VRF. In testing though ArubaOS-CX does appear to allow you to use the same number for default and another VRF. I was surprised that it didn’t seem to break anything, but going forward I will use separate IDs. Here I chose 39 and specified which VRF it applied to.

We then go on to specify a router-id and other operating behaviours we need.

ArubaOS-CX(config-ospf-39)# 
ArubaOS-CX(config-ospf-39)# router-id 192.168.40.30
ArubaOS-CX(config-ospf-39)# reference-bandwidth 40000
ArubaOS-CX(config-ospf-39)# passive-interface default
ArubaOS-CX(config-ospf-39)# redistribute connected
ArubaOS-CX(config-ospf-39)# area 0.0.0.40
ArubaOS-CX(config-ospf-39)# 

At this stage, we do not have any ospf interfaces attached to the vhf FWTEST.

ArubaOS-CX# sh ip ospf vrf FWTEST
Routing Process 39 with ID : 192.168.40.30 VRF FWTEST
------------------------------------------------------


OSPFv2 Protocol is enabled
Graceful-restart is configured
Restart Interval: 120, State: inactive
Last Graceful Restart Exit Status: none
SPF: Start Time: 200ms, Hold Time: 1000ms, Max Wait Time: 5000ms
Maximum Paths to Destination: 4
Number of external LSAs 0, checksum sum 0
Number of areas is 1, 1 normal, 0 stub, 0 NSSA
Number of active areas is 0, 0 normal, 0 stub, 0 NSSA
BFD is disabled
Reference Bandwidth: 40000 Mbps
Area (0.0.0.40) (Inactive)
  Interfaces in this Area: 0 Active Interfaces: 0 
  Passive Interfaces: 0 Loopback Interfaces: 0 
  SPF calculation has run 1 times
  Area ranges: 
  Number of LSAs: 0, checksum sum 0 


ArubaOS-CX#
ArubaOS-CX# sh ip ospf interface vrf FWTEST
OSPF Interface is not attached to VRF FWTEST.
ArubaOS-CX# 

So next we need to attach at least one interface, the area were are attaching to is already defined above, if it isn’t defined you will get an error.

ArubaOS-CX# conf t
ArubaOS-CX(config)# interface vlan999 
ArubaOS-CX(config-if-vlan)#                             
           config-if-vlan)# ip ospf 39 area 0.0.0.40                         
ArubaOS-CX(config-if-vlan)# no ip ospf passive              
ArubaOS-CX(config-if-vlan)# 

For a basic configuration that the config that’s required. We are not running VRF-lite, with a Cisco 4500 as a neighbour. We can see from our routing table all is well.

ArubaOS-CX# sh ip ro vrf FWTEST


Displaying ipv4 routes selected for forwarding


'[x/y]' denotes [distance/metric]


0.0.0.0/0, vrf FWTEST 
        via  172.31.255.129,  [110/114],  ospf
172.31.255.240/28, vrf FWTEST 
        via  vlan998,  [0/0],  connected
172.31.255.192/28, vrf FWTEST 
        via  loopback99,  [0/0],  connected
172.31.255.128/28, vrf FWTEST 
        via  vlan999,  [0/0],  connected
172.31.255.4/30, vrf FWTEST 
        via  172.31.255.129,  [110/64],  ospf
172.31.255.12/30, vrf FWTEST 
        via  172.31.255.129,  [110/44],  ospf
172.31.255.8/30, vrf FWTEST 
        via  172.31.255.129,  [110/54],  ospf
172.31.255.0/30, vrf FWTEST 
        via  172.31.255.129,  [110/84],  ospf
172.31.255.130/32, vrf FWTEST 
        via  vlan999,  [0/0],  local
172.31.255.193/32, vrf FWTEST 
        via  loopback99,  [0/0],  local
172.31.255.241/32, vrf FWTEST 
        via  vlan998,  [0/0],  local


ArubaOS-CX#  

As you would expect for a standards based protocol, it just works !

Finally just for reference, this was all done on an 6300 running AribaOS-CX FL.10.04.0030

ArubaOS-CX, VRF Configuration

Adding the basics of a VRF configuration to an ArubaOS-CX is both simple, and very similar to other vendors platforms. In the example below we are adding a VRF called FWTEST and assigning two SVI’s to it along with a Loopback.

First we can see what VRFs are already configured, in this case none:

ArubaOS-CX# show vrf
VRF Configuration:
------------------
VRF Name   : default
        Interfaces             Status
        -----------------------------
        vlan1                    up
        vlan254                  up

ArubaOS-CX#

Then define the VRF, including the route distinguisher.

ArubaOS-CX# conf t
ArubaOS-CX(config)# vrf FWTEST
ArubaOS-CX(config-vrf)# rd 10:39
ArubaOS-CX(config-vrf)#

Ensure that any VLANs that require SVI’s in the new VRF are defined. If not we need to create them.

ArubaOS-CX(config-vrf)# vlan 998
ArubaOS-CX(config-vlan-998)# name FWTEST_Clients
ArubaOS-CX(config-vlan-998)# vlan 999
ArubaOS-CX(config-vlan-999)# name FWTEST_L3
ArubaOS-CX(config-vlan-999)# 

Configure the required SVIs and any other layer 3 interfaces, in our case Loopback 99.

ArubaOS-CX(config)# # interface vlan998
ArubaOS-CX(config-if-vlan)# vrf attach FWTEST
ArubaOS-CX(config-if-vlan)# ip address 172.31.255.241/28
ArubaOS-CX(config-if-vlan)# 
ArubaOS-CX(config-if-vlan)# interface vlan999
ArubaOS-CX(config-if-vlan)# vrf attach FWTEST
ArubaOS-CX(config-if-vlan)# ip address 172.31.255.130/28
ArubaOS-CX(config-if-vlan)# 
ArubaOS-CX(config-if-vlan)# interface loopback 99
ArubaOS-CX(config-loopback-if)# vrf attach FWTEST
ArubaOS-CX(config-loopback-if)# ip address 172.31.255.193/28
ArubaOS-CX(config-loopback-if)# 

Now if we check the VRFs on the switch, we can see our new SVIs and the Lo99 are all attached to the VRF FWTEST.

 
ArubaOS-CX# show vrf
VRF Configuration:
------------------
VRF Name   : default
        Interfaces             Status
        -----------------------------
        vlan1                    up
        vlan254                  up


VRF Name   : FWTEST
        Interfaces             Status
        -----------------------------
        loopback99               up
        vlan998                  up
        vlan999                  up


ArubaOS-CX# 

Finally, we can check the FWTEST routing table. This shows us the routes for the attached networks we have just defined. No other routes are shown as we are not going any routing with other devices yet.

ArubaOS-CX# 
ArubaOS-CX# sh ip ro vrf FWTEST

Displaying ipv4 routes selected for forwarding

'[x/y]' denotes [distance/metric]

172.31.255.240/28, vrf FWTEST 
        via  vlan998,  [0/0],  connected
172.31.255.192/28, vrf FWTEST 
        via  loopback99,  [0/0],  connected
172.31.255.128/28, vrf FWTEST 
        via  vlan999,  [0/0],  connected
172.31.255.130/32, vrf FWTEST 
        via  vlan999,  [0/0],  local
172.31.255.193/32, vrf FWTEST 
        via  loopback99,  [0/0],  local
172.31.255.241/32, vrf FWTEST 
        via  vlan998,  [0/0],  local

ArubaOS-CX# 

Next we can go on to configure OSPF

Finally just for reference, this was all done on an 6300 running AribaOS-CX FL.10.04.0030

Ubuntu Samba Install

Following on from my efforts building a dedicated data recovery box, I decided to use Samba as an easy way of looking through the recovered data, in addition to the local client disks.

First of all, a quick update as always to check the latest packages in the repo:

root@moe:~# apt update && apt upgrade -y

Next the samba install:

root@moe:~# apt install samba -y

The samba setup required is very simple, I want one account with write access, then a guest account with read access for everyone else. Make sure you understand the implications of this insecure configuration before blindly following it. My folder structure is very basic, with everything from the /media directory being visible.

Rather than wade through the sea of options in the default config file, I simply backed it up and started from a blank slate.

root@moe:~# mv /etc/samba/smb.conf /etc/samba/smb.conf.original
root@moe:~# vi /etc/samba/smb.conf

I then used the following config in the new smb.conf file

======================= Global Settings =======================
[global]
workgroup = WORKGROUP
dns proxy = no
load printers = no
printcap name = /dev/null
disable spoolss = yes

#### Networking ####
interfaces = 127.0.0.0/8
bind interfaces only = yes

#### Debugging/Accounting ####
log file = /var/log/samba/log.%m
max log size = 1000

####### Authentication #######
server role = standalone server
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user

############ Misc ############
usershare allow guests = yes

#======================= Share Definitions =======================
[media]
comment = Media Share on Moe
path = /media
valid users = "jon"
write list = "jon"
guest ok = no
browseable = no


[store]
comment = Data Store on Moe
path = /media/store/
read only = yes
guest ok = yes

Once you have saved the file, use the testparm command to check for configuration errors. Then simply restart as below:

root@moe:~# service smbd restart
root@moe:~# service smbd status
● smbd.service - Samba SMB Daemon
   Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2020-05-07 11:04:22 UTC; 4s ago
     Docs: man:smbd(8)
           man:samba(7)
           man:smb.conf(5)
 Main PID: 28444 (smbd)
   Status: "smbd: ready to serve connections..."
    Tasks: 3 (limit: 4915)
   CGroup: /system.slice/smbd.service
           ├─28444 /usr/sbin/smbd --foreground --no-process-group
           ├─28479 /usr/sbin/smbd --foreground --no-process-group
           └─28480 /usr/sbin/smbd --foreground --no-process-group


May 07 11:04:22 moe systemd[1]: Starting Samba SMB Daemon...
May 07 11:04:22 moe systemd[1]: Started Samba SMB Daemon.
May 07 11:04:22 moe smbd[28444]: [2020/05/07 11:04:22.166574,  0] ../lib/util/become_daemon.c:124(daemon_ready)
May 07 11:04:22 moe smbd[28444]:   STATUS=daemon 'smbd' finished starting up and ready to serve connections
root@moe:~# 
root@moe:~# 

I can’t stress enough that this is far from a secure or recommended setup. However in my single use case it is fine, I’m only working on data believed to be lost, and this isn’t my livelyhood.

Disk Recovery Ubuntu Box

The Background

After years of having multiple floppies, SCSI, IDE, SATA, USB drives and sticks kicking around the office I’ve decided it can’t carry on like this. I’ve fallen into the habit of buying the biggest USB disk I could afford to shuffle data back and forth between new and old machines as I nuke and pave my way through life.

I’ve also had numerous requests from family and friends over the years to rebuild machines or recover data for them which has just added to my problem. I always like to have two copies of the data when doing anything like this for security against mistakes (of which there have been a few).

The end result is more disks and sticks kicking around with no order or structure. Every time I’ve started to have a sort out in the past, I’ve always ran out of space or needed the device I was loading disks in for real work.

Whilst having a sort out I have come across an old HP xw4600 workstation which has a ton of space inside, 4 SATA ports and even IDE It isn’t the most powerful on the processor front, but it will be perfect for a box I can use as a dedicated platform for this task.

So after digging through the old disks and finding an empty 120G SSD from some unknown source, I connected it up to SATA0 and started installing Ubuntu Server. Even though I’m planning on doing most of the work on the command line via SSH, I decided to install LightDM and LXDE just incase I needed some GUI tools later.

20 minutes later, I have a box which I can wake up remotely from a so called magic packet. In less than 25 seconds later, I can log in locally through the GUI or remotely via SSH, ideal. Now for some more interesting bits. Obviously as with all devices these days some precautions on the security front should be taken to protect against the evils on the Internet.

The Customisation Journey

I say Journey, as I never seem to get to a fully configured server, but once the basic ubuntu server build is there, I’ll add some tools etc I require. First off I’ll add the usb auto mount functionality as used in the ubuntu desktop variants along with support for NTFS as I know there will be some old MS Windows disks to go through. Finally here I’ll get the testdisk utilities installed which also provides PhotoRec.

jon@moe:~$ sudo apt update && sudo apt install usbmount ntfs-3g testdisk

Now when I plug a USB Device (disk or stick) it gets auto mounted under /dev/usb? somewhere. This just safes me the bother of doing it manually.

I decided to add a GUI as some of the tools I may use in the future may require it. I went for a simple default lxde core.

jon@moe:~$ sudo apt update && sudo apt install lightdm tasksel -y
<snip>
jon@moe:~$ sudo tasksel install Lubuntu-core
<snip>

Data Recovery Example

A grand total of 45 minutes since starting I’ve got a platform built, now with two extra drives connected. A blank data disk, and a drive which was inadvertently formatted that I need to recover data from. Some 3 hours later, and PhotoRec has already recovered 800+ jpg files.

PhotoRec 7.0, Data Recovery Utility, April 2015
Christophe GRENIER <grenier@cgsecurity.org>
http://www.cgsecurity.org

Disk /dev/sdb - 4000 GB / 3726 GiB (RO) - WDC WD40PURZ-85TUZV0
     Partition                  Start        End    Size in sectors
     No partition             0   0  1 486401  80 63 7814037168 [Whole disk]

Pass 1 - Reading sector  439340400/7814037168, 843 files found
Elapsed time 3h47m26s - Estimated time to completion 63h37m39
jpg: 843 recovered

It is now well past half way, according to the disk geometry, but I will let it run through to its conclusion. Just for the record, it didn’t take the estimated 63 hours, it completed overnight.

Grub Default Last Session

Grub has been around for years, sitting in the boot process allowing us to choose which OS to boot from. One option which I find particularly useful is the ability to remember the last selection and default to that selection. If like me you have ever needed windows in a hurry to realise its half way through installing updates, but never finished because it rebooted into Linux this may be of help.

Edit the /etc/default/grub file and add the following text:

GRUB_DEFAULT=saved
GRUB_SAVEDEFAULT=true

Once you have added those lines, simply issue the command below to update your Grub settings:

sudo update-grub

Simply reboot, and from now on, it will remember your last selection and default to it accordingly. Of course, you still need to boot into windows to start the update process, but at least now you don’t have to watch over it whilst it reboots to install them. 🙂