Blog Marcina Bojko

Linux,Windows,serwer, i tak dalej ;)

Posts Tagged ‘opensource

Hyper-V Packer Gen2 machines – version 1.0.5

leave a comment »

https://github.com/marcinbojko/hv-packer

 

Written by marcinbojko

Październik 3, 2018 at 20:02

Napisane w work

Tagged with , , , ,

Simple Foreman Template (with Grafana Dashboard) for Zabbix 3.x

Small project, using trappers instead of zabbix-agent active mode. I wanted to have better control over the pushing layer and intervals.

https://github.com/marcinbojko/foreman-template

Written by marcinbojko

Kwiecień 24, 2018 at 18:15

Petya(notPetya) ransomware attack and how to (quickly) vaccinate lot’s of machines

There was a lot of nice summary articles about latest „ransomware” attack caused by Petya. Soon, researchers started to claim almost permanent vaccine for this type of worm.

https://www.bleepingcomputer.com/news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak/

Even patched OS won’t save you from infection as one infected machine quickly spreads the infection using other protocols like WinRM.

So, how should one on its vast server farm vaccinate hundrets of machines?

For example, like this 🙂

win_manage:
  dsc_file:    
    petya_vaccine1:
      dsc_destinationpath: C:\Windows\perfc
      dsc_type: file
      dsc_attributes: readonly
      dsc_contents: ""
    petya_vaccine2:
      dsc_destinationpath: C:\Windows\perfc.dat
      dsc_type: file
      dsc_attributes: readonly
      dsc_contents: ""
    petya_vaccine3:
      dsc_destinationpath: C:\Windows\perfc.dll
      dsc_type: file
      dsc_attributes: readonly
      dsc_contents: ""

 

Written by marcinbojko

Lipiec 1, 2017 at 11:14

Does Foreman speak SQL? It does ;)

So, the question is – how to deploy and maintain farm of Microsoft SQL Servers? With different domains, install sources, roles, features. Should we create unattended installers for every single instance?

No, we shouldn’t.

We should use Powershell DSC – https://github.com/PowerShell/xSQLServer
With Foreman/Puppet and win_manage, we have something like:

The simplest way:

instance1:
  dsc_instancename: MSSQLSERVER
  dsc_sourcepath: "\\our.server.com\ourshare"
  dsc_sourcecredential:
    user: anonymous
    password: anonymous
  dsc_setupcredential:
    user: DOMAIN\someuser
    password: somepassword

Or, more sophisticated:

instance1:
  dsc_instancename: MSSQLSERVER
  dsc_sourcepath: "\\our.server.com\ourshare"
  dsc_sourcecredential:
    user: anonymous
    password: anonymous
  dsc_setupcredential:
    user: DOMAIN\someuser
    password: somepassword
  dsc_features: SQLENGINE
  dsc_forcereboot: true
  dsc_agtsvcaccount:
    user: DOMAIN\scvaccount
    password: somepassword
  dsc_sqlsvcaccount:
    user: DOMAIN\sqlaccount
    password: somepassword
  dsc_sqlcollation: SQL_Latin1_General_CP1_CI_AS
  dsc_sqlsysadminaccounts:
    - DOMAIN\someadmin
    - DOMAIN\someotheradmin
  dsc_securitymode: SQL
  dsc_sapwd:
  user: sa
  password: paaaswordisverysecure
  dsc_sqluserdbdir: D:\MSSQL\Data
  dsc_sqluserdblogdir: E:\MSSQL\Data
  dsc_browsersvcstartuptype: Disabled

Whole install from local source takes aprox. 400 seconds (with other OS related settings) to finish.

Written by marcinbojko

Styczeń 22, 2017 at 21:11

Quick Zabbix (agent/server) migration from 2.2/3.0 to 3.2 (installed from official repository)

  1. Backup your machine (physical/virtual)
  2. Run (for server AND agent)

    # stop services
    systemctl stop zabbix-server
    systemctl stop zabbix-agent
    
    # clean cache
    yum clean all
    
    # upgrade releases from 2.x/3.0 to 3.2
    yum upgrade http://repo.zabbix.com/zabbix/3.2/rhel/7/x86_64/zabbix-release-3.2-1.el7.noarch.rpm
    
    # disable additional repository
    yum-config-manager --disable zabbix-non-supported
    
    # update
    yum update -y
    
    # clean cache
    yum clean all
    
    # enable services
    systemctl enable zabbix-server
    systemctl enable zabbix-agent

  3. [FOR AGENTS ONLY] Run:

    # for agents
    
    systemctl stop zabbix-agent
    
    yum clean all
    
    yum upgrade http://repo.zabbix.com/zabbix/3.2/rhel/7/x86_64/zabbix-release-3.2-1.el7.noarch.rpm
    
    yum-config-manager --disable zabbix-non-supported
    
    yum install zabbix-agent -y
    
    yum clean all
    
    systemctl enable zabbix-agent
    
    systemctl start zabbix-agent

Written by marcinbojko

Październik 15, 2016 at 14:21

HV-Default – confirmed working with Hyper-V 2016

New version available:

https://github.com/marcinbojko/hv_default

Written by marcinbojko

Październik 13, 2016 at 18:36

Napisane w Uncategorized, work

Tagged with , ,

Puppet & The Foreman & Powershell DSC – Windows Updates: Neverending story.

Nobody likes Windows Updates even Microsoft itself. But sometimes one should make sure, you have perks your system needs. But, we co do it old fashion way: check, update, reboot, repeat. Boring, and completly not in a way DevOps do.

Again, Win_manage to the rescue.

First we make sure what we want to do:

dsc_xwindowsupdateagent_schedule

first:
  dsc_dayofweek: sunday
  dsc_afterhour: 11
  dsc_usenotify: true


dsc_xwindowsupdateagent

security:
  dsc_updatenow: 'true'
  dsc_category: security
important:
  dsc_updatenow: 'true'
  dsc_category: important
optional:
  dsc_updatenow: 'true'
  dsc_category: optional

dsc_reboot

dsc_reboot:
  message: Machine requested a reboot
  when: pending

But what does it do? First, we should prepare update schedule: let’s say, we can start auto-updates on Sunday, after 11 AM (remember 11 AM = 11:00, and 11:00 PM=23:00)

Second: we want to install 3 type of updates: security, important and optional.

Third: we want to auto-reboot our machine (dsc_reboot) and notify us about pending updates count BEFORE and AFTER update patch set (dsc_usenotify: true)

So, we can switch from:

selection_426

to

selection_427

in a time needed to get some music 🙂

Written by marcinbojko

Październik 9, 2016 at 18:36

%d blogerów lubi to: