Simple HP Aruba ProCurve and older swtiches backup script

#!/bin/bash
#
#
# Some vars
DATE=$(date +“%F_%H-%M_“)
DIRDATE=$(date +“%F_%H-%M“)
SSHPASSCMD=“/usr/bin/sshpass -f“
MKDIRCMD=“/bin/mkdir -p“
CIPHER=“aes128-cbc“
KEYEX=“-oKexAlgorithms=diffie-hellman-group14-sha1″

# Deleting old files and directories
find /home/backups/data/switches/old-switch1 -type d,f -mtime +2 -exec rm -rf {} \;
find /home/backups/data/switches/old-switch2 -type d,f -mtime +2 -exec rm -rf {} \;
find /home/backups/data/switches/procurve-switch1 -type d,f -mtime +2 -exec rm -rf {} \;
find /home/backups/data/switches/procurve-switch2 -type d,f -mtime +2 -exec rm -rf {} \;

# old school switch 1
$MKDIRCMD /home/backups/data/switches/old-switch1/“$DIRDATE“
$SSHPASSCMD /home/backups/scripts/switches-config/old-switch1.cfg /usr/bin/scp -c $CIPHER $KEYEX admin@old-switch1.domain.tld:/startup.cfg /home/backups/data/switches/old-switch1/“$DIRDATE“/
$SSHPASSCMD /home/backups/scripts/switches-config/old-switch1.cfg /usr/bin/scp -c $CIPHER $KEYEX admin@old-switch1.domain.tld:/company_legacy_ca.crt /home/backups/data/switches/old-switch1/“$DIRDATE“/
$SSHPASSCMD /home/backups/scripts/switches-config/old-switch1.cfg /usr/bin/scp -c $CIPHER $KEYEX admin@old-switch1.domain.tld:/https-server.p12 /home/backups/data/switches/old-switch1/“$DIRDATE“/
$SSHPASSCMD /home/backups/scripts/switches-config/old-switch1.cfg /usr/bin/scp -c $CIPHER $KEYEX admin@old-switch1.domain.tld:/v1910-cmw520-r1513p62.bin /home/backups/data/switches/old-switch1/“$DIRDATE“/

# old school switch 2
$MKDIRCMD /home/backups/data/switches/old-switch2/“$DIRDATE“
$SSHPASSCMD /home/backups/scripts/switches-config/old-switch2.cfg /usr/bin/scp -c $CIPHER $KEYEX admin@old-switch2.domain.tld:/startup.cfg /home/backups/data/switches/old-switch2/“$DIRDATE“/
$SSHPASSCMD /home/backups/scripts/switches-config/old-switch2.cfg /usr/bin/scp -c $CIPHER $KEYEX admin@old-switch2.domain.tld:/_startup_bak.cfg /home/backups/data/switches/old-switch2/“$DIRDATE“/
$SSHPASSCMD /home/backups/scripts/switches-config/old-switch2.cfg /usr/bin/scp -c $CIPHER $KEYEX admin@old-switch2.domain.tld:/old-switch2-chain.crt /home/backups/data/switches/old-switch2/“$DIRDATE“/
$SSHPASSCMD /home/backups/scripts/switches-config/old-switch2.cfg /usr/bin/scp -c $CIPHER $KEYEX admin@old-switch2.domain.tld:/company_local.cer /home/backups/data/switches/old-switch2/“$DIRDATE“/
$SSHPASSCMD /home/backups/scripts/switches-config/old-switch2.cfg /usr/bin/scp -c $CIPHER $KEYEX admin@old-switch2.domain.tld:/company_ca.cer /home/backups/data/switches/old-switch2/“$DIRDATE“/
$SSHPASSCMD /home/backups/scripts/switches-config/old-switch2.cfg /usr/bin/scp -c $CIPHER $KEYEX admin@old-switch2.domain.tld:/jg927a-cmw520-r1119.bin /home/backups/data/switches/old-switch2/“$DIRDATE“/

# procurve-switch1
$MKDIRCMD /home/backups/data/switches/procurve-sw001/"$DIRDATE"
$SSHPASSCMD /home/backups/scripts/switches-config/procurve-sw001.cfg /usr/bin/scp $KEYEX -r manager@procurve-sw001.domain.tld:/cfg /home/backups/data/switches/procurve-sw001/"$DIRDATE"/
$SSHPASSCMD /home/backups/scripts/switches-config/procurve-sw001.cfg /usr/bin/scp $KEYEX -r manager@provurce-sw001.domain.tld:/os /home/backups/data/switches/procurve-sw001/"$DIRDATE"/

# procurve-switch2
$MKDIRCMD /home/backups/data/switches/procurve-sw002/"$DIRDATE"
$SSHPASSCMD /home/backups/scripts/switches-config/procurve-sw002.cfg /usr/bin/scp $KEYEX -r manager@procurve-sw002.domain.tld:/cfg /home/backups/data/switches/procurve-sw002/"$DIRDATE"/
$SSHPASSCMD /home/backups/scripts/switches-config/procurve-sw002.cfg /usr/bin/scp $KEYEX -r manager@procurve-sw002.domain.tld:/os /home/backups/data/switches/procurve-sw002/"$DIRDATE"/

Use GMX as smarthost / relay_host with Postfix with separate transport_map

Excerpt /etc/postfix/main.cf
———————-
transport_maps = hash:/etc/postfix/transport
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
sender_canonical_maps = hash:/etc/postfix/sender_canonical
smtp_tls_security_level = encrypt

 

Excerpt /etc/postfix/transport
————————
<mailaddress>@gmx.net smtp:mail.gmx.net:25

 

Excerpt /etc/postfix/sender_canonical
——————————-
root@proxmox sberg1@gmx.net

 

Excerpt /etc/postfix/sasl_password
—————————–
mail.gmx.net <mailaddress>@gmx.net:<password>

 

Execute postmap commands to create the hash db file from above transport / sender_canonical / sasl_password
—————————–
postmap transport
postmap sender_canonical
postmap sasl_password

 

Restart Postfix
————
systemctl restart postfix

 

Testing
——
mail -s test <mailaddress>@gmx.net
HINT: CC just hit <Enter> – then write the body followed by <Enter> and <.> (dot character) and again <Enter>- then quit the mail command by pressing <CTRL>-<D>

community.network.edgeos_config Problem with login to EdgeOS device

Prerequities so far:
ansible-galaxy collection install community.network
pip3 install paramiko

I had trouble to properly connect to an EdgeOS device with Ansible and the community.network.edgeos_config module.

First I tried to send authetication data with ansible_ssh_user and a vaulted password via ansible_ssh_password.

This left me with the error:
fatal: [edgerouter.heaven.grp]: FAILED! => {
„changed“: false,
„module_stderr“: „Expected unicode or bytes, got {‚__ansible_vault‘: ‚$ANSIBLE_VAULT;1.1;AES256…

I tried to replace the paramiko python module with libssh.py:
pip3 install ansible-pylibssh

This also did not work with the encrypted vault password variable.

So I tried to setup SSH login via ssh key.

For this you have to add your public key to the EdgeOS devicset system login set system login user ubnt authentication public-keys <keyid> type ssh-rsa
set system login user ubnt authentication public-keys <keyid> key  <publickey>

So passwordless login was possible from normal Ubuntu OS via SSH but login via Ansible was still not possible:
redirecting (type: modules) community.network.edgeos_config to community.network.network.edgeos.edgeos_config
fatal: [edgerouter.heaven.grp]: FAILED! => {
„changed“: false,
„module_stderr“: „ssh connection failed: Failed to authenticate public key: Access denied for ‚publickey‘. Authentication that can continue: publickey,password“,
„module_stdout“: „“,
„msg“: „MODULE FAILURE\nSee stdout/stderr for the exact error“
}

I found a bug that describes this problem in
https://github.com/ganeshrn/netcommon/blob/08c7e0f32655e99659dfac25870f470de43ae8f7/plugins/connection/libssh.py

Replacing the file here ~/.ansible/collections/ansible_collections/ansible/netcommon/plugins/connection/libssh.py with the file from the above commit solved the problem.

Query Netbox with Ansible to generate an Ansible inventory

1.
Make sure you use Ansible version >= 2.10.x
pip3 install –user –upgrade pip
pip3 install –user –upgrade ansible

2.
Install pynetbox
apt install python3-pip
pip install pynetbox –upgrade

3.
Install the Ansible module
ansible-galaxy collection install netbox.netbox

4.
Simple netbox-inventory YAML
# 02-netbox-inventory.yml

plugin: netbox.netbox.nb_inventory
api_endpoint: https://netbox.heaven.grp
token: api-key
validate_certs: false
config_context: false
group-by:
  – tags

5.
Install Netbox
Follow the Netbox installation guide
https://docs.netbox.dev/en/stable/installation/
Fill in some live in there

6.
Testing the generation of the Netbox inventory via ansible-inventory
ansible-inventory -i 02-netbox-inventory.yml –list

Installing Windows 11 on older hardware (no TPM2) and installing Ubuntu WSL2 with ZSH in it

Create Windows 11 media with Microsoft’s media creation kit.
Image the resulting ISO-file to an USB stick with e.g. Rufus.

Create bypass.reg.
———————————————
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\LabConfig]
„BypassTPMCheck“=dword:00000001
„BypassSecureBootCheck“=dword:00000001
„BypassRAMCheck“=dword:00000001
„BypassStorageCheck“=dword:00000001
„BypassCPUCheck“=dword:00000001
———————————————

Copy bypass.reg to the stick.

Install Windows 11
In Setup hit shift-f10 to enter a cmd prompt
There startup notepad.exe
Use the open dialog from Notepad to navigate to the stick.
Change file types to all and right-click on the bypass.reg.
Choose merge.

Now continue to install Windows 11

After installation login with wrong credentials intentionally.
So you will get the option to use a local user only.

Where you can choose now within the OOBE setup.

Check if your Windows edition is the right one.
Maybe change in Windows settings.
Note: You might need a corresponding product key and valid license to do so.

Download and install Brave.
Download and install OpenVPN.

After finishing the setup, open up an Explorer and set options to:
– show extensions
– show hidden files and system files
– startup with This Computer
– do now show recent files
– clear recent file

Download W11ClassicMenu1.1 and start it up.
When SmartScreen is complaining – click on more information – then choose run anyway.
Then reactivate „classic context menu“.

Install chocolatey.
Open up an admin powershell and paste
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString(‚https://community.chocolatey.org/install.ps1‘))

Install some software.
———————————–
choco install 7zip -y
choco install notepadplusplus -y
choco install adobereader -y
choco install kitty -y
choco install paint.net -y
choco install owncloud-client -y
choco install screentogif -y
choco install networkmonitor -y
choco install wireshark -y
choco install keepass -y
choco install treesizefree -y
choco install sysinternals -y
———————————–

Check for latest updates and drivers

Setup Bitlocker (when changed edition to minimum Professional)
Might be you have to enable a local Group Policy via gpedit.msc
Computer -> Administrative Cemplate -> Windows Components -> Bitlocker -> OS Drives -> Require additional authentication on startup

#########################

 

Bring up WSL2

wsl –install
Note: This seems pretty easy under Windows 11. Saw also installation of GUI support with this installation command. Will try if it can display X application.
After wsl –install finished please reboot the system.

The system will come up with the Ubuntu installation dialog after login automaticalls.
It sets also the WSL version to 2:
wsl –list -v
NAME STATE VERSION
* Ubuntu Running 2

Enable root login then in Ubuntu
sudo passwd

Set default user to root in Windows Powershell
ubuntu config –default-user root

Update Ubuntu
apt update -y && apt dist-upgrade -y && apt autoremove –purge

Working X11 apps
Start Ubuntu
apt install x11-apps
xeyes

Enable shift+insert paste in Windows Terminal
Start up wt
Choose Settings
Add
{ „command“: „paste“, „keys“: „shift+insert“ }
right behind the „ctrl+v“ line
Save and restart the Windows Terminal

Choose Ubuntu as default profile for Windows Terminal
Start up wt
Choose Settings
Change the Default GUID to the desired profile’s GUID below
Save and restart the Windows Terminal

zsh
apt install zsh*
sh -c „$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)“
cd .oh-my-zsh/plugins
git clone https://github.com/softmoth/zsh-vim-mode.git
git clone https://github.com/zsh-users/zsh-autosuggestions.git
git clone https://github.com/zsh-users/zsh-syntax-highlighting.git

vi /root/.zshrc
plugins (git zsh-autosuggestions zsh-syntax-highlighting zsh-vim-mode)

Change default template in .zshrc

Add vars in zsh-vim-mode plugin for changing the cursor according to vi or edit mode
See https://github.com/softmoth/zsh-vim-mode#mode-sensitive-cursor-styling

Maybe enable RSA method for git again and add into ~/.zshrc
export GIT_SSH_COMMAND=“ssh -i ~/.ssh/id_rsa -F /dev/null -oPubkeyAcceptedKeyTypes=+ssh-rsa“

Kubuntu 21.10 on Asus Transformer T100TA with Touchscreen, Sound, Wi-Fi working

Main information based on:
https://github.com/5bentz/linux-asus-t100/blob/master/T100TA_guide.md

Added/removed some information based on my experience.

Grab 32bit efi boot loader from:
https://github.com/jfwells/linux-asus-t100ta/raw/master/boot/bootia32.efi

Download Kubuntu 21.10 ISO-file from Ubuntu homepage.

Use for example Rufus to write the ISO-file to an USB stick.

Copy over the bootia32.efi to the stick /EFI/boot.

Start from the stick.
Press ESC few times at boot time for one time boot menu.

Boot up the Kubuntu stick and choose try Kubuntu.

Open a terminal and start installation with sudo ubiquity -b.
Note: -b: So ubiquity installer won’t write a boot loader automatically.

Partitioning

Leave the 100mb efi partition.

Delete the windows partition.

Create a new ext4 partition and mount it to /

Install the system

After installation choose continue testing.

Fresh installation root partition is now mounted into /target

Mount also the 100mb efi partition to /target/boot/efi

Mount some local dirs to /target:
for dir in /dev /dev/pts /proc /sys /run; do mount –bind „$dir“ /target/“$dir“; done

Change root into the target root directory.
chroot /target /bin/bash

Install boot loader:
apt update
apt install grub-efi-ia32
grub-install –efi-directory=/boot/efi
update-grub

Set cstate parameter correctly.
Note: Otherwise system will halt randomly after approx. 30min runtime.
vi /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT=“intel_idle.max_cstate=1 quiet splash“
update-grub

Exit chroot.

Unmount /target/boot/efi

Reboot

Install onboard:
sudo apt isntall onboard

Install evdev-rce:
https://github.com/PeterCxy/evdev-right-click-emulation
Note: Change order of cc commands – move flags to the end of line. After make you just have to start the compiled binary for tap-and-hold-for-right-click capability.
Note: I’m rarely using this, because in practice I do not need the right click function for the touchscreen very often. So when needed I just run the binary, use the right-click and then exit the binary again. Letting it run in background can bring up problems with other touchscreen operations e.g. Onboard on screen keyboard.

Replace Pulseaudio with Pipewire:
Note: The default audio server Pulseaudio will let the sound crash after few minutes. Only a high frequent sinus tone is then emitted – will also bring problems with video playback then.
Note: When you want to stick with Pulseaudio you can recover from the crash with the pulseaudio -k command. I changed to Pipewire, as I could not find any permanent solution for Pulseaudio. A good starting point for further research could be: https://github.com/thesofproject/sof/issues/3868
sudo apt install pipewire*
sudo apt install libspa-0.2-bluetooth
Note: This lib is needed for Bluetooth audio working properly.

Disable powersaving function for Wi-Fi adapter:
cd /etc/NetworkManager/conf.d
mv default-wifi-powersave-on.conf default-wifi-powersave-off.conf
vi /etc/NetworkManager/conf.d/default-wifi-powersave-off.conf
[connection]
wifi.powersave = 2

Reboot

when you experience issues with not remembering tap to click on your touchpad on reattach, add to /usr/share/X11/x11.org.conf.d/40-libinput.conf:
Note: Remember to restart libinput by at minimum relogon.
Section „InputClass“
Identifier „Asus TouchPad“
MatchDriver „libinput“
MatchIsTouchpad „on“
Option „Tapping“ „true“
Option „NaturalScrolling“ „True“
EndSection

Google location history in Elastisearch

Prerequisites:
Thanks to Kevin Dwyer for the esloader.py script, which demonstrates the usage of the Elasticsearch bulk API in a simple way.

See his Github repository tracky – https://github.com/dwyerk/tracky !

Navigate to Google Maps Timeline with a desktop browser.

Bottom right you find a gear to access your settings.

Choose download a copy of all my data.

You will be faced to a menu, where you can download data from all the Google services.

There untick everything but the location history and confirm the download.

Have patience as it can take several hours until the export hast been created.

You will be notified via mail – download the archive then.

Extract the archive to a desktop pc and you will find one big json-file containig you whole location history (beside subfolders with daily details). It is named like „Location-History.json“ in German exactly „Standortverlauf.json“.

Beside the json-files you will also find a good explanation of the data you got. See the html-file, that is contained in the archive.

Copy this „Locationhistory.json“ respectively „Standortverlauf.json“ file over to your Elasticsearch box.

Navigate to https://github.com/dwyerk/tracky.
At least copy over the esloader.py script and adjust it to your individual settings (Elasticsearch instance, index names, index mapping – mostly self-explanatory). See the code also below the pictures.

Then run the esloader.py with your json-filename „Locationhistory.json“ respectively „Standortverlauf.json“ as parameter.

Attention: Importing a huge amount of geo point can take a while. For about millions of entries you’ll have to wait some minutes or so.

After that you can start to visualize.

Some sample data from my last ten years:

Our trip to the sea with slightly decreasing altitude ; )

import ujson as json
from argparse import ArgumentParser
from datetime import datetime

from elasticsearch import Elasticsearch
import elasticsearch.helpers as helpers
elastic_url = 'localhost:9200'
es = Elasticsearch(elastic_url)

index_name = 'denise-manual'
mapping = {
    "properties": {
        'accuracy': {
            "type": "integer"
        },
        "activity": {
            "type": "nested",
            "dynamic": False,
            "properties": {
                "activity": {
                    "type": "nested",
                    "dynamic": False,
                    "properties": {
                        "confidence": {
                            "type": "integer"
                        },
                        "type": {
                            "type": "keyword"
                        }
                    }
                },
                "timestampMs": {
                    "type": "keyword"
                }
            }
        },
        "point": {
            "type": "geo_point"
        },
        'latitude': {
            "type": "double"
        },
        'latitudeE7': {
            "type": "double"
        },
        'longitude': {
            "type": "double"
        },
        'longitudeE7': {
            "type": "double"
        },
        'timestamp': {
            "type": "date"
        },
        'timestampMs': {
            "type": "keyword"
        }
    }
}

arg_parser = ArgumentParser()
arg_parser.add_argument("input", help="Input File (JSON)")
args = arg_parser.parse_args()
locations = json.load(open(args.input))['locations']

es.indices.delete(index=index_name, ignore=404)
es.indices.create(index=index_name)
es.indices.put_mapping(index=index_name, body=mapping)

actions = []
for i, location in enumerate(locations):
    location["timestamp"] = datetime.fromtimestamp(int(location["timestampMs"]) / 1000)
    location["latitude"] = location['latitudeE7'] / 10000000
    location["longitude"] = location['longitudeE7'] / 10000000
    location["point"] = [location["longitude"], location["latitude"]]
    actions.append({
        "_index": index_name,
        "_id": i,
        "_source": location
    })

helpers.bulk(es, actions)

Samsung Health Data in Elasticsearch

Open Samsung Health App on the mobile phone.

Go to settings.

Scroll down and tap on download all personal data.

Confirm with your Samsung account password.

On the internal storage you find the data in the subfolder „Download“.

There you find the data splitted into CSV-files.

Bring the files up to a computer and there choose your relevant files (example: heartrate or sleepdata) to open them with Excel.
Crop the first line.

Navigate to your Kibana instance in browser.

There you can import the CSV-file. Choose a unique index name.

Then you can start visualize:

Check: 3PAR Storages Physical Disk State

Allgemein
Geht mit SSH. Keine zusätzlichen Pakete notwendig

Kopfzeilen des Checks für Quellreferenz
#!/bin/bash

# 3PAR Nagios check script v0.2
# Last update 2010/05/14 fredl@3par.com
# Last update 2011/03/03 ddu@antemeta.fr
Kommando deklarieren
# ARG1: URL to get
define command {
command_name check_3par_pd
command_line /opt/omd/versions/1.20/lib/nagios/plugins/check_3par $HOSTADDRESS$ $ARG1$ check_pd
}

Parametrieren mit legacy-checks
legacy_checks += [
(( „check_3par_pd!3paradm“, „3PAR Physical Devices“, True), [ „172.28.210.241“ ] ),
(( „check_3par_node!3paradm“, „3PAR Node“, True), [ „172.28.210.241“ ] ),
(( „check_3par_ld!3paradm“, „3PAR Logical Devices“, True), [ „172.28.210.241“ ] ),
(( „check_3par_vv!3paradm“, „3PAR Version“, True), [ „172.28.210.241“ ] ),
(( „check_3par_cap_fc!3paradm“, „3PAR FC CAP“, True), [ „172.28.210.241“ ] ),
(( „check_3par_cap_nl!3paradm“, „3PAR NL CAP“, True), [ „172.28.210.241“ ] ),
(( „check_3par_port_fc!3paradm“, „3PAR FC Port“, True), [ „172.28.210.241“ ] ),
]