lunes, 4 de octubre de 2021

Proxmox backup con iSCSI

En este caso usaremos una cabina synology a la que denominaremos NAS01  y con IP 10.10.10.10:


Configuración inicial:

Discovery y login:

# iscsiadm -m discovery -t st -p 10.10.10.10

10.10.10.10:3260,1 iqn.2000-01.com.synology:NAS01.default-target.669579eed99

# iscsiadm -m node --login

Logging in to [iface: default, target: iqn.2000-01.com.synology:NAS01.default-target.669579eed99, portal: 10.10.10.10,3260]

Login to [iface: default, target: iqn.2000-01.com.synology:NAS01.default-target.669579eed99, portal: 10.10.10.10,3260] successful.

# iscsiadm -m session -o show
tcp: [2] 10.10.10.10:3260,1 iqn.2000-01.com.synology:NAS01.default-target.669579eed99 (non-flash)

#

Localizamos el disco:

# fdisk -l
Disk /dev/sda: xxxxx GiB, xxxx bytes, xxx sectors
Disk model: MODELO
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 370...

Device       Start       End   Sectors   Size Type
/dev/sda1      XXX      XXX   

[...]

Disk /dev/sdb: [...]

[...]

Disk /dev/sdc: 10 TiB, 10995116277760 bytes, 21474836480 sectors
Disk model: Storage
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
#

Creamos el pool ZFS:

# zpool create -f NAS01LUNBCK01 /dev/sdc


# zpool list
NAME            SIZE  ALLOC   FREE  CKPOINT  EXPANDSZ   FRAG    CAP  DEDUP    HEALTH  ALTROOT
NAS01LUNBCK01  9.98T   106K  9.98T        -         -     0%     0%  1.00x    ONLINE  -
#

Configurar el inicio


ISCSI

# iscsiadm --mode session
tcp: [2] 10.10.10.10:3260,1 iqn.2000-01.com.synology:NAS01.default-target.669579eed99 (non-flash)
# iscsiadm --mode node -T iqn.2000-01.com.synology:NAS01.default-target.669579eed99 -p 10.10.10.10 -o update -n node.startup -v automatic
# iscsiadm --mode node -T iqn.2000-01.com.synology:NAS01.default-target.669579eed99 -p 10.10.10.10 -o update -n node.conn[0].startup -v automatic

ir a /etc/iscsi/iscsid.conf y cambiar manual a automatic:

# To request that the iscsi initd scripts startup a session set to "automatic".
node.startup = automatic
#
# To manually startup the session set to "manual". The default is manual.
#node.startup = manual


ZFS

Localizar path
# systemctl list-units --all --full | grep disk | grep 10.10.10.10 | egrep -v "*part*"
  dev-disk-by\x2dpath-ip\x2d10.10.10.10:3260\x2discsi\x2diqn.2000\x2d01.com.synology:NAS01.default\x2dtarget.669579eed99\x2dlun\x2d1.device          loaded    active   plugged   Storage

crear en /etc/systemd/system la unit zpooliscsi.service y añadir al inicio:

# cat zpooliscsi.service
[Unit]
After=dev-disk-by\x2dpath-ip\x2d10.10.10.10:3260\x2discsi\x2diqn.2000\x2d01.com.synology:NAS01.default\x2dtarget.669579eed99\x2dlun\x2d1.device

[Service]
ExecStart=/usr/sbin/zpool import NAS01LUNBCK01
ExecStartPost=/usr/bin/logger "Inciaiado el Pool ZFS NAS01LUNBCK01"

[Install]
WantedBy=dev-disk-by\x2dpath-ip\x2d10.10.10.10:3260\x2discsi\x2diqn.2000\x2d01.com.synology:NAS01.default\x2dtarget.669579eed99\x2dlun\x2d1.device

#systemctl daemon-reload
# systemctl enable zpooliscsi
Created symlink /etc/systemd/system/dev-disk-by\x2dpath-ip\x2d172.16.250.201:3260\x2discsi\x2diqn.2000\x2d01.com.synology:NAS01.default\x2dtarget.669579eed99\x2dlun\x2d1.device.wants/zpooliscsi.service → /etc/systemd/system/zpooliscsi.service.
# systemctl restart zpooliscsi

Si queremos podemos probar a reiniciar  y comprobar que todo funciona ;)


Comandos útiles tipo linux en PowerShell

Tail

tail -f fichero.log
Get-Content "fichero.log" -Wait

tail -f fichero1.log fichero.log
Get-Content "fichero1.log","fichero2.log" -Wait

Get-Content "*.log" -Wait
Get-Content "*.logs" -Exclude "TS*.log","x.log","*202001*" -Wait

tail -n 10 fichero.log
Get-Content fichero.log -Tail 10

head -n 10 fichero.log
Get-Content "c:\important.log" -Head 10

Find

find . -name *.txt
 Get-ChildItem -Path "." -Recurse -Filter "*.txt" | Format-Table FullName

Para parámetros de tipo -d en find añadir -Directory, en caso de fichero (-f en find) añadir -File
Para que incluya ficheros ocultos -Force
Profundidad de directorios -Depth

Abreviaturas

 Get-ChildItem -> gci
 Get-Content -> gc
 Select-String -> sls
 Format-Table -> ft

Forti vpn con openfortivpn en Linux

apt-get install openfortivpn

Crear fichero de configuracion /etc/openfortivpn/config

# config file for openfortivpn, see man openfortivpn(1)
host = hostquesea.tld
port =443
username = usuario
password = clave
persistent = 30

persistent indica que la conexión es permanente y en caso de caida debe reconectarse cada 30 segundos en este caso.

Si usamos un certificado autogenerado nos dará error, pero este mismo error lo aprovechamos para añadir el certificado como seguro a nuestra configuración.

 openfortivpn -c /etc/openfortivpn/config
ERROR:  Gateway certificate validation failed, and the certificate digest in not in the local whitelist. If you trust it, rerun with:
ERROR:      --trusted-cert aaaaaabbbbbcccccccdddddeeeeffffaaaaaa0000111122233334445556a7bcd
ERROR:  or add this line to your config file:
ERROR:      trusted-cert = aaaaaabbbbbcccccccdddddeeeeffffaaaaaa0000111122233334445556a7bcd
ERROR:  Gateway certificate:
ERROR:      subject:
ERROR:          O=Fortinet Ltd.
ERROR:          CN=FortiGate
ERROR:      issuer:
ERROR:          O=Fortinet Ltd.
ERROR:          CN=FortiGate
ERROR:      sha256 digest:
ERROR:          aaaaaabbbbbcccccccdddddeeeeffffaaaaaa0000111122233334445556a7bcd
INFO:   Closed connection to gateway.
ERROR:  Gateway certificate validation failed, and the certificate digest in not in the local whitelist. If you trust it, rerun with:
ERROR:      --trusted-cert aaaaaaabbbbbcccccccdddddeeeeffffaaaaaa0000111122233334445556a7bcd
ERROR:  or add this line to your config file:
ERROR:      trusted-cert = aaaaaabbbbbcccccccdddddeeeeffffaaaaaa0000111122233334445556a7bcd
ERROR:  Gateway certificate:
ERROR:      subject:
ERROR:          O=Fortinet Ltd.
ERROR:          CN=FortiGate
ERROR:      issuer:
ERROR:          O=Fortinet Ltd.
ERROR:          CN=FortiGate
ERROR:      sha256 digest:
ERROR:          aaaaaabbbbbcccccccdddddeeeeffffaaaaaa0000111122233334445556a7bcd
INFO:   Could not log out.

añadimos la  línea para el certificado en el fichero de config

# config file for openfortivpn, see man openfortivpn(1)
host = hostquesea.tld
port =443
username = usuario
password = clave
persistent = 30
trusted-cert = aaaaaabbbbbcccccccdddddeeeeffffaaaaaa0000111122233334445556a7bcd

Para que auto arranque y nos de la salida en el tty7 creamos un fichero de unit para el systemd en lib/systemd/system, en este caso llamado openfortivpn.service

cat openfortivpn.service
[Unit]
Description=Cliente OpenForti VPN 
Wants=network-online.target
After=network.target

[Service]
Type=simple
Environment=EMAIL_ADDR=root
ExecStart=/usr/bin/openfortivpn -c /etc/openfortivpn/config
User=root
Group=root
StandardInput=tty
StandardOutput=tty
TTYPath=/dev/tty7

[Install]
WantedBy=multi-user.target

Recargamos la configuración del gestor systemd activamos y arrancamos el servicio:

systemctl daemon-reload
systemctl enable openfortivpn
systemctl start openfortivpn



L2TP Ipsec Windows to Mikrotik eror 789

 Add this to registry REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d...