VIM quick setup – python and yaml files

" ls -l /usr/share/vim/vim80/colors
colorscheme desert
set paste
set ruler

" basic settings for yaml and python files
autocmd FileType python setlocal ts=4 sts=4 sw=4 expandtab number autoindent
autocmd FileType yaml setlocal ts=2 sts=2 sw=2 expandtab autoindent

" folding can help troubleshoot indentation syntax
set foldenable
set foldlevelstart=20
set foldmethod=indent
nnoremap <space> za
syntax enable
set encoding=utf-8
set autoindent
nnoremap <C-n> :NERDTree<CR>

call plug#begin('~/.vim/plugged')
Plug 'junegunn/seoul256.vim'
Plug 'junegunn/vim-easy-align'
Plug 'scrooloose/nerdtree', { 'on':  'NERDTreeToggle' }
Plug 'tpope/vim-fireplace', { 'for': 'clojure' }
call plug#end()

GCP cloud commands

commands I used to create the Folder / Projects:

gcloud resource-manager folders create --display-name='Customer' --organization=3637356754
gcloud projects create --folder=CUSTFOLDERID customer-network-hub
gcloud projects create --folder=CUSTFOLDERID customer-prod-vpc

VPC Peering:

#HUB to Customer
gcloud beta compute networks peerings create core-network-customer--to--customer-network-hub \
	--project=core-network \
    --network=core-network-customer \
    --peer-project customer-network-hub \
    --peer-network customer-prod-vpc \
    --export-custom-routes

#Customer to HUB
gcloud beta compute networks peerings create customer-network-hub--to--core-network-customer \
	--project=customer-network-hub \
    --network=customer-prod-vpc \
    --peer-project core-network \
    --peer-network core-network-customer \
    --import-custom-routes

#Add Inbound firewall rule to customer
gcloud compute --project=customer-network-hub \
	firewall-rules create allow-inbound-rules --direction=INGRESS --priority=1000 \
	--network=customer-prod-vpc \
	--action=ALLOW --rules=tcp:22,tcp:636,icmp --source-ranges=172.16.0.0/20 --target-tags=prod

#Add customer route to BGP advertisement
gcloud compute routers update core-network-customer-router \
	--project=core-network \
    --add-advertisement-ranges 10.2.2.0/24=customer-network-hub

Configure Okta on Palo Alto

Log into okta. hit admin top right hand corner. You should now be in the main dashboard view.

Left side pane, click Applications → Applications.

Top blue buttom “Browse App Catalog”, search Palo at the top, click on “Palo alto networks – Admin ui” to create a new app. Click blue buttom says “add”

Give it a name different than the one shown…example “Palo Alto (location) – Admin UI”
Give it a url or IP to the palo.

Go back to the main apps page. Search for your app you created. Click the link to go into it.

Click the “sign on “ tab. Scroll down half way and click “View Setup Instructions” under SAML2.0

You’ll follow most of the instructions except the parts about the following item

• leave unchecked “validate Identity Provider certificate and validate metadata sign..”
• we will not use any certificates so dont create CA for signing
• you will NOT check the “Sign SAML Message to IDP”
• do NOT check Enable Single logout either

Pull up another Palo that has been configured for SAML so you can use it as a reference for naming the profiles, etc. example….

Under step 8 the import of the Okta profile there is a link it gives you. Copy that link. Open that link in a web browser. It will be an xml page. Copy the page contents. Put it in a file called my-file.xml. Save the file. Then you will upload that file into Palo in step 8.

Dont do step 15 or 16. You are finished.

OpenLDAP – add and search examples

Create a new user file. make a file called newUser.ldif, put the below in it…

dn: uid=firstname.lastname,ou=users,dc=domain,dc=com
objectClass: inetOrgPerson
objectClass: pwmUser
mail: firstname.lastname@youarespecial.com
manager: uid=admin,ou=users,dc=domain,dc=com
uid: firstname.lastname
givenName: Firstname
sn: Lastname
cn: Firstname Lastname

add a user/group with ldif file…

ldapadd -a -c -D ‘cn=UserAccount,dc=domain,dc=com’ -w <accountpassword> -H ldapi:/// -f (path to test.ldif)

Add a user or users to a group. create a file called user2group.ldif

dn: cn=vpn-group,ou=groups,dc=domain,dc=com
changetype: modify
add: member
member: uid=firstname.lastname,ou=users,dc=domain,dc=com (you can add multiple member lines)

add users to the group with modify command…

LDAPTLS_REQCERT=never ldapmodify -xc -H ldaps://localhost:636 -D ‘cn=admin,dc=domain,dc=com’ -w <adminpassword> -f your.ldif

add a new group. create a file called addGroup.ldif (you have to add one user at least to the group)

dn: cn=vpn-group,ou=groups,dc=domain,dc=com
member: uid=firstname.lastname,ou=users,dc=domain,dc=com
objectClass: groupOfNames
objectClass: top
cn: vpn-group

to Search ldap: may need to use “-LLL” in between the -x and -H. maybe.

LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://localhost:636 -D cn=admin,dc=domain,dc=com -w <adminpassword> -b dc=domain,dc=com uid=* or a name

LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://localhost:636 -D cn=admin,dc=domain,dc=com -w <adminpassword> -b dc=domain,dc=com cn=vpn-group —- or another group

KVM/QEMU migrate to Proxmox

Was using Virt Manager in AlmaLinux 8, wanted to move them over to a proxmox server. Simple instructions for Linux and Windows.

Linux:

Copy the .qcow2 image over to the new server hard drive/storage.

**When you import the image into Proxmox it will take a .qcow2 and turn into raw. you have to specify the –format option, which they do not tell you that in instructions or in a lot of forums.

Before you import, you need to create a VM with the same specs as your Virt Manager VM. Same CPU’s, memory, hard disk controller, etc. Try to just match the specs as best as you can. Create a hard drive for this VM as you normally would, we will remove it and replace it with your Virt Manager vm image.

After you create the VM in Proxmox, go ahead and remove the hard drive. Hardware -> hard drive then choose “detach”, then highlight the hard drive again and choose “remove”.

Now import your image and attach it to the vm with the command below.

command: qm importdisk <VMID> vm-image.qcow2 storageName –format qcow2

After finished, go back into Proxmox, add the unused hard drive into a SCSI controller.

Next go into Options -> boot order -> scsi0,ide0, etc. change it so that scsi is first order and enable it to boot.

Thats it. you are finished for a linux.

** NOTE: I did have issue moving over my Ubuntu VM. GDM would not launch, got a blank screen. You have to SSH into the box and run a apt update/upgrade and let it reboot. Came up after.

Windows:

Windows is basically the same process but I highly recommend you download the Proxmox virtio window drivers ISO and install the guest agent tools before you shut down the VM and copy over the .qcow2 image file to the new proxmox server. That way, when you the Windows image boots up in Proxmox, it will have all the drivers it needs.
Also, follow the Proxmox best guide to deploy Windows 10/11 on Proxmox. Good advice in there. And seriously match your hardware exactly to how you had it in KVM/Virt Manager the best you can. I used SATA controller, SPICE video controller with at least 128 memory, enable QEMU agent, match CPU count and memory. Windows 10 Pro fired up for me right away with no issues.

Bash color fonts – simple

add this line to the bottom of your .bashrc

export PS1=”[\e[32m][[\e[m][\e[31m]\u[\e[m][\e[33m]@[\e[m][\e[32m]\h[\e[m]:[\e[36m]\w[\e[m][\e[32m]][\e[m][\e[32m]\$[\e[m] “

Fedora 34 and Radeon driver

Below is the Radeon card I have. Just a simple 2GB Gddr5 card. Fedora 34 would blank out going into Wayland. You have to add a kernel argument to grub2. “radeon.dpm=0” (dpm = dynamic power management)

VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Venus XTX [Radeon HD 8890M / R9 M275X/M375X

Do the following….

sudo dnf install grubby

sudo su 

grubby --info=ALL  

  **Default kernel is usually the first listed under Index0

grubby --args "radeon.dpm=0" --update-kernel /boot/vmlinuz-blahblahblah (usually first (index 0) listed kernel)

Done.  reboot.  

Advantech FWA-2320 LCD display module

PFSense can interact with the LCD display on this model, pics below. I spent some time playing around with it to figure out the drivers needed and how to manipulate it and also a workaround for when PFSense reboots or makes a change to the LCDd.conf file it will regenerate a new config file…(not cool).

So the LCD display the following specs (pulled from the product file)…

In PFSense, you have to go to System > Package Manger > Available Packages.

Find LCDproc. Install it.

After its installed go to Status > Services.

Find the LCDd service and start it.

Go to Services > LCDproc.

Here is where you configure the display to use the right drivers, baud, etc. I’m going to save you some trouble and tell you the driver to use considering there are tons of them.

Check the box to “Enable LCDproc at startup”

Com port = Serial COM port 2 alternate (/dev/cuau1). (PFsense picked it up as this)

Display size = 4 rows 20 columns. ( I personally edited the webgui php page to offer 4 x 21, if you can do this go for it, if not leave it.)

Driver = CwLnx

Port speed = 9600 or 19200. (I chose 19200)

pfSense control menu = check box

Now Click Save.

Go to the “Screens” tab at the top on the same page you are on.

Choose the screen display info you want.

I chose Time, System Up-time, and down near the bottom Interfaces link status.

Click Save at the bottom.

So now here is the fun part. You need to SSH into your PFSense firewall and edit the LCDd.conf file.

Its located at /usr/local/etc/LCDd.conf

TIP: I seriously advise you to read the LCDproc website documation and find out what you can do with the LCDd.conf file. There are other cool things you can do or display like a Hello or Goodbye message on the screen.

Once you are in the file add the following or at least make sure its in there.

###########

ToggleRotateKey=Enter
PrevScreenKey=Left
NextScreenKey=Right
ScrollUpKey=Up
ScrollDownKey=Down

[menu]
UpKey=Up
DownKey=Down
MenuKey=Enter
EscapeKey=Left
EnterKey=Right
PermissiveGoto=true

[CwLnx]
Model=12832
Device=/dev/cuau1
Size=21×4
Reboot=no
Speed=19200
Keypad=yes

#########

After you got that info in your config, restart the LCDd service with “service LCDd onerestart”

You should see the display eventually update and start showing you your screen you selected.

That is it! Almost! not yet….dont stop reading… lol

As I mentioned, every time you make a change in the web gui under the LCDproc options, PFsense blows away the config and puts a new on there even thru a reboot. With that said, if you dont plan on changing these options often or at all then you only need a way to put your custom config file back after a reboot.

That is simple… Use crontab!

So make a copy of the LCDd.conf file and put it in /root directory.

Create you a simple shell script file like so….

#!/bin/sh

cp /root/LCDd.conf /usr/local/etc/LCDd.conf

service LCDd onerestart


save the file as whatever name you want. do a “chmod a+x myLCDd-script.sh” to make it executable.

Add the following line into your crontab…

@reboot sleep 20 && /root/myLCDd-script.sh

(the sleep command just waits 20 seconds before running to make sure all your boot processes are done)

save it and you are finally finished!

Advantech FWA-2320 with PFSense

Bought this on eBay for $130. Love it. Simple setup with wiping Advantech’s Firewall OS and putting PFSense on. The spec’s are great. Intel CPU on it has AES NI encryption so thats a plus.

Getting PF Sense installed on this is pretty straight forward. Put the memstick image on a usb drive using Etcher. Stick it in USB port after its finished.
Turn on the firewall with your console cable ready, plugged in and set to 115200 baud rate. (I personally like to use baud 9600 due to being a network engineer, you can set that in the serial section of the BIOS)

Be ready to hit the “Escape” key to get into the BIOS. BIOS is pretty straight forward like most PC BIOS.
Just fine the boot section and make sure you are booting to the USB drive first in your boot order.
Save and Exit when you finished making your changes. It will reboot.

It should boot into PFSense usb drive installer. Just follow the screens. Choose defaults mostly, on the MBR type choose GPT. Should be fine else wise.
When finished, just reboot, pull your USB stick out of the firewall. All finished.

Fedora 33 reinstall Grub2 bootloader on Win10 dual-boot

create a live USB of SuperGrub2. Boot into it, you may need to disable Secure Boot. Pick the OS/loader you want to use from the list. preferably your Fedora install, if EFI, chose the grub2-64 one. Once you are booted into your Fedora. Do the following.

sudo dnf reinstall grub2-efi-x64 shim-x64

sudo grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg

reboot. Make sure your BIOS is set back to Secure Boot enabled.