By:
On:
In: client, linux
With: 0 Comments

It’s a two step process to get rid of insecure username/password-authentication. Generate a RSA keypair at your SSH-client btw. Cisco-IOS doesn’t support DSA-keys Configure your network device(s) to assign the (public-)key of this keypair to an user-account This user-account could get privileges from a Radius/TACACS+-Server which could provide access-logs, too. Generate RSA-Key: Windows as SSH-Client I prefer Putty, usually in form of „mRemoteNG“, so i use PuttyGen to generate the RSA keypair. Windows.Start => PuttyGen (x) RSA, 4096-bits are supported, use it [Generate] move the mouse to improve the randomgenerator change the „comment“ – for example replace it by an username add a passphrase –Read More →

By:
On:
In: automation, linux
With: 0 Comments

Background: Python-Requests wants to verify https-certificates, which makes sense to me. – but my VCenter uses a self-signed Certificate Don’t think about ignoring certificate errors 😉 Prerequisites Download the certificate from the VCenter: Install the certificate: Now Python.requests validates the vCenter: Add the Export to ~/.bashrc at the end of the fileRead More →

By:
On:
In: automation, linux
With: 0 Comments

…this article should have been published at 2017-11-23, i forgot to press the right botton. So, an update might be needed, anyone still interested in cot today? Release 2.1 (2018-01-29) is the current release, containing some fixes (https://github.com/glennmatthews/cot/blob/master/CHANGELOG.rst) COT installation using PIP So, let’s go, following thats embarassing. Install PIP first Try it again Optional: Argument-Completion Not essential, but handy. COT helpers A full installation requires so called „cot-helpers“ to use all features. first fix „fatdisk“ which is used to inject configs into OVA-Files uncomment to and run the helper-installation again: But it threw a lot of warnings.. warning: format ‘%lu’ expects argument of typeRead More →

By:
On:
In: linux
With: 0 Comments

A new linux-VM takes ages to boot: it waits for 2 minutes for the network to come up Whats the reason for the delay? „routable“ interfaces with not router-address provided by the dhcp-service never come up for the „networkd-wait-online“-service. find more information at GitHub Issue 3752 – systemd-networkd can’t configure interface if dhcp server does not provide routers State: forever „configuring“ not „configured“ Background information „enp0s3“ is a virtual-box „host-only“ network with no routing provided Action Plan: „Set this interface to not be checked.“ locate the systemd-unit-file: Path: /run/systemd/generator/network-online.target.wants File: systemd-networkd-wait-online.service Edit (sudo) file add „ignore“-Option docs: networkd wait online service The service specific configurationRead More →

By:
On:
In: automation, linux
With: 0 Comments

It should be easy, and it is – but no single-command installation: Look at the Ubuntu Packet-Search for Ansible: it’s in the „universe“-repository Add the „universe“-repository: Now it works: Which version? as „packages.ubuntu.com“ said: 2.5.1Read More →

By:
On:
In: linux
With: 0 Comments

Just added a second NIC to a Linux-VM… new config-style – new luck 🙂 Ok, it seems to be easy to get back to good-old network-config-style. But after reading https://netplan.io/examples this seems to be very handy. The initial „netplan-file“ references only the initial NIC: What’s the ID of the new NIC? it’s „enp0s8“ Create a backup Modify the Netplan-File: Activate the new Config: Verify the resultRead More →

By:
On:
In: automation, linux
With: 0 Comments

I’ll start at the KVM-Virtualization Host („Ubuntu Desktop“) again. Folder Structure I’ll create a folder „isr-service-container“ for common stuff (package.yaml, create_ova.sh) and a for each VM a dedicated sub-folder, today: „ubuntu-server16.04“ Download the Cisco-provided „templates.tar“ from GitHub (GitHub: Templates.tar). It contains: package.yaml create_ova.sh Prepare a compressed virtual harddisk of the „Ubuntu-Server“-VM Locate the original virtual harddisk: Convert the original „.qcow2“-File into a compressed „copy“: Change the Owner of this new file: I’ll change: Description: „KVM Ubuntu 16.04 LTS“ resources/vcpu: 1 disk/file: ubuntu-server16.04.qcow2 The vCPU# got decreased since the CSR1000v only supports Service-VMs with one vCPU. Another File „version.ver“ has to be created: the „version“ mustRead More →

By:
On:
In: automation, linux
With: 0 Comments

Create the „Ubuntu Server“-VM using KVM on top of the „Ubuntu Desktop“-VM Run the „Virtual Machine Manager“ Create a new virtual Machine: (1) Create a new virtual Machine (2) Select the Installation ISO * and deselect „auto OS Detection“ (3) Choose Memory and CPU Settings (4) Create a virtual Hard-Disk for the VM (5) Give a name to the VM Boot the KVM-VM („Ubuntu Server“) Basic Setup: Language: Englisch my territory: other/Europe/Germany locale: en_US.UTF_8 Keyboard: German hostname: ubuntu-server user / password no home-directory encryption timezone Europe/Berlin use entire virtual disk (no need for „LVM…“ i think) no HTTP-Proxy no automatic updates [x] SSH-Server install GRUBRead More →

By:
On:
In: automation, linux
With: 0 Comments

In real life an hardware-ISR/ASR-Router might be the correct choice. Create a CSR1000v-Instance with nested Virtualization support But since the CSR1000v-Router supports Service-Containers, too – this is the chance to prove the setup in a lab environment: IOS-XE 3.17 is the first supported release, i’ll go with IOS-XE 16.7.1 Option to enable unsigned containers any 3rd party KVM Libvirt based format / YAML manifest file Requires 4GB+ dedicated RAM ASR1000, ISR4000, CSR1000 5 Minutes to deploy the virtual CSR1000v-Router using COT I’ll use COT (Common OVF Tool (COT) – Automated Lab-Router Deployment) to deploy my CSR1000v-Router: Boot the Router Check the Virtualization-Environment: fail 🙁 MachineRead More →