RR Labs

A blog by Andrea Dainese

Automatic webserver deploy based on requests

Usually companies deploy few number of webservers to serve an estimated number of users. What about if we can increment or reduce the number of webservers based on real active users? Suppose a simple php script like the following: <?php sleep(1); ?> The above script can simulate a http request which requires some elaborations in the background. Suppose we have a single webserver, it can serves up to 200 concurrent users.

Managing NTP on Cisco IOS with Ansible

After installing Ansible (see previous post), it’s now time to manage how to send multiple commands (and check) to Cisco IOS devices. This post will explain a playbook (recipe) for clock and NTP configuration. See the complete script on my Ansible repository. References My Ansible repository Planning an Ansible playbook When we plan what we want, things are more easy. The idea for our NTP playbook is:

How to install Ansible and play with it

Few years ago, I wrote some expect scripts to automatically connect Cisco IOS routers and switches and do some unattended configurations. Now it’s time to review those scripts, and check what Ansible can do. Installing Ansible Installing Ansible on a Ubuntu machine is quite easy: # apt-get install software-properties-common # apt-add-repository ppa:ansible/ansible # apt-get update # apt-get install ansible Configuring Ansible Ansible relies on a host file to know which device can be contacted.

Triple boot on a Mac with OSX, Windows 10 and Ubuntu Linux 16.04

As a network and security architect, I sometimes need to test security and network policies using different OS. A virtual machine can help but what if you need to test policies against physical hardware? I have a 250GB SSD, and I’m going to allocate: 50GB for OS X 50GB for Windows 150GB for Ubuntu Linux 16.04, my preferred OS I made lot of tests to make everything working fine, so be sure you follow the steps below carefully.

Twice (double) NAT on Cisco router

When different companies must be connected, it’s a common request that each company want a the other one present itself with a specific subnet. And usually companies don’t agree about IP ranges. A Twice NAT configuration also called double NAT) can help a lot. In this scenario, the two companies want to be interconnected with a MPLS network for a couple of services: CompanyA server (10.1.1.100) must reach CompanyB webserver (10.

Disjoint L2 domains on Cisco UCS

This post will cover disjoint L2 domains on Cisco UCS-B and why/when you would implement it. Scenario 1: multi-tenant infrastructure Suppose your current UCS-B infrastructure is configured to support a single, physically L2 separated, tenant: And suppose you need to share the UCS-B infrastructure with multiple, physically L2 separated, tenant: Scenario 2: different physically separated, security zones Suppose your current UCS-B infrastructure is configured to support a single L2 uplink:

Running Wireshark in a jail/sandbox

Firejail is a powerful tool which can be use to sandboxing lot of applications. By default Firejail provides profiles for Chrome, Firefox, Telegram and other famous applications. Wireshark is still missing. We want to limit the interfaces a user can sniff. To be more specific, we want users capture from bridges interfaces only. Installing Firejail On Ubuntu 16.04 Firejail is available universe repository: # apt-get -y install firejail All profiles are stored under /etc/firejail/*.

Working with VRF on Linux

VRF (Virtual Routing and Forwarding) allows to have multiple and separated routing table on the same system. On Linux VRF support has been started on 4.3 kernel. Ubuntu 16.04 brings 4.4 kernel but mind that 4.5 kernel has some important patches too. This post will show how to create two different VRFs, one dedicated to a virtual bridge. On each virtual bridge a virtual router is running. The VM used for the tests below is a Ubuntu 16,.

plymouth module missing on Ubuntu

Using plymouth for boot theme can lead to a strange error on Ubuntu. Here a quick solution. The full error is: W: plymouth module (/usr/lib/x86_64-linux-gnu/plymouth//.so) missing, skipping that theme. That’s happen when update-initramfs is invoked. Troubleshooting Let’s see what happen: # bash -x /usr/sbin/update-initramfs -u [...] + mkinitramfs -o /boot/initrd.img-4.4.14-eve-ng+.new 4.4.14-eve-ng+ W: plymouth module (/usr/lib/x86_64-linux-gnu/plymouth//.so) missing, skipping that theme. [...] The error is catch by mkinitramfs. Let’s follow the “white rabbit”:

Compiling QEMU on VMware Photon OS

VMware Photon OS is a light stripped Linux VM suitable for Docker and cloud apps. Because Photon OS comes with very few available software, it’s useful know how to compile additional software. This document will use Docker. Prepare a Docker environment This document won’t cover how to install Docker, but on many Linux distributions a single command is enough: # curl -sSL https://get.docker.com/ | sh Download the VMware Photon OS image for Docker: