Ansible and Ubuntu XENIAL

Using Ansible to deploy a Ubuntu XENIAL machine you will have the problem that Ubuntu has no Python 2.7 installed by default. Ansible is not running with Python 3 and need 2.7.

Using Vagrant this can be very annoying to install Pyython 2.7 manually all the time.

The idea to handle this problem is to use the Ansible raw-Module to install Python 2.7.

bootstrap.yml

---

- hosts: all
  gather_facts: no
  become: Yes
  tasks:
    - name: Check for Python 2.7
      raw: which python2.7 > /dev/null ; echo -n $?
      register: py27_exist
    - name: Install Python 2.7
      raw: apt-get install python2.7 --yes
      when: py27_exist.stdout == "1"
    - name: Check for default python
      raw: which python > /dev/null ; echo -n $?
      register: py_exist
    - name: Set Python 2.7 as default
      raw: update-alternatives --install /usr/bin/python python /usr/bin/python2.7 10

The Ansible playbook above checks that python 2.7 is installed or need to install. If need to install, ansible will use the raw command. The last two points, ansible checks that python command exists. If not, set python 2.7 as default python runtime.

Now you can include the bootstrap.yml to your ubuntu playbook:

playbook.yml

---

- include: bootstrap.yml

- hosts: all
  become: yes
  tasks:
    - name: ...
      ...

IPsec VPN between strongswan and Fritz!Box

Configs to create a VPN between a Fritz!Box at Home and a strongswan-Server inside a Datacenter or elsewhere.

My Setup:

  • At Home
    • Fritz!Box 7490
    • Dynamic IP
    • Subnet: 192.168.10.0/24
  • Datacenter
    • Strongswan
    • Fixed IP: 1.2.3.4
    • Subnet: 10.10.10.0/24

To identify the Fritz!Box I use the myfritz services to get a dynamic DNS resolution. I use this FQDN as id of the local site.

StrongSwan Config

/etc/ipsec.conf

version 2.0

config setup

conn %default
  keylife = 3600s
  leftsubnet = 10.10.10.0/24
  esp = aes256-sha-modp1024
  auto = add
  authby = secret
  leftauth = psk
  ike = aes256-sha-modp1024
  keyexchange = ikev2
  ikelifetime = 3600s
  left = 1.2.3.4

conn vpnhome
  right = xxxxxxxxxxxxxxx.myfritz.net
  keyexchange = ikev1
  rightid = xxxxxxxxxxxxxxx.myfritz.net
  rightauth = psk
  rightsubnet = 192.168.10.0/24

/etc/ipsec.secrets

...
1.2.3.4 - xxxxxxxxxxxxxxx.myfritz.net : PSK "KEEPITSECRET"

Fritz!Box Config

The following config file has to create with a text-editor and named it ‘vpn.cfg’. Modify the specific parameter and than import the file to your Fritz!Box.

Note: you can only modify parameters to the VPN Config by reimport this file. Currently there is no method to edit something on the Fritz!Box.

vpncfg {
  connections {
    enabled = yes;
    conn_type = conntype_lan;
    name = "Home2Datacenter";
    always_renew = yes;
    reject_not_encrypted = no;
    dont_filter_netbios = yes;
    localip = 0.0.0.0;
    local_virtualip = 0.0.0.0;
    remoteip = 1.2.3.4;
    remote_virtualip = 0.0.0.0;
    localid {
      fqdn = "xxxxxxxxxxxxxxx.myfritz.net";
    }
    remoteid {
      ipaddr = 1.2.3.4;
    }
    mode = phase1_mode_idp;
    phase1ss = "alt/aes-3des/sha";
    keytype = connkeytype_pre_shared;
    key = "KEEPITSECRET";
    cert_do_server_auth = no;
    use_nat_t = no;
    use_xauth = no;
    use_cfgmode = no;
    phase2localid {
      ipnet {
        ipaddr = 192.168.10.0;
        mask = 255.255.255.0;
      }
    }
    phase2remoteid {
      ipnet {
        ipaddr = 10.10.10.0;
        mask = 255.255.255.0;
      }
    }
    phase2ss = "esp-aes256-3des-sha/ah-no/comp-lzs-no/pfs";
    accesslist = "permit ip any 10.10.10.0 255.255.255.0";
  }
  ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
                      "udp 0.0.0.0:4500 0.0.0.0:4500";
}

// EOF

How to resize HDD of VMware vCenter Server Appliance on demand

After installing VMware vSphere Server Applicance the partitions of a Hard Disk is to small. In this example we have separete vCenter Server Appliance (VCA) and Platform Service Controller (PSC).

After deployment the log partition of the PSC seems to be to small. We have two options: One is to add a new disk and add them to the lvm log volume group vg_log or two, we increase the size of the Disk which is already in the lvm group.

I choose the way to increase the size if the Disk. But which is the right Disk? There are 11 Disks attached to the PSC-VM. The log partition has 5GB of space and three of this disks have also 5GB of space (by default). Which is the right one?

Log-on to the PSC and analyse the structure.

1. Just view which device is used for log

vmware-psc:~ # mount
...
/dev/mapper/core_vg-core on /storage/core type ext3 (rw)
/dev/mapper/log_vg-log on /storage/log type ext3 (rw)
/dev/mapper/db_vg-db on /storage/db type ext3 (rw,noatime,nodiratime)
...

Now we know that /dev/mapper/log_vg is mounted to /storage/log, it is the VolumeGroup “log_vg”.

Now lets see which Disks are attached to this group:

vmware-psc:~ # pvdisplay
...
  --- Physical volume ---
  PV Name               /dev/sde
  VG Name               log_vg
  PV Size               5,00 GiB / not usable 8,00 MiB
  Allocatable           yes (but full)
  PE Size               8,00 MiB
  Total PE              639
  Free PE               0
  Allocated PE          639
  PV UUID               7IWngJ-vdMH-05do-pwns-IUBa-DUKU-DkHWh8
...

OK, the device is /dev/sde. Now we need the SCSI-Bus Node ID to find the right HardDisk in VCSA.

vmware-psc:~ # ll /sys/block/sde
lrwxrwxrwx 1 root root 0 24. Nov 07:47 /sys/block/sde -> ../devices/pci0000:00/0000:00:10.0/host0/target0:0:4/0:0:4:0/block/sde

There is it: 0:4. Inside VM setting in the vCenter find the Harddisk which is on Node Node 0:4 and set the size to e.g. 10GB.

Note: You cannot resize the Disk size if you have snapshots for this VM!

Now, we have to rescan the the disksize and than to resize the Physical and Logical Volume and resize the partitions:

$ echo 1 > /sys/block/sde/device/rescan
$ pvresize /dev/sde
$ lvresize /dev/log_vg/log -l +100%FREE
$ resize2fs /dev/log_vg/log

Now our log partition is has 10GB of space 🙂