For a long time I have seen that Ubuntu APT has declared it has not got a stable CLI interface and with 22.04LTS that has become a thing. If you try to a automate apt -y upgrade
after an update your command will never complete as it will pop up a dialog window asking you which services you want to restart. Not very friendly for automation.
Now I don’t know if this the right way to do it, but it works for me in my homelab. What we do is leverage unattended-upgrade
and change the settings before and after we run this command. By default unattended-upgrade
is set only to apply security updates, something you want right. However, when you are creating a template usually you want all the other updates and patches that go with the default setup of your distro. So this is how I do it under packer with a shell script:
Welcome to my blog. Hopefully here you will find some interesting and detailed articles relating to Windows Home Server, Home Computing and General IT.
No reserved memory for ESX VMs
$spec = New-Object VMware.Vim.VirtualMachineConfigSpec
$spec.memoryReservationLockedToMax = $false
$spec.memoryAllocation = New-Object VMware.Vim.ResourceAllocationInfo
$spec.memoryAllocation.Reservation = 0
Get-VM | Get-View -Property Config.MemoryAllocation | %{$_.ReconfigVM_Task($spec)}
Decrypt an OPNsense config file
If you have an encrypted OPNsense configuration file then you can use the following to decrypt it. Note no password has been defined, add yours as required:
cat config.xml.aes | grep -Ev 'config.xml|:' | base64 -d | openssl enc -d -aes-256-cbc -out config.xml -pass pass: -salt -md sha512 -pbkdf2 -iter 100000
Quick LVM extend
pvcreate /dev/sdb
lvmdiskscan -l
vgextend ubuntu-vg /dev/sdb
lvm lvextend -l +100%FREE /dev/mapper/ubuntu--vg-ubuntu--lv
resize2fs -p /dev/mapper/ubuntu--vg-ubuntu--lv
df -h
Dell ESXi 7.0 U3 Install
The Dell version of VMware has been released and can be installed simply on a standalone ESXi server once it is maintenance mode.
First get the ZIP file from VMware:
You should verify the checksum:
MD5SUM:
b9db1e378bc0cfccd979fe0660867641
SHA1SUM:
9f5121f0d9d39aa32c0d3f71c13e117bf4923737
SHA256SUM:
c9a0025d0946ab154520d6606a50b5dca0218294e90250bd5a9a8a6dd4dee50c
Checksums for ESXi ZIP file
Upload the ZIP file to a datastore that can be accessed by ESXi (local or remote) however don’t copy it to the boot media unless you know what you are doing.
[Read More]Install WSL on Windows 11
Option a command prompt as Administrator.
wsl --install
Then reboot and open WSL to complete the installation. That is it, install Ubuntu 20.04 LTS by default.
Getting XRDP working with Fedora Gnome
cp -f /etc/xrdp/xrdp.ini /etc/xrdp/xrdp.ini.org
cp -f /etc/xrdp/sesman.ini /etc/xrdp/sesman.ini.org
sed -i "s/autorun=/autorun=Xorg/g" /etc/xrdp/xrdp.ini
sed -i "0,/allow\_channels=true/{s/allow\_channels=true/allow\_channels=false/}" /etc/xrdp/xrdp.ini
echo "PREFERRED=gnome-session" > /etc/sysconfig/desktop
echo "unset DBUS\_SESSION\_BUS\_ADDRESS; gnome-session" >> /etc/sysconfig/desktop
echo "allowed\_users=anybody" > /etc/X11/Xwrapper.config
sed -i "/param=96/ a param=-AcceptCutText=0\\nparam=-SendCutText=0\\nparam=-SendPrimary=0\\nparam=-SetPrimary=0" /etc/xrdp/sesman.ini
systemctl restart xrdp
Setting the old way of crypto
So updating an OS sometimes changes the defaults used for various pieces of crypto. In fedora to set it back to how it used to be:
update-crypto-policies --set LEGACY
You should only do this as last resort or just for testing.
WD My Cloud Home Open Ports
Simply scanned the new units to see what ports are open:
al@alex490:~$ nmap -p- 192.168.nnn.nnn
Starting Nmap 7.60 ( https://nmap.org ) at 2020-11-25 18:41 GMT
Nmap scan report for MyCloud-R6GNH47Y.lab.tsew.net (192.168.0.132)
Host is up (0.0011s latency).
Not shown: 65527 closed ports
PORT STATE SERVICE
80/tcp open http
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
548/tcp open afp
8080/tcp open http-proxy
9999/tcp open abyss
33284/tcp open unknown
Regenerating LetsEncrypt Certs
Easy way to update LetsEncrypt certs: stop letsencrypt
%s/HTTPS_METHOD=redirect/HTTPS_METHOD=noredirect
start letsencrypt
%s/HTTPS_METHOD=noredirect/HTTPS_METHOD=redirect
quit and verify
echo | openssl s_client -servername HostName -connect HostName:443 2>/dev/null | openssl x509 -noout -dates