Sunday, February 25, 2024

Unable to turn on WSL feature on a Hyper-V Windows VM

 The issue was due to the Virtualization Extension is not enable by default. Every time I tried running WSL after installing the WSL package, i am getting an error that Virtualization is not enabled on BIOS. I think this is a default error. It will not say to you, "Opps, you are running under Hyper-V, enable it first". So after several google, you have to invoke the command as Admin via power shell.


Command:



wsl --helpSet-VMProcessor -VMName mytestmv01 -ExposeVirtualizationExtensions $true



where mytestvm01 is the name of the VM i need to enable WSL and needs virtualization (seems like nested) extension like you do on your bios for none virtualized machine.


Then reconnect to your VM, you should be able to run now your WSL, ubuntu or what ever flavor of linux you like to enable or install that is available from MS.



WSL - Windows Subsystem for Linux networking issue - cannot connect to network when windows is connected to VPN

 I have this issue on WSL on windows 11, when enabling this feature, by default the NetworkingMode is equal to NAT. No issue when connecting to internet from the bash CLI, but when you are connected to a VPN, like on a corporate VPN, the net setup will not allow you to connect to the internal resources. This is not a problem with WSL on Windows 10 though.

So to fix this, I need to set the NetworkingMode to mirrored. This way, what ever the IP you windows get, will have the same IP on your WSL or Linux Terminal.


To make your WSL networkingmode to mirrored, create a config file under your windows user profile.


If my username is windows.user01, then put the config under C:\Users\windows.user01\

File: .wslconfig

Content of file below:


[wsl2]

networkingMode=mirrored


Or if you are on your bash command line, you can just do


vim /mnt/c/Users/oliver.jagape/.wslconfig

and enter below: then save.

[wsl2]

networkingMode=mirrored


Shutdown WSL

--shutdown


Then open back bash, or if you have windows terminal installed, just type bash, and it will open to Linux bash terminal.



Tuesday, October 20, 2020

SMTP Issues - Host or domain name not found - Encountered via trustwave Mailmarshal Email SEG

Ok, so we have that issue that the gateway is unable to deliver via MX or even relaying to the MX hosts directly. To make the story short, we found out that the gateway host was restricted, and we requested to allow SMTP port outgoing to ANY ANY. Still not able to, so the additional port needed was... port 53 (DNS) TCP/UPD, allowed to any any. It works.

Monday, October 19, 2020

Resize root partition of RHEL/CentOS Azure VM

Usually when provisioning VM, on azure spefically, or even on aws, default partition like on the root or / partition is very minimal. We have here a 2GB / partition that we need to increase.


Steps:

1. Stop or deallocate the VM
2. Go to Disk, then OS DIsk and change the value, usually its 30 GB devided by other partition, so if you need to make it 40GB, just add 38, so make the number 68
3. Save and start the VM
4. Login as root via ssh
5. vgdisplay. sample below.

[root@valog02 ~]# vgdisplay
  --- Volume group ---
  VG Name               rootvg
  System ID
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  7
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                6
  Open LV               6
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               <63.02 GiB
  PE Size               4.00 MiB
  Total PE              16132
  Alloc PE / Size       6400 / 25.00 GiB
  Free  PE / Size       9732 / <38.02 GiB
  VG UUID               WhcyfU-IClc-LyI5-uSec-5aAL-lyBp-Orfbf0

Notice the  #Free  PE / Size       9732 / <38.02 GiB#, so we have some 38GB free to use.


Current size is: 
/dev/mapper/rootvg-rootlv   2.0G   66M  2.0G   4% /

6. Now, extend it using lvextend. The LV part is "/dev/mapper/rootvg-rootlv", so command would be below. I just made it 37GB instead, so outcome would be 39GB.

lvextend -L +37G /dev/rootvg/rootlv


Sample:
[root@valog02 ~]# lvextend -L +37G /dev/rootvg/rootlv
  Size of logical volume rootvg/rootlv changed from 2.00 GiB (512 extents) to 39.00 GiB (9984 extents).
  Logical volume rootvg/rootlv successfully resized.
  

                                                 
7. Now that we have extended it, we will grow it online.
                                                 
xfs_growfs /dev/rootvg/rootlv
                                                 
                                                 
                                                 
  [root@valog02 ~]# xfs_growfs /dev/rootvg/rootlv
meta-data=/dev/mapper/rootvg-rootlv isize=512    agcount=4, agsize=131072 blks
         =                       sectsz=4096  attr=2, projid32bit=1
         =                       crc=1        finobt=0 spinodes=0
data     =                       bsize=4096   blocks=524288, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=1
log      =internal               bsize=4096   blocks=2560, version=2
         =                       sectsz=4096  sunit=1 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
data blocks changed from 524288 to 10223616



 8. Check the size now.
                                                 
  [root@valog02 ~]# df -h
Filesystem                  Size  Used Avail Use% Mounted on
devtmpfs                     16G     0   16G   0% /dev
tmpfs                        16G     0   16G   0% /dev/shm
tmpfs                        16G   34M   16G   1% /run
tmpfs                        16G     0   16G   0% /sys/fs/cgroup
/dev/mapper/rootvg-rootlv    39G   70M   39G   1% /

    
                                                 
 9. Try to reboot if none production yet.
                                                 
 
                                                 
                                                 
That's all, keep safe everyone.     




Adding this from azure site.

https://docs.microsoft.com/en-us/azure/virtual-machines/linux/resize-os-disk-gpt-partition


Thursday, February 7, 2019

ZIMBRA Search keyword across all mailbox servers and users on a list.

The task is to search certain keywords on each mailbox at zimbra, so on the current version, 8.x, we can use the command:

zmmailbox -z -m username@zimbradomain.defined search "Keyword To Search"

So below is actually a sample search result with a keyword "I Love You"

search "I Love You" on user1@domain.com >> this is not part of zimbra search output, its part of the script to check what search keyword used because the keyword may be part of the email body and the result display what is the subject of the email where you can find the Keyword.

>>Output of search below<<

num: 1, more: false

       Id  Type   From                  Subject                                             Date
   ------  ----   --------------------  --------------------------------------------------  --------------
1. -21682  conv   Internal              How can you do that?                                    01/02/19 05:36



>>End of output<<

Going to search via command line, and I have 5 keywords to search and put it on a file at /home/user/keyword_file.txt

Keywords:
I love you
Why do that
Darling
Home
I did not do it

And I have a set of users to search, let say I have 10 users and put it on a file.

/home/user/userlist.txt

user1@domain.com
user2@domain.com and so on..

So below is a script that I have tried, as zimbra user and run it on one of the Mailstore.


#Below is to turn off splitting of multiple word on one line, like "I did not do it"
IFS=$'\n'

#If you want to check command execution
set -x

for keyword in `cat /home/user/keyword_file.txt`
do
for user in `cat /home/user/userlist.txt`
do
echo "search $keyword on mailbox $user"
zmmailbox -z -m $user search "$keyword"
done
done |tee -a /home/user/searchresult.txt
#End here

Just check on the searchresult.txt the results then.

If userslist contains a hundred, you can invoke screen so you can detach and re attach later if you need to check or usually if you did it remotely, so to avoid network disconnect.





Wednesday, March 7, 2018

Sample haproxy config that proxying a https backend and setup as active passive.


Sample haproxy config that proxying a https backend and setup as active passive.



global
   # to have these messages end up in /var/log/haproxy.log you will
   # need to:
   #
   # 1) configure syslog to accept network log events.  This is done
   #    by adding the '-r' option to the SYSLOGD_OPTIONS in
   #    /etc/sysconfig/syslog
   #
   # 2) configure local2 events to go to the /var/log/haproxy.log
   #   file. A line like the following can be added to
   #   /etc/sysconfig/syslog
   #
   #    local2.*                       /var/log/haproxy.log
   #
   log         127.0.0.1 local2
   tune.ssl.default-dh-param 2048
   chroot      /var/lib/haproxy
   pidfile     /var/run/haproxy.pid
   maxconn     4000
   user        haproxy
   group       haproxy
   daemon

   # turn on stats unix socket
   stats socket /var/lib/haproxy/stats

defaults
   mode                    http
   log                     global
   option                  httplog
   option                  dontlognull
   option http-server-close
   option forwardfor       except 127.0.0.0/8
   option                  redispatch
   retries                 3
   timeout http-request    10s
   timeout queue           1m
   timeout connect         10s
   timeout client          1m
   timeout server          1m
   timeout http-keep-alive 10s
   timeout check           10s
   maxconn                 3000


frontend SHINY_APP
   bind 1.2.3.40:443 ssl crt /etc/ssl/mycert.pem force-tlsv12
   reqadd X-Forwarded-Proto:\ https
   default_backend SHINY_BACKEND_443
   option httplog
   log global

frontend WEB_API
   bind 1.2.3.40:8443 ssl crt /etc/ssl/mycert.pem force-tlsv12
   reqadd X-Forwarded-Proto:\ https
   default_backend WEBAPI_BACKEND_8443
   option httplog
   log global


backend SHINY_BACKEND_443
   balance     roundrobin
   server      MAIN_SHINY_WEB_1.2.3.41 1.2.3.41:443 weight 100 minconn 80 maxconn 180 inter 5s check ssl verify none
   server      BACKUP_SHINY_WEB_1.2.3.42 1.2.3.42:443 weight 100 minconn 80 maxconn 180 inter 5s check ssl verify none backup

backend WEBAPI_BACKEND_8443
   balance     roundrobin
   server      MAIN_WEB_API_1.2.3.43 1.2.3.43:8443 weight 100 minconn 100 maxconn 200 inter 5s check ssl verify none
   server      BACKUP_WEB_API_1.2.3.44 1.2.3.44:8443 weight 100 minconn 100 maxconn 200 inter 5s check ssl verify none backup



listen stats
   bind 1.2.3.40:9999
   stats enable
   stats hide-version
   stats uri /stats
   stats show-desc Shiny Load Balancer Node
   stats refresh 10s
   stats auth admin:password #just change this to your preffered
   stats scope SHINY_BACKEND_443
   stats scope WEBAPI_BACKEND_8443
   stats admin if TRUE
   stats show-legends


# The above is at Centos 7
# to configure the logging, need to edit the rsyslog.conf to accept connection either tcp or udp and set the local2.* to /var/log/haproxy.log, then restart the service.

#The backup keyword at the backend is the setting for the backup role, while the primary is up, there should be none will be routed to the backup. See the documentation of haproxy for further explanation.

Sunday, February 11, 2018

Installing commercial wildcard ssl cert on zimbra 8

Install Commercial SSL Cert at zimbra server (8.8) opensource

Login as root
su - zimbra

This ssl cert is a wildcard certificate

copy csr key, commcercial.crt commercial-gd_bundle.crt to /tmp of the server

change owner or provide read access to the cert files for zimbra user

do a verify 

cd /tmp >> this is where the files were uploaded

commercial.key - this is the csr or private key
company.com.crt - this is the ssl cert downloaded from ssl provide
company.com.gd_bundle.crt - the gd_bundle.crt file downloaded from ssl provider

Verify first the certificates.

#command to verify

/opt/zimbra/bin/zmcertmgr verifycrt comm commercial.key company.com.crt company.com.gd_bundle.crt

copy /tmp/commercial.key to /opt/zimbra/ssl/zimbra/commercial/commercial.key

once all are ok, proceed with deployment

This server where this ssl now has been deployed was at a mailstore server, so you may see mailstore related services below.

#command to deploy

zmcertmgr deploycrt comm company.com.crt company.com.gd_bundle.crt 

#output below
** Verifying 'company.com.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate 'company.com.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying 'company.com.crt' against 'company.com.gd_bundle.crt'
Valid certificate chain: company.com.crt: OK
** Copying 'company.com.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Copying 'company.com.gd_bundle.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'
** Appending ca chain 'company.com.gd_bundle.crt' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts'
** NOTE: restart mailboxd to use the imported certificate.
** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/imapd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/imapd.key'
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
** Creating keystore '/opt/zimbra/conf/imapd.keystore'
** Installing ldap certificate '/opt/zimbra/conf/slapd.crt' and key '/opt/zimbra/conf/slapd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/slapd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/slapd.key'
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
** Creating keystore '/opt/zimbra/mailboxd/etc/keystore'
** Installing mta certificate '/opt/zimbra/conf/smtpd.crt' and key '/opt/zimbra/conf/smtpd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/smtpd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/smtpd.key'
** Installing proxy certificate '/opt/zimbra/conf/nginx.crt' and key '/opt/zimbra/conf/nginx.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/nginx.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/nginx.key'
** NOTE: restart services to use the new certificates.
** Cleaning up 3 files from '/opt/zimbra/conf/ca'
** Removing /opt/zimbra/conf/ca/bea3f1c6.0
** Removing /opt/zimbra/conf/ca/ca.key
** Removing /opt/zimbra/conf/ca/ca.pem
** Copying CA to /opt/zimbra/conf/ca
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key'
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem'
** Creating CA hash symlink 'bea3f1c6.0' -> 'ca.pem'
** Creating /opt/zimbra/conf/ca/commercial_ca_1.crt
** Creating CA hash symlink '27eb7704.0' -> 'commercial_ca_1.crt'
** Creating /opt/zimbra/conf/ca/commercial_ca_2.crt
** Creating CA hash symlink 'cbf06781.0' -> 'commercial_ca_2.crt'
** Creating /opt/zimbra/conf/ca/commercial_ca_3.crt
** Creating CA hash symlink 'f081611a.0' -> 'commercial_ca_3.crt'


#Restart service. zmcontrol restart

You may then verify via web ui.