Posted on

group policy remove software installation met error event 108

1. remove the register value
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Appmgmt\{2c0cf1fc-3ec1-4c9c-87ec-7eee5bea3503}

2. delete the sysvol share related .aas file
\\lookdata.cn\SYSVOL\lookdata.cn\Policies\{EBB86C99-BC22-4FFF-8EF2-6AA3FBC01977}\Machine\Applications

Posted on

terraform alicloud import security group rule

ecs

%appdata%\terraform.rc
provider_installation {
filesystem_mirror {
path = “C:/Users/Linus/tf/mirror”
}
}

main.cf
provider “alicloud” {
access_key = “xxxxxxxxxxxxxxxx”
secret_key = “xxxxxxxxxxxxxxxx”
region = “cn-beijing”
}

resource “alicloud_vpc” “testvpc” {
vpc_name = “testvpc”
cidr_block = “192.168.0.0/16”
}

resource “alicloud_vswitch” “vswitch” {
vpc_id = alicloud_vpc.testvpc.id
cidr_block = “192.168.100.0/24”
zone_id = “cn-beijing-d”
}

resource “alicloud_security_group” “testgroup” {
name = “sg-test”
description = “test security group”
vpc_id = “${alicloud_vpc.testvpc.id}”
}

resource “alicloud_security_group_rule” “allow_22” {
type = “ingress”
ip_protocol = “tcp”
nic_type = “intranet”
policy = “accept”
port_range = “22/22”
priority = 1
security_group_id = “${alicloud_security_group.testgroup.id}”
cidr_ip = “10.56.8.13/32”
}

resource “alicloud_instance” “test” {
description = “test”
host_name = “test”
image_id = “ubuntu_20_04_x64_20G_alibase_20220727.vhd”
instance_name = “test”
instance_charge_type = “PostPaid”
security_groups = alicloud_security_group.testgroup.*.id
instance_type = “ecs.xn4.small”
vswitch_id = alicloud_vswitch.vswitch.id
internet_charge_type = “PayByBandwidth”
internet_max_bandwidth_out = 1
}

terraform init
terraform show
terraform plan
terraform state pull
terraform import alicloud_security_group_rule.allow_22 sg-2zefwtrsg4df3r4cy80:ingress:tcp:22/22:intranet:x.x.x.x/32:accept:2

Posted on

rsync over nfs

rsync -aP source/ target/

if you meet some performance issue during ext4 to nfs mounted to local filesystem, try below command replace rsync
1. ssh-copy-id user@x.x.x.x
2. find folder/ -mindepth 1 -maxdepth 4 -type d -exec bash -c ‘tar cz {} | ssh user@x.x.x.x tar -xzf – -C backup’ \;

Posted on

RHEL5 ssh upgrade to 8.8p1

Before:

OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

Prepare:

1.1 downoad file:

https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2.tar.gz

http://mirror.aarnet.edu.au/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz

http://prdownloads.sourceforge.net/libpng/zlib-1.2.11.tar.gz?download

1.2 compile from source:

tar -xzvf zlib-1.2.11.tar.gz
cd zlib-1.2.11
 ./configure --prefix=/usr/local/zlib-12.11 --disable-asm 
 make && make install
tar -zxvf libressl-3.4.2.tar.gz
cdlibressl-3.4.2
./configure--prefix=/usr/local
make && makeinstall
vim /etc/ld.so.conf.d/local.conf

/usr/local/lib

tar zxvf openssh-8.8p1.tar.gz

cd openssh-8.8p1

./configure –prefix=/usr/local/openssh-8.8p1 –sysconfdir=/etc/ssh –with-ssl-dir=/usr/local/ –with-zlib=/usr/local/zlib-1.2.11/ –with-pam

make && make install

1.4 setup start script

cp redhat/sshd.init /etc/init.d/sshd

vi /etc/init.d/sshd

SSHD=/usr/local/openssh-8.8p1/sbin/sshd

/usr/local/openssh-8.8p1/bin/ssh-keygen -A

chkconfig –add sshd
chkconfig sshd on
chkconfig –list sshd
service sshd restart

vim /etc/profile
export PATH=/usr/local/openssh-8.8p1/bin:/usr/local/openssh-8.8p1/sbin:$PATH
service sshd restart

1.5 update sssd
yum install sssd sssd-tools
vi /etc/sssd/sssd.conf
[sssd]
config_file_version = 2
services = nss, pam
domains = LDAP

[nss]

[pam]

[domain/LDAP]
ldap_id_use_start_tls = False
ldap_schema = ad
ldap_default_authtok_type = obfuscated_password
cache_credentials = False
id_provider = ldap
auth_provider = ldap
ldap_default_bind_dn = test
ldap_uri = ldap://192.168.100.1
ldap_user_object_class = user
ldap_user_name = sAMAccountName
ldap_group_object_class = group
ldap_group_name = cn
override_gid = 513
ldap_idmap_range_min = 100000
#ldap_user_principal=userPrincipalName
override_homedir = /home/%u
default_shell = /bin/bash

1.5.1 setup bind user and crendentinal
sss_obfuscate -d LDAP
1.5.2 enable sssd
authconfig –enablesssd –enablesssdauth –enablemkhomedir –enablepamaccess –update

1.6 Windows 2012 R2 setup
1.6.1 promote OS to Active domain
1.6.2 install certificate service