Site-to-Site Networking with ZeroTier I have been experimenting with ZeroTier and wanted to share how I was able to setup site-to-site connectivity between a home network and AWS to avoid installing the ZT app on every system in my network. It is easier than you might think. This is a quick how-to on setting up site-to-site connectivity from a private network to a basic AWS VPC. Prerequisites: A quick note for those not familiar with ZeroTier.

Use Kitchen-salt for testing I have put off learning how test-kitchen works with salt formulas for a while. Mainly due to the multi-step setup process that can be slightly confusing if you are not accustomed to working with developer tools day to day. It became clear though that learning this workflow would be really beneficial for developing salt-formulas and other projects because of the increased testing speed and the ability to quickly iterate changes without building bulky VM infrastructure.

Installing pf_ring PF_RING is software that installs a network socket allowing for “High-speed packet capture, filtering and analysis” https://www.ntop.org/products/packet-capture/pf_ring/. It is useful in applications where capturing a lot of network traffic is a requirement such as Snort or BRO IPS/IDS deployments. When possible, I use salt to manage pf_ring deployments but manual steps are condensed from the online documentation located at https://www.ntop.org/get-started/download/#PF_RING. For the purpose of this article, we will be installing the stable package on a CentOS 7 system from http://packages.

Set per Interface Promiscuous mode State Automatically At some point while working on a Salt formula to deploy pfring, I got to a point where I wanted to set promiscuous mode on an interface automatically. I wasn’t exactly sure how to go about it on RHEL/CentOS 7. So many things have changed so I set out to do a quick google search. I found my Google foo was not very strong and searched for several solutions.

rsync is an awesome tool that I have used extensively. However, I think it is time to explore other tools that can replace some of what rsync has been doing for so many years. I’m not saying you should never use rsync. What I am saying is there are other options, and in some circumstances, rsync isn’t the default choice anymore (at least for me). I went looking for an rsync replacement because I was seeing extremely slow transfer times when moving large data files.

Subscription Management using subscription-manager Register a System subscription-manager register --username <username> --password <password> --auto-attach Disable managed yum repositories subscription-manager config –rhsm.manage_repos=0 Enable a specific channel subscription-manager repos –enable rhel-6-server-optional-rpms Sync RHN Profile rhn-profile-sync From https://access.redhat.com/solutions/253273

Accommodate growth of a VM by expanding an LVM partition At some point, a “physical volume” may have to be enlarged to accommodate growth on a VM. This is how you grow the filesystem of an existing VMDK without adding an additional disk to your VM. Enlarging a VMDK login to VMware Find the VM with the disk that needs to be made larger Right click and select “Edit Settings” Find the specific Hard Disk and update the capacity to the desired size Click “Ok” Expanding the VM Volume Size In most cases, the “Physical Volume” information will not be updated automatically.

Configure a Default Zone This is not meant as a full primer for firewalld. It is just meant to document changing the default zone. If you are looking for a more in-depth exposure to firewalld try https://www.hogarthuk.com/?q=node/9 Check available zones firewall-cmd --get-zones Check active zone firewall-cmd --get-active-zones Get current zone of interface (assumes it is in the public zone) firewall-cmd --get-zone-of-interface=<interface returned from above output> Check internal zone for existing services

Sorting /etc/passwd and /etc/shadow files Sorting /etc/passwd and /etc/shadow files [root@server~]# cd /root/ [root@server~]# touch passwd.sorted shadow.sorted [root@server~]# chmod 644 passwd.sorted [root@server~]# chmod 600 shadow.sorted [root@server~]# sort -t: -n -k3,3 /etc/passwd >passwd.sorted [root@server~]# gawk -F: '{system("grep \"^" $1 ":\" /etc/shadow")}' passwd.sorted >shadow.sorted [root@server~]# wc /etc/shadow shadow.sorted 211 211 10985 /etc/shadow 211 211 10985 shadow.sorted 422 422 21970 total [root@server~]# wc /etc/passwd passwd.sorted 211 413 11881 /etc/passwd 211 413 11881 passwd.sorted 422 826 23762 total [root@server~]# cp -a /etc/passwd /root/passwd.

Configure RHEL/CentOS client machines Setup Note: Now that the storage nodes are configured, the repo files have to be updated on client nodes to point them at the new internal mirrors. This can be accomplished in a few different ways. Configure RHEL6/RHEL7 clients On RHEL systems the subscription manager has to be disabled subscription-manager config --rhsm.manage_repos=0 Get the Redhat.repo file from internal repo server wget http://el${OS_VER}repo/repo/Redhat.repo -O /etc/yum.repos.d/Redhat.repo Configure CentOS6/CentOS7 clients Get the CentOS-Base.