Site-to-Site Networking with ZeroTier I have been experimenting with ZeroTier and wanted to share how I was able to setup site-to-site connectivity between a home network and AWS to avoid installing the ZT app on every system in my network. It is easier than you might think. This is a quick how-to on setting up site-to-site connectivity from a private network to a basic AWS VPC. Prerequisites: A quick note for those not familiar with ZeroTier.

Use Kitchen-salt for testing I have put off learning how test-kitchen works with salt formulas for a while. Mainly due to the multi-step setup process that can be slightly confusing if you are not accustomed to working with developer tools day to day. It became clear though that learning this workflow would be really beneficial for developing salt-formulas and other projects because of the increased testing speed and the ability to quickly iterate changes without building bulky VM infrastructure.

Installing pf_ring PF_RING is software that installs a network socket allowing for “High-speed packet capture, filtering and analysis” https://www.ntop.org/products/packet-capture/pf_ring/. It is useful in applications where capturing a lot of network traffic is a requirement such as Snort or BRO IPS/IDS deployments. When possible, I use salt to manage pf_ring deployments but manual steps are condensed from the online documentation located at https://www.ntop.org/get-started/download/#PF_RING. For the purpose of this article, we will be installing the stable package on a CentOS 7 system from http://packages.

Set per Interface Promiscuous mode State Automatically At some point while working on a Salt formula to deploy pfring, I got to a point where I wanted to set promiscuous mode on an interface automatically. I wasn’t exactly sure how to go about it on RHEL/CentOS 7. So many things have changed so I set out to do a quick google search. I found my Google foo was not very strong and searched for several solutions.

There are many reasons why one may want to set up a home lab. For me, the reason is being able to mock up several different scenarios using different software stacks and play with hardware. If you want to set up a lab like I have, it requires ESXi as the hypervisor on physical hardware. However, you can choose VirtualBox, VMware Workstation, XenServer, KVM or whatever hypervisor you wish to use.

Deploy Graylog using SaltStack and supporting formulas I ’ve written a formula for deploying Graylog with additional Salt formulas for Elasticsearch and MongoDB, which support a Graylog install. Currently, this has only been deployed on CentOS 7 so the Salt states are pretty specific to CentOS and RHEL based distros. There are plans to expand support to Debian distros in the future though. Both the Elasticsearch and MongoDB formulas can be used on their own, while the Graylog formula can be used in conjuncture with or deployed after the other requirements have been satisfied.

rsync is an awesome tool that I have used extensively. However, I think it is time to explore other tools that can replace some of what rsync has been doing for so many years. I’m not saying you should never use rsync. What I am saying is there are other options, and in some circumstances, rsync isn’t the default choice anymore (at least for me). I went looking for an rsync replacement because I was seeing extremely slow transfer times when moving large data files.

Overview As with any system running software, you are going to have to apply patches to it at some point and VMware is no different. VMware recommends customers install all security patches to maximize the protection that VMware provides. For a list of all security patches, you can go here https://my.vmware.com/group/vmware/patch#search. Login with your myvmware credentials. Once it has been determined patches are available for ESXi, download the offline bundle so they can be pushed out to each VMware host as needed.

Subscription Management using subscription-manager Register a System subscription-manager register --username <username> --password <password> --auto-attach Disable managed yum repositories subscription-manager config –rhsm.manage_repos=0 Enable a specific channel subscription-manager repos –enable rhel-6-server-optional-rpms Sync RHN Profile rhn-profile-sync From https://access.redhat.com/solutions/253273

Upgrading the Salt Minion For installation, follow the instructions on the saltstack website Upgrade the Windows salt-minion Login to the salt-master server and cd to the files directory cd /srv/salt/server-base/file Download the latest version from the SaltStack Website (https://repo.saltstack.com/) wget https://repo.saltstack.com/windows/Salt-Minion-2016.11.1-AMD64-Setup.exe Copy the newest version out to all the Windows servers based on architecture salt -C 'G@os:win* and G@cpuarch:AMD64' cp.get_file 'salt://server-base/files/Salt-Minion-2016.11.1-AMD64-Setup.exe' 'C:\Downloads\Salt-Minion-2016.11.1-AMD64-Setup.exe' Run the install as a background job so it completes (update salt-master with your salt-master’s DNS name or IP)