blog
Table des matières
4 billet(s) pour février 2026
| Pb snmp | 2026/02/26 15:46 | Jean-Baptiste |
| Example snmpd wrapper script | 2026/02/26 15:38 | Jean-Baptiste |
| How to unlock a Linux user after too many failed login attempts | 2026/02/09 17:11 | Jean-Baptiste |
| Exemple de service et socket avec systemd | 2026/02/05 21:50 | Jean-Baptiste |
Pb snmp
$ snmpwalk -a MD5 -A 'password' -l authNoPriv -u nagios 10.12.51.122 .1 iso.3.6.1.2.1.4.22.1.4.2.10.12.51.1 = INTEGER: 3 iso.3.6.1.2.1.4.23.0 = Counter32: 0 security service 3 error parsing ScopedPDU security service 3 error parsing ScopedPDU security service 3 error parsing ScopedPDU Timeout: No Response from 10.12.51.122 $ snmpwalk -a MD5 -A 'password' -l authNoPriv -u nagios 10.12.51.122 .1.3.6.1.2.1.4.23 iso.3.6.1.2.1.4.23.0 = Counter32: 0 security service 3 error parsing ScopedPDU security service 3 error parsing ScopedPDU security service 3 error parsing ScopedPDU security service 3 error parsing ScopedPDU security service 3 error parsing ScopedPDU security service 3 error parsing ScopedPDU
Example snmpd wrapper script
https://github.com/OpenMandrivaAssociation/net-snmp/blob/master/ucd5820stat
#!/bin/sh -f [ -x /usr/bin/get5820stats ] && /usr/bin/get5820stats $@
snmpdconf
# Added for support of bcm5820 cards. pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat
How to unlock a Linux user after too many failed login attempts
Voir :
- pam_faildelay.so
- pam_tally2
# faillock --user myUsername myUsername: When Type Source Valid Timestamp 1 TTY /dev/tty1 V Timestamp 2 TTY /dev/tty1 V Timestamp 3 TTY /dev/tty1 V
faillock --user myUsername --reset
Autres
/etc/ssh/sshd_config
MaxAuthTries 1
Exemple de service et socket avec systemd
Voir :
mkdir -p ~/.config/systemd/user && cd ~/.config/systemd/user
awx-proxy.socket
[Socket] ListenStream=127.0.0.1:8080 [Install] WantedBy=sockets.target
awx-proxy.service
[Unit] #Requires=container-httpd.service #After=container-httpd.service Requires=awx-proxy.socket After=awx-proxy.socket [Service] ExecStart=/home/k8s/.arkade/bin/kubectl port-forward svc/awx-service 3000:80
systemctl --user daemon-reload systemctl --user enable --now awx-proxy.socket
Test
curl -v -I 127.0.0.1:3000
AWX sur K8S Kind - partage de fichier pour les blob - Execution pods
But :
- Ne pas mettre de blob sous Git
- Accéder directement à des fichiers binaires (BLOB) via Ansible sans réécrire tous les playbook avec get_url au autre
- Accéder simplement à ces fichiers
Conf Kind
config.yaml
kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 networking: ipFamily: ipv4 kubeProxyMode: "nftables" nodes: - role: control-plane extraPortMappings: - containerPort: 30000 hostPort: 30000 protocol: TCP extraMounts: - containerPath: /data/files hostPath: /data/files readOnly: true - containerPath: /data/postgres-13 hostPath: /data/postgres-13
Conf AWX
“Instance Groups” - “default” - “Edit”
Cocher Customize pod specification
Nous avons :
apiVersion: v1 kind: Pod metadata: namespace: awx spec: containers: - image: 'quay.io/ansible/awx-ee:latest' name: worker args: - ansible-runner - worker - '--private-data-dir=/runner'
Ajouter comme ci-dessous
apiVersion: v1 kind: Pod metadata: namespace: awx spec: containers: - image: 'quay.io/ansible/awx-ee:latest' name: worker args: - ansible-runner - worker - '--private-data-dir=/runner' volumeMounts: - name: ansfiles-volume mountPath: /data/files volumes: - name: ansfiles-volume hostPath: path: /data/files
blog.txt · Dernière modification : de 127.0.0.1