Table des matières
4 billet(s) pour janvier 2026
| AWX sur K8S Kind - partage de fichier pour les blob - Execution pods | 2026/01/26 10:15 | Jean-Baptiste |
| Notes rsh rcp | 2026/01/21 18:08 | Jean-Baptiste |
| Git - Duplication d'un dépôt | 2026/01/19 10:22 | Jean-Baptiste |
| Exemple simple de conf Nagios | 2026/01/14 10:07 | Jean-Baptiste |
Notes Cloud AWS - Ansible
ansible localhost -m ec2_instance -a "instance_ids=i-0713194bd2d67ddb2 state=stopped"
Notes client FTP lftp
Voir aussi :
- rclone
- ncftp
- curl ex :
curl -X NLST ftp://example.com/ - ~/.netrc
- /usr/kerberos/bin/ftp (paquet krb5-workstation)
Exemple de configuration lftp
~/.lftp/rc
# set ftp:ssl-force false
set ssl:verify-certificate/ftp.truc.com no
#set prompt "lftp \S\? \u\@\h:\w> "
#set ftp:passive-mode off
#set ftp:ssl-force/ftp.adobe.com off
#set ftp:use-feat/ftp.adobe.com off
set cache:enable no
Exemple utilisation
Liste toutes les variables lftp
set -a
Passage en mode binaire. Nécessaire ?
# set type binary quote type i
Exemple 1
lftp ftp://user:Passw0rd@ftp1.acme.fr
NOTE : le mot de passe être défine dans ~/.netrc
Exemple 2 - Envois sosreport à RedHat
lftp -v -c 'open -e "set ftps:initial-prot ""; \ set ftp:ssl-force true; \ set ftp:ssl-protect-data true; \ set ssl:verify-certificate true; \ set ftp:proxy http://192.168.56.1:3128 ; \ open anonymous:ftp@dropbox.redhat.com ; \ cd incoming ; \ put testfile'
Exemple 2 - mirroir - comme un rsync sur FTP
NOTE : Il est aussi possible d'utiliser
- la commande wget
- curlftpfs avec rsync ⇒ à la place de curlftpfs il est préfèrable d'utiliser rclone
lftp user@example.com:/pub> mirror -v data /ftp_mirror lftp user@example.com:/pub> mirror -Rv /data/remote_copy .
Source : http://rajaseelan.com/2011/12/20/rsync-over-ftp/
lftp -c "set ftp:list-options -a; open ftp://user:password@your.ftp.com; lcd ./web; cd /web/public_html; mirror --reverse --delete --use-cache --verbose --allow-chown --allow-suid --no-umask --parallel=2 --exclude-glob .svn"
#!/bin/bash HOST="your.ftp.host.dom" USER="username" PASS="password" FTPURL="ftp://$USER:$PASS@$HOST" LCD="/path/of/your/local/dir" RCD="/path/of/your/remote/dir" #DELETE="--delete" lftp -c "set ftp:list-options -a; open '$FTPURL'; lcd $LCD; cd $RCD; mirror --reverse \ $DELETE \ --verbose \ --exclude-glob a-dir-to-exclude/ \ --exclude-glob a-file-to-exclude \ --exclude-glob a-file-group-to-exclude* \ --exclude-glob other-files-to-exclude"
Source : https://serverfault.com/questions/24622/how-to-use-rsync-over-ftp
Pb
Pb 1
lftp ftp://utilisateur:pass@ftp.serveur.org/Prod/Rapport lftp utilisateur@ftp.serveur.org:/Prod/Rapport> get Fichier.csv get: L'accès a échoué : 534 Policy requires SSL. (Fichier.csv) set ftp:ssl-protect-data true lftp ssmf@91.121.109.131:/Prod/Rapport> get LmkMonthlyExport-20150201.csv 2086953 octets transférés
- ~/.lftp/rc
set ftp:ssl-protect-data/ftp.serveur.org true
Pb 2
lftp utilisateur@ftp.serveur.org:/Prod/Rapport> get Fichier.csv get: L'accès a échoué : 534 Protection level negotiation failed. (Fichier.csv)
Voir https://access.redhat.com/solutions/336113
Au tout début de la connexion
set ftp:ssl-force true set ftp:ssl-protect-data true
Autres
rclone config
1 / ProFTPd can't handle '*' in file names \ (Asterisk,Ctl,Dot,Slash) 2 / PureFTPd can't handle '[]' or '*' in file names \ (BackSlash,Ctl,Del,Dot,RightSpace,Slash,SquareBracket) 3 / VsFTPd can't handle file names starting with dot \ (Ctl,LeftPeriod,Slash)
Paquet RPM lftp-scripts.noarch :
- /usr/share/lftp/convert-mozilla-cookies
- /usr/share/lftp/import-ncftp
- /usr/share/lftp/import-netscape
- /usr/share/lftp/verify-file
- /usr/share/lftp/xdg-move
Notes client DNS
Voir aussi les clients DNS :
Voir aussi :
/etc/resolv.conf
Voir aussi:
- /etc/nsswitch.conf
Hard limits for the /etc/resolv.conf file
NOTE : Le comportement est différent avec musl libc (alternative à glibc)
You need to be aware of the hard limits for name servers, domain name, and search domains when you create or edit the /etc/resolv.conf file.
The hard limits for the /etc/resolv.conf file are as follows:
- Maximum number of name servers is 3. (is hardcoded as the 4th will never be used)
- Maximum line size is 256. (avant glibc 2.26 ?)
- Maximum domain name length is 256 characters. (avant glibc 2.26 ?)
- Maximum search domains limit is 6.
- In glibc 2.25 and earlier, the search list is limited to six domains with a total of 256 characters. Since glibc 2.26, the search list is unlimited (RHEL 6 ; sous RHEL 7 et 8 ça dépend de la version de la glibc)
- Total number of characters for all search domains is 256. (avant glibc 2.26)
- Note: You should use only tab or space to separate host names in the search domain list.
Si plus de 3 serveurs dans /etc/resolv.conf : “Nameserver limits were exceeded, some nameservers have been omitted…”
Note: There is no limit on file size.
Le mot-clé search du fichier resolv.conf du système peut être surchargé indépendamment pour chaque processus en remplissant la variable d'environnement LOCALDOMAIN avec une liste de domaines de recherche séparés par des espaces.
Le mot-clé options du fichier resolv.conf du système peut être surchargé indépendamment pour chaque processus en remplissant la variable d'environnement RES_OPTIONS en une liste d'options de la bibliothèque resolver (séparées par des espaces)…
Redirection de port
sudo socat -v -v udp4-listen:53,reuseaddr,fork udp4:8.8.8.8:53
Test connexions
# UDP #host -U -W 1 127.0.0.1 8.8.8.8 host -W 1 127.0.0.1 8.8.8.8 # TCP host -T -W 1 127.0.0.1 8.8.8.8
echo "127.0.0.1,192.168.1.1,8.8.8.8" |tr "," "\n" |xargs -L1 -I% bash -c "host -W 1 plop.plop % |grep -q 'not found' && echo OK % || echo NOK %"
- name: Check DNS connectivity - UDP command: "host -W 1 127.0.0.1 {{ item | quote }}" check_mode: false changed_when: false register: cmd_host_udp failed_when: not ( cmd_host_udp.rc == 0 or ( cmd_host_udp.rc == 1 and cmd_host_udp.stdout_lines is search('not found') ) ) with_items: "{{ resolv_new_nameservers }}" - name: Check DNS connectivity - TCP command: "host -T -W 1 127.0.0.1 {{ item | quote }}" check_mode: false changed_when: false register: cmd_host_tcp failed_when: not ( cmd_host_tcp.rc == 0 or ( cmd_host_tcp.rc == 1 and cmd_host_tcp.stdout_lines is search('not found') ) ) with_items: "{{ resolv_new_nameservers }}"
Ou encore :
curl --dns-servers 192.168.0.1,192.168.0.2 https://example.com curl --dns-servers 10.0.0.1:53 https://example.com systemd-resolve HOSTNAME SERVERNAME
Conf Docker
Docker-compose
my-app: build: my-app dns: - 10.20.20.1 # dns server 1 - 10.21.21.2 # dns server 2 dns_search: ibm-edv.ibmnet.int
spec: containers: - name: test image: nginx dnsConfig: options: - name: timeout value: "2"
extra_hosts: - "somehost:162.242.195.82" - "otherhost:50.31.209.229"
Cache DNS coté client
Voir aussi :
- Rescached
/etc/systemd/resolved.conf
DNS=1.1.1.1 1.0.0.1
sudo mv /etc/resolv.conf /etc/resolv.conf.orig sudo ln -s /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
/etc/resolv.conf
nameserver 127.0.0.53 options edns0
Voir aussi /etc/nsswitch.conf
sudo pkill -USR1 systemd-resolve sudo systemd-resolve --flush-caches sudo resolvectl flush-caches sudo journalctl -u systemd-resolved > ~/resolved.txt sudo systemd-resolve --statistics
Flush DNS / Clear cache
Vider le cache DNS SystemD
systemd-resolve --flush-caches
Clear BIND Server DNS Cache
sudo rndc restart
Clear DNS cache for a particular domain, use the below command.
sudo rndc flushname <Domain_Name>
Clear the dnsmasq Server DNS Cache
sudo systemctl restart dnsmasq
Flush nscd server DNS Cache
sudo systemctl restart nscd
pdnsd
pdnsd-ctl empty-cache
Options
No ipv6 AAAA
# since glibc 2.36 options no-aaaa
no-tld-query (since glibc 2.14)
Pb
Pb Résolution noms courts
/etc/resolv.conf
# options rotate timeout:1 retries:1 # options rotate timeout:2 attempts: 1 options timeout:0 attempts:1 nameserver 192.168.10.10 nameserver 192.168.11.10 search domain1.local domain2.local domain domain2.local
Résolution FQDN OK
# getent hosts srv01.domain1.local 192.168.1.101 srv01.domain1.local
Résolution FQDN NOK
# getent hosts srv01 #
Solution
Placer search après domain ou alors commenter domain
According to the implementation of Glibc, if domain and search directives are both used, only the last instance will be used for DNS queries.
Source : https://access.redhat.com/solutions/5958611
The domain directive is an obsolete name for the search directive that handles one search list entry only.
Source : https://man7.org/linux/man-pages/man5/resolv.conf.5.html
/etc/resolv.conf
options rotate timeout:1 retries:1 # options rotate timeout:2 attempts: 1 nameserver 192.168.10.10 nameserver 192.168.11.10 domain domain2.local search domain1.local domain2.local
# getent hosts srv01 192.168.1.101 srv01.domain1.local # getent hosts srv01.domain1.local 192.168.1.101 srv01.domain1.local
Pb client DNS Linux résolution FQDN KO
$ getent hosts plop 192.168.21.25 plop.acme.local $ getent hosts plop.acme.local $ $ dig +short plop.acme.local 192.168.21.25
Solution
Vérif avec dig / nslookup et si OK le pb est ailleurs, par exemple dans la conf libc
/etc/nsswitch.conf
#hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname hosts: files dns myhostname
Outils
Dig
the step-by-step name resolution, you can do this:
dig +add +trace @8.8.8.8 www.google.com
kdig
kdig client (part of Knot):
kdig +tls @localhost -p 8353 foobar.test
check-soa
blaeu-resolve
blaeu-resolve -r 100 - -type NS meteofrance.com
Notes client DNS & diag
# /etc/systemd/resolved.conf sudo systemctl restart systemd-resolved.service
Conf
systemd-resolve --set-dns=192.168.1.1 -i wlan1
Status
systemd-resolve --status
Disable and stop the systemd-resolved service
sudo systemctl disable systemd-resolved.service sudo systemctl stop systemd-resolved
/etc/NetworkManager/NetworkManager.conf
[main] dns=default
unlink /etc/resolv.conf sudo service network-manager restart
DHCP DNS ?
/etc/systemd/network/enp0s31f6.network
[DHCP] UseDNS=true
Autre
ps aux |grep dnsmasq
Diag port ?
resolv.py
import socket for x in range(5): print(socket.getaddrinfo('gnu.org', 80))
# strace -e trace=connect python resolv.py 2>&1 | grep 53
connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.10.10")}, 16) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.20.20")}, 16) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.1.5")}, 16) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.10.10")}, 16) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.20.20")}, 16) = 0
lsof -i udp:53 time tcpdump udp port 53 -Qout -n |nl time strace -f -e trace=%network -p 29976 2>&1 |grep 'htons(53)' |nl
# sysdig -c lsof "'fd.l4proto=udp and fd.port=53'" COMMAND PID TID USER FD TYPE NAME systemd-resolve 2870470 2870470 systemd 12 ipv4 127.0.0.53:53
csysdig -v connections fd.ip=10.172.93.224 iftop -f "host 10.172.93.224"
Autres
windows
nslookup set detail