How to Fix UISP “Application is loading. 1 min remaining…”

Posted on December 19, 2024 by admin

After a recent update, UISP may stop working.

If we run sudo ~unms/app/unms-cli status, we receive the following error:

WARN[0000] /home/unms/app/docker-compose.yml: the attribute version is obsolete, it will be ignored, please remove it to avoid potential confusion
Error response from daemon: Container 174b07e5e39d311a326c69497f1b2e1ae0eedcb067c9dada6e546ab556aad371 is restarting, wait until the container is running

It appears that there is a bug upgrading to 2.4.155.
https://community.ui.com/questions/UISP-v2-4-143-and-v2-4-155-UISP-Fails-to-start-Geomagnetism-date-comparison-BUG/0cb32012-9afb-41d4-9f37-6a9ba94c4c36

The Fix

To fix the issue, manually update from the command line again.

sudo ~unms/app/unms-cli update

Collecting Logs

There are a couple ways to check logs. We can view docker logs for specific containers using

docker logs unms

We can collect all of the logs with

sudo tar -cvjSf /tmp/uisp-logs.tar.bz2 /home/unms/data/logs

If you receive an error about bzip2 not being found, either install it sudo apt install bzip2 or change tar to tar -cvz

This will put all the logs in /tmp. You can download them with scp, sftp, winscp or something.

https://help.ui.com/hc/en-us/articles/115015690107-UISP-How-to-Find-Logs-Report-Bugs

Enable SNMP v3 on Dell iDRAC9

Posted on December 16, 2024 by admin

First go to iDRAC Settings > Services > SNMP Agent.

Change you SNMP Community Name. (This is not used for SNMPv3)
Enable SNMPv3.

Next go to iDRAC Settings > Users.

Edit the current user, or create a new user. Scroll down to SNMP V3 Settings.

Change SNMP v3 to Enabled.
Enable Passphrase.
Set Authentication and Privacy Passphrases.
Save.

Add your iDRAC to your monitoring software. You can verify everything works from a Linux machine that has the SNMP utils installed.

snmpwalk -v3 -a SHA1 -A "snmpv3userpass" -x AES -X "snmpv3userpass" -l authPriv -u root 192.168.1.100

How to Update Dell PowerEdge iDrac9

Posted on December 12, 2024 by admin

Change the Location Type to HTTPS

Check “Use Default Address” This will populate the HTTPS Address with downloads.dell.com.

Click on Test network connection on the right hand side. If it succeeds, scroll down and click “Check for Update”

It will check for updates and give you an option to select and apply them.

Add warning for emails from external domains in cPanel/WHM

Posted on December 9, 2024 by admin

In this post we are going to setup Exim to add “[External]” to the email subject if it originates from outside of the local domain.

Thanks to Sam for this post. It was extremely helpful.
https://tech.saqr.org/2020/01/for-incoming-email-not-from-our-domain.html

Steps

Create a new Exim Filter
Enable Filter

Create an Exim Filter

SSH to the server and create a Exim filter. In cPanel there are in /usr/local/cpanel/etc/exim/sysfilter/options/. You can name the filter what ever you want.

vi /usr/local/cpanel/etc/exim/sysfilter/options/external_email_warning

Change “incredigeek.com” to your domain name.
You can also change “[External]” to whatever you want to be prepended to the subject.

if
  $header_to: contains "@incredigeek.com>"
  and $header_from: does not contain "@incredigeek.com>"
  and $header_subject: does not contain "[External]"
then
  headers add "Old-Subject: $h_subject:"
  headers remove "Subject"
  headers add "Subject: [External] $h_old-subject"
  headers remove "Old-Subject"
endif

Save the file.

Enable Custom Exim Filter

Now log into WHM, go to Service Configuration > Exim Configuration Manager > Basic Editor > Filters

At the bottom of the filters, you should see a new “Custom Filter: external_email_filter”
This is the filter you just created. Make sure it is On, and Save changes.

Enable Custom Exim Email Filter for External Email

There you go! Any email you receive now that is from an external domain should now have “[External]”, or whatever you specified, prepended to the subject.

If you run into any errors, try reviewing the panic log to see if there are any syntax errors.

Troubleshooting

You can use tail to follow the panic log to verify you have all the syntax correct.

tail /var/log/exim_paniclog -f

Fix PowerDNS “Old-style settings syntax not enabled”

Posted on November 19, 2024 by admin

The PowerDNS Recursor started supporting YAML for configs in version 5.0.0. YAML is the default as of 5.2.0. You can still use the old config if --enable-old-settings is provided as a command line option when starting PowerDNS. If that option is not being used, and you are using the old config, you will experience the following errors.

msg="Old-style settings syntax not enabled by default anymore. Use YAML or enable with --enable-old-settings on the command line" subsystem="config" level="0" prio="Error" tid="0" ts="1732025541.126" configname="/etc/pdns-recursor/recursor.conf"

msg="YAML config found, but error occurred processing it" error="invalid type: string \"allow-from=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16", expected struct Recursorsettings at line 17 column 1" subsystem="config" level="0" prio="Error" tid="0" ts="1732025541.817" configname="/etc/pdns-recursor/recursor.conf"

Fortunately, this is an easy fix.

Convert old config to YAML with rec_control.
Save as new YAML config.
Remove old config.
Start pdns-recursor.

Convert Config to YAML

The rec_control command can convert our old style config to a YAML config. This should automatically pull the default config in /etc/pdns-recursor/recursor.conf.

rec_control show-yaml

Save output to /etc/pdns-recursor/recursor.yml

Remove the Old Style Config

We can remove the old config by renaming it, or deleting it.

mv /etc/pdns-recursor/recursor.conf /etc/pdns-recursor/recursor.conf.oldstyle

rm /etc/pdns-recursor/recursor.conf

Start the PowerDNS Recursor

Start the pdns-recursor service using the systemctl command.

sudo systemctl start pdns-recursor

Verify there are no errors

sudo systemctl status pdns-recursor

A brief introduction to the OSI model

Posted on November 9, 2024 by admin

The goal of this story is to give a brief introduction into the OSI Model and a helpful way to remember the different layers. Not everything translates nicely into a story format.

Disclaimer: Some of the concepts are simplified. If you have any suggestions or issues, feel free to drop a comment below.

Once upon a time. In a lan far far away. A young boy was walking along a dusty path with his teacher, the old wise wizard of ARPANET. So Arthur, for that was the name of our young boy, how is your learning of the OSI model coming? Truth be told master, I am having the hardest time keeping things straight, and even understanding what a Network Model is. Why are there so many layers and remembering if the presentation comes before the transport, or transport before presentation. It is all very confusing. The old wizard nodded, ah yes, it can be a bit of a muddle and the OSI model is not even the primary model used, but alas, it is a relic that is still taught and expected of students in your order. Fortunately, we have just stumbled upon a great example that may help. They had just arrived at a building that was in the middle of nowhere, but appeared to be heavily guarded. Arthur had not been here before and was not sure what to make of it. The wizard continued, this is one of the kings mines and it looks like they are just about to send off some gold over the Internet.

Sit here on this rock and let’s review what the OSI model is. The OSI Model stands for Open Systems Interconnection is a network model developed by the ISO or International Organization of Standardization. The model is a theoretical model of how a network can send and receive data. Technically, applications can be built on top of this model. However this model has been largely abandoned in favor of TCP/IP. There are some similarities and the OSI model is still taught and referenced, but TCP/IP is simpler and is what people preferred. For instance when someone says “that is a layer 7 problem”, they are referring to the Application layer. But now let us get into the layers. Look, they are loading up the gold.

You see the road there that runs in front of the mine? We can compare the road to the first layer of the OSI model, the Physical Layer. The physical layer is well, the physical medium that is used. There are multiple mediums that could be used. Roads are one, rivers another, we can even use the air wirelessly. There are also more esoteric paths like Fiber and Cable.

The next layer is our cart. This is commonly referred to as layer 2 and has everything to do with switching and MAC addresses.

A cart is useless without a driver, and that is the next layer. Our driver and the routing to the treasury is our Network Layer, layer 3. He follows the IP routes from here to there. The signs help route between road networks so he can get to the destination.

You see the boxes that are being loaded? That is Layer 4. The Transport Layer. We typically have two types of transport TCP and UDP. TCP is in closed boxes that keep the contents from bouncing out while going down the road, there are also mechanisms in place to verify that everything gets to the destination and if something is missing, it will make sure to go back and get it. UDP is a simpler protocol. See that cart over there under the apple tree? They just throw all the apples in and hope it all makes it to the destination. There is no verification that it makes it to the destination, they just send it and hope for the best or handle the errors at a higher layer. It is a simpler protocol and faster. And honestly, if a load of apples goes missing, it is not the end of the world.

Now on the journey, the driver is going to need to be let through the gates into the treasury. We can thinks of the guards and gates as our Session Layer or Layer 5. They initiate the session and will tear it down, close the gates, once the load is delivered.

The presentation layer is next, and it is responsible for converting data from one format to another. Things like formatting, encryption and compression are all executed in this layer. For instance, if the load was a bunch of feathers, it could be compressed down to fit a higher quantity of feathers in the same size cart. In this case, the presentation layer is responsible for encrypting, or locking the box. When it gets to its destination, it will be unlocked so it can be accessed.

Finally, Layer 7. The Application Layer can be thought of as the end user interface. In this case the actual gold coins. We can handle it, look at it, and count them.

That is the OSI layer in a nutshell. It is important to remember that it is only a theoretical framework and not exactly how everything works. There are some protocols that have been built on the OSI model, but most of the Internet uses the TCP/IP model.

Arthur sighed, that is a lot to take in, but having the visual will be helpful. Is there a mnemonic or jingle to help remember the names? Aye, we’ve a few, the old wizard replied smiling. One that has been around for ages is, All People Seem To Need Data Processing. Or you can start at the physical layer and go up with, Please Do Not Throw Sausage Pizza Away. Arthur laughed, why would someone throw sausage pizza away? They both chuckled. Hopefully no one does that Wizard said. Now up, let’s see if we can catch the cart so we can continue our learning.

How to Migrate Email without IMAP credentials

Posted on October 31, 2024 by admin

Here are a few ways you can migrate emails without knowing the IMAP credentials.

Use the Admin Password.
Migrate emails using SFTP.
Import/Export using RoundCube?

Use the Admin Password

Some email services allow you to use the administrator password to sign into any email account. This allows you to move emails without knowing the users password.

You can refer to this FAQ on the imapsync website.

https://imapsync.lamiral.info/FAQ.d/FAQ.Admin_Authentication.txt

Migrating Files using SFTP

Disclaimer:

This option will only work if you have ftp/ssh/filesystem access.
Depending on email volume, you could miss emails that arrive during the transition.
If possible, it is recommended to use something like imapsync.
There could be format issues if the two email servers use different mailbox formats and/or email server software.

Emails are usually stored in the users home directory. Depending on the hosting provider, it could be /mail or ~/mail

You can zip up the mail directory and then unzip on the target server. This would only work if you have access to the filesystem. Create your email accounts before unzipping.

You could transfer the passwd and shadow files to keep the email passwords the same. Again, create the email addresses on the target server first and then either overwrite, or merge the differences between the shadow and passwd files.

For example, on cPanel servers, the mail directory is in ~/mail and the shadow and passwd files are in ~/etc/DOMAIN.COM

If you are logged in as root, you will need to change ~/ to /home/USER/ substituting USER for the actual cPanel user.

Import/Export messages from RoundCube?

You can import and export emails using the RoundCube webmail interface. However, the export is limited to one. message. at. a. time. This could work for a handful of messages, but can get quite tedious if you have a large number of emails.

How to enable Ping Watchdog on Ubiquiti AirOS from Command Line

Posted on September 17, 2024 by admin

Ping Watchdog is a feature that will automatically reboot a device if the specified IP address is unreachable.

Here is a quick run down on enabling Ping Watchdog on Ubiquiti Radios from the command line.

1. SSH into the radio

ssh ubnt@192.168.1.20

2. Edit the config file

vi /tmp/system.cfg

Find the lines that start with pwdog

At a minimum, you will need to change the following two options:

pwdog.status to enabled
pwdog.host to the IP you want to ping. Add this line if it does not exist.

pwdog.delay=300
pwdog.host=192.168.1.1
pwdog.period=300
pwdog.retry=3
pwdog.status=enabled

You can adjust the other options to your desired taste.

Exit vi by hitting esc then typing in wq then hit Enter

3. Save configuration

Finally, save the configuration changes with

/usr/etc/rc.d/rc.softrestart save

How to Set up a PowerDNS Recursor

Posted on August 6, 2024 by admin

The following are the steps needed to install a PowerDNS recursor on RHEL, Fedora, Rocky Linux, or AlmaLinux

Install from package manager with

yum install pdns-recursor

Allow DNS through Firewall

sudo firewall-cmd --add-service=dns --permanent

Configure the `/etc/pdns-recursor/recursor.conf` file. The local-address is the DNS recursor, the allow-from, are the addresses you would like to allow access to

local-address=192.0.1.2
allow-from=192.0.0.0/16, 10.0.0.0/8

Start and enable the `pdns-recursor` service

systemctl enable --now pdns-recursor

https://doc.powerdns.com/recursor/getting-started.html

Ansible not working on RockyLinux 8, AlmaLinux 8, RHEL 8

Posted on August 1, 2024 by admin

[WARNING]: Unhandled error in Python interpreter discovery for host localhost: Expecting value: line 1
column 1 (char 0)

https://github.com/ansible/ansible/issues/83357

Ansible 2.17 moved to using Python 3.7. This causes issues with systems that use Python 3.6 (i.e., RHEL 8 based distros). Unfortunately, you can’t just upgrade Python either, as 3.6 is used in system tools such as DNF/YUM.

There are two options.

Upgrade to a RHEL 9 based distribution
Use Ansible 2.16

Ansible 2.16 should be the default installed version on RHEL 8 based distros.