RADIUS authentication on a HP GbE2c L2/L3 Blade Switch

Date01 Apr 2012 ContentComments

To configure a HP GbE2c L2/L3 Ethernet Blade Switch for RADIUS authentication you need to use radius-server with the following syntax.

radius-server primary-host serverIp
radius-server primary-host serverIp key "SecretKeyHere"
radius-server port 1812
radius-server timeout 10
radius-server enable
no radius-server telnet-backdoor
radius-server secure-backdoor

The first and second lines setup the server/key to authenticate against.

The third/forth defines the port/timeout for the server we configured in the first lines.

The last 3 then enable the server and enable a backdoor so we can authenticate against the switch if the RADIUS server is down.

SNTP on a HP ProCurve switch

Date18 Mar 2012 ContentComments

Configuring NTP for switches is a rather simple process, however the syntax varies depending on the switch OS.

Most switches use SNTP rather than NTP, SNTP is basically NTP but lacks some of the more advanced internal algorithms and is slightly less accurate.

To configure a ProCurve you need to use SNTP with the following syntax.

sntp server <ip>
sntp unicast
timesync sntp

The first line defines what IP to sync with, the second tells the switch to use unicast UDP rather than TCP and the third tells the switch to sync it’s time with the SNTP server.

This needs to be done in configure mode which can be got into via enable mode.

enable
configure

Once the switch is syncing with the SNTP server you can check the time is correct with

show time

Lastly just save the changes then logout

write mem
logout

A full example of this is below:

Switch> en
Switch# conf
Switch(config)# sntp server 79.142.192.4
Switch(config)# sntp unicast
Switch(config)# timesync sntp
Switch(config)# exit
Switch# write mem
Switch# logout

Your switches should now keep their time in sync :)

NTP on a HP GbE2c L2/L3 Blade Switch

Date18 Mar 2012 ContentComments

To configure a HP GbE2c L2/L3 Ethernet Blade Switch for HP c-Class BladeSystem, you need to use NTP with the following syntax.

ntp enable 
ntp timezone 0
ntp primary-server <ip>
ntp secondary-server <ip>

The first line enables NTP, the second tells the switch to use GMT+0 and the third/forth tells the switch which servers to sync with.

This needs to be done in configure mode which can be got into via enable mode.

enable
configure

Now ensure the switch timezone is correct, the command for this is slightly obnoxious. Below is an example of setting it to GB:

Switch(config)# system timezone 
Please identify a location so that time zone rules can be set correctly.
Please select a continent or ocean.
 1) Africa
 2) Americas
 3) Antarctica
 4) Arctic Ocean
 5) Asia
 6) Atlantic Ocean
 7) Australia
 8) Europe
 9) Indian Ocean
10) Pacific Ocean
11) None - disable timezone setting
#? 8
Please select a country.
 1) Albania               16) Gibraltar     31) Poland
 2) Andorra               17) Greece        32) Portugal
 3) Austria               18) Hungary       33) Romania
 4) Belarus               19) Ireland       34) Russia
 5) Belgium               20) Italy         35) San Marino
 6) Bosnia & Herzegovina  21) Latvia        36) Slovakia
 7) Britain (UK)          22) Liechtenstein 37) Slovenia
 8) Bulgaria              23) Lithuania     38) Spain
 9) Croatia               24) Luxembourg    39) Sweden
10) Czech Republic        25) Macedonia     40) Switzerland
11) Denmark               26) Malta         41) Turkey
12) Estonia               27) Moldova       42) Ukraine
13) Finland               28) Monaco        43) Vatican City
14) France                29) Netherlands   44) Yugoslavia
15) Germany               30) Norway
#? 7
Please select one of the following time zone regions.
1) Great Britain
2) Northern Ireland
#? 1 
System timezone set to : Europe/Britain/GB

Lastly just save the changes then logout

copy run start
logout

A full example of this is below:

Switch> en
Switch# conf t
Switch(config)# ntp enable
Switch(config)# ntp timezone 0
Switch(config)# ntp primary-server 79.142.192.4
Switch(config)# ntp secondary-server 217.147.208.1
Switch(config)# exit
Switch# copy run start
Switch# logout

Your switches should now keep their time in sync :)

Restricting access to EdgeCast nodes

Date02 Nov 2011 ContentComments

Today one of our clients published a mix track that was around 140mb, hosted on their account. This was no problem until he started to get hundreds of people downloading the mix which resulted in silly amounts of bandwidth being used.

We quickly had to move him on to the CDN to ensure the traffic impact wasn’t affecting performance for him or others as well as reduce his bandwidth charges substantially.

Once the CDN was all set up and the content pushed out onto the nodes we started to send traffic over.

Due to the impact of social media and people linking directly to the content we had to devise a plan to enable access to the content for the CDN but redirect anyone linking directly to the CDNified subdomain.

In comes mod_rewrite. Now it appears EdgeCast don’t publish their IP ranges in any format that helps my sanity, they are in fact published in a html table. To find them, login to my.edgecast.com, browse to HTTP Large, click on Customer Origin and scroll down to the bottom.

Linux to the rescue! First we just copy the list into a file:

[damian@finnix ~]$ cat > edgecast_ranges
Asia Hong Kong 117.18.234.0 - 117.18.234.255
110.232.176.0 - 110.232.176.255
Asia Singapore 117.18.236.0 - 117.18.236.255
46.22.71.0 - 46.22.71.255
Asia Tokyo 117.18.233.0 - 117.18.233.255
110.232.177.0 - 110.232.177.255
Australia Sydney 117.18.235.0 - 117.18.235.255
110.232.179.0 - 110.232.179.255
Europe Amsterdam 93.184.208.0 - 93.184.208.255
93.184.209.0 - 93.184.209.255
93.184.217.0 - 93.184.217.255
46.22.70.0 - 46.22.70.255
46.22.72.0 - 46.22.73.255
Europe Frankfurt 72.21.89.0 - 72.21.89.255
93.184.212.0 - 93.184.212.255
93.184.213.0 - 93.184.213.255
Europe London 72.21.90.0 - 72.21.90.255
93.184.210.0 - 93.184.210.255
93.184.211.0 - 93.184.211.255
46.22.74.0 - 46.22.75.255
Europe Madrid 46.22.66.0 - 46.22.67.255
Europe Paris 93.184.214.0 - 93.184.214.255
North America Ashburn 72.21.83.0 - 72.21.83.255
68.232.36.0 - 68.232.36.255
North America Atlanta 72.21.88.0 - 72.21.88.255
72.21.93.0 - 72.21.93.255
North America Chicago 72.21.87.0 - 72.21.87.255
68.232.38.0 - 68.232.38.255
North America Dallas 72.21.86.0 - 72.21.86.255
68.232.39.0 - 68.232.39.255
North America Los Angeles 72.21.84.0 - 72.21.84.255
68.232.40.0 - 68.232.40.255
72.21.94.0 - 72.21.94.255
93.184.218.0 - 93.184.218.255
46.22.69.0 - 46.22.69.255
North America Miami 46.22.64.0 - 46.22.65.255
North America New York 72.21.95.0 - 72.21.95.255
68.232.37.0 - 68.232.37.255
North America San Jose
North America San Jose 72.21.82.0 - 72.21.82.255
68.232.41.0 - 68.232.41.255
North America Seattle 72.21.85.0 - 72.21.85.255
Other N/A 72.21.80.0 - 72.21.80.255
72.21.81.0 - 72.21.81.255
72.21.91.0 - 72.21.91.255
72.21.92.0 - 72.21.92.255
117.18.232.0 - 117.18.232.255
93.184.221.0 - 93.184.221.255
93.184.220.0 - 93.184.220.255
93.184.219.0 - 93.184.219.255
117.18.237.0 - 117.18.237.255
93.184.215.0 - 93.184.215.255
93.184.216.0 - 93.184.216.255
68.232.32.0 - 68.232.32.255
68.232.33.0 - 68.232.33.255
68.232.34.0 - 68.232.34.255
68.232.35.0 - 68.232.35.255
68.232.42.0 - 68.232.42.255
68.232.43.0 - 68.232.43.255
68.232.44.0 - 68.232.44.255
68.232.45.0 - 68.232.45.255
68.232.46.0 - 68.232.46.255
68.232.47.0 - 68.232.47.255
93.184.222.0 - 93.184.222.255
93.184.223.0 - 93.184.223.255
110.232.178.0 - 110.232.178.255
117.18.237.0 - 117.18.237.255
117.18.238.0 - 117.18.238.255
117.18.239.0 - 117.18.239.255

Next we need to clear out all the names etc that are randomly dumped in the file:

[damian@finnix ~]$ sed -i 's/^.*\s.*\s//g' edgecast_ranges # Get rid of place names
[damian@finnix ~]$ sed -i '/^\s*$/d' edgecast_ranges # Get rid of blank lines

Now let’s actually turn these IP ranges into something Apache can understand (they are all /24’s so we can cheat):

[damian@finnix ~]$ sed -i 's/^/RewriteCond %{REMOTE_ADDR} !^/g' edgecast_ranges # Add the rewrite cond
[damian@finnix ~]$ sed -i 's/\.255$/.*$/g' edgecast_ranges # Add the wildcard

Now let’s create the actual htaccess file:

[damian@finnix ~]$ echo 'RewriteEngine On' >> .htaccess
[damian@finnix ~]$ cat edgecast_ranges >> .htaccess
[damian@finnix ~]$ echo 'RewriteRule ^downloads/(.*)$ http://media.example.com/$1 [R,L]' >> .htaccess

You should end up with something looking like this:

RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^117.18.234.*$
RewriteCond %{REMOTE_ADDR} !^110.232.176.*$
RewriteCond %{REMOTE_ADDR} !^117.18.236.*$
RewriteCond %{REMOTE_ADDR} !^46.22.71.*$
RewriteCond %{REMOTE_ADDR} !^117.18.233.*$
RewriteCond %{REMOTE_ADDR} !^110.232.177.*$
RewriteCond %{REMOTE_ADDR} !^117.18.235.*$
RewriteCond %{REMOTE_ADDR} !^110.232.179.*$
RewriteCond %{REMOTE_ADDR} !^93.184.208.*$
RewriteCond %{REMOTE_ADDR} !^93.184.209.*$
RewriteCond %{REMOTE_ADDR} !^93.184.217.*$
RewriteCond %{REMOTE_ADDR} !^46.22.70.*$
RewriteCond %{REMOTE_ADDR} !^46.22.72.*$
RewriteCond %{REMOTE_ADDR} !^72.21.89.*$
RewriteCond %{REMOTE_ADDR} !^93.184.212.*$
RewriteCond %{REMOTE_ADDR} !^93.184.213.*$
RewriteCond %{REMOTE_ADDR} !^72.21.90.*$
RewriteCond %{REMOTE_ADDR} !^93.184.210.*$
RewriteCond %{REMOTE_ADDR} !^93.184.211.*$
RewriteCond %{REMOTE_ADDR} !^46.22.74.*$
RewriteCond %{REMOTE_ADDR} !^46.22.66.*$
RewriteCond %{REMOTE_ADDR} !^93.184.214.*$
RewriteCond %{REMOTE_ADDR} !^72.21.83.*$
RewriteCond %{REMOTE_ADDR} !^68.232.36.*$
RewriteCond %{REMOTE_ADDR} !^72.21.88.*$
RewriteCond %{REMOTE_ADDR} !^72.21.93.*$
RewriteCond %{REMOTE_ADDR} !^72.21.87.*$
RewriteCond %{REMOTE_ADDR} !^68.232.38.*$
RewriteCond %{REMOTE_ADDR} !^72.21.86.*$
RewriteCond %{REMOTE_ADDR} !^68.232.39.*$
RewriteCond %{REMOTE_ADDR} !^72.21.84.*$
RewriteCond %{REMOTE_ADDR} !^68.232.40.*$
RewriteCond %{REMOTE_ADDR} !^72.21.94.*$
RewriteCond %{REMOTE_ADDR} !^93.184.218.*$
RewriteCond %{REMOTE_ADDR} !^46.22.69.*$
RewriteCond %{REMOTE_ADDR} !^46.22.64.*$
RewriteCond %{REMOTE_ADDR} !^72.21.95.*$
RewriteCond %{REMOTE_ADDR} !^68.232.37.*$
RewriteCond %{REMOTE_ADDR} !^72.21.82.*$
RewriteCond %{REMOTE_ADDR} !^68.232.41.*$
RewriteCond %{REMOTE_ADDR} !^72.21.85.*$
RewriteCond %{REMOTE_ADDR} !^72.21.80.*$
RewriteCond %{REMOTE_ADDR} !^72.21.81.*$
RewriteCond %{REMOTE_ADDR} !^72.21.91.*$
RewriteCond %{REMOTE_ADDR} !^72.21.92.*$
RewriteCond %{REMOTE_ADDR} !^117.18.232.*$
RewriteCond %{REMOTE_ADDR} !^93.184.221.*$
RewriteCond %{REMOTE_ADDR} !^93.184.220.*$
RewriteCond %{REMOTE_ADDR} !^93.184.219.*$
RewriteCond %{REMOTE_ADDR} !^117.18.237.*$
RewriteCond %{REMOTE_ADDR} !^93.184.215.*$
RewriteCond %{REMOTE_ADDR} !^93.184.216.*$
RewriteCond %{REMOTE_ADDR} !^68.232.32.*$
RewriteCond %{REMOTE_ADDR} !^68.232.33.*$
RewriteCond %{REMOTE_ADDR} !^68.232.34.*$
RewriteCond %{REMOTE_ADDR} !^68.232.35.*$
RewriteCond %{REMOTE_ADDR} !^68.232.42.*$
RewriteCond %{REMOTE_ADDR} !^68.232.43.*$
RewriteCond %{REMOTE_ADDR} !^68.232.44.*$
RewriteCond %{REMOTE_ADDR} !^68.232.45.*$
RewriteCond %{REMOTE_ADDR} !^68.232.46.*$
RewriteCond %{REMOTE_ADDR} !^68.232.47.*$
RewriteCond %{REMOTE_ADDR} !^93.184.222.*$
RewriteCond %{REMOTE_ADDR} !^93.184.223.*$
RewriteCond %{REMOTE_ADDR} !^110.232.178.*$
RewriteCond %{REMOTE_ADDR} !^117.18.237.*$
RewriteCond %{REMOTE_ADDR} !^117.18.238.*$
RewriteCond %{REMOTE_ADDR} !^117.18.239.*$
RewriteRule ^downloads/(.*)$ http://media.example.com/$1 [R,L]

If you browse to http://example.com/downloads/ you should be redirected to http://media.example.com/ unless you are coming from an Edgecast IP range.

Now you can go back to reading slashdot ;)

Changing WordPress tag to category?

Date25 Aug 2011 ContentComments

While there appears to be plugins for converting categories to tags, I can’t for the life of me find one to convert tags to categories.

After a quick poke around in the database it seem quite simple to convert between the two. Note: This /seems/ to work however it might kick you in the face and break stuff.

First find out your “term” id (category or tag):

mysql> SELECT * FROM `terms` WHERE `slug` = 'snippets';
+---------+----------+----------+------------+
| term_id | name | slug | term_group |
+---------+----------+----------+------------+
| 171 | Snippets | snippets | 0 |
+---------+----------+----------+------------+
1 row in set (0.00 sec)

Now look in the taxonomy table and find out its details:

mysql> SELECT * FROM `term_taxonomy` WHERE `term_id` = 171;
+------------------+---------+----------+-------------+--------+-------+
| term_taxonomy_id | term_id | taxonomy | description | parent | count |
+------------------+---------+----------+-------------+--------+-------+
| 174 | 171 | post_tag | | 0 | 17 |
+------------------+---------+----------+-------------+--------+-------+
1 row in set (0.00 sec)

As you can see it is currently a “post_tag”.

To change it to a category change the “taxonomy” field to “category”:

mysql> UPDATE `term_taxonomy` SET `taxonomy` = 'category' WHERE `term_id` = 171;
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0

Or to change it from a category to a tag then change the “taxonomy” field to “post_tag”:

mysql> UPDATE `term_taxonomy` SET `taxonomy` = 'post_tag' WHERE `term_id` = 171;
Query OK, 1 row affected (0.02 sec)
Rows matched: 1 Changed: 1 Warnings: 0