Salt States for the Homelab

Over the past year or so I have been playing around with saltstack to automate as much as I possibly can in my lab, from updates to base vm configuration and making lab wide configuration changes (such as setting up SNMP for monitoring).  Here are my collection of states I currently use to carry out that baseline setup, they are all called from within my top.sls so at highstate they all are applied and make things suck just a little less when running updates and helps prevent typos from making things take longer than necessary.






And finally my favorite of all, a working curl from within a state to hit an API target to kick off discovery, in this case its a discovery within EM7 but it can be easily modified as necessary


Permanent CIFS Mounts

So in the process of setting up backups for a system on my lab I had the need to create permanent CIFS mounts so I could put backups on my Synology and some of the guides out there were kind of disjointed, so I pieced it togther like I usually do and then wrote an internal wiki article (yes, my lab has its own internal documentation wiki for some reason).  Here is what I came up with.

Manually mount the file-system first so we can get the flags from /etc/mtab

Now we can go into /etc/mtab and grab the flags and such, it will be needed later, will look something like this

Naturally we wouldn’t want to have credentials just willy-nilly in /etc/mtab or fstab so in say the root location create a file just so

Populate it with the following two lines, substituting correct values as necessary

Needs to be owned by root of course and chmodded to 600 to prevent snooping on shared systems. One that is done its time to edit /etc/fstab to mount using the credential file, line will look like below

If you happen to be looking closely you will notice the unix keyword is missing from this, that is because for whatever reason on Ubuntu 16.04 it throws the error [83531.035537] CIFS: Unknown mount option "unix" which prevents the file-system from mounting automatically via fstab.  If you think you are running into this error just do dmesg | tail and it will show you whats going on.

Curl within a salt-state

So I have been looking all over for how to make this happen and finally figured it out, preserving it for anybody else who wants to kick off a curl in a salt state to say add something into monitoring or begin another process via an API call

Right now this is just using testing data from my lab, but as long as you enclose all the salient data in ‘ or ” it should be fine

Strange behavior from Postman

I was working through changing my Saltstack configuration to work with LibreNMS and was working through adding devices via the API as opposed to using auto discovery and realized that basically the same query in curl works fine, but when I tried it with Postman it doesn’t work and acts like I never passed some of the values, observe!

as opposed to when done in curl

The only possible thing I can figure that is going since this is such an absurdly simple API query is that Postman does some kind of magic thats not plainly visible that changes how the data is received by the API.  This is moderately troubling because it gets me wondering what else they are doing with data and if there is some kind underhanded snooping going on, not that I’m working on anything too terribly sensitive other than helping myself become more lazy in the lab.  If I was tossing in a pile of headers I could see where the room for mistakes exists but with only three key/value pairs passed in data and the X-Auth-Token passed in headers I can’t really see any possible place I have messed up but sure enough we get the error about not specifying the version of SNMP for the add device call, so something definitely is hosed up somewhere.

SNMP, Remotely!

So I have been building up a bit of a Windows environment in the lab (a DC, two clients and a sql server so far) and I wanted to push out SNMP to the environment because thats how I monitor things in the lab. Unfortunately I have seen absolutely no reliable way to do so with Group Policy, so in comes the glory that has become PowerShell lately. First we need to figure out which servers we are going to target, so lets whip up servers.txt with the shortnames and make a note of its path. Once we have that list we whip up a quick little loop that works on each line of the servers.txt file to make things happen.

Of course if you only need to do a single server for a one-off reason you could just run Invoke-Command manually but where is the fun in that when we can push to every single system in a hurry AND kick off the gpupdate which will pull down the settings to enable SNMP across the lab.

Comic Scrape

So last night I decided I wanted to archive some web comics I used to read religiously in a format that I could later manipulate into an easy to read format so I can catch up on a few years of missed material without clicking Next a ton of times, thus was born cscrape!

It spits out the images and an accompanying XML file in the comics/ directory so that later I can write something else to process them into an easy to digest format to view say on a tablet or mobile phone for comfortable reading while kicked back in my recliner. Unfortunately for right now its fairly specific to a certain comic however I hope to be able make the code a bit more flexible in the future to allow working with any comic and perhaps roll in the functionality to process the scraped data into easy to read formats.

A horrible way to generate IP addresses

Sometimes I find myself doing the dumbest things ever, like needing a list of ip addresses for a tool that doesn’t accept CIDR notation for target addresses. The tool is unimportant other than it being poorly designed and inefficient as hell, what is important however is that I slapped together a set of 3 loops in a bash script to use the seq tool to generate a massive number of ip addresses. Its really slow actually, so slow that it generates like 250k every 5 seconds which really isnt that much for a simple task like this, I think my prime number code is quicker and its doing actual math. Anyway if someone happens to want this for some god-awful purpose have at it, its terrible and I should probably feel terrible for writing something this ugly

Youtube slow to start videos?

So I have noticed recently that in Chrome running uBlock Origin that videos on Youtube would take several seconds before they would start playing, just showing a black screen where normally there would be ads. This had been going on for several weeks and I would look off and on for anybody else running into the same thing and any fixed for it, and I was just about to give up and accept that it was just Google finally getting one up on the adblocking game then finally I struck paydirt on Reddit. In order to save anybody who happens to be reading this just add the two following filters by going to Options > My Filters

Once I added them and start clicking around I immediately noticed that there were no more delays before videos so hopefully this will prove useful to someone else out there

Thin is in again

Or at least it is when talking about laptops. Apparently according to the code on Facebook the Acer Swift 7 is all the rage because its so sleek and thin, but I cant help but wonder what possibly makes it any more desirable than my Asus UX305FA which is feature for feature a peer to the current generation Macbook but at a hefty discount by comparison. So far Acer themselves aren’t providing pricing however other places claim it will be 1000$ this fall, which would make it almost 200$ more expensive than the Asus. More than just the price I have in the past found the Acer support to be dodgy at best, at one point it was completely impossible to locate drivers on their website for an older system and that memory has stuck with me since and generally encouraged me to avoid their products where I can. It almost seems like these companies are making computers to be a fashion accessory now as opposed to a tool by sacrificing power, battery life and features just to create a smaller package which they can charge 2x the amount for compared to a more capable laptop which may not catch the eye.