Dell PowerEdge R510 legacy offline firmware update upgrade and ESXi install

This is my personal notes on Dell PowerEdge R510 firmware upgrade, when DRAC is not an option.
Catalog update is not working anymore as they are out of support, so R510 is likely not added to catalog.
You need 3 disks
LiveUpdate disk
SBU disk
https://downloads.dell.com/secure/FOLDER02670866M/1/sbuu_2.4_1294_A01.iso?authkey=E7dWOBNFc44tYlgQGdZy+wXasroZI9iUJIyhAdL7cTcprGIoMA6BVHhSwjQDW8zR&__gda__=1527074517_4e43366bc9da032f87b1e95560f8eae7&uid=d50b5da9-4dc0-4a29-2254-9e7cfa15ef67
1. SUU disk
https://downloads.dell.com/FOLDER04240219M/1/SUU-WIN32_17.04.200.145.ISO?uid=9c02226f-92e9-41b3-1a9d-aae3d9e57ee7&fn=SUU-WIN32_17.04.200.145.ISO
Extract content of SUU repository to USB flash drive
2. Run computer with SBU disk, Point as repository added flash disk
Check which drivers you need
Make prinstcreen or smthing elseOpenManage Disk
Go to
http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=C31J4
Run LiveCD
From LiveCD open fladh doisk in terminal, run drivers with command sh ./drivername.bin
Thats it
Dont forget SATA disk firmware must be upgraded before formatting RAID partition.


To add inner DVD you have to open BIOS and enable latest SATA device.

service NetworkManager stop
ifconfig em2 192.168.1.2 netmask 255.255.255.0
route add default gw 192.168.1.1
service em2 NetworkManager start
curl -s http://linux.dell.com/repo/hardware/dsu/bootstrap.cgi | bash
./dsu_Install.sh


Upgrade BIOS 1.9.0 to 1.13.0
PERC H700 nevar palaist kamēr nav pabeidzies initialize

http://linux.dell.com/repo/hardware/latest/
Appears that latest working VMware are ESXi 5.5.

mount
lasty will be usb drive

cd to usb drive

execute sh ./nameofdriver.bin

http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverId=V38WK
 | Seagate STS3600057SS


sudo mount -t ntfs -o rw,auto,defaults,exec /dev/disk/by-label/Data /mnt/Data

right click run in terminal sudo sh ./driver.bin

got licence
https://my.vmware.com/en/group/vmware/evalcenter?p=free-esxi5
got VMware client
http://vsphereclient.vmware.com/vsphereclient/4/0/3/2/3/6/5/VMware-viclient-all-5.5.0-4032365.exe
Due to suspend of support, links to VSphere client is not wqorking anymore. Hovewer all vmware clients ar available.
http://www.vmwarearena.com/download-link-for-all-versions-of-vmware-vsphere-client/


SUU GUI fails to open in Red Hat Enterprise Linux 7.2 operating system
If SUU GUI, is unable to launch in Red Hat Enterprise Linux 7.2 (64–bit) operating system perform the following -

Run the command in the terminal:
#echo -e "Section \"Device\"\nIdentifier \"Device0\"\nOption \"SWCursor\" \"True\"\nEndSection" > /etc/X11/xorg.conf.d/xorg.conf
On completion of the command, ensure that the contents are:
#cat /etc/X11/xorg.conf.d/xorg.conf
Section "Device"
Identifier "Edifice"
Option "SWCursor" "True"
EndSection
Type the command, #systemctl restart gdm.service to restart the GDM service.
The user will be logged off after running the command.

Ubuntu 20 how to increase swapfile

After installing server, I increased RAM, but swap file remains the same, so I have to increase itrmanually. I increased RAM from $ to 8 GB so I have to increase swap file accordingly. In Ubuntu 20.04 swapfile out of the box is called swap.img not swapfile, so the commands will be as follows: 

• type sudo su so you don't have to type sudo before each command

ubuntu@grayflow:~$ sudo su

[sudo] password for ubuntu:

• check swap size and name

root@grayflow:/home/ubuntu# swapon --show

NAME      TYPE SIZE USED PRIO

/swap.img file   4G 2.1G   -2

• turn off swap

root@grayflow:/home/ubuntu# swapoff -a

• increase swap file

root@grayflow:/home/ubuntu# dd if=/dev/zero of=/swap.img bs=1M count=8192

8192+0 records in

8192+0 records out

8589934592 bytes (8.6 GB, 8.0 GiB) copied, 131.193 s, 65.5 MB/s

• turn on swapping

root@grayflow:/home/ubuntu# mkswap /swap.img

Setting up swapspace version 1, size = 8 GiB (8589930496 bytes)

no label, UUID=a1dfcfc3-577d-4ed2-b706-f7c8eeeec69f

root@grayflow:/home/ubuntu# swapon /swap.img

root@grayflow:/home/ubuntu# swapon -s

Filename                                Type            Size    Used    Priority

/swap.img                               file            8388604 780     -2

How to install calculator and photoviewer if Windows store is disabled

If Windows store is disabled in AD, Windows photoviewer and calculator are not available for users. To install photoviewer and calculator. It works when Calculator and photoviewer are installed only for local users and need to be Registered for AD users.
From User context
Get-AppxPackage -User $env:UserName *photos* | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\\AppXManifest.xml"} 
From Computer context
Get-AppxPackage -AllUsers *windowscalculator* | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\\AppXManifest.xml"}
Can be done via Group policy.

Powershell script to Get all AD users in unicode UTF8 format

Script is mention to run on Domain Controller, otherwise you need to enable PowerShell and Import Active Directory Modules.
c:\temp directory must be created before running script
At first you need to read aut all properties to determine, which you want to see in final list.

Get-ADUser -identity giors -properties *|Export-CSV c:\tmp\giors.csv 

where giors is my username. I need to determine, which user accounts is expired so I add LastLogonDate and PasswordLastSet
Simple Export-CSV export in plain ANSI text, to convert to UTF8 add -Encoding UTF8

Get-ADUser -Filter * -SearchBase "DC=domain,DC=com" -properties *|select CanonicalName,SamAccountName,Name,LastLogonDate,LockedOut,PasswordLastSet,whenChanged|Export-CSV -Encoding UTF8 c:\tmp\allusersinUTF.
csv

ESXI 5.5 backup and restore with ghettoVCB script

ESXI backup/restore with ghettoVCB script

Valid upon version ESXi 5.5
Before make sure ssh is enabled on your VMware host. SSH and ESXi shell must be enabled.

It would be good idea to add restrictions in VMware firewall to access ssh only from admin computers. ESXi remote shell must be used to create access key, or you have to enter password every time you connect. 

Backup

Backup Plan is based on document  https://communities.vmware.com/docs/DOC-8760. Download source from Github to your local computer.
https://github.com/lamw/ghettoVCB/downloads Unzip and download to esxi.
Conf file show count of backups, leave 50% of disk space free for restoration purposes
/ghettoVCB-master/ghettoVCB.conf.

VM_BACKUP_ROTATION_COUNT=1

Write in crontab, when copies will be created. In my example backup take place every wednesday at 6:16 pm. Add to  /var/spool/cron/crontabs/root.

18  18    *   *   3  /ghettoVCB-master/ghettoVCB.sh -a -g /ghettoVCB-master/ghettoVCB.conf
~
~ # kill -HUP $(cat /var/run/crond.pid)
~ # /usr/lib/vmware/busybox/bin/busybox crond

After esxi restart cronjob will be erased so it must be added on boot. Add to /etc/rc.local.d/local.sh.

/bin/kill $(cat /var/run/crond.pid)
/bin/echo "18  18    *   *   4  /ghettoVCB-master/ghettoVCB.sh -a -g /ghettoVCB-master/ghettoVCB.conf" >> /var/spool/cron/crontabs/root                                                   
/usr/lib/vmware/busybox/bin/busybox crond

Restore

/ghettoVCB-master/ghettoVCB-restore.sh -c /ghettoVCB-master/vms_to_restore

In file /ghettoVCB-master/vms_to_restore put a location of backup and where to restore.

"/vmfs/volumes/5b05449c-c4081b22-b538-842b2b780912/Backup/Graylog/Graylog-2018-07-12_18-18-02;/vmfs/volumes/5b05449c-c4081b22-b538-842b2b780912;1"

Restoration will not occur if folder with same directory already exists.

Get File Hash on Windows PowerShell

My instructions are for Windows 10, but I am sure it will work on every Windows wirh powershell.
It could be useful for security updates and suspicious executables.
Open PowerShell Windows key->Type PowerShell
Move to the folder where file are placed
cd c:\folder
where your file are located
Get-FileHash .\filename.extension -Algorithm SHA256
or 
Get-FileHash .\filename.extension -Algorithm SHA1
Lets say wou want to check Gimp downloaded in c:\temp
Get-FileHash -Path c:\temp\gimp-2.10.0-setup-2.exe -Algorithm SHA256

Thats it.

Add SSL to Apache site

Most instructions are for usual http sites but now it is almost standart to use ssl on your site, especially if you require client login. My description is for simple web site located in lan where you require port 443 and ssl certificate.
mkdir keys
 cd keys

Create response file

touch csr_details.txt
nano csr_details.txt

How to connect to remote linux machine with key without entering password

On workstation

Create public/private key pair.

How to extend linux vm drive and partition and recreate swap file without gparted and without gui

Preface.

 HDD which is actually bunch of files in vm, emulating HDD are extended via VMwareVCenter. I need to increase my primary partition in Ubuntu Linux VMware virtual machine. In other words  "/" must be extended.  In this example parted and fdisk which are preinstalled in all modern linux systems will be used. 

How to extend root partition /

First we need to extend device. In my situation there are problem- after device /dev/sda1 are /dev/sda2 so I need firstly to move /dev/sda2 to the end of HDD partition.
Fdisk shows I can increase /dev/sda2 but cannot /dev/sda1
root@Log:/# fdisk -l
Disk /dev/sda: 450 GiB, 483183820800 bytes, 943718400 sectors
Device     Boot     Start       End   Sectors   Size Id Type
/dev/sda1  *         2048 615234375 615232328 293.4G 83 Linux
/dev/sda2       617187328 629145599  11958272   5.7G 82 Linux swap / Solaris
As you can see there are 943 mil sectors but only 629 occupied.
So I first need to move swap to the end of disk.

Move swap partition

All commands must be typed as root user, in ubuntu type sudo su or type sudo before each command. Before deleting swap partition, stop all active applications like database and web servers. After moving swap partition must be at the end of disk /dev/sda
Type fdisk /dev/sda and then type
p to print info about partitions
d to delete swap partition
2 number of partition
n to create new partition
p to make partition primary
2 number of partition
calculate sectors, partition take, subtract from the last sector and provide to numbers First sector of partition and last sector. Some spreadsheet could help.

Upgrade Windows 2012 R2 Root CA from SHA1 to SHA256

How to update Windows 2012 R2 AD CA from SHA1 to SHA2 or SHA256

Windows 2012 R2 Active Directory integrated by default publish and issue SHA1 certificates, which is now declared as untrusted by Google Chrome. There was warning window during configuration, but who knows it so important, after it is already intergrated you can discover you forget to change default hash algorithm.

Windows 2012 R2 out of the box provider is already MS Software Key Storage Provider so you don't have to convert something. It is out of this article, how to install nginx, CA or IIS.  To convert storage provider, seek for more complex technet articles like this.

Conversion of CA hash algorithm

To convert Certification Authority and web server certificates form sha1 to SHA 256 it is pretty simple but not so well documented.
To convert Certification Authority you just have to type one command. Go to Administrator command prompt.

certutil -setreg ca\csp\CNGHashAlgorithm SHA256

How to Issue Windows 2012 R2 CA sha256 trusted certificate to Graylog ubuntu nginx or apache web server

A little bit more complex is request key from linux for nginx or apache server. I already had self signed certificate, but from linux perspective, request is almost the same. To avoid exposure of API and port 9000 I am keeping nginx proxy on graylog server.  My nginx configuration is as follows, as you can see, there is nothing changed from graylog perspective.