azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Session log: VWP infra docs, iDRAC fixes, XenServer inventory, PBX triage

Browse Source 
- Documented VWP XenServer, QB server, Hyper-V server details
- Configured iDRAC 7 for HTML5 console and TLS 1.2 via racadm
- Set up OpenVPN for VWP, resolved Tailscale routing conflict
- Inventoried 5 XenServer VMs, snapshotted server 2003 (G: drive)
- Triaged Dataforth PBX - transient FirstDigital issue, phones working
- Planned XenServer to Hyper-V migration for weekend

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Mike Swanson
2026-03-20 09:21:37 -07:00
parent 7c088e57d8
commit fc0d12d3cf
2 changed files with 224 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
credentials.md
View File

@@ -907,6 +907,38 @@
- **Added:** 2025-12-22 - **Added:** 2025-12-22
- **Access Methods:** RDP, WinRM - **Access Methods:** RDP, WinRM
### Citrix XenServer (PowerEdge R720)
- **Hypervisor:** XenServer 7.6.0
- **Hostname:** valleywide
- **Management IP:** 192.168.0.104 (DHCP, eth0)
- **MAC:** ec:f4:bb:d0:69:f8
- **Gateway:** 192.168.0.1
- **SSH User:** root
- **SSH Password:** r3tr0gradE99!
- **iDRAC IP:** 192.168.3.30
- **iDRAC MAC:** 78:45:C4:F1:CE:6E
- **User:** root
- **Password:** r3tr0gradE99#
- **Service Tag:** 52ZBVV1
- **Express Service Code:** 11064185101
- **BIOS:** 2.7.0
- **iDRAC Firmware:** 2.60.60.60 (iDRAC 7)
- **Virtual Console:** Java-based (avctKVM), requires Java 8 + relaxed security
- **Notes:** Hostname "localhost" (not configured)
### QuickBooks Server - iDRAC (PowerEdge R640)
- **Hostname:** VWP-QBS.VWP.US
- **OS:** Windows Server 2022 (10.0)
- **iDRAC IP:** 192.168.3.189
- **iDRAC MAC:** 54:48:10:F2:A0:2E
- **iDRAC Firmware:** 7.00.00.174 (iDRAC 9)
- **User:** root
- **Password:** r3tr0gradE99#
- **Service Tag:** C84TTQ2
- **BIOS:** 2.22.2
- **License:** Enterprise
- **Notes:** iDRAC 9 supports HTML5 virtual console (no Java needed)
### NPS RADIUS Configuration ### NPS RADIUS Configuration
- **RADIUS Server:** 172.16.9.2 - **RADIUS Server:** 172.16.9.2
- **RADIUS Ports:** 1812 (auth), 1813 (accounting) - **RADIUS Ports:** 1812 (auth), 1813 (accounting)

192
session-logs/2026-03-20-session.md
View File

@@ -127,3 +127,195 @@ Continued work on azcomputerguru.com web properties. Three major accomplishments
6. **Radio site tracking durability** — HTML injection will be lost on next Astro rebuild/deploy. Should add to Astro layout component source instead. 6. **Radio site tracking durability** — HTML injection will be lost on next Astro rebuild/deploy. Should add to Astro layout component source instead.
7. **SSH key auth for IX** — Still using sshpass from CachyOS workstation. Should add ed25519 key. 7. **SSH key auth for IX** — Still using sshpass from CachyOS workstation. Should add ed25519 key.
8. **Broader Cloudflare API token** — Create one with WAF/Bot Management permissions for API-based AI crawler management. 8. **Broader Cloudflare API token** — Create one with WAF/Bot Management permissions for API-based AI crawler management.
---
## Update: 09:30 — VWP Infrastructure, Dataforth PBX, XenServer Migration Planning
### Session Summary
Major multi-client session: VWP infrastructure documentation, iDRAC console access, XenServer VM inventory, Dataforth phone system triage, and XenServer migration planning.
### 8. VWP Infrastructure Documentation
Updated credentials.md with VWP server details:
#### Citrix XenServer (PowerEdge R720)
- **Hypervisor:** XenServer 7.6.0
- **Hostname:** valleywide
- **Management IP:** 192.168.0.104 (DHCP, eth0)
- **MAC:** ec:f4:bb:d0:69:f8
- **Gateway:** 192.168.0.1
- **SSH:** root / r3tr0gradE99!
- **iDRAC IP:** 192.168.3.30
- **iDRAC MAC:** 78:45:C4:F1:CE:6E
- **iDRAC:** root / r3tr0gradE99#
- **Service Tag:** 52ZBVV1
- **iDRAC Firmware:** 2.60.60.60 (iDRAC 7)
#### QuickBooks Server (PowerEdge R640)
- **Hostname:** VWP-QBS.VWP.US
- **OS:** Windows Server 2022
- **iDRAC IP:** 192.168.3.189
- **iDRAC MAC:** 54:48:10:F2:A0:2E
- **iDRAC:** root / r3tr0gradE99#
- **Service Tag:** C84TTQ2
- **iDRAC Firmware:** 7.00.00.174 (iDRAC 9, HTML5 console works)
#### Hyper-V Server (PowerEdge R740)
- **Hostname:** VWP-HYPERV1
- **OS:** Windows Server 2025 Standard
- **IP:** 172.16.9.184
- **Domain:** VWP\VWP-HYPERV1
- **Specs:** 64 vCPUs (Xeon Platinum 8180M), 256GB RAM
- **Serial:** BN82FX2
### 9. iDRAC 7 Virtual Console Fix (192.168.3.30)
**Problem:** iDRAC 7 Java virtual console fails on modern systems, HTML5 console also fails.
**Steps taken via racadm over SSH:**
- Set `PluginType` from 1 (Java) to 2 (HTML5): `racadm set iDRAC.VirtualConsole.PluginType 2`
- Set TLS to 1.2 Only (was TLS 1.1+): `racadm set iDRAC.Webserver.TLSProtocol 2`
- Disabled console encryption: `racadm set iDRAC.VirtualConsole.EncryptEnable 0`
- Reset iDRAC: `racadm racreset soft`
**SSH command for iDRAC 7:**
```
sshpass -p 'r3tr0gradE99#' ssh -o StrictHostKeyChecking=no -o PubkeyAuthentication=no -o KexAlgorithms=+diffie-hellman-group14-sha1 -o HostKeyAlgorithms=+ssh-rsa -o Ciphers=+aes128-cbc,aes256-cbc root@192.168.3.30
```
**Java 8 setup for legacy iDRAC (if needed):**
- Installed `jre8-openjdk`, `jre8-openjdk-headless`, `icedtea-web`
- Set as default: `sudo archlinux-java set java-8-openjdk/jre`
- Relaxed security in `/usr/lib/jvm/java-8-openjdk/jre/lib/security/java.security`:
- `jdk.certpath.disabledAlgorithms=MD2`
- `jdk.tls.disabledAlgorithms=SSLv3, NULL, anon`
- Backup at `java.security.bak`
**Status:** HTML5 console still not working in Chrome (TLS cipher mismatch even with 1.2). Firefox with relaxed TLS profile also had issues. May need iDRAC firmware update to 2.65.65.65.
### 10. OpenVPN Setup for VWP
- **OVPN file:** `~/Downloads/OpenVPN-Server.ovpn`
- **Auth file:** `/etc/openvpn/vwp-auth.txt` (sysadmin / r3tr0gradE99#)
- **Connect command:** `sudo openvpn --config ~/Downloads/OpenVPN-Server.ovpn --auth-user-pass /etc/openvpn/vwp-auth.txt --group nobody --daemon vwp-vpn --log /tmp/vwp-vpn.log`
- **VPN IP:** 192.168.4.3
- **Routes:** 172.16.9.0/24, 192.168.0.0/24, 192.168.3.0/24
- **Remote:** 4.18.160.106:1194 TCP
**IMPORTANT: Tailscale and VWP VPN conflict** — Tailscale's policy routing (table 52) for `192.168.0.0/24` (Dataforth subnet via D2TESTNAS) overrides VPN routes to VWP's `192.168.0.0/24`. Must `sudo tailscale down` before using VWP VPN for `192.168.0.x` access.
### 11. XenServer SSH Access
**Problem:** SSH to `192.168.0.104` returned "Connection refused" even though sshd was running.
**Root causes (two):**
1. Tailscale routing `192.168.0.0/24` to Dataforth instead of VWP VPN
2. XenServer iptables `RH-Firewall-1-INPUT` chain blocking non-local SSH
**Fixes:**
1. `sudo tailscale down` (or `sudo ip rule add to 192.168.0.104/32 lookup main priority 100`)
2. On XenServer console: `iptables -I RH-Firewall-1-INPUT -p tcp --dport 22 -j ACCEPT`
**SSH command for XenServer:**
```
sshpass -p $'r3tr0gradE99!' ssh -o StrictHostKeyChecking=no -o PubkeyAuthentication=no root@192.168.0.104
```
Note: Must use `$'...'` quoting for the `!` in the password.
### 12. XenServer VM Inventory
| VM | OS | IP | State | vCPUs | RAM | Disk | Notes |
|----|----|----|-------|-------|-----|------|-------|
| BACKUP-SRV | Server 2019 Datacenter | 192.168.0.22 | running | 2 | 15GB | 240GB (140+100) | Installed 2024-01-17 |
| server 2012 R2 | Server 2012 R2 Standard | 192.168.0.19 | running | 4 | 16GB | 200GB | Installed 2019-04-14 |
| server 2003 | Server 2003 Enterprise SP2 | 192.168.0.20 | running | 4 | 3GB | 130GB (30+100) | **G: drive - document storage - PRIORITY** |
| XP | Windows XP | (no IP reported) | running | 2 | 3GB | 40GB | No PV tools? |
| Windows 7 (32-bit) | Windows 7 | 192.168.0.40 | halted | 2 | 4GB | 80GB | Intentionally off |
**Storage:** Local LVM — 1.47TB used of 2.24TB (~820GB free)
**Server 2003 disk detail:**
- xvda: 30GB (OS/C: drive) — VDI `4c99e07d-72ad-46f2-bb54-8c1154dc6eb1`
- xvdb: 100GB (**G: drive documents**) — VDI `828ea0ff-04c7-4f7c-9e4d-baa9e15d72bd`
### 13. Server 2003 Snapshot (Document Protection)
**Snapshot created:** `server2003-backup-20260320`
- **UUID:** `866638f5-9c9c-bf24-8c05-393d904fcead`
- **Type:** Live snapshot (no downtime)
- **Covers:** Both disks (30GB OS + 100GB G: drive)
- **Purpose:** Protect document storage before weekend migration
### 14. Dataforth PBX Triage
**Issue:** Phones reported down again.
**Diagnosis:**
- Asterisk running, 30+ extensions registered
- FirstDigital SIP trunk showing "Unavailable" — but this is **normal** for their setup
- SIP is inbound-only, forwarded via UDM port forward to PBX on VLAN100
- PBX doesn't register outbound with FirstDigital
- The `ens224` interface (10.208.107.118/30) has no working gateway — `10.208.107.117` unreachable
- Test call to 520-741-1404 **worked** — transient FirstDigital issue
**PBX network:**
- Management: `192.168.100.196` (DHCP, was .2 before)
- SIP interface: `10.208.107.118/30` on ens224 (dead gateway)
- SIP transport: `0.0.0.0:5060` UDP
### 15. Matomo Tracking Issue (Cloudflare)
**Problem:** Matomo tracking code on community/radio sites returning 503 for `matomo.js`.
**Root cause:** Cloudflare proxy on `analytics.azcomputerguru.com` was blocking/challenging cross-origin requests. The origin SSL cert is expired (Apr 2025) causing Cloudflare-to-origin connection failures.
**Current state:** Analytics subdomain switched back to proxied. SSL/TLS mode needs to be set to "Full" (not "Full Strict") in Cloudflare dashboard — our API tokens lack permission.
**Workaround needed:** Either fix SSL cert via AutoSSL or set Cloudflare SSL mode via dashboard.
### Credentials (this session)
#### VWP OpenVPN
- **User:** sysadmin
- **Password:** r3tr0gradE99#
- **Auth file:** /etc/openvpn/vwp-auth.txt
#### VWP XenServer (192.168.0.104)
- **SSH:** root / r3tr0gradE99!
- **Note:** `$'...'` quoting required for `!`
#### VWP iDRAC - Citrix R720 (192.168.3.30)
- **SSH/Web:** root / r3tr0gradE99#
- **racadm SSH:** requires `-o KexAlgorithms=+diffie-hellman-group14-sha1 -o HostKeyAlgorithms=+ssh-rsa -o Ciphers=+aes128-cbc,aes256-cbc`
#### VWP iDRAC - QB R640 (192.168.3.189)
- **Web:** root / r3tr0gradE99#
#### Dataforth PBX (192.168.100.2)
- **SSH:** sangoma / Gptf*77ttb!@#!@#
- **sudo:** same password via `echo 'Gptf*77ttb!@#!@#' | sudo -S`
### Files Modified
- `/home/guru/ClaudeTools/credentials.md` — added VWP XenServer, QB server, Hyper-V details
- `/etc/openvpn/vwp-auth.txt` — VWP VPN credentials (created)
- `/usr/lib/jvm/java-8-openjdk/jre/lib/security/java.security` — relaxed TLS for iDRAC
- `/tmp/firefox-idrac/user.js` — Firefox profile with relaxed TLS
### Packages Installed
- `jre8-openjdk` + `jre8-openjdk-headless` — Java 8 for iDRAC
- `icedtea-web` — Java Web Start (javaws)
### Pending/Incomplete Tasks
1. **XenServer → Hyper-V migration** — Planned for weekend. All 5 VMs need to migrate to VWP-HYPERV1 (172.16.9.184). Server 2003 (G: drive) is priority. Snapshot taken as protection.
2. **Xen Orchestra** — Install web-based XenServer management (alternative to XenCenter for Linux)
3. **iDRAC 7 virtual console** — HTML5 not working despite config changes. May need firmware update to 2.65.65.65. Java fallback works but cumbersome.
4. **Cloudflare SSL/TLS mode** — Set to "Full" in dashboard for analytics.azcomputerguru.com
5. **Cloudflare AI Crawl Control** — Configure in dashboard
6. **Google Analytics (GA4)** — Deferred
7. **Matomo analytics tracking** — Working on main site, community needs Flarum cache clear + Cloudflare fix, radio needs SSL fix
8. **XenServer iptables persistence** — The SSH firewall rule added is not persistent across reboots
9. **PBX management IP changed** — Was 192.168.100.2, now .196 via DHCP. Should set static.
10. **Java 8 is now default JRE** — May need to switch back to Java 25 for other tasks: `sudo archlinux-java set java-25-openjdk`