Now for something completely different: offline patching for IBM Cloud private expired product certificate

In case you were wondering why I’ve not posted any silly Skype tricks lately, I seem to have ended up in charge of Kubernetes at my company, and for reasons I won’t bore you with, we’ve decided to set up IBM Cloud private on-prem.

The product certificate expired on 22 August 2017, so there’s a patch: https://www.ibm.com/developerworks/community/blogs/fe25b4ef-ea6a-4d86-a629-6f87ccf4649e/entry/Certificate_update?lang=en

However, the included bash scripts presume that all of the nodes have access to Docker Hub. Since ours don’t, because we are not heathens who allow our servers to talk to the Internet, I made a workaround:

1) Get the updated ibmcom/cfc-router:1.2.0 image using a machine that can connect to Docker Hub and pack it into a tarball:

docker pull ibmcom/cfc-router:1.2.0
docker save ibmcom/cfc-router:1.2.0 -o cfc-router-fix.tar

(rant about pushing an updated Docker image with THE SAME EXACT VERSION TAG goes here)

2) Copy this tarball to all of the nodes in your cluster

3) SSH into each node in the cluster and load the image:

docker load -i /wherever/you/put/it/cfc-router-fix.tar

4) Copy the update-cert.sh script and remove the following lines, because they are the ones that wanted to go onto the scary Internet and pull the images directly. Leave in all the other docker commands! If you’re using Windows, copy it to a Linux machine and edit it there to avoid any weird linefeed stuff:

if [[ "$(uname -m)" == "x86_64" ]]; then
    docker pull ibmcom/cfc-router:1.2.0
else
    docker pull ppc64le/cfc-router:1.2.0
fi

5) Copy your modified script to each of the nodes. You then need to set execute permission on it, and can finally run it:

chmod +x update-certs.sh
./update-certs.sh

 

Advertisements

What Version Are Your AudioCodes SBA Web Interfaces? A One-Liner.

How your AudioCodes SBA login pages should look, as of May 2016

How your AudioCodes SBA login pages should look, as of May 2016

Unlike the components the SBAs share with their big Front End Server brothers, like RTCSRV and RTCMEDSRV, the manufacturer-custom web interfaces are NOT updated in the Cumulative Updates. You need to check on these periodically with AudioCodes, Sonus or whoever else you got your SBAs from.

These management interface updates are for security and performance issues. If you’re running your SBAs the way the manufacturer recommended, though, there are a lot of remote operations that just won’t work, making version checking painful.

However, if you’ve got AudioCodes SBAs, here is a one-liner that only requires that you have a consistent naming convention (we have “sba” in all of our SBA names) and at least ViewOnlyAdmin access to Lync/Skype, using the magic of very simple webscraping:

(Get-CsPool).computers.where({$_ -like "*sba*"}) | foreach { (Invoke-WebRequest -Uri "http://$_/Home/LogOn").content -match "(1\.\d+\.\d+\.\d+)" | out-null; [pscustomobject]@{ComputerName = $_; Version = $matches[0] } }

Substitute whatever your SBAs have in common for “*sba*” (remember the asterisks!)

Or, here’s a version using nested Where() expressions that will work even if you have no naming conventions:

(Get-CsPool).where({$_.services -like "*registrar*" -and $_.services.where({$_ -like "WebServer*"}).count -eq 0}).computers | foreach { (Invoke-WebRequest -Uri "http://$_/Home/LogOn").content -match "(1\.\d+\.\d+\.\d+)" | out-null; [pscustomobject]@{ComputerName = $_; Version = $matches[0] } }

I have no idea if a similar approach will work with other manufacturers’ SBAs.