Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by rev.dennis

  1. LOVING GOD, we don’t always understand your timing, but we trust that you are good. We know that you hold us in your hands and wrap your love around us when we we are sad. We are sad today, Lord. Comfort us with your presence. Grant us peace in our hearts. Fill our minds with good memories of the one we love. You are the great Healer, and we ask you to heal our hearts today and wipe the tears from our eyes to see the hope you have set before us. Amen. Obituary Kenneth Ray Hosang passed away Saturday, March 23, 2019 at the age of 84. He was born February 1, 1935 in Chicago, IL to Charles and Harriet Hosang. Ken was raised in Michigan and graduated from Western Michigan University. He enjoyed all sports and excelled in football. Ken also joined the US Air Force and was stationed in Greenland. He taught school including social science and coaching football and basketball before being hired on as Safety Director at Pontiac Motors. He spent the last 23 years as a substitute teacher at Smithson Valley High school until he suffered a fractured hip and was forced into retirement. He continued to go to many of the high school games. Ken was preceded on death by his parents, Charles and Harriet Hosang, and his grandson, Jason. He is survived by his loving wife of 61 years, Suzanne Hosang; five children, which include his son, Ken Hosang and wife Shelene; daughter, Shelley Jordan and husband Jimmy; daughter, Kerry Orme and husband Mark; son, Daniel Hosang and wife Michelle; and daughter Sherri Gill and husband Timothy; eleven grandchildren and eight great grandchildren. His stories, his laugh, and sense of humor will be dearly missed, but we will be comforted by so many wonderful memories. God of love and mercy, embrace all those whose hearts today overflow with grief, unanswered questions and such a sense of loss. Grant them space to express their tears. Hold them close through the coming days.
  2. rev.dennis

    A Done Deal

    Col. 2:11-15 -------------------------------------------------------------------------------- And you, being dead in your sins and the uncircumcision of your flesh, hath he quickened together with him, having forgiven you all trespasses (Colossians 2:13 KJV) You have negotiated a contract. All parties are happy with the terms. The check is written. You are given title. The deed is conveyed to your name. The deal is done. And the good news is that you are not in debt. You have free and clear title to the item you purchased. It is a good feeling. Paul continues to teach about our sufficiency in Christ to the church in Colossae. These members were worried about some of the works related faith being promoted by others. So the worry begins. It was needless worry. We have been free from sin. We are no longer ruled by sin but are now ruled by the Savior. Think of a long term illness. When you are sick for a long time, the pain and symptoms rule your life. I believe this is why the ministry of healing was part of Jesus' work before He went to the cross. For many people, illnesses and impaired conditions ruled their lives. A man born blind is ruled by darkness. Jesus comes and heals the man. He is free from darkness. It is a complete healing. A man is deaf and dumb from birth. Jesus touches the man's ears and tongue and he speaks and hears. Completely. A woman comes to Jesus with a serious blood flow condition. It has kept her from worship. It has cost her a fortune. She cannot escape the torment and Jesus heals her completely. A man born with a withered arm is asked to stretch it and Jesus makes it completely whole. God negotiated a new covenant with mankind. When Jesus cried out, "It is finished" on the cross, the deal was done. Because of that transaction is complete - We Are Complete in Our Salvation. We Are Complete in Our Forgiveness. We Are Complete in Our Victory. I. WE ARE COMPLETE IN OUR SALVATION. In whom also ye are circumcised with the circumcision made without hands, in putting off the body of the sins of the flesh by the circumcision of Christ: Buried with him in baptism, wherein also ye are risen with him through the faith of the operation of God, who hath raised him from the dead. (Colossians 2:11-12) Not By Works: The human tendency is to try to work our way into God's graces. Paul, interestingly enough, speaks of circumcision. Why? It was one of the biggest stumbling blocks for so many in the early days of the church. It is also a good example to teach from. In Paul's day the Jewish practice was to circumcise a baby boy on the eighth day after he was born per Leviticus 12:2-3. The Mosaic Code incorporated this practice that was given by God to Abraham in Genesis 17:10-14. This was a symbolic function: "...it shall be a token of the covenant..." The word token is translated as sign or signal or beacon. It points to a greater truth. There were two views on circumcision among the Jews. Some took the view that when you circumcised a child, he was saved. He was automatically numbered among God's faithful. In their thinking, this work was all that was necessary. Yet Paul writes in Romans 9:6, "For they are not all Israel, which are of Israel..." In others words, not every circumcised Israelite was faithful to God for salvation. One example is Judas Iscariot. He was a circumcised Jew and Jesus called him the "Son of perdition" (Jn 17:12). And again we have in John 6:70 where Jesus said to His disciples, "Have not I chosen you twelve, and one of you is a devil?" There is a similar error today. It is with baptism. There are some who will teach that one must be baptized in water to be saved. These are the groups that often include infant baptism in their faith practice. Why? A few reasons: Certain reformed groups see baptism as the new sign that replaced circumcision. Because the church has replaced Israel, in their mind baptism is the new sign of the covenant. Infants must be baptized to be identified as part of the community of faith. This group does not make belief part of the equation but does demand evangelizing the child later in life. The Orthodox groups see infant baptism as an act of faith on the parents' part. They view God's grace to be able to save the infant beyond human comprehension. They take the verse Hebrews 13:8 out of context: Jesus Christ the same yesterday, and to day, and for ever. Their logic: the infant Jesus saves the infant. The child Jesus saves the child. The adult Jesus saves the adult. The Catholic groups see infant baptism as saving from original sin. This group seems to be in the middle between the Reformers and the orthodox. As we will see in a moment, salvation is done ... By The Work of God: "...ircumcised with the circumcision made without hands... Buried with him in baptism, wherein also ye are risen with him through the faith of the operation of God, who hath raised him from the dead." Salvation is the work of God. Let's remember that when God gives the command to circumcise as a token or a sign. It represented the work of God. Abraham's response was just faith. He carried out the sign, the symbol, of faith. In fact if you read Genesis, Abraham was justified by faith as recorded in Genesis 15:6. The command to circumcise comes years later when Isaac is born in Genesis 17. Paul uses imagery of circumcision to reveal an important truth. Let's look at circumcision again. - First, it reveals. Flesh is cutaway and reveals a source of life. It is a witness of eternal life that links everyone here with Adam. - Second, it reinforces a truth. Because Adam and Eve sinned, we are all sinners. Our sin is deeply rooted. We cannot save ourselves. It is cut who circumcises our hearts. It is an action of faith. Paul switches to baptism. We are buried with Christ in that we identify ourselves as Christians. Again it is by faith. That faith begins at the moment of salvation and moves us forward in life until the end when we stand before God in Glory. We trust God to do it all for us. @ Mark 16:16 - "He that believeth and is baptized shall be saved; but he that believeth not shall be damned." @ Acts 2:38 - "Then Peter said unto them, Repent, and be baptized..." @ Acts 2:41 - "Then they that gladly received his word were baptized..." @ Acts 19:5 - "When they heard this, they were baptized in the name of the Lord Jesus." @ Romans 5:10 - "For if, when we were enemies, we were reconciled to God by the death of his Son, much more, being reconciled, we shall be saved by his life." @ Romans 10:13 - "For whosoever shall call upon the name of the Lord shall be saved." @ 1 Corinthians 1:18 - "For the preaching of the cross is to them that perish foolishness; but unto us which are saved it is the power of God." Salvation is complete! It is not by works but by faith. This also means that... II. WE ARE COMPLETE IN OUR FORGIVENESS. And you, being dead in your sins and the uncircumcision of your flesh, hath he quickened together with him, having forgiven you all trespasses; Blotting out the handwriting of ordinances that was against us, which was contrary to us, and took it out of the way, nailing it to his cross (Colossians 2:13-14) Completely Guilty. Paul's choice of words is significant. He first begins with "being dead in your sins..." which points to our actions. He does not use sin but sins. All the deeds a person does prove who he or she is: a sinner. I have heard people complain about how some of their co-workers and fellow students. They ask me, "Why do people do such things?" My answer is simple, "They do what they do because of what they are." This leads to Paul's second half of the equation, "...the uncircumcision of your flesh..." This was a term used by the Jews to describe Gentiles. Gentiles were people outside of God's promises and covenants. Paul applies this statement to describe the former nature of the members of Colossae before their conversion. The nature of the unbeliever makes him or her completely unable to respond by human effort. They are described in Ephesians 2:12 as having no hope. Completely God. Not the contrast between "you, being dead..." and "...hath He quickened together with him..." Here is our hope. God gives life. It is life we gain when we come to Christ. Paul describes the work of forgiveness by pointing to the cross. Note the amount forgiven there - ALL! It is a source of our joy, "Blessed is he whose transgression is forgiven, whose sin is covered" (Ps. 32:1). We find throughout all the Old Testament a system of sacrifices designed to obtain forgiveness. When Moses wrote the Law there was the requirement for the person offering a sin offering to place his hand on the innocent animal. This action was designed to symbolically represent the transference of the guilt from the one making the offering to the innocent animal. The priest, as God's agent, would accept innocent animal now as the appropriate substitute. The Bible declares that "and without shedding of blood is no remission" (Heb. 9:22). That is God's remedy. Christ, the complete innocent, became our sin-bearer: "So Christ was once offered to bear the sins of many; and unto them that look for him shall he appear the second time without sin unto salvation" (Heb. 9:28). That action made it complete. Paul notes that the written record of our sin and deeds - all the laws we broke - are wiped away. Note the words "Blotting out..." in the Greek is compared to the way one would erase ink. Imagine that! You break the law. You receive a citation. You go to court. Someone innocent pays your fine. The judge does something different. He takes your citation, moves a blotter over it, and the permanent ink is gone. It is as if the charge was never written. That is how complete your forgiveness is. Let's look at one more image. The One who wrote the Law was nailed to the Cross. Think on that. Let it sink in and then realize... III. WE ARE COMPLETE IN OUR VICTORY: "And having spoiled principalities and powers, he made a shew of them openly, triumphing over them in it" (Col. 2:15). Debt Cancelled. Our victory is complete because Jesus cancelled the debt. Think of this. Debt does has some power. It has the power to enslave. When you have a load of debt you are limited in what you can do. When Jesus was nailed to the cross and said, "It is finished," that was not a whimper of defeat. That was the cry of victory that shook Hell. The phrase "it is finished" is one Greek word that can be translated the debt is cancelled. The Devil always had power over the sinner by keeping us in fear of death. Death is a great unknown for those who do not know God. If you do not believe in God it is hard to imagine life after death. A minimal belief in God permits some idea of life after death. But because of the question of evil in the world, man has to consider what life in the afterlife will be like. There is within us the truth about our nature that we do not want to admit...that we deserve hell. For some in a works based religion it must be maddening to try to keep a record of all our good deeds and our bad acts. This terrifying balancing act will keep a person in a frantic state of fear. And Satan loves that. But the Good News is that Jesus Christ has cancelled it all and thus has spoiled all the powers against us. He has robbed them of their victory. Devil Disarmed. When you spoil an enemy, you have a defeated and disarmed foe. Hebrew 2:14 reads, "Since then the children share in flesh and blood, He Himself likewise also partook of the same, that through death He might render powerless him who had the power of death, that is, the devil." The coming of Son of God in the Person of Jesus of the Nazarene was a brilliant stroke of military genius by God. With a combination of mercy and grace, the sinner is saved and thus the Devil's destructive power is rendered useless. When you are born again, you have your name entered into the Lamb's book of life. This is what is promised to the believer and unbeliever per the Book of Revelation. Blessed and holy is the one who has a part in the first resurrection; over these the second death has no power, but they will be priests of God and of Christ and will reign with Him for a thousand years...And death and hell were cast into the lake of fire. This is the second death. And whosoever was not found written in the book of life was cast into the lake of fire. (Revelation 20:6, 14-15). Devil's Defeat Displayed: "... he made a shew of them openly, triumphing over them in it." Paul uses language familiar with the typical Roman citizen. When a general came home from victory in battle, he would display the defeated kings and chieftains in chains. When we survey the blood stained cross and look into the empty tomb, we are convinced of our victory. These items are just two of the items which point to the devil's defeat. There is one more item that we tend to gloss over - the church. Nay, in all these things we are more than conquerors through him that loved us. For I am persuaded, that neither death, nor life, nor angels, nor principalities, nor powers, nor things present, nor things to come, nor height, nor depth, nor any other creature, shall be able to separate us from the love of God, which is in Christ Jesus our Lord (Romans 8:37-39). "...we are..." I love those two words. We are conquerors through Jesus Christ. Sin no longer separates us from God's love. It is a done deal. It is the church that shall reign triumphant and ride with Him when He comes to establish a new Kingdom. It is a done deal! CONCLUSION We have complete salvation which provides complete forgiveness and thus we are granted complete victory. Though we are fighting a defeated foe, we should do so with the mindset that there are still pockets of resistance that we must face. The enemy still has strongholds of unsaved souls that we need to enter by God's grace and our obedience. This is our task until that day when He calls us up for the next great event. Until then, let us be more than conquerors! Let us lift up our faces and voices to Him as victors. Let us not fear the darts of the devil but trust the shield of faith to protect us as we move into the battle girded up with the breastplate of righteousness, bound by the belt of truth, carrying our sword the word of God and moving forward with our feet shod with the Good News!
  3. I'll always remember you and keep you in my heart. I've been lucky enough that life brought you into my life and I was able to see and experience what a great man you were to your family and friends. I do miss our talks about woodworking, computers and the news. Our kids will always remember you because you made that big of an impact on them with the love you shared. I hope one day I will see you again to thank you, hug you and tell you how much you meant to me.
  4. hey did you hear, heaven is over flowing with love since Aunt Vicki arrived. I'll never forget her never ending smiles and her heart warming laughs. Whenever we were together my goal was to hear her smile. She'll never be gone from our hearts, our fond memories. I'm glad your no longer in pain. I know in my heart you are in a place filled with love for you. I'll never forget your laugh as I'm sure it could be heard in heaven and now you are in heaven sometimes I feel I still hear your laugh which warms my heart. You were a good person full of love for everyone. I'm sad I don't get to sing some karaoke with you anymore but I do know if anyone lived life every day, it was you. I never knew you to take life for granted and that's something we should all think about. I love you Aunt Vicki and I hope I will see you again.
  5. Thank you for the lives of all those loved ones who, whilst no longer walking beside us or holding our hand along life’s journey as once they did, live on in the collective memory of those they have left behind. Enjoy their company, Loving God until we shall meet again Amen ---------------------------------------------------- Birth date: Feb 7th 1954 Death date: Nov 26th 2016
  6. I cant believe I'm standing here, Saying my goodbyes To a Dad that meant the world to me, My Dad with big brown eyes Anyone who loved him Will know how I feel today, My Dad was the sunshine of my life Who could light up the darkest days. So goodbye Dad my only Dad, Take your wings and fly To eternal happiness and your reward, through the big gates in the sky. ----------------------------------------------------------- Birth date: April 11th, 1948 Death date: March 24th, 2009
  7. O God, who brought us to birth, and in whose arms we die, in our grief and shock, contain and comfort us; embrace us with your love, give us hope in our confusion and grace to let go into new life; through Jesus Christ. Amen. -------------------------------------------------- Birth Date March 12th 1972 Death Date November 8th 1993
  8. If we could bring you back again, For one more hour or day, We’d express all our unspoken love; We’d have countless things to say. If we could bring you back again, We’d say we treasured you, And that your presence in our lives Meant more than we ever knew. If we could bring you back again, To tell you what we should, You’d know how much we miss you now, And if we could, we would.
  9. When someone we love passes away, We ache, but we go on; Our dear departed would want us to heal, After they are gone. Grief is a normal way to mend The anguish and pain in our hearts; We need time to remember and time to mourn, Before the recovery starts. Let’s draw together to recuperate, As we go through this period of sorrow; Let’s help each other, with tender care To find a brighter tomorrow. ------------------------------------------------------------------ Date of Birth January 16, 1971 Date of Death January 3, 2013
  10. First it would be helpful to get a list of users that are already on your Linux box. Get a List of All Users using the /etc/passwd File Local user information is stored in the /etc/passwd file. Each line in this file represents login information for one user. less /etc/passwd Below is an example $ less /etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:999:997:User for polkitd:/:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin nginx:x:998:996:nginx user:/var/cache/nginx:/bin/sh mysql:x:27:27:MariaDB Server:/var/lib/mysql:/sbin/nologin apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin dockerroot:x:997:993:Docker User:/var/lib/docker:/sbin/nologin netadm1n:x:1000:1000:netadm1n:/home/netadm1n:/bin/bash Each line has seven fields delimited by colons that contain the following information: User name Encrypted password (x means that the password is stored in the /etc/shadow file) User ID number (UID) User’s group ID number (GID) Full name of the user (GECOS) User home directory Login shell (defaults to /bin/bash) If you want to display only the username you can use either awk or cut commands to print only the first field containing the username: Using awk example: $ awk -F: '{ print $1}' /etc/passwd root bin daemon adm lp sync shutdown halt mail operator games ftp nobody systemd-network dbus polkitd postfix sshd tss nginx mysql apache dockerroot netadm1n Using cut example: $ cut -d: -f1 /etc/passwd root bin daemon adm lp sync shutdown halt mail operator games ftp nobody systemd-network dbus polkitd postfix sshd tss nginx mysql apache dockerroot netadm1n So you may have identified your Linux system doesn't have a user on it that needs to exist. Let's go to the next section that describes how to add a user How to Create Users in Linux In Linux, you can create a user account and assign the user to different groups using the useradd command. The general syntax for the useradd command is as follows: useradd [OPTIONS] USERNAME NOTE: To be able to use the useradd command and create new users you need to be logged in as root or a user with sudo access. To create a new user account type useradd followed by the username. For example to create a new user named username you would run: useradd username The command adds an entry to /etc/passwd /etc/shadow /etc/group /etc/gshadow files To be able to log in as the newly created user, you need to set the user password. To do that run the passwd command followed by the username: passwd username You will be prompted to enter and confirm the password. In most Linux distros, when creating a new user account with the useradd command the user home directory is not created. Use the -m (--create-home) option to create the user home directory as /home/username: useradd -m username The command above creates the new user’s home directory and copies files from /etc/skel directory to the user’s home directory.
  11. Common LB Application Patterns SSL Offload SSL offloading, also known as SSL termination, decrypts all HTTPS traffic on the load balancer. Layer 7 actions can be carried out and the data proceeds to the backend server as plain HTTP traffic. SSL offloading allows data to be inspected as it passes between the load balancer and server. It also reduces CPU demand on an application server by decrypting data in advance. SSL offloading is vulnerable to attack as the data travels unencrypted between the load balancer and application server. SSL Bridge SSL bridging is a process where a device, usually located at the edge of a network, decrypts SSL traffic and then re-encrypts it before sending it on to the Web server. SSL bridging can be useful when the edge device performs deep-packet inspection to verify that the contents of the SSL-encrypted transmission are safe, or if there are security concerns about unencrypted traffic traversing the internal network. Pass-through SSL passthrough happens when an incoming security sockets layer (SSL) request is not decrypted at the load balancer but passed along to a server for decryption. SSL passthrough is used when web application security is a top concern. SSL passthrough keeps the data encrypted as it travels through the load balancer. The web server does the decryption upon receipt. SSL passthrough uses TCP mode to pass encrypted data to servers. The data passes through fully encrypted, which precludes any layer 7 actions. LTM Policy GTM (Active/Active or Active/Passive) UnCommon Patterns 2-way SSL Openshift Patterns
  12. We were running into an issue and I thought it would be good to know what Virtual Servers have a lot of connections but the Statistics Module isn't good unless you clear statistics and start watching at that moment (don't forget to refresh) Here are two CLI commands that did me well Maximum Connections per Virtual Server tmsh show sys connection | egrep -v 'T|S' | awk '{print $2}' | sort -n | uniq -c | sort -n The output looks something like this with the Virtual Server at the bottom with 3655 connections 330 709 713 966 1086 1210 1460 1465 1467 1477 1580 2046 2393 2395 3655 Maximum Connections per VIP (really just another way to get the same results) tmsh show sys connection | egrep -v 'T|S' | awk '{print $2}' | cut -d: -f 1 |sort -n | uniq -c | sort -n
  13. So I upgrade from to 13.1.3 and out of 30 LTMs (all vCMP Guests) only about half are successful. What happens is after the system boots up on the new code it shows the configuration is unable to shown. First step in troubleshooting is go to the CLI and run tmsh load sys config See where it errors out (see below for my example) [root@txsat1slbco22:/S3-red-P::Offline:Disconnected] config # tmsh load sys config Loading system configuration... /defaults/asm_base.conf /defaults/config_base.conf /defaults/ipfix_ie_base.conf /defaults/ipfix_ie_f5base.conf /defaults/low_profile_base.conf /defaults/low_security_base.conf /defaults/policy_base.conf /defaults/wam_base.conf /defaults/analytics_base.conf /defaults/apm_base.conf /defaults/apm_oauth_base.conf /defaults/apm_saml_base.conf /defaults/app_template_base.conf /defaults/classification_base.conf /var/libdata/dpi/conf/classification_update.conf /defaults/ips_base.conf /var/libdata/ips/ips_update.conf /defaults/daemon.conf /defaults/pem_base.conf /defaults/profile_base.conf /defaults/sandbox_base.conf /defaults/security_base.conf /defaults/urldb_base.conf /usr/share/monitors/base_monitors.conf /defaults/cipher.conf /defaults/ilx_base.conf Loading configuration... Loading schema version: /config/bigip_base.conf /config/bigip_user.conf /config/bigip.conf Loading schema version: 13.1.3 01071008:3: Provisioning failed with error 1 - 'Disk limit exceeded. 16188 MB are required to provision these modules, but only 15752 MB are available.' . Unexpected Error: Loading configuration process failed. [root@txsat1slbco22:/S3-red-P::Offline:Disconnected] config # 2019 Aug 14 13:05:35 slot3/txsat1slbco22 overdog[3111]: 01140043:0: Ha feature software_update reboot requested. I have four cores assigned to the vCMP Guest which per F5 that should be plenty for three modules provisioned. As a test I removed APM (especially since I don't use it yet so no risk) and then clicked System - Configuration - General - Reboot Guest Chassis to reboot and save the config first. Then reboot back to the partition (System - Software Management - Boot Locations and click HD1.1 or whatever the partition is that has the new code) see if the issue goes away. SAME issue.. CRAP! My next attempt is to reduce the amount of images/partitions on the drive to just two versus three. Run the following command to show you how many images/partitions you have tmsh show sys software --------------------------------------------------------- Sys::Software Status Volume Slot Product Version Build Active Status --------------------------------------------------------- HD1.1 3 BIG-IP 13.1.3 0.0.6 yes complete HD1.2 3 BIG-IP 0.0.10 no complete HD1.3 3 BIG-IP 0.0.4 no complete --------------------------- Sys::Software Update Check --------------------------- Check Enabled true Phonehome Enabled true Frequency weekly Status none Errors 0 My goal is to always keep two versions. The working one and the future one... always have 1 rollback. So in this case we are running and "trying" to upgrade to 13.1.3 so we don't need HD1.2 so lets remove it in order to free up some space. The below is the command I ran to remove HD1.2 tmsh delete /sys software volume HD1.2 Then double check by re-running your show sys software command tmsh show sys software -------------------------------------------------------- Sys::Software Status Volume Slot Product Version Build Active Status -------------------------------------------------------- HD1.1 3 BIG-IP 13.1.3 0.0.6 yes complete HD1.3 3 BIG-IP 0.0.4 no complete --------------------------- Sys::Software Update Check --------------------------- Check Enabled true Phonehome Enabled true Frequency weekly Status none Errors 0 Okay now let's just do a quick verify loading the config tmsh load sys config verify Validating system configuration... /defaults/asm_base.conf /defaults/config_base.conf /defaults/ipfix_ie_base.conf /defaults/ipfix_ie_f5base.conf /defaults/low_profile_base.conf /defaults/low_security_base.conf /defaults/policy_base.conf /defaults/wam_base.conf /defaults/analytics_base.conf /defaults/apm_base.conf /defaults/apm_oauth_base.conf /defaults/apm_saml_base.conf /defaults/app_template_base.conf /defaults/classification_base.conf /var/libdata/dpi/conf/classification_update.conf /defaults/ips_base.conf /var/libdata/ips/ips_update.conf /defaults/daemon.conf /defaults/pem_base.conf /defaults/profile_base.conf /defaults/sandbox_base.conf /defaults/security_base.conf /defaults/urldb_base.conf /usr/share/monitors/base_monitors.conf /defaults/cipher.conf /defaults/ilx_base.conf Validating configuration... Loading schema version: /config/bigip_base.conf /config/bigip_user.conf /config/bigip.conf /config/bigip_script.conf Loading schema version: 13.1.3 There were warnings: /Common/f5.bigiq-analytics definition:130: warning: [use curly braces to avoid double substitution][($start_hour] /Common/f5.bigiq-analytics definition:131: warning: [use curly braces to avoid double substitution][($end_hour] /Common/f5.bigiq-analytics definition:133: warning: [use curly braces to avoid double substitution][$end_minute] /Common/f5.bigiq-analytics definition:141: warning: [use curly braces to avoid double substitution][$start_random] /Common/f5.bigiq-analytics definition:145: warning: [use curly braces to avoid double substitution][round("00.[lindex $start_random 1]"] /Common/f5.bigiq-analytics definition:2189: warning: [use curly braces to avoid double substitution][$nonpriority] /Common/f5.bigiq-analytics definition:2192: warning: [use curly braces to avoid double substitution][$nonpriority] /Common/f5.bigiq-analytics definition:2249: warning: [use curly braces to avoid double substitution][$::time] /Common/f5.bigiq-analytics definition:2290: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2363: warning: [use curly braces to avoid double substitution][($start_hour] /Common/f5.bigiq-analytics definition:2363: warning: [use curly braces to avoid double substitution][($current_hour] /Common/f5.bigiq-analytics definition:2364: warning: [use curly braces to avoid double substitution][$time] /Common/f5.bigiq-analytics definition:2529: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2531: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2547: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2549: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2560: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2562: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2871: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2917: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2920: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2927: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2929: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:2968: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:3012: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:3016: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:3023: warning: [use curly braces to avoid double substitution][$::uniqueid] /Common/f5.bigiq-analytics definition:3025: warning: [use curly braces to avoid double substitution][$::uniqueid] curly braces error isn't critical and technically shouldn't be the reason we can't load the config so let's try and load the config. We do know based on the verify that it does appear to be making it further than before so I believe removing that partition may have solved the issue tmsh load /sys config Command line is looking positive (txsat1slbco21)(cfg-sync Disconnected)(/S3-green-P::Standby)(/Common)(tmos) Let's log into the GUI to make sure all is good.... DAMN it! Have to re-activate license on the Viprion chassis which will affect every vCMP Guest you have on that chassis.
  14. rev.dennis

    Clear Browser Cache

    Google Chrome On your computer, open Chrome. At the top right, click More . Click More tools Clear browsing data. At the top, select All time. Next to "Cookies and other site data" and "Cached images and files," check the boxes. Click Clear data. Safari <coming soon>
  15. Having an issue where my vCMP Guest will not run. I have tried to rebuild it, delete the img file, change what version of operating system and nothing. So there is currently a bug (ID 759968) that referencve a bug with clustering of the devices. In short, the guests end up having duplicate rebroad_mac on one or more slots. You can confirm this by running the following command clsh tmctl -d blade tmm/vcmp -w 200 Look at the “reborad_mac” field This is common when you run your guest on one blade. If you used more than one blade the issue typically goes away.
  16. Declarative Onboarding https://clouddocs.f5.com/products/extensions/f5-declarative-onboarding/latest/ App Services Extension https://clouddocs.f5.com/products/extensions/f5-appsvcs-extension/latest/ Telemetry Streaming https://clouddocs.f5.com/products/extensions/f5-telemetry-streaming/latest/ Intro to DevOps https://clouddocs.f5.com/training/community/programmability/html/ Quick-hit learning material https://www.youtube.com/channel/UCtVHX3fmQVjVgj_cGRIxRSg
  17. Here are the steps that were followed to protect environment from Apache Struts vulnerabilities Security – app secuirty – attack signatures – attack signature configuration Enable Staging Save – Apply Policy Security – options – app security – attack signatures – attack signatures update Delivery Mode: Manual Browse to File Click Update Signatures Security – Options – Application Security – Attack Signatures – attack signature set Create apache_struts_CVE… Type: Manual 200004224 200003458 200003470 200004174 200003440 200100310 Security – Application Security – Attack Signatures – Attack Signature List Filter Details Search Signature ID (remove from Staging) 200004224 200003458 200003470 200004174 200003440 200100310 Search Containg String (remove from Staging) sig.java.lang.processbuilder “/bin” execution attempt (Headers) Automated client access “curl” Java Code Injection (java packages) (Header) Java code injection – java/lang/Process (Header) Java code injection java.lang.System (Header) Java code injection ognl.OgnlContext (Header) APPLY Policy Security – Application Security – Content Profiles – XML Profiles Create Apache_Struts_Profile Defense Configuration: Allow DTDs Tolerate Leading White Space Create Security – Application Security – URLs – Allowed URLs Next to HTTPS click * Advanced Header-Based Content Profiles Request Header Name: Content-Type Request Header Value: *xml* Request Body Handling: XML Click ADD Click UPDATE Same thing for HTTP APPLY Policy
  18. https://clouddocs.f5.com/training/community/analytics/html/
  19. This is extremely useful troubleshooting external URLs going through proxy / eGTMs / iGTMs and all other sort of combinations. What i really like about it is it really gives good data for different touch points. time_namelookup time_connect time_appconnect time_pretransfer time_redirect time_starttransfer It helped me handling extrenal 3rd party URLs and their response times, handshake failures. ***************************************************************************************************************************************************** $ cat curl-format.txt time_namelookup: %{time_namelookup}\n time_connect: %{time_connect}\n time_appconnect: %{time_appconnect}\n time_pretransfer: %{time_pretransfer}\n time_redirect: %{time_redirect}\n time_starttransfer: %{time_starttransfer}\n ----------\n time_total: %{time_total}\n $ curl -p -w "@curl-format.txt" -o /dev/null -k https://example.com/services/Soap/class/BridgeIntegrationService?wsdl % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 677 100 677 0 0 41924 0 --:--:-- --:--:-- --:--:-- 42312 time_namelookup: 0.000 time_connect: 0.007 time_appconnect: 0.000 time_pretransfer: 0.008 time_redirect: 0.000 time_starttransfer: 0.016 ---------- time_total: 0.016 <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/> <title>Error 405 Only POST allowed</title> </head> <body><h2>HTTP ERROR 405</h2> <p>Problem accessing /services/Soap/class/BridgeIntegrationService. Reason: <pre> Only POST allowed</pre></p><hr /><br/> <!-- Body events --> <script type="text/javascript">function bodyOnLoad(){if(window.PreferenceBits){window.PreferenceBits.prototype.csrfToken="null";};}function bodyOnBeforeUnload(){}function bodyOnFocus(){}function bodyOnUnload(){}</script> </body> </html> <!-- ................................................................................................... ................................................................................................... ................................................................................................... ................................................................................................... -->time_namelookup: 0.012 time_connect: 0.013 time_appconnect: 0.251 time_pretransfer: 0.251 time_redirect: 0.000 time_starttransfer: 0.507 ---------- time_total: 0.507 *****************************************************************************************************************************************************
  20. Pre-Req that you have openssl installed on your linux box. I utilize Centos 7 but you can use any Linux distribution you prefer. Let's first discuss the different formats PEM Format The PEM format is the most common format that Certificate Authorities issue certificates in. PEM certificates usually have extentions such as .pem, .crt, .cer, and .key. They are Base64 encoded ASCII files and contain "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" statements. Server certificates, intermediate certificates, and private keys can all be put into the PEM format. Apache and other similar servers use PEM format certificates. Several PEM certificates, and even the private key, can be included in one file, one below the other, but most platforms, such as Apache, expect the certificates and private key to be in separate files. DER Format The DER format is simply a binary form of a certificate instead of the ASCII PEM format. It sometimes has a file extension of .der but it often has a file extension of .cer so the only way to tell the difference between a DER .cer file and a PEM .cer file is to open it in a text editor and look for the BEGIN/END statements. All types of certificates and private keys can be encoded in DER format. DER is typically used with Java platforms. The SSL Converter can only convert certificates to DER format. If you need to convert a private key to DER, please use the OpenSSL commands on this page. PKCS#7/P7B Format The PKCS#7 or P7B format is usually stored in Base64 ASCII format and has a file extention of .p7b or .p7c. P7B certificates contain "-----BEGIN PKCS7-----" and "-----END PKCS7-----" statements. A P7B file only contains certificates and chain certificates, not the private key. Several platforms support P7B files including Microsoft Windows and Java Tomcat. PKCS#12/PFX Format The PKCS#12 or PFX format is a binary format for storing the server certificate, any intermediate certificates, and the private key in one encryptable file. PFX files usually have extensions such as .pfx and .p12. PFX files are typically used on Windows machines to import and export certificates and private keys. When converting a PFX file to PEM format, OpenSSL will put all the certificates and the private key into a single file. You will need to open the file in a text editor and copy each certificate and private key (including the BEGIN/END statments) to its own individual text file and save them as certificate.cer, CACert.cer, and privateKey.key respectively. Now for the commands.... Convert x509 to PEM openssl x509 -in certificatename.cer -outform PEM -out certificatename.pem Convert PEM to DER openssl x509 -outform der -in certificatename.pem -out certificatename.der Convert DER to PEM openssl x509 -inform der -in certificatename.der -out certificatename.pem Convert PEM to P7B Note: The PKCS#7 or P7B format is stored in Base64 ASCII format and has a file extension of .p7b or .p7c. A P7B file only contains certificates and chain certificates (Intermediate CAs), not the private key. The most common platforms that support P7B files are Microsoft Windows and Java Tomcat. openssl crl2pkcs7 -nocrl -certfile certificatename.pem -out certificatename.p7b -certfile CACert.cer Convert PKCS7 to PEM openssl pkcs7 -print_certs -in certificatename.p7b -out certificatename.pem Convert pfx to PEM Note: The PKCS#12 or PFX format is a binary format for storing the server certificate, intermediate certificates, and the private key in one encryptable file. PFX files usually have extensions such as .pfx and .p12. PFX files are typically used on Windows machines to import and export certificates and private keys. openssl pkcs12 -in certificatename.pfx -out certificatename.pem Convert PFX to PKCS#8 Note: This requires 2 commands STEP 1: Convert PFX to PEM openssl pkcs12 -in certificatename.pfx -nocerts -nodes -out certificatename.pem STEP 2: Convert PEM to PKCS8 openSSL pkcs8 -in certificatename.pem -topk8 -nocrypt -out certificatename.pk8 Convert P7B to PFX Note: This requires 2 commands STEP 1: Convert P7B to CER openssl pkcs7 -print_certs -in certificatename.p7b -out certificatename.cer STEP 2: Convert CER and Private Key to PFX openssl pkcs12 -export -in certificatename.cer -inkey privateKey.key -out certificatename.pfx -certfile cacert.cer another example openssl pkcs12 -export -inkey zahsystems.com.key -in zahsystems.crt -certfile L1k.Chain.Bundle.2018.crt -out zahsystems.pfx
  21. My name is Rev.Dennis and I was born and raised Christian Catholic by my parents. Every Sunday we went to church and sat, kneeled and stood as the Priest tried to communicate with us what he believed we needed to know. For a few years I was an alter boy at St.Daniels Catholic church in Clarkston, Michigan which was better than sitting, kneeling and standing in a pew. Still at a young age I didn’t understand why we were forced to go to church every Sunday when obviously there was more fun things to do. I joined the Air Force while I was still in Brandon High School and was on the Delayed Enlistment Program so when I graduated I could go to basic training at Lackland Air Force Base. During the service I became closer to God and religion after I have had several close calls. I am now a non-denominational minister. I originally became an ordained minister to marry friends and family. As soon as I was ordained I felt this was a very big responsibility and started doing research. Read a bunch of books and I’m still the same person as I was just more aware of the significance of being labeled as a minister. I’m not just someone who can marry you but I can also be a friend, someone you can talk to or ask advice. When you need someone to lean or when you feel your faith is failing you, I can be there.
  22. Here are a list of the different Viprion models
  23. Training Material captured throughout time learning about the LTM's, GTM's and Viprion chassis
  24. rev.dennis

    How will I know

    Isn’t this the big question we ask ourselves all the time when marriage is either brought up or roaming around in your head? Honestly no one can answer the question if he/she is “the one” for you. Being married twice myself I put my foot down and said never again. In my head I believed people changed to dramatically from when you date to when you are now married. It appeared once you put a ring on your finger it was a sign that someone owned you. Looking back I could see the error of my ways and now I know what I had with my previous marriages wasn’t being in love. It was just exciting times that you wanted to last. A wedding band doesn’t make that happen. To be blunt I had no idea of what being “in love” was until I met the person in my life today. She puts as much into our relationship as I do if not more. The feeling of being loved (not lusted after) is an amazing feeling. She is amazing with my two boys. I can finally say after searching for love for so long that I have actually found it. Now comes the questions. I watched my ex-father in law die of rectal cancer. He went through a living hell on what hospitals did in effort to help him. What was amazing was what his wife did because he couldn’t. Changing his bag of waste, cleaning the sores and horribleness that existed on his bottom. Find new ways for him to eat food that would stay in his stomach. Getting up with him each time he got sick from the Chemo treatments. Taking care of the 3rd degree burns in his mouth. All of these things that you agree to do for the one you love when you say “I do” in sickness and health, take you to be my lawfully wedded partner in life until no end.
  25. So we only have so many public IPv4 addresses and when you start running low you need to find out where they all went and are they still being used. Our DMZ LTM (which is where the Public IPs are found on the Virtual Servers) you can run a script that will check for Availability = anything but enabled OR State = offline OR Total Connections = 0 Note on the script below I'm looking at all Virtual Servers found on the Integration partition tmsh -q show ltm virtual /Integration/* | grep '^Ltm\|Avail\|State\|Total C' | awk 'BEGIN {RS="Ltm\:\:"; format = "%-55s %-10s %-10s %s\n"; printf format, "VS", "Avail", "State", "Connections" } $9 !~/enabled/ || $6 ~/offline/ || $12 ~/^0/ {printf format, $3, $6, $9, $12}' 2>/dev/null It seems to work pretty good. I am still working on the script to include the Destination (which would be the public IP Address). If I figure it out I'll include it here. A bummer is I can't include the Description field of a Virtual Server when using show command, you have to use list to get the Description field. Why is it a big deal? It's not, just a nice to have if you put information on who owns the Virtual Server in the description field so you would know who to go to for validation the VS is still required.
  • Create New...