This posting is ~2 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.
Its been four month since my last blog post, and the blog frequency was quite low before that. This blog is, to be honest, a giant pile of stuff that has not worked as expected. Okay, some random thoughts or howto’s, but most blog posts are about stuff that failed in some way. That’s a bit “depressing”. I should write more about the fun things in my life
For a pretty long time my focus was on infrastructure. And my focus _is_ on infrastrucutre – Networks, lots of storage, virtualization with VMware. And always full stack: Networking, Storage, Servers, Operating System, always with a little focus here and there. Sure, products shifted over time, but in the bigger picture, my focus was always on infrastrucutre and datacenter stuff. No client devices, no end user support, no managed services/ admin tasks, no leadership. Technical stuff and projects. But my focus continued to shift. Microsoft Exchange for example. A product I really hate. Not really infrastructure. But I’m good at it and so I got projects and stuff to do. Or Office 365. Or Microsoft Azure. And since 2013 more leadership tasks. And since January 2020 I held some kind of a higher management position.
I’m doing much less VMware for the past 24 months than I like to do. Therefore much more Office 365 and Azure. And consulting for Microsoft stuff, transition to cloud, transition of IT services into managed services, or deployment of managed services. I lost my VCP/ VCAP through, IMHO, unnecessarily complicated recertification requirements. That was very frustrating for me. Of course, I learned other things in return.
Companions from the last 20 years are now mostly in management positions. Head of … whatever. Most of them are not doing technical stuff anymore. And they are happy with it. It looks like a typical career path, but it’s one that I don’t necessarily like right now. I’m still doing technical stuff, even if I’m in a management position. Actually quite good, but it also feels kind of weird.
I’m turning 40 this year. 23 years in IT behind me, 25 years to go until retirement. Not even half-time. :/ A wife, three nice kids, we just moved to our new house. Actually everything should be really great, but currently I can’t see a career path for me that makes me happy. And this sucks pretty hard.
So, to make a long story short, come back from time to time. Add this blog to your RSS reader. I hope to post nice content here again soon.
This posting is ~5 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.
In January 2017, I wrote an article about how to protect your WordPress blog using the WP Fail2Ban plugin, fail2ban on your Linux/ FreeBSD host, and CloudFlare. Back then, the fail2ban was using the CloudFlare API V1, which was already deprecated since November 2016.
Free-Photos/ pixabay.com/ Creative Commons CC0
Although the actions were updated later to use CloudFlare API V4, I still had problems with the unbaning of IP addresses. IP addresses were banned, but the unban action failed.
This is the unban action, which is included in fail2ban (taken from fail2ban-0.10.3.1 which is shipped with FreeBSD 11.1-RELEASE-p10):
I found the solution at serverfault.com. The only difference is an additional tr -d ‘\n’ in the last line of the statement. Kudos to Jake for fixing this!
To prevent the action file to being overwritten, you should copy the original cloudflare.conf located in the action.d directory, e.g. to mycloudflare.conf , and use the copied action file in your fail definition.
This posting is ~7 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.
The downside of using WordPress is that many people use it. That makes WordPress a perfect target for attacks. I have some trouble with attacks, and one of the consequences is, that my web server crashes under load. The easiest way to solve this issue would be to ban those IP addresses. I use Fail2ban to protect some other services. So the idea of using Fail2ban to ban IP addresses, that are used for attacks, was obvious.
Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs — too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).
That works for services, like IMAP, very good. Unfortunately, this does not work out of the box for WordPress. But adding the WordPress plugin WP fail2ban brings us closer to the solution. For performance and security reasons, vcloudnine.de can only be accessed through a content delivery network (CDN), in this case CloudFlare. Because CloudFlare acts as a reverse proxy, I can not see “the real” IP address. Furthermore, I can not log the IP addresses because of the German data protection law. This makes the Fail2ban and the WordPress Fail2ban plugin nearly useless, because all I would ban with iptables, would be the CloudFlare CND IP ranges. But CloudFlare offers a firewall service. CloudFlare would be the right place to block IP addresses.
So, how can I stick Fail2ban, the WP Fail2ban plugin and CloudFlares firewall service together?
APIs FTW!
APIs are the solution for nearly every problem. Like others, CloudFlare offers an API that can be used to automate tasks. In this case, I use the API to add entries to the CloudFlare firewall. Or honestly: Someone wrote a Fail2ban action that do this for me.
First of all, you have to install the WP Fail2ban plugin. That is easy. Simply install the plugin. Then copy the wordpress-hard.conf from the plugin directory to the filters.d directory of Fail2ban.
Please note, that in my case, the plugin logs to /var/log/messages. The action is “cloudflare”. To allow Fail2ban to work with the CloudFlare API, you need the CloudFlare API Key. This key is uniqe for every CloudFlare account. You can get this key from you CloudFlare user profile. Go to the user settings and scroll down.
Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0
Open the /etc/fail2ban/action.d/cloudflare.conf and scroll to the end of the file. Add the token and your CloudFlare login name (e-mail address) to the file.
Last step is to tell the WP Fail2ban plugin which IPs should be trusted. We have to add subnets of the CloudFlare CDN. Edit you wp-config.php and add this line at the end:
/** CloudFlare IP Ranges */
define('WP_FAIL2BAN_PROXIES','103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,104.16.0.0/12,108.162.192.0/18,131.0.72.0/22,141.101.64.0/18,162.158.0.0/15,172.64.0.0/13,173.245.48.0/20,188.114.96.0/20,190.93.240.0/20,197.234.240.0/22,198.41.128.0/17,199.27.128.0/21,2400:cb00::/32,2405:8100::/32,2405:b500::/32,2606:4700::/32,2803:f800::/32,2c0f:f248::/32,2a06:98c0::/29');
The reason for this can be found in the FAQ of the WP Fail2ban plugin. The IP ranges used by CloudFlare can be found at CloudFlare.
Does it work?
Seems so… This is an example from /var/log/messages.
Jan 15 20:01:46 webserver wordpress(www.vcloudnine.de)[4312]: Authentication attempt for unknown user vcloudnine from 195.154.183.xxx
Jan 15 20:01:46 webserver fail2ban.filter[4393]: INFO [wordpress-hard] Found 195.154.183.xxx
And this is a screenshot from the CloudFlare firewall section.
Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0
Another short test with curl has also worked. I will monitor the firewall section of CloudFlare. Let’s see who’s added next…
Important note for those, who use SELinux: Make sure that you install the policycoreutils-python package, and create a custom policy for Fail2Ban!
[root@webserver ~]# grep fail2ban /var/log/audit/audit.log | audit2allow -M myfail2banpolicy
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i myfail2banpolicy.pp
A strong indicator are errors like this in /var/log/messages:
Jan 22 12:06:03 webserver fail2ban.actions[16399]: NOTICE [wordpress-hard] Ban xx.xx.xx.xx
Jan 22 12:06:03 webserver fail2ban.action[16399]: ERROR curl -s -o /dev/null https://www.cloudflare.com/api_json.html -d 'a=ban' -d 'tkn=7c8e62809d4183931347772b366e621003c63' -d 'email=patrick@blazilla.de' -d 'key=xx.xx.xx.xx' -- stdout: ''
Jan 22 12:06:03 webserver fail2ban.action[16399]: ERROR curl -s -o /dev/null https://www.cloudflare.com/api_json.html -d 'a=ban' -d 'tkn=7c8e62809d4183931347772b366e621003c63' -d 'email=patrick@blazilla.de' -d 'key=xx.xx.xx.xx' -- stderr: ''
Jan 22 12:06:03 webserver fail2ban.action[16399]: ERROR curl -s -o /dev/null https://www.cloudflare.com/api_json.html -d 'a=ban' -d 'tkn=7c8e62809d4183931347772b366e621003c63' -d 'email=patrick@blazilla.de' -d 'key=xx.xx.xx.xx' -- returned 7
Jan 22 12:06:03 webserver fail2ban.actions[16399]: ERROR Failed to execute ban jail 'wordpress-hard' action 'cloudflare' info 'CallingMap({'ipjailmatches': <function <lambda> at 0x7f49967edc80>, 'matches': '', 'ip': 'xx.xx.xx.xx', 'ipmatches': <function <lambda> at 0x7f49967edde8>, 'ipfailures': <function <lambda> at 0x7f49967edc08>, 'time': 1485083163.0328701, 'failures': 2, 'ipjailfailures': <function <lambda> at 0x7f49967eded8>})': Error banning xx.xx.xx.xx
You will find corresponding audit messages in the /var/log/audit.log:
This posting is ~7 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.
As a frequent reader of my blog, you might have noticed that vcloudnine.de was unavailable from time to time. Reason for this was, that my server was running out of memory at night.
The OOM killer selects the process, that frees up the most memory, and that is the least important to the system. Unfortunately, in my case it is Apache or MySQL. On the other hand: Killing these processes have never brought back the system to life. But that is another story. Something has consumed so much memory at night, that the OOM killer had to start its deadly work.
Checking the logs
The OOM has started its work at ~5am, and it killed the httpd (Apache).
And there were a lot more attempts… I did a short check of older log files. It was not the first OOM killer event, and the log entries were smoking gun. Especially the POST for wp-login.php.
The number below the command is the number of the POST requests logged in the access_log. The current access_log starts on Jan 08 2017. And since start, there are alreay 876 POST requests to wp-login.php. Looks like a brute force attack.
So there is nothing wrong with the sever setup, it simply breaks down during a brute force attack.
This posting is ~7 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.
The year 2016 is coming to an end (thank god…). 2016 was a difficult year. One of my goals for 2016 was to write more PowerShell code and to learn Python. I missed both goals. But hey, at least I cleaned up my Git account.I renewed my VCP by passing VCP6 in the first attempt, and I took the VCP7-DTM beta exam (no results yet). Since I am not the guy who attends conferences, I was not attending VMworld in Barcelona or HPE Discover in London. In fact: I was no at no conference or vendor roadshow, because I had an ass full of work.
My blog got round about 1/3 more page views than in 2015. That way my goal for 2016. I’m very happy about that. Thank you!
I definitely missed my goal to write more blog posts. As you can see, I have written a bit more than last year. But as long not as much as I wanted. I always have enough posts in my draft folder. But I’m constantly wondering if it is worth writing about this or that topic. I usually write about things that happen to me in the job. No product reviews, nothing about architecture or C-level things, less about development, design or how something works. Maybe that’s my problem. Let’s see if I can change this in 2017.
I constantly optimized vcloudnine.de in 2016. The result is quite good. Thanks to Eric Siebert for his input.
Patrick Terlisten/ www.vcloudnine.de/ Creative Commons CC0
These are some of my most popular blog posts (according to Google). Fun fact: Only one is related to VMware and today obsolete.
This posting is ~7 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.
Over the last weeks, I’ve tried to improve the performance of my blog. The side was very slow and the page load times varied between 5 and 10 seconds. Much too long! I’ve reduced time consuming plugins, checked the size of pictures, checked CSS and HTML for misconfiguration/ slow clode and tuned the database. The page load times have not really improved.
Yesterday, I checked the httpd.conf on my webserver and found a little typo (accidentally commented line). After a restart of the Apache webserver, the page load times have dramatically improved (down to 2 – 3 seconds). What had happened?
HTTP keep-alive
HTTP keep-alive, sometimes also called “HTTP persistent connection”, was designed to transfer multiple HTTP requests and responses over a single TCP connection. This is much better as opening a new connection for every single request/ response pair. The benefits of HTTP keep-alive are:
lower CPU usage
lower memory usage
reduced latency due to reduced requests/ handshaking
These benefits are even more important, if you use HTTPS connections (and vcloudnine.de is HTTPS-only…), because each new HTTP connection needs much more CPU time and round-trips compared to an unsecure HTTP connection. This little picture clarifies the differences.
Wikipedia/ wikipedia.org/ Public domain image resources
If you’re using Apache, you can enable HTTP keep-alive with a single line in the httpd.conf.
KeepAlive On
Further information can be found in the documentation of Apache (Apache webserver 2.2 and 2.4).
This is the seventh year that Eric has organized and conducted the annual Top vBlog contest. He put so much work into this contest and this should be be recognized. I also like to thank the sponsor Infinio for supporting this contest.
2015 was the second year in which I partaken the Top vBlog contest, but vcloudnine.de was on the voting list for the fist time. I started this blog in 2014 so I was on the “Newcomer” list of the contest. I’m always trying to create valuable content. This isn’t easy and often a draft is thrown to trash. I hope vcloudnine.de was chosen because of valuable content and not because voters like me. ;) This year’s Top vBlog poll brought us a lot changes. Eric has leaked some details in a blog post short before the announcement:
60% more votes than 2014
30% more blogs on the voting list
7 changes in the top 10
4 blogs in the top 25 that were not in there last year
2 blogs in the top 25 that were newcomers this year
1 blog new to the top 10
Congratulations to…
“Out of competition”: Duncan Epping (VCDX #007) and yellow-bricks.com for “defending” 1st place. Does anyone doubt it? Not really, right? ;) Congrats Duncan!
I am particularly happy for Derek Seaman (VCDX #125). His blog is a gold mine of content and he’s generating more and more (read his vSphere 6.0 series). Congrats Derek, #7 is totally deserved!
Congrats to Melissa Palmer for winning the “Best new blog” category. Keep on blogging, Melissa!
Congrats to Chris Wahl (VCDX #104) for winning the “Best indipendant blogger” category. Reading his blog is always a pleasure!
Also well deserved: Brian Madden has won the “Best VDI blog” category. His blog is an awesome resource if you deal with VDI!<in/p>
Honestly: That William Lam has won in the category “Best scriping blog” and Cormac Hogan in the “Best storage blog” category was no suprise for me. Totally deserved, guys!
I am very happy to see that some bloggers that I have on my reading list, ranked up in the list. You can find the results of the Top vBlog 2015 contest here. Congrats to all participant and thanks again to Eric Siebert!
To make the long story short…
I’m happy and disappointed at the same time. vcloudnine.de landed on place 133. Not the worst placement for a new blog. But I have missed my personal goal to be placed under the top 100. I’d like to thank all, that have voted for vcloudnine.de. This is a great motivation to work harder and to create more valuable content. Thank you all!
This posting is ~9 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.
If you are a frequent reader of virtualization blogs, then you may have heard about the vLaunchPad. It lists hundreds of VMware & virtualization blogs, as well as links to resources and other material. The vLaunchPad is managed by Eric Siebert (@ericsiebert, vsphere-land.com) and he organizes year for year the annual Top vBlog voting contest. This year the Top vBlog contest is sponsored by Infinio.
In the 2014 voting my “old” blog was voted on place 292 of 320. I should mention that blazilla.de had only german-language content. In a community, where english is the predominating content language, this result may not surprise. If you are interested in last year’s results, you can find them here. In 2014 I have started vcloudnine.de, but I didn’t nominated it for the 2014 voting. Instead, I nominated blazilla.de for the Top vBlog 2014 contest. This year the tables turned and I have nominated vcloudnine.de for the categories:
Best new blog (Blog started in 2014), and
Best independent blogger (Can’t work for VMware or a hardware/software vendor)
As always all blogs that are listed on the vLaunchPad are included in the general voting. I don’t have a goal for the voting, but a place between #49 and #100 would be nice. ;)
Some short sentences about vcloudnine.de:
vcloudnine.de is the personal blog of Patrick Terlisten. The site has a strong focus on virtualization, storage, networking and IT infrastructure in general. The main driver of this blog is to share knowledge and write about topics, that I think is worth mentioning. The views expressed anywhere on this site are mine and not the opinions and views of my employer or a vendor.
The predominating topics on vcloudnine.de are VMware, HP Storage, HP Data Protector, networking in general and Microsoft Exchange.
Andreas Lesslhumer (@lessi001, running-system.com) has created a nice statistic for 2014: Virtualization blogs 2014 by numbers. The statistic is based on the blogs, that are listed on the vLaunchPad. vcloudnine.de was one of the 28 blogs, that published more than 100 blog posts in 2014. In 2015 I published 13 blog posts so far. But to be honest: It’s not about the number of posts you publish – the content matters! So if you vote for a blog, vote for the content, not the number of published posts or the author.
Check out the Top vBlog 2015 landing page and don’t forget to vote for your favorite blogs! The voting will start soon!
This posting is ~9 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.
The days at the year’s end are usually the time to look back and to draw a resume.
I blogged on blazilla.de for nearly 7 years, but in December 2013 I decided that it was time for a new beginning: New blog platform, new content, another language, but the same topics. In January 2014 I started vcloudnine.de.
Some statistics
Until today, I wrote about 100 blog posts. According to Google Analytics, these are my Top 10 most visited blog posts for 2014:
Since January vcloudnine.de was visited about 90.000 times. I think this isn’t a bad score for a new blog and I hope that it will be much more in 2015. Most visitors came from the US. These are the Top 5 countries:
United States
Germany
United Kingdom
France
Netherlands
Most of them used Google Chrome to access vcloudnine.de (this has really suprised me…). And someone regulary visited vcloudnine.de with a BlackBerry. These are the Top 5 used browser to access vcloudnine.de:
Chrome
Firefox
Internet Explorer
Safari (including in-app)
Opera
I’m curious how vcloudnine.de will develop in the future.
Final words for 2014
This blog deals with my work. Because of this, the final words for 2014 are mainly written from the job perspective. 2014 was also the first full year back in the office, after working for more than four years mainly for a enterprise customer as an Infrastructure Architect. 2013 was a transitional year, but 2014 has surprised and disappointed me in different ways. From the career perspective, I can’t say much good about 2014. I hope 2015 will be better.
On the other hand, 2014 was a successful year: I finished my a degree at the FernUniversität Hagen. I’m a bit proud of this. The majority doesn’t finish the study at the FernUniversität Hagen. Many give up because of the double burden of study, job and family. 2014 was also the year of recertification. Between September and October I passed five exams and recertified my HP Master ASE, my DataCore DCIE, VMware VCP and I also achieved my first Juniper certification. Since April 2014 I’m a vExpert. This award has made me incredibly proud. I got so many positive feedback because of this and it has motivated me in many ways.
I look forward to your feedback. Drop me an email or a comment. I wish you and your family all the best. Enjoy the holidays and we will see us again in 2015.
This posting is ~10 years years old. You should keep this in mind. IT is a short living business. This information might be outdated.
… about virtualization, storage, networking and IT infrastructure in general. Is that really necessary? Yes! To be honest, this is my second attempt. I’m blogging for nearly seven years on blazilla.de. It’s a well-frequented german blog with a strong focus on HP, Storage, DataCore, VMware and other technical topics. Blogging about technology you’re working with is a good way to share, recap and internalize knowledge. Sharing knowledge is a main driver of the scientific and IT community. If you’re writing about something and you share it, you can give something back to the community. So why the hell do I start a second blog? Because I can. ;) blazilla.de is a blog that is mainly focused on the german IT community. This blog is my attempt to get more visible to the international community and give something back to it. I’m not a native English speaker. But I will try my best. I hope you enjoy this blog. :)
To change your privacy setting, e.g. granting or withdrawing consent, click here:
Settings
I, Patrick Terlisten (Place of residence: Germany), would like to process personal data with external services. This is not necessary for using the website, but allows me to interact even more closely with them. If desired, please make a choice:
I, Patrick Terlisten (Place of residence: Germany), would like to process personal data with external services. This is not necessary for using the website, but allows me to interact even more closely with them. If desired, please make a choice:
Analysis / Statistics (1 Service)
Anonymous evaluation for troubleshooting and further development
