Installing Consul Server on CentOS

A simple guide to deploying Consul Agent in Server mode on CentOS 7:
Consulcentos

Syntax: Any values in []’s should be replaced and the []’s not included.

First let’s do a yum update and grab a couple of extra packages!

yum -y update
yum -y install unzip wget

Next let’s download and unpack Consul and Consul Web UI (this will download 0.6.4, I recommend you check the Consul site for updated versions).

mkdir /tmp/bin
cd /tmp/bin
wget https://releases.hashicorp.com/consul/0.6.4/consul_0.6.4_linux_amd64.zip
wget https://releases.hashicorp.com/consul/0.6.4/consul_0.6.4_web_ui.zip
unzip consul_0.6.4_web_ui.zip
unzip consul_0.6.4_linux_amd64.zip
rm *.zip

Move Consul binaries and UI to appropriate folders and create config directories. Note I create both bootstrap and server config directories, the server config will be used in normal operation whilst the bootstrap will be used incase of cluster failure.

mkdir /var/consul
mkdir -p /home/consul/www
mkdir -p /etc/consul.d/{server,bootstrap}
mv consul /usr/local/bin/
mv index.html /home/consul/www/
mv static/ /home/consul/www/

Create startup config files:

touch /etc/consul.d/bootstrap/config.json /etc/consul.d/server/config.json

Server config.json example:

{
    "advertise_addr": "[SERVER IP]",
    "bind_addr": "[SERVER IP]",
    "domain": "[DOMAIN NAME]",
    "bootstrap_expect": 3,
    "server": true,
    "datacenter": "[DATACENTRE ID]",
    "data_dir": "/var/consul",
    "encrypt": "ENCRYPT KEY",
    "dns_config": {
        "allow_stale": true,
        "max_stale": "15s"
    },
    "retry_join": [
        "[LIST OF OTHER CONSUL SERVER IP's]",
        "[LIST OF OTHER CONSUL SERVER IP's]"
    ],
    "retry_interval": "10s",
    "retry_max": 100,
    "skip_leave_on_interrupt": true,
    "leave_on_terminate": false,
    "ports": {
        "dns": 53,
        "http": 80
    },
    "recursor": "[IP FOR FORWARD DNS LOOKUPS]",
    "ui_dir": "/home/consul/www",
    "rejoin_after_leave": true,
    "addresses": {
        "http": "0.0.0.0",
        "dns": "0.0.0.0"
    }
}

Bootstrap config.json example:

{
    "bootstrap": true,
    "server": true,
    "datacenter": "[DATACENTRE ID]",
    "data_dir": "/var/consul",
    "encrypt": "[ENCRYPT KEY]",
    "skip_leave_on_interrupt": true,
    "leave_on_terminate": false,
    "advertise_addr": "[SERVER IP]",
    "bind_addr": "[SERVER IP]",
    "domain": "[DOMAIN NAME]"

}

Configure consul agent to run as a service.

nano /etc/systemd/system/consul.service

[Unit]
Description=consul agent
Requires=network-online.target
After=network-online.target

[Service]
EnvironmentFile=-/etc/sysconfig/consul
Environment=GOMAXPROCS=2
Restart=on-failure
ExecStart=/usr/local/bin/consul agent -config-dir=/etc/consul.d/server -rejoin
ExecReload=/bin/kill -HUP $MAINPID
KillSignal=SIGTERM

[Install]
WantedBy=multi-user.target

Start Service

systemctl start consul.service
systemctl enable consul

That’s it Consul agent is running in server mode. You should repeat the above process to build each server in your consul cluster, a minimum of 3 servers is recommenced for quorum, 5 is better.

Once you’ve built all your server nodes confirm Consul cluster status:

# consul members
Node             Address           Status  Type    Build  Protocol  DC
consul01   192.168.0.1:8301        alive   server  0.6.4  2         DCA
consul02   192.168.0.2:8301        alive   server  0.6.4  2         DCA
consul03   192.168.0.3:8301        alive   server  0.6.4  2         DCA

Let’s check the service status through the WebUI too:
consul
 
 
 
 
 
 
 
 
 
 
 
 
Looks good, let’s try DNS resolution with dig:

# dig consul.service.adambonny.com.

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> consul.service.adambonny.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42047
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;consul.service.adambonny.com. IN    A

;; ANSWER SECTION:
consul.service.adambonny.com. 0 IN   A       192.168.0.2
consul.service.adambonny.com. 0 IN   A       192.168.0.1
consul.service.adambonny.com. 0 IN   A       192.168.0.3

;; Query time: 1 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)

As you can see the consul service resolves to 3 A records one for each of our servers.

Hopefully your Consul cluster is working as expected too! Next we'll take a look at installing a Consul Client complete with a new service.

Cheers.

Automated ESXi service restarts using Plink

I needed to restart the ESXi management services each night for a few weeks and didn’t fancy logging in myself. Turns out you can do this easily using Plink.

Grab a copy from here. Then simply setup a scheduled task to run Plink using the following options:

plink.exe [ESXi Hostname] -batch -ssh -l [username] -pw [password] "services.sh restart"

This will cause Plink to open an SSH session to the ESXi host and execute the services.sh restart command.

Cheers!

Happy Halloween!

Halloween

How to Identify an Unknown Hash

Hash Identifier logoContinuing the theme of hashes lets look at how we can use the “Hash Identifier” tool to determine which algorithm was used to generate a hash.

You can download the tool from here, you’ll also need Python which you can get from here.

Test Hashes:

The plan is to pass the following four hashes through HashID to see how accurate its suggestions are. The test hashes have been generated using four separate algorithms which are revealed in the results.

62163b3694fff97209c48ccc195e04f9e40fff1893fad83275739ba394003dfc
e0734de7a4e8bdb219f3d4935a1c64cc
0ed43e25f742ee0c49d33f9c519fb164ce14866497c3e414c8d95b5ac23525dd54566565bd77f7c3dcf22ad19020092
e209583a1dba302441c9abe5ea6eac6b8
$H$9x8cOSfMfr202yHvWuU/oKdJcBSrLM1

Running Hash Identifier:

Running HashID gives the following prompt:

Hash ID

Let’s paste in the hashes and see what suggestions we get:

-------------------------------------------------------------------------
 HASH: 62163b3694fff97209c48ccc195e04f9e40fff1893fad83275739ba394003dfc

Possible Hashs:
[+] SHA-256
[+] Haval-256
-------------------------------------------------------------------------
HASH: e0734de7a4e8bdb219f3d4935a1c64cc

Possible Hashs:
[+] MD5
[+] Domain Cached Credentials - MD4(MD4(($pass)).(strtolower($username)))
-------------------------------------------------------------------------
HASH: 0ed43e25f742ee0c49d33f9c519fb164ce14866497c3e414c8d95b5ac23525dd54566565b
d77f7c3dcf22ad19020092e209583a1dba302441c9abe5ea6eac6b8

Possible Hashs:
[+] SHA-512
[+] Whirlpool
------------------------------------------------------------------------- 
HASH: $H$9x8cOSfMfr202yHvWuU/oKdJcBSrLM1 

Possible Hashs: 
[+] MD5(phpBB3)

Results:

Hash: 62163b3694fff97209c48ccc195e04f9e40fff1893fad83275739ba394003dfc
HashID Suggestions: SHA-256 or Haval-256
Algoritum Used: SHA-256

Hash: e0734de7a4e8bdb219f3d4935a1c64cc
HashID SuggestionsMD5 or Domain Cached Credentials – MD4(MD4(($pass)).(strtolower($username)))
Algoritum Used: MD5

Hash: 0ed43e25f742ee0c49d33f9c519fb164ce14866497c3e414c8d95b5ac23525dd54566565bd77f7c3dcf22ad19020092
e209583a1dba302441c9abe5ea6eac6b8
HashID Suggestions: SHA-512 or Whirlpool
Algoritum Used: Whirlpool

Hash: $H$9x8cOSfMfr202yHvWuU/oKdJcBSrLM1
HashID Suggestion: MD5(phpBB3)
Algoritum Used: MD5(phpBB3)

As you can see HashID successfully guessed all 4 hashes!

Unfortunately its guesses do get a little more wild when given more exotic hashes but in general it’s a great starting point.

-Cheers

© Copyright Adam Bonny