Automation

Keith Smith - My Blog - Twitter @_KeithIT > Automation

Let's Encrypt redirect with KEMP load balancer

Sunday, November 10, 2019 - Posted by Keith A. Smith, in Network, Automation, Microsoft

PKI Management is a huge PITA, in a near future I will post how I've automated PKI renewals and installation of certificates. In this post I wanted share a method managing certificate renewals in an environment that has multiple web servers and a KEMP load balancer in front with a central server for certificate management. The Load balancer rules will send traffic with the /.well-known/acme-challenge/ to the certificate management server and all other 80 traffic gets redirected to 443.

You will need to create a virtual service with two subVS's.

Open the virtual service then add the first SubVSs

The first subVS weight should be 1100 and Not Available Redirection Handling Error code set to 302 and the Redirect URL set to https://%h%s.

The second SubVS has a weight of 1000 and has the IIS server I use to create my Let's Encrypt certs set as the real server.

Create a content rule named Lets_Encrypt, Rule Type is Content Matching, Match Type is Regular Expression, Header Field is left blank, Matching String is /^\/.well-known/ and ignore case is checked.

Now enabled Content Switching at the VS. I then added all my Content rules for my domains to the first SubVS so they will be redirected to HTTPS then I added the Lets_Encrypt Content Rule to the second SubVS.

To download the exported file, visit my github repo https://github.com/KeithIT-Dev/Kemp

-End

0 Comments
Share Post

Auto share requests to users in the field 'email ids to notify'

Monday, October 28, 2019 - Posted by Keith A. Smith, in Automation

I have implemented the ManageEngine ServiceDesk numerous times over the past few years. In the most recent instance, I created a tiered structure and escalation process for the technicians. The technicians at tier1 would need to escalate any request that is beyond their scope of the resolution.

The Challenge
The challenge was that when their requests were escalated to tier2, they would lose visibility to the request unless the request was shared with them. To share the request, they would input their e-mail into the "e-mail Id(s) to notify" field on the request, then click on share request and add themselves to the request before the request is escalated. These steps were time-consuming, and it took many clicks to accomplish this task.

The Solution

To make this process more efficient, I have published the python code that will set up an auto-share to users in the "e-mail Id(s) to notify" field on the request.

The Steps

To get this to work you need to

Install the newest version of python on the server that has the ManageEngine ServiceDesk installed, be sure to click the custom installation option during the setup. You will need to install all the optional features along with all the advanced options during the setup.
Reboot the server
Clone or Download the master branch from the GitHub repo https://github.com/KeithIT-Dev/ManageEngineServiceDesk.git or run a git clone https://github.com/KeithIT-Dev/ManageEngineServiceDesk.git
Place all the files and folders from the python libs in the Python\Lib\site-packages folder on your server
Place KeithAutoShareRequest.py in the \ManageEngine\ServiceDesk\integration\custom_scripts folder on your server
Generate an api key that doesn't expire and copy it to notepad, you can generate this api key from within the ManageEngine ServiceDesk.
You need to edit the KeithAutoShareRequest.py, inside this script you need to add the api key you generated on line 17 and update line 13 with URL of your ServiceDesk instance.
Create a folder named request in \ManageEngine\ServiceDesk\integration\custom_scripts folder on your server
Now login to your ManageEngine ServiceDesk and go to the admin tab then click on the custom trigger under the helpdesk customizer
Click the add new action button
Match the settings as the same as the screen shot below

-End

0 Comments
Share Post

Escalations with the ManageEngine Servicedesk Plus

Thursday, August 22, 2019 - Posted by Keith A. Smith, in Automation

There is currently two ways to configure escalations with the ManageEngine Servicedesk Plus. One way is to configure SLA actions which you can do by watching this video https://www.youtube.com/watch?v=H6wAgjA5dGQ

What I'm going to focus on here is the way to create a manual escalation triggered by a technician in the ManageEngine Servicedesk Plus. The first thing you need to do is create a support group, e.g., Escalations - District technicians Tier2 then add the technicians you want to the group. Now you need to create a business rule with the following settings

The settings in this rule will execute during any request creation and edit at any time. Also, the criteria are to match all the group to perform action changes to the status on the request to "Escalated - In Progress" and set the level as "Level3".

Now to test this, you could use a requester account to login to the ServiceDesk then raise a request. Now logout of the ServiceDesk and login into the ServiceDesk with a technician account that is not in the Escalations - District technicians Tier2 group. Locate the request and open it, now change the group to Escalations - District technicians Tier2 and save your changes. You should see that the level was set to level3, the group has changed to Escalations - District technicians Tier2 and the status says Escalated - In Progress. If you have technician auto-assign setup, it will automatically assign a technician from the Escalations - District technicians Tier2 group. You can also confirm these actions by reviewing the history tab on the request.

That's it. I hope this helps out a few people.

-End

0 Comments
Share Post

Installing Python 2 on Mac OS X

Thursday, October 11, 2018 - Posted by Keith A. Smith, in Automation, Linux

OS X comes with a large number of UNIX utilities, those familiar with Linux systems will notice one key component missing: a decent package manager. Homebrew fills this void.

Homebrew is a package manager for OS X. A package is a collection of code files that work together. Installing them usually means running a script (a bit of code) that puts certain files in the various directories. A lot of the packages you will want are going to have dependencies. That means they require you to have other packages already installed on your computer. Homebrew will find and install dependencies for you AND it will keep them organized in one location AND it can tell you when updates are available for them. On top of all of that it gives super helpful instructions when everything doesn't go smoothly. You can read more about it at Homebrew's website. For now, install Homebrew using the following line of code:

$ /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

The script will explain what changes it will make and prompt you before the installation begins. Once you’ve installed Homebrew, insert the Homebrew directory at the top of your PATH environment variable. You can do this by adding the following line at the bottom of your ~/.profile file

export PATH="/usr/local/bin:/usr/local/sbin:$PATH"

Now, we can install Python 2.7:

$ brew install python@2

Because python@2 is a “keg”, we need to update our PATH again, to point at our new installation:

export PATH="/usr/local/opt/python@2/libexec/bin:$PATH"

Homebrew names the executable python2 so that you can still run the system Python via the executable python.

$ python -V   # Homebrew installed Python 3 interpreter (if installed)


$ python2.7 -V  # Homebrew installed Python 2 interpreter


$ python3 -V  # Homebrew installed Python 3 interpreter (if installed)

-End

0 Comments
Share Post

Active Directory Topology Diagrammer

Thursday, May 17, 2018 - Posted by Keith A. Smith, in Automation, Microsoft

Overview

Have you ever wondered…what does our Active Directory structure really look like? Do you want to automate the process of creating a diagram of Active Directory OU? As described on Microsoft’s download page for Active Directory Topology Diagrammer:

The Microsoft Active Directory Topology Diagrammer reads an Active Directory configuration using LDAP, and then automatically generates a Visio diagram of your Active Directory and /or your Exchange Server topology. The diagrams may include domains, sites, servers, organizational units, DFS-R, administrative groups, routing groups and connectors and can be changed manually in Visio if needed.

If you need to create Active Directory drawings for Visio, then this is the utility that is going to do it for you in really detailed fashion.

You Don’t Create the Drawings From Inside Visio
Previous versions of Visio made connections into different data sources. For instance, you could ping networks and connect up to Active Directory. Visio 2016 does not connect up to Active Directory directly, and the Active Directory Topology Diagrammer does not operate from inside Visio.

After downloading the AD Diagrammer, you run it independently. You actually don’t even need Visio on your machine unless you want to edit the diagrams. If you just want to view them, you can just use the Visio Viewer, or upload them to a SharePoint site with Visio Services enabled.

Running the Active Directory Topology Diagrammer

To create your Active Directory diagrams, start the AD Topology Diagrammer and provide it with the domain name in the Global Catalog Server / DNS Domain Name section of the main window. The tabs let you specify which parts of the directory information you want to diagram. You can also choose to update the drawings that are already there or to create new drawings. You can also choose whether or not to diagram the trusted domains, or just provide the details for the trusts. Choose whether you want your diagram to include user counts for each domain diagrammed.

For OU options, you can limit the number of levels to search in an OU and you can also include the names of any GPOs that are applied to an OU.

Options that you can set in the Sites tab let you decide if you want site connections listed, including empty sites, and whether or not to include subnet information in the AD diagrams being created. You can also specify whether or not to include all possible site connections for cases where the sites have more than 2 connections.

The Exchange tab allows the utility to connect into your Exchange Server to diagram the message connectors, as well as options like counting the number of mailboxes per server and overwriting the Routing Group information with AD Sites instead.

There’s only one options for diagramming the application partition, and that’s whether or not to diagram it! Make your choice and you’re done with this tab.

Likewise, you only need to set whether or not to include the DFS Replication settings for the DFS-R tab. There are no other options available for this section.
Finally, you can choose to diagram the servers in the AD Structure:

Options for the Server diagramming include whether to include the OS version that the server is running and whether to include the fully qualified domain name. If you’re mapping multiple domains, it may be helpful to color code them based on what domain they’re in.

Set the File Output Options and You’re Ready To Diagram

In the Options menu, you can modify the location of the diagrams. You can specify different locations for each file that’s going to be created for you.