Downgraded the package using the full address to the previous version in the salt repo:
yum downgrade https://repo.saltstack.com/yum/redhat/7/x86_64/2016.11/python2-pycryptodomex-3.4.3-2.el7.x86_64.rpm
Fixes associated with Salt 2018.3.1 for Python 2 and Python 3 on Redhat 7 & 6 have been sent to QA.
@romo said in salt-master: error: Failed to load configuration: Cannot load native module 'Cryptodome.Cipher._raw_des':
yum downgrade python2-pycryptodomex-3.4.3-2.el7.x86_64
Can't seem to downgrade
@salt ~]$ sudo yum downgrade python2-pycryptodomex-3.4.3-2.el7.x86_64
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.cenac.ipn.mx
* epel: mirror.compevo.com
* extras: repos-lax.psychz.net
* updates: repos-tx.psychz.net
No package python2-pycryptodomex-3.4.3-2.el7.x86_64 available.
Error: Nothing to do
@heiko said in salt-master: error: Failed to load configuration: Cannot load native module 'Cryptodome.Cipher._raw_des':
I encountered the same problem today upgrading from salt-minion-2017.7.5-1 to salt-minion-2017.7.6-1 on an Redhat Enterprise Linux 7.
The minion won't start and doesn't log anything.
systemctl tells about:
salt-minion: error: Failed to load configuration: Cannot load native module 'Cryptodome.Cipher._raw_des': Trying '_raw_des.so': /usr/li...I guess the problem is not staltstack itself but the Cryptodome lib that received an update aswell.
python -m Cryptodome.SelfTest Traceback (most recent call last): File "/usr/lib64/python2.7/runpy.py", line 162, in _run_module_as_main "__main__", fname, loader, pkg_name) File "/usr/lib64/python2.7/runpy.py", line 72, in _run_code exec code in run_globals File "/usr/lib64/python2.7/site-packages/Cryptodome/SelfTest/__main__.py", line 30, in <module> SelfTest.run(stream=sys.stdout, verbosity=1, config= {'slow_tests' : slow_tests }) File "/usr/lib64/python2.7/site-packages/Cryptodome/SelfTest/__init__.py", line 60, in run tests = get_tests(config=config) File "/usr/lib64/python2.7/site-packages/Cryptodome/SelfTest/__init__.py", line 81, in get_tests from Cryptodome.SelfTest import Cipher; tests += Cipher.get_tests(config=config) File "/usr/lib64/python2.7/site-packages/Cryptodome/SelfTest/Cipher/__init__.py", line 36, in get_tests from Cryptodome.SelfTest.Cipher import test_DES3; tests += test_DES3.get_tests(config=config) File "/usr/lib64/python2.7/site-packages/Cryptodome/SelfTest/Cipher/test_DES3.py", line 30, in <module> from Cryptodome.Cipher import DES3 File "/usr/lib64/python2.7/site-packages/Cryptodome/Cipher/DES3.py", line 57, in <module> """) File "/usr/lib64/python2.7/site-packages/Cryptodome/Util/_raw_api.py", line 191, in load_pycryptodome_raw_lib raise OSError("Cannot load native module '%s': %s" % (name, ", ".join(attempts))) OSError: Cannot load native module 'Cryptodome.Cipher._raw_des3': Trying '_raw_des3.so': /usr/lib64/python2.7/site-packages/Cryptodome/Util/../Cipher/_raw_des3.so: undefined symbol: des3_ecb_decrypt, Trying '_raw_des3module.so': /usr/lib64/python2.7/site-packages/Cryptodome/Util/../Cipher/_raw_des3module.so: cannot open shared object file: No such file or directoryAfter downgrading to the previous version, salt-minion (2017.7.6-1) starts again.
yum downgrade python2-pycryptodomex-3.4.3-2.el7.x86_64However downgrading that package is only a workaround and it will hopefully be fixed soon.
This is my current python2-pycryptodomex installed package, will try to downgrade as well to test it out.
Installed Packages
Name : python2-pycryptodomex
Arch : x86_64
Version : 3.4.11
Release : 2.el7
Size : 16 M
Repo : installed
From repo : saltstack
Summary : Self-contained Python package of low-level cryptographic
: primitives
URL : https://pycryptodome.readthedocs.io
License : Public Domain and BSD
Description : PyCryptodome is a fork of PyCrypto. It brings the following
: enhancements with respect to the last official version of PyCrypto
: (2.6.1):
:
: * Authenticated encryption modes (GCM, CCM, EAX, SIV, OCB)
: * Accelerated AES on Intel platforms via AES-NI
: * First class support for PyPy
: * Elliptic curves cryptography (NIST P-256 curve only)
: * Better and more compact API (nonce and iv attributes for
: ciphers, automatic generation of random nonces and IVs,
: simplified CTR cipher mode, and more)
: * SHA-3 (including SHAKE XOFs) and BLAKE2 hash algorithms
: * Salsa20 and ChaCha20 stream ciphers
: * scrypt and HKDF
: * Deterministic (EC)DSA
: * Password-protected PKCS#8 key containers
: * Shamir’s Secret Sharing scheme
: * Random numbers get sourced directly from the OS (and not from a
: CSPRNG in userspace)
: * Cleaner RSA and DSA key generation (largely based on FIPS 186-4)
: * Major clean ups and simplification of the code base
:
: PyCryptodome is not a wrapper to a separate C library like
: OpenSSL. To the largest possible extent, algorithms are
: implemented in pure Python. Only the pieces that are extremely
: critical to performance (e.g. block ciphers) are implemented as C
: extensions.
:
: Python 2 version.
@matteo-nunziati said in salt-master: error: Failed to load configuration: Cannot load native module 'Cryptodome.Cipher._raw_des':
You seem to miss some encryption libs...
It does look like it, but why? Several months of everything working properly.
Tried forcing the reinstall of the salt and salt-master packages but still no luck.
@emad-r said in salt-master: error: Failed to load configuration: Cannot load native module 'Cryptodome.Cipher._raw_des':
@romo said in salt-master: error: Failed to load configuration: Cannot load native module 'Cryptodome.Cipher._raw_des':
Getting this error on my salt-master (CentOS 7), which is causing it to not being able to start.
salt-master version ? and was it from repo of salt or packages of centos ?
I think getting the repo from salt is better
salt-master is 2018.3.1, used the bootstrap install so salt repo.
Getting this error on my salt-master (CentOS 7), which is causing it to not being able to start.
salt-master: error: Failed to load configuration: Cannot load native module 'Cryptodome.Cipher._raw_des': Trying '_raw_des.so': /usr/lib64/python2.7/site-packages/Cryptodome/Util/../Cipher/_raw_des.so: undefined symbol: des_ecb_decrypt, Trying '_raw_desmodule.so': /usr/lib64/python2.7/site-packages/Cryptodome/Util/../Cipher/_raw_desmodule.so: cannot open shared object file: No such file or directory
Anybody has a clue what could be causing this?
@rojoloco that does change the complexity of the solution then.
Crazy idea, if you have any sort of configuration management tool, you could still do one vm, 3 dnsmasq containers and push manual dns settings via the config-management tool to your users to their respective dns server.
You can use dnsmasq to achieve what you want. It will block all requests except the domains you choose. You have to add the following to your dnsmasq.conf file.
bogus-priv
domain-needed
no-resolv # blocks the usage of your resolv.conf file and hosts files, and only allows upstream servers set in this file.
# Whitelist - will forward dns request to the following domains
server=/mangolassi.it/1.1.1.1 # Dns to which to forward the allowed request
@jaredbusch I am so used to creating my bridges manually I keep forgetting macvtap creates them for you.
@eddiejennings said in Networking and 1U Colocation:
I'm trying to think through how I'd configure my network using a VM on my KVM host as my router/firewall. This is the first draft of how I see this working.
The networks with which I've worked in the past have a firewall that would have one interface with a public IP (100.100.100.2/30) and one with a private IP (192.168.1.1/24), which connects to a switch, which connects to everything else. NAT would be used to direct traffic to specific hosts, such as NATing inbound traffic for 100.100.100.2:80 to a webserver at 192.168.1.10.
I'm trying to wrap my head around how to make that concept work in an virtualized environment where I have a single hypervisor and no networking appliance. I'd obviously have a virtual switch which wouldn't have any connection to a physical NIC on the host for the guest VMs (the 192.168.1.0/24 network). I'd have another virtual switch which would have a connection to the physical NIC. The firewall VM would have a connection to each virtual switch.
The question becomes what NIC receives the public IP address I'll be assigned. My first thought was the interface of the firewall VM that's attached to the virtual switch that's attached to the NIC of the physical host. However, that seems problematic, as at the moment, I don't know how a packet destined for 100.100.100.2 coming in on eth0 of the host would be forwarded to the virtual switch.
There are other questions; however, I think this has to be addressed first.
Maybe try this, lets see if I can explain myself well.
Attach your physical interface to a linux-bridge (lets call it br0) and then assign the br0 interface only to your firewall vm. Set the static address 100.100.100.2 on the vms interface this will be your wan port .
Create a private network and set it to isolated, it will create a virbrX interface in your host. Add an interface to your vm inside the isolated private network (using virbrX), this will be your firewalls lan interface.
Your virtual network gives you internal and host only routing, so you will have access to your guest through this ip range.
Any new vm you create add it interface to be part of your virtual network and set their gateway to your firewall-vms lan port.
I believe that should do what you want.
@lakshmana said in Extract Data from .csv file with Python:
@romo said in Extract Data from .csv file with Python:
pip install pandas
raise DistutilsError("Setup script exited with %s" % (v.args[0],))
distutils.errors.DistutilsError: Setup script exited with error: Microsoft Visual C++ 14.0 is required. Get it with "Microsoft Visual C++ Build Tools": http://landinghub.visualstudio.com/visual-cpp-build-tools
Some of the dependencies when installing it with pip are required to be compiled that is why for beginners it is just better to use either Anaconda or miniconda, especially for a Windows install.
I usually install Anaconda in windows because I use other things included in it and it is the easiest way of having everything setup for you, but it might really be overkill for you to install it because it is pretty big.
You can also install miniconda and download the required packages from it.
The official documentation marks the above two methods as the easiest for beginners but you can also install it from Pypi. pip install pandas
You have to read the file differently, and then read the sheet you want passing the file object and then the sheet name.
DATASET: pandas-test-xlsx, Sheet - Test-Sheet
# Read the whole file
$ file = pandas.ExcelFile('pandas-test.xlsx')
# Specify the file and then the sheet you want to work with
$ mysheet = pandas.read_excel(file, 'Test-Sheet')
# Work with the dataframe now contained in the mysheet variable
$ mysheet
EDIT: Just doubled checked an you can pass the file name as a string to the read_excel function so that would be alot easier.
pandas.read_excel('pandas-test.xlsx', 'Test-Sheet')
Now that I have some free time, I'll give you a simple example of some of the things you can do using pandas.
Our dataset will be all the posts in this topic, scraped and saved into an excel file.
DATASET : pandas-test.xslx
I am going to be using a Jupyter notebook just to make the output clearer.
$ import pandas
$ pandas.read_excel('pandas-test.xlsx')
That is the whole spreadsheet read and basically printed out, but we can't work with that. We need to read the file into a variable and start working with it.
# Reading the file to variable df
$ df = pandas.read_excel('pandas-test.xlsx')
# Printing how many rows and column in the file (rows,columns)
$ df.shape
(11,4)
# Printing the column names
$ df.columns
Index(['Date', 'Time ', 'User', 'Post'], dtype='object')
Only extracting columns - Date and User
$ df[['Date', 'User']]
Lets check how many posts per day
$ df.groupby(['Date'])['User'].count()
Now lets check by day and time
$ df.groupby(['Date', 'Time ']).count()
Lets filter only your posts and create a new csv file based on the data found.
$ subset = df.loc[df['User']=='Lakshmana']
Create a csv file only containing your posts
$ subset.to_csv('Lakshmana-posts.csv')
Final results your new csv file with your posts filtered out.
Lakshmana-posts.csv
EDIT: Just if you need it, an example of filtering by date and user
@lakshmana said in Extract Data from .csv file with Python:
I am new to Python but need to autofilter the data from the excel sheet according to the Engineer name and Age of the tickets in the excel.I need to filter the data above 15 Days and copy to the another sheet of the excel.Is this possible through Python
It is indeed possible to do with python. You have great libraries built just for data analysis and manipulation for cases like this.
@romo said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
@romo said in What Are You Doing Right Now:
Just finished setting up a lab using Cisco's Packet Tracer to recreate layer 3 routing and inter-vlan communication. Everything is working properly according to the desired setup so I think I now know how to fix the problems I was having in the production network.
Is this on the Juniper switches, or a different network?
Juniper switches
Had to build the lab to get proper testing of why the intervlan routing was not working properly when it should.
Have it working perfectly on the cisco equipment so it shouldn't be hard to replicate the setup, at least not on the Juniper equipment. The mess is in the current Fortinet config and policies.
@scottalanmiller said in What Are You Doing Right Now:
@romo said in What Are You Doing Right Now:
Just finished setting up a lab using Cisco's Packet Tracer to recreate layer 3 routing and inter-vlan communication. Everything is working properly according to the desired setup so I think I now know how to fix the problems I was having in the production network.
Is this on the Juniper switches, or a different network?
Juniper switches 
@scottalanmiller said in Networking and 1U Colocation:
@bnrstnr said in Networking and 1U Colocation:
https://www.colocationamerica.com/colocation/1u-colocation.htm
No idea about other colo, but this one has "KVM over IP Included"
Yup, that's who we use and we use that KVM from time to time. Very easy to use.
Really usefull, but I still really hate the old java dependencies that make it not that easy to use until you know to what version you need to downgrade to.
Just finished setting up a lab using Cisco's Packet Tracer to recreate layer 3 routing and inter-vlan communication. Everything is working properly according to the desired setup so I think I now know how to fix the problems I was having in the production network.
I am working in the process and documentation of the decommission of an Exchange 2010 server in a hybrid Office 365 deployment and would like some opinions and experiences from you guys.
Specific Microsoft documentation about the subject:
Decommissioning your Exchange 2010 servers in a Hybrid Deployment
How and when to decommission your on-premises Exchange servers in a hybrid deployment
According to the documentation, fully decommissioning the last Exchange server is not officially supported, especially not when DirSync is in use which it is in this case:
If the last Exchange server is removed, you cannot make changes to the mailbox object in Exchange Online because the source of authority is defined as on-premises. The source of authority refers to the location where Active Directory directory service objects, such as users and groups, are mastered (an original source that defines copies of an object) in a hybrid deployment. If you needed to edit most mailbox settings, you would have to be sure the Active Directory schema was extended on-premises and use unsupported tools such as Active Directory Service Interfaces Editor (ADSI Edit) for common administrative tasks. For example, adding a proxy address or putting a mailbox on litigation hold when there isn’t an Exchange Management Console (EMC) or Exchange Management Shell (Shell) on-premises becomes difficult and these simple (and other more complex) tasks cannot be done in a supported way.
Customers with a hybrid configuration often find after a period of time that all of their mailboxes have been moved to Exchange Online. At this point, they may decide to remove the Exchange servers from on-premises. However, they discover that they can no longer manage their cloud mailboxes.
When directory synchronization is enabled for a tenant and a user is synchronized from on-premises, most of the attributes cannot be managed from Exchange Online and must be managed from on-premises. This is not due to the hybrid configuration, but it occurs because of directory synchronization. In addition, even if you have directory synchronization in place without running the Hybrid Configuration Wizard, you still cannot manage most of the recipient tasks from the cloud.
Even though it is not officially supported they do provide a way to manually remove the hybrid deployment (link 1) and apparently the mailbox objects could be edited with ANSIEdit or other 3rd party tools.
Has anybody had any experience dealing with hybrid setups that would like to comment on their findings and experiences.
