Chris Rüttimann joe-speedboat

Using FreeIPA Authentication with OPNSense

Step 1

Go to your IPA admin page and create a new user named opnsense. Log in once on any computer joined to the FreeIPA realm and set their password (since the one you provide upon account creation will be expired), then logout.

Step 2

PSQL

Magic words:

psql -U postgres

Some interesting flags (to see all, use -h):

-E: will describe the underlaying queries of the \ commands (cool for learning!)
-l: psql will list all databases and then exit (useful if the user you connect with doesn't has a default database, like at AWS RDS)

	#!/usr/bin/env bash

	set -Eeuo pipefail
	trap cleanup SIGINT SIGTERM ERR EXIT

	script_dir=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P)

	usage() {
	cat <<EOF
	Usage: $(basename "${BASH_SOURCE[0]}") [-h] [-v] [-f] -p param_value arg1 [arg2...]

	createSnapshotOfAllVms(){
	vim-cmd vmsvc/getallvms \| grep -v Vmid \| awk '{print $1":"$2}' \| grep '^[0-9]' \| while read VM
	do
	VMID=$(echo $VM \| cut -d: -f1)
	vmName=$(echo $VM \| cut -d: -f2)
	echo "INFO: `date '+%Y.%m.%d_%H:%M'`: create Snapshot of VM: $vmName ---"
	echo exec: vim-cmd vmsvc/snapshot.create $VMID backup-`date '+%Y%m%d%H%M%S'` includeMemory
	vim-cmd vmsvc/snapshot.create $VMID backup-`date '+%Y%m%d%H%M%S'`
	done
	}

	listAllSnapshots(){
	vim-cmd vmsvc/getallvms \| grep -v Vmid \| awk '{print $1":"$2}' \| grep '^[0-9]' \| while read VM
	do
	VMID=$(echo $VM \| cut -d: -f1)
	vmName=$(echo $VM \| cut -d: -f2)
	echo
	echo "INFO: `date '+%Y.%m.%d_%H:%M'`: snapshots of VM: $vmName ---"
	vim-cmd vmsvc/get.snapshot $VMID \| egrep 'name = \|createTime = ' \| sed 's/createTime = / createTime = /'
	done
	}

	shutdownWaitvmName (){
	vmName=$1
	vmId=`vim-cmd vmsvc/getallvms \| grep " $vmName " \| cut -d\ -f1`
	echo $vmId \| grep -q '[0-9]'
	if [ $? -ne 0 ]
	then
	echo "vm $vmName not found"
	return 1
	exit 1
	kill -9 $$

	thincopy (){
	FROM="$1"
	TO="$2"
	mkdir -p "$TO"
	echo "INFO: tincopy $FROM/ $TO/$F"
	find "$FROM" -type f -not -iname '*.vmdk' -exec cp -a "{}" "$TO/" \;
	find "$FROM" -type f -iname '*.vmdk' \| while read vmdk
	do
	F="`basename $vmdk`"
	vmkfstools -i "$vmdk" -d thin "$TO/$F"

	startupVmName (){
	vmName=$1
	echo "`vim-cmd vmsvc/getallvms \| grep " $vmName " \| cut -d\ -f1 \| xargs vim-cmd vmsvc/power.on` $vmName"
	}

	removeAllSnapshots(){
	vim-cmd vmsvc/getallvms \| grep -v Vmid \| awk '{print $1":"$2}' \| grep '^[0-9]' \| while read VM
	do
	VMID=$(echo $VM \| cut -d: -f1)
	vmName=$(echo $VM \| cut -d: -f2)
	echo "INFO: `date '+%Y.%m.%d_%H:%M'`: search Snapshots of VM: $vmName ---"
	vim-cmd vmsvc/get.snapshot $VMID \| grep -A5 'snapshot = ' \| sed '/id =/!d;s/.*id = //g;s/,//g' \| while read SNAPID
	do
	echo exec: vim-cmd vmsvc/snapshot.remove $VMID $SNAPID
	vim-cmd vmsvc/snapshot.remove $VMID $SNAPID

	// Retrieve the machine properties ------------------
	var machine = payload.get("machine");
	if(machine == null) {
	throw("no machine found in payload, burn with fire!");
	}
	var machineProperties = machine.get('properties');
	vmName = machine.get('name'); // vra vm hostname

	// Find vcacVm and its relatives ---------------------
	var virtualMachineId = machine.get("id");