• Skip to main content

Uly.me

cloud engineer

  • Home
  • About
  • Archives

Archives for October 2020

GCP SSL Certificates

October 29, 2020

Here’s how to create a regional SSL Certificate.

gcloud compute ssl-certificates create my-ssl-cert \
--description "describe ssl certificate" \
--domains=domain1.com,domain2.com \
--certificate=cert.pem \
--private-key=private.key \
--region=us-central1

gcloud compute ssl-certificates create my-ssl-cert \ --description "describe ssl certificate" \ --domains=domain1.com,domain2.com \ --certificate=cert.pem \ --private-key=private.key \ --region=us-central1

List the SSL certificates.

gcloud compute ssl-certificates list --project=project-id

gcloud compute ssl-certificates list --project=project-id

Describe the SSL certificate.

gcloud compute ssl-certificates describe my-ssl-cert \
--region=us-central1 \
--project=project-id

gcloud compute ssl-certificates describe my-ssl-cert \ --region=us-central1 \ --project=project-id

Delete SSL certificate.

gcloud compute ssl-certificates delete my-ssl-cert \
--region=us-central1 \
--project=project-id

gcloud compute ssl-certificates delete my-ssl-cert \ --region=us-central1 \ --project=project-id

Filed Under: Cloud Tagged With: certificate, create, delete, describe, gcloud, list, ssl

Check If Domain Joined

October 28, 2020

Here’s the command to check if instance is domain joined.

realm discover domain.com

realm discover domain.com

To check if AD user is working.

id user@ad.example.com

id user@ad.example.com

To check if AD group is working.

getent group ad-group

getent group ad-group

Filed Under: Linux Tagged With: check, domain, join, sssd, user

SCP with a Key

October 22, 2020

SCP is a secure copy utility in Linux. You’ll need access to your system. In this example, a pem key is used to authenticate to a host. SCP copies filename.ext to the home directory of ec2-user. It’s important to add the target directory, otherwise it will not work.

Here’s how to use SCP with a key from local to server.

scp -i key.pem filename.ext user@server:/home/user

scp -i key.pem filename.ext user@server:/home/user

From server to local. Run the command from local machine.

scp user@server:/home/user/file.txt /local/directory

scp user@server:/home/user/file.txt /local/directory

Filed Under: Linux Tagged With: copy, ec2-user, key, pem, scp

AWS S3 Make Object Public

October 21, 2020

Copy object or file to S3 bucket.

aws s3 cp filename.ext s3://bucketname/ --profile your-profile

aws s3 cp filename.ext s3://bucketname/ --profile your-profile

To make it publicly available, run this command.

aws s3api put-object-acl \
--bucket bucket-name \
--key filename.ext \
--acl public-read \
--profile your-profile

aws s3api put-object-acl \ --bucket bucket-name \ --key filename.ext \ --acl public-read \ --profile your-profile

Filed Under: Cloud Tagged With: aws, cli, object, public, s3, s3api

OpenSSL Upgrade

October 19, 2020

Here’s how to upgrade to OpenSSL 1.1 on Redhat/Centos.

# check
openssl version
yum info openssl
# download and install
cd /usr/local/src
wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
tar -zxf openssl-1.0.2-latest.tar.gz
# compile
cd openssl-1.0.2a
./config
make
make test
make install
# update softlink
mv /usr/bin/openssl /root/
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
# verify new version
openssl version

# check openssl version yum info openssl # download and install cd /usr/local/src wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz tar -zxf openssl-1.0.2-latest.tar.gz # compile cd openssl-1.0.2a ./config make make test make install # update softlink mv /usr/bin/openssl /root/ ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl # verify new version openssl version

Filed Under: Linux Tagged With: centos, openssl, redhat, upgrade

SSH Script

October 15, 2020

Here’s my custom ssh script named login.sh using multiple arguments.

#!/bin/bash
if [ $# -eq 0 ]
  then
    echo 'no server supplied'
        exit 1
fi
INPUT=$2
case "$INPUT" in
  abc)
    ssh user1@$1
    ;;
  def)
    ssh user2@$1
    ;;
  *)
    ssh user3@$1
    ;;
esac

#!/bin/bash if [ $# -eq 0 ] then echo 'no server supplied' exit 1 fi INPUT=$2 case "$INPUT" in abc) ssh user1@$1 ;; def) ssh user2@$1 ;; *) ssh user3@$1 ;; esac

How to use with expected outputs.

./login.sh
no server supplied
./login.sh server3 abc
ssh user1@server3
./login.sh server2 def
ssh user2@server2
./login.sh server1
ssh user3@server1

./login.sh no server supplied ./login.sh server3 abc ssh user1@server3 ./login.sh server2 def ssh user2@server2 ./login.sh server1 ssh user3@server1

Filed Under: Linux Tagged With: arguments, case, ssh

AWS Enable Enhance Network Support

October 13, 2020

When changing machine types, you may be asked to enable the latest ENA driver for Enhanced Network Support on an Amazon EC2 instance. There are several instructions depending on the Linux OS flavor. Here are the instructions to enable. In some cases, you may need to rebuild the kernel module. To verify that the ena module is installed, use the modinfo command as shown in the following example.

modinfo ena

modinfo ena

You also may have to enable the enhanced networking attribute on the instance.

aws ec2 modify-instance-attribute --instance-id instance_id --ena-support

aws ec2 modify-instance-attribute --instance-id instance_id --ena-support

Filed Under: Cloud Tagged With: aws, ec2, ena, enable, enhanced, modinfo, network, support

EFS Infrequent Access

October 4, 2020

Just like in S3, you can have to up to 92% in savings if you use Infrequent Access or IA with AWS EFS (Elastic File Storage). You can create a lifecycle policy to move data from standard storage to infrequent access. Files that are not being used after x number of days are then moved to Infrequent Access. The downside is, the data in IA do not count towards gaining burst credits. You will need to keep a certain amount of standard storage to prevent depleting your burst credits.

aws efs put-lifecycle-configuration \
--file-system-id fs-xxxxxxxx \
--lifecycle-policies TransitionToIA=AFTER_30_DAYS \
--region us-east-1

aws efs put-lifecycle-configuration \ --file-system-id fs-xxxxxxxx \ --lifecycle-policies TransitionToIA=AFTER_30_DAYS \ --region us-east-1

Filed Under: Cloud Tagged With: aws, burst, credits, efs, ia, infrequent access

  • Go to page 1
  • Go to page 2
  • Go to Next Page »
  • Home
  • About
  • Archives

Copyright © 2023