Uly.me

cloud engineer

Archives for June 2021

Sudoers File Explained

You are probably wondering how the sudoers file works. Here’s a simple explanation.

Command

username host=(user:group) tag:commands

Explanation

    • username – the specified user allowed to run commands.
    • host – the specified host the command is allowed to run.
    • user – specifies which users can use the command.
    • group – specifies which groups can run the command.
    • tag – the option allowed. NOPASSWD
    • command – the command allowed to run.

Examples

root    ALL=(ALL) ALL
username ALL=(ALL) ALL
john test=(ALL) NOPASSWD: /bin/useradd
jane ALL=(sales) NOPASSWD: /bin/sh
%sudo ALL=(ALL) ALL
%adgroup ALL=(ALL) ALL

Copy S3 To Another Region

Buckets are regional. Your source and destination buckets should be in different regions.

aws s3 sync s3://DOC-EXAMPLE-BUCKET-SOURCE s3://DOC-EXAMPLE-BUCKET-TARGET

Use the sync command. It will copy new or modified files.

GCP Create SSL Certificate

gcloud compute ssl-certificates create certificate-name \
--description="ssl cert for domain-name.com" \
--domains=domain-name.com \
--certificate=certificate-file \
--private-key=private-key \
--region=us-central1-c \
--global

GCP Update Instance Metadata

How to update an instance metadata in GCP.

gcloud compute instances add-metadata instance-name \
--metadata key-name=value \
--project your-project-id \
--zone us-central1-a

In this example, we are adding enable-oslogin=TRUE.

gcloud compute instances add-metadata instance-name \
--metadata enable-oslogin=TRUE \
--project your-project-id \
--zone us-central1-a

GCP Reserve Alias IP

Make an IP alias reservation.

gcloud compute instances network-interfaces update instance-name \
--zone us-central1-c \
--aliases default:/32 \
--project project-id

Change WordPress URL

There are multiple ways to change URL in WordPress.

Here’s one via wp-config.php.

define( 'WP_HOME', 'http://example.com' );
define( 'WP_SITEURL', 'http://example.com' );

If you have a redirect in Apache, comment it out.

#Redirect permanent / https://yourdomain.com/

This is by far the easiest way to change URL in WordPress.

Terraform GCP Firewall

How to create GCP firewall via Terraform.

Ingress

provider "google" {
    project = "project-id"
}
resource "google_compute_firewall" "default" {
    name    = "test-firewall"
    description = "this is a test firewall"
    priority = "1000"
    direction = "INGRESS"
    network = "projects/project-id/regions/us-east1/subnetworks/default"
    target_service_accounts = ["service-account-compute@developer.gserviceaccount.com"]
    source_ranges = ["10.128.0.0/20"]
    allow {
        protocol = "tcp"
        ports    = ["80", "8080", "1000-2000"]
    }
}

Egress

provider "google" {
    project = "project-id"
}
resource "google_compute_firewall" "default" {
    name    = "test-firewall"
    description = "this is a test firewall"
    priority = "1000"
    direction = "EGRESS"
    network = "projects/project-id/regions/us-east1/subnetworks/default"
    target_service_accounts = ["service-account-compute@developer.gserviceaccount.com"]
    destination_ranges = ["10.128.0.0/20"]
    allow {
        protocol = "tcp"
        ports    = ["80", "8080", "1000-2000"]
    }
}

Service account to Service account.

provider "google" {
    project = "project-id"
}
resource "google_compute_firewall" "default" {
    name    = "test-firewall"
    description = "this is a test firewall"
    priority = "1000"
    direction = "INGRESS"
    network = "projects/project-id/regions/us-east1/subnetworks/default"
    source_service_accounts = ["source-service-account-compute@developer.gserviceaccount.com"]
    target_service_accounts = ["target-service-account-compute@developer.gserviceaccount.com"]
    source_ranges = ["10.128.0.0/20"]
    allow {
        protocol = "tcp"
        ports    = ["80", "8080", "1000-2000"]
    }
}

Tomcat Install

Tomcat requires JRE.

wget jre-8uversion-linux-x64.tar.gz
# or
apt-get install default-jdk

Install Tomcat 8 on Linux.

wget https://mirrors.gigenet.com/apache/tomcat/tomcat-8/v8.5.66/bin/apache-tomcat-8.5.66.tar.gz
tar zxpvf apache-tomcat-8.5.66.tar.gz
cd /opt/tomcat/apache-tomcat-8.5.66/bin/
./startup.sh

Status|Start|Stop|Restart Tomcat.

systemctl status tomcat8
systemctl start tomcat8
systemctl stop tomcat8
systemctl restart tomcat8