• Skip to main content

Uly.me

cloud engineer

  • Home
  • About
  • Archives

Archives for June 2021

Sudoers File Explained

June 30, 2021

You are probably wondering how the sudoers file works. Here’s a simple explanation.

Command

username host=(user:group) tag:commands

username host=(user:group) tag:commands

Explanation

    • username – the specified user allowed to run commands.
    • host – the specified host the command is allowed to run.
    • user – specifies which users can use the command.
    • group – specifies which groups can run the command.
    • tag – the option allowed. NOPASSWD
    • command – the command allowed to run.

Examples

root    ALL=(ALL) ALL
username ALL=(ALL) ALL
john test=(ALL) NOPASSWD: /bin/useradd
jane ALL=(sales) NOPASSWD: /bin/sh
%sudo ALL=(ALL) ALL
%adgroup ALL=(ALL) ALL

root ALL=(ALL) ALL username ALL=(ALL) ALL john test=(ALL) NOPASSWD: /bin/useradd jane ALL=(sales) NOPASSWD: /bin/sh %sudo ALL=(ALL) ALL %adgroup ALL=(ALL) ALL

Filed Under: Linux Tagged With: access, root, sudo, sudoers

Copy S3 To Another Region

June 22, 2021

Buckets are regional. Your source and destination buckets should be in different regions.

aws s3 sync s3://DOC-EXAMPLE-BUCKET-SOURCE s3://DOC-EXAMPLE-BUCKET-TARGET

aws s3 sync s3://DOC-EXAMPLE-BUCKET-SOURCE s3://DOC-EXAMPLE-BUCKET-TARGET

Use the sync command. It will copy new or modified files.

Filed Under: Cloud Tagged With: another, copy, region, s3

GCP Create SSL Certificate

June 13, 2021

gcloud compute ssl-certificates create certificate-name \
--description="ssl cert for domain-name.com" \
--domains=domain-name.com \
--certificate=certificate-file \
--private-key=private-key \
--region=us-central1-c \
--global

gcloud compute ssl-certificates create certificate-name \ --description="ssl cert for domain-name.com" \ --domains=domain-name.com \ --certificate=certificate-file \ --private-key=private-key \ --region=us-central1-c \ --global

Filed Under: Cloud Tagged With: certificate, gcp, ssl

GCP Update Instance Metadata

June 13, 2021

How to update an instance metadata in GCP.

gcloud compute instances add-metadata instance-name \
--metadata key-name=value \
--project your-project-id \
--zone us-central1-a

gcloud compute instances add-metadata instance-name \ --metadata key-name=value \ --project your-project-id \ --zone us-central1-a

In this example, we are adding enable-oslogin=TRUE.

gcloud compute instances add-metadata instance-name \
--metadata enable-oslogin=TRUE \
--project your-project-id \
--zone us-central1-a

gcloud compute instances add-metadata instance-name \ --metadata enable-oslogin=TRUE \ --project your-project-id \ --zone us-central1-a

Filed Under: Cloud Tagged With: compute, create, gcp, instances, metadata

GCP Reserve Alias IP

June 13, 2021

Make an IP alias reservation.

gcloud compute instances network-interfaces update instance-name \
--zone us-central1-c \
--aliases default:/32 \
--project project-id

gcloud compute instances network-interfaces update instance-name \ --zone us-central1-c \ --aliases default:/32 \ --project project-id

Filed Under: Cloud Tagged With: aliases, compute, gcp, network, update

Change WordPress URL

June 6, 2021

There are multiple ways to change URL in WordPress.

Here’s one via wp-config.php.

define( 'WP_HOME', 'http://example.com' );
define( 'WP_SITEURL', 'http://example.com' );

define( 'WP_HOME', 'http://example.com' ); define( 'WP_SITEURL', 'http://example.com' );

If you have a redirect in Apache, comment it out.

#Redirect permanent / https://yourdomain.com/

#Redirect permanent / https://yourdomain.com/

This is by far the easiest way to change URL in WordPress.

Filed Under: Linux, WP Tagged With: change, config, url, wordpress, wp-config.php

Terraform GCP Firewall

June 6, 2021

How to create GCP firewall via Terraform.

Ingress

provider "google" {
    project = "project-id"
}
resource "google_compute_firewall" "default" {
    name    = "test-firewall"
    description = "this is a test firewall"
    priority = "1000"
    direction = "INGRESS"
    network = "projects/project-id/regions/us-east1/subnetworks/default"
    target_service_accounts = ["service-account-compute@developer.gserviceaccount.com"]
    source_ranges = ["10.128.0.0/20"]
    allow {
        protocol = "tcp"
        ports    = ["80", "8080", "1000-2000"]
    }
}

provider "google" { project = "project-id" } resource "google_compute_firewall" "default" { name = "test-firewall" description = "this is a test firewall" priority = "1000" direction = "INGRESS" network = "projects/project-id/regions/us-east1/subnetworks/default" target_service_accounts = ["service-account-compute@developer.gserviceaccount.com"] source_ranges = ["10.128.0.0/20"] allow { protocol = "tcp" ports = ["80", "8080", "1000-2000"] } }

Egress

provider "google" {
    project = "project-id"
}
resource "google_compute_firewall" "default" {
    name    = "test-firewall"
    description = "this is a test firewall"
    priority = "1000"
    direction = "EGRESS"
    network = "projects/project-id/regions/us-east1/subnetworks/default"
    target_service_accounts = ["service-account-compute@developer.gserviceaccount.com"]
    destination_ranges = ["10.128.0.0/20"]
    allow {
        protocol = "tcp"
        ports    = ["80", "8080", "1000-2000"]
    }
}

provider "google" { project = "project-id" } resource "google_compute_firewall" "default" { name = "test-firewall" description = "this is a test firewall" priority = "1000" direction = "EGRESS" network = "projects/project-id/regions/us-east1/subnetworks/default" target_service_accounts = ["service-account-compute@developer.gserviceaccount.com"] destination_ranges = ["10.128.0.0/20"] allow { protocol = "tcp" ports = ["80", "8080", "1000-2000"] } }

Service account to Service account.

provider "google" {
    project = "project-id"
}
resource "google_compute_firewall" "default" {
    name    = "test-firewall"
    description = "this is a test firewall"
    priority = "1000"
    direction = "INGRESS"
    network = "projects/project-id/regions/us-east1/subnetworks/default"
    source_service_accounts = ["source-service-account-compute@developer.gserviceaccount.com"]
    target_service_accounts = ["target-service-account-compute@developer.gserviceaccount.com"]
    source_ranges = ["10.128.0.0/20"]
    allow {
        protocol = "tcp"
        ports    = ["80", "8080", "1000-2000"]
    }
}

provider "google" { project = "project-id" } resource "google_compute_firewall" "default" { name = "test-firewall" description = "this is a test firewall" priority = "1000" direction = "INGRESS" network = "projects/project-id/regions/us-east1/subnetworks/default" source_service_accounts = ["source-service-account-compute@developer.gserviceaccount.com"] target_service_accounts = ["target-service-account-compute@developer.gserviceaccount.com"] source_ranges = ["10.128.0.0/20"] allow { protocol = "tcp" ports = ["80", "8080", "1000-2000"] } }

Filed Under: Cloud Tagged With: compute, create, firewall, gcp, terraform

Tomcat Install

June 4, 2021

Tomcat requires JRE.

wget jre-8uversion-linux-x64.tar.gz
# or
apt-get install default-jdk

wget jre-8uversion-linux-x64.tar.gz # or apt-get install default-jdk

Install Tomcat 8 on Linux.

wget https://mirrors.gigenet.com/apache/tomcat/tomcat-8/v8.5.66/bin/apache-tomcat-8.5.66.tar.gz
tar zxpvf apache-tomcat-8.5.66.tar.gz
cd /opt/tomcat/apache-tomcat-8.5.66/bin/
./startup.sh

wget https://mirrors.gigenet.com/apache/tomcat/tomcat-8/v8.5.66/bin/apache-tomcat-8.5.66.tar.gz tar zxpvf apache-tomcat-8.5.66.tar.gz cd /opt/tomcat/apache-tomcat-8.5.66/bin/ ./startup.sh

Status|Start|Stop|Restart Tomcat.

systemctl status tomcat8
systemctl start tomcat8
systemctl stop tomcat8
systemctl restart tomcat8

systemctl status tomcat8 systemctl start tomcat8 systemctl stop tomcat8 systemctl restart tomcat8

Filed Under: Misc Tagged With: apache, install, restart, server, start, status, stop, tomcat, web

  • Go to page 1
  • Go to page 2
  • Go to Next Page »
  • Home
  • About
  • Archives

Copyright © 2023