• Skip to main content

Uly.me

cloud engineer

  • Home
  • About
  • Archives

Archives for January 2022

AWS ELB SSL Listener

January 31, 2022

Here’s how to update SSL certificates to AWS ELB.

Import SSL certificate

aws acm import-certificate \
--certificate fileb://example.crt \
--private-key fileb://example.key \
--certificate-chain fileb://example-bundle.crt \
--tags Key=Name,Value=mydomain.com_20220107 \
--profile default

aws acm import-certificate \ --certificate fileb://example.crt \ --private-key fileb://example.key \ --certificate-chain fileb://example-bundle.crt \ --tags Key=Name,Value=mydomain.com_20220107 \ --profile default

Add SSL to a listener.

aws elbv2 add-listener-certificates \
--listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \
--certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \
--profile default

aws elbv2 add-listener-certificates \ --listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \ --certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \ --profile default

Modify listener. Set SSL certificate as default.

aws elbv2 modify-listener \
--listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \
--certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \
--profile default

aws elbv2 modify-listener \ --listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \ --certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \ --profile default

Remove SSL from a listener.

aws elbv2 remove-listener-certificates \
--listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \
--certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \
--profile default

aws elbv2 remove-listener-certificates \ --listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \ --certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \ --profile default

Filed Under: Linux Tagged With: add, aws, certificate, default, elb, listener, remove, ssl

GCP gcloud compute scp

January 31, 2022

Here’s how to download/upload files using gcloud compute scp.

Make sure you are authenticated.

gcloud auth login

gcloud auth login

How to download.

gcloud compute scp --recurse your-server:/home/username/yaml.tar.gz . \
--project your-project-id \
--zone us-central1-a \
--internal-ip

gcloud compute scp --recurse your-server:/home/username/yaml.tar.gz . \ --project your-project-id \ --zone us-central1-a \ --internal-ip

How to upload.

gcloud compute scp --recurse yaml.tar.gz your-server:/home/username/ \
--project your-project-id \
--zone us-central1-a \
--internal-ip

gcloud compute scp --recurse yaml.tar.gz your-server:/home/username/ \ --project your-project-id \ --zone us-central1-a \ --internal-ip

Filed Under: Cloud Tagged With: compute, download, files, gcloud, scp, upload

Create Local Repo in Rocky Linux 8

January 30, 2022

How to create a local repo in Rocky Linux 8.

Install nginx. Enable service.

dnf install nginx
systemctl enable nginx --now
systemctl status nginx

dnf install nginx systemctl enable nginx --now systemctl status nginx

Create repo.

dnf repolist
dnf install createrepo yum-utils
mkdir /usr/share/nginx/html/repos
mkdir -p /usr/share/nginx/html/repos/{baseos,appstream}

dnf repolist dnf install createrepo yum-utils mkdir /usr/share/nginx/html/repos mkdir -p /usr/share/nginx/html/repos/{baseos,appstream}

Sync repos.

dnf reposync -g --delete -p /usr/share/nginx/html/repos/ --repoid=baseos --newest-only --download-metadata
dnf reposync -g --delete -p /usr/share/nginx/html/repos/ --repoid=appstream --newest-only --download-metadata
createrepo /usr/share/nginx/html/repos/baseos/
createrepo /usr/share/nginx/html/repos/appstream/

dnf reposync -g --delete -p /usr/share/nginx/html/repos/ --repoid=baseos --newest-only --download-metadata dnf reposync -g --delete -p /usr/share/nginx/html/repos/ --repoid=appstream --newest-only --download-metadata createrepo /usr/share/nginx/html/repos/baseos/ createrepo /usr/share/nginx/html/repos/appstream/

Create cron to sync repos daily. Create file called /etc/cron.daily/update-localrepos

#!/bin/bash
/bin/dnf reposync -g --delete -p /usr/share/nginx/html/repos/ --repoid=baseos --newest-only --download-metadata
/bin/dnf reposync -g --delete -p /usr/share/nginx/html/repos/ --repoid=appstream --newest-only --download-metadata
/usr/bin/createrepo /usr/share/nginx/html/repos/baseos/
/usr/bin/createrepo /usr/share/nginx/html/repos/appstream/

#!/bin/bash /bin/dnf reposync -g --delete -p /usr/share/nginx/html/repos/ --repoid=baseos --newest-only --download-metadata /bin/dnf reposync -g --delete -p /usr/share/nginx/html/repos/ --repoid=appstream --newest-only --download-metadata /usr/bin/createrepo /usr/share/nginx/html/repos/baseos/ /usr/bin/createrepo /usr/share/nginx/html/repos/appstream/

Create a file called /etc/nginx/conf.d/repos.conf.

server {
        listen   80;
        server_name  reposerver.example.com;
        root   /usr/share/nginx/html/repos;
	index index.html; 
	location / {
                autoindex on;
        }
}

server { listen 80; server_name reposerver.example.com; root /usr/share/nginx/html/repos; index index.html; location / { autoindex on; } }

Restart nginx.

systemctl restart nginx

systemctl restart nginx

Configure firewall and SELinux.

firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --reload
getenforce
chcon -Rt httpd_sys_content_t /usr/share/nginx/html/repos/

firewall-cmd --zone=public --permanent --add-service=http firewall-cmd --reload getenforce chcon -Rt httpd_sys_content_t /usr/share/nginx/html/repos/

Move existing repos to /tmp.

mv /etc/yum.repos.d/*.repo /tmp/

mv /etc/yum.repos.d/*.repo /tmp/

Create a new repo called /etc/yum.repos.d/localrepo.repo

[localrepo-base]
name=RockyLinux Base
baseurl=http://reposerver.example.com/baseos/
gpgcheck=0
enabled=1
[localrepo-appstream]
name=RockyLinux Base
baseurl=http://reposerver.example.com/appstream/
gpgcheck=0
enabled=1

[localrepo-base] name=RockyLinux Base baseurl=http://reposerver.example.com/baseos/ gpgcheck=0 enabled=1 [localrepo-appstream] name=RockyLinux Base baseurl=http://reposerver.example.com/appstream/ gpgcheck=0 enabled=1

Clean cache and check repolist.

dnf clean all 
dnf repolist

dnf clean all dnf repolist

Edit /etc/hosts and add reposerver.example.com. Add it to other hosts.

echo "10.10.10.10        reposerver.example.com     reposerver" >> /etc/hosts

echo "10.10.10.10 reposerver.example.com reposerver" >> /etc/hosts

Finally, run yum install against the local repo. Installing lvm in this example.

yum install lvm2

yum install lvm2

Filed Under: Linux Tagged With: create, local, repo, rocky linux 8

GCP CVS Mount Instructions

January 28, 2022

Here are the mount instructions for NFS and SMB drives for GCP Netapp CVS.

NFS

sudo yum install -y nfs-utils
sudo apt-get install nfs-common
sudo mkdir /condescending-sharp-hugle
sudo mount -t nfs -o rw,hard,rsize=65536,wsize=65536,vers=3,tcp 10.49.253.6:/condescending-sharp-hugle /condescending-sharp-hugle

sudo yum install -y nfs-utils sudo apt-get install nfs-common sudo mkdir /condescending-sharp-hugle sudo mount -t nfs -o rw,hard,rsize=65536,wsize=65536,vers=3,tcp 10.49.253.6:/condescending-sharp-hugle /condescending-sharp-hugle

SMB

Mapping your network drive
1. Click the Start button and then click on Computer.
2. Click Map Network Drive.
3. In the Drive list, click any available drive letter.
4. In the folder box, type \\shared.mydomain.com\myshare.
To connect every time you log on to your computer, select the Reconnect at sign-in check box.
\\shared.mydomain.com\myshare
5. Click Finish.

Mapping your network drive 1. Click the Start button and then click on Computer. 2. Click Map Network Drive. 3. In the Drive list, click any available drive letter. 4. In the folder box, type \\shared.mydomain.com\myshare. To connect every time you log on to your computer, select the Reconnect at sign-in check box. \\shared.mydomain.com\myshare 5. Click Finish.

Filed Under: Cloud, Linux Tagged With: cvs, gcp, instructions, mount, netapp, nfs, smb

GCP List Keys of Service Account

January 26, 2022

How to list all the keys of a GCP service account.

gcloud iam service-accounts keys list \
--iam-account=your-service-account@your-project-id.iam.gserviceaccount.com \
--project project-id

gcloud iam service-accounts keys list \ --iam-account=your-service-account@your-project-id.iam.gserviceaccount.com \ --project project-id

Result. Keys are redacted.

KEY_ID                                    CREATED_AT            EXPIRES_AT            DISABLED
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  2022-01-10T19:21:18Z  2022-01-26T19:21:18Z
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  2022-01-19T00:06:49Z  2022-02-04T00:06:49Z

KEY_ID CREATED_AT EXPIRES_AT DISABLED xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 2022-01-10T19:21:18Z 2022-01-26T19:21:18Z xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 2022-01-19T00:06:49Z 2022-02-04T00:06:49Z

Filed Under: Cloud Tagged With: gcp, keys, list, service account

Git Switch from HTTPS to SSH

January 20, 2022

If you have trouble cloning a github repo using https, you can tell it to switch to SSH instead.

Here’s the command.

git config --global url.ssh://git@github.com/.insteadOf https://github.com/

git config --global url.ssh://git@github.com/.insteadOf https://github.com/

I had to specify reconfigure when I ran terraform init.

terraform init --reconfigure

terraform init --reconfigure

Filed Under: Cloud, Linux Tagged With: clone, git, https, ssh, switch

Allow Key Access for user in SSH

January 16, 2022

Allow shared key access only for one user in SSH.

Disable the password authentication for one user in your SSH config. Edit /etc/ssh/sshd_config.

Match User username
  PasswordAuthentication no

Match User username PasswordAuthentication no

Restart the SSH service.

service ssh restart

service ssh restart

Copy user’s public key to the destination server’s authorized file in ~/.ssh/authorized_keys.

ssh-rsa AAAAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx <-- public key goes on for miles

ssh-rsa AAAAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx <-- public key goes on for miles

Back on your client, login via SSH. User will not be prompted for password since public key is already authorized on server.

ssh username@server

ssh username@server

Filed Under: Linux Tagged With: authentication, key, password, ssh

Metadata URL

January 15, 2022

Here’s the metadata URLs for both AWS and GCP.

curl http://169.254.169.254/computeMetadata/v1/ -H "Metadata-Flavor: Google"
curl http://169.254.169.254/latest/meta-data/

curl http://169.254.169.254/computeMetadata/v1/ -H "Metadata-Flavor: Google" curl http://169.254.169.254/latest/meta-data/

Filed Under: Cloud Tagged With: aws, gcp, metadata, url

  • Go to page 1
  • Go to page 2
  • Go to Next Page »
  • Home
  • About
  • Archives

Copyright © 2023