Archives for January 2022

AWS ELB SSL Listener

January 31, 2022

Here’s how to update SSL certificates to AWS ELB.

Import SSL certificate

aws acm import-certificate \
--certificate fileb://example.crt \
--private-key fileb://example.key \
--certificate-chain fileb://example-bundle.crt \
--tags Key=Name,Value=mydomain.com_20220107 \
--profile default

Add SSL to a listener.

aws elbv2 add-listener-certificates \
--listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \
--certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \
--profile default

Modify listener. Set SSL certificate as default.

aws elbv2 modify-listener \
--listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \
--certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \
--profile default

Remove SSL from a listener.

aws elbv2 remove-listener-certificates \
--listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \
--certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \
--profile default

GCP gcloud compute scp

January 31, 2022

Here’s how to download/upload files using gcloud compute scp.

Make sure you are authenticated.

gcloud auth login

How to download.

gcloud compute scp --recurse your-server:/home/username/yaml.tar.gz . \
--project your-project-id \
--zone us-central1-a \
--internal-ip

How to upload.

gcloud compute scp --recurse yaml.tar.gz your-server:/home/username/ \
--project your-project-id \
--zone us-central1-a \
--internal-ip

Create Local Repo in Rocky Linux 8

January 30, 2022

How to create a local repo in Rocky Linux 8.

Install nginx. Enable service.

dnf install nginx
systemctl enable nginx --now
systemctl status nginx

Create repo.

dnf repolist
dnf install createrepo yum-utils
mkdir /usr/share/nginx/html/repos
mkdir -p /usr/share/nginx/html/repos/{baseos,appstream}

Sync repos.

dnf reposync -g --delete -p /usr/share/nginx/html/repos/ --repoid=baseos --newest-only --download-metadata
dnf reposync -g --delete -p /usr/share/nginx/html/repos/ --repoid=appstream --newest-only --download-metadata
createrepo /usr/share/nginx/html/repos/baseos/
createrepo /usr/share/nginx/html/repos/appstream/

Create cron to sync repos daily. Create file called /etc/cron.daily/update-localrepos

#!/bin/bash
/bin/dnf reposync -g --delete -p /usr/share/nginx/html/repos/ --repoid=baseos --newest-only --download-metadata
/bin/dnf reposync -g --delete -p /usr/share/nginx/html/repos/ --repoid=appstream --newest-only --download-metadata
/usr/bin/createrepo /usr/share/nginx/html/repos/baseos/
/usr/bin/createrepo /usr/share/nginx/html/repos/appstream/

Create a file called /etc/nginx/conf.d/repos.conf.

server {
        listen   80;
        server_name  reposerver.example.com;
        root   /usr/share/nginx/html/repos;
	index index.html; 
	location / {
                autoindex on;
        }
}

Restart nginx.

systemctl restart nginx

Configure firewall and SELinux.

firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --reload
getenforce
chcon -Rt httpd_sys_content_t /usr/share/nginx/html/repos/

Move existing repos to /tmp.

mv /etc/yum.repos.d/*.repo /tmp/

Create a new repo called /etc/yum.repos.d/localrepo.repo

[localrepo-base]
name=RockyLinux Base
baseurl=http://reposerver.example.com/baseos/
gpgcheck=0
enabled=1
[localrepo-appstream]
name=RockyLinux Base
baseurl=http://reposerver.example.com/appstream/
gpgcheck=0
enabled=1

Clean cache and check repolist.

dnf clean all 
dnf repolist

Edit /etc/hosts and add reposerver.example.com. Add it to other hosts.

echo "10.10.10.10        reposerver.example.com     reposerver" >> /etc/hosts

Finally, run yum install against the local repo. Installing lvm in this example.

yum install lvm2

GCP CVS Mount Instructions

January 28, 2022

Here are the mount instructions for NFS and SMB drives for GCP Netapp CVS.

NFS

sudo yum install -y nfs-utils
sudo apt-get install nfs-common
sudo mkdir /condescending-sharp-hugle
sudo mount -t nfs -o rw,hard,rsize=65536,wsize=65536,vers=3,tcp 10.49.253.6:/condescending-sharp-hugle /condescending-sharp-hugle

SMB

Mapping your network drive
1. Click the Start button and then click on Computer.
2. Click Map Network Drive.
3. In the Drive list, click any available drive letter.
4. In the folder box, type \\shared.mydomain.com\myshare.
To connect every time you log on to your computer, select the Reconnect at sign-in check box.
\\shared.mydomain.com\myshare
5. Click Finish.