Archives for January 2022

AWS ELB SSL Listener

January 31, 2022

Here’s how to update SSL certificates to AWS ELB.

Import SSL certificate

aws acm import-certificate \
--certificate fileb://example.crt \
--private-key fileb://example.key \
--certificate-chain fileb://example-bundle.crt \
--tags Key=Name,Value=mydomain.com_20220107 \
--profile default

Add SSL to a listener.

aws elbv2 add-listener-certificates \
--listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \
--certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \
--profile default

Modify listener. Set SSL certificate as default.

aws elbv2 modify-listener \
--listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \
--certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \
--profile default

Remove SSL from a listener.

aws elbv2 remove-listener-certificates \
--listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \
--certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \
--profile default

GCP gcloud compute scp

January 31, 2022

Here’s how to download/upload files using gcloud compute scp.

Make sure you are authenticated.

gcloud auth login

How to download.

gcloud compute scp --recurse your-server:/home/username/yaml.tar.gz . \
--project your-project-id \
--zone us-central1-a \
--internal-ip

How to upload.

gcloud compute scp --recurse yaml.tar.gz your-server:/home/username/ \
--project your-project-id \
--zone us-central1-a \
--internal-ip

Create Local Repo in Rocky Linux 8

January 30, 2022

How to create a local repo in Rocky Linux 8.

Install nginx. Enable service.

dnf install nginx
systemctl enable nginx --now
systemctl status nginx

Create repo.

dnf repolist
dnf install createrepo yum-utils
mkdir /usr/share/nginx/html/repos
mkdir -p /usr/share/nginx/html/repos/{baseos,appstream}

Sync repos.

dnf reposync -g --delete -p /usr/share/nginx/html/repos/ --repoid=baseos --newest-only --download-metadata
dnf reposync -g --delete -p /usr/share/nginx/html/repos/ --repoid=appstream --newest-only --download-metadata
createrepo /usr/share/nginx/html/repos/baseos/
createrepo /usr/share/nginx/html/repos/appstream/

Create cron to sync repos daily. Create file called /etc/cron.daily/update-localrepos

#!/bin/bash
/bin/dnf reposync -g --delete -p /usr/share/nginx/html/repos/ --repoid=baseos --newest-only --download-metadata
/bin/dnf reposync -g --delete -p /usr/share/nginx/html/repos/ --repoid=appstream --newest-only --download-metadata
/usr/bin/createrepo /usr/share/nginx/html/repos/baseos/
/usr/bin/createrepo /usr/share/nginx/html/repos/appstream/

Create a file called /etc/nginx/conf.d/repos.conf.

server {
        listen   80;
        server_name  reposerver.example.com;
        root   /usr/share/nginx/html/repos;
	index index.html; 
	location / {
                autoindex on;
        }
}

Restart nginx.

systemctl restart nginx

Configure firewall and SELinux.

firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --reload
getenforce
chcon -Rt httpd_sys_content_t /usr/share/nginx/html/repos/

Move existing repos to /tmp.

mv /etc/yum.repos.d/*.repo /tmp/

Create a new repo called /etc/yum.repos.d/localrepo.repo

[localrepo-base]
name=RockyLinux Base
baseurl=http://reposerver.example.com/baseos/
gpgcheck=0
enabled=1
[localrepo-appstream]
name=RockyLinux Base
baseurl=http://reposerver.example.com/appstream/
gpgcheck=0
enabled=1

Clean cache and check repolist.

dnf clean all 
dnf repolist

Edit /etc/hosts and add reposerver.example.com. Add it to other hosts.

echo "10.10.10.10        reposerver.example.com     reposerver" >> /etc/hosts

Finally, run yum install against the local repo. Installing lvm in this example.

yum install lvm2

GCP CVS Mount Instructions

January 28, 2022

Here are the mount instructions for NFS and SMB drives for GCP Netapp CVS.

NFS

sudo yum install -y nfs-utils
sudo apt-get install nfs-common
sudo mkdir /condescending-sharp-hugle
sudo mount -t nfs -o rw,hard,rsize=65536,wsize=65536,vers=3,tcp 10.49.253.6:/condescending-sharp-hugle /condescending-sharp-hugle

SMB

Mapping your network drive
1. Click the Start button and then click on Computer.
2. Click Map Network Drive.
3. In the Drive list, click any available drive letter.
4. In the folder box, type \\shared.mydomain.com\myshare.
To connect every time you log on to your computer, select the Reconnect at sign-in check box.
\\shared.mydomain.com\myshare
5. Click Finish.

Git Switch from HTTPS to SSH

January 20, 2022

If you have trouble cloning a github repo using https, you can tell it to switch to SSH instead.

Here’s the command.

git config --global url.ssh://git@github.com/.insteadOf https://github.com/

I had to specify reconfigure when I ran terraform init.

terraform init --reconfigure

Allow Key Access for user in SSH

January 16, 2022

Allow shared key access only for one user in SSH.

Disable the password authentication for one user in your SSH config. Edit /etc/ssh/sshd_config.

Match User username
  PasswordAuthentication no

Restart the SSH service.

service ssh restart

Copy user’s public key to the destination server’s authorized file in ~/.ssh/authorized_keys.

ssh-rsa AAAAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx <-- public key goes on for miles

Back on your client, login via SSH. User will not be prompted for password since public key is already authorized on server.

ssh username@server

Metadata URL

January 15, 2022

Here’s the metadata URLs for both AWS and GCP.

curl http://169.254.169.254/computeMetadata/v1/ -H "Metadata-Flavor: Google"
curl http://169.254.169.254/latest/meta-data/