Uly.me

cloud engineer

default

AWS ELB SSL Listener

Here’s how to update SSL certificates to AWS ELB.

Import SSL certificate

aws acm import-certificate \
--certificate fileb://example.crt \
--private-key fileb://example.key \
--certificate-chain fileb://example-bundle.crt \
--tags Key=Name,Value=mydomain.com_20220107 \
--profile default

Add SSL to a listener.

aws elbv2 add-listener-certificates \
--listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \
--certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \
--profile default

Modify listener. Set SSL certificate as default.

aws elbv2 modify-listener \
--listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \
--certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \
--profile default

Remove SSL from a listener.

aws elbv2 remove-listener-certificates \
--listener-arn arn:aws:elasticloadbalancing:us-east-1:xxxxxxxxxxxxx:listener/app/elbname/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx \
--certificates CertificateArn=arn:aws:acm:us-east-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx \
--profile default

AWS Set Profile

If you find yourself using a named profile for every awscli command, you can set it temporarily.

Listing a bucket with a named profile.

aws s3 ls --profile=yourprofile

If you set AWS_PROFILE, you can then list a bucket without a named profile.

export AWS_PROFILE=yourprofile
aws s3 ls

After you are done, you can reset it back to default.

export AWS_PROFILE=default

SSSD Override Shell

If you have SSSD running and the default shell is ksh even with the default shell set to bash.

Here’s the fix to override the default shell in /etc/sssd/sssd.conf. Add override_shell.

default_shell = /bin/bash
override_shell = /bin/bash

To check which shell you are using.

echo $SHELL
/bin/bash

GCP Add New Route

Here’s how to add a new route in Google Cloud Platform.

gcloud compute routes create name-of-new-route \
  --destination-range=200.20.0.0/15 \
  --next-hop-gateway=default-internet-gateway \
  --project=host-project \
  --network="default" \
  --priority=900

Change Default Editor

Ubuntu and Linux Mint use nano as their default editor. You’ll see it if you try to edit crontab or visudo. Now, there’s nothing wrong with nano, but I prefer using vim instead. Here’s how to change the default editor.

sudo update-alternatives --config editor

You’ll be prompted to change the default editor.

There are 4 choices for the alternative editor (providing /usr/bin/editor).
 
  Selection    Path                Priority   Status
------------------------------------------------------------
  0            /bin/nano            40        auto mode
  1            /bin/ed             -100       manual mode
  2            /bin/nano            40        manual mode
* 3            /usr/bin/vim.basic   30        manual mode
  4            /usr/bin/vim.tiny    15        manual mode
 
Press <enter> to keep the current choice[*], or type selection number:

Type 3 to choose vim basic.