Thursday 28 March 2013

Run one command on many Linux servers, install pssh, works on Mac


  1. sudo easy_install pip
  2. sudo pip install pssh
  3. Create a file with the list of servers you want to control, call it servers or something similar
  4. pssh -h servers "date"
  5. Put your ssh pub key up to all of them
    1. pssh -h servers -i "echo 'ssh-rsa AA...wh me@myfqdn' >> /home/user/.ssh/authorized_keys"
Taken: http://kaspergrubbe.dk/2012/using-pssh-for-executing-parallel-ssh-commands/

Note: csshX is very nice if you want to see all terminals at once as you type, more later

Wednesday 27 March 2013

github and multiple accounts, git keeps asking for password

Taken: http://net.tutsplus.com/tutorials/tools-and-tips/how-to-work-with-github-and-multiple-accounts/
  1. ssh-keygen -t rsa -C "me@mycompany.com" -f ~/.ssh/id_rsa_mycompany
  2. ssh-add ~/.ssh/id_rsa_mycompany
  3. Add below to ~/.ssh/config
  4. git clone git@github-mycompany:mycompany/myrepo.git
Host github-mycompany
  HostName github.com
  User git
  IdentityFile ~/.ssh/id_rsa_mycompany

Monday 25 March 2013

Generate gpg keys, upload to server, pull from server, from CLI


  1. gpg --gen-key
  2. gpg --list-keys
  3. gpg --keyserver pgp.mit.edu --send-keys '62E49F5A'
    1. that funky number is listed in the output of "list-keys", just look carefully
      1. your funky number will be unique
      2. should be 8 digits long and hex
  4. gpg --keyserver pgp.mit.edu --search-keys 'youremail@yahoo.com'
  5. gpg --keyserver pgp.mit.edu --search-keys 'yourgirl@yahoo.com'
  6. gpg --keyserver pgp.mit.edu --recv-keys 1F3B6ACA
    1. Get her key with the ID you saw in previous step
  7. Use keys to encrypt content
    1. Can be encrypted for multiple people in one go, and only those listed can open the result

Friday 15 March 2013

Searching with an LDAP filter


  1. Set the dn you wish to search through
    1. e.g., ou=Employees,dc=mycompaniesdomain,dc=com
  2. Set the filter
    1. e.g., (&(objectclass=inetorgperson)(uid=myfirstname.mylastname))
      1. inetorgperson is an LDAP standard "object", btw, there are a bunch of others
Btw: one can also -- quick and dirty -- dump the whole LDAP db to a ldif file, and do a text search on that.

Simple Ruby email out localhost:25, no OpenSSL::SSL::SSLError, no tlsconnect error

Notes:
  1. This skips the common OpenSSL::SSL::SSLError / tlscommon errors somehow, see below for error output.
  2. DON'T use pony's "smtp" hash option, it has the same problem. Notice it is missing here!
Steps:
  1. gem install pony
  2. take below code 
    1. put in ~/bin/mail_test.rb
    2. tweak for your environment
    3. chmod +x ~/bin/mail_test.rb 

https://github.com/pcharlesleddy/misc/blob/master/mail_test.rb

#!/usr/bin/ruby

require 'rubygems'
require 'pony'

mystring = "a\nb\nc"

Pony.mail(:to => 'abc@efg.org', :from => 'me@example.com', :subject => 'Test mail script', :body => 'Hello there.', :attachments => {"mail_test.txt" => File.read("/home/me/bin/mail_test.rb"), "mystring.txt" => mystring})


Common, irritating tlscommon error:

/usr/lib/ruby/1.8/openssl/ssl-internal.rb:123:in `post_connection_check': hostname was not match with the server certificate (OpenSSL::SSL::SSLError)
from /usr/lib/rvm/gems/ruby-1.9.3-p194/gems/mail-2.5.3/lib/mail/core_extensions/smtp.rb:17:in `tlsconnect'
from /usr/lib/ruby/1.8/net/smtp.rb:562:in `do_start'
#!/usr/bin/ruby
from /usr/lib/ruby/1.8/net/smtp.rb:525:in `start'
from /usr/lib/rvm/gems/ruby-1.9.3-p194/gems/mail-2.5.3/lib/mail/network/delivery_methods/smtp.rb:136:in `deliver!'
from /usr/lib/rvm/gems/ruby-1.9.3-p194/gems/mail-2.5.3/lib/mail/message.rb:245:in `deliver!'
from /usr/lib/rvm/gems/ruby-1.9.3-p194/gems/pony-1.4/lib/pony.rb:166:in `deliver'
from /usr/lib/rvm/gems/ruby-1.9.3-p194/gems/pony-1.4/lib/pony.rb:138:in `mail'

Generate IAM certs for users on AWS


  1. openssl genrsa 1024 > username-env-pk.pem
    1. pk stands for private key
  2. openssl req -new -x509 -nodes -sha1 -days 365 -key username-env-pk.pem -outform PEM > username-env-cert.pem
    1. lasts for 365
  3. Paste username-env-cert.pem in to the AWS Signing Certificates area for that user
  4. Give user both username-env-pk.pem and username-env-cert.pem, and wish them luck

Redirect all command output, stdin/stderr, to a file on Linux

puppet agent --test --noop >/var/tmp/puppet_noop_20130315 2>&1

Notes:
  1. The 2>&1 redirects stderr to where stdin points
    1. stdin points to the console by default unless you change that
    2. here stdin is redirected to a file under /var/tmp


vagrant on aws


  1. vagrant plugin install vagrant-aws
  2. vagrant box add aws001 https://github.com/mitchellh/vagrant-aws/raw/master/dummy.box
  3. vagrant init
  4. Adapt below and put in the "Vagrantfile" file
  5. vagrant up --provider=aws
  6. vagrant ssh
  7. vagrant destroy
Vagrant.configure("2") do |config|
  config.vm.box = "aws001"

  config.vm.provider :aws do |aws|
    aws.access_key_id = "<your_aws_key_id>"
    aws.secret_access_key = "<your_aws_secret>"
    aws.keypair_name = "<your_keypair_name>"
    aws.ssh_private_key_path = "/home/<you>/.ssh/<your_keypair_name>.pem"

    aws.region = "eu-west-1"
    aws.ami = "ami-01080b75"
    aws.ssh_username = "ubuntu"
  end
end

Thursday 14 March 2013

2G swap file


  1. dd if=/dev/zero of=/swapfile bs=1M count=2048
  2. mkswap /swapfile
  3. swapon /swapfile

Wednesday 13 March 2013

Get provisioned public key for AWS EC2 instance via curl

curl http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key

Tuesday 12 March 2013

Specify ssh key when using rsync

WARNING: don't use ~ and don't use double quotes.
  1. rsync -av -e 'ssh -i /home/me/.ssh/id_rsa_other' root@logging.gumby.com:/remotedir/ /localdir/
Also, some alternative port:
  1. rsync -av -e 'ssh -p 2221' root@logging.gumby.com:/remotedir/ /localdir/

Tuesday 5 March 2013

Build rpm of monit 5.5

  1. Download https://github.com/pcharlesleddy/misc/blob/master/monit.spec
    1. change "_topdir" to match your local system.
  2. cd into what you set _topdir to
  3. mkdir -p {BUILD,RPMS,SOURCES,SPECS,SRPMS,tmp}
  4. Download monit-5.5.tar.gz file and put it in the SOURCES directory
  5. Put monit.spec in the SPECS directory
  6. rpmbuild -v -bb --clean SPECS/monit.spec
    1. yum -y install rpmdevtools
  7. Output should mention where the rpm ended up
  8. rpm -qlp on the rpm file to see what's in it
Gory details: http://fedoraproject.org/wiki/How_to_create_an_RPM_package

Notes
  1. "%spec -q" means be "quiet" when untarring, not that interesting, but people use it a lot

    Interview questions: 2020-12

    Terraform provider vs provisioner Load balancing Network Load Balancer vs Application Load Balancer  Networking Layer 1 vs Layer 4 haproxy u...