Sunday 28 April 2013

Ubuntu: convert desktop to server fast

Below as root:
  1. apt-get remove ubuntu-desktop
  2. apt-get install linux-server linux-image-server
  3. apt-get purge lightdm
  4. /etc/default/grub, change matching lines to below
    1. #GRUB_HIDDEN_TIMEOUT [comment it out]
    2. GRUB_CMDLINE_LINUX_DEFAULT=""
    3. GRUB_TERMINAL=console
  5. update-grub
  6. reboot

Thursday 25 April 2013

tcpdump HTTP headers


  1. tcpdump -vvvs 1024 -l -A port 80 | egrep '^[A-Z][a-zA-Z\-]+:|GET|POST'
    1. Match your port, here it is 80, could be 8080 or 443, e.g.

Edit remote files with local editor using ssh and sshfs


  1. apt-get -y install sshfs
  2. Add your local user to the fuse group
  3. mkdir ~/mylocaldir
  4. sshfs -o idmap=user mylocaluser@myremoteserver.com:/remotepath ~/mylocaldir
  5. Edit files under ~/mylocaldir, and as you save them, they are automatically updated in /remotepath
Note: the "-o uid=500" can be used if you get permission errors, but replace "500" with you local id number

Errors
  1. "Couldn't read packet: Connection reset by peer"
    1. change this line in your /etc/ssh/sshd_config file to match what's here
      1. Subsystem sftp internal-sftp
    2. happens on RedHat Enterprise 6.1 for sure

Quick CLI screenshots on Linux or Openbox / Fluxbox


  1. sudo apt-get -y install imagemagick eog
  2. import myscreenshot.jpg
    1. select portion of screen with the crosshairs
  3. eog myscreenshot.jpg

Meetings


  1. Who is participating and do I know what each of them wants to get out of this meeting? 
  2. What are my goals and what's the minimum that I want to achieve? 
  3. Can I give in on certain points?
  4. Are there issues I won't budge on?
  5. What are next steps after the meeting?
  6. Who will ultimately decide whether I get what I want or not?
  7. Are there things I don't want to lay out on the table and not discuss in this meeting?
  8. Who should do most of the talking?

Wednesday 24 April 2013

keytool: put your SSL key into a new keystore


  1. openssl pkcs12 -export -in mycert.crt -inkey mykey.key -out myp12blob.p12 -name mykeystorealias -CAfile mycascert.crt
    1. Set the password to "changeit"
  2. keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore mykeystore -srckeystore myp12blob.p12 -srcstoretype PKCS12 -srcstorepass changeit -alias myalias
  3. keytool -list -v -keystore mykeystore

One-liner, CLI web server on port 8000


  1. python -m SimpleHTTPServer

Friday 12 April 2013

Cassandra in 30 seconds


  1. writes 
    1. writes entries directly to disk without checking if they already exist
    2. does fancy indexing of entries
    3. returns a write "OK" to the writing client after a quorum of nodes have confirmed
  2. reads
    1. tries to return the newest entry when client does a read
    2. has methods to eventually get the newest entry to return even if old ones still around
  3. replication
    1. stores entries to multiple nodes if replication is turned on
  4. deletes
    1. doesn't offically delete, just marks dead entries with a "tombstone"
    2. compaction is what gets rid of old versions of entries and dead entries
  5. balancing
    1. automatically fills in data holes if a node disappears
    2. automatically spreads data if new nodes are added
  6. resurrection
    1. 3-nodes: X, Y, Z, all replicate all data
    2. server X goes down
    3. delete goes to Y and Z for key A
    4. Y and Z are "compacted"
      1. i.e., redundant keys & tombstones cleaned up / removed
      2. key A is completely gone as far as  Y and Z know
    5. X comes up and has value for key A
    6. A is back! resurrected from the dead! life sucks.
    7. NOTE: if Y and Z didn't have tombstones removed, they would have had a date that was more recent than X's key A entry, so they would have invalidated X's key A. But, they are gone after a compaction or cleanup.

Move huge directory on the root partition to a huge non-root parition


Assumption: /mnt is a huge disk partition separate from the / partition  (aka root partition)
  1. mkdir -p /mnt/home/myfatdirectory
  2. kill all processes that have open files to /home/myfatdirectory
    1. lsof /home/myfatdirectory
    2. make sure you get ZERO results, ie no processes have open files to this directory
  3. mv /home/myfatdirectory /home/myfatdirectory_old 
  4. mkdir -p /home/myfatdirectory
  5. mount --bind /mnt/home/myfatdirectory /home/myfatdirectory
  6. add to bottom of /etc/fstab, so the mount is picked up on reboot
    1. /mnt/home/myfatdirectory /home/myfatdirectory none bind 0 0
NOTES:
  1. fix perms as necessary by interleaving your own steps into the above
  2. for the paranoid: you might want to make sure fstab entries work fine on reboot


Monday 8 April 2013

Recover accidentally deleted file as long as some process still has it open, on Linux


  1. lsof | grep myfile
    1. the second column is the process id
    2. the number in the fourth column is the file descriptor
  2. cp /proc/<process id>/fd/<file descriptor> myfile.saved

Wednesday 3 April 2013

Build unbound from source on redhat/centos

NOTE: unbound is now available via epel repo on Amazon Linux
    1. install requirements
      1. yum groupinstall "Development Tools"
      2. yum install openssl-devel
      3. yum install expat-devel
    2. build
      1. ldns
        1. wget http://www.nlnetlabs.nl/downloads/ldns/ldns-1.6.16.tar.gz
        2. tar zxvf ldns-1.6.16.tar.gz
        3. cd ldns-1.6.16/
        4. ./configure --disable-gost --disable-ecdsa
        5. make
        6. make install
      2. unbound
        1. wget http://unbound.net/downloads/unbound-latest.tar.gz
        2. tar zxvf unbound-latest.tar.gz
        3. cd unbound-1.4.20/
        4. ./configure --disable-gost --disable-ecdsa
        5. make
        6. make install
    3. add libs to system lib path
      1. vi /etc/ld.so.conf.d/ldnsandunbound.conf
        1. add this one line
          1. /usr/local/lib
      2. sudo ldconfig
    4. add unbound user
      1. adduser --system unbound
    5. tweak config
      1. vi /usr/local/etc/unbound/unbound.conf
        1. see simple sample below
    6. run
      1. unbound
    7. check
      1. lsof -nP -i :53
    8. stop
      1. pkill unbound
    9. restart
      1. unbound
    server:
            verbosity: 1
            interface: 0.0.0.0
            access-control: 10.0.0.0/16 allow
    forward-zone:
           name: "my-vpc.internal"
           forward-addr: 252.252.199.199
           forward-first: no

    Taken: https://calomel.org/unbound_dns.html

    Tuesday 2 April 2013

    Set up private, internal DNS for your VPC using Route 53 and unbound

    CRITICAL: AWS now offers internal VPC DNS! Below is no longer necessary AFAIK. Woo hoo!

    http://aws.amazon.com/about-aws/whats-new/2014/11/05/amazon-route-53-now-supports-private-dns-with-amazon-vpc/

    BELOW IS DEPRECATED!
    1. create a Hosted Zone, something like "mydomain.internal"
    2. get the IP addresses of the name servers assigned to your new zone
      1. STRIP OFF '.' at the end of the name servers or BOOM!
    3.  create a new DHCP Options Set
      1. add the IP addresses you gathered above to the domain-name-servers field
    4. Change DHCP Options Set of your VPC by right-clicking it
    5. run sudo dhclient on any already-running instance in the VPC to pick up changes
    6. debug changes have taken place on an instance: cat /etc/resolv.conf

    RECOMMEND ALTERNATE SOLUTION: here's a sample unbound.conf I ended up using for a DNS forwarding server within my VPC -- see comments below. I adjusted the "options set" to point at this DNS server instead, 10.0.0.254 in my case.

    NOTE: Btw, unbound is available under "epel" yum repo.

    server:
            verbosity: 1
            interface: 0.0.0.0
            access-control: 10.0.0.0/16 allow
    forward-zone:
           name: "mydomain.internal"
           forward-host: ns-123.awsdns-12.com
           forward-host: ns-234.awsdns-34.biz
           forward-host: ns-567.awsdns-56.net
           forward-host: ns-890.awsdns-78.org
           forward-first: no 
     

    See also:

    unbound, custom records:  http://sysadminandnetworking.blogspot.com/2014/05/unbound-custom-records.html
    unbound, default to google: http://sysadminandnetworking.blogspot.com/2014/05/unbound-default-to-googles-dns.html

    Interview questions: 2020-12

    Terraform provider vs provisioner Load balancing Network Load Balancer vs Application Load Balancer  Networking Layer 1 vs Layer 4 haproxy u...