Posts

Showing posts from April, 2013

Ubuntu: convert desktop to server fast

Below as root:
apt-get remove ubuntu-desktopapt-get install linux-server linux-image-serverapt-get purge lightdm/etc/default/grub, change matching lines to below#GRUB_HIDDEN_TIMEOUT [comment it out]GRUB_CMDLINE_LINUX_DEFAULT=""GRUB_TERMINAL=consoleupdate-grubreboot Taken: http://www.darrinhodges.com/converting-ubuntu-12-04-lts-desktop-to-server/

tcpdump HTTP headers

tcpdump -vvvs 1024 -l -A port 80 | egrep '^[A-Z][a-zA-Z\-]+:|GET|POST'Match your port, here it is 80, could be 8080 or 443, e.g.

Edit remote files with local editor using ssh and sshfs

apt-get -y install sshfsAdd your local user to the fuse groupmkdir ~/mylocaldirsshfs -o idmap=user mylocaluser@myremoteserver.com:/remotepath~/mylocaldirEdit files under ~/mylocaldir, and as you save them, they are automatically updated in /remotepath Note: the "-o uid=500" can be used if you get permission errors, but replace "500" with you local id number

Errors
"Couldn't read packet: Connection reset by peer"change this line in your /etc/ssh/sshd_config file to match what's hereSubsystem sftp internal-sftphappens on RedHat Enterprise 6.1 for sure

Quick CLI screenshots on Linux or Openbox / Fluxbox

sudo apt-get -y install imagemagick eogimport myscreenshot.jpgselect portion of screen with the crosshairseog myscreenshot.jpg

Meetings

Who is participating and do I know what each of them wants to get out of this meeting? What are my goals and what's the minimum that I want to achieve? Can I give in on certain points?Are there issues I won't budge on?What are next steps after the meeting?Who will ultimately decide whether I get what I want or not?Are there things I don't want to lay out on the table and not discuss in this meeting?Who should do most of the talking? Taken: http://babblingvc.typepad.com/pjozefak/2013/04/always-go-prepared.html

keytool: put your SSL key into a new keystore

openssl pkcs12 -export -in mycert.crt -inkey mykey.key -out myp12blob.p12 -name mykeystorealias -CAfile mycascert.crtSet the password to "changeit"keytool -importkeystore -deststorepass changeit -destkeypass changeit -destkeystore mykeystore -srckeystore myp12blob.p12 -srcstoretype PKCS12 -srcstorepass changeit -alias myaliaskeytool -list -v -keystore mykeystore Taken: https://confluence.atlassian.com/display/DOC/Running+Confluence+Over+SSL+or+HTTPS

One-liner, CLI web server on port 8000

python -m SimpleHTTPServer

Cassandra in 30 seconds

writes writes entries directly to disk without checking if they already existdoes fancy indexing of entriesreturns a write "OK" to the writing client after a quorum of nodes have confirmedreadstries to return the newest entry when client does a readhas methods to eventually get the newest entry to return even if old ones still aroundreplicationstores entries to multiple nodes if replication is turned ondeletesdoesn't offically delete, just marks dead entries with a "tombstone"compaction is what gets rid of old versions of entries and dead entriesbalancingautomatically fills in data holes if a node disappearsautomatically spreads data if new nodes are addedresurrection3-nodes: X, Y, Z, all replicate all dataserver X goes downdelete goes to Y and Z for key AY and Z are "compacted"i.e., redundant keys & tombstones cleaned up / removedkey A is completely gone as far as  Y and Z knowX comes up and has value for key AA is back! resurrected from the dead…

Move huge directory on the root partition to a huge non-root parition

Assumption: /mnt is a huge disk partition separate from the / partition  (aka root partition)
mkdir -p /mnt/home/myfatdirectorykill all processes that have open files to /home/myfatdirectorylsof /home/myfatdirectorymake sure you get ZERO results, ie no processes have open files to this directorymv /home/myfatdirectory /home/myfatdirectory_oldmkdir -p /home/myfatdirectorymount --bind /mnt/home/myfatdirectory /home/myfatdirectoryadd to bottom of /etc/fstab, so the mount is picked up on reboot/mnt/home/myfatdirectory /home/myfatdirectory none bind 0 0 NOTES:
fix perms as necessary by interleaving your own steps into the abovefor the paranoid: you might want to make sure fstab entries work fine on reboot

Find human-readable size of all files in a particular directory which have been modified in the last day and that are over 100 megs

find /var -mtime -1 -type f -size +100M -exec ls -lh {} \;

Recover accidentally deleted file as long as some process still has it open, on Linux

lsof | grep myfilethe second column is the process idthe number in the fourth column is the file descriptorcp /proc/<process id>/fd/<file descriptor> myfile.savedTaken: http://archive09.linux.com/articles/58142

Build unbound from source on redhat/centos

NOTE: unbound is now available via epel repo on Amazon Linux
install requirementsyum groupinstall "Development Tools"yum install openssl-develyum install expat-develbuildldnswget http://www.nlnetlabs.nl/downloads/ldns/ldns-1.6.16.tar.gztar zxvf ldns-1.6.16.tar.gzcd ldns-1.6.16/./configure --disable-gost --disable-ecdsamakemake installunboundwget http://unbound.net/downloads/unbound-latest.tar.gztar zxvf unbound-latest.tar.gzcd unbound-1.4.20/./configure --disable-gost --disable-ecdsamakemake installadd libs to system lib pathvi /etc/ld.so.conf.d/ldnsandunbound.confadd this one line/usr/local/libsudo ldconfigadd unbound useradduser --system unboundtweak configvi /usr/local/etc/unbound/unbound.confsee simple sample belowrununboundchecklsof -nP -i :53stoppkill unboundrestartunboundserver:         verbosity: 1         interface: 0.0.0.0         access-control: 10.0.0.0/16 allow forward-zone:        name: "my-vpc.internal"        forward-addr: 252.252.199.199        forward-fir…

Set up private, internal DNS for your VPC using Route 53 and unbound

CRITICAL: AWS now offers internal VPC DNS! Below is no longer necessary AFAIK. Woo hoo!

http://aws.amazon.com/about-aws/whats-new/2014/11/05/amazon-route-53-now-supports-private-dns-with-amazon-vpc/

BELOW IS DEPRECATED!
create a Hosted Zone, something like "mydomain.internal"get the IP addresses of the name servers assigned to your new zoneSTRIP OFF '.' at the end of the name servers or BOOM!  create a new DHCP Options Setadd the IP addresses you gathered above to the domain-name-servers fieldChange DHCP Options Set of your VPC by right-clicking itrun sudo dhclient on any already-running instance in the VPC to pick up changesdebug changes have taken place on an instance: cat /etc/resolv.conf
RECOMMEND ALTERNATE SOLUTION: here's a sample unbound.conf I ended up using for a DNS forwarding server within my VPC -- see comments below. I adjusted the "options set" to point at this DNS server instead, 10.0.0.254 in my case.

NOTE: Btw, unbound is available unde…