About admin

This author has not yet filled in any details.
So far admin has created 23 blog entries.

January 2018

SSL auth with .p12 – Root CA and .p12

2018-01-31T04:01:32+00:00 January 31st, 2018|Linux, Ubuntu|

PART ONE – setup ssl and ssl certs.

1. enable ssl, run command

a2enmod ssl

and then restart apache

service apache2 restart

go to /etc/apache2 and create ssl folder

mkdir ssl

2. generate key and crt file – follow instruction on the screen

openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout apache.key -out apache.crt

3. edit /etc/apache2/sites-available/default-ssl.conf and add path to generated certs (line 32/33).

SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

4. activate ssl virtual host

sudo a2ensite default-ssl.conf

5. and then restart apache

service apache2 restart

6. setup redirection from http to https, edit vim /etc/apache2/sites-available/000-default.conf and add below code:

RedirectPermanent / https://vault.bartron.uk/

and then restart apache

service apache2 restart

PART TWO – SSL should work with your website lets setup private key access.

7. go to cert directory: /etc/apache2/ssl

8. generate new CA

openssl genrsa -des3 -out myCA.key 2048

9. Generate root certificate

openssl req -x509 -new -nodes -key vaultCA.key -sha256 -days 1825 -out vaultCAroot.pem

10. convert certificate to pem

openssl pkcs12 -export -out apache.bartron.uk.p12 -inkey vaultCA.key -in vaultCAroot.pem

11. enable CA root, edit default-ssl.conf and add/edit (line 51/52)

SSLCACertificatePath /etc/apache2/ssl
SSLCACertificateFile /etc/apache2/ssl/vaultCAroot.pem

12. enable client auth to require (line 69/70)

SSLVerifyClient require
SSLVerifyDepth 10

November 2017

deploy openstack – centos7

2017-12-17T12:37:39+00:00 November 22nd, 2017|Linux|

Disable Firewall / network manager / enable network

systemctl disable firewalld NetworkManager
systemctl disable firewalld
systemctl stop firewalld
systemctl disable NetworkManager
systemctl stop NetworkManager
systemctl enable network

disable getenforce

getenforce 0

edit selinux change SELINUX to permissive

vim /etc/selinux/config
SELINUX=permissive

change network settings

/etc/sysconfig/network-scripts/ifcfg-eno1
BOOTPROTO=none
DEFROUTE=yes
DEVICE=eno1
GATEWAY=192.168.7.2
HWADDR=84:2b:2b:6f:63:7c
IPADDR=192.168.7.32
MTU=1500
NETMASK=255.255.255.0
NM_CONTROLLED=no
ONBOOT=yes
TYPE=Ethernet
USERCTL=no

quick reboot

sync;reboot

– start installation packstack

change vim /etc/environment

LANG=en_UK.utf-8
LC_ALL=en_UK.utf-8

install repo and pack-stack with configuration file

yum install -y centos-release-openstack-pike
yum update -y
yum install -y openstack-packstack
packstack --gen-answer-file=answer.txt

edit answer.txt choose packages and change:


CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=extnet:br-ex
CONFIG_NEUTRON_OVS_BRIDGE_IFACES=br-ex:eno1

install openstack

packstack --answer-file=answer.txt

login to horizon
– go to admin -> networks and remove (routers, networks).
– create new network (Name=external, Project=admin, network type=flat Phisical Network=extnet, tick shared)
– add your subnet ip’s

edit /etc/neutron/dhcp_agent.ini and change to True

enable_isolated_metadata=True

restart neutron dhcp agent

systemctl restart neutron-dhcp-agent

resources: https://www.youtube.com/watch?v=Udtr1zJhcrw

September 2017

Simple NAS with Samba and USB HDD

2017-09-25T10:49:12+00:00 September 25th, 2017|Ubuntu|

list all devices

bart@ubuntu:~$ dmesg

at the bottom find your device name in my case 500gb usb hdd as sdb

sd 6:0:0:0: [sdb] 976773168 512-byte logical blocks:500GB/465GiB)

create partition with fdisk on sdb hdd

sudo fdisk /dev/sdb

– click m for help than choose “p” to list existing partitions
– remove partition by pressing “d” and select partiton from the list
– “n” for new partiton “p” primary partition, number “1”
– save and exit “w”

format to ext4

sudo mkfs.ext4 /dev/sdb1

create directory for NAS in your desire location

bart@ubuntu:/mnt$ sudo mkdir NAS

mount hdd to directory /mnt/NAS/

sudo mount /dev/sdb1 /mnt/NAS/

find uuid for sdb1

sudo blkid /dev/sdb1

add USB HDD to permanent mount after reboot edit /etc/fstab

sudo nano /etc/fstab

add USB HDD to permanent mount after reboot edit /etc/fstab

#add at the bottom of the file than save (use your UUID)
UUID="5fc39f17-7763-4633-92e7-41e62c56e614" /mnt/NAS/ ext4 defaults,users,umask=0 0 0

test in by umount /dev/sdb1 and than use

sudo mount -a

create share folder /mnt/NAS/SHARENAME

sudo mkdir /mnt/NAS/SHARENAME

make sure about permissions

sudo chmod 777 /mnt/NAS/SHARENAME

edit /etc/samba/smb.conf

[global]
workgroup = workgroup
netbios name = NAS
server string = Samba Server %v
map to guest = Bad User
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
preferred master = No
local master = No
dns proxy = No
security = User
interfaces = em1 lo
bind interfaces only = yes
hosts allow = 127.0.0.1 192.168.1.0/24 192.168.7.0/24
hosts deny = 0.0.0.0/0
[SHARENAME]
path = /mnt/NAS/SHARENAME
valid users= louise, bart, backup
read only = no
create mask = 0777
directory mask = 0777
writeable = Yes

add user
useradd louise

add password for samba

sudo smbpasswd -a louise

restart service

sudo service smbd restart

magic! ?

August 2017

Convert ens3 interface to eth0 – Ubuntu 16.04

2017-08-16T13:53:35+00:00 August 16th, 2017|Linux, Ubuntu|

edit grub file

sudo vim /etc/default/grub

and change line from “GRUB_CMDLINE_LINUX=”” to:

GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"

update grub

sudo update-grub

change /etc/network/interfaces to eth0 format

auto eth0
iface eth0 inet dhcp

change /etc/udev/rules.d/70-persistent-net.rules form ens3 to eth0

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="fa:16:3e:01:af:fa", NAME="eth0"

reboot system

July 2017

Juniper – WARNING: THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE

2017-07-17T19:25:21+00:00 July 17th, 2017|Juniper - Recovery|

quick fix:

request system snapshot media internal slice alternate

then

request system reboot

check after boot from which partition system is booted

show system storage partitions

with output of:

root> show system storage partitions
fpc0:
--------------------------------------------------------------------------
Boot Media: internal (da0)
Active Partition: da0s2a
Backup Partition: da0s1a
Currently booted from: active (da0s2a)
|
Partitions information:
Partition Size Mountpoint
s1a 183M altroot
s2a 184M /
s3d 369M /var/tmp
s3e 123M /var
s4d 62M /config
{master:0}
root>

then you can change active partition to boot from first partition

request system reboot slice alternate media internal

Juniper – firmware upgrade

2017-07-18T10:14:45+00:00 July 17th, 2017|Juniper - Recovery|

Upgrade firmware from usb – go to shell

root> start shell

find usb drive use

root@:RE:0% ls /dev/da*

then to test drive/partition

root@:RE:0% file -s /dev/da1s2

create folder for usb drive and mount usb drive to the folder

root@:RE:0% mkdir /var/tmp/usb
root@:RE:0% mount -t msdosfs /dev/da1s2 /var/tmp/usb

move image file to /var/tmp

cd /var/tmp/usb && mv jinstall-ex-2200-12.3R8.7-domestic-signed.tgz /var/tmp

go back to cli and run upgrade

root@bbc-temp-sw:RE:0% cli
{master:0}
root@bbc-temp-sw> request system software add /var/tmp/jinstall-ex-2200-12.3R8.7-domestic-signed.tgz validate reboot

Mac OS X – File limits

2017-07-16T02:31:48+00:00 July 16th, 2017|Linux, Mac|

file handles opend:

lsof | cut -f 1 -d ' ' | uniq -c | sort

run maxfiles limit

launchctl limit maxfiles

it should give you result like:

bartron ➜ ~/Users/bartosz launchctl limit maxfiles
maxfiles 256 unlimited

to up limit files run:

bartron ➜ ~/Users/bartosz sudo launchctl limit maxfiles 512 20000

Load More Posts