January 2018

SSL auth with .p12 – Root CA and .p12

2018-01-31T04:01:32+00:00 January 31st, 2018|Linux, Ubuntu|

PART ONE – setup ssl and ssl certs.

1. enable ssl, run command

a2enmod ssl

and then restart apache

service apache2 restart

go to /etc/apache2 and create ssl folder

mkdir ssl

2. generate key and crt file – follow instruction on the screen

openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout apache.key -out apache.crt

3. edit /etc/apache2/sites-available/default-ssl.conf and add path to generated certs (line 32/33).

SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

4. activate ssl virtual host

sudo a2ensite default-ssl.conf

5. and then restart apache

service apache2 restart

6. setup redirection from http to https, edit vim /etc/apache2/sites-available/000-default.conf and add below code:

RedirectPermanent / https://vault.bartron.uk/

and then restart apache

service apache2 restart

PART TWO – SSL should work with your website lets setup private key access.

7. go to cert directory: /etc/apache2/ssl

8. generate new CA

openssl genrsa -des3 -out myCA.key 2048

9. Generate root certificate

openssl req -x509 -new -nodes -key vaultCA.key -sha256 -days 1825 -out vaultCAroot.pem

10. convert certificate to pem

openssl pkcs12 -export -out apache.bartron.uk.p12 -inkey vaultCA.key -in vaultCAroot.pem

11. enable CA root, edit default-ssl.conf and add/edit (line 51/52)

SSLCACertificatePath /etc/apache2/ssl
SSLCACertificateFile /etc/apache2/ssl/vaultCAroot.pem

12. enable client auth to require (line 69/70)

SSLVerifyClient require
SSLVerifyDepth 10

November 2017

deploy openstack – centos7

2017-12-17T12:37:39+00:00 November 22nd, 2017|Linux|

Disable Firewall / network manager / enable network

systemctl disable firewalld NetworkManager
systemctl disable firewalld
systemctl stop firewalld
systemctl disable NetworkManager
systemctl stop NetworkManager
systemctl enable network

disable getenforce

getenforce 0

edit selinux change SELINUX to permissive

vim /etc/selinux/config
SELINUX=permissive

change network settings

/etc/sysconfig/network-scripts/ifcfg-eno1
BOOTPROTO=none
DEFROUTE=yes
DEVICE=eno1
GATEWAY=192.168.7.2
HWADDR=84:2b:2b:6f:63:7c
IPADDR=192.168.7.32
MTU=1500
NETMASK=255.255.255.0
NM_CONTROLLED=no
ONBOOT=yes
TYPE=Ethernet
USERCTL=no

quick reboot

sync;reboot

– start installation packstack

change vim /etc/environment

LANG=en_UK.utf-8
LC_ALL=en_UK.utf-8

install repo and pack-stack with configuration file

yum install -y centos-release-openstack-pike
yum update -y
yum install -y openstack-packstack
packstack --gen-answer-file=answer.txt

edit answer.txt choose packages and change:


CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=extnet:br-ex
CONFIG_NEUTRON_OVS_BRIDGE_IFACES=br-ex:eno1

install openstack

packstack --answer-file=answer.txt

login to horizon
– go to admin -> networks and remove (routers, networks).
– create new network (Name=external, Project=admin, network type=flat Phisical Network=extnet, tick shared)
– add your subnet ip’s

edit /etc/neutron/dhcp_agent.ini and change to True

enable_isolated_metadata=True

restart neutron dhcp agent

systemctl restart neutron-dhcp-agent

resources: https://www.youtube.com/watch?v=Udtr1zJhcrw

August 2017

Convert ens3 interface to eth0 – Ubuntu 16.04

2017-08-16T13:53:35+00:00 August 16th, 2017|Linux, Ubuntu|

edit grub file

sudo vim /etc/default/grub

and change line from “GRUB_CMDLINE_LINUX=”” to:

GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"

update grub

sudo update-grub

change /etc/network/interfaces to eth0 format

auto eth0
iface eth0 inet dhcp

change /etc/udev/rules.d/70-persistent-net.rules form ens3 to eth0

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="fa:16:3e:01:af:fa", NAME="eth0"

reboot system

July 2017

Mac OS X – File limits

2017-07-16T02:31:48+00:00 July 16th, 2017|Linux, Mac|

file handles opend:

lsof | cut -f 1 -d ' ' | uniq -c | sort

run maxfiles limit

launchctl limit maxfiles

it should give you result like:

bartron ➜ ~/Users/bartosz launchctl limit maxfiles
maxfiles 256 unlimited

to up limit files run:

bartron ➜ ~/Users/bartosz sudo launchctl limit maxfiles 512 20000

February 2017

Convert VirtualBox .ova to .qcow2

2017-07-15T23:53:02+00:00 February 9th, 2017|gns3, Linux, Ubuntu|

extract the disk image

tar -xvf junos-vsrx-12.1X47-D20.7-domestic.ova

convert VMDK to QCOW2 format

qemu-img convert -O qcow2 junos-vsrx-12.1X47-D20.7-domestic-disk1.vmdk junos-vsrx-12.1X47-D20.7-domestic.qcow2

Ubuntu GNS3 Server with KVM support

2017-02-06T20:28:48+00:00 February 6th, 2017|gns3, Linux, Ubuntu|

add gns3 repository

sudo add-apt-repository ppa:gns3/ppa

update apt

sudo apt-get update

install gns3 server

sudo apt-get install gns3-server

install kvm support

sudo apt-get install qemu-kvm libvirt-bin virtinst bridge-utils cpu-checker

make sure your system supports virtualisation

kvm-ok

than you should get something like this

INFO: /dev/kvm exists
KVM acceleration can be used

then run server

gns3server --host 192.168.7.15

January 2017

Load More Posts