Posts in Category: uncategorized


Packer – notes

Note, when you want to create a box to be shared on atlas, you need to ensure yoru box has the following configurations:

http://docs.vagrantup.com/v2/boxes/base.html (e.g. root user’s password should be “vagrant”)

https://atlas.hashicorp.com/help

https://atlas.hashicorp.com/help/vagrant/boxes/create
https://atlas.hashicorp.com/CodingBee

Install Packer on windows:

https://www.packer.io/downloads.html

this is a binary, so simply unzip it and place it a in a place like:

C:\HashiCorp\Packer

Then update windows “PATH” environment variable

Then open powershell termianl and run “packer –help”.

Now create your packer projects folder, e.g. :

C:\packer

than download an iso into it e.g. the centos dvd iso:

C:\packer

While it’s downloading, create an empty json file, give it a meaningful name:

centos-dvd-iso-virtualbox.json

Enter the following in the json file:

{
  "builders": [
    {
      "type": "virtualbox-iso",
      "guest_os_type": "RedHat_64",
      "iso_url": "CentOS-7-x86_64-DVD-1503-01.iso",
   															

Intro to SSL

Really good guide:

https://jamielinux.com/docs/openssl-certificate-authority/index-full.html

Even better guide:

http://www.zytrax.com/tech/survival/ssl.html#single-cert

How To Install Self-Signed SSL Certificate On Nginx In CenOS 7

 

https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs

The following will create a file called myblog.key

$ openssl genrsa -des3 -out /etc/nginx/ssl/myblog.key 2048

 

This file is required to generate a csr file. Next we create the csr file:

$  openssl req -new -key /etc/nginx/ssl/myblog.key  -out myblog.csr

 

http://operational.io/openssl-commonly-used-commands/

 

http://en.wikipedia.org/wiki/Alice_and_Bob

https://www.google.co.uk/search?q=alice+and+bob+ssl&ie=utf-8&oe=utf-8&gws_rd=cr&ei=i6xyVeKwB-aa7gaXs4PAAg

If you have a website, e.g. your own wordpress blog and you want to set up ssl on it so that your url starts with https://… then you need to understand what is ssl is how it works.

 

There are 3 main types of files when


gpg – pgp keys

/etc/pki/rpm-gpg/rpm-gpg

https://www.google.co.uk/search?q=/etc/pki/rpm-gpg/rpm-gpg&ie=utf-8&oe=utf-8&gws_rd=cr&ei=QdlIVcq_JtfdaoGfgKgE

https://app.pluralsight.com/player?course=linux-networking-service-management-security-fundamentals&author=andrew-mallett&name=linux-networking-service-management-security-fundamentals-m11&clip=1&mode=live


Intro to Rundeck

Rundeck can be use to run the same bash command, shell script, serverspec scripts,….etc….on multiple VMs at the same time.

Can also be used to orchestrate puppet runs.

There is a bit of an overlap on which tool to use, e.g. do a “passwd {username}” using Rundeck to change someones password, or use puppet.

https://github.com/rundeck-plugins/rundeck-logstash-plugin

Also checkout:

http://logstash.net/
https://www.elastic.co/products/kibana


Linux – rhn-channel and Spacewalk

The Spacewalk server is your custom rpm server which hosts all your rpm packages. If you want to connect to an Spacewalk server, you need to viers install the following package:

$ yum install rhn-setup

https://access.redhat.com/documentation/en-US/Red_Hat_Network_Satellite/5.5/html/Channel_Management_Guide/chap-Red_Hat_Network_Satellite-Channel_Management_Guide-Introduction_to_RHN_Channels.html

http://www.spacewalkproject.org/

the following lists all channels a machine is subscribed to:

# rhn-channel --list

Alternatively do:

$ spacewalk-channel --list

to register a client to a spacewalk server, you use the rhnreg_ks command:

$ rhnreg_ks --activationkey {channel name}

To subscribe to a new channel, we do:

https://access.redhat.com/solutions/57504

See also:

https://access.redhat.com/solutions/57504

also run the following command to check what repos you’re connected to:

$ yum repolist

Jenkins – Automate the creation of new Jenkins jobs

It is possible to create a jenkins job that when run:

– scans git for any newly created repo.
– creates a new jenkins job for new repos.

This is achieved using the the following plugin:

https://wiki.jenkins-ci.org/display/JENKINS/Job+DSL+Plugin

as well as writing some groovy script.

This jenkins job can then be run as an hourly cron job, or manually, as and when needed.

Also see:

https://github.com/jenkinsci/job-dsl-plugin/wiki/Tutorial—Using-the-Jenkins-Job-DSL

https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+CLI


Linux – Zip and unzip files

To zip a single file a in linux

gzip filename

To unzip a single file in linux

 gunzip filename 

To compress a directory the command is

 tar -cf filename.tar filename

filename.tar will be the new name of zipped file for filename.
-cf means creat a file
When compressing a directory it is important not to be in the directory. The command will not work otherwise.

To extract the filename.tar file the command is

 tar -xf goat.tar

-xf means extracting a file.


Linux – Pluggable Authentication Modules (PAM)

The Linux-PAM System Administrators Guide

http://linux.die.net/man/5/system-auth-ac
http://linux.die.net/man/8/authconfig

http://www.linuxgeek.net/documentation/authentication.phtml

https://www.google.co.uk/search?q=authconfig+enablewinbindauth+&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-GB:official&client=firefox-a&channel=sb&gfe_rd=cr&ei=0XHwVKC5C4OP-wap0oCADA#safe=off&rls=org.mozilla:en-GB:official&channel=sb&q=edit+%2Fetc%2Fpam.d%2Fsystem-auth