Since version 4.0 LXD also natively supports virtual machines and thanks to a built-in agent, they can be used almost like containers.
lxc image list images: | grep VIRTUAL-MACHINE lxc launch images:ubuntu/21.04 vm2104 --vm lxc launch images:ubuntu/21.04/cloud vm2104c --vm
Links
https://linuxcontainers.org/lxd/getting-started-cli/#launch-a-virtual-machine
Install Microsoft Teams
wget https://packages.microsoft.com/keys/microsoft.asc -qO-| sudo apt-key add - sudo sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/ms-teams stable main" > /etc/apt/sources.list.d/teams.list' sudo apt update sudo apt install -y teams
Ansible
cat <<EOF> /tmp/teams.yml --- - hosts: localhost tasks: - name: Add teams APT key apt_key: url: https://packages.microsoft.com/keys/microsoft.asc become: yes - name: Add teams repository apt_repository: repo: "deb [arch=amd64] https://packages.microsoft.com/repos/ms-teams stable main" become: yes - name: Install teams apt: update_cache: yes name: teams become: yes EOF ansible-playbook /tmp/teams.yml --ask-become-pass
Install by snap
sudo snap install teams
2Factor authentification
# Google Authentificaor
https://mysignins.microsoft.com/security-info
https://blog.paranoidpenguin.net/2018/06/office-365-multi-factor-authentication-with-google-authenticator/
# Microsoft Authenticator for Android
https://play.google.com/store/apps/details?id=com.azure.authenticator
Webclient
https://teams.microsoft.com
Links
https://docs.microsoft.com/de-de/microsoftteams/get-clients
ufw status ufw enable sudo ufw allow 22/tcp sudo ufw allow 4500/udp ufw start sudo ufw deny 41194/udp ufw app list ufw status ufw status numbered ufw delete 1
Links
https://linuxconfig.org/how-to-delete-ufw-firewall-rules-on-ubuntu-18-04-bionic-beaver-linux
Links
https://github.com/kelseyhightower/kubernetes-the-hard-way
Configure OpenStack application credentials
mkdir -p ~/.config/openstack cat <<EOF> ~/.config/openstack/clouds.yaml clouds: dev-foo: auth_type: "v3applicationcredential" auth: auth_url: https://keystone.service.dev.example.com/v3 application_credential_id: "YOUR_CREDENTIAL_ID" application_credential_secret: "YOUR_CREDENTIAL_PASS" EOF
Install Terraform
cat <<EOF> /tmp/install-terraform.yml --- - hosts: localhost tasks: - name: Get latest Terraform version uri: url: https://checkpoint-api.hashicorp.com/v1/check/terraform register: response - set_fact: terraform_download_url: "{{ response.json.current_download_url }}" terraform_version: "{{ response.json.current_version }}" - name: Download Terraform {{ terraform_version }} unarchive: src: "{{ terraform_download_url }}terraform_{{ terraform_version }}_{{ ansible_system | lower }}_amd64.zip" remote_src: yes dest: ~/bin creates: ~/bin/terraform mode: 0550 EOF ansible-playbook /tmp/install-terraform.yml
Create test env on OpenStack
#!/bin/bash source /etc/kolla/admin-openrc.sh function show_lb_owner() { LB_ID=$1 # show project PROJECT_ID=$(openstack loadbalancer show -c project_id -f value ${LB_ID}) PROJECT_NAME=$(openstack project show -c name -f value ${PROJECT_ID}) # show domain DOMAIN_ID=$(openstack project show -c domain_id -f value ${PROJECT_ID}) DOMAIN_NAME=$(openstack domain show -c name -f value ${DOMAIN_ID}) echo "Domain: ${DOMAIN_NAME}" echo "Project: ${PROJECT_NAME}" } EXIT_CODE=0 # list broken LB OUTPUT="$(openstack loadbalancer amphora list --provisioning-status ERROR)" if [ -n "${OUTPUT}" ]; then echo "${OUTPUT}" EXIT_CODE=1 fi # search for broken LB
Install
sudo apt install -y nvme-cli
CLI
# list devices nvme list nvme smart-log /dev/nvme0n1 # rescan device for nvme in /dev/nvme[0-9]; do sudo nvme ns-rescan $nvme done isdct show -d DeviceStatus,Index,Firmware,FirmwareUpdateAvailable -intelssd # format https://manpages.ubuntu.com/manpages/jammy/en/man1/nvme-format.1.html nvme format --force /dev/nvmeXn1 blkdiscard --force /dev/nvmeXn1
Fix nvme1: ignoring ctrl due to duplicate subnqn
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1803692
openstack loadbalancer listener create --name foo-lb1-tcp-80 --protocol TCP --protocol-port 80 foo-lb1 openstack loadbalancer pool create --name foo-lb1-proxy-pool --lb-algorithm ROUND_ROBIN --listener foo-lb1-tcp-80 --protocol PROXY openstack loadbalancer member create --subnet-id foo-subnet --address 10.0.1.13 --protocol-port 80 foo-lb1-proxy-pool # check whather http_realip_module is available nginx -V 2>&1 | grep -- 'http_realip_module' # configure nginx cat /etc/nginx/sites-enabled/default ... server { listen 80 default_server proxy_protocol; set_real_ip_from 10.0.1.17; # incomming proxy IP #set_real_ip_from 192.168.1.0/24; real_ip_header proxy_protocol; ... cat /etc/nginx/nginx.conf ... http { proxy_set_header X-Real-IP $proxy_protocol_addr; proxy_set_header X-Forwarded-For $proxy_protocol_addr; ...
Links
https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/
https://www.scaleway.com/en/docs/configure-proxy-protocol-with-a-load-balancer/
Install Mellanox Driver
http://www.panticz.de/mellanox/install-dirver
lspci | grep Mellanox mstconfig -y -d 18:00.1 set SRIOV_EN=1 NUM_OF_VFS=16 #cat /etc/modprobe.d/mlnx.conf #options mlx4_core num_vfs=5 probe_vf=5 apt install -y sysfsutils cat <<EOF> /etc/sysfs.d/mlnx-sriov_numvfs.conf class/net/ens6f0/device/sriov_numvfs = 8 class/net/ens6f1/device/sriov_numvfs = 8 class/net/ens7f0/device/sriov_numvfs = 8 class/net/ens7f1/device/sriov_numvfs = 8 EOF # /boot/grub/grub.cf intel_iommu=on ll /sys/class/net/en{p,s}* echo 8 > /sys/class/net/ens6f0/device/sriov_numvfs
Configure VLAN
# create container lxc launch ubuntu:20.04 osc lxc shell osc # install OpenStack CLI apt install -y python3-openstackclient python3-neutron-vpnaas python3-octaviaclient python3-barbicanclient openstack complete | sudo tee /etc/bash_completion.d/openstack source /etc/bash_completion # configure connection mkdir -p ~/.config/openstack cat <<EOF> ~/.config/openstack/clouds.yaml clouds: dev-foo-app: auth: auth_url: https://keystone.service.example.com/v3 application_credential_id: "xxxxxxxx" application_credential_secret: "xxxxxxxx" region_name: "eu-fra1" interface: "public" identity_api_version: 3 auth_type: "v3applicationcredential" EOF echo export OS_CLOUD=dev-foo-app >> .bashrc # test export OS_CLOUD=dev-foo-app openstack image list
List
openstack vpn ipsec site connection list openstack vpn endpoint group list openstack vpn service list openstack vpn ipsec policy list openstack vpn ike policy list
Setup
# install sudo apt-get install -y strongswan # Left (Peer client, behind NAT) Ubuntu Client IP: 212.8.9.10 Ubuntu net: 192.168.178.0/24 OpenStack VPN IP: 217.50.60.70 OpenStack Net: 10.0.1.0/24
Create OpenStack VPN endpoint
http://www.panticz.de/openstack/vpn-fritzbox
/etc/ipsec.conf