nextcloud
# install nextcloud with snap snap install nextcloud sudo snap enable nextcloud sudo snap disable nextcloud # set domain nextcloud.occ config:system:set trusted_domains 0 --value="nextcloud.example.com"
# create user export OC_PASS=pass1234 nextcloud.occ user:add --display-name "Foo Bar" --group=bar --password-from-env foo
# create email nextcloud.occ mail:account:create fobr "Foo Bar" foo.bar@example.com imap.example.com 143 off foo.bar pass1234 smtp.example.com 25 off foo.bar pass1234
# path /var/snap/nextcloud/common/nextcloud/data/admin/file # rescan files nextcloud.occ files:scan --path=admin nextcloud.occ files:scan --all # external files nextcloud.occ files_external:list sudo snap connect nextcloud:removable-media
Calendar
cloud-config / cloud-init
Cloud config examples
https://cloudinit.readthedocs.io/en/latest/reference/examples.html
Re-run cloud-init
sudo cloud-init init sudo cloud-init modules --mode=final # cat /var/lib/cloud/seed/nocloud-net/user-data
Network
https://cloudinit.readthedocs.io/en/latest/reference/network-config-format-v2.html
cloud-init.network-config: | network: version: 2 ethernets: mgmt-dev: mtu: 9000 addresses: - 10.33.1.21/20 routes: - to: 10.33.0.0/16 via: 10.33.1.1 - to: 10.8.0.0/22 via: 10.33.1.1 - to: 192.168.252.0/23 via: 10.33.1.1 nameservers: addresses: - 10.8.1.74 - 10.8.1.174 search: - dev.example.com mgmt-public: addresses: - 10.0.1.100/24 gateway4: 10.0.1.1
V1
user.network-config: | version: 1 config: - type: physical name: dev-mgmt subnets: - type: static address: 10.33.20.40/20 gateway: 10.33.16.1 routes: - gateway: 10.33.16.1 network: 10.33.0.0/16 dns_nameservers: - 10.8.3.74 - 10.8.3.174 dns_search: - dev.i.example.com - type: physical name: dev-ipmi subnets: - type: static address: 10.32.20.40/20 gateway: 10.32.16.1
network:
version: 1
config:
- type: physical
name: eth0
subnets:
- type: dhcpTerrafrom
https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/cloudinit_config
Launch QEMU Virtual Machines with LXD
Since version 4.0 LXD also natively supports virtual machines and thanks to a built-in agent, they can be used almost like containers.
lxc image list images: | grep VIRTUAL-MACHINE lxc launch images:ubuntu/21.04 vm2104 --vm lxc launch images:ubuntu/21.04/cloud vm2104c --vm
Links
https://linuxcontainers.org/lxd/getting-started-cli/#launch-a-virtual-machine
Microsoft teams under Linux / Ubuntu
Install Microsoft Teams
wget https://packages.microsoft.com/keys/microsoft.asc -qO-| sudo apt-key add - sudo sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/ms-teams stable main" > /etc/apt/sources.list.d/teams.list' sudo apt update sudo apt install -y teams
Ansible
cat <<EOF> /tmp/teams.yml --- - hosts: localhost tasks: - name: Add teams APT key apt_key: url: https://packages.microsoft.com/keys/microsoft.asc become: yes - name: Add teams repository apt_repository: repo: "deb [arch=amd64] https://packages.microsoft.com/repos/ms-teams stable main" become: yes - name: Install teams apt: update_cache: yes name: teams become: yes EOF ansible-playbook /tmp/teams.yml --ask-become-pass
Install by snap
sudo snap install teams
2Factor authentification
# Google Authentificaor
https://mysignins.microsoft.com/security-info
https://blog.paranoidpenguin.net/2018/06/office-365-multi-factor-authentication-with-google-authenticator/
# Microsoft Authenticator for Android
https://play.google.com/store/apps/details?id=com.azure.authenticator
Webclient
https://teams.microsoft.com
Links
https://docs.microsoft.com/de-de/microsoftteams/get-clients
ufw
ufw status ufw enable sudo ufw allow 22/tcp sudo ufw allow 4500/udp ufw start sudo ufw deny 41194/udp ufw app list ufw status ufw status numbered ufw delete 1
Links
https://linuxconfig.org/how-to-delete-ufw-firewall-rules-on-ubuntu-18-04-bionic-beaver-linux
Kubernetes the hard way
Links
https://github.com/kelseyhightower/kubernetes-the-hard-way
Configure OpenStack application credentials
mkdir -p ~/.config/openstack cat <<EOF> ~/.config/openstack/clouds.yaml clouds: dev-foo: auth_type: "v3applicationcredential" auth: auth_url: https://keystone.service.dev.example.com/v3 application_credential_id: "YOUR_CREDENTIAL_ID" application_credential_secret: "YOUR_CREDENTIAL_PASS" EOF
Install Terraform
cat <<EOF> /tmp/install-terraform.yml --- - hosts: localhost tasks: - name: Get latest Terraform version uri: url: https://checkpoint-api.hashicorp.com/v1/check/terraform register: response - set_fact: terraform_download_url: "{{ response.json.current_download_url }}" terraform_version: "{{ response.json.current_version }}" - name: Download Terraform {{ terraform_version }} unarchive: src: "{{ terraform_download_url }}terraform_{{ terraform_version }}_{{ ansible_system | lower }}_amd64.zip" remote_src: yes dest: ~/bin creates: ~/bin/terraform mode: 0550 EOF ansible-playbook /tmp/install-terraform.yml
Create test env on OpenStack
OpenStack: Octavia / Amphora LB check
#!/bin/bash source /etc/kolla/admin-openrc.sh function show_lb_owner() { LB_ID=$1 # show project PROJECT_ID=$(openstack loadbalancer show -c project_id -f value ${LB_ID}) PROJECT_NAME=$(openstack project show -c name -f value ${PROJECT_ID}) # show domain DOMAIN_ID=$(openstack project show -c domain_id -f value ${PROJECT_ID}) DOMAIN_NAME=$(openstack domain show -c name -f value ${DOMAIN_ID}) echo "Domain: ${DOMAIN_NAME}" echo "Project: ${PROJECT_NAME}" } EXIT_CODE=0 # list broken LB OUTPUT="$(openstack loadbalancer amphora list --provisioning-status ERROR)" if [ -n "${OUTPUT}" ]; then echo "${OUTPUT}" EXIT_CODE=1 fi # search for broken LB
NVMe
Install
sudo apt install -y nvme-cli
CLI
# list devices nvme list nvme smart-log /dev/nvme0n1 isdct show -d DeviceStatus,Index,Firmware,FirmwareUpdateAvailable -intelssd # format https://manpages.ubuntu.com/manpages/jammy/en/man1/nvme-format.1.html nvme format --force /dev/nvmeXn1 blkdiscard --force /dev/nvmeXn1
Fix nvme1: ignoring ctrl due to duplicate subnqn
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1803692
# dmesg | grep nvme [ 2.546620] nvme nvme0: pci function 0000:5e:00.0 [ 2.552447] nvme nvme1: pci function 0000:5f:00.0 [ 2.768347] nvme nvme1: ignoring ctrl due to duplicate subnqn (nqn.2017-12.org.nvmexpress:uuid:11111111-2222-3333-4444-555555555555). [ 2.775422] nvme nvme1: Removing after probe failure status: -22 [ 2.779813] nvme0n1: p1 p2
Fix by upgrade NVMe firmware
http://www.panticz.de/intel/nvme
Delete
Octavia: proxy protocol
openstack loadbalancer listener create --name foo-lb1-tcp-80 --protocol TCP --protocol-port 80 foo-lb1 openstack loadbalancer pool create --name foo-lb1-proxy-pool --lb-algorithm ROUND_ROBIN --listener foo-lb1-tcp-80 --protocol PROXY openstack loadbalancer member create --subnet-id foo-subnet --address 10.0.1.13 --protocol-port 80 foo-lb1-proxy-pool # check whather http_realip_module is available nginx -V 2>&1 | grep -- 'http_realip_module' # configure nginx cat /etc/nginx/sites-enabled/default ... server { listen 80 default_server proxy_protocol; set_real_ip_from 10.0.1.17; # incomming proxy IP #set_real_ip_from 192.168.1.0/24; real_ip_header proxy_protocol; ... cat /etc/nginx/nginx.conf ... http { proxy_set_header X-Real-IP $proxy_protocol_addr; proxy_set_header X-Forwarded-For $proxy_protocol_addr; ...
Links
https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/
https://www.scaleway.com/en/docs/configure-proxy-protocol-with-a-load-balancer/