linux

warning: Creating default object from empty value in /data/web/1/000/027/003/273448/htdocs/panticz.de/modules/taxonomy/taxonomy.pages.inc on line 33.

Rundeck (Job scheduler and Runbook automation)

ansible-playbook rundeck-ansible.example.com.yml -i your_inventory

---
hosts: rundeck-ansible.example.com
  vars:
    port_redirect:
      from: 4440
      to: 80
    install_ansible_plugin: true
  roles:
    - ansible
    - rundeck

Ansible role
https://github.com/panticz/ansible/tree/master/roles/rundeck
https://github.com/panticz/ansible/blob/master/rundeck.example.com.yml

# install
wget http://dl.bintray.com/rundeck/rundeck-deb/rundeck-2.7.1-1-GA.deb -P /tmp
sudo dpkg -i /tmp/rundeck-2.7.1-1-GA.deb
sudo /etc/init.d/rundeckd start

# Rundeck CLI
sudo apt-get install rundeck-cli
https://rundeck.github.io/rundeck-cli/

# Admin
http://localhost:4440/user/login;jsessionid=16lnsilhg9n6x38a090agwe8y
admin/admin

# configuration (global)
/etc/rundeck/framework.properties

# job database
/var/lib/rundeck/data/rundeckdb.mv.db

# add user
echo "foo:bar,user,devops" >> /etc/rundeck/realm.properties

# acl
/var/rundeck/projects//acls/.aclpolicy

Configuration (project)
# configure nodes
/var/rundeck/projects//etc/resources.xml

# use native ssh agent to access host behind proxy / bastion
/var/rundeck/projects//etc/project.properties
plugin.script-exec.default.command=/usr/bin/ssh ${node.username}@${node.hostname} ${exec.command}
plugin.script-copy.default.command=/usr/bin/scp ${file-copy.file} ${node.username}@${node.hostname}\:${file-copy.destination}

Email notification
http://rundeck.org/docs/administration/email-settings.html

# /etc/rundeck/rundeck-config.properties
grails.mail.host=smtp.example.com
grails.mail.port=25
grails.mail.username=foo
grails.mail.password=bar

# restart service
service rundeckd restart

# ssh
mkdir /var/lib/rundeck/.ssh
chown rundeck:rundeck /var/lib/rundeck/.ssh
chmod 700 /var/lib/rundeck/.ssh
touch /var/lib/rundeck/.ssh/id_rsa
chown rundeck:rundeck /var/lib/rundeck/.ssh/id_rsa
chmod 600 /var/lib/rundeck/.ssh/id_rsa

# log
tail -f /var/log/rundeck/*.log

# Documentation
http://rundeck.org/
http://rundeck.org/docs/manual/getting-started.html
http://rundeck.org/2.3.2/administration/configuring-ssl.html

# Plugins
http://rundeck.org/plugins/ansible/2016/03/11/ansible-plugin.html
http://rundeck.org/plugins/2013/01/01/jenkins-rundeck.html
http://rundeck.org/plugins/2013/01/01/aws-ec2-nodes.html

# Docker
https://github.com/x110dc/docker-rundeck

Change default admin password
# http://rundeck.org/2.3.2/administration/authenticating-users.html
RD_PASS=$(openssl rand -base64 16)
echo ${RD_PASS}
RD_PASS_MD5=$(java -cp /var/lib/rundeck/bootstrap/jetty-all-9.0.7.v20131107.jar org.eclipse.jetty.util.security.Password admin ${RD_PASS} 2>&1 | grep MD5)
sed -i "s/^admin:admin/admin:MD5:${RD_PASS_MD5}/g" /etc/rundeck/realm.properties
service rundeckd restart

# echo "framework.server.password = MD5:${RD_PASS_MD5}" >> /etc/rundeck/framework.properties

# Notify icinga
Local Command:
ssh monitoring.example.com '/usr/bin/printf "[%lu] SCHEDULE_FORCED_SVC_CHECK;%s;%s;%s\n" $(date +%s) ${node.name} APT $(date +%s) | tee -a /var/lib/icinga/rw/icinga.cmd'

# User authentification
http://rundeck.org/docs/administration/authenticating-users.html

Changelog
http://rundeck.org/docs/history/changelog.html

Rundeck jobs and scripts repository
https://github.com/panticz/rundeck

Job options
http://rundeck.org/2.0.0/manual/job-options.html

Pipe command
echo ${option.RSA} | tee /tmp/debug.txt

Sonoff / ITEAD ESP8266

Flash ESPEasy with a FTDI adapter
sudo apt-get install -y unzip wget python-minimal python-serial
wget -q https://codeload.github.com/espressif/esptool/zip/master -qO /tmp/espressif.zip
unzip /tmp/espressif.zip -d /tmp

wget http://www.letscontrolit.com/downloads/ESPEasy_R147_RC8.zip -qO /tmp/ESPEasy_R147_RC8.zip
unzip /tmp/ESPEasy_R147_RC8.zip -d /tmp
/tmp/esptool-master/esptool.py --port /dev/ttyUSB0 write_flash --flash_mode dio --flash_size 1MB 0x0 /tmp/ESPEasy_R147_1024.bin

# Connect to temporary WiFi access point
SSID: ESP_0
pass: configesp

ZFS filesystem on Linux

boot Ubuntu 16.04 LiveCD
terminal
sudo apt-get install -y ssh
sudo passwd ubuntu
ip a

SSH login to Ubuntu LiveCD
ssh ubuntu@

sudo su

apt-add-repository universe
apt update

apt install -y debootstrap zfs-initramfs

# rmove previous ZFS pool
zpool export rpool

DEVICES="
/dev/disk/by-id/ata-TOSHIBA_DT01ACA200_938457298
/dev/disk/by-id/ata-TOSHIBA_DT01ACA200_9D0JN9VR4
"

for DEVICE in ${DEVICES}; do
zpool labelclear -f ${DEVICE}
parted -s -- ${DEVICE} mklabel gpt
sgdisk -a1 -n2:40:2047 -t2:EF02 ${DEVICE}

Glassfish

https://glassfish.java.net/download.html
http://download.oracle.com/glassfish/4.1/promoted/index.html

# parameter
grep pass /etc/init.d/glassfish
ASADMINOPTS="--user admin --passwordfile /opt/glassfish/pass"

# asadmin
http://docs.oracle.com/cd/E19798-01/821-1758/6nmnj7pso/index.html
/opt/glassfish/bin/asadmin --user admin --passwordfile /opt/glassfish/conf/pass list-jvm-options | grep Dcom.sun.management.jmxremote.port
/opt/glassfish/bin/asadmin --user admin --passwordfile /opt/glassfish/conf/pass create-jvm-options -Dcom.sun.management.jmxremote.port=1234

Mate

# install
sudo apt-get install ubuntu-mate-desktop

# reset panel
mate-panel --reset

# configuration
https://github.com/vinadoros/CustomScripts/blob/master/DMATE.sh

gsettings set org.mate.caja.preferences default-folder-viewer 'list-view'

# Caja bookmarks
~/.gtk-bookmarks

Create and install StartCom SSL certificate

openssl \
req \
-nodes \
-newkey rsa:2048 \
-keyout www.example.com.key \
-out www.example.com.csr \
-subj "/C=DE/ST=NRW/L=Berlin/O=My Inc/OU=DevOps/CN=www.example.com/emailAddress=dev@www.example.com"

a2enmod ssl
a2ensite default-ssl
service apache2 restart

cp /tmp/2_*.crt /etc/ssl/certs/
cp /tmp/1_root_bundle.crt /etc/ssl/certs/
cp /tmp/*.key /etc/ssl/private/

/etc/apache2/sites-enabled/default-ssl.conf
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL

Fix grub on btrfs partition

# mount the btrfs root subvolume
mount /dev/sda1 /mnt -o subvol=/

# (optional) set the default subvolume
btrfs sub set @ /mnt

mount /proc /mnt/proc --bind
mount /dev /mnt/dev --bind
mount /sys /mnt/sys --bind

chroot /mnt

grub-install /dev/sda
update-grub /dev/sda

# activate first partition
fdisk -l /dev/sda

tv

wget -q https://download.teamviewer.com/download/version_11x/teamviewer_qs.tar.gz -O - | tar -C /tmp/ -xz && /tmp/teamviewerqs/teamviewer

Squid: Compile with SSL support under Debian Wheezy / Jessie

wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/scripts/master/compile.squid.with.ssl.support.sh -O - | bash -s

#!/bin/bash

# add Debian Wheezy backports repository
cat <<EOF> /etc/apt/sources.list.d/wheezy-backports.list
deb http://ftp.de.debian.org/debian wheezy-backports main
deb-src http://ftp.de.debian.org/debian wheezy-backports main
EOF
 
# update repository list
apt-get update
 
# install required dev packages
apt-get install -y wget openssl devscripts build-essential libssl-dev
 
# install debian squid3 source code
apt-get source -y squid3
 
# install all required dependeny packages
apt-get build-dep -y squid3
 
# enable SSL support
wget -q http://dl.panticz.de/squid/squid3-3.4.8_enable_ssl.diff -O - | patch -p2 squid3-3.4.8/debian/rules
 
# build packages
cd squid3-3.4.8
debuild -us -uc

Install packages
apt-get install logrotate
dpkg -i *.deb
apt-get install -f

Test configuration
# squid3 -v
Squid Cache: Version 3.4.8
configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--enable-inline' '--disable-arch-native' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth-basic=DB,fake,getpwnam,LDAP,MSNT,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB' '--enable-auth-digest=file,LDAP' '--enable-auth-negotiate=kerberos,wrapper' '--enable-auth-ntlm=fake,smb_lm' '--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group' '--enable-url-rewrite-helpers=fake' '--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-translation' '--with-swapdir=/var/spool/squid3' '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-ssl' '--with-open-ssl=/etc/ssl/openssl.cnf' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall' 'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security'

Links
http://ubuntuforums.org/showthread.php?t=2171061

Syndicate content