Skip to main content

Posts

Showing posts from 2019

Installing MySQL in a container and creating a new database

MySQL is a very popular database engine. Usually, chances are you probably don’t wake up one day wanting to install MySQL. Instead, you most likely have a software package which requires a MySQL database, and so adding this engine is a side effect, so you want to do it as quickly and efficiently as possible. Here we will cover how to install the database as a Docker container, and then how to create a new user and database for it.The first thing to do is making sure Docker is installed. You can see my earlier post on how to do that.Once Docker is installed, use this command to install MySQL, along with the root password you wish:docker run --name mysql -v /mysql_content:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=mypassword -d mysql:latest After that, you can enter the container and run a shell in order to start the mysql client:docker exec -it mysql /bin/bash mysql -u root -p Finally, you can create a new user and database according to the needs of the software package you’re tryin…

Using tor to download anonymously on CentOS Linux

In order to download anonymously (whether it’s for free speech reasons, to bypass IP-based restrictions, or for other reasons) the TOR Project provides the perfect solution, and it’s really easy to use from the command line. On CentOS or RedHat Linux, the best way to get tor is to download it from the EPEL repository. Simply install EPEL and then install tor:yum install epel-release yum install tor You can configure the various options by editing files in the /etc/tor folder, however the defaults are fine for our uses, so we won’t change anything. Once configured, you have to start the service. This will create a SOCKS proxy for you to use:systemctl start tor Note that this takes a minute to start, because the service needs to start the proxy and then connect to the tor directory node. Monitor the startup sequence to know when it’s done setting itself up:systemctl status tor Once the service is running, you can use the torsocks binary to fetch something from the Internet ove…

What is DevOps? Here is my definition

The tech world is filled with buzz words, from cloud to synergy, serverless and of course DevOps. If you look at job postings or company guidelines, DevOps is probably the most common term you can find. The problem is that this term has many different definitions, which leads to people not really understanding what it means, or what is involved in actually practicing DevOps on a day to day basis. So here is my definition, based on many years practicing the various concepts embedded in DevOps.The word itself gives you the most important clue as to what DevOps means: Developers and Operations. DevOps is a mix of the development and operations worlds, which is a massive shift of how technology used to work. Back in the 90s, there was two very clear paths that you could follow in order to work in tech. There was IT, which focused on operations (maintaining servers, configuring software, looking over logs, etc) and there was software development, which focused on creating and bu…

Automating the creation of a self-signed certificate in IIS

In order to use HTTPS (and everyone should use encryption) you need to use an SSL certificate. Usually, that means creating a Certificate Signing Request (CSR) and sending it to a public Certificate Authority (CA) to get a recognized certificate over the Internet. But if you have to host an internal web site, you may not need a public certificate. A good example is if you have a number of instances providing a web application, living behind a load balancer. The typical deployment methodology would be to have a single public SSL certificate that terminates at the load balancer, but you still want the traffic between the load balancer and the instances to be encrypted.Here I will show you how to easily automate the creation of self-signed certificate for Windows instances using PowerShell. If you were to deploy it manually, you can use the IIS management console to do it, but in a modern deployment, you should automate the process. The first part is to create the actual cer…

A homelab on a budget

A number of years ago, I had my own server under my desk. This was a fairly beefy (at the time) server running ESXi for virtualization, with a number of VMs for testing and development work. Back then, building a homelab meant using real hardware with, at the most, VMs on top of it. As my career in IT advanced, I still needed to keep up to date with technology, plus it’s actually a passion of mine so it’s not like I was going to stop playing around with things. But I no longer have that server. In fact, I haven’t had a dedicated server for a long time now, nor do I spend a lot of money on hardware for said homelab.Instead, this is what my current homelab looks like:As you can see, I utilize a number of low cost options. First, all of my Internet services such as this web site, my email server, VPN server, cloud storage and so on runs in the cloud on AWS. This has a number of advantages. First the cost is drastically lower than running my own datacenter in my home. Then, th…

Using Docker on CentOS 7

CentOS 7 is a great distribution of Linux for servers and development systems. With micro-services, one potentially useful tool you may want to use is Docker containers, however this doesn’t come built-in on CentOS. This short tutorial will show you how to install Docker and use common comments.Adding the Docker repositoryThe first thing to do is to add the Docker repository with this command:yum install yum-utils yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo Installing DockerNext you can install the Docker Community Edition from the repo:yum install docker-ce Note that if you get a conflict with the older version of Docker which is present on the CentOS extras repository, you may need to uninstall that first, along with doing software updates:yum update yum remove docker docker-common Once installed, you can start and enable the daemon:systemctl start docker systemctl enable docker Finally, check the version installed:docker version Listing…

Scanning Wi-Fi with Linux

IntroductionThis shows a number of things that can be done with the right wireless card on a Linux command line. Note that some of these commands require ‘monitor’ mode, which most wireless adapters cannot do. So you will typically need to get a USB Wi-Fi dongle to be able to put them in this mode.Note that these commands are provided as reference and for education purposes only. Some of them may be illegal to use against networks you do not own.Listing nearby access pointsYou can view the SSID, frequency, channel information and more around your location with the following command:iwlist scan Changing adapter to monitor modeFirst, find out which adapters are available on your system:iwconfig Then you can see what your adapter supports with the following command:iw list If the word monitor is not in the available interface modes, then your adapter doesn’t support it. If it does, you can enable it the following way:iwconfig wlan0 mode monitor If you get a operation not supported

Building a VPN server in AWS

IntroductionThere are many VPN solutions and many ways to deploy such a system. In this tutorial we’ll focus on implementing OpenVPN Access Server on a CentOS 7 EC2 instance. In order to follow along, you will need an active AWS account, a domain name and some familiarity with AWS concepts.Starting the CentOS hostIn the AWS console, select the region where you want that VPN to live in, then launch a new instance. You can find the latest CentOS 7 AMI in the marketplace, use one of the smaller instance sizes, and you should only need 10 GB of disk space for it.For the security group, you will need the following rules:SSH available from your IP addressTCP port 943 available from everywhereTCP port 1194 available from everywhereUDP port 1194 available from everywhereOnce started, go under the Elastic IP section and assign a new IP for the host, since we want a consistent IP to always be available. If you own a domain name, it’s also useful to assign a hostname to that IP, to make it e…

Ansible tips and tricks

Ansible is a server management tool that gets installed on a single Linux hosts, then uses playbooks to communicate out via SSH to servers and run commands.Installation:This will install Ansible on a CentOS host, then use a custom hosts file to ping all the hosts using a custom login key:> yum install ansible > ansible --version > ansible all -i ~/.ansible/hosts -m ping --user=centos --private-key ~/tests.pem Hosts:Place in /etc/ansible/hosts or in a custom file:[name] ip1 ip2 ip3 Running a playbook:This example will run a playbook with a custom login key and custom host file:> ansible-playbook -v -i ~/.ansible/hosts --private-key ~/tests.pem ~/git/scripts/centos-initial.playbook --limit prod > play centos-initial.playbook --limit prod Run on a single node: -i ip.Provisioning a full load balanced, auto-scaling environment:Create certificate for elb.dendory.net, *.test.dendory.net using Certficiate Manager in AWS console.Create a load balancer through the AWS console, …

Installing multiple Python versions

Compiling a new versionwget https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tgz tar xzvf Python-3.6.0.tgz cd Python-3.6.0/ ./configure --prefix=/usr/local/python/python3.6 make make altinstall Installing pipwget https://bootstrap.pypa.io/get-pip.py /usr/local/python3.6/bin/python3.6 get-pip.py --prefix=/usr/local/python/python3.6/ Installing a module/usr/local/python/python3.6/bin/pip3 install argcomplete Compiling Python with an alternate library pathYou can edit Modules/Setup.dist with the proper paths, for example the SSL section for a different OpenSSL binary. Then, set the LDFLAGS variable and copy the dist file:cp Modules/Setup.dist Modules/Setup export LDFLAGS="-Wl,-rpath,/your/library/path" You can then run make to compile Python.

Making a weather status screen in Python

As part of my Raspberry Pi powered status script I show the current weather for my city of Montreal. At first I used the widget provided by Weather Canada, but I decided to move to a custom web page by using a simple Python script that reads the RSS feed from the same Weather Canada service, and then show the result using Font Awesome icons and the Bootstrap framework.This is what the result looks like:The first thing to do is import the needed libraries, including feedparser which allows us to parse the RSS feed, then connect to the feed and extract the information. Finally, we display a bootstrap table with the data for the few next upcoming days.This is the complete code:#!/usr/bin/env python3 import os import sys import time import connix import feedparser import re # This is the feed URL rss = feedparser.parse("https://weather.gc.ca/rss/city/qc-147_e.xml") print(connix.header()) print("<html><head><link href='https://maxcdn.bootstrapc…

Setting up a ZFS filesystem on Linux

When installing a new Linux system, typically your default filesystem will be EXT4 or perhaps even XFS, which is the newer filesystem that most recent distributions are starting to use. But when you want to store a large amount of data, you may want to use something more robust. The ZFS filesystem is becoming all the rage, and for good reason. First invented by Sun Microsystems, ZFS provides a lot of cool features:Data integrity: ZFS will silently use checksum values to make sure there is no degradation of data over time, whether from phantom writes, spikes in the hardware current, or silent data corruption.Built-in raid: ZFS provides several raid types without the need of a hardware raid card.Large capacity: With ZFS pools, you can extend multiple hard drives into a single logical volume.Efficiency: ZFS allows you to use cache and log disks to speed up read or write access.Installing ZFSThe first thing to do in order to use ZFS is to install the kernel driver. You can find ou…

Creating a foreign key in MySQL

The idea behind foreign key in a database is that one table relates to another table. The common example is that you may have a table containing users which has these fields:id: The ID of the username: The full name of the useremail: The email address of the userThen you may have a table with purchases, which links to the user table:id: The ID of the purchasedate: The date of the purchaseitem: The item purchasedprice: The price of the itemuser_id: The id of the userTechnically, you don’t have to link both tables. You could fill the user_id field with an idea from the users’ table and just assume it’s valid. But adding it as a foreign key just makes sure that the database will enforce that the id actually exists in the other table.This is how you can create the two tables:CREATE TABLE users (id VARCHAR(20) UNIQUE NOT NULL PRIMARY KEY, name VARCHAR(200), email VARCHAR(50)); CREATE TABLE purchases (id VARCHAR(20), date VARCHAR(20), item VARCHAR(50), price BIGINT, user_id VARCHAR(20)…

Image and video conversion with FFmpeg and ImageMagick

These commands require FFmpeg and ImageMagick, available for both Windows and Linux.Convert an AVI to MP4ffmpeg -i input.avi -c:v libx264 -crf 19 -preset slow -c:a aac -b:a 192k -ac 2 out.mp4 Auto orient, resize and change quality of an imageconvert -auto-orient input.jpg -resize 2048 -quality 80 output.jpg Convert a series of images into a videoffmpeg -pattern_type glob -i 'cam*.jpg' -c:v libx264 out.mp4

SystemD reference sheet

Get default target (runlevel)systemctl get-default List all targets (runlevels)systemctl --type=target Set default target (runlevel)systemctl set-default List all running servicessystemctl --type=service See service statussystemctl status sshd Start servicesystemctl start sshd Enable servicesystemctl enable sshd Writing service scriptshttp://0pointer.de/blog/projects/systemd-for-admins-3.htmlDisable CTRL-ALT-DELsystemctl mask ctrl-alt-del.target systemctl daemon-reload

Implementing Google Authentication on CentOS 7.x

IntroductionTraditional login credentials on a Linux system involves a username and password. However, a lot of services are adding two-factor authentication in order to be more secure, so not only something you know (the password) but also something you have (an authenticator). This can be easily done using the Google Authenticator, an app you can download on any modern smartphone.You can add the same capability to your Linux system so that the login process will ask you for your password and the token.InstallationThe following root commands will get the Google Authenticator library and instal it on your system, along with NTP to ensure the clock is kept in sync, which is crucial for this to work:yum install ntp systemctl enable ntpd systemctl start ntpd yum install pam-devel wget https://github.com/google/google-authenticator/archive/master.zip unzip master.zip cd google* ./bootstrap.sh ./configure make make install ConfigurationFirst, you need to add Google Authenticator t…

Raspberry Pi projects

Basic configurationLogin with the default pi / raspberry user.Turning on the wifi, GPIO pins (SPI), set boot options, etc:sudo raspi-config Making a status screen or kiosk using a Raspberry PiIntroductionThis section will show you how to easily create a status screen or kiosk using nothing but a spare display and a Raspberry Pi. This assumes you have a web page that you want displayed on that screen, either running on your own server, locally, or some third party web site. It also assumes you already connected the Pi to the display and successfully installed the built-in Raspbian OS (or other distribution of your choice) on the flash card.Setting up ChromiumFirst, install the following packages:chromiumx11-xserver-utilsunclutterOn Raspbian, you can type:apt-get install chromium x11-xserver-utils unclutter Next, you need to disable the screen saver in X Window. Edit /etc/xdg/xsession/LXDE/autostart and comment out the screen saver line with a # at the beginning of the line.Then…