ravibhure

External Resources

• linuxacademy.com (Training)
• Acloud.guru (training)
• Read the top-level Documentation and FAQs for all the major AWS resources (EC2, S3, RDS, Auto Scaling, etc). The answers to the "nit-picky" questions can be found here. It's also helpful to go deeper on VPCs and networking-related concepts.
  • VPC http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-vpc.html
  • VPC Security http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Security.html
  • VPC Route Tables http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html
• Everyone says read the white papers. The ones I read were:
  • Security Best Practices https://d0.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf
• Cloud Best Practices https://d0.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf

ravibhure

Settting up a Container Registry with docker-gitlab

This should be used for new users to getting started with the container registry feature on docker-gitlab.

Requirements

• Docker Distribution >= 2.4

• Docker GitLab >= 8.8.4 ( #708 must be merged)

• TLS certificates because it should be run with https it's not designed to use it without https

ravibhure

# Terraform template to have VPC flow logs be sent to AWS Lambda

provider "aws" {
  region = "us-west-2"
}

resource "aws_cloudwatch_log_group" "vpc_flow_log_group" {
  name = "vpc-flow-log-group"
  retention_in_days = 1
}

ravibhure

echo -e "-----BEGIN CERTIFICATE-----\nMIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG\nA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\nb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw\nMDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\nYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT\naWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ\njc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp\nxy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp\n1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG\nsnUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ\nU26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8\n9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E\nBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B\nAQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz\nyj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5

ravibhure

#!/bin/sh
# WARNING: REQUIRES /bin/sh
#
# Install Puppet with shell... how hard can it be?
#
# 0.0.1a - Here Be Dragons
#

# Set up colours
if tty -s;then

ravibhure

## How to install on Ubuntu (also works on Ubuntu for Windows)
https://github.com/magnumripper/JohnTheRipper
https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/doc/EXAMPLES
https://dunnesec.com/category/tools/john-the-ripper/decrypting-linuxunix-password-shadow-files-using/

## From apt packages

### install

sudo apt-get update

ravibhure

Create SHA512 passwords

# make sure to use a leading space so that the command is not stored in your bash history!!
 mkpasswd -m sha-512 password1
# generates -> $6$yMgsow58.g/Z$mBjHfdVzqcF/LN.iwV23Eyqg.yGPTsp9pOwaStsJ6c4I4zL7BhucVVAkv5guf7OVRr8Pw0mHF4NrWBRCG5ci7/
 mkpasswd -m sha-512 password2
# generates -> $6$RZ86vRkQ$aRKN1HOsk6bDHBbMhS7jSo/p1NGFl4PvwY3KpU.72i./LvITi41nL84EkxOFXl.6Bmhynj/L7pYbfF0rUHtOB0

ravibhure

• This post is related to the previous one: Kubernetes – simple install on CentOS 7 with Web UI

*How to reset kubernetes configuration and setup *Change service IP subnet *Useful commands *Logs

0. How to reset kubernetes configuration and setup

When you start experimenting with kubernetes it is useful to reset all and start from scratch. During "reset" etcd and flanneld should be running and configured correctly because docker is in dependency.

ravibhure

#!/usr/bin/env python

from boto import ec2

conn = ec2.connect_to_region('us-west-2')

#vols = conn.get_all_volumes(filters={'status': 'available'})
vols = conn.get_all_volumes(filters={'status': 'available', 'tag-key' : 'Name', 'tag-value' : 'kubernetes*'})
for vol in vols:
    #print 'checking vol:', vol.id, 'status:', vol.status

ravibhure

Ubuntu LXC Port Forwarding

So you have a service running in an LXC container behind a bridge, and you need ports forwarded for that service. In this case, we'll use Minecraft as an example, which runs on port 25565. Our container's IP is 10.0.3.116.

sudo iptables -t nat -I PREROUTING -p tcp -d $PUBLICIP --dport 25565 -j DNAT --to 10.0.3.116:25565
sudo iptables -A FORWARD -p tcp -d 10.0.3.116 --dport 25565 -j ACCEPT