GNU/Linux – Page 2 – Tim van Kooten Niekerk : DEVOPS

GNU/Linux Auto-mount NFS Share

2019-11-27 / GNU/Linux / Tim van Kooten Niekerk

Bash script to auto-mount NFS share when it is available (and not already mounted).

#!/bin/bash
ping -c 1 -n 192.168.1.250 > /dev/null
if [ $? -eq 0 ] && [ ! -d /mnt/nas1/directory ]; then
 sudo mount -t nfs 192.168.1.250:/mnt/nfsmountpoint /mnt/nas1
fi

GNU/Linux Curl SOAP Request using Mutual SSL

2018-10-06 / GNU/Linux / Tim van Kooten Niekerk

POST a Soap Message using curl using Mutual SSL…

curl -k --cert certchain.pem:password --key server.key \
-d "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:tot=\"http://timvkn.nl/services/testservice\" ><soapenv:Header/><soapenv:Body><tot:getTest><Name>%</Name></tot:getTest></soapenv:Body></soapenv:Envelope>" \
-H 'Content-Type: application/soap+xml' \
-H 'SOAPAction: "http://timvkn.nl/services/testservice/getTest"' \
https://timvkn.nl/testservice/getTest --tlsv1.2 -o result.xml -v

Curl MutualSSL SOAP SSL WebService

GNU/Linux Docker QuickRef

2017-11-06 / GNU/Linux / Tim van Kooten Niekerk

Simple Dockerfile example for a dockered teiid instance…

# HU Teiid Docker QuickRef:
# ->docker build -t dteiid-example .
# ->docker run --name dteiid-example -p 8081:8080 -p 9991:9990 -v /var/log/docker/dteiid-example/:/opt/jboss/teiid-10.0.0.Final/standalone/log/ --env-file=teiid-test.env --restart unless-stopped -it dteiid-example

FROM teiid/teiid:10.0.0.Final
MAINTAINER Tim van Kooten Niekerk (tim@totietoot.nl)

# Pass logs to host; Location on host needs chmod 1000:1000 so jboss can write...
RUN mkdir /opt/jboss/teiid-10.0.0.Final/standalone/log/
RUN chown -R jboss:jboss /opt/jboss/teiid-10.0.0.Final/standalone/log/
VOLUME /opt/jboss/teiid-10.0.0.Final/standalone/log/
# Add config files...
ADD customization /opt/jboss/teiid-10.0.0.Final/customization/

# Add Drivers...
ADD ojdbc7-12.1.0.1.0.jar /opt/jboss/teiid-10.0.0.Final/standalone/deployments/
ADD sqljdbc42.jar /opt/jboss/teiid-9.3.4/standalone/deployments/

# Deploy VDB's....
ADD cursuscatalogus-vdb-vdb.xml /opt/jboss/teiid-10.0.0.Final/standalone/deployments/

# Configure Environment and Start server...
CMD ["/opt/jboss/teiid-10.0.0.Final/customization/execute.sh"]

# You can expose ports...
EXPOSE 8081 8080
EXPOSE 9991 9990

Build a docker…

docker build -t dteiid-example .

Run, Start, Stop commands…

docker run --name dteiid-example -p 8081:8080 -p 9991:9990 --env-file=teiid-test.env --restart unless-stopped -it dteiid-example
docker ps -a
docker rm <containername|id>
docker start|stop <containername|id>
docker attach <containername|id>
docker image[s] [save|load|ls|rm|prune|...] [-[o|i] image.tar.gz]

Connect to a container…

docker exec [-u 0] -it <containername|id> bash

Docker Teiid VDB

GNU/Linux TCPDump QuickRef

2017-11-06 / GNU/Linux / Tim van Kooten Niekerk

Some tcpdump examples.

tcpdump -vv -i eth0 -w tcpdump.log 'tcp port 443'
tcpdump -vv -i eth0 -w tcpdump.log dst 145.89.57.121

QuickRef Tcpdump

GNU/Linux ODATA Query Examples

2017-06-02 / GNU/Linux / Tim van Kooten Niekerk

ODATA Query Option	Description
$orderby	Uri parameter for sorting…
$select	Uri parameter to select specific coluimns…
$top	Uri parameter to limit the result…
$skip	Uri parameter to skip number of rows…
$filter	Uri parameter to filter result…
$expand	Uri parameter to expand related entity…
$inlinecount	Uri parameter to include a total record count…

Example to retrieve metadata from JBoss DV Odata service…

https://localhost:8443/odata/vdbname/$metadata

Retrieve all records in JSON format…

https://localhost:8443/odata/vdbname/modelname?$format=json

Order by column ‘Name’ and retrieve first 5 records…

https://localhost:8443/odata/vdbname/modelname?amp;$orderby=Name&$top=5

Order by column ‘Name’ and retrieve records 6-10 records…

https://localhost:8443/odata/vdbname/modelname?$orderby=Name&skip=5&$top=5

Filter ODATA result ($filter=Name eq ‘John’)…

https://localhost:8443/odata/vdbname/modelname?$filter=Name%20eq%20%27John%27

Select specific rows…

https://localhost:8443/odata/vdbname/modelname?$select=ID,Name,Description

Odata QuickRef REST

GNU/Linux Test LDAP server SSL/TLS connection

2017-03-21 / GNU/Linux / Tim van Kooten Niekerk

Test LDAP server SSL/TLS connection using LDAP commandline client…

ldapsearch -H ldaps://dc01.totietoot.nl -b "OU=Employees,OU=Totietoot,DC=Totietoot,DC=nl" "userPrincipalName=john@totietoot.nl" -W -D john@totietoot.nl -d 1

env LDAPTLS_REQCERT=never|allow|try|demand LDAPTLS_CACERT=/path/to/ca-cert.pem ldapsearch -H ldaps://dc01.totietoot.nl -b "OU=Employees,OU=Totietoot,DC=Totietoot,DC=nl" "userPrincipalName=john@totietoot.nl" -W -D john@totietoot.nl -d 1

Active Directory LDAP Ldapsearch SSL TLS

GNU/Linux JBoss Fuse Shell ActiveMQ Commands

2017-01-04 / GNU/Linux / Tim van Kooten Niekerk

Display basic queue information…

activemq:query -QQueue=* --view Name,EnqueueCount,DequeueCount,QueueSize

Display queue messages…

activemq:browse --amqurl tcp://localhost:61616  --user [username] --password [password] queue:[queuename]

Purge a specific message from the command line…

activemq:purge --msgsel "JMSMessageID='ID:XXXXXXXX-000000-0000000000000-0:0:00:0:0'" [queuename]

Purge all messages from a specific queue…

activemq:purge [queuename]

ActiveMQ AMQ commandline ESB Fuse JBoss

GNU/Linux OpenSSH QuickRef

2016-08-03 / GNU/Linux / Tim van Kooten Niekerk

LocalForward/Dynamic tunnels & SFTP jumphost connection examples (commandline):

>ssh -L 1522:remote.hostname:1522 user@tunnel.hostname
>ssh -D 8080 user@tunnel.hostname
>sftp -o ProxyJump=user@jump.hostname:22 [-b ./batch.scr] user@dest.host.internal

LocalForward/Dynamic tunnels & SFTP jumphost connection examples (commandline and config):

>ssh dsthst

~/.ssh/config:
Host prxjmp
  Hostname jump.hostname
  Port 22
  User user
  LocalForward 7080 10.0.0.9:7080
  DynamicForward 8080
Host dsthst
  HostName dest.host.internal
  Port 22
  User user
  ProxyJump prxjmp
  IdentityFile ~/.ssh/other_key_location

Generate a SSH Key Pair:

>ssh-keygen -m PEM -t ecdsa -b 521
>ssh-keygen -m PEM -t ecdsa -b 521 -C "tim" -f /home/tim/tmp/id_ecdsa

Other algorithms:

>ssh-keygen -t ed25519
>ssh-keygen -t dsa 
>ssh-keygen -t rsa -b 4096

Convert SSH2 Public Key to OpenSSH Public Key

>ssh-keygen -i -f id_ssh2.pub [-m PKCS8]

Convert OpenSSH Public Key to SSH2 Public Key

>ssh-keygen -e -f id_openssh.pub

Get Key Fingerprint MD5

ssh-keyscan -p [port] [hostname] > [hostkeyfpfile]
ssh-keygen -l -f [hostkeyfpfile] -E md5

Start session with alternate key

sftp -o IdentityFile=/home/tim/.ssh/id_rsa_2 tim@server1

Implement group restrictions in /etc/ssh/sshd_config

# Group restrictions 
AllowGroups sshaccess

Match Group sshpubkeyonly
      PasswordAuthentication no

Match group sftpusers
    X11Forwarding no
    ChrootDirectory %h
    AllowTcpForwarding no
    ForceCommand internal-sftp

DynamicForward Jumphost Key LocalForward SSH

GNU/Linux FreeBSD/FreeNAS Basics

2016-08-03 / GNU/Linux / Tim van Kooten Niekerk

Update repository and install packages:

>pkg upgrade
>pkg install nano

Enable SSHD:

>sysrc sshd_enable=yes

Force a OwnCloud (plugin) full scan on a FreeNAS machine:

su -m www -c '/usr/pbi/owncloud-amd64/bin/php /usr/pbi/owncloud-amd64/www/owncloud/occ files:scan --all'

FreeBSD Install NAS OwnCloud Probably_Outdated QuickRef SSH

GNU/Linux GPG Basic Commands

2016-04-27 / GNU/Linux / Tim van Kooten Niekerk

Some of my most used gpg commands…

# Generate a PGP key...
gpg --gen-key

# Sign a key...
gpg --default-key [KEYID-TO-SIGN-WITH] --sign-key [KEYID-TO-BE-SIGNED] 

# Revoke a key...
gpg --edit-key [KEYID]
>revkey

# List (secret) keys...
gpg --list(-secret)-keys

# Export a public key in ascii armor format...
gpg --armor --export [KEYID] > KeyName_Email_KEYID.pub.asc

# Export a private key in ascii armor format...
gpg --armor --export-secret-keys [KEYID] > KeyName_Email_KEYID.sec.asc

GPG PGP