Operating Systems
Diclaimer on cookies. For those of you in Europe, this blog may use third party cookies to which we have no responsibility for. The cookies will mainly be used for targeted advertising since this site uses Google's advertising system. If you have any doubts you should review the cookies appearing in your browser.
Sunday, November 12, 2023
Why you should NOT run Docker containers as root
Tuesday, July 5, 2022
Disable DNF Dragora on Fedora
Synopsis
Being a person that likes to manage updates on my own schedule, rather than being reminded, and also not liking processes running that don't need to be, I searched around to find how to disable the DNF Dragora application.
This application is a Fedora GUI application and the background task is not a systemd task, but an autostart task.
Locations
- /etc/xdg/autostart
- $HOME/.config/autostart
Finding DNF Dragora
Disabling DNF Dragora
Friday, July 1, 2022
How to simply build a Jenkins server and Agent
Having been working on another DevOps Academy it was surprising with the research that the students did on how to build a Jenkins server with Agent, how complicated most people made it.
This example is based on using AWS with 2 EC2 instances, but would work on-prem and other clouds.
Steps to build
1. Create 2 Ubuntu instances both Medium
- 1 is Controller
- 1 is the Agent
- Settings
- t2.medium
- 20GB disk
- Ubuntu image
- Select or create a security group (e.g. jenkinssg) that has the following inbound ports
- 8080
- 22
- 8200
2. Install Jenkins on the controller
- ssh onto the Jenkins controller
- sudo apt update # It's Ubunutu after all
- sudo apt -y install openjdk-11-jdk # Install Java, Jenkins needs it
- wget -q -O - https://pkg.jenkins.io/debian/jenkins.io.key | sudo apt-key add -
- sudo sh -c 'echo deb http://pkg.jenkins.io/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list'
- sudo apt update
- sudo apt install jenkins
- sudo cat /var/lib/jenkins/secrets/initialAdminPassword # Get the login password
3. Web browser
- Point your web browser at http://yourPublicIPforInstance:8080
- Paste in the text from the file
- Click Continue button
- Click Install suggested plugins
- Fill in the form to create the main Jenkins user
- Username: admin
- Password: secret123
- Confirm password: secret123
- Fullname: Administrator
- E-mail address: root@nowhere.com
- Click Save and Continue button
- Change the IP address to the Private IP address of your Jenkins instance
- Leave the http:// and the :8080/
- Click Save and Finish button
- Click Start using Jenkins button
4. Configuring Jenkins to see the new node to be the agent
- After doing step 3 you should be logged in as Administrator
- If not log in using admin and the password you set
- Click Manage Jenkins in the left menu
- Click Manage Nodes and Clients
- Click New Node in the new menu
- Set the Node name to Worker1
- Select Permanent Agent
- Click Create button
- New screen
- Number of executors: 2
- Remote root directory: /home/ubuntu
- Labels: all
- Leave all other as default
- Click Save
- The worker node will show as not connected
- Click on Worker1 link
- You'll notice an error message
- JNLP agent port is disabled and agents cannot connect this way. Go to security configuration screen and change it.
- Click the link Go to security configuration screen and change it.
- Scroll down to Agents
- Select Fixed
- Set the Port to 8200 (This is already allowed by jenkinssg)
- Scroll to the bottom and click the Save button
- Click Manage Nodes and Clients
- Click Worker1
- Right click the blue agent.jar link and Copy link address
5. Now ssh on to your Worker/Agent instance
- sudo apt update
- sudo apt -y install openjdk-11-jdk
- wget http://52.213.211.75:8080/jnlpJars/agent.jar
- Where the http:// link is pasted from the Copy link address
- On the Jenkins web page copy the 2nd box echo line
- Paste this line into the terminal of the Worker/Agent ssh session
- On the Jenkins web page copy the 2nd box java -jar line
- In the terminal of the Worker/Agent ssh session
- Type the word nohup
- Then paste the java -jar line after this
- Type a space and then & at the end of the line
- e.g.
- nohup java -jar agent.jar -jnlpUrl http://172.31.16.36:8080/computer/Worker1/jenkins-agent.jnlp -secret @secret-file -workDir "/home/ubuntu" &
6. Back to the Jenkins web site
- Click Back to List if you are in the Agent Worker1 screen
- or
- Click Dashboards top left of the page
- Click Manage Jenkins
- Click Manage Nodes and Clouds
- Note your agent is now connected
Wednesday, April 7, 2021
The non conforming shell (zsh)
Today whilst working with some graduates who are all using Apple Macs I find out that the default zsh that is now used as the command line does not follow the common Shell standards!
This particular nugget that was found will actually cause you a problem if you're a real system administrator who knows how to clear out log files without having to use rm or rebooting the systems or restarting the process.
The issue I refer to is the use of the redirection symbols > and >>.
Most of you are familiar with doing things such as;
echo "Hello" >somefile
ps -ef > allprocesses
But the real system administrators reading this also know that you should be able to do;
>/var/log/messages
Obviously as root.
This command should empty the log file without removing it, and freeing up disk space on that partition.
This is the conforming standard for the use of redirection in the majority of Unix and Linux (GNU) shells.
ZSH however does not do this any more! So beware.
Instead ZSH when you do;
>somefile
will wait for your to type something in until you press ^D on an empty line. This as all sysadmins know is;
cat >somefile
So in ZSH to perform the same action as real shells now need to;
>somefile
^D
So the question begs, who did this and why?
Yet another reason I tell people to buy a better regular laptop without an operating system and simply install a version of Linux that you like the look of and customise it to your preferred look and feel.
Mac OS != Unis
Mac OS == Broken Unix.
Wednesday, July 22, 2020
Apache Restricting Content From Download
The Scenario
After releasing our latest Youtube video https://youtu.be/QWjub-nKNL4 we had some extra content that we wanted to share, but not allow download, since it was mentioned in the video.The Research
- https://wordpress.stackexchange.com/questions/91757/prevent-users-from-accessing-mp3s-in-my-uploads-folder
- https://www.svnlabs.com/blogs/how-to-prevent-downloading-and-leeching-media-files/
RewriteEngine On RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourwebsite\.com/ [NC] RewriteCond %{REQUEST_URI} !hotlink\.(mp3|mp4|mov) [NC] RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC] RewriteRule .*\.(mp3|mp4|mov)$ http://yourwebsite.com/ [NC]
- RewriteEngine On
- RewriteCond %{HTTP_REFERER} !^http://......
- RewriteRule .*\.(mp3|wav)$ ....
Configuring Apache
DocumentRoot "/usr/local/apache2/htdocs"<Directory "/usr/local/apache2/htdocs">Options Indexes FollowSymLinksIndexOptions FancyIndexingDirectoryIndex index.htmlAllowOverride AllRequire all granted</Directory>
LoadModule rewrite_module modules/mod_rewrite.so
Denying Download
Now locate the directory in you web server where you want to restricted the download of the content. In this directory we will add the .htaccess file to prevent our MP3 and WAV files being downloaded.
The content of the .htaccess file;
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?tps\.local [NC]
RewriteRule .*\.(mp3|wav)$ - [NC,F,L]
The Lines Explained
RewriteEngine on
ReWriteCond
RewriteRule
Testing Download
curl http://www.tps.local/index.html
It Works!
curl http://www.tps.local/my.mp3
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access /media/meditation/body.mp3on this server.</p></body></html>
Using JWPlayer
First you need to get yourself an account on JWPlayer.
Log in and from the dashboard menu on the right select Players;
By default you will have 2 example players. Select one that suits your needs and make modifications to it;
Change items such as;
- Size
- Playback
- etc
The following HTML is an example of using the player with a single file, let's say this is called index.html to make it easier to have the player launch when people enter the restricted directory;
<html>
<body>
<div id="myElement"></div>
<script type="text/JavaScript" src="https://cdn.jwplayer.com/libraries/example.js"></script>
<script type="text/JavaScript">
jwplayer("myElement").setup({
"playlist": [{
"file": "my.mp3"
}]
});
</script>
</body>
</html>
- https://developer.jwplayer.com/jwplayer/docs/jw8-javascript-api-reference
- https://developer.jwplayer.com/jwplayer/docs/jw8-javascript-api-reference#section-playlist (shows you the attributes for the playlist in setup)
Sunday, May 31, 2020
Terraform Runtime Data
Terraform and Runtime values
vars:
cwd: "{{ lookup('env', 'PWD' }}"
The data sources
Example
- Create a shell script that will return JSON data, this way you don't have to work out how to escape characters, etc. In the example code we created a script called mypwd containing the following;
#!/bin/bash
cat <<_END_
{
"dir": "$PWD"
}
_END_ - Create the Terraform code (getvar.tf) to grab the printed output;
data "external" "example" {
program = ["bash","./mypwd"]
}
output "pwd" {
value = data.external.example.result.dir
}
Monday, November 25, 2019
SSH config
Example of defining a key and user to a specific host;
Host jenkins.tps.co.uk
User ec2-user
IdentityFile ~/.ssh/steve-jenkins.pem
StrictHostKeyChecking no
The above file would log you on as ec2-user using the steve-jenkins.pem key located in the users .ssh directory inside their home directory. It also ignores the fingerprint prompt through the StrictHostKeyChecking.Example of using a bastion/jump host;
Host bastion.tps.co.uk
User admin
StrictHostKeyChecking no
ControlPersist 5m
IdentityFile ~/.ssh/bastion.pem
Host 172.31.10.20
User admin
StrictHostKeyChecking no
ProxyJump bastion.tps.co.uk
This will set the ability to SSH to the 172.31.10.20 host in the cloud through the host called bastion.tps.co.uk, logging on as admin with the bastion.pem file in the users .ssh directory. The ControlPersist sets a time out of 5 minutes where you will be logged out if no activity occurs for 5 minutes.Using SSH command line through bastion to another host;
ssh -i ${privatesshkeyfile} -A user@${bastionnameorip} ssh ${farsidehost}