LinuxTab - A man page a day keeps the trouble away

Monday, January 18, 2021

Git - practice

Sam@LAPTOP-CJKC92UJ MINGW64 ~

$ ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/c/Users/Sam/.ssh/id_rsa): c

Sam@LAPTOP-CJKC92UJ MINGW64 ~

$ bash

$ ssh-keygen.exe -t rsa -b 4096 -C "Acct for github"

$ pwd

/c/Users/Sam/.ssh

Sam@LAPTOP-CJKC92UJ MINGW64 ~/.ssh

$ ls

id_rsa id_rsa.pub known_hosts

Sam@LAPTOP-CJKC92UJ MINGW64 ~/.ssh

$ cat id_rsa.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCh8i43rkLfCnmjNS3dabppnnzEI0j6zYG/L4ovMK2vv+t3W4bPm6D90WcGfJKIKnJIuKi3unv1wXL0mzJ3IIIVV32TyY4UfkkL2dP+7W3ZrOttaUjdBS6J7xdcoVSVVPBmRXtt/1/pgNeIIV4ZGE8etlmTxueYvJDs5edGLSFX5W8l6NR81Kun/a/v4u6yTO8qdkH04LDANiNxYkZQpyVuDQAz1BqS0SvCmtghfd6le+Ux5gL4X+lGSTx6J/Jz4aaR5eoOjkI4nL5vMMboWXP1cBYc9wXm6fkQQmWg13sZIAJe3GND2QvjvQ+d+/m6HhTgJ5jQzqksXzZPWaAeGPphZ/b1oKlzChW1JWc4vPkRGr95fTy/D7DyIgdm+TSW4FOb7ljs5K82qVfWs048VtO2k4N+IZ8ZKBv0g8n5otl1rGQDN02oJWVXDKOo/IRwiJ6ogbFk1TM4Chzcmox9L+1oJP4h1lty9MHoHveUikglQC5sAONT0Pai2qrQo7mWvEsOdTwy2tmTfKGpuTtWwOtcLw7F8YyEbWA56bOE7DsHz83ODqyg0GalaZ/mgFvVNdjUV2oUfCKbu516RzDO06ZMjnE4sQI+5waN5ke4eCBEXxi4ngU51OgP8z0x4BDw+VPO5oj54foDiO2ebh7Un3crw9G+yqxpr/oAvQZ/B6CoQQ== Acct for github

Sam@LAPTOP-CJKC92UJ MINGW64 ~/.ssh

$ git config --list

http.sslbackend=openssl

http.sslcainfo=C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt

credential.helper=manager

diff.astextplain.textconv=astextplain

filter.lfs.clean=git-lfs clean -- %f

filter.lfs.smudge=git-lfs smudge -- %f

filter.lfs.process=git-lfs filter-process

filter.lfs.required=true

core.autocrlf=true

core.fscache=true

core.symlinks=false

user.name=Kay

user.email=samk@gmail.com

diff.tool=diffmerge

difftool.diffmerge.cmd=C:/Program\ Files/SourceGear/Common/DiffMerge/sgdm.exe "$LOCAL" "$REMOTE"

merge.tool=diffmerge

mergetool.diffmerge.trustexitcode=true

mergetool.diffmerge.cmd=C:/Program\ Files/SourceGear/Common/DiffMerge/sgdm.exe /merge /result="$MERGED" "$LOCAL" "$BASE" "$REMOTE"

core.longpaths=true

:...skipping...

http.sslbackend=openssl

http.sslcainfo=C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt

credential.helper=manager

diff.astextplain.textconv=astextplain

filter.lfs.clean=git-lfs clean -- %f

filter.lfs.smudge=git-lfs smudge -- %f

filter.lfs.process=git-lfs filter-process

filter.lfs.required=true

core.autocrlf=true

core.fscache=true

core.symlinks=false

user.name=Kay

user.email=samk@gmail.com

diff.tool=diffmerge

difftool.diffmerge.cmd=C:/Program\ Files/SourceGear/Common/DiffMerge/sgdm.exe "$LOCAL" "$REMOTE"

merge.tool=diffmerge

mergetool.diffmerge.trustexitcode=true

mergetool.diffmerge.cmd=C:/Program\ Files/SourceGear/Common/DiffMerge/sgdm.exe /merge /result="$MERGED" "$LOCAL" "$BASE" "$REMOTE"

core.longpaths=true

Sam@LAPTOP-CJKC92UJ MINGW64 ~/.ssh

$ git config --list

http.sslbackend=openssl

http.sslcainfo=C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt

credential.helper=manager

diff.astextplain.textconv=astextplain

filter.lfs.clean=git-lfs clean -- %f

filter.lfs.smudge=git-lfs smudge -- %f

filter.lfs.process=git-lfs filter-process

filter.lfs.required=true

core.autocrlf=true

core.fscache=true

core.symlinks=false

user.name=Kay

user.email=samk@gmail.com

diff.tool=diffmerge

difftool.diffmerge.cmd=C:/Program\ Files/SourceGear/Common/DiffMerge/sgdm.exe "$LOCAL" "$REMOTE"

merge.tool=diffmerge

mergetool.diffmerge.trustexitcode=true

mergetool.diffmerge.cmd=C:/Program\ Files/SourceGear/Common/DiffMerge/sgdm.exe /merge /result="$MERGED" "$LOCAL" "$BASE" "$REMOTE"

core.longpaths=true

Sam@LAPTOP-CJKC92UJ MINGW64 ~/.ssh

$ git config --list

http.sslbackend=openssl

http.sslcainfo=C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt

credential.helper=manager

diff.astextplain.textconv=astextplain

filter.lfs.clean=git-lfs clean -- %f

filter.lfs.smudge=git-lfs smudge -- %f

filter.lfs.process=git-lfs filter-process

filter.lfs.required=true

core.autocrlf=true

core.fscache=true

core.symlinks=false

user.name=Kay

user.email=samk@gmail.com

diff.tool=diffmerge

difftool.diffmerge.cmd=C:/Program\ Files/SourceGear/Common/DiffMerge/sgdm.exe "$LOCAL" "$REMOTE"

merge.tool=diffmerge

mergetool.diffmerge.trustexitcode=true

mergetool.diffmerge.cmd=C:/Program\ Files/SourceGear/Common/DiffMerge/sgdm.exe /merge /result="$MERGED" "$LOCAL" "$BASE" "$REMOTE"

core.longpaths=true

Sam@LAPTOP-CJKC92UJ MINGW64 ~/.ssh

$ git config --list

http.sslbackend=openssl

http.sslcainfo=C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt

credential.helper=manager

diff.astextplain.textconv=astextplain

filter.lfs.clean=git-lfs clean -- %f

filter.lfs.smudge=git-lfs smudge -- %f

filter.lfs.process=git-lfs filter-process

filter.lfs.required=true

core.autocrlf=true

core.fscache=true

core.symlinks=false

user.name=Kay

user.email=samk@gmail.com

diff.tool=diffmerge

difftool.diffmerge.cmd=C:/Program\ Files/SourceGear/Common/DiffMerge/sgdm.exe "$LOCAL" "$REMOTE"

merge.tool=diffmerge

mergetool.diffmerge.trustexitcode=true

mergetool.diffmerge.cmd=C:/Program\ Files/SourceGear/Common/DiffMerge/sgdm.exe /merge /result="$MERGED" "$LOCAL" "$BASE" "$REMOTE"

core.longpaths=true

Sam@LAPTOP-CJKC92UJ MINGW64 ~/.ssh

$ ssh-keygen.exe -t rsa -b 4096 -C "Personal Account Key" -f ~/.ssh/personal-key

Generating public/private rsa key pair.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /c/Users/Sam/.ssh/personal-key

Your public key has been saved in /c/Users/Sam/.ssh/personal-key.pub

The key fingerprint is:

SHA256:ZuJ0VHJ6m4fyMytT0UPGF7Xepg0tHsQvQ/dLCtuOcok Personal Account Key

The key's randomart image is:

+---[RSA 4096]----+

| . o. .o.|

| = +.. .|

| o .+ .+..|

| . ..+oo.+o|

| o S +o..*o*|

| o = o..+.oX.|

| . .=..oo..|

| oE *o |

| o+. . |

+----[SHA256]-----+

Sam@LAPTOP-CJKC92UJ MINGW64 ~/.ssh

$ ls -ltr

total 20

-rw-r--r-- 1 Sam 197121 2156 Jun 8 2020 known_hosts

-rw-r--r-- 1 Sam 197121 3381 Jan 18 22:58 id_rsa

-rw-r--r-- 1 Sam 197121 741 Jan 18 22:58 id_rsa.pub

-rw-r--r-- 1 Sam 197121 3389 Jan 18 23:12 personal-key

-rw-r--r-- 1 Sam 197121 746 Jan 18 23:12 personal-key.pub

Sam@LAPTOP-CJKC92UJ MINGW64 ~/.ssh

$ touch -m 077 ~/.ssh/config

Sam@LAPTOP-CJKC92UJ MINGW64 ~/.ssh

$ pwd

/c/Users/Sam/.ssh

Sam@LAPTOP-CJKC92UJ MINGW64 ~/.ssh

$ ls -ltr

total 20

-rw-r--r-- 1 Sam 197121 2156 Jun 8 2020 known_hosts

-rw-r--r-- 1 Sam 197121 3381 Jan 18 22:58 id_rsa

-rw-r--r-- 1 Sam 197121 741 Jan 18 22:58 id_rsa.pub

-rw-r--r-- 1 Sam 197121 3389 Jan 18 23:12 personal-key

-rw-r--r-- 1 Sam 197121 746 Jan 18 23:12 personal-key.pub

-rw-r--r-- 1 Sam 197121 0 Jan 18 23:12 077

-rw-r--r-- 1 Sam 197121 0 Jan 18 23:12 config

Sam@LAPTOP-CJKC92UJ MINGW64 ~/.ssh

$ chmod 077 config

Sam@LAPTOP-CJKC92UJ MINGW64 ~/.ssh

$ ls -l config

-rw-r--r-- 1 Sam 197121 0 Jan 18 23:12 config

Sam@LAPTOP-CJKC92UJ MINGW64 ~/.ssh

$ pwd

/c/Users/Sam/.ssh

Sam@LAPTOP-CJKC92UJ MINGW64 ~/.ssh

$ pwd

/c/Users/Sam/.ssh

Sam@LAPTOP-CJKC92UJ MINGW64 ~/.ssh

$ cd

Sam@LAPTOP-CJKC92UJ MINGW64 ~

$ pwd

/c/Users/Sam

Sam@LAPTOP-CJKC92UJ MINGW64 ~

$ ls

'3D Objects'

AppData

'Application Data'

best

'Cisco Packet Tracer 7.1.1'

Contacts

copy

cracked.txt

Desktop

Doc-Root

Documents

Downloads

Dropbox

eclipse-workspace

Favorites

git

GNS3

gomata

IdeaProjects

IntelGraphicsProfiles

kubectl.exe

Links

'Local Settings'

MicrosoftEdgeBackups

Music

'My Documents'

myproject

NetHood

NTUSER.DAT

ntuser.dat.LOG1

ntuser.dat.LOG2

NTUSER.DAT{ac195edd-5478-11eb-9c89-8a42866465a2}.TM.blf

NTUSER.DAT{ac195edd-5478-11eb-9c89-8a42866465a2}.TMContainer00000000000000000001.regtrans-ms

NTUSER.DAT{ac195edd-5478-11eb-9c89-8a42866465a2}.TMContainer00000000000000000002.regtrans-ms

ntuser.ini

OneDrive

Pictures

PrintHood

projects

PycharmProjects

Recent

Roaming

sam

'Saved Games'

Searches

SendTo

'Start Menu'

Templates

Tracing

Untitled.ipynb

Videos

'VirtualBox VMs'

Sam@LAPTOP-CJKC92UJ MINGW64 ~

$ cd .git

bash: cd: .git: No such file or directory

Sam@LAPTOP-CJKC92UJ MINGW64 ~

$ git init

Initialized empty Git repository in C:/Users/Sam/.git/

Sam@LAPTOP-CJKC92UJ MINGW64 ~ (master)

$ pwd

/c/Users/Sam

Sam@LAPTOP-CJKC92UJ MINGW64 ~ (master)

$ ls

'3D Objects'

AppData

'Application Data'

best

'Cisco Packet Tracer 7.1.1'

Contacts

copy

cracked.txt

Desktop

Doc-Root

Documents

Downloads

Dropbox

eclipse-workspace

Favorites

git

GNS3

gomata

IdeaProjects

IntelGraphicsProfiles

kubectl.exe

Links

'Local Settings'

MicrosoftEdgeBackups

Music

'My Documents'

myproject

NetHood

NTUSER.DAT

ntuser.dat.LOG1

ntuser.dat.LOG2

NTUSER.DAT{ac195edd-5478-11eb-9c89-8a42866465a2}.TM.blf

NTUSER.DAT{ac195edd-5478-11eb-9c89-8a42866465a2}.TMContainer00000000000000000001.regtrans-ms

NTUSER.DAT{ac195edd-5478-11eb-9c89-8a42866465a2}.TMContainer00000000000000000002.regtrans-ms

ntuser.ini

OneDrive

Pictures

PrintHood

projects

PycharmProjects

Recent

Roaming

sam

'Saved Games'

Searches

SendTo

'Start Menu'

Templates

Tracing

Untitled.ipynb

Videos

'VirtualBox VMs'

Sam@LAPTOP-CJKC92UJ MINGW64 ~ (master)

$ pwd

/c/Users/Sam

Sam@LAPTOP-CJKC92UJ MINGW64 ~ (master)

$ cd .git

Sam@LAPTOP-CJKC92UJ MINGW64 ~/.git (GIT_DIR!)

$ ls

config description HEAD hooks info objects refs

Sam@LAPTOP-CJKC92UJ MINGW64 ~/.git (GIT_DIR!)

$ pwd

/c/Users/Sam/.git

Sam@LAPTOP-CJKC92UJ MINGW64 ~/.git (GIT_DIR!)

$ cd ..

Sam@LAPTOP-CJKC92UJ MINGW64 ~ (master)

$ rmdir .git

rmdir: failed to remove '.git': Directory not empty

Sam@LAPTOP-CJKC92UJ MINGW64 ~ (master)

$ rm -ef .git

rm: unknown option -- e

Try 'rm --help' for more information.

Sam@LAPTOP-CJKC92UJ MINGW64 ~ (master)

$ rm -rf .git

Sam@LAPTOP-CJKC92UJ MINGW64 ~

$ mkdir git

mkdir: cannot create directory ‘git’: File exists

Sam@LAPTOP-CJKC92UJ MINGW64 ~

$ cd git

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git

$ ls

lab Projects

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git

$ ls -la

total 32

drwxr-xr-x 1 Sam 197121 0 Jan 3 22:26 .

drwxr-xr-x 1 Sam 197121 0 Jan 18 23:18 ..

drwxr-xr-x 1 Sam 197121 0 Jan 3 22:46 lab

drwxr-xr-x 1 Sam 197121 0 Jan 3 22:25 Projects

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git

$ cd .git

bash: cd: .git: No such file or directory

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git

$ pwd

/c/Users/Sam/git

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git

$ ls

lab Projects

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git

$ cd lab

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab (newbranch)

$ ls

a.txt b.txt c.txt d.txt e.txt f.txt g.txt

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab (newbranch)

$ more .git/

COMMIT_EDITMSG description index objects/

config HEAD logs/ refs/

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab (newbranch)

$ more .git/^C

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab (newbranch)

$ pwd

/c/Users/Sam/git/lab

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab (newbranch)

$ cd ../Projects/

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/Projects (master)

$ ls

MySoftware

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/Projects (master)

$ ls -la

total 8

drwxr-xr-x 1 Sam 197121 0 Jan 3 22:25 .

drwxr-xr-x 1 Sam 197121 0 Jan 3 22:26 ..

drwxr-xr-x 1 Sam 197121 0 Jan 3 22:26 .git

drwxr-xr-x 1 Sam 197121 0 Apr 12 2020 MySoftware

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/Projects (master)

$ pwd

/c/Users/Sam/git/Projects

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/Projects (master)

$ cd ..

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git

$ pwd

/c/Users/Sam/git

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git

$ mkdir lab1

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git

$ pwd

/c/Users/Sam/git

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git

$ cd lab1

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab1

$ pwd

/c/Users/Sam/git/lab1

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab1

$ echo "Testing " >testme

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab1

$ cat testme

Testing

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab1

$ git add .

fatal: not a git repository (or any of the parent directories): .git

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab1

$ pwd

/c/Users/Sam/git/lab1

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab1

$ git init

Initialized empty Git repository in C:/Users/Sam/git/lab1/.git/

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab1 (master)

$ cat >> testme

This is just a testing page

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab1 (master)

$ git status

On branch master

No commits yet

Untracked files:

(use "git add <file>..." to include in what will be committed)

testme

nothing added to commit but untracked files present (use "git add" to track)

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab1 (master)

$ git add .

warning: LF will be replaced by CRLF in testme.

The file will have its original line endings in your working directory

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab1 (master)

$ pwd

/c/Users/Sam/git/lab1

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab1 (master)

$ ls

testme

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab1 (master)

$ git commit -m "Test commit"

[master (root-commit) bed2813] Test commit

1 file changed, 2 insertions(+)

create mode 100644 testme

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab1 (master)

$ git log

commit bed281369c51e63a256c09ec88b2b98c7fabbe2e (HEAD -> master)

Author: Kay <samk@gmail.com>

Date: Mon Jan 18 23:21:33 2021 -0500

Test commit

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab1 (master)

$ git config --list

http.sslbackend=openssl

http.sslcainfo=C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt

credential.helper=manager

diff.astextplain.textconv=astextplain

filter.lfs.clean=git-lfs clean -- %f

filter.lfs.smudge=git-lfs smudge -- %f

filter.lfs.process=git-lfs filter-process

filter.lfs.required=true

core.autocrlf=true

core.fscache=true

core.symlinks=false

user.name=Kay

user.email=samk@gmail.com

diff.tool=diffmerge

difftool.diffmerge.cmd=C:/Program\ Files/SourceGear/Common/DiffMerge/sgdm.exe "$LOCAL" "$REMOTE"

merge.tool=diffmerge

mergetool.diffmerge.trustexitcode=true

mergetool.diffmerge.cmd=C:/Program\ Files/SourceGear/Common/DiffMerge/sgdm.exe /merge /result="$MERGED" "$LOCAL" "$BASE" "$REMOTE"

core.longpaths=true

core.repositoryformatversion=0

core.filemode=false

core.bare=false

core.logallrefupdates=true

core.symlinks=false

core.ignorecase=true

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab1 (master)

$ git remote add origin https://github.com/samkk/sam.git

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab1 (master)

$ git status

On branch master

nothing to commit, working tree clean

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab1 (master)

$ git log

commit bed281369c51e63a256c09ec88b2b98c7fabbe2e (HEAD -> master)

Author: Kay <samk@gmail.com>

Date: Mon Jan 18 23:21:33 2021 -0500

Test commit

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab1 (master)

$ git push origin master

Enumerating objects: 3, done.

Counting objects: 100% (3/3), done.

Writing objects: 100% (3/3), 236 bytes | 236.00 KiB/s, done.

Total 3 (delta 0), reused 0 (delta 0), pack-reused 0

To https://github.com/samkk/sam.git

* [new branch] master -> master

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab1 (master)

$ pwd

/c/Users/Sam/git/lab1

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab1 (master)

$ gh repo clone harke--/notebook

bash: gh: command not found

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab1 (master)

$ pwd

/c/Users/Sam/git/lab1

Sam@LAPTOP-CJKC92UJ MINGW64 ~/git/lab1 (master)

$ git clone https://github.com/harke--/notebook.git

Cloning into 'notebook'...

remote: Enumerating objects: 32, done.

remote: Counting objects: 100% (32/32), done.

remote: Compressing objects: 100% (26/26), done.

Receiviremote: Total 3582 (delta 10), reused 23 (delta 6), pack-reused 3550

Receiving objects: 100% (3582/3582), 8.79 MiB | 6.83 MiB/s, done.

Resolving deltas: 100% (1781/1781), done.

Saturday, January 16, 2021

AWS - Configure Route 53 (VPC, Subnet, A record, PTR record, CNAME)

Lab -> DNS - Route 53

Private Hosted Zone

Create a VPC

1. Go to AWS console and search for VPC

2. On VPC dashboard, click on create VPC

3. On create VPC page, Name your vpc and specify the IP subnet

Name: DC_VPC

IPv4 Block: 10.0.0.0/16

4. Click Yes, Create.

Now, we have to create subnet

5. Click on Create subnet

6. Specify subnet info (Tag) such as

Specify your VPC from dropdown: DC_VPC

Specify availibity zone:

IPv$ CIDR block: 10.0.10.0/24

7, Now click on Yes create

Since we need to connect to internet, we need to create an Internet Gateway,

8. Click on Inernet Gateway and click on Create internet Gateway

9. Tag your IGW

Name Tag: DC_IGW

10. Click on Yes, create

OK, Now we just created IGW. We have to associate IGW to VPC.

11. Click on Attach to VPC

12. Select your IGW and click on Yes Attach,

13. Now, click on Route Tables on VPC Dashboard

14. R Click on your Route table and rename to DC_Public_route

15. Click on select the routable and click on Edit

16. Click on Add another route

17. Add default route 0.0.0.0/0 in DC_public_route table and select target as "IGW-*".

18. Now, click on Save.

19. Click on Subnet association tab, and click on Edit

20. Select DC_public_subnet check box and click save

Now, create another instance.

- Go to EC2 dashboard and follow standard procedure to create new instance,

- Select Amazon Linux AMI or any linux flavor of your choice and click next

- Select General Purpose - T2.micro free tier and click next

- On configure instance page, select your VPC

Network: DC_VPC

Subnet: DC_Public_subnet

Auto Assign Public IP: Enable

- Click next and next Add Tag: Name: Web Server

- On Security Group page, select create new security group

Security Group Name: DC_Pub_Sec_Group

Description: Public Security Group

- Click on Review and Launch and finally click on Launch,

- On Key pair page, either create a new one or use an existing key pair.

- Click Launch instance

Now, We will launch an Windows instance

- Click on Launch instance

- Select free tier Windows server 2016 base

- t2. Micro and click next.

- Select Network: DC_VPC

Subnet: DC_Public_Subnet

Auto-assign Public IP: Enable and click Next

- Click next on Storage page

- Add tag Name: Windows Server 2016 and click Next

- On Security Group Page, select new security group

security Group Name: DC_Pub_sec_group_Win

Description: Windows security Group

- Click Next and click on Review and Launch,

- Use existing key or create a new key and click on Launch instances.

Now, Go to EC2 Dash Board and click on Your Linux instance

- Get the IP of the instance and login using putty. and type sudo -i at the prompt to become root

Now, we will install web server

# yum install httpd

# systemctl start httpd

# systemctl enable httpd

Now, using your windows machine, try to access web site. But you can't. The reason is that

firewall (Security Group is blocking the access.

To enable the access, click on your linux instance and click on security group -> inbound

- Click on Edit and click on add the entry

http 80 custom 0.0.0.0/0

and click save

Now, refresh the browser on your windows machine, you should be able to open it.

Now, fun part begins. We will be connecting the web server using fully qualified domain name

using windows machine. We will configure Route 53.

Now, there are certain tasks we have to confgure.

Go to VPC dashboard,

- Select your VPC and Edit DNS Resolution

- It is selected to Yes and click on Save

Again,

R click on your VPC and click on Edit DNS Hostnames

- It is selected Yes and click Save

Now, Go to AWS Dash Board, and look for Route 53 under Networking and ocntent Delivery

- Click on DNS Management

- Click on Hosted Zone

- Click on Create Hosted Zone

dommain: microinfosys.com

Comment: DNS testing

Type: Private Hosted Zone for AWS VPC

VPC IP: Northern VA

- Now, Click on Create

- In microinfosys.com server, we have NS record and SOA record

- Select microinfosys.com NS line and click on Create Record Set

on Right side, add the following

Name: aws.microinfosys.com

Type: A - IPv$ address

Value: (10.0.10.120)

Route Policy: Simple

- Click on create

We successfully created A record for aws.microinfosys.com

Now try to load this page from microsoft 2016 server browser.

You should have access

Thursday, December 17, 2020

Ansible - Ansible Vault - keep your password secret

================Ansible Vault==================
1. Create your yaml file
We are going to create a file keepitsecret.yaml and we will keet it secret using vault

[root@master vault]# cat myvault.yaml
- hosts: 127.0.0.1
vars_files:
- keepitsecret.yaml
tasks:
- name: Sending email using Gmail's smtp services
mail:
host: smtp.gmail.com
port: 587
username: "{{ u }}"
password: "{{ p }}"
to: sam@gmail.com
subject: Testing email from gmail using ansible
body: system {{ ansible_host }} has been successfully tested.

2. Create a vault where you will store your username/pw
# av -h
# av create -h
check the syntax
[root@master vault]# ansible-vault create keepitsecret.yaml
New Vault password:
Confirm New Vault password:
u: "sam@gmail.com"
p: "MyPasswordSecret"

3. View the content of the file. You can't read what your stored. Its encripted.
[root@master vault]# cat keepitsecret.yaml
$ANSIBLE_VAULT;1.1;AES256
32346435633239646636626465663162613262623434333664393437316461366565316364396632
6365373834616464333437373134653435386335653165660a326331363163353932373161386362
61316464353339383834666662353230393036313538646563303632393134363165353431336130
3037393363643463650a643762353433663662306630376231363836376464656330346235663964
31656463373832353739303239353032613838333231613464343336656239656535333561663064
3036336665303135313061666234313831626630343066613130
[root@master vault]#

4. Run your playbook
# ap myvault.yaml
I got email alert
Sign-in attempt was blocked
sam@gmail.com
Someone just used your password to try to sign in to your account from a non-Google app. Google blocked them, but you should check what happened. Review your account activity to make sure no one else has access.

Less secure app blocked
Google blocked the app you were trying to use because it doesn't meet our security standards.
Some apps and devices use less secure sign-in technology, which makes your account more vulnerable. You can turn off access for these apps, which we recommend, or turn on access if you want to use them despite the risks. Google will automatically turn this setting OFF if it's not being used.
Learn more
google for less secure app access and
Enabling less secure apps to access Gmail

you should be send email this time.

Tuesday, December 15, 2020

Ansible: exception handling ... error handling ..

Ansible: exception handling ...

1. Lets create a simple playbook and run

[root@master dec15]# cat error.yaml

- hosts: w1

tasks:

- package:

state: present

- debug:

msg: "This is a test run .."

[root@master dec15]# ansible-playbook error.yaml

2. Lets make a mistake on one of the variable.

say pkg name is nane

# cat error.yaml

- hosts: w1

tasks:

- package:

nane: "httpd"

state: present

- debug:

msg: "This is just a test run ..."

[root@master dec15]# alias 'ap=ansible-playbook'

[root@master dec15]# ap error.yaml

we saw fatal error. we know its because the keyword we wrote, ansible does not that that keyword defined.

in fact it didn't recognize the parameter e=we supply.

3. What we can do is tell ansible to ignore if you find error. do not just throw error, continue.

# cat error.yaml

- hosts: w1

tasks:

- package:

nane: "httpd"

state: present

ignore_errors: yes # ignore this error and go to next task

- debug:

msg: "This is just a test run ..."

[root@master dec15]# ap error.yaml

You see, error is ignored this time.

4. Now, lets try something else, lets download a file from internet..

[root@master dec15]# ansible-doc -l uri

# cat errors.yaml

- hosts: w1

tasks:

- package:

state: present

debug:

msg: "This is just testing msg"

Before running the playbook to download a file from internet, lets look into some docs

or google for ansible uri or get-uri

look for example

Image source: https://hips.hearstapps.com/hmg-prod.s3.amazonaws.com/images/quotes-about-change-1580499303.jpg

[root@master dec15]# cat error.yaml

- hosts: w1

tasks:

- package:

nane: "httpd"

state: present

ignore_errors: yes

#- get_uri:

- uri:

url: https://hips.hearstapps.com/hmg-prod.s3.amazonaws.com/images/quotes-about-change-1580499303.jpg

dest: "/var/www/html/life_l.jpg"

- debug:

msg: "This is a test run .."

[root@master dec15]#

[root@master dec15]# ap error.yaml

[root@worker1 ~]# ls -l /var/www/html/life_l.jpg

-rw-r--r--. 1 root root 206868 Dec 8 05:10 /var/www/html/life_l.jpg

The result above shows that its successful.

5. Now, say we have a problem with internet connection, and if you run this playbook,, it will fail.

It will throw error, so how do you handle the error?

The best thing you can do is ignore the error. How? look at the yaml file below..

[root@master dec15]# netstat -rn

Kernel IP routing table

Destination Gateway Genmask Flags MSS Window irtt Iface

0.0.0.0 192.168.10.1 0.0.0.0 UG 0 0 0 enp0s3

for lab purpose, you can remove the 0.0.0.0

[root@master dec15]# cat error.yaml

- hosts: w1

tasks:

- package:

nane: "httpd"

state: present

ignore_errors: yes

#- get_uri:

- uri:

url: https://hips.hearstapps.com/hmg-prod.s3.amazonaws.com/images/quotes-about-change-1580499303.jpg

dest: "/var/www/html/life_l.jpg"

ignore_errors: yes

- debug:

msg: "This is a test run .."

[root@master dec15]# ap error.yaml

If you are disconnected from internet, it will fail with error unreachable network.

so, you can use ignore_errors keyword to ignore the error.

it will continue to run it. But it might be an important piece of information, that you can't ignore it.

so, you have to be very careful while dealing with ignore_errors.

6. Using block.

On block, your code in block and at the end, include rescue.

[root@master dec15]# ap error.yaml

/usr/lib/python3.6/site-packages/requests/__init__.py:91: RequestsDependencyWarning: urllib3 (1.26.2) or chardet (3.0.4) doesn't match a supported version!

RequestsDependencyWarning)

PLAY [w1] *********************************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************************

ok: [w1]

TASK [package] ****************************************************************************************************************

ok: [w1]

TASK [uri] ********************************************************************************************************************

changed: [w1]

TASK [service] ****************************************************************************************************************

changed: [w1]

TASK [debug] ******************************************************************************************************************

ok: [w1] => {

"msg": "This is a test run .."

}

TASK [debug] ******************************************************************************************************************

ok: [w1] => {

"msg": "This is a test run .."

}

PLAY RECAP ********************************************************************************************************************

w1 : ok=6 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

[root@worker1 ~]# systemctl status httpd

● httpd.service - The Apache HTTP Server

Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)

Active: active (running) since Tue 2020-12-08 06:01:59 EST; 42s ago

Docs: man:httpd.service(8)

Main PID: 59114 (httpd)

[root@worker1 html]# ls -ltr

total 212

-rw-r--r--. 1 root root 8 Dec 7 03:19 index.html

-rw-r--r--. 1 root root 12 Dec 8 05:51 webap.htm

-rw-r--r--. 1 root root 206868 Dec 8 05:53 life_l.jpg

[root@worker1 html]# cat webap.htm

This is cool

Saturday, December 12, 2020

Ansible - EC2 instance creation using ansible

Ansible - EC2 instance creation using ansible..

1. Write your playbook

-> Collect all the manual steps to create an EC2 instance. Google for EC2 instance creation using ansible..

# cat aws-ec2.yaml

- hosts: localhost # 192.168.56.5 - use your own control node)

tasks:

- ec2_instance:

region: us-east-1

image_id: ami-04d29b6f966df1537

instance_type: t2.micro

#image: t2.micro

vpc_subnet_id: subnet-e261d2ec

security_group: sg-f5b18ad2

key_name: kt-2020-k

state: present

aws_access_key: AKIA6DEA42GA2PGZJ7G3

aws_secret_key: 3IYF568qVJ8I#RZYnUV2OPG8/XDKVrhDfJRJPnbc

2. Run your playbook

[root@master wk-dec9]# ansible-playbook aws-ec2.yaml

PLAY [localhost] *****************************************************************************************

TASK [Gathering Facts] ***********************************************************************************

ok: [localhost]

TASK [ec2_instance] **************************************************************************************

fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failed to import the required Python library (botocore or boto3) on master's Python /usr/bin/python3.6. Please read module documentation and install in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter"}

PLAY RECAP ***********************************************************************************************

localhost : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

3. Review the error and Install boto3

[root@master wk-dec9]# pip3 install boto3

Successfully installed boto3-1.16.33 botocore-1.19.33 s3transfer-0.3.3 urllib3-1.26.2

4. Re-run your playbook

[root@master wk-dec9]# ansible-playbook aws-ec2.yaml

PLAY [localhost] *****************************************************************************************

TASK [Gathering Facts] ***********************************************************************************

ok: [localhost]

TASK [ec2_instance] **************************************************************************************

changed: [localhost]

PLAY RECAP ***********************************************************************************************

localhost : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

[root@master wk-dec9]#

5. Playbook content ..

[root@master wk-dec9]# cat aws-ec2.yaml

- hosts: localhost # 192.168.56.4 - your own control node)

tasks:

- ec2_instance:

region: us-east-1

image_id: ami-04d29b6f966df1537

instance_type: t2.micro

#image: t2.micro

vpc_subnet_id: subnet-e251d2ec

security_group: sg-f7a18ad2

key_name: kb-2020-key

state: present

aws_access_key: AKIC6HXA42MR2PGZJ7G3

aws_secret_key: 3IYF590qVJ8ISpZYnUV92PG8/XDKVrhHsJcMPnbc

Saturday, December 5, 2020

Ansible - Setup and configure Load Balancer and Proxy using HAProxy-automatically using ansible

Configure LB and proxy using haproxy

Requirement:

1. Once server for load balancer

2. one or two servers for web servers

In my example I have three servers

Load Balancer: master - 192.168.10.50

Web servers: worker1, worker2 - 192.168.10.51/52

1. On master server, Install haproxy - comes on RedHat DVD

# yum install haproxy

Note: There is no httpd process running on this host.

# rpm -qa httpd

2. Configure haproxy

[root@master ~]# vi /etc/haproxy/haproxy.cfg

do not modify global and default setting,

Directly go to 'frontend main' section

Here, change the port where you want your Load Balancer to run.

I will be using port 8080

I will be disabling firewall and selinux for this lab.

frontend main

bind *:8080

go all the way down to section called 'backend app,

In this section, you will be adding all web server information.

backend app

balance roundrobin

server app1 w1 192.168.10.51:80 check

server app2 w2 192.168.10.52:80 check

3. Once config is changed, start the service

# systemctl start haproxy

# systemctl enable haproxy

# systemctl status haproxy

4. Now, go to your web server machines.

a. In my case, its worker node 1 and node2

Install web server and start the service

# yum install httpd

# systemctl start httpd

# systemctl status httpd

# systemctl enable httpd

# systemctl stop firewalld

b. Create a index file

[root@worker1 html]# cat index.html

This is worker node1

[root@worker2 html]# cat index.html

This is Worker node2

5. Now, get the IP of your load balancer server.

http://192.168.10.50:8080

You should be able to see the web site. if you refresh, you will see new page.

This proves that load balancer is working.

--------------------------------------------------------------

Until now, we configure haproxy manually, lets start configuring haproxy using ansible

1. Lets configure our inventory file as follows,

# ansible --version

# more /etc/ansible/ansible.conf

# cat myhosts

[mylb]

master ansible_user=root ansible_ssh_pass=changeme ansible_connection=ssh

[myweb]

worker1 ansible_user=root ansible_ssh_pass=changeme ansible_connection=ssh

worker2 ansible_user=root ansible_ssh_pass=changeme ansible_connection=ssh

Note: There is one option available in inventory to group them. and give them group name say web or load balancer.

2. Lets automate everything using ansible. Here is the yaml file.

[root@master wk6]# cat mylb.yaml

- hosts: myweb # myweb comes from inventory file

tasks:

- package:

- copy:

dest: "/var/www/html/index.html"

content: " Testing Load Balancer on RHEL7/Centos7"

- service:

state: restarted

- service:

state: stopped

enabled: False

- hosts: mylb

tasks:

- name: "Install LB software"

package:

- template:

dest: "/etc/haproxy/haproxy.cfg"

src: "haproxy.cfg"

- service:

state: restarted

3. Lets look at the config file for haproxy

Do not modify global and default values.

[root@master wk6]# cat haproxy.cfg

#---------------------------------------------------------------------

# Example configuration for a possible web application. See the

# full configuration options online.

# https://www.haproxy.org/download/1.8/doc/configuration.txt

#---------------------------------------------------------------------

# Global settings

#---------------------------------------------------------------------

global

# to have these messages end up in /var/log/haproxy.log you will

# need to:

# 1) configure syslog to accept network log events. This is done

# by adding the '-r' option to the SYSLOGD_OPTIONS in

# /etc/sysconfig/syslog

# 2) configure local2 events to go to the /var/log/haproxy.log

# file. A line like the following can be added to

# /etc/sysconfig/syslog

# local2.* /var/log/haproxy.log

log 127.0.0.1 local2

chroot /var/lib/haproxy

pidfile /var/run/haproxy.pid

maxconn 4000

user haproxy

group haproxy

daemon

# turn on stats unix socket

stats socket /var/lib/haproxy/stats

# utilize system-wide crypto-policies

ssl-default-bind-ciphers PROFILE=SYSTEM

ssl-default-server-ciphers PROFILE=SYSTEM

#---------------------------------------------------------------------

# common defaults that all the 'listen' and 'backend' sections will

# use if not designated in their block

#---------------------------------------------------------------------

defaults

mode http

log global

option httplog

option dontlognull

option http-server-close

option forwardfor except 127.0.0.0/8

option redispatch

retries 3

timeout http-request 10s

timeout queue 1m

timeout connect 10s

timeout client 1m

timeout server 1m

timeout http-keep-alive 10s

timeout check 10s

maxconn 3000

#---------------------------------------------------------------------

# main frontend which proxys to the backends

#---------------------------------------------------------------------

frontend main

bind *:8080 # This is a port where LB will be listening

#bind *:5000

acl url_static path_beg -i /static /images /javascript /stylesheets

acl url_static path_end -i .jpg .gif .png .css .js

use_backend static if url_static

default_backend app

#---------------------------------------------------------------------

# static backend for serving up images, stylesheets and such

#---------------------------------------------------------------------

backend static

balance roundrobin

server static 127.0.0.1:4331 check

#---------------------------------------------------------------------

# round robin balancing between the various backends

#---------------------------------------------------------------------

backend app # app value can be anything

balance roundrobin

#server app1 127.0.0.1:5001 check

#server app2 127.0.0.1:5002 check

#server app3 127.0.0.1:5003 check

#server app4 127.0.0.1:5004 check

#server app1 w1 192.168.10.51:80 check

#server app2 w2 192.168.10.52:80 check

{% for i in groups[ 'myweb' ] %}

server app{{ loop.index }} {{ i }}:80 check

{% endfor %}

4. Lets run your playbook

[root@master wk6]# ansible-playbook mylb.yaml

5. Lets verify the content of haproxy.conf file

# cat /etc/haproxy/haproxy.conf

6. Go to the browser with ip of proxy server which is .50

http://192.168.10.50:8080/

You should be able to see the page.

Now, modify the content of one of the indexfile from web server and refresh the LB server, you will find the new pages.

Friday, December 4, 2020

Setup and Configure load balancer and proxy using HAProxy

Configure LB and proxy using haproxy

Requirement:
1. One server for load balancer
2. One or two servers for web servers

In my example I have three servers
Load Balancer: master - 192.168.10.50
Web servers: worker1, worker2 - 192.168.10.51/52

1. On master server, Install haproxy - comes on RedHat DVD
# yum install haproxy
Note: There is no httpd process running on this host.
# rpm -qa httpd

2. Configure haproxy
[root@master ~]# vi /etc/haproxy/haproxy.cfg
do not modify global and default setting,
Directly go to 'frontend main' section
Here, change the port where you want your Load Balancer to run.
I will be using port 8080
I will be disabling firewall and selinux for this lab.
frontend main
bind *:8080
go all the way down to section called 'backend app,
In this section, you will be adding all web server information.
backend app
balance roundrobin
server w1 192.168.10.51:80 check
server w2 192.168.10.52:80 check

3. Once config is changed, start the service
# systemctl start haproxy
# systemctl enable haproxy
# systemctl status haproxy

4. Now, go to your web server machines.
a. In my case, its worker node 1 and node2
Install web server and start the service
# yum install httpd
# systemctl start httpd
# systemctl status httpd
# systemctl enable httpd
# systemctl stop firewalld

b. Create a index file
[root@worker1 html]# cat index.html
This is worker node1
[root@worker2 html]# cat index.html
This is Worker node2

5. Now, get the IP of your load balancer server.
http://192.168.10.50:8080

You should be able to see the web site. if you refresh, you will see new page.
This proves that load balancer is working.