Hero Image
Set interface IP with netplan on Ubuntu 18.04

Set interface IP with netplan on Ubuntu 18.04 Following the notes above, check /etc/netplan and open /etc/netplan/50-cloud-init.yaml: # This file is generated from information provided by # the datasource. Changes to it will not persist across an instance. # To disable cloud-init's network configuration capabilities, write a file # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following: # network: {config: disabled} network: ethernets: ens192: dhcp4: true ens224: dhcp4: true version: 2 It looks like you can disable cloud network, but I do not use cloud-init, so remove it:

Friday, September 18, 2020 Read
Hero Image
Deploying OpenVPN with AD domain authentication

Deploying OpenVPN with AD domain authentication OpenVPN + PAM + SSSD + Active Directory https://computingforgeeks.com/install-and-configure-openvpn-server-on-rhel-centos-8/ https://www.redhat.com/en/blog/consistent-security-crypto-policies-red-hat-enterprise-linux-8 https://medium.com/jerrynotes/linux-authentication-windows-ad-without-join-domain-7963c3fd44c5 # Install OpenVPN yum install openvpn -y yum -y install openssl openssl-devel -y yum -y install lzo lzo-devel -y yum install -y libgcrypt libgpg-error libgcrypt-devel # Install OpenVPN auth plugin yum install openvpn-auth-ldap -y # Install easy-rsa # Since openvpn 2.3 removed easy-rsa from the package, install it separately. yum install easy-rsa cp -rf /usr/share/easy-rsa/2.0 /etc/opevpn/ # Generate OpenVPN keys and certificates # Edit `/opt/openvpn/etc/easy-rsa/2.0/vars` parameters export KEY_COUNTRY="CN" # Country export KEY_PROVINCE="ZJ" # Province export KEY_CITY="NingBo" # City export KEY_ORG="TEST-VPN" # Organization exportKEY_EMAIL="81367070@qq.com" # Email export KEY_OU="baidu" # Unit source vars ./clean-all ./build-ca ./build-dh ./build-key-server server ./build-key client1 # Edit the OpenVPN server config: `/etc/openvpn/server.conf` port 1194 proto udp dev tun ca keys/ca.crt cert keys/server.crt key keys/server.key # This file should be kept secret dh keys/dh2048.pem server 10.8.0.0 255.255.255.0 // client IP pool push "route 192.168.1.0 255.255.255.0" // push route to clients push "redirect-gateway" // change client gateway to route VPN traffic ifconfig-pool-persist ipp.txt keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3 plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so "/etc/openvpn/auth/ldap.conf" client-cert-not-required username-as-common-name log /var/log/openvpn.log # Edit openvpn-ldap-auth config: `/etc/openvpn/auth/ldap.conf` # /etc/openvpn/auth/ldap.conf <LDAP> # LDAP server URL # Change to the AD server IP URL ldap://172.16.76.238:389 # Bind DN (If your LDAP server doesn't support anonymous binds) # BindDN uid=Manager,ou=People,dc=example,dc=com # Change to the domain admin DN; you can query it with ldapsearch # Replace the IP in -h with the server IP, -D with the admin DN, -b with the base DN, and * for all # ldapsearch -LLL -x -h 172.16.76.238 -D "administrator@xx.com" -W -b "dc=xx,dc=com" "*" BindDN "cn=administrator,cn=Users,dc=xx,dc=com" # Bind Password # Password SecretPassword # Domain admin password Password passwd # Network timeout (in seconds) Timeout 15 # Enable Start TLS TLSEnable no # Follow LDAP Referrals (anonymously) FollowReferrals no # TLS CA Certificate File # TLSCACertFile /usr/local/etc/ssl/ca.pem # TLS CA Certificate Directory # TLSCACertDir /etc/ssl/certs # Client Certificate and key # If TLS client authentication is required # TLSCertFile /usr/local/etc/ssl/client-cert.pem # TLSKeyFile /usr/local/etc/ssl/client-key.pem # Cipher Suite # The defaults are usually fine here # TLSCipherSuite ALL:!ADH:@STRENGTH </LDAP> <Authorization> # Base DN # Base DN for auth search BaseDN "dc=boqii-inc,dc=com" # User Search Filter # SearchFilter "(&(uid=%u)(accountStatus=active))" # sAMAccountName=%u uses the sAMAccountName value as the username, # and "memberof=CN=myvpn,DC=xx,DC=com" points to the VPN user group to authenticate, # so any user can use VPN once they are in this group. SearchFilter "(&(sAMAccountName=%u)(memberof=CN=myvpn,DC=boqii-inc,DC=com))" # Require Group Membership RequireGroup false # Add non-group members to a PF table (disabled) # PFTable ips_vpn_users <Group> # BaseDN "ou=Groups,dc=example,dc=com" # SearchFilter "(|(cn=developers)(cn=artists))" # MemberAttribute uniqueMember # Add group members to a PF table (disabled) # PFTable ips_vpn_eng BaseDN "ou=vpn,dc=boqii-inc,dc=com" SearchFilter "(cn=openvpn)" MemberAttribute "member" </Group> </Authorization> Copy the ca.crt certificate under /etc/openvpn/key for client use.

Thursday, September 17, 2020 Read
Hero Image
Docker Tips: Using Docker Config

Docker Tips: Using Docker Config FROM nginx:1.13.6 COPY nginx.conf /etc/nginx/nginx.conf Using the Docker CLI, we can create a config from this configuration file, we name this config proxy. $ docker config create proxy nginx.conf mdcfnxud53ve6jgcgjkhflg0s $ docker config inspect proxy [ { "ID": "x06uaozphg9kbnf8g4az4mucn", "Version": { "Index": 2723 }, "CreatedAt": "2017-11-21T07:49:09.553666064Z", "UpdatedAt": "2017-11-21T07:49:09.553666064Z", "Spec": { "Name": "proxy", "Labels": {}, "Data": "dXNlciB3d3ctZGF0YTsKd29y...ogIgICAgIH0KICAgIH0KfQo=" } } ] Use a Config $ docker network create --driver overlay front $ docker service create --name api --network front lucj/api $ docker service create --name proxy \ --network front \ --config src=proxy,target=/etc/nginx/nginx.conf \ --port 8000:8000 \ nginx:1.13.6 Service Update When the content of a configuration needs to be modified, it’s a common pattern to create a new config (using docker config create), and then to update the service order to remove the access to the previous config, and to add the access to the new one. The service commands are--config-rm and --config-add.

Monday, September 14, 2020 Read
Hero Image
Fortigate Management Interface in HA Mode

Fortigate Management Interface in HA Mode First you activate the feature config system ha set ha-mgmt-status enable config ha-mgmt-interfaces edit 1 set interface wan2 set gateway 192.168.147.254 next end end Do not forget to set a default gateway. This interface is isolated and requires its own routing. Then you assign an individual IP address to every node in the cluster System1 config system interface edit wan2 set ip 10.11.101.101/24 set allowaccess https ping ssh snmp next end System2

Tuesday, September 8, 2020 Read
Hero Image
How to automatically resize virtual box disk with vagrant

How to automatically resize virtual box disk with vagrant Increasing Disk Space of a Linux-based Vagrant Box on Provisioning Vagrant.configure(2) do |config| config.vm.box = "centos/7" config.disksize.size = '20GB' end $ sudo parted /dev/sda resizepart 2 100% $ sudo lvextend -l +100%FREE /dev/centos/root $ sudo xfs_growfs /dev/centos/root Automate Part Vagrant.configure(2) do |config| common = <<-SCRIPT sudo parted /dev/sda resizepart 2 100% sudo pvresize /dev/sda2 sudo lvextend -l +100%FREE /dev/centos/root sudo xfs_growfs /dev/centos/root SCRIPT config.vm.define "node01" do |node1| node1.vm.hostname = "node01" node1.vm.network "private_network", ip: "192.168.56.121" config.vm.provision :shell, :inline => common end end vagrant plugin install vagrant-disksize Vagrantfile # Fail if the vagrant-disksize plugin is not installed unless Vagrant.has_plugin?("vagrant-disksize") raise 'vagrant-disksize is not installed!' end Vagrant.configure("2") do |config| config.vm.provider "virtualbox" do |vb| vb.name = "DISKEXTEND" vb.memory = 2048 vb.cpus = 2 end config.vm.define :"DISKEXTEND" do |t| end config.vm.hostname = "DISKEXTEND" config.vm.box = "bento/ubuntu-18.04" # Increase the default disk size of the bento image (64GB) to 96GB config.disksize.size = "96GB" # Run a script on provisioning the box to format the file system config.vm.provision "shell", path: "disk-extend.sh" end Provisioning Script: disk-extend.sh #!/bin/bash echo "> Installing required tools for file system management" if [ -n "$(command -v yum)" ]; then echo ">> Detected yum-based Linux" sudo yum makecache sudo yum install -y util-linux sudo yum install -y lvm2 sudo yum install -y e2fsprogs fi if [ -n "$(command -v apt-get)" ]; then echo ">> Detected apt-based Linux" sudo apt-get update -y sudo apt-get install -y fdisk sudo apt-get install -y lvm2 sudo apt-get install -y e2fsprogs fi ROOT_DISK_DEVICE="/dev/sda" ROOT_DISK_DEVICE_PART="/dev/sda1" LV_PATH=`sudo lvdisplay -c | sed -n 1p | awk -F ":" '{print $1;}'` FS_PATH=`df / | sed -n 2p | awk '{print $1;}'` ROOT_FS_SIZE=`df -h / | sed -n 2p | awk '{print $2;}'` echo "The root file system (/) has a size of $ROOT_FS_SIZE" echo "> Increasing disk size of $ROOT_DISK_DEVICE to available maximum" sudo fdisk $ROOT_DISK_DEVICE <<EOF d n p 1 2048 no w EOF sudo pvresize $ROOT_DISK_DEVICE_PART sudo lvextend -l +100%FREE $LV_PATH sudo resize2fs -p $FS_PATH ROOT_FS_SIZE=`df -h / | sed -n 2p | awk '{print $2;}'` echo "The root file system (/) has a size of $ROOT_FS_SIZE" exit 0

Tuesday, August 25, 2020 Read
Hero Image
Common GitBook plugins

Common GitBook plugins

Tuesday, August 18, 2020 Read
Hero Image
Google Search Operators: The Complete List (44 Advanced Operators)

Google Search Operators: The Complete List (44 Advanced Operators) Working Search operator What it does Example " " Search for results that mention a word or phrase. "steve jobs" OR Search for results related to X or Y. jobs OR gates | Same as OR. jobs | gates AND Search for results related to X and Y. jobs AND gates - Search for results that don’t mention a word or phrase. jobs -apple * Wildcard matching any word or phrase. steve * apple ( ) Group multiple searches. (ipad OR iphone) apple define: Search for the definition of a word or phrase. define:entrepreneur cache: Find the most recent cache of a webpage. cache:apple.com filetype: Search for particular types of files (e.g., PDF). apple filetype:pdf ext: Same as filetype: apple ext:pdf site: Search for results from a particular website. site:apple.com related: Search for sites related to a given domain. related:apple.com intitle: Search for pages with a particular word in the title tag. intitle:apple allintitle: Search for pages with multiple words in the title tag. allintitle:apple iphone inurl: Search for pages with a particular word in the URL. inurl:apple allinurl: Search for pages with multiple words in the URL. allinurl:apple iphone intext: Search for pages with a particular word in their content. intext:apple iphone allintext: Search for pages with multiple words in their content. allintext:apple iphone weather: Search for the weather in a location. weather:san francisco stocks: Search for stock information for a ticker. stocks:aapl map: Force Google to show map results. map:silicon valley movie: Search for information about a movie. movie:steve jobs in Convert one unit to another. $329 in GBP source: Search for results from a particular source in Google News. apple source:the_verge before: Search for results from before a particular date. apple before:2007-06-29 after: Search for results from after a particular date. apple after:2007-06-29 Unreliable Search operator What it does Example #..# Search within a range of numbers. iphone case $50..$60 inanchor: Search for pages with backlinks containing specific anchor text. inanchor:apple allinanchor: Search for pages with backlinks containing multiple words in their anchor text. allinanchor:apple iphone AROUND(X) Search for pages with two words or phrases within X words of one another. apple AROUND(4) iphone loc: Find results from a given area. loc:"san francisco" apple location: Find news from a certain location in Google News. location:"san francisco" apple daterange: Search for results from a particular date range. daterange:11278-13278 Not working (officially dropped by Google) Search operator What it does Example ~ Include synonyms in the search (dropped 2013). ~apple + Search for results mentioning an exact word or phrase (dropped 2011). jobs +apple inpostauthor: Search for posts by a specific author in Google Blog Search (discontinued). inpostauthor:"steve jobs" allinpostauthor: Same as inpostauthor:, but removes the need for quotes. allinpostauthor:steve jobs inposttitle: Search for posts with certain words in the title in Google’s discontinued Blog Search. inposttitle:apple iphone link: Search for pages linking to a particular domain or URL (dropped 2017). link:apple.com info: Search for information about a specific page or website (dropped 2017). info:apple.com id: Same as info: id:apple.com phonebook: Search for someone’s phone number (dropped 2010). phonebook:tim cook # Search for hashtags on Google+ (dropped 2019). #apple

Friday, August 14, 2020 Read
Hero Image
An easy way to identify virtualization technology

An easy way to identify virtualization technology dmidecode -s system-product-name Virtualization technology VMware Workstation root@router:~# dmidecode -s system-product-name VMware Virtual Platform VirtualBox root@router:~# dmidecode -s system-product-name VirtualBox QEMU and KVM root@router:~# dmidecode -s system-product-name KVM QEMU (emulation) root@router:~# dmidecode -s system-product-name Bochs Microsoft Virtual PC root@router:~# dmidecode | egrep -i 'manufacturer|product' Manufacturer: Microsoft Corporation Product Name: Virtual Machine Virtuozzo root@router:~# dmidecode /dev/mem: Permission denied en root@router:~# dmidecode | grep -i domU Product Name: HVM domU /dev/disk/by-id If you do not have permission to run dmidecode, you can use: ls -1 /dev/disk/by-id/

Wednesday, July 29, 2020 Read
Hero Image
[Share] Keychain - Pendant from a Type 57 rifle bayonet scabbard

[Share] Keychain - Pendant from a Type 57 rifle bayonet scabbard

Friday, July 10, 2020 Read
Hero Image
SSH certificate login guide

SSH certificate login guide Certificate login flow Before using SSH certificate login, you need to generate certificates. The steps are: The user and the server both send their public keys to the CA. The CA uses the server public key to generate a server certificate and sends it to the server. The CA uses the user public key to generate a user certificate and sends it to the user. Once certificates are in place, the user can log in. SSH handles the whole process automatically.

Wednesday, July 8, 2020 Read
Hero Image
How to capture web pages and long screenshots with Chrome DevTools?

How to capture web pages and long screenshots with Chrome DevTools? Open Chrome DevTools Click more_vert in the top-right, then choose filter_none to make it a separate window Ctrl + Shift + P(Command + Shift + P) Type screenshot Capture area screenshot: area screenshot. After selecting it, your cursor changes to add. Use it to select an area on the page. Capture full size screenshot: long screenshot. It completes automatically after about one second. Capture node screenshot: node screenshot. Similar to a long screenshot, but only visible parts are captured and the rest is blank. Capture screenshot: normal screenshot. It captures the visible page. If DevTools is not in a separate window, the result is affected.

Thursday, July 2, 2020 Read
Hero Image
BIRD and BGP: a beginner's kickoff

BIRD and BGP: a beginner’s kickoff BIRD Internet Routing Daemon

Monday, June 22, 2020 Read