Difference between revisions of "Very Windy"

From 6bit.ch wiki
Jump to navigation Jump to search
Line 1: Line 1:
= Very Windy =
= VW lvm procedure =
  <nowiki>Die VM-Disk /dev/sda wurde vergrössert
    1. Ist Zustand prüfen
        lsblk
    2. Disk "sda" neu einlesen
        echo 1 > /sys/block/sda/device/rescan
    3. Partition vergrössern
        growpart /dev/sda 3
    4. PV überprüfen
        pvs
        4a. allenfalls physical volume vergrössern
            pvresize /dev/sda3
    5. VG überprüfen
        vgs
    6. LV vergrössern und Filesystem vergrössern
        lvresize -rL+50G /dev/mapper/system-docker
        lvextend -rl +100%FREE /dev/mapper/vm208-root</nowiki>


== git ==
== git ==

Revision as of 10:54, 18 February 2026

VW lvm procedure

 Die VM-Disk /dev/sda wurde vergrössert
    1. Ist Zustand prüfen
        lsblk
    2. Disk "sda" neu einlesen
        echo 1 > /sys/block/sda/device/rescan
    3. Partition vergrössern
        growpart /dev/sda 3
    4. PV überprüfen
        pvs
        4a. allenfalls physical volume vergrössern
            pvresize /dev/sda3
    5. VG überprüfen
        vgs
    6. LV vergrössern und Filesystem vergrössern
        lvresize -rL+50G /dev/mapper/system-docker
        lvextend -rl +100%FREE /dev/mapper/vm208-root

git

git submodule update --init Submodule laden
git submodule update --init --recursive Submodule laden
git submodule update --remote Submodule aktualisieren

openssl

Check CSR:
openssl req -in sample.csr -noout -text

ansible

playbooks/all.yml
role -> tags (nginx) will apply:
group_vars/all/nginx.yml

ansible-playbook -C -D playbooks/all.yml -u windy -t nginx -C (check, dry run), -D (diff, show differences) -u (remote user) -t (tags)

ln

ln -s ../files

curl

curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch check connection with hardcoded dns

New Systems

Size: 2CPU, 2G RAM, 40G Disk
VG Name: system
/: 10G
Swap: 4G
/var-log: 4G

IPTables / firewalld

 <?xml version="1.0" encoding="utf-8"?>
<direct>
  <rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule>
</direct>

Show all direct rules (/etc/firewalld/direct.xml):
firewall-cmd --get-all-rules --direct

Clear root Password / disable root login

-d --delete: delete user's password
-l --lock: lock user's password
# passwd -dl root

Retrieved from "http://wiki.6bit.ch/index.php?title=Very_Windy&oldid=299"