Difference between revisions of "Very Windy"
| Line 27: | Line 27: | ||
== ansible == | == ansible == | ||
<code>ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx</code> -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags><br> | |||
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.<br> | |||
Tags can be skipped with <code>--skip-tags <tags></code><br> | |||
Tasks tagged 'always' will run no matter what tags are selected.<br> | |||
<code>ansible-playbook -C -D playbooks/all.yml -u | Tasks tagged 'never' only run if explicitly requested with <code>-t never</code><br> | ||
== ln == | == ln == | ||
| Line 79: | Line 79: | ||
Create blank repo without README.md<br> | Create blank repo without README.md<br> | ||
Run ansible-init script<br> | Run ansible-init script<br> | ||
== Monitoring == | |||
icinga-Server verbindet sich zum Agent über Port 5665. | |||
Bei Wartungen Downtime erstellen. | |||
Revision as of 12:02, 18 February 2026
lvm procedure
Die VM-Disk /dev/sda wurde vergrössert
1. Ist Zustand prüfen
lsblk
2. Disk "sda" neu einlesen
echo 1 > /sys/block/sda/device/rescan
3. Partition vergrössern
growpart /dev/sda 3
4. PV überprüfen
pvs
4a. allenfalls physical volume vergrössern
pvresize /dev/sda3
5. VG überprüfen
vgs
6. LV vergrössern und Filesystem vergrössern
lvresize -rL+50G /dev/mapper/system-docker
lvextend -rl +100%FREE /dev/mapper/vm208-root
git
git submodule update --init Submodule laden
git submodule update --init --recursive Submodule laden
git submodule update --remote Submodule aktualisieren
openssl
Check CSR:
openssl req -in sample.csr -noout -text
ansible
ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags>
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.
Tags can be skipped with --skip-tags <tags>
Tasks tagged 'always' will run no matter what tags are selected.
Tasks tagged 'never' only run if explicitly requested with -t never
ln
ln -s ../files
curl
curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch check connection with hardcoded dns
curl -x sexybit.sh https://apod.nasa.gov check connection with proxy
curl -L https://apod.nasa.gov follow redirects
New Systems
Size: 2CPU, 2G RAM, 40G Disk
VG Name: system
/: 10G
Swap: 4G
/var-log: 4G
IPTables / firewalld
<?xml version="1.0" encoding="utf-8"?> <direct> <rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule> <rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule> <rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule> <rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule> <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule> <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule> <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule> <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule> <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule> <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule> <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule> <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule> <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule> <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule> <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule> </direct>
Show all direct rules (/etc/firewalld/direct.xml):
firewall-cmd --get-all-rules --direct
Clear root Password / disable root login
-d --delete: delete user's password
-l --lock: lock user's password
# passwd -dl root
Start new git project
Create blank repo without README.md
Run ansible-init script
Monitoring
icinga-Server verbindet sich zum Agent über Port 5665.
Bei Wartungen Downtime erstellen.