Very Windy

From 6bit.ch wiki
Revision as of 13:45, 23 February 2026 by Xbl (talk | contribs)
Jump to navigation Jump to search

lvm procedure

 Die VM-Disk /dev/sda wurde vergrössert
    1. Ist Zustand prüfen
        lsblk
    2. Disk "sda" neu einlesen
        echo 1 > /sys/block/sda/device/rescan
    3. Partition vergrössern
        growpart /dev/sda 3
    4. PV überprüfen
        pvs
        4a. allenfalls physical volume vergrössern
            pvresize /dev/sda3
    5. VG überprüfen
        vgs
    6. LV vergrössern und Filesystem vergrössern
        lvresize -rL+50G /dev/mapper/system-docker
        lvextend -rl +100%FREE /dev/mapper/vm208-root

git

git submodule update --init Submodule laden
git submodule update --init --recursive Submodule laden
git submodule update --remote Submodule aktualisieren

openssl

Check CSR:
openssl req -in sample.csr -noout -text

Bash to check private key against certificate (checkssl.sh): 

 cn=files/reverseproxies/etc/haproxy/certs/www.sexybit.sh
crt="${cn:?Common Name fuer Key und Cert nicht angegebe...}.crt"
key="$cn.key"

crtmd5=$( openssl x509 -noout -modulus -in "$crt" | openssl md5 ) ; \
keymd5=$( openssl rsa  -noout -modulus -in "$key" | openssl md5 ) ; \
\
echo "crt: $crtmd5" ; echo "key: $keymd5" ; printf "Dateien: \"$crt\" & \"$key\" -- " ; \
[ "$crtmd5" = "$keymd5" ] && echo "passen zusammen  :)" || echo "passen NICHT zusammen  :("

ansible

ansible-playbook -C -D playbooks/all.yml -u $USER -t nginx -C (check, dry run), -D (diff, show differences) -u <remote user> -t <tags>
Tags let you run only specific tagged tasks in a playbook instead of executing everything. Multiple tags can be comma-separated.
Tags can be skipped with --skip-tags <tags>
Tasks tagged 'always' will run no matter what tags are selected.
Tasks tagged 'never' only run if explicitly requested with -t never

ln

ln -s ../files

curl

curl -vvv verbose verbose verbose
curl -v --resolve windy.verywindy.ch:443:192.168.161.1 https://windy.verywindy.ch check connection with hardcoded dns
curl -x sexybit.sh https://apod.nasa.gov check connection with proxy
curl -L https://apod.nasa.gov follow redirects

New Systems

Size: 2CPU, 2G RAM, 40G Disk
VG Name: system
/: 10G
Swap: 4G
/var-log: 4G

IPTables / firewalld

 <?xml version="1.0" encoding="utf-8"?>
<direct>
  <rule ipv="ipv4" table="filter" chain="INPUT" priority="0">-p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="INPUT" priority="1">-p tcp --dport 21022 -m state --state NEW,ESTABLISHED -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="INPUT" priority="5">-p icmp -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="INPUT" priority="8">-p udp --sport 53 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-p tcp --sport 21022 -m state --state ESTABLISHED -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="5">-p icmp -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="6">-p udp --dport 53 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="8">-p tcp --dport 80 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="9">-p tcp --dport 443 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="12">-p udp --dport 123 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="56">-p tcp --dport 5665 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="67">-p udp --dport 67:68 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="69">-m state --state ESTABLISHED,RELATED -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="99">-j DROP</rule>
</direct>

Show all direct rules (/etc/firewalld/direct.xml):
firewall-cmd --get-all-rules --direct

Clear root Password / disable root login

-d --delete: delete user's password
-l --lock: lock user's password
# passwd -dl root

Start new git project

Create blank repo without README.md
Run ansible-init script (cs)

Monitoring

icinga-Server verbindet sich zum Agent über Port 5665.
Bei Wartungen Downtime erstellen.

Wartung

Snapshots nach 1w löschen.

upremote

$HOME/scripts/
$HOME/log/

Check yo shit front to back

Remount /tmp without noexec flag

mount -o remount,exec /tmp

tmux

Move window to other pane:

 Ctrl + b
:move-pane -t X

Move window to new pane:
Ctrl + b !

icinga2

Check available commands in Icinga Director / Commands.

After editing monitoring parameters in ansible:
ansible-playbook -D playbooks/all.yml -t icinga2_agent:update-host

openSSL pfx/pem

  1. Extract the private key (you will be prompted to enter the PFX file password and to set a password for the private key)

openssl pkcs12 -in your_certificate.pfx -nocerts -out private_key.key

  1. Extract the CRT certificate (you will be prompted to enter the PFX file password)

openssl pkcs12 -in your_certificate.pfx -clcerts -nokeys -out certificate.crt

  1. (Optional) Remove the password from the private key (you will be prompted to enter the password set for the private key)

openssl rsa -in private_key.key -out private_key_nopass.key

Encryption of private key can be checked with # cat private.key (first line)

Retrieved from "http://wiki.6bit.ch/index.php?title=Very_Windy&oldid=323"