Change username and hostname for Ubuntu instances on AWS

If you have used Ubuntu images on AWS, you might have noticed that the default username of the user on the instance is ‘ubuntu’. And the hostname is dynamically generated according to the public IP. Both of these can be changed using cloud-config supported on Ubuntu images – the config has to be provided in the User Data section in Advanced on the Configure Instance tab.

YAML configuration to change the parameters:

A lot more things are possible using the cloud-config method and it is supported on other operating system images as well such as CentOS. Take a look at Cloud config examples.

Using privileged mode (become) in Ansible without a password

So I was working on automating some stuff using Ansible when the necessity to have password less superuser access came up. A simple way would be adding the ansible management key to the root account itself and allow SSH to root, but allowing ssh to root is usually a bad idea.

I tried many things – NOPASSWD in sudo entry, requiretty, etc. And after nearly two hours of digging a spark ignited and I found a way – Linux has PAM module called pam_wheel.so which can implicitly allow root access via su when a user is present in the wheel group (the group can be configured in module options). This module is disabled by default on most Linux distributions, in fact Ubuntu doesn’t even have a wheel group. But in this particular case I was managing CentOS which has the wheel group.

Add the Ansible management user to the wheel group and enable the pam_wheel.so module:

Now when you SSH to the machine using the ansible user and run su – it will give you root access without asking for password. Consequently, now when you set become_method = su in your Ansible configuration by way of editing config files, setting variables in playbook or inventory, etc. Ansible will become privileged without a password.

LXD OpenVSwitch and VLANs

LXD is a fantastic container virtualization tool that comes by default with Ubuntu. In one of my applications I needed to have many containers each within it’s own VLAN network.
So I used OpenVSwitch in combination with LXD to achieve this.

There is no inherent facility in LXD to provide VLAN tag numbers to the interface. So it is necessary to use a “Fake bridge”. I managed to do it after reading this article by Scott – VLANs with Open vSwitch Fake Bridges

Let’s say the OpenVSwitch bridge is named vm-bridge and we want to add 10 fake bridges ranging from VLAN 20 to 30. Here’s how I did it:

In LXD you can specify the bridge to which it will connect containers to, so I created 10 containers using a similar loop 😀
Further to bind each container to the fake bridge this step is needed:

Monitoring your internet connections with OpenWRT and a Telegram Bot

For the past 5 years or so, I have been using a single ISP at home and mobile data for backup when it went down. But since last few months, the ISP service became a bit unreliable – this is more related to the rainy season. Mobile data doesn’t give fiber like constant speeds I get on the wire. It’s very annoying to browse at < 10 Mbps on mobile data when you are used to 100 Mbps on the wire.

I decided to get another fiber pipe from a local ISP. One needs to be very unlucky to have both going down at the same time – I hope that never happens. Now the question is how to monitor the two connections: Why do I need monitoring? – so that I can inform the ISP when it goes down, with the fail-over happening automatically thanks to OpenWRT’s mwan3 package, I won’t ever know when I am using which ISP (unless I am checking the public IP address, of course).

Continue reading “Monitoring your internet connections with OpenWRT and a Telegram Bot”

Asterisk PBX with Reliance PRI Line using Digium TE131F

So I got an opportunity to set up Asterisk PBX with a Reliance Communications E1 line. I have worked with Asterisk PBX, but without PSTN interfacing. This post is about what all stuff I have done to get a Reliance E1 line with Digium TE131F card.

Having explored a lot of other distributions like Fedora, Arch, Gentoo, Sabayon, etc. since I ventured into Linux world and learning the internals of Linux and how different components are stitched together I settled on Ubuntu. It’s my favorite these days because  everything seems to work out of the box… except when it doesn’t, then you have PPAs. 😛 For this project I have installed Ubuntu 16.04 server edition.

Continue reading “Asterisk PBX with Reliance PRI Line using Digium TE131F”

ZFS convert stripe to striped-mirror

OpenZFS LogoI’m a huge fan of ZFS because of its performance and other features like snapshots, transparent compression. In fact I had switched to FreeBSD for servers just because it had native ZFS support. But as of Ubuntu 16.04, ZFS is officially supported for non-root partitions.

Now I’m migrating a FreeBSD server to Ubuntu 16.04 with ZFS for data storage – this is happening because I need support for some special hardware which has drivers only for Linux and I do not have a spare server machine of same capacity in terms of memory/disk/processor.

My case –
Here’s the zpool layout on my existing FreeBSD server:

Each of those disks are 1TB in size and the layout here is something known as RAID 10, or striped mirroring. Striped mirroring can be extended to more than four disks but in my case, I have two pairs of disks. Each pair is mirrored and the each such mirror is striped, illustrated as in the image below:

Image taken from techtarget.com, their trademark/copyright holds.

The advantage of this layout is that you get read speed of four disks, and write speed of two disks and a failure tolerance of two disks (but in different mirrors) at the same time.

I have a spare 1TB disk which I can use for preparing a new server using a low-end machine for migration. I remove one of the disks from the live server so the pool there runs in a degraded state. The removed disk is used in the new server. So I create this zpool in Ubuntu:

The pool created here is a plain simple stripe. To convert this into a striped-mirror, the zpool attach command has to be used:

With this, the pool now becomes a striped mirror:

Perfect! 😀

 

Group based HTTP basic authentication using Nginx and MySQL with help of Lua

Recently I moved from Apache to Nginx on one of my servers due to increase in traffic. But I was using HTTP Basic authentication with group based authorization on Apache in this manner:

However, there’s no AuthGroupFile  in nginx. But LUA, a programming language is supported in nginx. So here’s how I used LUA and MySQL for achieving this:

Now the real magic comes in the authenticate.lua  script, I’m posting the code below which is available in Github as well:

The group authentication script looks for users and groups in a table called http_users. Since this is a script you can modify the way users are searched for in the database or change the database altogether!
The lua modules required to run this script are: resty.mysql, resty.session, resty.string and cjson. Though the passwords are stored in the database as a SHA224 hash, the comparison of the password is done by the database itself. I did not convert the password to hash before sending it to database, so you may want to review this in case you are using remote database. I’m using local database over Unix socket so it doesn’t matter much.

The table and triggers I have for the same:

The triggers are required to convert the INSERT  or UPDATE statements into SHA224. I’m using MySQL’s SET data type to ensure that the group value is fixed. The same values can be used by Nginx in $user_group  variable before specifying the access_by_lua_file  directive.

CloudFlare Dynamic DNS using OpenWRT

I use dynamic DNS for my home internet connection so that I can access the machines from anywhere on the internet. And I use OpenWRT on my router. Earlier I was using Namecheap for managing DNS but I switched to CloudFlare for performance and security reasons of the website.

Unfortunately CloudFlare doesn’t support updating IP via shell script — well, it sort of does but the JSON stuff gets very messy with quoting in shell scripts, so I wrote a Lua script to update my IP whenever my PPPoE connection starts up; I have dropped the script in /etc/ppp/ip-up.d  so it gets executed by pppd whenever my connection comes up. You can run this script via cron or put it /etc/hotplug  if you wish to. This script uses LuaSocket, LuaSec, JSON4Lua and libubus-lua libraries that are easily installable on an OpenWRT router with 4 MB flash memory.

Now I can have the benefits of CloudFlare without losing out on DDNS :D. Here’s the code:

Suggestions? Post in comments or fork on GitHub.

Remote desktop server XRDP on Linux Mint, Ubuntu

If you’d like to access your Linux desktop over the network from anywhere in the world, or just want to share your computer’s resources on the LAN by giving all users accounts on your computer, you can set up a remote desktop server. It is quite easy to do so, and the best part is that it is compatible with the remote desktop client on Windows too, thanks to the software called XRDP which talks Remote Desktop Protocol (RDP).

Are you surprised that a blog that usually used to talk about Gentoo, is now posting about Ubuntu? Well, I made switch on my personal machine to Linux Mint Cinnamon because I was bored with Gentoo. I have nothing against Gentoo, and I still love it. It’s the perfect distribution if you want to customize your OS to the core.

If you are going with Linux Mint, I’d highly recommend the MATE desktop. MATE is basically a fork of the original GNOME 2 project. GNOME 3 / Cinnamon / Unity won’t work with XRDP because they rely on 3D graphics which is not possible (yet) on X11RDP or Xvnc (correct me if I’m wrong). You could also go with the other desktop environments like XFCE or LXDE if you prefer. Even KDE works fine in the remote desktop environment because it does not solely rely on 3D graphics.

Continue reading “Remote desktop server XRDP on Linux Mint, Ubuntu”

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: