EasyRSA – Make a certificate and copy to ansible staging dir

I use this script on my CA server to create a certificate for each new server we provision. This allows our internal PKI to function.

This script creates a certificate then copies it to the Ansible server where is can be deployed to the destination host

Obviously you’ll need to take the necessary precautions around key security

ISSUE_NAME=$1.domain.local

cd /home/admin/EasyRSA-3.0.5/
/home/admin/EasyRSA-3.0.5/easyrsa build-server-full $ISSUE_NAME nopass
ssh edpk-ansible..local 'mkdir -p /home/admin/ansible/files/'$1'/'
scp /home/admin/EasyRSA-3.0.5/pki/issued/$ISSUE_NAME.crt edpk-ansible..local:/home/admin/ansible/files/$1/$1.crt
scp /home/admin/EasyRSA-3.0.5/pki/private/$ISSUE_NAME.key edpk-ansible..local:/home/admin/ansible/files/$1/$1.key
cd ~

Ubuntu interfaces file examples

Example 1 – Includes some static routes and manually specified IP’s

auto lo
iface lo inet static
address 103.90.59.9/32

auto ens3
iface ens3 inet static
address 172.2.1.17
network 172.2.1.0
netmask 255.255.254.0
up route add -net 172.2.0.0 netmask 255.255.0.0 gw 172.2.1.1
up route add -net 172.2.0.0 netmask 255.255.0.0 gw 172.2.1.1

iface ens3 inet6 static
address 2405:cc:ee:110::7
netmask 64
autoconf 0
accept_ra 0
gateway 2405:cc:ee:110:ff:ff

auto ens4
iface ens4 inet static
address 172.23.2.12
network 172.23.2.0
netmask 255.255.255.0
gateway 172.23.2.254

source /etc/network/interfaces.d/*.cfg

 

Putty SSH settings to stop garbled output

Using ubuntu 18 and tools like glances and iftop would often mangle the output

Changing the default Puttty settings
‘Connection > Data > ‘Terminal-type string’ to ‘putty’ instead of ‘xterm’
and setting your PuTTY settings under Translation and ensure that you have UTF-8 set as the character set then save this as the default profile and enjoy 🙂

Copy files from Andorid phone using ADB – Quicker than MTP

When backing up photos form my Android phone i found that the phone didn’t present as a mass storage device, it would only appear as a MTP\PTP device and the file copy speed was terrible.

So some research led me to using the ADB command, you’ll need to enable USB debugging before this will work.

 

Find your files

adb shell ls /storage/

Back em up

adb pull /storage/self/primary/DCIM/Camera /home/user/photos/

MYSQL Backup to S3 script

Script

#!/bin/bash

# Set the enviroment variable so read function knows to seperate on ",".
export IFS=","

NOW=$(date +"%Y_%m_%d_%H_%M")

DATABASES_CONFIG_FILE="/home/bfnadmin/databases.csv"

S3_ENDPOINT="https://my-s3-storage.com"
S3_BUCKET="s3://sql-backups"

TEMP_BACKUP_DIR="backups"

while read HOST USERNAME PASSWORD DB_SRV DB_NAME;
do
echo "[$DB_SRV - $DB_NAME]"

mysqldump --single-transaction --quick --lock-tables=false \
-h $HOST \
-u $USERNAME \
-p$PASSWORD \
$DB_NAME | gzip > $TEMP_BACKUP_DIR/$DB_SRV-$DB_NAME-$NOW.sql.gz

echo "Uploading backup to S3 storage - $DB_SRV-$DB_NAME-$NOW.sql.gz"

aws --endpoint-url=$S3_ENDPOINT s3 cp $TEMP_BACKUP_DIR/$DB_SRV-$DB_NAME-$NOW.sql.gz $S3_BUCKET

rm $TEMP_BACKUP_DIR/$DB_SRV-$DB_NAME-$NOW.sql.gz

echo -e "\n\n"

done < $DATABASES_CONFIG_FILE

~/ .aws/credentials

[default]
aws_access_key_id=xxx
aws_secret_access_key=yyy

databases.csv

ip_Address,sql_user,sql_password,Host_Display_name,DB_Name

Script to enable fast-diff on an entire pool of images and rebuild the object-map

This script enables the requisite features on all RBD images in a pool to allow you to run rbd du and have it return a result quickly as opposed to having to calculate the size very time

rbd ls -p backup1 | while read line; do
  echo "$line"
  rbd feature enable backup1/$line object-map exclusive-lock
  rbd object-map rebuild backup1/$line
  rbd snap ls backup1/$line | while read snap; do
        export snapname=$(echo $snap| awk '{print $2;}')
        if [ ! $snapname == "NAME" ]
        then
                echo "$line@$snapname"
                rbd object-map rebuild backup1/$line@$snapname
        fi
  done
done

Create Bluestore OSD backed by SSD

Dont take my word for it on the WAL sizing – Check http://docs.ceph.com/docs/mimic/rados/configuration/bluestore-config-ref/

This script will create a spare 20G Logical volume to use as the WAL for a second spinner later if you need it

export SSD=sdc
export SPINNER=sda

vgcreate ceph-ssd-0 /dev/$SSD
vgcreate ceph-hdd-0 /dev/$SPINNER

lvcreate --size 20G -n block-0 ceph-hdd-0
lvcreate -l 100%FREE -n block-1 ceph-hdd-0

lvcreate --size 20G -n ssd-0 ceph-ssd-0
lvcreate --size 20G -n ssd-1 ceph-ssd-0
lvcreate -l 100%FREE -n ssd-2 ceph-ssd-0

ceph-volume lvm create --bluestore --data ceph-hdd-0/block-1 --block.db ceph-ssd-0/ssd-0
ceph-volume lvm create --bluestore --data ceph-ssd-0/ssd-2

KVM\Qemu\Openstack – Manage a live migration

virsh qemu-monitor-command {VMNAME} --pretty '{"execute":"migrate_cancel"}'

Allow Virsh more downtime(If it cant keepup with RAM utilization)

virsh migrate-setmaxdowntime VMNAME 2500

 

Check migration status

virsh domjobinfo instance-000002ac
Job type: Unbounded
Operation: Outgoing migration
Time elapsed: 1307956 ms
Data processed: 118.662 GiB
Data remaining: 9.203 MiB
Data total: 8.005 GiB
Memory processed: 118.662 GiB
Memory remaining: 9.203 MiB
Memory total: 8.005 GiB
Memory bandwidth: 41.294 MiB/s
Dirty rate: 35040 pages/s
Page size: 4096 bytes
Iteration: 197
Constant pages: 1751031
Normal pages: 31041965
Normal data: 118.416 GiB
Expected downtime: 3314 ms
Setup time: 70 ms

 

https://www.redhat.com/archives/libvirt-users/2014-January/msg00007.html
https://specs.openstack.org/openstack/nova-specs/specs/mitaka/implemented/abort-live-migration.html

 

https://www.server24.eu/private-cloud/complete-live-migration-vms-high-load/