May 2016 – SudoAll.com

Reviving dead Centos 4 repos

Posted on May 24, 2016 by admin

Edit
/etc/yum.repos.d/CentOS-Base.repo

Comment out the “mirrorlist” entries.
Uncomment the “baseurl” entries and change them to

http://vault.centos.org/4.9/os/$basearch

nJoy 😉

start docker with customer system name and hostname

Posted on May 24, 2016May 24, 2016 by admin

docker run --name david -h david-01 -it david/c6nodepm2yo /bin/bash
nJoy 😉

shows :
docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f4da454e156e david/c6nodepm2yo "/bin/bash" 12 seconds ago Exited (0) 3 seconds ago david d5ec5101ba52 david/centos6:node "/bin/bash" 27 hours ago Up 26 hours 0.0.0.0:8000->80/tcp jovial_borg

and when connected :

[root@david-01 /]#

starting a machine in Docker with ports

Posted on May 23, 2016 by admin

docker run -p 800:80 -p 2222:22 -p  4443:443  -it 68715929d32a  /bin/bash

If ports do not work check :

sysctl net.ipv4.ip_forward

if you get:

net.ipv4.ip_forward = 0

then issue :

sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1if you get the error :

&nbsp;
docker: Error response from daemon: driver failed programming external connectivity on endpoint amazing_williams (44e256a6039741b20e4124800702d9794d69fb6be9da71ba25059de4dd527121): COMMAND_FAILED: '/sbin/iptables -w2 -t nat -A DOCKER -p tcp -d 0/0 --dport 4443 -j DNAT --to-destination 172.17.0.2:443 ! -i docker0' failed: iptables: <strong>No chain/target/match by that name..</strong>

systemctl stop firewalld
systemctl mask firewalld

Created symlink from /etc/systemd/system/firewalld.service to /dev/null.

yum install iptables-services

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.euserv.net
* epel: fr.mirror.babylon.network
* extras: ftp.fau.de
* updates: centos.fastbull.org
Resolving Dependencies
--> Running transaction check
---> Package iptables-services.x86_64 0:1.4.21-16.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================================================================================================================
Installing:
iptables-services x86_64 1.4.21-16.el7 base 50 k

Transaction Summary
=============================================================================================================================================================================================================================================
Install 1 Package

Total download size: 50 k
Installed size: 24 k
Is this ok [y/d/N]: y
Downloading packages:
iptables-services-1.4.21-16.el7.x86_64.rpm | 50 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : iptables-services-1.4.21-16.el7.x86_64 1/1
Verifying : iptables-services-1.4.21-16.el7.x86_64 1/1

Installed:
iptables-services.x86_64 0:1.4.21-16.el7

Complete!

systemctl enable iptables

Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.

service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]

try :

docker run -p 800:80 -p 2222:22 -p 4443:443 -it 68715929d32a /bin/bash

Centos 7 Firewall open a port

Posted on May 19, 2016May 19, 2016 by admin

Use this command to find your active zone(s):

firewall-cmd --get-active-zones

It will say either public, dmz, or something else. You should only apply to the zones required.

In the case of dmz try:

firewall-cmd --zone=dmz --add-port=2888/tcp --permanent

Otherwise, substitute dmz for your zone, for example, if your zone is public:

firewall-cmd --zone=public --add-port=2888/tcp --permanent

Then remember to reload the firewall for changes to take effect.

firewall-cmd --reload

Docker log files

Posted on May 18, 2016 by admin

Ubuntu – /var/log/upstart/docker.log
Boot2Docker – /var/log/docker.log
Debian, GNU/Linux – /var/log/daemon.log
CentOS6 – /var/log/daemon.log | grep docker
Fedora – journalctl -u docker.service
OpenSuSE – journalctl -u docker.service

on Centos 7
journalctl -u docker.service

nJoy 😉

Docker Remote API on CentOS

Posted on May 14, 2016May 24, 2016 by admin

After installing Docker on CentOS we need to Docker remote API port on CentOS.

$ cat /etc/sysconfig/docker
other_args=""

Edit the file /etc/sysconfig/docker as below.

other_args="-H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock"

After that, restart docker and try to access the host from another host.

$ sudo /etc/init.d/docker restart
...
$ curl $hostname:4243/images/json
...

For a systemd based Distro like Centos7
Linux with systemd (Ubuntu 15.04, Debian 8,…)

Using systemd, we’ll need to enable a systemd socket to access the Docker remote API:

Create a new systemd config file called /etc/systemd/system/docker-tcp.socket to make docker available on a TCP socket on port 2375.

[Unit]
Description=Docker HTTP Socket for the API

[Socket]
ListenStream=2375
BindIPv6Only=both
Service=docker.service

[Install]
WantedBy=sockets.target
Register the new systemd http socket and restart docker
systemctl enable docker-tcp.socket
systemctl stop docker
systemctl start docker-tcp.socket

Open your browser and verify you can connect to http://localhost:2375/_ping

(more…)

Save SSL keys for AWS Cloudfront

Posted on May 13, 2016 by admin

Assuming you have AWS cli installed :

aws iam upload-server-certificate --server-certificate-name www.site.tld-cf --certificate-body file://public.key --private-key file://private.key --certificate-chain file://bundle.pem --path /cloudfront/

nJoy 😉

hex2bin in node.js

Posted on May 6, 2016 by admin

Basically it’s all over-engineered and does not work well.

responses are out of alignment and though text-wise they are the same bit wise everything is all over the place :

curl http://phpimpl.domain.com/testhex.php | xxd

00000000: de56 a735 4739 c01d f2dc e14b ba30 8af0 .Q.%G9.....;.0..

curl http://nodejs.domain.com/ | xxd

00000000: c39e 56c2 a725 4739 c380 c3ad c3b1 c39c ..Q..%G9........
 00000010: c3a1 37c2 6b30 c28f c3b0 ..;..0....

The proper way to implement this in node is :

function hex2bin(hex){
return new Buffer(hex,”hex”);
}

curl http://nodejs.domain.com/ | xxd

00000000: de56 a735 4739 c01d f2dc e14b ba30 8af0 .Q.%G9…..;.0..

nJoy 😉

How to test a crt or pem file

Posted on May 5, 2016 by admin

openssl verify -verbose -x509_strict -CAfile gd_bundle-g2-g1.crt 39aaf24e9f2b1f6f.crt

nJoy;-)

strace apache or process to detect bottlenecks

Posted on May 2, 2016 by admin

Sometimes you have a multi threaded / multi processed application and you need to see where are things hanging.

ps auxw | grep sbin/apache | awk '{print"-p " $2}' | xargs strace

nJoy 😉