Tikejhya: Ashish Nepal

Knowledgebase

Month: March 2016

hiera example

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

sample hiera.yml

To Include hiera puppet.conf should have this single line:
hiera_config = /etc/puppet/hiera.yaml

#hiera.yml
---
:backends:
- yaml
- json
:yaml:
:datadir: /etc/puppet/hieradata
:json:
:datadir: /etc/puppet/hieradata
:hierarchy:
- "%{::clientcert}"
- "node/%{::fqdn}"
- "%{::environment}"
- common
:logger: console

In our setup above, we will have /etc/puppet/hieradata as yaml or json format.

priority of hierarchy is top bottom, so we format folders accordingly, i.e, environment can be group specific, like production, DR or development etc, node/nodename and common for most generic.

#common.yaml

---
install_packages::packages:
- strace
- ngrep
- libaio
- mlocate
- rsync
- lrzsz
- wget
- telnet
- crontabs

uninstall_packages::packages:
- cups

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

rollout:
- authorized_keys
- zabbix
- install_packages
- rpm_packages
- uninstall_packages
- motd
- yum-repo-zabbix

zabbix::params::zabbix_agent_pidfile: /var/run/zabbix/zabbix_agentd.pid
zabbix::params::zabbix_agent_logfile: /var/log/zabbix/zabbix_agentd.log

authorized_keys::key1: ssh-rsa AAAAB3NzaC1yc2EAAAADAQxx....
authorized_keys::key2: ssh-rsa AAAAB3NzaC1yc2xxxxx.....

motd::content: something here

# Individual node can be something like:

nodename.com.yaml
---
rollout:
- zabbix
- authorized_keys
zabbix::params::zabbix_agent_hostname: something.net
zabbix::params::zabbix_server_ip: ipgoeshere
uninstall_packages::packages:
- mysql-libs
- jwhois

motd::content: |
BI Server
Key Software: Mysql

rpm_packages::packages:
- MySQL-client
- epel-release-6-8.noarch
- MySQL-server

rpm_packages::src:
- https://dev.mysql.com/get/Downloads/MySQL-5.6/MySQL-client-5.6.10-1.el6.x86_64.rpm
- https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
- https://dev.mysql.com/get/Downloads/MySQL-5.6/MySQL-server-5.6.10-1.el6.x86_64.rpm

pmap

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

for i in $(ps aux | awk '{ print $2 }' | grep -v "PID");do pmap -d $i >> /tmp/pmap-log; donefor i in $(ps aux | awk '{ print $2 }' | grep -v "PID");do pmap -d $i >> /tmp/pmap-log; done

mysql ssl replication certificate

How to generate certificates for mysql replication with ssl.

Lets assume, database server are: db1 [master], db2 [slave] / master of db3, db3[slave]

openssl genrsa 2048 > ca-key.pem
openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca.pem
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout db1-key.pem -out db1-req.pem
openssl rsa -in db1-key.pem -out db1-key.pem
openssl x509 -req -in db1-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out db1-cert.pem

openssl req -newkey rsa:2048 -days 3600 -nodes -keyout db2-key.pem -out db2-req.pem
openssl rsa -in db2-key.pem -out db2-key.pem
openssl x509 -req -in db2-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out db2-cert.pem

Test
openssl verify -CAfile ca.pem db1-cert.pem db2-cert.pem

openssl req -newkey rsa:2048 -days 3600 -nodes -keyout db3-key.pem -out db3-req.pem
openssl rsa -in db3-key.pem -out db3-key.pem
openssl x509 -req -in db3-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out db3-cert.pem

Test
openssl verify -CAfile ca.pem db1-cert.pem db2-cert.pem db3-cert.pem

Full setup process can be found:

MySql Replication with SSL

openvpn clientconnect

Clientconnect is serverwide config which helps sending email out or executing any script while connection is triggered.

client-connect /etc/openvpn/scripts/clientconnect.sh

#!/bin/bash
#Send an email when a client connects with today's time and date
NOW="$(date +"%H:%M:%S - %Y-%m-%d")"

mysql -hxxx.xxx.xxx.x -uxxxxx -pxxxxxxx -e "INSERT INTO vpn_connect.vpn_audit (user, IP, port, mtu, verification, date, triggerType, sessionStart, sessionDuration, bytesSent, bytesRecieved, sessionEnd) VALUES ('$common_name', '$trusted_ip', '$trusted_port', '$tun_mtu', '$password', '$NOW', 'clientConnect', '$NOW', 'NA', '0', '0', 'NA')"

/usr/sbin/sendmail ashishnepal@ashishnepal.com <

sftp using curl [download file from ftp using curl]

curl -u user:password ‘ftp://remotefile/myfile.csv’ -o ~/Downloads/myfile.csv

curl -o ~/Downloads/myfile.csv -u ‘username’:’password’ sftp://remotefile/myfile.csv

NOTE: using password in command-line are not good idea from security point of view.

Powered by WordPress & Theme by Anders Norén