Monday, September 17, 2018

AWS EC2 Instance (advance section script) with webserver and availability zone info

The use of this script requires basic knowledge of AWS and shell scripting. This is the script I normally use when I want to test something in my personal account and let the instance be powered off after 2 hours.

This script will bring up EC2 instance with following :

* updated packages,
* HTTPD service installed and started,
* Also run a job at startup to Poweroff instance after 2 hours (refer 7200)

(Note: Poweroff is kept only for those who need instance only for practicing and/or limited time and to save costs. In case of production use, comment out poweroff statement)

#!/bin/bash
yum update -y
yum install httpd24 -y
service httpd start
chkconfig httpd on
echo "Hello, this is a test instance from `curl http://169.254.169.254/latest/meta-data/placement/availability-zone`" > /var/www/html/index.html

echo "# This will bring up instance only for below mentioned seconds" >> /etc/rc.local
echo "(sleep 7200; poweroff) &" >> /etc/rc.local

Wednesday, April 5, 2017

Kickstart troubleshooting

This is to see if a server which need to be kickstarted is able to get initial files from TFTP server (which runs on port 69).
[root@kickstarter pxelinux.cfg]# tcpdump -i eth0 port 69
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:30:19.077306 IP srv-9000.ah-esp-encap > kickstarter.domain.com.tftp:  41 RRQ "linux-install/pxelinux.0" octet tsize 0
11:30:19.106252 IP srv-9000.acp-port > kickstarter.domain.com.tftp:  46 RRQ "linux-install/pxelinux.0" octet blksize 1456
11:30:19.183548 IP srv-9000.40769 > kickstarter.domain.com.tftp:  77 RRQ "linux-install/pxelinux.cfg/01-c4-34-6b-b9-16-70" octet tsize 0 blksize 1440
11:30:19.213799 IP srv-9000.40770 > kickstarter.domain.com.tftp:  65 RRQ "linux-install/pxelinux.cfg/0A4461FA" octet tsize 0 blksize 1440
11:30:19.242361 IP srv-9000.40771 > kickstarter.domain.com.tftp:  63 RRQ "linux-install/rhel-as-7u1/vmlinuz" octet tsize 0 blksize 1440
11:30:35.973742 IP srv-9000.40772 > kickstarter.domain.com.tftp:  66 RRQ "linux-install/rhel-as-7u1/initrd.img" octet tsize 0 blksize 1440
^C
6 packets captured
38 packets received by filter
1 packets dropped by kernel

Monday, February 27, 2017

Annoying GUI Pop-up in VNC and how to disable it?

# ls -l /etc/xdg/autostart/gpk-update-icon.desktop
-rw-r--r-- 1 root root 7115 Feb 16 16:04 /etc/xdg/autostart/gpk-update-icon.desktop
Append below line in above mentioned file:
X-GNOME-Autostart-enabled=false

Once done, restart server and the pop-up shown above should be gone.

Monday, June 22, 2015

How to extend X11 forwarding after SUDO?

Most of the time "ssh -X username@servername" works for X11 (display) forwarding via SSH protocol. However, when we need to sudo to any application user, X11 does not work from that point on. Here is a quick fix to that problem.
[/user/johnc] $ ssh -X server1
johnc@server1's password:
Warning: No xauth data; using fake authentication data for X11 forwarding.
Last login: Sat Jun 20 04:58:57 2015 from 10.68.76.230
[johnc@server1 ~]$
[johnc@server1 ~]$ xterm
[johnc@server1 ~]$ xauth list
server1/unix:10  MIT-MAGIC-COOKIE-1  [some output.....]


[johnc@server1 ~]$ sudo -u appuser -H -s
bash-4.1$ xauth add server1/unix:10  MIT-MAGIC-COOKIE-1   [some output.....] 
xauth:  creating new authority file /user/appuser/.Xauthority

bash-4.1$ id
uid=1002(appuser) gid=310(dba) groups=310(dba)

bash-4.1$ xterm
Now XTERM will open with out any problem!

Monday, April 20, 2015

How to check SSL Certificate information from a Linux server?

-bash-3.2# echo | openssl s_client -connect starcat:443 2>/dev/null | openssl x509 -noout -issuer -subject -dates 
issuer= /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
subject= /C=US/ST=California/L=Santa Clara/O=ABC Company, Inc./CN=*.abc.com
notBefore=Dec  9 00:00:00 2013 GMT
notAfter=Feb 23 12:00:00 2017 GMT


-bash-3.2# echo | openssl s_client -connect unix:443 2>/dev/null | openssl x509 -noout -issuer -subject -dates 
issuer= /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
subject= /C=US/ST=California/L=Santa Clara/O=ABC Company, Inc./CN=*.abc.com
notBefore=Dec  9 00:00:00 2013 GMT
notAfter=Feb 23 12:00:00 2017 GMT