CT's Tech Notes

This note provides steps to resize the KVM based VM images. In this situation, VM disk is raw format and filesystem is ext4. Expand disk size In order to expand disk size, VM must be shutdown Increase raw disk size qemu-img resize vm-1.img +10G Resize partition virt-rescue -a vm-1.img At rescue environment ><rescue> fdisk /dev/sdx Use normal fdisk command to delete partition and re-create the partition with bigger size. For this case, I would like to expand /dev/sda3 to have additional 10G ><rescue> fdisk /dev/sda d (select 3 to delete parition sda3) n (create new partition) select as primary select default start and end w (save the changes and exit from fdisk menu) ><rescue> e2fsck -f /dev/sda3 ><rescue> resize2fs /dev/sda3 ><rescue> sync ><rescue> exit I selected default start and end of disk because I want to use the rest of disk spac...

This note focuses on VM image and network manipulation at OpenStack environment Glance is the image service in OpenStack envrionment Create CentOS7 image glance image-create --name centos7-64 --file CentOS-7-x86_64-GenericCloud-1706.qcow2 --disk-format qcow2 --container-format bare --progres Default image directory /var/lib/glance/images/ You may want to convert raw disk to qcow2 qemu-img convert -f raw -O qcow2 vm-1.img vm-1.qcow2 Edit config parameter for Glance /etc/glance/glance-api.conf Restart Glance service to take effect of changes systemctl restart openstack-glance-api Neutron is network service at OpenStack environment Create network neutron net-create Custom-network --provider:network_type flat --provider:physical_network externalnet --router:external=True --shared neutron subnet-create --name external_subnet --enable_dhcp=False --allocation_pool start=192.168.1.10,end=192.168.1.250 --gateway=192.168.1.1 --dns 8.8.8.8 External-network 192.168.1.0/...

This note provides steps how to install KVM and manage Guest OS with virsh. Install KVM yum -y install qemu-kvm libvirt virt-install bridge-utils bind-utils virt-manager wget net-tools virt-viewer genisoimage epel-release Install Guest OS from installer iso image virt-install --name VM-1 --ram 4096 --disk path=/testvm/VM-1.qcow2,size=40 --vcpus 2 --os-type linux --os-variant rhel6 --network bridge=br0 --graphics none --console pty,target_type=serial --cdrom /iso/CentOS-6.8-x86_64-bin-DVD1.iso --force Default directory for intalled VM /var/lib/libvirt/images/ Dump VM config into xml virsh dumpxml VM-1 > VM-1.xml Useful operation commands Create and start VM virsh define VM-1.xml virsh start VM-1 Shutdown VM virsh shutdown VM-1 Poweroff VM virsh destroy VM-1 Remove from VM list virsh undefine VM-1 Resize VM disk size qemu-img resize VM-1.img +60GB

This note provides how to setup self-signed certificate authority with OpenSSL. Generate CA Certificate openssl genrsa -des3 -out cloudtalents-ca.key 2048 openssl req -new -x509 -days 3650 -key cloudtalents-ca.key -out cloudtalents-ca.crt Sign Server Certificate with CA certificate that generated earlier Server key openssl genrsa -out cloudtalents-server.key 2048 Certificate request openssl req -new -out cloudtalents-server.csr -key cloudtalents-server.key Sign openssl x509 -req -in cloudtalents-server.csr -days 1825 -sha1 -CAcreateserial -CA cloudtalents-ca.crt -CAkey cloudtalents-ca.key -out cloudtalents-server.crt

This note provides how to setup private GIT repository server. Server setup Install git yum install git Create user useradd gitacc passwd gitacc Create ssh directory mkdir .ssh && chmod 700 .ssh touch .ssh/authorized_keys && chmod 600 .ssh/authorized_keys Create key to authenticate ssh-keygen -C "youremail@mailprovider.com" Create entries of public keys for allow users cat .ssh/id_rsa.pub | ssh user@123.45.56.78 "cat >> ~/.ssh/authorized_keys" Create project repository at server cd /home/gitacc mkdir "project" cd "project" git init --bare Client configuration Change to working directory cd "project" git init git add . git commit -m 'initial commit' git remote set-url origin gitacc@128.199.136.183:mt/mt-project.git git init git remote add origin gitacc@128.199.136.183:mt/mt-project.git Commit new file git add test.txt git commit -m 'created test.txt' git push origin...

This note provides how to setup pdns recursor for resloving DNS service. Install pdns recursor rpm -ivh pdns-recursor-3.7.3-1.el6.x86_64.rpm Create allow network db file cat > /etc/pdns-recursor/allow-network-db <<EOF #Default Allowed network 127.0.0.0/8 #Additional Allowed networks EOF Backup config file cp -a /etc/pdns-recursor/recursor.conf /etc/pdns-recursor/recursor.conf.orig Configure config file with allow network db list cat > /etc/pdns-recursor/recursor.conf <<EOF setuid=pdns-recursor setgid=pdns-recursor ################################# # allow-from-file If set, load allowed netmasks from this file # # allow-from-file allow-from-file=/etc/pdns-recursor/allow-network-db ################################# # any-to-tcp Answer ANY queries with tc=1, shunting to TCP # any-to-tcp means queries from clients that ask for ANY will get redirected to TCP. It has no influence on the outgoing transport of the Recursor # Default: no any-to-tcp=y...

Introduction This guide introduce how to install Tomcat container with apache web server. We will install following packages for this tutorial. Java Runtime Environment (CentOS build in repository - OpenJDK) Apache Web Server (CentOS build in repository) Compile and load mod_jk ( http://www.apache.org/dist/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.37-src.tar.gz ) Tomcat ( http://tomcat.apache.org/index.html ) Install Java Minimal CentOS installation will not install openjdk package. Verify the package installation rpm -qa |grep java Install Java yum install java-1.7.0-openjdk.x86_64 Verify with java command [root@demo-01 ~]# java -version java version "1.7.0_51" OpenJDK Runtime Environment (rhel-2.4.4.1.el6_5-x86_64 u51-b02) OpenJDK 64-Bit Server VM (build 24.45-b08, mixed mode) Install Apache Web Server We will install Apache web server as frontend and will proxy to tomcat container. Install Apache web server yum install httpd M...

This note provides how to setup squid proxy service. Install squid proxy yum -y install squid Allow access sed -i -e '/http_access allow/a #Allow access for localnet\nhttp_access allow localnet' /etc/squid/squid.conf Change port to 8080 sed -i -e '/http_port/ s/3128/8080/g' /etc/squid/squid.conf Other tuning parameters cat >> /etc/squid/squid.conf <<EOF request_header_access Referer deny all request_header_access X-Forwarded-For deny all request_header_access Via deny all request_header_access Cache-Control deny all visible_hostname webproxy.infotheater.net forwarded_for on EOF Open firewall sed -i -e '/#Add custom rules below/a #Squid proxy\n-A INPUT -m state --state NEW -p tcp --dport 8080 -j ALLOWED_IPS' /etc/sysconfig/iptables service iptables reload Make sure service start upon system startup chkconfig squid on service squid start Install squid report-lightsquid service yum -y install lightsquid lightsquid-apache Open...

This article provides steps to install complete mail server environment. Install CentOS6 with minimal installation Disable selinux sed -i -e 's/enforcing/disabled/' /etc/sysconfig/selinux Import GPG keys rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY* Enable RPMforge rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm rpm -ivh rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm Enable EPEL rpm --import https://fedoraproject.org/static/0608B895.txt wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm -ivh epel-release-6-8.noarch.rpm Install yum-porities (Important to overcome package conflict) yum install yum-priorities Set EPEL to priority 10 [epel] name=Extra Packages for Enterprise Linux 6 - $basearch #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=e...