Author:
erics, September 14th, 2023
Summary In this blog we explore how to use certificates from Let’s Encrypt to secure self-hosted Bamboo and Crucible. Process To Follow Install Certbot Ensure that external DNS resolves to the correct IP addressping example.yourdomain.com Ensure that Port 80 is open from the outside to that IP address so that Let’s Encrypt can validate the […]
Categories: How-To's, Technology Tags: Bamboo, Crucible, howto, https, keytool, openssl, security, ssl, tips
| 
No comments
Author:
erics, September 13th, 2023
Add inbound rule(s) for a security group ID:
|
|
shell> aws ec2 authorize-security-group-ingress --group-id sg-NNNNNNNN --protocol tcp --port 80 --cidr '0.0.0.0/0' |
## Delete inbound rule(s) for a security group ID
|
|
shell> aws ec2 revoke-security-group-ingress --group-id sg-NNNNNNNN --protocol tcp --port 80 --cidr '0.0.0.0/0' |
## List security groups by security group ID
|
|
shell> aws ec2 describe-security-groups --output json | jq -r '.SecurityGroups[]|.GroupId+" "+.GroupName' |
## List inbound rules for a specific security group ID
|
|
shell> aws ec2 describe-security-groups --group-ids sg-NNNNNNNN --output json | jq -r '.SecurityGroups[].IpPermissions[]|. as $parent|(.IpRanges[].CidrIp+" "+($parent.ToPort|tostring))' |
Thanks to: https://www.bluematador.com/learn/aws-cli-cheatsheet
Categories: How-To's, Technology Tags: Add, AWS, aws cli, cli, Delete, Group, howto, Remove, security, Security Group, tips
| No comments
Author:
erics, September 7th, 2023
SUMMARY If sysbench is started with the “–mysql-ssl=on” option, it looks in the current directory for the following files:
|
|
client-cert.pem client-key.pem cacert.pem (note no dash) |
PROCEDURE Locate the current MySQL database certificates, usually in /var/lib/mysql, and make sure that the OS user running sysbench is able to read the following 3 files:
|
|
ca.pem client-cert.pem client-key.pem |
Next, cd to the OS user’s home […]
Categories: How-To's, Technology Tags: How To, howto, mysql, ssl, SysBench, tips
| No comments
Author:
erics, August 31st, 2023
START: Server version: 5.7.43-log MySQL Community Server (GPL) FINISH: Server version: 8.0.34-log MySQL Community Server (GPL)
|
|
mysql --execute="SET GLOBAL innodb_fast_shutdown=0;" service mysqld stop yum remove mysql mysql-* mysql57-community-release yum install https://dev.mysql.com/get/mysql80-community-release-el6-3.noarch.rpm yum update yum install mysql-community-server cp /etc/my.cnf.rpmsave /etc/my.cnf service mysqld start grep 'temporary password' /var/log/mysqld.log | tail -1 mysql -p Enter password: ALTER USER 'root'@'localhost' IDENTIFIED BY 'newRootPassword'; |
https://dev.mysql.com/doc/refman/8.0/en/default-privileges.html Check and veify your my.cnf ssl entries if you see the following error in the /var/log/mysqld.log file at startup:
|
|
Failed to set up SSL because of the following SSL library error: SSL_CTX_set_default_verify_paths failed |
Categories: How-To's, Technology Tags: 5.7, 8.0, AWS, AWS Linux, CentOS, howto, mysql, MySQL 5.7, MySQL 8.0, tips, upgrade
| No comments
Author:
erics, July 21st, 2023
I wanted to save the iptables list to disk, but got an error when I tried: # service iptables save The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl. The solution was to install the iptables-services package: # yum install iptables-services […]
Categories: How-To's, Technology Tags: howto, IPTables, Save, service, service iptables save, tips
| No comments
Author:
erics, June 23rd, 2023
When trying to mount can XFS filestsen on an AWS instance, I got the error “mount: wrong fs type, bad option, bad superblock on /dev/sdh” Examine the volume’s UUID with the xfs_db command: shell> sudo xfs_db -c uuid /dev/nvme2n1 To fix the problem, you have two options… Temporary Solution Add nouuid mount option to temporarily […]
Categories: How-To's, Technology Tags: Bad Superblock, Error, Filesystem, howto, ifs_admin, ifs_db, mount, Mounting, tips, volume, Wrong Fs Type, XFS
| No comments
Author:
erics, June 23rd, 2023
When trying to access the serial console on AWS, I got the following error: Cannot open access to console, the root account is locked Since I had edited /etc/fstab, the host would not boot. The only way to fix this problem is to unmount the root volume from the affected instance, mount it on another […]
Categories: How-To's, Technology Tags: /etc/fstab, AWS, Console, Error, fstab, howto, Locked, root, tips
| No comments
Author:
erics, May 23rd, 2023
In the macOS Terminal, my mouse scroll wheel would magically start scrolling the command line history instead of the window buffer scroll bar on the right to show window history. This happened when an SSH session was disconnected or timed out. The fix is to run the reset command.
Categories: How-To's, Technology Tags: apple, bash, cli, Command line, Disconnect, History, howto, MacOS, Mouse, Scroll, Shell, ssh, Terminal, Timeout, tips
| No comments
Author:
erics, May 19th, 2023
I was unable to login from my old iMac running Yosemite to my new iMac running Ventura using RSA keys. It turns out that RSA key support was disabled in Ventura. To correct the problem, I added the following two lines to the bottom of /etc/ssh/sshd_config:
|
|
HostkeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa |
Categories: How-To's, Technology Tags: denied, HostKeyAlgorithms, howto, key, login, MacOS, OSX, Permission, Pubkey, PubkeyAcceptedAlgorithms, PublicKey, RSA, ssh, sshd, tips, Ventura, Yosemite
| No comments
Author:
erics, May 9th, 2023
I have been using RSA SSH keys forever to login to my various AWS EC2 instances. With macOS Ventura 13.3.1 ssh failed with the “Permission Denied” error. Using ssh -vvv, I saw that the RSA key was now being rejected. After much research, I decided to implement new keys on the client (Ventura) side using […]
Categories: How-To's, Technology Tags: AWS, denied, ed25519, Error, Generate, howto, key, Linux, MacOS, Permission Denied, public, Public Key, ssh, ssh-keygen, sshd, tips, Ventura
| No comments
