Author:
erics , May 9th, 2023
I have been using RSA SSH keys forever to login to my various AWS EC2 instances. With macOS Ventura 13.3.1 ssh failed with the “Permission Denied” error. Using ssh -vvv, I saw that the RSA key was now being rejected. After much research, I decided to implement new keys on the client (Ventura) side using […]
How-To's , Technology Tags: AWS , denied , ed25519 , Error , Generate , howto , key , Linux , MacOS , Permission Denied , public , Public Key , ssh , ssh-keygen , sshd , tips , Ventura No comments
Author:
erics , April 17th, 2023
First, use the AWS Console to modify the volume to the desired size, in our example we want to go from 10GB to 25GB for the root filesystem For a Xen ext4 root volume
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# df -h
Filesystem Size Used Avail Use % Mounted on
/ dev / xvda1 9.8G 9.6G 26M 100 % /
/ dev / xvdf 200G 99G 102G 50 % / volumes / data
# lsblk
NAME MAJ : MIN RM SIZE RO TYPE MOUNTPOINT
xvda 202 : 0 0 10G 0 disk
└─xvda1 202 : 1 0 10G 0 part /
xvdf 202 : 80 0 200G 0 disk / volumes / data
# growpart /dev/xvda 1
CHANGED : disk = / dev / xvda partition = 1 : start = 4096 old : size = 20967390 , end = 20971486 new : size = 52424670 , end = 52428766
# lsblk
lsblk
NAME MAJ : MIN RM SIZE RO TYPE MOUNTPOINT
xvda 202 : 0 0 25G 0 disk
└─xvda1 202 : 1 0 25G 0 part /
xvdf 202 : 80 0 200G 0 disk / volumes / data
# resize2fs /dev/xvda1
resize2fs 1.43.5 ( 04 - Aug - 2017 )
Filesystem at / dev / xvda1 is mounted on / ; on - line resizing required
old_desc_blocks = 1 , new_desc_blocks = 2
The filesystem on / dev / xvda1 is now 6553083 ( 4k ) blocks long .
# df -hT
Filesystem Type Size Used Avail Use % Mounted on
/ dev / xvda1 ext4 25G 9.6G 15G 40 % /
/ dev / xvdf xfs 200G 99G 102G 50 % / volumes / data
For NVMe First, use lsblk to see the raw partitions:
# df -hT
Filesystem Type Size Used Avail Use % Mounted on
/ dev / nvme0n1p1 xfs 20G 2.8G 18G 14 % /
# lsblk
NAME MAJ : MIN RM SIZE RO TYPE MOUNTPOINT
nvme0n1 259 : 0 0 40G 0 disk
├─nvme0n1p1 259 : 1 0 20G 0 part /
└─nvme0n1p128 259 : 2 0 1M 0 part
Note how the partition at 259:1 is only 20GB, […]
How-To's , Technology Tags: Amazon , Amazon Linux 2 , AWS , df , df -hT , Disk , EBS , Expand , Filesystem , Grow , howto , Linux , Linux2 , lsblk , NVMe , partition , Resize , tips , volume , XFS No comments
Author:
erics , August 4th, 2021
I wanted to use the same SSH keys for multiple AWS regions. As it turns out, AWS simply stores the public key when you download the private key as a .pem file. The solution is to simply generate the public key locally from the existing .pem, then import the public key using the same name […]
How-To's , Technology Tags: Amaon , AWS , Copy Key Pair , howto , key-pair , KeyPair , Linux , ssh-keygen , tips No comments
Author:
erics , July 16th, 2021
PROBLEM: Email delivery to Google was failing with a “Service Unavailable” error:
relay = aspmx . l . google . com . [ IPv6 : 2607 : f8b0 : 400d : c0c :: 1a ] , dsn = 5.0.0 , stat = Service unavailable
Note that the network address for the destination is shown as IPv6! That is the root cause of the issue: 1. Sendmail is sending mail from the IPv6 address instead of the IPv4 address 2. Google rejects IPv6 senders without proper reverse […]
How-To's , Technology Tags: Amazon , Amazzon Linux , AWS , Delivery , DSN , Email , howto , IPv4 , IPv6 , Linux , make , Restart , SendMail , sendmail.cf , sendmail.mc , service , Service Unavailable , SPF , tips , Unavailable No comments
Author:
erics , June 10th, 2021
Search for a string:
apt - cache search { LOOKING_FOR }
List all packages:
How-To's , Technology Tags: aapt-cache , APT , apt-get , Available , Install , Linux , Package , search No comments
Author:
erics , June 10th, 2021
I wanted to change instance type from t2 to t3, but got an error when i went to start the instance:
An error occurred ( InvalidParameterCombination ) when calling the StartInstances operation :
Enhanced networking with the Elastic Network Adapter ( ENA ) is required for the 't3.large' instance type . Ensure that your instance 'i-04ae4c6f7bfa96e51' is enabled for ENA .
I found this AWS docs page: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking-ena.html Below are the steps I need to follow on AWS Linux 1. Summary Steps Pre-flight tests on t2 modinfo ena -> see “ERROR: modinfo: could not […]
How-To's , Technology Tags: AWS , AWS Linux , AWS Linux 1 , Family , howto , Instance , Instance Family , Instance Type , Linux , t2 , t3 , tips , Type No comments
Author:
erics , February 19th, 2021
First, use lsblk to see the raw partitions:
# df -hT
Filesystem Type Size Used Avail Use % Mounted on
/ dev / nvme0n1p1 xfs 20G 2.8G 18G 14 % /
# lsblk
NAME MAJ : MIN RM SIZE RO TYPE MOUNTPOINT
nvme0n1 259 : 0 0 40G 0 disk
├─nvme0n1p1 259 : 1 0 20G 0 part /
└─nvme0n1p128 259 : 2 0 1M 0 part
Note how the partition at 259:1 is only 20GB, while the entire disk at 259:0 is 40GB. A partition resize is required in this case.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# sudo growpart /dev/nvme0n1 1
CHANGED : partition = 1 start = 4096 old : size = 41938911 end = 41943007 new : size = 83881951 end = 83886047
# lsblk
NAME MAJ : MIN RM SIZE RO TYPE MOUNTPOINT
nvme0n1 259 : 0 0 40G 0 disk
├─nvme0n1p1 259 : 1 0 40G 0 part /
└─nvme0n1p128 259 : 2 0 1M 0 part
# df -hT
Filesystem Type Size Used Avail Use % Mounted on
/ dev / nvme0n1p1 xfs 20G 2.8G 18G 14 % /
# sudo xfs_growfs -d /
meta - data = / dev / nvme0n1p1 isize = 512 agcount = 11 , agsize = 524159 blks
= sectsz = 512 attr = 2 , projid32bit = 1
= crc = 1 finobt = 1 spinodes = 0
data = bsize = 4096 blocks = 5242363 , imaxpct = 25
= sunit = 0 swidth = 0 blks
naming = version 2 bsize = 4096 ascii - ci = 0 ftype = 1
log = internal bsize = 4096 blocks = 2560 , version = 2
= sectsz = 512 sunit = 0 blks , lazy - count = 1
realtime = none extsz = 4096 blocks = 0 , rtextents = 0
data blocks changed from 5242363 to 10485243
# df -hT
/ dev / nvme0n1p1 xfs 40G 2.8G 38G 7 % /
If the XFS tools are not already installed , you can install them as follows :
sudo yum install xfsprogs
For an EXT4 filesystem, use the resize2fs command instead:
sudo resize2fs / dev / nvme0n1p1
For more information, please visit the AMW Docs: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recognize-expanded-volume-linux.html
How-To's , Technology Tags: Amazon , Amazon Linux 2 , AWS , df , df -hT , Disk , EBS , Expand , Filesystem , Grow , howto , Linux , Linux2 , lsblk , NVMe , partition , Resize , tips , volume , XFS No comments
Author:
erics , December 3rd, 2020
Problem While running the aws cli command from a Perl async command inside apid, I go the following error:
IOError : [ Errno 10 ] No child processes
Solution The issue turned out to be a bug in Python2.7, so I upgraded to Python3.4, then uninstalled and re-installed the aws cli software so that it used the proper Python34 version. Procedure
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
sudo - i
cd
## Upgrade Python
yum install python34
alternatives -- config python
## "Uninstall" old aws cli
mv / opt / aws / opt / aws . fcs
cd / usr / bin /
mv aws aws . fcs
mv aws_completer aws_completer . fcs
## Install new aws cli
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" - o "awscliv2.zip"
unzip awscliv2 . zip
. / aws / install - i / opt / aws - b / usr / bin
/ usr / bin / aws -- version
https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html […]
How-To's , Technology Tags: alternatives , API , apid , AWS , aws cli , AWS Linux , Broken , cli , Cloudformation , Command , Curl , Error , Exec , Execute , howto , IOError , Linux , No child processes , perl , Python , Python27 , Python34 , tips , Yum No comments
Author:
erics , November 18th, 2020
yum install https : //dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpm
yum install mysql - community - server mysql - community - client mysql - community - common mysql - community - devel mysql - community - libs nagios - plugins - all nagios - plugins - mysql sysbench
grep 'temporary password' / var / log / mysqld . log
2020 - 11 - 18T15 : 17 : 13.884662Z 6 [ Note ] [ MY - 010454 ] [ Server ] A temporary password is generated for root @ localhost : ujtBqhNzE0 > 8
mysql_secure_installation - p 'ujtBqhNzE0>8'
systemctl enable -- now mysqld
mysql - uroot - p
mysql > ALTER USER 'root' @ 'localhost' IDENTIFIED BY 'secretStr0ngPassw0rd!' ;
How-To's , Technology Tags: AWS , AWS Linux , AWS Linux 2 , howto , Install , Linux , mysql , MySQL 8 , tips No comments
Author:
erics , May 6th, 2020
I ran letsencrypt-auto renew and got the following error:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
root @ prod06b : / etc / httpd / conf . d # /root/letsencrypt/letsencrypt-auto renew
Error : couldn 't get currently installed version for / opt / eff . org / certbot / venv / bin / letsencrypt :
Traceback ( most recent call last ) :
File "/opt/eff.org/certbot/venv/bin/letsencrypt" , line 7 , in < module >
from certbot . main import main
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py" , line 2 , in < module >
from certbot . _internal import main as internal_main
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/_internal/main.py" , line 10 , in < module >
import josepy as jose
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/__init__.py" , line 41 , in < module >
from josepy . interfaces import JSONDeSerializable
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py" , line 7 , in < module >
from josepy import errors , util
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py" , line 7 , in < module >
import OpenSSL
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/__init__.py" , line 8 , in < module >
from OpenSSL import crypto , SSL
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/crypto.py" , line 12 , in < module >
from cryptography import x509
ImportError : No module named cryptography
The solution in this article gave me the answer:
sudo rm - rf / opt / eff . org / *
sudo pip install - U certbot
sudo certbot renew -- debug
Turns out Python was old at version 2.7, so did the following also:
sudo yum - y install python36
sudo alternatives -- config python
sudo pip install -- upgrade pip
Also had to change the cron job script to call certbot directly instead of letsencrypt-auto : vi /root/letsencrypt-cron.sh
#!/bin/sh
#
# letsencrypt-cron.sh
#
#OLD: if ! /root/letsencrypt/letsencrypt-auto renew > /var/log/letsencrypt/renew.log 2>&1 ; then
#NEW:
if ! / usr / bin / certbot renew > / var / log / letsencrypt / renew . log 2 > & 1 ; then
echo Automated renewal failed :
cat / var / log / letsencrypt / renew . log
exit 1
fi
apachectl graceful
How-To's , Technology Tags: AWS , AWS Linux , cert , Certbot , howto , Install , Linux , pip , Python , Renew , ssl , tips , upgrade , Yum No comments
erics, May 9th, 2023 
Categories: How-To's, Technology AWS, denied, ed25519, Error, Generate, howto, key, Linux, MacOS, Permission Denied, public, Public Key, ssh, ssh-keygen, sshd, tips, Ventura
| 
No comments 