INT 21h

Hi, I am Vladimir Smagin, sysadmin. Telegram Email GPG

NTFS and Linux: The disk contains an unclean file system

№ 9450 В разделе "Администрирование" от October 6th, 2018,

Rebooted from Windows to Linux normally, but…

vlad@turtle:~$ sudo mount /media/Sklad 
The disk contains an unclean file system (0, 0).
Metadata kept in Windows cache, refused to mount.
Falling back to read-only mount because the NTFS partition is in an
unsafe state. Please resume and shutdown Windows fully (no hibernation
or fast restarting.)

  1. sudo umount /dev/sdc1
  2. sudo ntfsfix /dev/sdc1
  3. sudo mount /dev/sdc1

That’s all folks! Never run Windows again.

Нет комментариев »

Ansible: switch SSHd to use public key auth only, block password auth

№ 9447 В разделе "Администрирование" от September 28th, 2018,

This task regexps sshd_config for specific option and sets value to yes. If option not found it will be added to the end of file.

Options you want to change:

    sshd_options:
      PubkeyAuthentication: "yes"
      PasswordAuthentication: "no" 

Now remove from config all options you want to change:

- name: Remove all marked options from config
  become: yes
  lineinfile:
    path: "{{ sshd_config_path }}"
    state: absent
    regexp: '{{ item.key }}'
  with_dict: "{{ sshd_options }}"
  when: sshd_options != None and sshd_options is defined

Nice, now add your options to sshd config:

- name: Add marked options to config
  become: yes
  lineinfile:
    path: "{{ sshd_config_path }}"
    state: present
    line: '{{ item.key }} {{ item.value }}'
  with_dict: "{{ sshd_options }}"
  when: sshd_options != None and sshd_options is defined

If you want replace string option:

- name: Set PubkeyAuthentication = yes
  become: yes
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^PubkeyAuthentication no'
    line: 'PubkeyAuthentication yes'

Full sample here https://git.blindage.org/21h/ansible-library/src/branch/pubkey_sshd

Нет комментариев »

Ansible: trick to install python2 on python3-only hosts

№ 9442 В разделе "Администрирование" от September 28th, 2018,

Most of Ansible plugins requires Python 2 installed but modern Linux OS doesn’t have it. I created separated from other playbook task to install python 2 but temporarily changed interpreter with ansible_python_interpreter: /usr/bin/python3. After this you can start other tasks as usual.

Playbook project.yml:

- name: Checkout python2
  hosts: project
  vars:
    ansible_python_interpreter: /usr/bin/python3
  roles:
    - python2

- name: Configure platform
  hosts: project
  roles:
    - system

Sample code https://git.blindage.org/21h/ansible-library/src/branch/python3_trick

Нет комментариев »

OpenVPN dynamic local domain names with dnsmasq

№ 9436 В разделе "Администрирование" от September 25th, 2018,

There two ways:

  • Generate full config once a time
  • Generate many configs separately for all clients

Way #1

pip install openvpn_status

from openvpn_status import parse_status

hostDomain = "vpn"

with open('/etc/openvpn/openvpn-status.log') as logfile:
    status = parse_status(logfile.read())

for client in status.routing_table:
    domain = status.routing_table[client].common_name + "." + hostDomain
    address = status.routing_table[client].virtual_address
    print("address=/{}/{}".format(domain, address))

Way #2

Add to /etc/openvpn/server.conf these lines:

script-security 3 system
client-connect /opt/ovpn-dns/ovpn-dns-connect.sh
client-disconnect /opt/ovpn-dns/ovpn-dns-disconnect.sh

Script /opt/ovpn-dns/ovpn-dns-connect.sh:

#!/bin/bash
echo "address=/$common_name.vpn/$ifconfig_pool_remote_ip" > /etc/dnsmasq.d/$common_name.conf
/bin/systemctl restart dnsmasq

Script /opt/ovpn-dns/ovpn-dns-disconnect.sh:

#!/bin/bash
rm -f /etc/dnsmasq.d/$common_name.conf
/bin/systemctl restart dnsmasq

Нет комментариев »

Terraform for Hetzner Cloud: 2 balancers, 2 floating IPs, 4 nodes and SSH key

№ 9426 В разделе "Администрирование" от September 19th, 2018,

How to run:

  • In Hetzner control panel create token in Access tab
  • Download my repo and install terraform (suddenly it required to execute terraform files)
  • Configure tf files as you need, put your token into project.tf file
  • Run terraform init and terraform apply after it

DO NOT FORGET TO MAKE YOUR OWN SSH MASTER KEY! DO NOT USE GENERATED FOR THIS EXAMPLE!

You can download it here https://git.blindage.org/21h/terraform-samples

Нет комментариев »


© Vladimir Smagin, 2005-2018. Копирование материалов без разрешения запрещено. GPG 0x29AE91B1A37721C3
Яндекс.Метрика