INT 21h

Hi, I am Vladimir Smagin, SysAdmin and

Kaptain. Telegram Email / GIT / Thingiverse / RSS / GPG

Virtualbox: mount physical disk

№ 11191 В разделе "Sysadmin" от January 4th, 2021,
В подшивках: Linux, Virtualbox

Add your user to disk group and relogin\reboot.

Next create volume file:

VBoxManage internalcommands createrawvmdk -filename 16Gflash.vmdk -rawdisk /dev/sdf

Add disk and mount to virtual machine

Нет комментариев »

Credentials and other secrets from Vault to your containers at startup

№ 11183 В разделах: Programming Sysadmin от January 2nd, 2021,
В подшивках: Docker, Go, Kubernetes, Security, Vault

What if you stored your database credentials in Vault and want to make ENV variables with them for your application at container startup? You can do it for Kubernetes deployments or plain Docker containers with my small program vault-envs.

Add to your Dockerfile additional steps:

install my vault-envs programs that “converts” secret to ENV variables
create\modify entrypoint script where or call vault-envs and other pre-startup actions

Add to your Dockerfile steps:

...
...
# add Ubuntu\Debian repo and install vault-envs with fresh certificates
RUN curl http://deb.blindage.org/gpg-key.asc | apt-key add - && \
    echo "deb http://deb.blindage.org bionic main" | tee /etc/apt/sources.list.d/21h.list && \
    apt update
RUN apt install -y ca-certificates vault-envs

# copy entrypoint script
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

ENTRYPOINT ["/entrypoint.sh"]

Your entrypoint script will look like:

#!/bin/bash

...
...

export eval `vault-envs -token "$VAULT_TOKEN" \
        -vault-url https://vault.blindage.org \
        -vault-path /prod/crm/connection_postgres -envs-prefix "PG_"`

export eval `vault-envs -token "$VAULT_TOKEN" \
        -vault-url https://vault.blindage.org \
        -vault-path /prod/crm/connection_mysql -envs-prefix "MYSQL_"`

export eval `vault-envs -token "$VAULT_TOKEN" \
        -vault-url https://vault.blindage.org \
        -vault-path /prod/crm/connection_api`

...
...

exec "$@"

If some vars names is identical they will be overwritten at next vault-envs call, so I used prefix.

Now build image and run

docker run --rm -e VAULT_TOKEN=s.QQmLlqnHnRAEO9eUeoggeK1n crm printenv

and see results at container console:

...
VAULT_RETRIEVER=vault-envs
PG_DB_PASS=postgres
PG_DB_PORT=5432
PG_DB_USER=postgres
PG_DB_HOST=db-postgres
PG_DB_NAME=crm
MYSQL_DB_HOST=mysql.wordpress
MYSQL_DB_PASS=
MYSQL_DB_PORT=3306
MYSQL_DB_USER=root
MYSQL_DB_NAME=wordpress
API_HOST=http://crm/api
API_TOKEN=giWroufpepfexHyentOnWebBydHojGhokEpAnyibnipNirryesaccasayls4
...

Wooh! You did it.

Нет комментариев »

GNUK

№ 11163 В разделах: Electronics Sysadmin от December 31st, 2020,
В подшивках: GPG, Linux, Security

Замутил себе GNUK в качестве хранилища ключей для дешифровки писем, бэкапов и прочего хлама, а также ssh авторизации на серверах. Стоит оно всего 140 руб, что гораздо дешевле аналогов за 50 баксов 🙂 На отлично работает под линуксами с GnuPG.

https://wiki.debian.org/GNUK
https://blog.danman.eu/2-usb-crypto-token-for-use-with-gpg-and-ssh/
https://nx3d.org/gnuk-st-link-v2/

Заказал тут https://aliexpress.ru/item/32792925130.html Для прошивки нужен второй такой или любой другой прошивальщик STM32.

Нет комментариев »

Downgrade Thunderbird 78 back to 68 in Ubuntu and Manjaro

№ 11138 В разделе "Sysadmin" от December 5th, 2020,
В подшивках: Linux, Thunderbird

Ubuntu

At first, return back old software source to your repositories:

echo "deb http://security.ubuntu.com/ubuntu focal-security main"| sudo tee /etc/apt/sources.list.d/thunderbird.list
sudo apt update

Now check available versions:

$ apt-cache policy thunderbird
thunderbird:
  Installed: 1:68.10.0+build1-0ubuntu0.20.04.1
  Candidate: 1:78.5.0+build3-0ubuntu0.20.10.1
  Version table:
     1:78.5.0+build3-0ubuntu0.20.10.1 500
        500 http://ru.archive.ubuntu.com/ubuntu groovy-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu groovy-security/main amd64 Packages
     1:78.3.2+build1-0ubuntu1 500
        500 http://ru.archive.ubuntu.com/ubuntu groovy/main amd64 Packages
 *** 1:68.10.0+build1-0ubuntu0.20.04.1 500
        500 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages
        100 /var/lib/dpkg/status

You see last “1:68.10.0+build1-0ubuntu0.20.04.1”, install it and keep forever.

sudo apt-get install thunderbird=1:68.10.0+build1-0ubuntu0.20.04.1
sudo apt-mark hold thunderbird

Manjaro

Manjaro is a rolling update distro, but you can still install old software versions with some additional tricks.

sudo pacman -S downgrade 
sudo DOWNGRADE_FROM_ALA=1 downgrade thunderbird

You see last version you want 68 under number 33. Type it and Enter.

How DOWNGRADE PROFILE from 78 to 68 after accidentally run of 78

In console check version and allow downgrade:

thunderbird --version
 Thunderbird 68.10.0

thunderbird --allow-downgrade

After this you can continue use your old profile.

Finally, fuck you Mozilla.

Нет комментариев »

Add cache control and CORS to nginx ingress in Kubernetes

№ 11131 В разделе "Sysadmin" от November 3rd, 2020,
В подшивках: Kubernetes, Nginx

annotations:
    nginx.ingress.kubernetes.io/configuration-snippet: |
      if ($request_uri ~* \.(js|css|gif|jpe?g|png|woff|woff2|ico)) {
        expires 1M;
        add_header Cache-Control "public";
      }
    nginx.ingress.kubernetes.io/cors-allow-headers: >-
      DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-Token,
      Authorization
    nginx.ingress.kubernetes.io/cors-allow-methods: 'GET, PUT, POST, DELETE, PATCH, OPTIONS'
    nginx.ingress.kubernetes.io/cors-allow-origin: '*'
    nginx.ingress.kubernetes.io/enable-cors: 'true'