AWS : EC2 | EBS | Default VPC | IAM | Security Group

Hello everyone,

This post is to share quick updates of changes which Amazon Web Services (AWS) has recently improved/implemented.

Amazon Web Services Logo

1. AWS Default VPC : Now you no need to rely or contact AWS support in case you removed default VPC accidentally or intentionally. You can now create Default VPC using AWS console or using AWS CLI.

Follow this link to create default VPC : http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/default-vpc.html#create-default-vpc

2. Attach IAM Role to EC2 Instance : Previously You have to attach IAM Role to EC2 instance at time of creating EC2 Instance but now as per the recent official announcement from AWS, You can now attach IAM role to existing EC2 Instances as well. (I have tested this and it really works well)

Follow this link to read official announcement + HowTo : https://aws.amazon.com/blogs/security/easily-replace-or-attach-an-iam-role-to-an-existing-ec2-instance-by-using-the-ec2-console/

3. Security Groups : Previously, It was difficult to manage security groups as we had to maintain separate description and records whose ip we have allowed and why !! Now You can add description fot each and every rule you add in security groups which will help us in managing security group in much better way. This just brilliant, Thanks AWS

Official announcement from AWS : https://aws.amazon.com/about-aws/whats-new/2017/08/simplify-management-of-security-groups-with-security-group-rule-descriptions/

4. EC2 and EBS per second billing : Previously, On demand Instances charges were calculated on per hour basis, Now save money and Enjoy per second billing

Link to official announcement : https://aws.amazon.com/blogs/aws/new-per-second-billing-for-ec2-instances-and-ebs-volumes/

That’s it on recent and very important announcements from AWS.

Keep visiting blog for more updates on AWS, Docker, Jenkins, IaaC ( CloudFormation / Puppet / Chef / Ansible ) updates.

Puppet : Automate/Reset first time root password for MySQL 5.7.x

Hello,

This article will help you reset first time root password for MySQL 5.7.x with Puppet.

I was looking for some custom puppet code/module to automate first root password for MySQL 5.7.x, I didn’t get proper puppet code to get through so I have decided to try and run my own code with puppet.

Puppet with MySQL 5.7
Puppet Labs

Pre-requisites :-

1. MySQL 5.7.x version should be installed before running this manifest/module.

Following are the steps to create Puppet module to reset first time password for MySQL 5.7.x

1. Make Puppet Module directory mysql

mkdir /etc/puppetlabs/code/environments/production/modules/

2. Create manifests directory.

mkdir /etc/puppetlabs/code/environments/production/modules/mysqlserver/manifests

3. Now create init.pp and put following code to the file.

class mysql57pwreset(
 $mysql_password = 'MySQL@99#') #Set password of your choice within single quotes
{
 
service { "mysqld":
 enable => true,
 ensure => running,
 }

$mysqlpwstring = "MYPW=$(grep 'temporary password' /var/log/mysqld.log | awk '{print \$NF}' | tail -n1) && mysql -uroot -p\${MYPW} --connect-expired-password -e \"ALTER USER 'root'@'localhost' IDENTIFIED BY '$mysql_password' PASSWORD EXPIRE NEVER;\""

File { "/tmp/mysql-pw.sh":
 content => $mysqlpwstring,
 mode => "0700",
 owner => "root",
 group => "root",
}


exec { "set-mysql-pw":
 path => [ '/bin', '/usr/bin', '/usr/local/bin', '/usr/sbin' ],
 unless => "mysqladmin -uroot -p$mysql_password status",
 require => Service["mysqld"],
 command => "sh /tmp/mysql-pw.sh",
 logoutput => on_failure,
}

}

4. Include mysql57pwreset module to /etc/puppetlabs/code/environments/production/manifests/site.pp

5. That’s it. Now you can execute puppet agent -t on puppet agent node, It will reset MySQL 5.7.x password.

Like us on Facebook : https://www.facebook.com/AllLinuxUsersBlog

WiFi Issues on Laptop Suspend | Ubuntu 16.04 Upgrade

Hello,

Many of you have faced issue of wifi connection when you suspend your laptop and resume on Ubuntu 16.04 LTS, specifically after upgrade from Ubuntu 14.04 LTS to Ubuntu 16.04 LTS, I have found this from Ubuntu Forums, Thought to share with you so that It will be helpful for you guys.

Wifi
Wifi

16.04 runs on systemd. Try the following:

sudo systemctl restart network-manager.service

If this works, you can create a script to automate it.

Open a terminal and type the following:

sudo nano /etc/systemd/system/wifi-resume.service

Now paste the script in there with a right click. Exit with CTRL + X and press Y to save. Now to activate it:

sudo systemctl enable wifi-resume.service

Script:

#/etc/systemd/system/wifi-resume.service 
#sudo systemctl enable wifi-resume.service 
[Unit] Description=Restart networkmanager at resume 
After=suspend.target After=hibernate.target 
After=hybrid-sleep.target 

[Service] Type=oneshot 
ExecStart=/bin/systemctl restart network-manager.service 

[Install] 
WantedBy=suspend.target 
WantedBy=hibernate.target 
WantedBy=hybrid-sleep.target

Reference Taken from : http://askubuntu.com/questions/761180/wifi-doesnt-work-after-suspend-after-16-04-upgrade

VirtualBox 5.x with SecureBoot on Fedora 24 | Ubuntu 16.04

Hello,

Today I have tried to Install Virtualbox 5.0.x on my Newly Installed Fedora 24. I expected it to run smoothly as expected but It failed in kernel module compilation with following error

(modprobe vboxdrv failed. Please use 'dmesg' to find out why)

Then After I tried to reload module again with command sudo modprobe vboxdrv and failed again with following error

modprobe: ERROR: could not insert 'vboxdrv': Required key not available

Second try hinted me that there is nothing wrong in VirtualBox but something related to “key”, So I tried to search for a solution and landed to Official VirtualBox ticket which confirmed the same https://www.virtualbox.org/ticket/11577

VirtualBox 5.0

Now I have tried find the way to Sign the key and received many links and started following Red Hat link to sign Module, Never thought it would be this much easy, Only Few steps and You are done.

Method 1:

  1. You will need root access or root equivalent access to follow this.
  2. First you will have to generate keys for the module with following command
     [root@tejasbarot ~]# openssl req -new -x509 -newkey rsa:2048 -keyout tejasbarot.keyout -outform DER -out tejasbarot.der -nodes -days 36500 -subj "/CN=TejasBarot/"

    Notes: CN=<Common-Name>, You can write your own name too, Cool ? 
    MOK stands for Module Owned Key

  3.  Now Time to Import module in MOKManager of UEFI with Following Command:
     [root@tejasbarot ~]# mokutil --import tejasbarot.der

    Note: It will prompt you password, Make sure you remember password you enter here, You will need to enter the same password at time importing module on reboot.

  4. Now Reboot / Restsart your Fedora 24 Box.
  5. It will display MOK Screen, Press any key within TEN SECONDS  else It will boot without MOK Module.
  6.  Select “Enroll MOK”

    Entroll MOK
  7. Click on “View Key 0″ to View Key Information, Click on “Continue” to proceed.2
  8. In Next Screen, Click on “Next” to Enroll Keys.3
  9. In next screen, It will ask you for a password which you have entered at time of importing MOK (In step 3)
    4
  10. Now Click on OK to reboot.5
  11. Now time to sign VirtualBox Modules with key generated in Step 2. Execute Following commands
    [root@tejasbarot ~]# /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ./tejasbarot.keyout ./tejasbarot.der $(modinfo -n vboxdrv)
    [root@tejasbarot ~]# /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ./tejasbarot.keyout ./tejasbarot.der $(modinfo -n vboxnetflt)
    [root@tejasbarot ~]# /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ./tejasbarot.keyout ./tejasbarot.der $(modinfo -n vboxnetadp)
    [root@tejasbarot ~]# /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 ./tejasbarot.keyout ./tejasbarot.der $(modinfo -n vboxpci)

    NOTE:
    1. To make it work Properly, You will have to sign all modules of VirtualBox with generated
    keys.
    2. Everytime you run “/sbin/rcvboxdrv setup” after following step 3, Signed Modules will be removed and You will again  need to follow Step 11 and 12 , Only step 11 and 12 not from beginning. (This was not the case in Fedora 18 to 21)

  12. Restart vboxdrv service with following command
     [root@tejasbarot ~]# systemctl restart vboxdrv
     [root@tejasbarot ~]# systemctl status vboxdrv

    NOTE: If you find this line “Starting VirtualBox kernel modules [  OK  ]”, You are done, Start launching Virtual Machines.

REPEATING ONCE AGAIN, DO NOT EXECUTE “sudo /etc/init.d/vboxdrv setup” or “/sbin/rcvboxdrv setup” otherwise you will have to follow repeat Step No 11. and 12

Method 2:

DISABLE MOK Validation using following command

[root@tejasbarot ~]# mokutil --disable-validation

Method 3:

Switch to Legacy Mode from UEFI by Disabling SecureBoot from BIOS

References taken from : 
1. https://www.virtualbox.org/ticket/11577
2. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-signing-kernel-modules-for-secure-boot.html
3. https://sourceware.org/systemtap/wiki/SecureBoot
4. http://gorka.eguileor.com/vbox-vmware-in-secureboot-linux/

Like and Share All Linux User’s Blog Facebook Page: https://www.FaceBook.com/AllLinuxUsersBlog

Download Fedora 24 Final CD / DVD / ISO / 32-Bit / x86_64

Hello,

Fedora 24 released today and now available for download, You can download using following Links.

Fedora 24 Download

Download Fedora 24 Workstation 64-Bit Live Image (x86_64): https://download.fedoraproject.org/pub/fedora/linux/releases/24/Workstation/x86_64/iso/Fedora-Workstation-Live-x86_64-24-1.2.iso

Download Fedora 24 Workstation 32-Bit Live Image (i386): https://download.fedoraproject.org/pub/fedora/linux/releases/24/Workstation/i386/iso/Fedora-Workstation-Live-i386-24-1.2.iso

Download Fedora 24 Server 64-Bit Installation Image (x86_64): https://download.fedoraproject.org/pub/fedora/linux/releases/24/Server/x86_64/iso/Fedora-Server-dvd-x86_64-24-1.2.iso

Download Fedora 24 Cloud Images : https://getfedora.org/en/cloud/download/

For Docker containers and other flavors, Visit : https://getfedora.org/

DevOps Tools | AWS | Ansible | Chef | Puppet | Jenkins | GIT | SVN | OpenStack

Hello All,

I have written article and posts on Linux Fundamentals as well as Many articles on different different Linux Tools, Linux Services, Linux flavors. Time has now come to move to Advance tools, This is an era of Infrastructure automation, DevOps.

Logos

I will continue to write on Linux, Now Next Target is to write on DevOps tools like
Jenkins – Continuous Integration (CI) and Continuous Delivery (CD)
Ansible, Chef, Puppet – Infrastructure Automation
GIT, SVN – Source Code Management
Docker – Automates the deployment of applications inside software containers
OpenStack – Cloud Software
Amazon Web Services – Public Cloud

Subscribe yourself for Blog updates here: http://eepurl.com/basgDz

I would request you to keep visiting blog for this upcoming posts, Hope this will help you in future.

Note: All logos, trademarks and registered trademarks are the property of their respective owners.

 

Change Time Zone from Command line | CentOS | RHEL | Ubuntu | Fedora

Hello,

As you all know, It is very easy to change Time Zone using Graphical Interface but this article will help you change TimeZone Using command line.

Time Zone

I have tested these steps on CentOS / RHEL and Ubuntu, Please comment down below if doesn’t work for you.

Please follow these steps as root or with root equivalent sudo rights:

  • Check Time Zone using following command
    [root@tejas-barot-linux-ahmedabad ~]# date
  • First Remove symbolic link of current time zone
     [root@tejas-barot-linux-ahmedabad ~]# rm /etc/localtime
     
  • Let’s Change the Time Zone from Command line
    [root@tejas-barot-linux-ahmedabad ~]# ln -sf /usr/share/zoneinfo/Asia/Kolkata /etc/localtime
     

Note : You can find your time zone under /usr/share/zoneinfo/