SysAdmin | Luis Cacho

cURL to a specific target hostname

Fri, 23 Jun 2023 00:00:00 +0000

# Mockup command
curl -kv -H "Host: <target hostname>" <protocol>://<server ip address>:<port>

# Example command
curl -kv -H "Host: myapp.apps.example.com" https://152.10.10.1:443

Fix a borg lock issue

Fri, 23 Jun 2023 00:00:00 +0000

When you get the error:

# Example command

# ERROR output
borg info ssh://asdbqw55@a3rbqwrx.repo.borg.com/./repo
Enter passphrase for key ssh://asdbqw55@a3rbqwrx.repo.borg.com/./repo:
Failed to create/acquire the lock /Users/lcacho/.cache/borg/34961807af9e356640e09e9973ef4664598ee6706e4c2bccc4b2770c15e09d2b/lock.exclusive (timeout).

# Fix
borg break-lock ssh://asdbqw55@a3rbqwrx.repo.borg.com/./repo

References:

¹ Borg Break Lock

https://borgbackup.readthedocs.io/en/stable/usage/lock.html#borg-break-lock ↩︎

Python Alternatives in RHEL based OS

Thu, 22 Jun 2023 00:00:00 +0000

# To configure the unversioned `python` command to Python 3.11

alternatives --set python /usr/bin/python3.11

# To configure the unversioned `python` command to Python 2

alternatives --set python /usr/bin/python2

References:

¹Configure python on RHEL8

https://access.redhat.com/solutions/5380941 ↩︎

Change the field separator in awk

Thu, 19 Aug 2021 00:00:00 +0000

awk -F ":" '{print $1}'

# or if you want to do it programatically

awk 'BEGIN { FS=":" } { print $1 }'

# or you can also use a regular expression as a field separator.
# The following will print "bar" by using a regular expression to set the number "10" as a separator.

echo "foo 10 bar" | awk -F'[0-9][0-9]' '{print $2}'

MySQL Database Size

Fri, 06 Aug 2021 00:00:00 +0000

SELECT table_schema AS "Database",
ROUND(SUM(data_length + index_length) / 1024 / 1024, 2) AS "Size (MB)"
FROM information_schema.TABLES
GROUP BY table_schema;

AIX Tunning commands

Sun, 01 Aug 2021 00:00:00 +0000

no -a > no.txt
vmo -L > vmo.txt
ioo -L > ioo.txt

My journey to become CKA and CKAD

Thu, 26 Nov 2020 00:00:00 +0000

Hi, people that read me!

I usually don’t write about my achievements. Still, I’m proud of what I did, and in this post I want to share my journey to that back in July I passed two essential certifications for me, the CKA (Certified Kubernetes Administrator) and the CKAD (Certified Kubernetes Application Developer). Those certs are important to me because one of my professional goals is to apply all my knowledge as an SRE (Site Reliabilty Engineer), so I’m putting all my effort to get trained and gain experience as I believe that Kubernetes is and will continue to be widely used by the industry I want to be part of that.

I put a lot of hours/practice on my study lately, but my journey started probably 3 years ago, or even more time (don’t remember exacly). Still, I remember that I become interested when I was talking with my friends @yazpik and @tonyskapunk about the new stuff that is comming on tech, by that time they were running a Kubernetes Meetup at the Castle and I started to assist to each meetup.

Being honest, at the begginning, I barely understand all the concepts and projects that the speakers were talking about but once I started to get involved reading blog posts, practicing (Yeah I did the ‘Kubernetes the Hard way’ on minikube), also began to follow and test other exciting projects like Rancher. So after a while, I started to understand better what the speaker was trying to communicate. And that helps me a lot to understand not only the basics but some good projects that work in conjunction with Kubernetes.

With all the meetings that were held on Rackspace I get involved and I wanted to keep learning more so, I decided to assist to Kubecon North America 2018 that was held on Seattle, and I like to think that this set of conferences opened my mind for all the Kubernetes environment, and I feel that I need to keep learning even more about this awesome technology, that keeps me motivated to get my certifications too, in a nutshell I feel inspired about the conferences, the comunity, everything and I want to be part of it.

Talking about community, in that kubecon I met with some Latin-American friends that were interested in Kubernetes like @domix, @marKox,both from México, and @EdduMelendez from Peru, that from their trenches they are trying to grow the Kubernetes community on Spanish.

Mexicanos in Kubecon 2018

But returning to my certifications path, after a while I decided that I will have the certs by the end on this year, so back in March I get more serious studying and purchased the excellent course Certified Kubernetes Administrator (CKA) with Practice Tests a course by Mumshad Mannambeth that I highly recommend to reinforce the theory and also, becasue includes exercises similar to the exam that you can practice.

Once I feelt confident in me and my knowledge I get my coupon to present the CKA exam, and I passed!

My CKA Certification

I need tell you, it wasn’t easy, mostly because you need to be careful with the time/value of the questions and you need to weigh to reach the passing score, for this exam it was 74%.

Of course after I get the CKA certitification, I was super happy but on my train of thoughts, I keep thinking that I can use the CKA study as leverage to get the CKAD.

I already have the fundamentals of a CKA and just need some extra study to complement the CKAD curriculum, so I got commited (my wife too), and right away I got my CKAD exam coupon and I scheduled the test 2 weeks appart after I decided to get the cert (That’s 3 weeks appart after I took the CKA exam).

My approach works, I passed the CKAD certification!

My CKAD Certification

Now that I’m certified on Kubernetes I will look to be more involved in Cloud Native initiatives on my company, to apply the knowledge that I already have on current or new projects, and as always keep learning!

Backing Up a Ruckus Switch Config

Sat, 21 Nov 2020 00:00:00 +0000

I want to do some changes on my home network to improve the performance, so I will implement VLANs on my network. But before I do that I want to document how to perform a backup of my Ruckus ICX 7150 Switch.

In a past post I mentioned how to enable ssh and web cofiguration on the Ruckus switch, so my first attemtp was to download the configuration file from the web interface but unfortunately it is not possible to do it, there is not an option for that. What I did is go to the documentation and found the copy command but I need a TFTP server to be able to download the backup file.

Let’s start!

Install a TFTP server - This is easy will depend on your Operative System, for my is an ArchLinux laptop.
```
yay -Sy atftp
```
The configuration file for atftp is /etc/conf.d/atftpd

Next step, is login on your Ruckus switch and perform the copy command:

ssh <USER>@<SWITCH-IP>
copy running-config tftp <TFTP-SERVER-IP> myconfig.cfg

#In my case is:
ssh ruckus@192.168.50.5
copy running-config tftp 192.168.50.4 myconfig.cfg

Verify that the file is on your TFTP server, by default, the configured directory for atftp is /srv/atftp/ so you should go that location and verify that the generated file is created.
```
cd /srv/atftp
ls -la
```

That’s all, you can restore your switch configuration if needed.

Bye!

Gestion de History

Tue, 03 Dec 2019 00:00:00 +0000

Table of Contents

El archivo de logs histórico (history) tiene varias opciones que podemos cambiar para tener un mejor control del mismo. Aquí vamos a ver algunas opciones para el control y gestión del fichero del log histórico (history).

Mostrar la fecha y hora de cuando escribimos comandos

Para mostrar la fecha y hora en el formato que requieras puedes agregas las lineas siguientes:

export HISTTIMEFORMAT='- %F %T - '

Control del tamaño del archivo de logs histórico

Tenemos dos variables de entorno para ello, HISTSIZE y HISTFILESIZE, que indican el tamaño del fichero, por ejemplo:

HISTSIZE=1000
HISTFILESIZE=1000

Con esto hacemos que el tamaño máximo del fichero de logs histórico sea de 1000 comandos o líneas.

Si ponemos el tamaño de la variable HISTSIZE a cero hacemos que no se guarde nada en el archivo de logs histórico

export HISTSIZE=0

Control de duplicados en el histórico

En el log histórico se van guardando TODOS los comandos que se van introduciendo aunque repitamos 20 veces el mismo comando, se guardará 20 veces, lo cual es en ocasiones una perdida de espacio. Por lo que podemos usar la variable HISTCONTROL para hacer 2 cosas:

Eliminar los duplicados consecutivos con ignoredups.
Eliminar los duplicados sean o no consecutivos con erasedups.

HISTCONTROL=ignoredups
HISTCONTROL=erasedups

Path para guardar el archivo de logs histórico

Por defecto el histórico se guarda en ~/.bash_history pero podemos indicar donde guardarlo con la variable HISTFILE.

HISTFILE=~/.bitacora.

Un truco muy bueno cuando en un mismo servidor entran varios administradores que se pasan a root y poder controlar y guardar que hace cada uno es: Guardar un archivo de logs histórico por cada uno de ellos. Lo puedes hacer de la siguiente forma:

HISTSIZE=5000
HISTFILESIZE=5000
HISTFILE=/root/.bash_hist-$(who am i | awk '{print $1}';exit)

Con esto se guardará en el home de del usuario root un archivo de logs histórico por cada uno de los usuarios que se hayan pasado a root. El tamaño se puede ampliar o reducir a gusto. También podemos poner que ignore duplicados.

Todas estas variables debemos ponerlas en un archivo donde se activen al arranque que puede ser ~/.bashrc.

Espero les sea útilidad.

😄

Docker Login the Right Way

Wed, 15 May 2019 00:00:00 +0000

Table of Contents

Hi again!

It is been a while since I wrote something here, as always, there is no much time for a hobby.

I’ve been working for a while with docker, not a production level, but for some applications that I use at work. And since the Docker Hub Data breach I put more atention on the security of my data/credentials, so I investigate a little about and found this official repository https://github.com/docker/docker-credential-helpers/ from Docker where are the supported credential helpers.

Credential Store

Docker keeps our credentials saved on a JSON file located on ~/.docker/config.json, but unfortunatelly credentials are just encrypted on base64, here is an articule/video where there is an explanation for the why it is a bad idea to just use base64 encryption.

The following is a diagram on how a plain text storage works:

Plain Text Storage

Here is an example on how ~/.docker/config.json looks like when is using plain text credentials:

cat ~/.docker/config.json
{
 "auths": {
 "https://index.docker.io/v1/": {
 "auth": "azRjaDA6c3VwZXJzZWNyZXRwYXNzd29yZAo="
 },
 "quay.io": {
 "auth": "azRjaDA6c3VwZXJzZWNyZXRwYXNzd29yZAo="
 }
 },
 "HttpHeaders": {
 "User-Agent": "Docker-Client/18.09.6 (linux)"
 }
}

After a successful docker login command, Docker stores a base64 encoded string from the concatenation of the username, a colon, and the password and associates this string to the registry the user is logging into:

$ echo azRjaDA6c3VwZXJzZWNyZXRwYXNzd29yZAo= | base64 -d -
luiscachog:supersecretpassword

A docker logout command removes the entry from the JSON file for the given registry:

$ docker logout quay.io
Remove login credentials for quay.io

$ cat ~/.docker/config.json
{
 "auths": {
 "https://index.docker.io/v1/": {
 "auth": "azRjaDA6c3VwZXJzZWNyZXRwYXNzd29yZAo="
 }
 },
 "HttpHeaders": {
 "User-Agent": "Docker-Client/18.09.6 (linux)"
 }
}

Docker Credential Helpers

Since docker version 1.11 implements support from an external credential store for registry authentication. That means we can use a native keychain of the OS. Using an external store is more secure than storing on a “plain text” Docker configuration file.

Secure Storage

In order to use a external credential store, we need a program to interact with.

The actual list of “official” Docker Credential Helper is:

docker-credential-osxkeychain: Provides a helper to use the OS X keychain as credentials store.
docker-credential-secretservice: Provides a helper to use the D-Bus secret service as credentials store.
docker-credential-wincred: Provides a helper to use Windows credentials manager as store.
docker-credential-pass: Provides a helper to use pass as credentials store.

docker-credential-secret service

On this post we will explore the docker-credential-secretservice and how to configure it.

We need to download and install the helper. You can find the lastest release on https://github.com/docker/docker-credential-helpers/releases. Download it, extract it and make it executable.

wget https://github.com/docker/docker-credential-helpers/releases/download/v0.6.2/docker-credential-secretservice-v0.6.2-amd64.tar.gz
tar -xf docker-credential-secretservice-v0.6.2-amd64.tar.gz
chmod +x docker-credential-secretservice
sudo mv docker-credential-secretservice /usr/local/bin/

Then, we need to specify the credential store in the file ~/.docker/config.json to tell docker to use it. The value must be the one after the prefix docker-credential-. In this case:
```
{
 "credsStore": "secretservice"
}
```
To facilite the configuration and do not make mistakes, you can run:
```
sed -i '0,/{/s/{/{\n\t"credsStore": "secretservice",/' ~/.docker/config.json
```

From now we are uning an external store, so if you are currently logged in, you must run docker logout to remove the credentials from the file and run docker login tostart using the new ones.

Let me know how this works for you.

References:

Docker Credential Helpers repository¹
Docker Credential Store Documentation²
Slides about this topic ³

Bulk Delete Rackspace Cloud Files data via API

Wed, 13 Feb 2019 00:00:00 +0000

Sometimes it is necessary to delete all the content of the Cloud Files containers, however, the API does not have a proper method to delete the data and the containers on the same API call. Also, accoring to the documentation, you can only delete empty containers.

So, in cases where you need to delete the data and the containers at the same time, you should follow the next steps:

Download Turbolift, I know it is an old tool.

git clone https://github.com/cloudnull/turbolift
cd turbolift

In order to get and isolated installation, we are going to create a Python Virtual Environment (virtualenv)
```
mkvirtualenv turbolift
workon turbolift
```
Install the tool
```
pip install turbolift
```

Now, prior to start to play with the API calls, we need to grab some data to authenticate with the API:

Variable	Definition
USERNAME	This is the Rackspace Public Cloud username
APIKEY	This is your API-KEY
REGION	This is the Region where the Cloud Files are located (dfw, ord, iad, lon, hkg)
TOKEN	The TOKEN is generated after you get authenticated
ENDPOINT	This ENDPOINT is given also after you get authenticated

Next step, we are going to use cURL, to perform all the API calls:

First of all, get the TOKEN:

USERNAME=YOUR-USERNAME
APIKEY=YOUR-APIKEY
TOKEN=$(curl -s -XPOST https://identity.api.rackspacecloud.com/v2.0/tokens \
 -d'{"auth":{"RAX-KSKEY:apiKeyCredentials":{"username":"'$USERNAME'","apiKey":"'$APIKEY'"}}}' \
 -H"Content-type:application/json" | jq '.access.token.id' | tr -d "\"")

Next step, get the ENDPOINT:

ENDPOINT=$(curl -s -XPOST https://identity.api.rackspacecloud.com/v2.0/tokens \
 -d'{"auth":{"RAX-KSKEY:apiKeyCredentials":{"username":"'$CL_USERNAME'","apiKey":"'$APIKEY'"}}}' \
 -H"Content-type:application/json" | jq '.access.serviceCatalog[] | select((.name=="cloudFiles") or (.name=="cloudFilesCDN")) | {name} + .
 endpoints[] | .publicURL' | tr -d "\"" | grep -v cdn | grep -i $REGION)

In this case we are skipping all te CDN endpoints, but you can add them if is necessary.

With all the collected data, next step is use turbolift to delete the Cloud Files container and their data. To do it, I use a for-loop:

for i in $(curl -s -H "X-Auth-Token: $TOKEN" $ENDPOINT); do turbolift -u $USERNAME -a $APIKEY --os-rax-auth $REGION delete -c $i ; done

Now, you have all the Data and Cloud Files containers deleted on one region.

😄

Configure SSH on a Ruckus Switch

Tue, 20 Nov 2018 00:00:00 +0000

I just have a Ruckus ICX 7150 Switch on my home and I’m trying to get access under ssh and web, to easy configuration and security instead of use telnet. So, I logged in using telnet and then run the following commands to configure a username/password and begin to receive petitions over port 22(ssh) and port 443(https). Let’s begin!

We will connect via telnet to the switch.
```
telnet SWITCH_IP
```

Once we are on the Switch CLI as a optional step, we can configure an IP on the switch.

device> enable
device# configure terminal
device(config)# ip address IP_ADDRESS/CIDR
device(config)# ip default-gateway IP_GATEWAY

Now, the next steps are for generate a SSL certificate, a username/password, activate password to login and enable thw web access and ssh access.

device(config)# crypto-ssl certificate generate
device(config)# username USERNAME password PASSWORD
device(config)# aaa authentication login default local
device(config)# aaa authentication web-server default local

It may take several minutes to generate the certificate key. After that, save the configuration.
```
device(config)# write memory
```

Now you are able to login on your switch using ssh or web.

References:

Blog with ruckus commands ¹

Ruckus ICX7150-C12P – Initial Configuration ↩︎

Set a hugo blog on Kubernetes

Mon, 18 Jun 2018 00:00:00 +0000

Table of Contents

Overview

Since last year I been trying to become an SRE (Site Reliability Engineer), so I been involved with some emerging technologies, like ansible, docker and on this time with kubernetes.

This time, I will try to explain how I containerized my blog using:

Architecture

So, I take some ideas from here and I modify them and adapt the architecture described to my options.

The principal changes that I made are:

My Kubernetes cluster is running on 2 cloud server on Rackspace Public Cloud
The container registry that I’m using is Quay
Rackspace Public Cloud does not support a Kubernetes LoadBalancer service automatically, so I simulate that behavior adding a Cloud Load Balancer manually after the Kubernetes service provide me the port.

Architecture

Containerized

I use Hugo to deploy my blog, I used to do it as mentioned on this previous post (In Spanish).

Now, as a part of containerize the blog it make sense to me to create two stages as described here:

The first stage is a defined build environment containing all required build tools (hugo, pygments) and the source of the website (Git repository).
The second stage is the build artifact (HTML and assets), from the first stage and a webserver to serve the artifact over HTTP.

Dockerfile

Here is the Dockerfile that containerize the blog:

FROM ubuntu:latest as STAGEONE

# install hugo
ENV HUGO_VERSION=0.41
ADD https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_${HUGO_VERSION}_Linux-64bit.tar.gz /tmp/
RUN tar -xf /tmp/hugo_${HUGO_VERSION}_Linux-64bit.tar.gz -C /usr/local/bin/

# install syntax highlighting
RUN apt-get update
RUN apt-get install -y python3-pygments

# build site
COPY source /source
RUN hugo --source=/source/ --destination=/public/

FROM nginx:stable-alpine
RUN apk --update add curl bash
RUN rm /etc/nginx/conf.d/default.conf
COPY modules/nginx.luiscachog.io.conf /etc/nginx/conf.d/luiscachog.io.conf
COPY --from=STAGEONE /public/ /usr/share/nginx/html/
EXPOSE 80 443

MAINTAINER Luis Cacho <luiscachog@gmail.com>

First Stage

Fetch the lastest Ubuntu image and name as STAGEONE
Install the last available hugo version from source.
Install pygments library to use it for highlighting.
Build the site with hugo and the output is set on /public as a build artifact.

Second Stage

Fetch the lastest stable nginx alpine image.
Update the image and install some utilities.
Delete the default nginx configuration file.
Copy the configuration files needed from the repository root directory.
Copy the build artifact /public from the previous stage (STAGEONE)

My First Contribution to OpenStack project

Thu, 15 Mar 2018 00:00:00 +0000

I been working since last year using Ansible for fun and to trying to get prepared to become a DevOps, so I found an excelent OpenStack project called ARA Records Ansible.

Ansible Logo

ARA Logo

Basically it is a project from the OpenStack community that makes it easier to understand and troubleshoot your Ansible roles and playbooks. If you want more information, please refer to the Documentation Page.

Anyhow, I just found a little bug on the Ansible Role to install ARA ansible-role-ara on Debian based distros and just send the patch to fix it.

Here is the link to my contribution.

And, as I am proud of my first commit on a big project here is the screenshot too:

My First OpenStack Contribution

I feel happy and motivated to still learn about this Open-Source project and a lot more.

😄

Deployment de un sitio estatico con Hugo y Git Hooks

Mon, 05 Mar 2018 00:00:00 +0000

Table of Contents

Motivación

Estoy intentando escribir un poco más en mi blog, ya que noté que muchas veces no lo hacia muy a menudo por que al llegar a la consola de administración de Wordpress, habia que dar bastantes clicks para llegar al menu de “Posts”, además de que cada vez que entraba había un plugin diferente que actualizar, y verificar que nada se rompiera con las nuevas actualizaciónes, en pocas palabras hay que darle bastante mantenimiento a un sitio con Wordpress, y además de eso había que dedicarse a escribir el post.

Otra razón por lo que opté hacer el cambio de plataforma, es que al estar tratando de convertirme en DevOps, es necesario, desde mi punto de vista; tratar automatizar/scriptear la mayoria de tus tareas que realizas día a día, y con Hugo considero que se puede realizar este objetivo también.

Consideraciones

Una vez que decidí migrarme de Wordpress, el siguiente paso era decidir a que plataforma mudarme. De entrada la plataforma que queria probar era un Static Site Generator, aqui otro link de por que usar un Static Site Generator.

Partiendo de lo anterior, las opciones que me parecieron interesantes fueron:

Cada una de las opciones tiene diferentes caracteristicas, que no vamos a discutir en este post, sin embargo las carteristicas que me convencieron de usar Hugo por encima de las otras alternativas fueron:

Consta solamente de un binario, que comparado con las otras posibilidades hay que instalar todo un ambiente de desarrollo/producción.
Es bastante rápido.
Es Multi-plataforma
Tiene diversos temas

Instruciones

Consideraciones técnicas

El ambiente consta de:

1 servidor productivo donde esta instalado hugo, git y un servidor web (apache o nginx) , haremos todos los deployments usando el usuario admin, ojo que no es el usuario root.
1 servidor/equipo de desarrollo, de igual forma que cuenta con hugo y git, en mi caso, es mi computadora personal y mi usuario es luiscachog.
1 cuenta de github.com

Autenticación mediante llaves SSH

El primer paso es realizar el intercambio de llaves SSH entre el equipo de desarrollo y el equipo productivo. Para ello seguimos los siguientes pasos:

Generar la llave SSH, tendrás que contestar algunas preguntas, entre las cuales está si quieres ponerle un password, a lo cual deberas dejarlo en blanco para que no te pida contraseña.
```
luiscachog@dev-server:~$ ssh-keygen
```

Copiar la llave SSH hacia el equipo productivo:

luiscachog@dev-server:~$ ssh-copy-id admin@IP_servidor_productivo

Verificar que te puedas conectar desde tu servidor de desarrollo, con tu usuario al servidor productivo, con el usuario que realizará los deployments.
```
luiscachog@dev-server:~$ ssh admin@162.125.2.30 hostname
```
En este caso, debera de mostrarte el hostname del servidor productivo sin pedirte el password.

Configuración sitio con Hugo

El siguiente paso es configurar nuestro ambiente de desarrollo con Hugo y Git.

Para instalar ambos en Ubuntu o derivados debes de ejecutar:
```
luiscachog@dev-server:~$ sudo apt install hugo git
```
Para tener la version más actualizada de hugo puedes seguir los pasos descritos en este link

Vamos a crear un directorio de trabajo para nuestro sitio estatico

luiscachog@dev-server:~$ mkdir ~/sites
luiscachog@dev-server:~$ cd ~/sites

Crearemos un nuevo sitio usando el comando hugo

luiscachog@dev-server:~$ hugo new site luiscachog.io
Congratulations! Your new Hugo site is created in /home/luiscachog/sites/luiscachog.io.

Just a few more steps and you're ready to go:

1.- Download a theme into the same-named folder.
 Choose a theme from https://themes.gohugo.io/, or
 create your own with the "hugo new theme <THEMENAME>" command.
2.- Perhaps you want to add some content. You can add single files
 with "hugo new <SECTIONNAME>/<FILENAME>.<FORMAT>".
3.- Start the built-in live server via "hugo server".

Visit https://gohugo.io/ for quickstart guide and full documentation.

Cuando termine de correr el comando se podra apreciar los siguientes directorios y archivos

luiscachog@dev-server:~$ cd luiscachog.io
luiscachog@dev-server:~$ ls
archetypes config.toml content data layouts static themes
luiscachog@dev-server:~$ tree
.
├── archetypes
│   └── default.md
├── config.toml
├── content
├── data
├── layouts
├── static
└── themes

6 directories, 2 files

El siguiente paso es agregar un tema, puedes encontrar uno que te guste en https://themes.gohugo.io/
```
git init
git submodule add https://github.com/budparr/gohugo-theme-ananke.git themes/ananke

# Edit your config.toml configuration file
# and add the new theme.

echo 'theme = "ananke"' >> config.toml
```
Como recomendación adicional en este paso, puedes realizar un fork del tema que te guste en github para poder realizar modificaciones y proponer cambios al mismo, contribuyendo de esa forma a su desarrollo, para hacerlo, sigue los pasos:
1. Realizar un fork del tema, sigue esta guia para hacerlo.
2. Al realizar el fork, tendras en tus repositorios de github el tema que quieras, por lo que tendras que ejecutar los mismos comandos del punto anterior, pero el repositorio del tema apuntara a tu usario en github
```
git init
git submodule add https://github.com/luiscachog/gohugo-theme-ananke.git themes/ananke
# Edit your config.toml configuration file
# and add the new theme.

echo 'theme = "ananke"' >> config.toml
```
Vamos a crear un post de prueba para verificar que todo esta funcionando correctamente
```
hugo new posts/my-first-post.md
echo "Hola Mundo" >> content/posts/my-first-post.md
```
El comando anterior creara un archivo en la ruta content/posts/my-first-post.md, y el contenido será:
```
---
title: "My First Post"
date: 2018-02-28T12:02:38-06:00
draft: true
---
Hola Mundo!!!
```
Finalmente, probaremos que nuestro sitio estatico con nuestro post se muestren de manera local, en nuestro servidor de desarrollo. Cabe mencionar, que por defecto el comando ‘hugo server’ no mostrará los posts que tengan la opción ‘draft: true’, por ello se agrega la bandera -D
```
luiscachog@dev-server:~$ hugo server -D
```

Configuración del repositorio Git en el servidor de desarrollo 1ra parte

En el paso pasado, realizamos la inicialización del repositorio dentro del directorio del sitio estatico:

luiscachog@dev-server:~$ pwd
/home/luiscachog/sites/luiscachog.io
luiscachog@dev-server:~$ git status
On branch master

Initial commit

Changes to be committed:
 (use "git rm --cached <file>..." to unstage)

 new file: .gitmodules
 new file: themes/ananke

Untracked files:
 (use "git add <file>..." to include in what will be committed)

 archetypes/
 config.toml
 content/
 themes/ananke/

Ahora, para tener el repositorio publico, tenemos que crear el repositorio en github.com y configurarlo como un repositorio remoto

luiscachog@dev-server:~$ git add *
luiscachog@dev-server:~$ git commit -m "First commit"
luiscachog@dev-server:~$ git remote add origin https://github.com/luiscachog/luiscachog.io
luiscachog@dev-server:~$ git push -u origin master

Configuración del repositorio Git en el servidor productivo

Para poder ocupar los hooks de git es necesario hacer una primera copia inicial del repositorio en el que vamos a trabajar, con la particularidad de que el repositorio clonado debe ser del tipo bare.

En nuestro servidor productivo haremos:

admin@prod-server:~$ mkdir sites
admin@prod-server:~$ cd sites
admin@prod-server:~$ git clone --bare https://github.com/luiscachog/luiscachog.io luiscachog.io.git

Configuración del hook

Ya que tenemos nuestro repositorio tipo bare en el servidor productivo vamos a crear el script que mandará a llamar el hook de git.
```
admin@prod-server:~$ cd sites/luiscachog.io.git/hooks
admin@prod-server:~$ vim post-update
```

Y agregamos algo asi:

#!/bin/bash

GIT_REPO=$HOME/luiscachog.io.git
WORKING_DIRECTORY=/var/www/vhosts/luiscachog.io/working_hugo
PUBLIC_WWW=/var/www/vhosts/luiscachog.io/public_html
BACKUP_WWW=/var/www/vhosts/luiscachog.io/backup_html
MY_DOMAIN=luiscachog.io

set -e

rm -rf $WORKING_DIRECTORY
rsync -aqz $PUBLIC_WWW/ $BACKUP_WWW
trap "echo 'A problem occurred. Reverting to backup.'; rsync -aqz --del $BACKUP_WWW/ $PUBLIC_WWW; rm -rf $WORKING_DIRECTORY" EXIT

git clone $GIT_REPO $WORKING_DIRECTORY
mkdir -p $WORKING_DIRECTORY/themes
rm -rf $PUBLIC_WWW/*
/home/admin/bin/hugo -v -s $WORKING_DIRECTORY -d $PUBLIC_WWW -b "http://${MY_DOMAIN}"
trap - EXIT

Damos permisos de ejecución al script

admin@prod-server:~$ chmod +x post-update

Probamos que nuestro script funcione adecuadamente:

admin@prod-server:~$ ~/sites/luiscachog.io.git/hooks/post-update

Cloning into '/var/www/vhosts/luiscachog.io/working_hugo'...
done.
0 draft content
0 future content
4 pages created
0 paginator pages created
0 tags created
1 categories created
in 26 ms

Podras verificar tu nuevo post en la URL de su sitio:
```
http://production_domain_or_IP
```

Configuración del repositorio Git en el servidor de desarrollo 2da parte

Una vez tenemos configurado nuestro repositorio en el servidor de producción, procedemos a agregarlo como repositorio remoto en nuestro servidor de desarrollo

luiscachog@dev-server:~$ cd /home/luiscachog/sites/luiscachog.io
luiscachog@dev-server:~$ git remote add prod admin@IP_servidor_productivo:luiscachog.io
luiscachog@dev-server:~$ git ls-remote prod
d1b0b73528ab3117170ef74e133d0194dd2bc88a HEAD
d1b0b73528ab3117170ef74e133d0194dd2bc88a refs/heads/master

Puedes verificar los repositorios remotos con el comando:

luiscachog@dev-server:~$ git remote -v
origin git@github.com:luiscachog/luiscachog.io.git (fetch)
origin git@github.com:luiscachog/luiscachog.io.git (push)
prod admin@IP_servidor_productivo:luiscachog.io.git (fetch)
prod admin@IP_servidor_productivo:luiscachog.io.git (push)

Ahora cada vez que realizemos un push hacia el remote llamado ‘prod’ se llamara la función del hook.

luiscachog@dev-server:~$ cd /home/luiscachog/sites/luiscachog.io
luiscachog@dev-server:~$ hugo new posts/Testing-Deployment.md
luiscachog@dev-server:~$ echo "Deployment Test" >> content/posts/Testing-Deployment.md
luiscachog@dev-server:~$ git add *
luiscachog@dev-server:~$ git commit -m 'Deployment test with git hooks'

Este es el comando que hace la magia:

luiscachog@dev-server:~$ git push prod master
Counting objects: 3, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 310 bytes | 0 bytes/s, done.
Total 3 (delta 2), reused 0 (delta 0)
remote: Cloning into '/var/www/vhosts/luiscachog.io/working_hugo'...
remote: done.
remote: Cloning into '/var/www/vhosts/luiscachog.io/working_hugo/themes/hugo-future-imperfect'...
remote: INFO 2018/03/01 03:12:34 Using config file: /var/www/vhosts/luiscachog.io/working_hugo/config.toml
remote: Building sites … INFO 2018/03/01 03:12:34 syncing static files to /var/www/vhosts/luiscachog.io/public_html/
remote:
remote: | EN
remote: +------------------+----+
remote: Pages | 10
remote: Paginator pages | 0
remote: Non-page files | 0
remote: Static files | 3
remote: Processed images | 0
remote: Aliases | 1
remote: Sitemaps | 1
remote: Cleaned | 0
remote:
remote: Total in 44 ms
To admin@IP_servidor_productivo:luiscachog.io.git
 d5b0671..cvc4dee master -> master

Listo ya podemos probar nuestro sitio

http://luiscachog.io

Con esto el siguiente paso que realizare es hacer el deployment de mi servidor para el blog usando Ansible.

Nos Vemos!!!

References: Digital Ocean blog post ¹

Digital Ocean ↩︎

Improve WD MyCloud performance

Fri, 16 Feb 2018 00:00:00 +0000

I’ve just noticed that my NAS a Western Digital My Cloud EX2 is going slower, so I decided to investigate about what can I do to improve its performance.

I assume that you already configure ssh on your NAS device. If is not configured you can follow the next instructions: https://support-en.wd.com/app/answers/detailweb/a_id/12861

Stop Indexing Services

/etc/init.d/wdmcserver stop
/etc/init.d/wdphotodbmerger stop

To do it forever, you should create the cronjob as:

crontab -e

And add the following lines:

@reboot /bin/sh /etc/init.d/wdmcserverd stop
@reboot /bin/sh /etc/init.d/wdphotodbmerger stop

References:

Western Digital knowledge base link¹

How to enable SSH (Secure Shell) on a My Cloud EX2 device ↩︎

WordPress with Let's Encrypt SSL Certificate on a Load Balancer

Sun, 03 Sep 2017 00:00:00 +0000

Hi again,

As many of you know a lot of “Production” applications need to be configured to provide High Availability. With that in mind, a best practice architecture to your application is to add a Load Balancer as a front end who distribute your traffic between your application nodes, as you can appreciate on the next image:

HA Load Balancer diagram

SSL Offloading

In this case, my “Production” application is my blog, and I will install a SSL Certificate on the Cloud Load Balancer(CLB) to offloading the encryption/decryption to the CLB instead of doing it on the webserver. That way your webservers uses port 80 (HTTP), as always, and you serve your content trought port 443(HTTPS).

SSL-Offloading diagram

Here are the what I use to configure my WordPress with SSL Certificate:

SSL Certificate issued using Let’s Encrypt
A Client of Let’s Encrypt called acme
A Cloud Load Balancer
A WordPress installation

Step 1: Install acme.sh client

There is a lot of ACME clients supported by Let’s Encrypt, the most popular is Certbot. However, I prefer to use acme.sh.

Let’s install it:

git clone https://github.com/Neilpang/acme.sh.git
cd acme.sh
# Create a data home directory
sudo mkdir -p /opt/acme/data
# Actual command to install it
bash acme.sh --install --home /opt/acme --config-home /opt/acme/data --certhome /opt/acme/data/ssl-certs --accountemail your@email.com

Step 2: Issue SSL Certificate

Once acme.sh is installed, we proceed to issue our first SSL Certificate:

/opt/acme/acme.sh --issue -d example.com -w /var/www/vhosts/example.com/public_html
[Mon Aug 25 06:04:07 UTC 2017] Creating domain key
[Mon Aug 25 06:04:07 UTC 2017] The domain key is here: /opt/acme/data/ssl-certs/example.com/example.com.key
[Mon Aug 25 06:04:07 UTC 2017] Single domain='example.com'
[Mon Aug 25 06:04:07 UTC 2017] Getting domain auth token for each domain
[Mon Aug 25 06:04:07 UTC 2017] Getting webroot for domain='example.com'
[Mon Aug 25 06:04:07 UTC 2017] Getting new-authz for domain='example.com'
[Mon Aug 25 06:04:08 UTC 2017] The new-authz request is ok.
[Mon Aug 25 06:04:08 UTC 2017] Verifying:example.com
[Mon Aug 25 06:04:11 UTC 2017] Success
[Mon Aug 25 06:04:11 UTC 2017] Verify finished, start to sign.
[Mon Aug 25 06:04:11 UTC 2017] Cert success.
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISA2AIs/G8gWjkRkNOUb7zmqh1MA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzA4MjgwNTA0MDBaFw0x
NzExMjYwNTA0MDBaMBkxFzAVBgNVBAMTDmNvb2tpZWxhYnMubmV0MIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8/4fXH0dOHcSlyXpsBoULhwQYkz4m0J
MegRHU2mhyy/jfKWM6KHDxHpFWUFajLJ/ORE4uncvjmRYeSVBxgv2R2cYoZyKd6v
txT+Cdj3jD9fBfDerfdfsdfsd6Y6mlr6Im61afKsFXIgLsprBpK22JU6HOz+0Fdo
lan09aaF8zLPtVzdfJw9MU55K7nzerxO8j4ro2lve0PHExkMIBCrXey50wcuqQRY
hwkbbXsm+wTES7TCn3tooSzFq6ore3JrSckxhFQ96EOea0s9CgYnw4d9rU/b3jyK
bFCILEJK64vgFHx0qvd0hBJFJG/HUtAXAVrFQjjlZlCmCMbnee1UTQIDAQABo4IC
DjCCAgowDgYDVR0pasoasoasogWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
BQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR2KRpXKKgTorwfXpo44wgKyFUl
QzAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv86jsoTBvBggrBgEFBQcBAQRj
MGEwLgYIKwYBBQUHMAASdTdddHA6Ly9vY3NwLmludC14My5sZXRzZW5jcnlwdC5v
cmcwLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlwdC5v
cmcvMBkGA1UdEQQSMBCCDmNvb2tpZWxhYnMubmV0MIH+BgNVHSAEgfYwgfMwCAYG
Z4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcCARYaaHR0cDovL2Nw
cy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGbVGhpcyBDZXJ0aWZp
Y2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5aW5nIFBhcnRpZXMg
YW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0aWZpY2F0ZSBQb2xp
Y3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvcmVwb3NpdG9yeS8w
DQYJKoZIhvcNAQELBQADggEBAFVGs82tzyVER6U0x7p/Q+6xplDFd6ap/dVX9G6i
eRPf4ayGykPSH9J3ewu398LOQd3DE93oWbqc7PfEC40Z5HqvCEY3fl9auep99/IF
rwhf36J7PXvEsPrUB6pxNFSBw9WX366Z1MP8qoIzm3XYEpp2D/SPniWY5+eQ42Pj
WNxxVksA4kFUF9wgKcrsCNTm0X8GZj5HUXC1OwtlopY2w42QrAMGwz1jM4nxv5Mc
Jim+nT0zmJUhAdQi8ocDjAl2PvcfdgfmkMr9IWH3al/GJSKy3a9Cq+BaIsIUYi6E
8M8Mj+00ONNn1folm9aVn+FW5fVCaxYN32ir8PnoTWkOXK8=
-----END CERTIFICATE-----
[Mon Aug 25 06:04:11 UTC 2017] Your cert is in /opt/acme/data/ssl-certs/example.com/example.com.cer
[Mon Aug 25 06:04:11 UTC 2017] Your cert key is in /opt/acme/data/ssl-certs/example.com/example.com.key
[Mon Aug 25 06:04:11 UTC 2017] The intermediate CA cert is in /opt/acme/data/ssl-certs/example.com/ca.cer
[Mon Aug 25 06:04:11 UTC 2017] And the full chain certs is there: /opt/acme/data/ssl-certs/example.com/fullchain.cer

Where the explained options are:

-issue: Issue a new certificate

-d (-domain) : Specifies a domain, used to issue, renew or revoke, etc.

-w (-webroot) : Specifies the web root folder for web root mode. This is the DocumentRoot where your site is hosted and it is necessary to verify it by Let’s Encrypt.

Step 3: Install SSL Certificate on Cloud Load Balancer

So, at this moment we have our SSL Certificate, Private Key, and Intermediate CA Certificate ready to install on our Cloud Load Balancer (CLB)

Your cert is in /opt/acme/data/ssl-certs/example.com/example.com.cer
Your cert key is in /opt/acme/data/ssl-certs/example.com/example.com.key
The intermediate CA cert is in /opt/acme/data/ssl-certs/example.com/ca.cer

So we should go to https://login.rackspace.com -> Rackspace Cloud -> Networking -> Cloud Load Balancers:

Rackspace Portal - Cloud Loud Balancer

Then, to Optional Features and Enable/Configure on “Secure Traffic SSL”

Rackspace Portal - Cloud Loud Balancer

Finally, we add our SSL Certificate, Private Key, and Intermediate CA Certificate to the CLB and save the configuration:

Rackspace Portal - Cloud Loud Balancer

Step 4: Configure WordPress

We are almost done, at this time we already have configured our SSL on the CLB to provide WordPress over HTTPS, however, WordPress is still with HTTP, so we need to reconfigure our WordPress with SSL.

Database queries

First of all, we should update the links from http to https; we are going to do it directly on the database doing the following queries:

Change all instances of example.com to your own. If you have the www as part of your WordPress Address(URL) in the WordPress Settings, add the ‘www’.

Also, if you have a custom table prefix in the WordPress database, something other than the default ‘wp_’, then you must change all the instances of ‘wp_’ to your own table prefix.

Update any embedded attachments/img that use http:This one updates the src attributes that use double quotes:

UPDATE `wp_posts` SET post_content = REPLACE(post_content, 'src=\"http://example.com', \
'src=\"https://example.com') WHERE post_content LIKE '%src=\"http://example.com%';

This one takes care of any src attributes that use single quotes:

UPDATE `wp_posts` SET post_content = REPLACE(post_content, 'src=\'http://example.com', \
'src=\'https://example.com') WHERE post_content LIKE '%src=\'http://example.com%';

Update any hard-coded URLs for links.This one updates the URL for href attributes that use double quotes:

UPDATE `wp_posts` SET post_content = REPLACE(post_content, 'href=\"http://example.com', \
'href=\"https://example.com') WHERE post_content LIKE '%href=\"http://example.com%';

This one updates the URL for href attributes that use single quotes:

UPDATE `wp_posts` SET post_content = REPLACE(post_content, 'href=\'http://example.com', \
'href=\'https://example.com') WHERE post_content LIKE '%href=\'http://example.com%';

Update any “pinged” links:

UPDATE `wp_posts` SET pinged = REPLACE(pinged, 'http://example.com', \
'https://example.com') WHERE pinged LIKE '%http://example.com%';

This step is just a confirmation step to make sure that there are no remaining http URLs for your site in the wp_posts table, except the GUID URLs.

You must replace WP_DB_NAME, near the beginning of the query, with the name of your database.

This will confirm that nowhere in the wp_posts table is there a remaining http URL, outside of the GUID column. This ignores URLs in the GUID column.

This query only searches; it does not replace anything, nor make any changes. So, this is safe to run. It’s a safe and quick way to check the wp_posts table while ignoring the guid column.

This SQL query should return an empty set. That would mean that it found no http URLs for your site. (This is all just 1 query. It’s 1 very, very long line.)

Remember to replace WP_DB_NAME, near the beginning of the query, with the name of your database.

```sql
SELECT * FROM `WP_DB_NAME`.`wp_posts` WHERE (CONVERT(`ID` USING utf8) LIKE \
'%%http://example.com%%' OR CONVERT(`post_author` USING utf8) LIKE '%%http://example.com%%' \
OR CONVERT(`post_date` USING utf8) LIKE '%%http://example.com%%' \
OR CONVERT(`post_date_gmt` USING utf8) LIKE '%%http://example.com%%' \
OR CONVERT(`post_content` USING utf8) LIKE '%%http://example.com%%' \
OR CONVERT(`post_title` USING utf8) LIKE '%%http://example.com%%' \
OR CONVERT(`post_excerpt` USING utf8) LIKE '%%http://example.com%%' \
OR CONVERT(`post_status` USING utf8) LIKE '%%http://example.com%%' \
OR CONVERT(`comment_status` USING utf8) LIKE '%%http://example.com%%' \
OR CONVERT(`ping_status` USING utf8) LIKE '%%http://example.com%%' \
OR CONVERT(`post_password` USING utf8) LIKE '%%http://example.com%%' \
OR CONVERT(`post_name` USING utf8) LIKE '%%http://example.com%%' \
OR CONVERT(`to_ping` USING utf8) LIKE '%%http://example.com%%' \
OR CONVERT(`pinged` USING utf8) LIKE '%%http://example.com%%' \
OR CONVERT(`post_modified` USING utf8) LIKE '%%http://example.com%%' \
OR CONVERT(`post_modified_gmt` USING utf8) LIKE '%%http://example.com%%' \
OR CONVERT(`post_content_filtered` USING utf8) LIKE '%%http://example.com%%' \
OR CONVERT(`post_parent` USING utf8) LIKE '%%http://example.com%%' \
OR CONVERT(`menu_order` USING utf8) LIKE '%%http://example.com%%' \
OR CONVERT(`post_type` USING utf8) LIKE '%%http://example.com%%' \
OR CONVERT(`post_mime_type` USING utf8) LIKE '%%http://example.com%%' \
OR CONVERT(`comment_count` USING utf8) LIKE '%%http://example.com%%');
```

Now, we move to the wp_comments table. This changes any comment author URLs that point to the http version of your site. This is in case you’ve ever replied to a comment while your URL was pointing to http.
```
UPDATE `wp_comments` SET comment_author_url = REPLACE(comment_author_url, \
'http://example.com', 'https://example.com') WHERE comment_author_url \
LIKE '%http://example.com%';
```

This updates the content of the comments on your site. If there are any links in the comments that are linking to an http URL on your site, they will be updated to https.

UPDATE `wp_comments` SET comment_content = REPLACE(comment_content, 'http://example.com', \
'https://example.com') WHERE comment_content LIKE '%http://example.com%';

Now we move to the wp_postmeta table. This takes care of any custom post meta that points to the http version of your site.

UPDATE `wp_postmeta` SET `meta_value` = REPLACE(meta_value, 'http://example.com', \
'https://example.com') WHERE meta_value LIKE '%http://example.com%';

Now we move to the wp_options table. Update the WordPress Address (URL) and Site Address (URL).

For the WordPress Address URL, you may have to modify example.com. If you have WordPress installed in some other directory, then modify this according to your own WordPress URL. For example, some people have WordPress installed in a subdirectory named “blog”, and so their WordPress Address would be https://example.com/blog.
```
UPDATE `wp_options` SET `option_value` = "https://example.com" \
WHERE `wp_options`.`option_name` = 'siteurl';
```
This one will update the Site Address URL (this is the home page of your site):
```
UPDATE `wp_options` SET `option_value` = "https://example.com" \
WHERE `wp_options`.`option_name` = 'home';
```

WordPress Control Panel

Besides, with run the queries directly on the database, we can update, or verify, the blog URLs, by going to Settings > General

And updating your WordPress Address (URL) and Site Address (URL) address fields.

WordPress - Change URL

WordPress Config File

Finally, we should add the following line to our wp_config.php file

$_SERVER['HTTPS']='on';

Now, you have configured WordPress with Let’s Encrypt SSL Certificate on a Load Balancer.

Build a Dynamic DNS Client with Rackspace API

Mon, 11 Apr 2016 00:00:00 +0000

This time I’ve want to create a homemade Server with my Raspberry Pi2 and publish it using my own sub-domain, the main problem is that the ISP provide me an dynamic IP and we should ensure that if my IP address change the sub-domain record should point to the new IP.

The instructions assume that you:

Have a domain
Have already changed your NS records to point to dns1.stabletransit.com and dns2.stabletransit.com.

You should download the latest version of rsdns from github

cd ~/bin/
git clone https://github.com/linickx/rsdns.git

Go to your Rackspace portal https://login.rackspace.com/ and grab your Username & API key (It’s under “Your Account” -> “Account Settings” -> “API Key”)
Create a configuration file for rsdns (~/.rsdns_config) with your settings.
```
#!/bin/bash
RSUSER=lcacho
RSAPIKEY=1234567890
RSPATH=~/bin/rsdns/
```
You need your domain created on Rackspace(It’s under “Networking” -> “Cloud DNS” -> “Create Domain”) if you don’t have your domain created you are able to created using rsdns:
```
./rsdns-domain.sh -d www.luiscachog.io -e lcacho@luisachog.io
```
Once you have a domain setup you need to create an A record. To create the A record you going to need an IP address, you can use http://icanhazip.com to get your actual current IP. Again to create a record you are able to do it from Rackspace panel (It’s under “Networking” -> “Cloud DNS” -> YOUR_DOMAIN -> “Add Record”) or you can use rsdns:
```
./rsdns-a.sh -n dynamic-host.luiscachog.io -i 123.123.123.123 -t 3600
```
In the above the TTL is set to 1hr (3600 secs), this is so that DNS caches do not keep the record too long. That’s all the pre-work done, now lets get your dynamic host setup!
The script to update your a record is rsdns-dc.sh, and you run it like this:
```
./rsdns-dc.sh -n dynamic-host.luiscachog.io
```
The script uses icanhazip to get your current IP, it then update the A record with it.

I never switch off my router so I have create a created a cronjob to run that script every 2 hours, plus the 1hr TTL should mean that the record is roughly in sync with my IP without making unnecessary requests

I use CentOS, so I can simply drop the following file called rsdns-dc into /etc/cron.d/ with this…

vim /etc/cron.d/rsdns-dc
* */2 * * * lcacho /home/lcacho/bin/rsdns/rsdns-dc.sh -n dynamic-host.luiscachog.io &>/dev/null

Now we are done! Private Dynamic DNS on your own zone using the Rackspace API.

Spamassassin Error: cannot create user preferences file //.spamassassin/user_prefs: Permission denied on VestaCP - CentOS

Wed, 08 Apr 2015 00:00:00 +0000

When you configure spamassassin on VestaCP (CentOS) sometimes you might have some problems with the autolearn feature and also with the bayes plugin of spamassassin.

The error looks like:

more /var/log/maillog

Apr 5 00:31:00 vestaserver01 spamd[1353]: spamd: connection from localhost [127.0.0.1] at port 37022
Apr 5 00:31:00 vestaserver01 spamd[1353]: spamd: setuid to nobody succeeded
Apr 5 00:31:00 vestaserver01 spamd[1353]: spamd: creating default_prefs: //.spamassassin/user_prefs
Apr 5 00:31:00 vestaserver01 spamd[1353]: config: cannot create user preferences file //.spamassassin/user_prefs: No such file or directory
Apr 5 00:31:00 vestaserver01 spamd[1353]: spamd: failed to create readable default_prefs: //.spamassassin/user_prefs
Apr 5 00:31:00 vestaserver01 spamd[1353]: spamd: checking message &lt;5520C87B.8020009@example.com&gt; for nobody:99
Apr 5 00:31:00 vestaserver01 spamd[1353]: plugin: eval failed: bayes: (in learn) locker: safe_lock: cannot create tmp lockfile
/.spamassassin/bayes.lock.vestaserver01.example.com.1353 for /.spamassassin/bayes.lock: No such file or directory
Apr 5 00:31:00 vestaserver01 spamd[1353]: spamd: clean message (-1.0/5.0) for nobody:99 in 0.2 seconds, 3138 bytes.
Apr 5 00:31:00 vestaserver01 spamd[1353]: spamd: result: . 0 - ALL_TRUSTED,HTML_MESSAGE scantime=0.2,size=3138,user=nobody,uid=999,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=37022,mid=&lt;5520C87B.8020009@example.com&gt;,autolearn=unavailable

Basically the error are the permissions on: //.spamassassin/user_prefs

To fix it follow the next steps:

Create the user spamd, in order to avoid to run spamassassin with the user nobody:

groupadd -g 1001 spamd
useradd -u 1001 -g spamd -s /sbin/nologin -d /var/lib/spamassassin spamd
mkdir /var/lib/spamassassin
chown spamd:spamd /var/lib/spamassassin</pre>

Edit the file /etc/exim/exim.conf.

vi /etc/exim/exim.conf

Change the line:

spam = nobody:true/defer_ok

spam = spamd:true/defer_ok

Restart exim an spamassassin

/etc/init.d/exim restart
/etc/init.d/spamassassin restart

After that verify that the files bayes_seen, bayes_toks and user_prefs exists on the spamd home (In this case /var/lib/spamassassin)

pwd
/var/lib/spamassassin
ls -la
total 40
drwxr-xr-x 3 spamd spamd 4096 Apr 7 17:58 .
drwxr-xr-x 36 root root 4096 Feb 25 00:56 ..
-rw------- 1 spamd spamd 12288 Apr 2 21:34 bayes_seen
-rw------- 1 spamd spamd 12288 Apr 2 17:34 bayes_toks
-rw-r--r-- 1 spamd spamd 1869 Apr 1 17:18 user_prefs

Done!

SFTP Jailed

Tue, 31 Mar 2015 00:00:00 +0000

To configure your server to use a jailed user on SFTP you should do:

Edit the sshd_config file

We need to comment the following line:

Subsystem sftp /usr/libexec/openssh/sftp-server

And add the uncomment line, your modification will be same as:

# Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp

Also, at the end of the file we should to add the next lines:

Match Group sftponly
ChrootDirectory %h
X11Forwarding no
AllowTCPForwarding no
ForceCommand internal-sftp

After save all the changes, we must restart the sshd daemon

service sshd restart

Add sftponly group

groupadd sftponly

Add jailed user and add to sftponly group

useradd -m USERNAME
passwd USERNAME
usermod -aG sftponly,apache USERNAME

IMPORTANT: Create directory and establish correct permissions

chown root:root /home/USERNAME
chmod 755 /home/USERNAME
mkdir /home/USERNAME/TEST.DOMAIN.COM
chown apache:apache /home/USERNAME/TEST.DOMAIN.COM
chmod 775 /home/USERNAME/TEST.DOMAIN.COM
mkdir /var/www/vhost/TEST.DOMAIN.COM
chown apache:apache /var/www/vhost/TEST.DOMAIN.COM
chmod 775 /var/www/vhost/TEST.DOMAIN.COM

Note: If you have any connection problem please double check the permissions on the folders and check the logs on /var/log/secure

tail -f /var/log/secure

Mount DocumentRoot path on jailed user home directory

mount -o bind,noatime /var/www/vhost/TEST.DOMAIN.COM/ /home/USERNAME/TEST.DOMAIN.COM

Make the mount point permanent, editing the fstab file:
```
vi /etc/fstab
```
Add the mount point at the end of the file:
```
/var/www/vhost/TEST.DOMAIN.COM/ /home/USERNAME/TEST.DOMAIN.COM none bind,noatime 0 0
```
Save and exit
Test connection:
```
sftp SERVERIP
```

View sources IP's in Apache Logs behind a Load Balancer

Fri, 13 Feb 2015 00:00:00 +0000

When you use the Rackspace Cloud Load Balancers, it is common that the IP logged in Apache is the Private IP (ServiceNet) from the Cloud Load Balancer, however, we can fix that.

We can view sources IP’s in Apache Logs doing some changes on Apache configuration file and also on the vhosts configuration files.

On your Apache configuration file, you should to find the line:

LogFormat "%h %l %u %t \"%r\" %&gt;s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

Modified to:

LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %&gt;s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined

And also, on your vhosts configuration files you should to change the “combined” LogFormat definition will then be called in a “CustomLog” entry specific to your VirtualHost configuration. Here is an example VirtualHost definition to show you what I’m referring to:

ServerAdmin webmaster@example.com
DocumentRoot /var/www/html/example.com
ServerName example.com
ErrorLog logs/example.com-error_log
CustomLog logs/example.com-access_log combined

After adding the X-Forwarded-For definition to the LogFormat definition, you can restart Apache and view the logs to notice the difference. If all is done properly, you will see an actual public IP in the first field of your logs instead of the Cloud Load Balancer IP.

Yosemite stuck on boot process

Thu, 08 Jan 2015 00:00:00 +0000

Sometimes, I’m having problems with my Mac, when it’s sleep (hibernate) and I tried to “wake up” the Mac doesn’t start, and it shows me a Black Screen. So, I’ve rebooted and after that it is stuck on the boot process.

So, I’ve found these solution to avoid that Yosemite stuck on the boot process:

A. Enter to Single-user or verbose mode

Shutdown the Mac
Press the power button to start the computer
Immediately press and hold the Command Key and either of the following

* the "s" key for single-user mode (Command-S)
* the "v" key for verbose mode (Command-V)

B. When you login on the Mac, you should run the following commands:

```shell
/sbin/mount -uw /
rm -rf /System/Library/Caches/*
rm /private/var/db/BootCache.playlsit
reboot
```

After the reboot, your Mac will boot as always.

🙂

How to Update a ThemeForest Theme with the Envato WordPress Toolkit

Mon, 10 Nov 2014 00:00:00 +0000

I’ve purchased some themes on ThemeForest.com because they’re great. So this time I want to write about “How to Update ThemeForest Themes with the Envato WordPress Toolkit”.

First of all, Envato WordPress Toolkit it is very similar to a WordPress plugin. The installation it is the only difference. So I will explain how install the “plugin” and how to use in order to get the last update from your theme.

Envato WordPress Toolkit is NOT available on WordPress Repositories, so you will to download from Github. https://github.com/envato/envato-wordpress-toolkit
After you download the .ZIP file, you should be able to install from the WordPress Plugin Manager. Or you could upload the envato-wordpress-toolkit folder to the /wp-content/plugins/ directory.
Activate the Plugin from the WordPress Plugin Manager.
You will need to generate an API key from your Themeforest account.
1. In order to get your API key from Themeforest, you should login to themeforest.com, go to your dashboard and click on My Settings The API Keys screen allows you to generate a free API key.
Generate Envato API Key
Once the API connection has been established you will see a list of themes that can be auto installed. If you don’t see any themes and are certain you’ve done everything correct, there is a good chance the theme author has not updated their theme to be available for auto install and update. If that’s the case, please contact the theme author and ask them to update their theme’s information.

Envato Theme Autoupdate

This “plugin” very helpful to get your themes updated. I hope works for you as well as with me.

MySQL reset root password

Wed, 30 Jul 2014 00:00:00 +0000

Hello,

This time I share with you the faster and more secure method to reset the root password of MySQL.

This method is faster because the downtime is between 1 or 2 seconds (MySQL restart time) and it is more secure because the mysqld is not started without grants on the tables.

The steps are:

Create text file /var/lib/mysql/mysql-init with the sintaxis to reset the password for user root:

vim /var/lib/mysql/mysql-init

SET PASSWORD FOR 'root'@'localhost' = PASSWORD('new_password');

Add under the [mysqld] stanza on the file /etc/my.cnf:
```
init-file=/var/lib/mysql/mysql-init
```
Restart the mysqld service:
```
service mysqld restart
```
Remove the init-file line from /etc/my.cnf
Remove /var/lib/mysql/mysql-init
```
rm /var/lib/mysql/mysql-init
```

And after that, you can access again to your mysql instance.

😄

MySQL without password

Tue, 15 Apr 2014 00:00:00 +0000

The common form to log in to MySQL server, is running a mysql command with your login credentials and server’s IP address as arguments. For example:

mysql -u $MYSQL_ROOT -p$MYSQL_PASS

However, besides the inconvenience of typing extra arguments, using plain-text login credentials in a command line like above is really not a secure way to access a MySQL server.

MySQL offers a way for you to log in to MySQL server without password, by using an external MySQL configuration file. In Linux, there are two different kinds of MySQL configuration files:

/etc/my.cnf and
~/.my.conf

While any system-wide MySQL configuration is defined in /etc/my.cnf, any user-specific MySQL configuration is stored in ~/.my.cnf. You can leverage ~/.my.cnf, to define your MySQL login credential in the file.

vim ~/.my.cnf

We put our MySQL user in the configuration file:

[client]
user=root
password=$PASSWORD_ROOT

Make sure to have the configuration file readable to you only.

chmod 0600 ~/.my.cnf

Once ~/.my.cnf is created, simply typing mysql command will let you log in to the MySQL server as root, and you no longer need to provide login password separately.

mysql

Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 14787
Server version: 5.1.73 Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

SysAdmin | Luis Cacho

cURL to a specific target hostname

Fix a borg lock issue

Python Alternatives in RHEL based OS

Change the field separator in awk

MySQL Database Size

AIX Tunning commands

My journey to become CKA and CKAD

Backing Up a Ruckus Switch Config

Gestion de History

Mostrar la fecha y hora de cuando escribimos comandos

Control del tamaño del archivo de logs histórico

Control de duplicados en el histórico

Path para guardar el archivo de logs histórico

Docker Login the Right Way

Docker Login the right Way

Credential Store

Docker Credential Helpers

docker-credential-secret service

Bulk Delete Rackspace Cloud Files data via API

Configure SSH on a Ruckus Switch

Set a hugo blog on Kubernetes

Overview

Architecture

Containerized

Dockerfile

First Stage

Second Stage

My First Contribution to OpenStack project

Deployment de un sitio estatico con Hugo y Git Hooks

Motivación

Consideraciones

Instruciones

Consideraciones técnicas

Autenticación mediante llaves SSH

Configuración sitio con Hugo

Configuración del repositorio Git en el servidor de desarrollo 1ra parte

Configuración del repositorio Git en el servidor productivo

Configuración del hook

Configuración del repositorio Git en el servidor de desarrollo 2da parte

Improve WD MyCloud performance

Stop Indexing Services

WordPress with Let's Encrypt SSL Certificate on a Load Balancer

SSL Offloading

Step 1: Install acme.sh client

Step 2: Issue SSL Certificate

Step 3: Install SSL Certificate on Cloud Load Balancer

Step 4: Configure WordPress

Database queries

WordPress Control Panel

WordPress Config File

Build a Dynamic DNS Client with Rackspace API

Spamassassin Error: cannot create user preferences file //.spamassassin/user_prefs: Permission denied on VestaCP - CentOS

SFTP Jailed

View sources IP's in Apache Logs behind a Load Balancer

Yosemite stuck on boot process

How to Update a ThemeForest Theme with the Envato WordPress Toolkit

MySQL reset root password

MySQL without password