Automatic network restart and reboot Linux server script if ping timeout to gateway is not responding as a way to reduce connectivity downtimes


December 10th, 2018

automatic-server-network-restart-and-reboot-script-if-connection-to-server-gateway-inavailable-tux-penguing-ascii-art-bin-bash

Inability of server to come back online server automaticallyafter electricity / network outage

These days my home server  is experiencing a lot of issues due to Electricity Power Outages, a construction dig operations to fix / change waterpipe tubes near my home are in action and perhaps the power cables got ruptered by the digger machine.
The effect of all this was that my server networking accessability was affected and as I didn't have network I couldn't access it remotely anymore at a certain point the electricity was restored (and the UPS charge could keep the server up), however the server accessibility did not due restore until I asked a relative to restart it or under a more complicated cases where Tech aquanted guy has to help – Alexander (Alex) a close friend from school years check his old site here – alex.pc-freak.net helps a lot.to restart the machine physically either run a quick restoration commands on root TTY terminal or generally do check whether default router is reachable.

This kind of Pc-Freak.net downtime issues over the last month become too frequent (the machine was down about 5 times for 2 to 5 hours and this was too much (and weirdly enough it was not accessible from the internet even after electricity network was restored and the only solution to that was a physical server restart (from the Power Button).

To decrease the number of cases in which known relatives or friends has to  physically go to the server and restart it, each time after network or electricity outage I wrote a small script to check accessibility towards Default defined Network Gateway for my server with few ICMP packages sent with good old PING command
and trigger a network restart and system reboot
(in case if the network restart does fail) in a row.

1. Create reboot-if-nwork-is-downsh script under /usr/sbin or other dir

Here is the script itself:

 

#!/bin/sh
# Script checks with ping 5 ICMP pings 10 times to DEF GW and if so
# triggers networking restart /etc/inid.d/networking restart
# Then does another 5 x 10 PINGS and if ping command returns errors,
# Reboots machine
# This script is useful if you run home router with Linux and you have
# electricity outages and machine doesn't go up if not rebooted in that case
GATEWAY_HOST='192.168.0.1';
for i in $(seq 1 10); do
    ping -c 5 $GATEWAY_HOST
done

 

if [ $? -eq 0 ]; then
           echo "$(date "+%Y-%m-%d %H:%M:%S") Ping to $GATEWAY_HOST OK" >> /var/log/reboot.log
    else
    /etc/init.d/networking restart
    for i in $(seq 1 10); do ping -c 5 $GATEWAY_HOST; done
    if [ $? -eq 0 ]; then
        /sbin/reboot
    fi
        echo "$(date "+%Y-%m-%d %H:%M:%S") Ping to $GATEWAY_HOST FAILED !!! REBOOTING." >> /var/log/reboot.log
fi

You can download a copy of reboot-if-nwork-is-down.sh script here.

As you see in script successful runs  as well as its failures are logged on server in /var/log/reboot.log with respective timestamp.

2. Create a cron job to run reboot-if-nwork-is-down.sh every 15 minutes or so 

 

I've set the script to re-run in a scheduled (root user) cron job every 15 minutes with following  job:

To add the script to the existing cron rules without rewriting my old cron jobs and without tempering to use cronta -u root -e (e.g. do the cron job add in a non-interactive mode with a single bash script one liner had to run following command:

 

{ crontab -l; echo "*/15 * * * * /usr/sbin/reboot-if-nwork-is-down.sh 2>&1 >/dev/null; } | crontab –


I know restarting a server to restore accessibility is a stupid practice but for home-use or small client servers with unguaranteed networks with a cheap Uninterruptable Power Supply (UPS) devices it is useful.

Summary

Time will show how efficient such a  "self-healing script practice is.
Even though I'm pretty sure that even in a Corporate businesses and large Public / Private Hybrid Clouds where access to remote mounted NFS / XFS / ZFS filesystems are failing a modifications of the script could save you a lot of nerves and troubles and unhappy customers / managers screaming at you on the phone 🙂


I'll be interested to hear from others who have a better  ideas to restore ( resurrect ) access to inessible Linux server after an outage.?
 

Create SFTP CHROOT Jail User for data transfer to better Linux shared web hosting server security


December 3rd, 2018

Adding user SFTP access to a Linux system is often required and therefore a must for multi users or web hosting environments it is an absolute requirement to have SFTP  user space separation ( isolation ) out of the basic Linux system environment this is done using a fake CHROOT Jail.

Purpose of this article is to show how to create SFTP Chroot JAIL in few easy configurations.

By isolating each user into his own space you will protect the users to not eventually steal or mistakenly leak information such as user credentials / passwords etc.

Besides that it is useful to restrict the User to his own File / Web Space to have granted only access to Secure FTP (SFTP) only and not SSH login access and togheter with the chroot jail environment to protect your server from being attempted to be hacked (rooted / exploited) through some (0day) zero-day kernel 1337 vulnerability.

1. Setup Chrooted file system and do the bind mount in /etc/fstab
 

# chown root:root /mnt/data/share
# chmod 755 /mnt/data/share
# mkdir -p /sftp/home
# mount -o bind /mnt/data/share /sftp/home

Next add to /etc/fstab (e.g. vim /etc/fstab) and add following line:
 

/mnt/data/share /sftp/home  none   bind   0   0


To mount it next:
 

# mount -a


/mnt/data/share is a mounted HDD in my case but could be any external attached storage

 

2. Create User and sftpgroup group and add your new SFTP Jailed user accounts to it

To achieve SFTP only CHROOT Jail environment you need some UNIX accounts new group created such as sftpgroup and use it to assign proper ownership / permissions to newly added SFTP restricted accounts.
 

# groupadd sftpgroup


Once the group exists, next step is to create the desired username / usernames with useradd command and assign it to sftpgroup:

 

# adduser sftp-account1 -s /sbin/nologin -d /sftp/home
# passwd sftp-account1

 

usermod -G sftpgroup sftp-account1


Above both commands could be also done in one line with adduser

 

# adduser sftp-account1 -g sftpgroup -s /sbin/nologin -d /sftp/home

Note the /sbin/nologin which is set to prevent SSH logins but still allow access via sftp / scp data transfer clients Once the user exists it is a good idea to prepare the jailed environment under a separate directory under root File system system lets say in /sftp/home/

3. Set proper permissions to User chrooted /home folder

# mkdir -p /sftp/home
# mkdir /sftp/home/sftp-account1
# chown root:root /sftp/
# chown sftp-account1:sftpgroup /sftp/home/sftp-account1

For each new created uesr (in this case sftp-account1) make sure the permissions are properly set to make the files readable only by the respective user.

# chmod 700 -R /sftp/home/sftp-account1

For every next created user don't forget to do the same 3. Modify SSHD configuration file to add Chroot match rules Edit /etc/ssh/sshd_config file and to the end of it add below configuration:

# vim /etc/ssh/sshd_config
Subsystem sftp internal-sftp     
Match Group sftpgroup   
ChrootDirectory /sftp/home   
ForceCommand internal-sftp   
X11Forwarding no   
AllowTcpForwarding no


Restart sshd to make the new settings take effect, to make sure you don't ed up with no access (if it is a remote server) run the sshd daemon on a secondary port like so:
 

# /usr/sbin/sshd -p 2208 &

Then restart sshd – if it is old Linux with Init V support

# /etc/init.d/sshd restart

– For systemd Linux systems

# systemctl restart sshd


4. Verify Username (sftp-account1) could login only via SFTP and his environment is chrooted

 

ssh sftp-account1@pc-freak.net

This service allows sftp connections only.
Connection to 83.228.93.76 closed.

 

sftp sftp-account1@pc-freak.net Connected to 83.228.93.76. sftp>


5. Closure

The quick summary of What we have achieved with below is:

restrict Linux users from having no /bin/shell access but still have Secure FTP copy in few steps to summarize them

a. create new user and group for SFTP chrooted restricted access only
b. set proper permissions to make folder accessible only by user itself
c. added necessery sshd config and restarted sshd to make it working d. tested configuration

This short guide was based on documentation on Arch Linux's wiki SFTP chroot you can check it here.

Putty load as default session another session – Save other Putty session configuration to default howto


November 29th, 2018

putty-load-button-screenshot

Recently I had to use PuTTY which I haven't used for years to open a number of SSH Pernanent Tunnels necessery for my daily work as a SAP Consultant.

I've saved them under a certain new profile and saved the set SSH Tunnel configuration not in the default Session but in separate named one, therefore had to press Load button every time after clicking over my Putty shortcut icon. 

That was annoying and took few seconds out of my life every next morning for about a week, so finally I found osme time to google it and it seemed it is pretty easy to have any Putty sessoin loaded you like.

Here is how:

1. Create a new Putty Shortcut

putty-screenshot1

putty-shortcut-screenshot-windows

Click over Putty icon while holding CTRL + SHIFT (Control SHIFT keys simultaneously ) and move the mouse somewhere on the desktop to create the shortcut.
 

2. Right click on Putty Shortcut

putty-target-screenshot-windows1

putty-target-screenshot-windows2

 

"C:\Program Files\PuTTY\putty.exe" -load "your_saved_session" "username@your_server_address" -pw "your_password"


fill out "target" field of shortcut using above code (alter to your own properties).
click Apply button.

If you need to pass a user and password from Shortcut itself (which is a bad practice for security but sometimes useful, for not so important Tunnels – for example a tunnel to an Open Proxy), do it by typing in the target field like so:
 

"C:\Program Files\PuTTY\putty.exe" -load "your_saved_session" "username@your_server_address" -pw "your_password"

 

And Hooray !!! After that when you click on PuTTy shortcut it loads your session automatically using given username and password.

Prevent rsync cronjob to run multiple times via cronjob on Linux


November 21st, 2018

prevent-rsync-rsync-to-run-multiple-times-via-cronjob-on-linux

Today I had a report of a server whose Load Avarage keeps at the high level of 86, the machine runs on a bare metal rock solid hardware and even with such high Loads of the kernel it runs fine, but due to the I/O overhead the SANs red from a remote NetApp storage device started to be sluggish and hence it needed to be reviewed, thus I jumped in via the hop station (jump host) into the server.
 

1. Short investation on root cause for high server load


After a short investigation, I've found an rsync job set by someone on a cron job to be routinely run every 30 minutes, thus the old scheduled rsync, which seemed to run multiple times on the server (about 50 processes) of same rsync (file system synchronization was running) and as expected the storage was saddled with mutiple Input / Output requests.

The root cron job was like that:
 

server:~# crontab -u root -l |grep -i rsync
/usr/bin/rsync -ax /var/www/htdocs/directory_to_synchronize / /srv/www/synch_back/directory_to_synchrnize


A process list showed the following high number of running mirrored rsyncs:

 

server:~# ps axuwwf | grep -i rsync | wc -l
80


 

2. The Fix – Set Rsync to only via cron only in case if it is not already running in background


In order to fix it, I had to kill all current running rsync (here luckily only same single instance of rsync was running, but generally I was cautious to check no other rsync jobs are running – otherwise I would have mistakenly killed some other rsync job ongoing …)

Then I set the following new cron job one liner quick shell script that does the job to assign a pid file that is created before rsync and deleted after rsync completion.
 

if [ ! -e /tmp/repo_dba_sync.lock ]; then touch /tmp/repo_dba_sync.lock; /usr/bin/rsync -ax /var/www/htdocs/directory_to_synchronize / /srv/www/synch_back/directory_to_synchrnize ; trap 'rm -f /tmp/repo_dba_sync.lock; fi' EXIT  >/dev/null 2>&1


The cron job looked like so:

 

*/30 * * * * if [ ! -e /tmp/repo_dba_sync.lock ]; then touch /tmp/repo_dba_sync.lock; /usr/bin/rsync -ax /var/www/htdocs/directory_to_synchronize / /srv/www/synch_back/directory_to_synchrnize ; trap 'rm -f /tmp/repo_dba_sync.lock; fi'  EXIT >/dev/null 2>&1

Just in case if you're wondering
a trap should be used to verify that the lock file is removed when the script is exited for any reason.
This way the lock file will be removed even if the script exits before the end of the script.

An alternative and more simple ways to do it is via:
 

pgrep rsync > /dev/null || rsync -ax /var/www/htdocs/directory_to_synchronize / /srv/www/synch_back/directory_to_synchrnize

 

Or if you don't want to use bash's:
 

if []; then; fi


condition but still use a file lock the flock command can be used like so:
 

flock -n lock_file -c "rsync …"

Flight to Dresden German via Munchen and a few impressions about Dresden


November 13th, 2018

Dresden-Germany-side-view

Last week I've flew to Germany to start as a contractor for Itelligence AG a SAP contractor company on its own. 
I've been hired by a small bulgarian company called BST (Business Services and Technologies), but let me skip the details and go to the main goal of article to just share few impressions on my flight from Sofia Airport Terminal 2 (code named SOF), Bulgaria to Germany Munich Airport (Flughafen Munich – codename MMC).

Flight To Munich

My flight was an International one from Sofia to Munich and then a secondary (local Germany Shengen zone flight Dresden -> Munich) and this happens to be my second flight with Lufthansa, previous one was from Sofia -> Poland, Warsaw see my previous blog post Trip from Sofia Bulgaria to Minsk Belarus through Warsaw and how to issue VISA for Belarus.

a320-lufthansa-airbus-plane

Airbus-A320-LH-168-Lufthansa-passengers-placing
Both flights went pretty smoothly and I can confirm the general good reputation of Lufthansa as a flight company, the first flight was the longer one about 2 hours flight on a Airbus A320 which is a relatively big plane.

The second flight which was a short one about an 1 hour time was on a small Charter plane with the funny name Bombardier CRJ 900.

Bombardier_CRJ_900-airplane-Lufthansa_CityLine

Bombardier-CRJ900-plane-placing-Lufthansa

Well I thought good that I've been send for a Company Start-up training but I never planned bombing Germans 🙂 … But well enought jokes, its enough the hell they went through mainly from British and American bombings during  World War II …

Anyways the trip with both planes went smoothly thanks God. This time I travelled with my future colleague Hristos Hristov and as always the travel with someone is less scary and more enjoyable.

The Munich to Dresden flight

The Munich (the German word for Munchen) airport  is the second-busiest airport in Germany in terms of passenger traffic after Franfurt Airport and the 7th busiest airport in Europe and is in the top 40 biggest airports in the world, even though that if compared to Netherlands Schiphol airport it was a cozy and a very easy to orient, the passport control after the flight was a quick and efficient in a German way. We had to further reach for Terminal E on the airport and it happened that to reach the Terminal we need to pick-up a an S-Bahn train (a free one) which moved us to the other opposite passengers building.

Deutschland-DDR_flag

East Germany DDR Times Flag


An Airport Surprise The East German Car of Future 🙂 Trabant !

Arriving in Dresden around 12:30, my first impression was the Trabant car (old cardboard made of car produced in the times of DDR (Deutsche Demokratische Republic) / GDR or (German Democratic Republic) was state a part of the Eastern Bloc (Communist Bloc). 
 

Trabant-Dresden-airport-Germany
Trabant was like the car of the future, it was low cost cheap to produce, very light (a one person could move the car!) used little gasoline to run but it used a lot of oil 🙂
In Bulgaria it was a mass used car during Socialist Times. Nowadays the car is sold mostly in United States as an antique
for its low price. For example in Bulgaria one can buy one of this cardboard cars for 150 EUR or so 🙂

The problem with the car is if you enter an accident with 50 to 70 km you die 100%, so it is only suitable for small villages nowadays or maximum of a small town use for short distances.

Dresden-Trabbi-picture-the-Eastern-Block-cardboard-car

The car is super simplistic and surprisingly has even a baggage space in the back 🙂

Trabant_inside-the-car

Trabant_Engine_Block

For more check what wikipedia says about this magical car Trabant 🙂  …


The Transportation in Dresden (ticket fees and few impressions)

Immediately on Dresden's airport we head to information and asked the nice German old lady on how and where we can buy a monthly all transport ticket for Dresden and Surprise, Surprise the ticket was sold on Information Kiosk itself it costed 61.50 EURO (divided by 30 days that's about 2.05 eur per day), for Germany its a great price.
The normal ticket costs 2.80 eur per single trip and 6 euro for a daily ticket for all transports. 
To arrive to Dresden Central from Airport it was quite quick and efficient with the S-Bahn (S-Train) which is partially kinda of partially underground train similar to Metro for rapid transportation but not exactly. Iit seems this transport is very popular in Germany and Austria).

S-Bahn-Mehrverkehr_03-S-Train-rapid-transit-system

To arrive to Dresden Main (Central) Train Station, we had to travel to Haupbahnhof – the German Word for TrainStation and go down on Dresden Hbf.
Dresden-S-Bahn-Lines.svg

Schema for S-Bahn Dresden Germany


Dresden-autobahnohf-neustadt

We had reservation for Hotel Terrasenufer which is on old socialist times Hotel situated 5 minutes from the Dresden Old City (Alt City) with an unique sideview to Elba River.

Trams-in-Dresden-how-they-look-in-2018.jpg
To reach there, we had to walk about 300 meters and pick up a Tram number 3 and go down on stop the Synagogue tram stop.
Trams in Dresden are clean modern and very fast, so you have a speed which can be a concurrency of a normal Metro.
The overall infrastructure the bus stops and everything is outstanding and designed obviously by great Dresdners great engineering mind.
The city's transportation includes Bus / Tram and Trolley and the frequence of shuttles is really short about 3 / 5 to 10 minutes time.
For most important destinations New / Old / City, I've used Tram or bus number 3 / 7 or 8.

The Synagogue

The Synagogue stop is called that way for a reason as on those stop there is a new rebuild Jewish Synagogue ​
– The Fuhrer Adolf Hitler would definitely not been happy to see it in 2018, but as the War hell is over and German attitudes to Jewish are friendly that's not a problem.

Dresden-Synagogue-building-and-a-bus-station


Hotel Terrasenufer

As I've seen it being lighted and many people to go and go the building it seems the Synagogue is functioning.

Terrasenufer-hotel-near-Dresden-city-center-for-a-non-smoker-hotel

The Terrassenufer is an inner city street in the city center of Dresden directly on the left bank of the Elbe and part of an important inner-city east-west axis. It runs on the northern edge of the districts Inner Old Town and Pirnaische suburb, following the Elbbogen. It is named after the Brühl Terrace, which stands on its south side. On the terrace bank is the mooring of the Saxon steamship. Parts of the terraced shore are protected as a cultural monument.
 

Terrasenufer-hotel-sideview-over-window-and-the-hotel-room

Terrasenufer is famous for being a non-smoker hotel and even though being an old construction inside is a confortable and the big advantage of it is the rooms are big ones for a hotel rooms (in my opinion). As you can see from the picture the sideview to Elba River and City Center Gothic styled buildings is unique, especially in night time.

Am_Terrassenufer-Dresden-Aussenansicht-night-view-to-Dresden

What is impressing in Germany that it is genererally really clean in the city and obviously it is invested in maintaining the greenery parks, trees. People also are really polite and helpful and most of people speak a decent English.

Dresden food prices the old and new city

The prices of the Alt Stadt city center are a little bit expensive especially for us Bulgarians a decent Dinner costs about 10 to 15 euro, but the new city (Neue Stadt)'s is full of relatively cheap fast food a lot of small breakfast rooms offering Shoarma (Duners) / Pizza / Noodes most of which run and served by Pakistans / Turkish or people from far east and a couple of Asian / Viatnamese run by Chineese / Viatnamese.
To grab one of that "fast foods" costs about 3.50 to 6 euro, a food I tried on a few times is 30 Cm Pizza which costs 4.5 euro and the best thing is the beer's price is 1.50 / 2 euro in some of the pizzerias like for example a small one called Pizza Bitte owned by a Pakistanian guys, where we eat many times and it was pretty good. The prices pretty much okay and not far different from Sofia.
We ate a couple of times at a small pizzeria ran by a Pakistani. The pizza price for that quality was fantastic.

donner_kebap-durum-buzek-pide-gozleme-Dresden

I've spend about 1 week now in Dresden and I can say the city is much calmer and "there is no feeling of stress in the air", people here perhaps of the good living standard seems more relaxed and stressed than in Bulgaria. 
As an ex Eastern Bloc country there are some remains of the Soviet times in Dresden before the fall of the Berlin Wall a building Communistic (Soviet) Mosaic near the square of the Old city is a good example of that.

Dresden Socialist Soviet Architecture remains

Dresden-Communism-socialism-mosaic-remains

Of course as a country which was almost a member of the Soviet Union, there is a lot of pannel construction near the end of the city, but even they are nowadays seriously renovated and doesn't look so scary like a lot of the old unmaintained buildings in Bulgaria, Ukraine (Smaller towns in Russia) and even partially Romania.

Dresden-old-communism-times-blocks


Churches in Dresden and few old city landmarks

A notable building in the city is the Frauenkirche (Protestant Cathedral Church) from year 1738 that was fully destroyed in World War 2.

frauenkirche-dresden-Protestant-Cathedral

and rebuild in 1993 – 1994.

Very near is found a majestic architectural master piece the Catholic Church

Kathedrale_Hofkirche-Dresden-Holy-Trinity

the Catholic Church Holy Trinity (Sanctissimae Trinitatis) of the royal court of Saxony / Katholische HofKirche

Near the Roman-Catholic Gothic Style Church is situated the Zwinger Palace, a unique peace of Barocue Art architecture.

Zwinger_palace-dresden2

Zwinger Palace Dresden

Zwinger-palace-dresden-garden
 

The Orthodox Russian Church

The Address of Orthodox Church in Dresden is Fritz-Löffler-Straße 19, 01069 Dresden an information about their and information about the Holy Liturgies, Vespers and Night services is on Dresden's Church official site here. to reach there from Synague Tram stop near Synagogue I've to pick up Tram Number 3.
As an Orthodox Christian both of them does not hold any spiritual interest, even though I personally think Roman-Catholicism is closer to the true faith which is closer to ours the Holy Eastern Orthodoxy.

The best Architectural master piece in the city in my opinion is the Russian Church / Russisch Orthodoxe Kirche – des Heiligen Simeon vom wunderbaren Berge (Saint Simeon Styler the Younger)

Icon-Ikona-swjatogo-saint-Semiona-Divnogorca-Stylpnik-mladshi-Dresden

and just as a proof of the true faith in my opinion it was not a coincidence that those church was the only building within a wide area which remained relatively intact (only the bell tower suffered damge), through the brutal bombing of city in February 1945 by British / American Allied forces. The Church has a historical value as it was build in 1872 – 1874 before Soviet Revolution in 1917 During Russian Empire Tsarist times and (currently is about 147 years old). 

Russian-Church-Dresden-saint-Simeon-Divnogorec

The world famous Russian Composer Rachmaninov himself as he lived a 3 winters in Dresden donated money for a new gas installation of the Church which is in operation to this very day.

saint-Simeon-Divnogorec-Orthodox-Christian-Church-in-Dresden

Russian-Eastern-Orthodox-Church-saint-Simeon-Stylpnik-the-Younger-Divnogorec

In 1875 the Russian Emperor Alexander II visited the Church a memory board donation by him is still present in. It is interesting fact that one of the Great Russian Novelist and perhaps, the greatest psychologist of all times Fyodor Dostoevski named Lubov was baptized in the Orthodox Christian Church

This Sunday I visited the Church for a Sunday Holy Liturgy  and was nicely surprised to find the Church choire was singing like Angels.
The priest is an aged one and seems a very gracious man. The Church was full of people, among which were many young people and parents who brought their kids to receive the Holy Sacraments.

Russian-Church-Dresden-picture-11

Russian-Church-Dresden-picture-12

The Church alter is painted back in the day of Church cration by a German painter the Alter wall of iconostasis is made of marble.

Russian-Church-Dresden-picture-7

As it is often seen in Russian Church, there is a crucifix on one of the sides of the Church in those it was left side and in front as usual were burning candles for remember of deceased.

Russian-Church-Dresden-picture-4

Among the impressing bits of the Dresden Orthodox Church are the Window glass frescos, that are so common for Western Europe Cathedrals, except that the frescos are purely Orthodox, it is the first time I saw such and I can see it is really beautiful.

Dresden-Window-on-Dresden-Orthodox-Church-icons-of-Savior-Jesus-Christ-and-the-Holy-Theotokos

Climate in Dresden

The Climate here is more moderate when compared to Bulgarian and even though at times it is a bit windy with a cold wind, the weather feels quite nice in Autumn seasen time and temperatures are more stable – the temporature is stable at least for my stay and it feels more like an Autumn should be and in that sense resembles Dutch climate. The weather is sunny enough so the Dresdener Germans are privileged to have less of that gloomy Netherlands cloudy weather.

The Military History Museum Dresden

Next after the Sunday Holy Liturgy service, I've visited the War Museum (The Bundeswehr Museum of Military History in Dresden) which on address Olbrichtplatz 2, 01099 Dresden.

Military-War-Museum-Dresden-Heavy-tanks-and-war-vehicles

To reach there the Tram number 7 goes from Synagogue Bus stop, the bus stops about 150 meters from the Musem.
The museum exhibits about 10000 military artefacts and things connected to pre and post WW2. 
In the museum coutryard as common for military objects are some old Tanks and heavy military vehicles, tanks, mine destroying machine, cutters, armored personnel carrier and even a Patriot rocket launcher platform and even a nuclear head transporter.
The tanks were mostly German tanks from 1955 'till late 1980s and few Russian machines T72 and other Soviet equipment.

Inside the museum are exhibited many traditional German flags, remains of Napeleon war times, a few Nazis equipment and more modern American one guns, uniforms etc.

German-War-Flag

Most impressing are the few enormous rockets that are directly in the building. The 5 stages show political stuff related to war, old military cars, nearly 10000 war related paintings, flamethowers and reconstruction dummy models of various submarines, tanks, helicopters, ships and pieces of military art and military time German life and propaganda posters from Nazi times ….
war-museum-1-anti-mining-heavy-vehicle

Mine searching and destroying heavy machine

war-museum-2-german-emperialistic-eagle

The German Eagle and Uniforms

war-museum-3-animals-and-war

Animals used in War – museum section

war-museum-4-rockets

Rockets

war-museum-4-russian-old-gazka

Soviet Union Gazka Emergy Medical Aid

war-museum-5-german-tank

German anti-aircraft missle tank with Radar on top

war-museum-6-rocket

Ballistic Rocket (Maybe?)

war-museum-7-miniature-ship

Model of Old Ship

war-museum-8-rocket-launcher

Rocket Launcher

war-museum-10-war-holder

Nuclear Head Transporter

war-museum-11-nato-military-guns

Machine gun rifles

There is perhaps much more to see on Dresden, the Zoo, the Porcelan Museum, the famous Dresden Painting Gall, the Royalty Zwinger Palace, The Semper Opera, The Socialist Museum, The Museum of Hygiene but I still have time for that once I see some more or get impressions I'll come back to update this article. 
 

Make laptop not to sleep on close on Microsoft Windows 10 / Disable notebook LID close sleep Windows


November 8th, 2018

Windows10-Define-power-options-actions-settings

I have to use Windows 10 Enterprise on a notebook for Work purposes once again and use a Docking station connected to an external Display Monitor at the Company Office work location one of the first things to configure is to disable LID Display Sleep on laptop close because otherwise the notebook has to be left opened almost half opened in order to work with the PC to change that unwanted behavior there is an easy way via Windows Control Panel configuration, here is how:

Open

Windows Control Panel 

 


navigate to:

edit-plan-settings-power-settings-windows-10.png

 

 

 

Power Options


choose:

Change advanced power settings, scroll down a bit to:

power-options-power-buttons-and-lid-lid-close-action-do-nothing-windows-10-scresnshot

 

Power Buttons and lid (menu) 


press over it from sub-menu
 

Plugged in

 


Select

 

 

Do nothing

 


That's all from now on closing the notebook when plugged in to the Dock station or to a direct External Monitor will no longer do the sleep.

As you can see from the menus, there is a lot of triggering rules to configure further from Power Management (Advanced Settings) on how applications / USBs / Multimedia and Hard Disks should behave under different power conditions so if you have the time I recommend you go through them and check them for yourself.

Create and Configure SSL bundle file for GoGetSSL issued certificate in Apache Webserver on Linux


November 3rd, 2018

gogetssl-install-certificate-on-linux-howto-sslcertificatechainfile-obsolete

I had a small task to configure a new WildCard SSL for domains on a Debian GNU / Linux Jessie running Apache 2.4.25.

The official documentation on how to install the SSL certificate on Linux given by GoGetSSL (which is by COMODO was obsolete as of time of writting this article and suggested as install instructions:
 

SSLEngine on
SSLCertificateKeyFile /etc/ssl/ssl.key/server.key
SSLCertificateFile /etc/ssl/ssl.crt/yourDomainName.crt
SSLCertificateChainFile /etc/ssl/ssl.crt/yourDomainName.ca-bundle


Adding such configuration to domain Vhost and testing with apache2ctl spits an error like:

 

root@webserver:~# apache2ctl configtest
AH02559: The SSLCertificateChainFile directive (/etc/apache2/sites-enabled/the-domain-name-ssl.conf:17) is deprecated, SSLCertificateFile should be used instead
Syntax OK

 


To make issued GoGetSSL work with Debian Linux, hence, here is the few things done:

The files issued by Gogetssl.COM were the following:

 

AddTrust_External_CA_Root.crt
COMODO_RSA_Certification_Authority.crt
the-domain-name.crt


The webserver had already SSL support via mod_ssl Apache module, e.g.:

 

root@webserver:~# ls -al /etc/apache2/mods-available/*ssl*
-rw-r–r– 1 root root 3112 окт 21  2017 /etc/apache2/mods-available/ssl.conf
-rw-r–r– 1 root root   97 сеп 19  2017 /etc/apache2/mods-available/ssl.load
root@webserver:~# ls -al /etc/apache2/mods-enabled/*ssl*
lrwxrwxrwx 1 root root 26 окт 19  2017 /etc/apache2/mods-enabled/ssl.conf -> ../mods-available/ssl.conf
lrwxrwxrwx 1 root root 26 окт 19  2017 /etc/apache2/mods-enabled/ssl.load -> ../mods-available/ssl.load


For those who doesn't have mod_ssl enabled, to enable it quickly run:

 

# a2enmod ssl


The VirtualHost used for the domains had Apache config as below:

 

 

 

NameVirtualHost *:443

<VirtualHost *:443>
    ServerAdmin support@the-domain-name.com
    ServerName the-domain-name.com
    ServerAlias *.the-domain-name.com the-domain-name.com

    DocumentRoot /home/the-domain-namecom/www
    SSLEngine On
#    <Directory />
#        Options FollowSymLinks
#        AllowOverride None
#    </Directory>
    <Directory /home/the-domain-namecom/www>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Include /home/the-domain-namecom/www/htaccess_new.txt
        Order allow,deny
        allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/access.log combined

#    Alias /doc/ "/usr/share/doc/"
#   <Directory "/usr/share/doc/">
#       Options Indexes MultiViews FollowSymLinks
#       AllowOverride None
#       Order deny,allow
#       Deny from all
#       Allow from 127.0.0.0/255.0.0.0 ::1/128
#   </Directory>
SSLCertificateKeyFile /etc/apache2/ssl/the-domain-name.com.key
SSLCertificateFile /etc/apache2/ssl/chain.crt

 

</VirtualHost>

The config directives enabling and making the SSL actually work are:
 

SSLEngine On
SSLCertificateKeyFile /etc/apache2/ssl/the-domain-name.com.key
SSLCertificateFile /etc/apache2/ssl/chain.crt

 

The chain.crt file is actually a bundle file containing a bundle of the gogetssl CA_ROOT and RSA_Certification_Authority 3 files, to prepare that file, I've used bundle.sh small script found on serverfault.com here I've made a mirror of bundle.sh on pc-freak.net here   the script content is as follows:

To prepare the chain.crt  bundle, I ran:

 

sh create-ssl-bundle.sh _iq-test_cc.crt chain.crt
sh create-ssl-bundle.sh _iq-test_cc.crt >chain.crt
sh create-ssl-bundle.sh COMODO_RSA_Certification_Authority.crt >> chain.crt
sh create-ssl-bundle.sh bundle.sh AddTrust_External_CA_Root.crt >> chain.crt


Then I copied the file to /etc/apache2/ssl together with the-domain-name.com.key file earlier generated using openssl command earlier explained in my article how to install RapidSSL certificate on Linux

/etc/apache2/ssl was not previously existing (on Debian Linux), so to create it:

 

root@webserver:~# mkdir /etc/apache2/ssl
root@webserver:~# ls -al /etc/apache2/ssl/chain.crt
-rw-r–r– 1 root root 20641 Nov  2 12:27 /etc/apache2/ssl/chain.crt
root@webserver:~# ls -al /etc/apache2/ssl/the-domain-name.com.key
-rw-r–r– 1 root root 6352 Nov  2 20:35 /etc/apache2/ssl/the-domain-name.com.key

 

As I needed to add the SSL HTTPS configuration for multiple domains, further on I've wrote and used a tiny shell script add_new_vhost.sh which accepts as argument the domain name I want to add. The script works with a sample Skele (Template) file, which is included in the script itself and can be easily modified for the desired vhost config.
To add my multiple domains, I've used the script as follows:
 

sh add_new_vhost.sh add-new-site-domain.com
sh add_new_vhost.sh add-new-site-domain1.com


etc.

Here is the complete script as well:

 

#!/bin/sh
# Shell script to add easily new domains for virtual hosting on Debian machines
# arg1 should be a domain name
# This script takes the domain name which you type as arg1 uses it and creates
# Docroot / cgi-bin directory for the domain, create seperate site's apache log directory
# then takes a skele.com file and substitutes a skele.com with your domain name and directories
# This script's aim is to easily enable sysadmin to add new domains in Debian
sites_base_dir=/var/www/jail/home/www-data/sites/;
# the directory where the skele.com file is
skele_dir=/etc/apache2/sites-available;
# base directory where site log dir to be created
cr_sep_log_file_d=/var/log/apache2/sites;
# owner of the directories
username='www-data';
# read arg0 and arg1
arg0=$0;
arg1=$1;
if [[ -z $arg1 ]]; then
echo "Missing domain name";
exit 1;
fi

 

# skele template
echo "#
#  Example.com (/etc/apache2/sites-available/www.skele.com)
#
<VirtualHost *>
        ServerAdmin admin@design.bg
        ServerName  skele.com
        ServerAlias www.skele.com


        # Indexes + Directory Root.
        DirectoryIndex index.php index.htm index.html index.pl index.cgi index.phtml index.jsp index.py index.asp

        DocumentRoot /var/www/jail/home/www-data/sites/skelecom/www/docs
        ScriptAlias /cgi-bin "/var/www/jail/home/www-data/sites/skelecom/cgi-bin"
        
        # Logfiles
        ErrorLog  /var/log/apache2/sites/skelecom/error.log
        CustomLog /var/log/apache2/sites/skelecom/access.log combined
#       CustomLog /dev/null combined
      <Directory /var/www/jail/home/www-data/sites/skelecom/www/docs/>
                Options FollowSymLinks MultiViews -Includes
                AllowOverride None
                Order allow,deny
                allow from all
                # This directive allows us to have apache2's default start page
                # in /apache2-default/, but still have / go to the right place
#               RedirectMatch ^/$ /apache2-default/
        </Directory>

        <Directory /var/www/jail/home/www-data/sites/skelecom/www/docs/>
                Options FollowSymLinks ExecCGI -Includes
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

</VirtualHost>
" > $skele_dir/skele.com;

domain_dir=$(echo $arg1 | sed -e 's/\.//g');
new_site_dir=$sites_base_dir/$domain_dir/www/docs;
echo "Creating $new_site_dir";
mkdir -p $new_site_dir;
mkdir -p $sites_base_dir/cgi-bin;
echo "Creating sites's Docroot and CGI directory";
chown -R $username:$username $new_site_dir;
chown -R $username:$username $sites_base_dir/cgi-bin;
echo "Creating site's Log files Directory";
mkdir -p $cr_sep_log_file_d/$domain_dir;
echo "Creating sites's VirtualHost file and adding it for startup";
sed -e "s#skele.com#$arg1#g" -e "s#skelecom#$domain_dir#g" $skele_dir/skele.com >> $skele_dir/$arg1;
ln -sf $skele_dir/$arg1 /etc/apache2/sites-enabled/;
echo "All Completed please restart apache /etc/init.d/apache restart to Load the new virtual domain";

# Date Fri Jan 11 16:27:38 EET 2008


Using the script saves a lot of time to manually, copy vhost file and then edit it to change ServerName directive, for vhosts whose configuration is identical and only the ServerName listener has to change, it is perfect to create all necessery domains, I've created a simple text file with each of the domains and run it in a loop:
 

while :; do sh add_new_vhost.sh $i; done < domain_list.txt
 

 

How to install custom Font files on Linux with font-viewer, fc-cache, font-manager – Install Church Slavonic fonts on GNU / Linux


October 27th, 2018

install-custom-fonts-on-linux-easily-linux-libertine-alphabet-typography-font-u-shaped

If you're regularly using GIMP for Image Editing or LibreOffice for Office stuff or any other program that you might use to add / edit fonts, then you certainly will come to a point wondering how to manually add new .TTF (TrueType Fonts) or .AFM .PBM.
Using apt-get  install tool multiple fonts can be searched in Debian / Ubuntu repos, but adding a third party fonts provided by some random graphics designer is a necessity.

For example earlier I've blogged on What is Church Slavonic and collected a large collection pack of Church Slavonic fonts ready which I used to install at that time on a Windows 7 PC, question comes how this fonts once downloaded can be added / installed so Xorg running and Font rendering programs on GNU / Linux are aware of the new downloaded fonts and can be used in various programs?

gnome-font-viewer-program-gnu-linux-screenshot

The easiest way to install font in Linux is to Double click over the new font you want to install that would run Font Viewer program in GNOME GUI environment when clicked over fonts the  gnome-font-viewer) opens, however it is tedicious task to install in that manner if you have to instal some new 100 or 200 fonts by clicking over each.

To make the new downloaded pack of fonts on a user level it is as simple as downloading the number of fonts and placing them in $HOME/fonts folder e.g. in ~/.fonts (in some distributions placing the new fonts under ~/usr/local/share/fonts makes them available for use on next Xsession login.

To make new fonts available system-wide (e.g. for all existing or logged in in Xorg) users it is as simple as copying all new font files (TTF, PFM, PFB etc.) you'd like to add to /usr/local/share/fonts:
 

# cp -rpf ~/Desktop/fonts-folder/* /usr/local/share/fonts/


And run fs-cache to rescan and build new font cache files based on the fonts copied

 

 fc-cache -f -v


To check whether the new fonts are present you can list all available fonts with:

 

fc-list

 

/usr/share/fonts/truetype/lato/Lato-Medium.ttf: Lato,Lato Medium:style=Medium,Regular
/usr/share/fonts/truetype/msttcorefonts/comicbd.ttf: Comic Sans MS:style=Bold,Negreta,tučné,fed,Fett,Έντονα,Negrita,Lihavoitu,Gras,Félkövér,Grassetto,
Vet,Halvfet,Pogrubiony,Negrito,Полужирный,Fet,Kalın,Krepko,Lodia
/usr/share/fonts/truetype/lato/Lato-SemiboldItalic.ttf: Lato,
Lato Semibold:style=Semibold Italic,Italic
/usr/local/share/fonts/TriKUcs.pfb: Triodion kUcs:style=Regular
/usr/share/fonts/truetype/dejavu/DejaVuSerif-Bold.ttf: DejaVu Serif:style=Bold
/usr/local/share/fonts/OglUcs8.ttf: Oglavie Ucs:style=Regular
/usr/share/fonts/truetype/noto/NotoSansThai-Regular.ttf: Noto Sans Thai:style=Regular
/usr/local/share/fonts/freefont-20080323/FreeSerifBold.ttf: FreeSerif:style=Bold,polkrepko
/usr/local/share/fonts/TITUSEN.TTF: Titus SyriacEstrangelo:style=Regular
/usr/local/share/fonts/feofanucs.ttf: Feofan Ucs:style=Regular
/usr/local/share/fonts/OstgDSoIEUcs8.ttf: Ostrog\-Dol ieUcs:style=SpacedOut
/usr/share/fonts/truetype/dejavu/DejaVuSansMono.ttf: DejaVu Sans Mono:style=Book
/usr/share/fonts/truetype/noto/NotoSansCypriot-Regular.ttf: Noto Sans Cypriot:style=Regular
/usr/local/share/fonts/ZlatUcs.pfb: Zlatoust Ucs:style=Regular
..
.

 


To look for a certain font supposed to be installed run cmd:

 

fc-list|grep -i "Times New Roman"
/usr/share/fonts/truetype/msttcorefonts/Times_New_Roman.ttf: Times New Roman:style=Regular,Normal,obyčejné,Standard,Κανονικά,
Normaali,Normál,Normale,Standaard,Normalny,Обычный,Normálne,Navadno,thường,Arrunta

 

fc-list|grep -i "slavonic"
/usr/local/share/fonts/TITUSN__.TTF: Titus Slavonic:style=Normal

 


gnome-font-viewer-program-gnu-linux-screenshot

Another good tool for GNOME users is font-manager if you don't have it already installed:

 

apt-get install font-manager


One of the cool things about it is it can show you Licensing of each of system installed fonts the full list of font character sets and could visualize you different pixel font sizes in the so called "waterfall" font view.

Ansible Quick Start Cheatsheet for Linux admins and DevOps engineers


October 24th, 2018

ansible-quick-start-cheetsheet-ansible-logo

Ansible is widely used (Configuration management, deployment, and task execution system) nowadays for mass service depoyments on multiple servers and Clustered environments like, Kubernetes clusters (with multiple pods replicas) virtual swarms running XEN / IPKVM virtualization hosting multiple nodes etc. .

Ansible can be used to configure or deploy GNU / Linux tools and services such as Apache / Squid / Nginx / MySQL / PostgreSQL. etc. It is pretty much like Puppet (server / services lifecycle management) tool , except its less-complecated to start with makes it often a choose as a tool for mass deployment (devops) automation.

Ansible is used for multi-node deployments and remote-task execution on group of servers, the big pro of it it does all its stuff over simple SSH on the remote nodes (servers) and does not require extra services or listening daemons like with Puppet. It combined with Docker containerization is used very much for later deploying later on inside Cloud environments such as Amazon AWS / Google Cloud Platform / SAP HANA / OpenStack etc.

Ansible-Architechture-What-Is-Ansible-Edureka

0. Instaling ansible on Debian / Ubuntu Linux


Ansible is a python script and because of that depends heavily on python so to make it running, you will need to have a working python installed on local and remote servers.

Ansible is as easy to install as running the apt cmd:

 

# apt-get install –yes ansible
 

The following additional packages will be installed:
  ieee-data python-jinja2 python-kerberos python-markupsafe python-netaddr python-paramiko python-selinux python-xmltodict python-yaml
Suggested packages:
  sshpass python-jinja2-doc ipython python-netaddr-docs python-gssapi
Recommended packages:
  python-winrm
The following NEW packages will be installed:
  ansible ieee-data python-jinja2 python-kerberos python-markupsafe python-netaddr python-paramiko python-selinux python-xmltodict python-yaml
0 upgraded, 10 newly installed, 0 to remove and 1 not upgraded.
Need to get 3,413 kB of archives.
After this operation, 22.8 MB of additional disk space will be used.

apt-get install –yes sshpass

 

Installing Ansible on Fedora Linux is done with:

 

# dnf install ansible –yes sshpass

 

On CentOS to install:
 

# yum install ansible –yes sshpass

sshpass needs to be installed only if you plan to use ssh password prompt authentication with ansible.

Ansible is also installable via python-pip tool, if you need to install a specific version of ansible you have to use it instead, the package is available as an installable package on most linux distros.

Ansible has a lot of pros and cons and there are multiple articles already written on people for and against it in favour of Chef or Puppet As I recently started learning Ansible. The most important thing to know about Ansible is though many of the things can be done directly using a simple command line, the tool is planned for remote installing of server services using a specially prepared .yaml format configuration files. The power of Ansible comes of the use of Ansible Playbooks which are yaml scripts that tells ansible how to do its activities step by step on remote server. In this article, I'm giving a quick cheat sheet to start quickly with it.
 

1. Remote commands execution with Ansible
 

First thing to do to start with it is to add the desired hostnames ansible will operate with it can be done either globally (if you have a number of remote nodes) to deploy stuff periodically by using /etc/ansible/hosts or use a custom host script for each and every ansible custom scripts developed.

a. Ansible main config files

A common ansible /etc/ansible/hosts definition looks something like that:

 

# cat /etc/ansible/hosts
[mysqldb]
10.69.2.185
10.69.2.186
[master]
10.69.2.181
[slave]
10.69.2.187
[db-servers]
10.69.2.181
10.69.2.187
[squid]
10.69.2.184

Host to execute on can be also provided via a shell variable $ANSIBLE_HOSTS
b) is remote hosts reachable / execute commands on all remote host

To test whether hour hosts are properly configure from /etc/ansible/hosts you can ping all defined hosts with:

 

ansible all -m ping


ansible-check-hosts-ping-command-screenshot

This makes ansible try to remote to remote hosts (if you have properly configured SSH public key authorization) the command should return success statuses on every host.

 

ansible all -a "ifconfig -a"


If you don't have SSH keys configured you can also authenticate with an argument (assuming) all hosts are configured with same password with:

 

ansible all –ask-pass -a "ip all show" -u hipo –ask-pass


ansible-show-ips-ip-a-command-screenshot-linux

If you have configured group of hosts via hosts file you can also run certain commands on just a certain host group, like so:

 

ansible <host-group> -a <command>

It is a good idea to always check /etc/ansible/ansible.cfg which is the system global (main red ansible config file).

c) List defined host groups
 

ansible localhost -m debug -a 'var=groups.keys()'
ansible localhost -m debug -a 'var=groups'

d) Searching remote server variables

 

# Search remote server variables
ansible localhost -m setup -a 'filter=*ipv4*'

 

 

ansible localhost -m setup -a 'filter=ansible_domain'

 

 

ansible all -m setup -a 'filter=ansible_domain'

 

 

# uninstall package on RPM based distros
ansible centos -s -m yum -a "name=telnet state=absent"
# uninstall package on APT distro
ansible localhost -s -m apt -a "name=telnet state=absent"

 

 

2. Debugging – Listing information about remote hosts (facts) and state of a host

 

# All facts for one host
ansible -m setup
  # Only ansible fact for one host
ansible
-m setup -a 'filter=ansible_eth*'
# Only facter facts but for all hosts
ansible all -m setup -a 'filter=facter_*'


To Save outputted information per-host in separate files in lets say ~/ansible/host_facts

 

ansible all -m setup –tree ~/ansible/host_facts

 

3. Playing with Playbooks deployment scripts

 

a) Syntax Check of a playbook yaml

 

ansible-playbook –syntax-check


b) Run General Infos about a playbook such as get what a playbook would do on remote hosts (tasks to run) and list-hosts defined for a playbook (like above pinging).

 

ansible-playbook –list-hosts
ansible-playbook
–list-tasks


To get the idea about what an yaml playbook looks like, here is example from official ansible docs, that deploys on remote defined hosts a simple Apache webserver.
 


– hosts: webservers
  vars:
    http_port: 80
    max_clients: 200
  remote_user: root
  tasks:
  – name: ensure apache is at the latest version
    yum:
      name: httpd
      state: latest
  – name: write the apache config file
    template:
      src: /srv/httpd.j2
      dest: /etc/httpd.conf
    notify:
    – restart apache
  – name: ensure apache is running
    service:
      name: httpd
      state: started
  handlers:
    – name: restart apache
      service:
        name: httpd
        state: restarted

To give it a quick try save the file as webserver.yml and give it a run via ansible-playbook command
 

ansible-playbook -s playbooks/webserver.yml

 

The -s option instructs ansible to run play on remote server with super user (root) privileges.

The power of ansible is its modules, which are constantly growing over time a complete set of Ansible supported modules is in its official documenation.

Ansible-running-playbook-Commands-Task-script-Successful-output-1024x536

There is a lot of things to say about playbooks, just to give the brief they have there own language like a  templates, tasks, handlers, a playbook could have one or multiple plays inside (for instance instructions for deployment of one or more services).

The downsides of playbooks are they're so hard to write from scratch and edit, because yaml syntaxing is much more stricter than a normal oldschool sysadmin configuration file.
I've stucked with problems with modifying and writting .yaml files and I should say the community in #ansible in irc.freenode.net was very helpful to help me debug the obscure errors.

yamllint (The YAML Linter tool) comes handy at times, when facing yaml syntax errors, to use it install via apt:
 

# apt-get install –yes yamllint


a) Running ansible in "dry mode" just show what ansible might do but not change anything
 

ansible-playbook playbooks/PLAYBOOK_NAME.yml –check


b) Running playbook with different users and separate SSH keys

 

ansible-playbook playbooks/your_playbook.yml –user ansible-user
 
ansible -m ping hosts –private-key=~/.ssh/keys/custom_id_rsa -u centos

 

c) Running ansible playbook only for certain hostnames part of a bigger host group

 

ansible-playbook playbooks/PLAYBOOK_NAME.yml –limit "host1,host2,host3"


d) Run Ansible on remote hosts in parallel

To run in raw of 10 hosts in parallel
 

# Run 10 hosts parallel
ansible-playbook <File.yaml> -f 10            


e) Passing variables to .yaml scripts using commandline

Ansible has ability to pre-define variables from .yml playbooks. This variables later can be passed from shell cli, here is an example:

# Example of variable substitution pass from command line the var in varsubsts.yaml if present is defined / replaced ansible-playbook playbooks/varsubst.yaml –extra-vars "myhosts=localhost gather=yes pkg=telnet"

 

4. Ansible Galaxy (A Docker Hub) like large repository with playbook (script) files

 

Ansible Galaxy has about 10000 active users which are contributing ansible automation playbooks in fields such as Development / Networking / Cloud / Monitoring / Database / Web / Security etc.

To install from ansible galaxy use ansible-galaxy

# install from galaxy the geerlingguy mysql playbook
ansible-galaxy install geerlingguy.mysql


The available packages you can use as a template for your purpose are not so much as with Puppet as Ansible is younger and not corporate supported like Puppet, anyhow they are a lot and does cover most basic sysadmin needs for mass deployments, besides there are plenty of other unofficial yaml ansible scripts in various github repos.