Linux, Cloud, Security and beyond
Download and install the stress test tool
sudo amazon-linux-extras install epel -y
sudo yum install stress -y
Launch the stress test in background (for 800 seconds in that example)
sudo stress --cpu 8 --timeout 800 &
Check the stress test processes with the top command
top
Manually stop the stress test (if needed)
sudo killall stress
A lot of the time, when you are editing DNS records, there is a confusion between acronyms.
A Record, CNAME, MX, TXT, etc What are all these? Please read on
TOP level domain > .com .net
Second Level domain .co.nz .com.au etc
SOA record Start of Authority record -> it just simply all details about the domain for example, nameservers, name of the admin, TTL etc.
A Record is used to translate the domain name to its IP address.
yourdomain.com points to> 50.63.202.11
NS Record Name Server Record ns1.yourhosting.com ns2.yourhosting.com
PTR record is a reverse of A record. It looks up for name against IP address.
CNAME stands for Canonical name
Suppose you have an existing domain (DomainA) resolving to an IP address. And the you purchased a second domain (DomainB).
You dont want DomainB to resolve to different IP address. You want to point it to the same IP address as domain A.
What you can do is map the second domain (DomainB) to the existing domain (DomainA) so that the resolve to the same IP address as DomainA.
The result is when a user enters any of these domains, it will direct them to the same website (or same IP address).
Throw in a Nerdy side of me, you can remember CNAME like this.
Who is Bruce Wayne > Look up for Batman > and Batman stays at 1007 Mountain Drive, Gotham.
ALIAs is just like CNAME but the difference is you cant have CNAME for naked domain names, for example mydomain.com
It has to be either A record or an ALIAS.
ALIASes are normally used in AWS to point to AWS resources like EC2, S3, load balancers etc.
TTL Time to live, its basically Caching on either the resolving server or on your local system.
The lower the TTL, the faster it resolves. It could take 48 hours to propagate on all the servers throughout the internet.
MX records are mainly used for emails, if you are setting up an email like mymail@mydomain.com, then you are going to use this.
There are two ways to access AWS environments.
1) Console Access
2) Programmatic Access
1) Console Access is when you access to AWS portal with your username and password. The GUI interface
2) In Programmatic Access, you are accessing AWS resources using Command lines, Powershell or SDKs.
-> With Programmatic Access, you are accessing using Access Key ID and Secret Access Keys.
Access Key ID and Secret Access Keys are different from your username and password.
When you create your first AWS account, Access Key ID and Secret Access Keys are also created.
It is important to secure or disable them, and not share these Access Key ID and Secret Access Keys otherwise this will give you the root access to your AWS account.
The best practice would be to create a new user and give specific permissions rather than using the root account.
AWS STS Security Token Service is another way to create a temporary, Limited-privileges credentials to IAM users.
To Disable Access Key, navigate to Identity and Access Management (IAM) under Services. > Manage Access Keys.
Disabling this is one way to secure the account, if programmatic access is not required.
Teza
Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/path/to/my/key.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /path/to/my/key.pem
Permission denied (publickey).
It’s a common error to see when trying to log in to a server via SSH, and it has a relatively easy fix. But before we get to that, let’s get some background on why this error shows up.
What happened is the key you’re trying to use (key.pem in the example above) is too accessible to users on the system.
This is a bad thing because then you’re not the only one able to use the key, which defeats the purpose. Private keys should only be accessible to one user.
For example, if an attacker somehow gains access to any of the accounts on your system, then they’d be able access the key, as opposed to having to get access to your account specifically. This gives them too many opportunities to get to the private key.
Like I said earlier, this is an easy fix. Just run:
$ sudo chmod 600 /path/to/my/key.pem
Or if you are running gui, locate the pem file, right click and change the permissions as per below.
That should do the job.
Vivaldi is a great browser, very fast, tons of control, very good for Pravacy and security but at some point, for whatever reason if you are to uninstall Vivaldi and going back to one of the mainstream browsers like Chrome or Firefox, you might encounter errors like below.
This is because you uninstalled Vivaldi and the path is no longer there, however, when you opens a link, it is still looking for Vivaldi.
2 options here, install Vivaldi back or select the alternative browser. update-alternatives x-www-browsers to list the alternatives and select the current choice.
just my side note.
When trying to connect to amazon container services, ECR ( Elastic Container Registry), there are a few steps you need to configure first before successfully connecting, otherwise you will get the error like below.
Error: Cannot perform an interactive login from a non TTY device
check docker version, if no docker installed, install it first.
$docker –version
check AWS CLI version, if no AWS CLI installed, install link below.
https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html
$aws –version
Configure AWS CLI
$AWS configure
You will need Access Key ID and Secret Access Key
680501633545.dkr.ecr.us-west-1.amazonaws.com/repo1
for more information, please refer below link.
Terraform is a IaaC tool developed by Hashicorp. It can be used with multiple platforms like AWS, Microsoft Azure, GCP and provision different environments.
Running Terraform is simple, you simply need to install Terraform first on the host you intend to run, whether it be local, remote or cloud hosts. Move to desired location /usr/local/bin. Then create a Terraform config file – which is written in HCL (Hashicorp Config Language) that ends with .tf extension.
Using simple commands like Terraform init, plan, apply, destroy, you can manage and provision infrastructure safely and efficiently.
See my Video tutorial on setting up Terraform on AWS EC2 instance.
Here are some Azure tutorials that I have created.
The reason why I create video tutorial is because I can help others while I am improving myself learning.
To create a tutorial, I need to know every single details about my topic. Therefore I got to prepare more and learn more by creating these tutorials.
These contents are free for educational non-profit purposes. I have put time and effort to create these tutorials.
If you push a subscribe button on my channel, I would be much appreciated and this will also encourage me to create more tutorial videos. Thanks.
With Infrastructure as a Code IaaC, you can manage any infrastructure such as Network, Servers, Storage and Applications. There are many common IaC tools. Although you can use any combination of these tools to create similar solutions, these are strength in each tools and these are my preferences to achieve different goals.
Image Templates
You need image templates to create custom images of a Virtual Image or Container.
Then you will need software and dependencies installed on it. My weapon of Choice – Docker
Configuration Management
Ansible – the strength of this tool is that it is Idempotent. There is Ansible Playbook will which will check with repository. You can run the code multiple times and every time you run the code, it will only make changes to the difference and bring the code to defined state.
Provisioning Tools
Terraform – This Hashicorp tool supports almost every infrastructure and it can be set up on many platforms, AWS, VMware, Azure, you name it.
Cloud Formation – simply because it is AWS proprietary. If your job has alot to do with AWS, Cloud Formation is the way to go.
Teza