To install gcloud sdk on Linux, run
# curl https://sdk.cloud.google.com | bash
If you get the following error. Most probably IPv6 is enabled on Linux.
ERROR: (gcloud.components.update) Failed to fetch component listing from server. Check your network settings and try again.
I disabled it temporarily and installed gcloud successfully. Run the following command to disable IPv6.
# sysctl net.ipv6.conf.all.disable_ipv6=1
ismail yenigul
Docker comes with command completion for the bash and zsh shell.
Here is the procedure to enable bash auto completion in Docker CE on Centos 7 and Ubuntu
Install bash-completion package
on CentOS/RedHat
# yum -y install bash-completion
on Ubuntu
apt-get install bash-completion
Download bash completion file into /etc/bash_completion.d
# curl https://raw.githubusercontent.com/docker/docker-ce/master/components/cli/contrib/completion/bash/docker -o /etc/bash_completion.d/docker.sh
Logout and login again.
When I type docker im and enter TAB then, I will get the possible parameters
# docker im<TAB> image images import
If I type docker images then TAB, docker will list the available images.
# docker images <TAB> nginx:latest redis
It alo shows us the parameter of each command
# docker ps -<TAB> -a -f --format -l --latest --no-trunc --quiet --size --all --filter --help --last -n -q -s
İsmail Yenigül
Linux & AWS Certified Cloud Expert
Access Scope is almost same as AWS IAM Role. You can define an IAM role while creating an instance on AWS and you can’t change the IAM role name but you can modify later whether instance is running or stopped.
Unfortunately GCP does not allow to update access scopes on an already running instance.
When you launch the instance, the instance is automatically enabled to run as the default service account, with the following access scopes:
Default Acces Score: read-only access to Storage and Service Management, write access to Stackdriver Logging and Monitoring, read/write access to Service Control
So, when you want to write Google Cloud Storage bucket you have to create a new service account and assign to the instance or you have to modify the access scope.
As of Now, you can’t modify access scopeof the running instance. You have to stop the instance ,click edit and change access scope value as “Set access for each API”
and edit desired GCP component and access level
then you can start the instance
ismail yenigul
AWS Certified Cloud Expert
If you see the following error while running ./certbot-auto on Centos 6
Error: Command ‘[‘/opt/eff.org/certbot/venv/bin/python3’, ‘-Im’, ‘ensurepip’, ‘–upgrade’, ‘–default-pip’]’ returned non-zero exit status 1
Simply run export LC_ALL=C
and then repeat your certbot-auto command.
when you installing a new letsencrypt ssl for a domain with certbot
# certbot –apache -d mydomain.com
I got “Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA” error message
As mentioned in the following url, my ubuntu cerbot package from ppa:certbot/certbot repo is outdated.
Solution until we get a package update for certbot:
Stop apache temporarily run the following command when you finish your certification process. Start apache again.
# /etc/init.d/apache2 stop
# certbot –authenticator standalone –installer apache -d mydomain.com
# /etc/init.d/apache2 start
If you are using nginx simply change the installer parameter apache with nginx
Alternatively you can update your certbot with certbot-auto
ismail yenigul
AWS Certified Cloud Expert
Here is to commands to install docker and run with a non-privileged user
Centos 7
sudo su - yum install -y yum-utils device-mapper-persistent-data lvm2 yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo yum install docker-ce -y systemctl start docker systemctl enable docker usermod -aG docker myuser
Ubuntu 16.04-LTS
sudo su - apt-get update apt-get install apt-transport-https ca-certificates curl software-properties-common curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" apt-get update apt-get install docker-ce usermod -aG docker myuser
Notes:
$ ls -al /var/run/docker.sock srw-rw----. 1 root docker 0 Feb 3 05:33 /var/run/docker.sock
then login with myuser (if you already login, then logout and login again)
run some docker commands to test
$ docker run hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly
ismail yenigul
AWS Certified Cloud Expert
when you run a docker command via crontab like below
# /usr/bin/docker exec -it containername /path/to/command
you will get “the input device is not a TTY” error message. To fix it simply remote -t parameter
-t, –tty Allocate a pseudo-TTY
and use only -i
Also no need to mention! Always use full path for the commands in cron or use PATH variable.
ismail yenigul
We switched from a t2.xlarge instance type to m4.2xlarge, we lost the network connectivity for our Ubuntu instance.
I change back to t2 instance type the instance become reachable again.
when I check /var/log/cloud-init.log, AWS m4 instance ethernet interface name changed to ens3.
Performing a dhcp discovery on ens3
but 50-cloud-init.cfg was not updated. It has old eth0 ethernet name
# cat /etc/network/interfaces.d/50-cloud-init.cfg
# This file is generated from information provided by
# the datasource. Changes to it will not persist across an instance.
# To disable cloud-init’s network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
to solve the issue,
I added the following lines into /etc/network/interfaces and stop the instance & change the instance type
auto ens3
iface ens3 inet dhcp
ismail yenigul
AWS Certified Solution Architect
Apache
install&enable mod rewrite & ssl
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
If you use Amazon linux and installed Amazon linux http package(ie httpd24-2.4.27-3.75.amzn1)
then you need to install mod24_ssl instead of mod_ssl
sudo yum install -y mod24_ssl
nginx
in server block;
if ($scheme != “https”) {
return 301 https://$server_name$request_uri;
}
If you want to redirect www to base domain simply replace $server_name with your base domain(example.com)
you may get “Error unable to get local issuer certificate getting chain.” while creating a keystore in the pkcs12 with Letsencrypt certificate. You need to create CAFile to fix this issue.
install openjdk-8-jre for keytool, if you do not have keytool command on Linux
# sudo apt-get install openjdk-8-jre
To create CAFile, download and merge root and intermediate certificate of Letsencrypt at https://letsencrypt.org/certs
# wget https://letsencrypt.org/certs/isrgrootx1.pem.txt #
# wget https://letsencrypt.org/certs/letsencryptauthorityx3.pem.txt
# cat isrgrootx1.pem.txt letsencryptauthorityx3.pem.txt > letsencryptCA.pem
# openssl pkcs12 -export -in domain.crt -inkey domain.key -chain -CAfile letsencryptCA.pem -name “mycert” -out myapp.p12
# keytool -importkeystore -deststorepass myapppass -destkeystore myapp.keystore -srckeystore myapp.p12 -srcstoretype PKCS12
Verify the keystore;
# keytool -list -v -keystore myapp.keystore -storepass myapppass
Now you can use this keystore on Tomcat/Jboss
ismail yenigul
ismailyenigul 