tag:blogger.com,1999:blog-54372558136710133442021-10-05T05:44:02.810+05:30Blog of Thilina PiyasundaraImagination makes a better world ...Thilina Piyasundarahttp://www.blogger.com/profile/11398333907049187247noreply@blogger.comBlogger138125tag:blogger.com,1999:blog-5437255813671013344.post-39751974800463251572019-03-01T05:15:00.000+05:302019-03-01T05:31:15.078+05:30Running bolt with passphrase protected ssh key on MacOS.<br />I tried to run bolt in my mac and got following error.<br /><br /><hr /><pre class="prittyprint prettyprinted">MacBook-Pro:~ thilina$ bolt command run 'ls' -n 192.168.1.35 -u thilina<br />Started on 192.168.1.35...<br />dyld: lazy symbol binding failed: Symbol not found: _SHA512Init<br /> Referenced from: /opt/puppetlabs/bolt/lib/ruby/gems/2.5.0/gems/bcrypt_pbkdf-1.0.0/lib/bcrypt_pbkdf_ext.bundle<br /> Expected in: flat namespace<br /><br />dyld: Symbol not found: _SHA512Init<br /> Referenced from: /opt/puppetlabs/bolt/lib/ruby/gems/2.5.0/gems/bcrypt_pbkdf-1.0.0/lib/bcrypt_pbkdf_ext.bundle<br /> Expected in: flat namespace<br /><br />/opt/puppetlabs/bin/bolt: line 4: 74325 Abort trap: 6 env -u GEM_HOME -u GEM_PATH -u DLN_LIBRARY_PATH -u RUBYLIB -u RUBYLIB_PREFIX -u RUBYOPT -u RUBYPATH -u RUBYSHELL -u LD_LIBRARY_PATH -u LD_PRELOAD SHELL=/bin/sh /opt/puppetlabs/bolt/bin/bolt "$@"<br /></pre><hr /><br />So I add my private key to ssh authentication agent using ssh-add. Following is to reproduce it and the workaround it until bolt devs give a proper patch [<a href="https://tickets.puppetlabs.com/browse/BOLT-939" target="_blank">1</a>].<br /><br />Reproduce: <br /><hr /><pre class="prittyprint prettyprinted">MacBook-Pro:~ thilina$ ssh-add -D<br />All identities removed.<br />MacBook-Pro:~ thilina$ bolt command run 'ls' -n 192.168.1.35 -u thilina<br />Started on 192.168.1.35...<br />dyld: lazy symbol binding failed: Symbol not found: _SHA512Init<br /> Referenced from: /opt/puppetlabs/bolt/lib/ruby/gems/2.5.0/gems/bcrypt_pbkdf-1.0.0/lib/bcrypt_pbkdf_ext.bundle<br /> Expected in: flat namespace<br /><br />dyld: Symbol not found: _SHA512Init<br /> Referenced from: /opt/puppetlabs/bolt/lib/ruby/gems/2.5.0/gems/bcrypt_pbkdf-1.0.0/lib/bcrypt_pbkdf_ext.bundle<br /> Expected in: flat namespace<br /><br />/opt/puppetlabs/bin/bolt: line 4: 74325 Abort trap: 6 env -u GEM_HOME -u GEM_PATH -u DLN_LIBRARY_PATH -u RUBYLIB -u RUBYLIB_PREFIX -u RUBYOPT -u RUBYPATH -u RUBYSHELL -u LD_LIBRARY_PATH -u LD_PRELOAD SHELL=/bin/sh /opt/puppetlabs/bolt/bin/bolt "$@"<br />MacBook-Pro:~ thilina$</pre><hr /><br />Solution: <br /><hr /><pre class="prittyprint prettyprinted">MacBook-Pro:~ thilina$ ssh-add ~/.ssh/id_rsa<br />Enter passphrase for ~/.ssh/id_rsa:<br />Identity added: ~/.ssh/id_rsa (thilina)<br />MacBook-Pro:~ thilina$</pre><hr /><br />Test: <br /><hr /><pre class="prittyprint prettyprinted">MacBook-Pro:~ thilina$ bolt command run 'ls' -n 192.168.1.35 -u thilina<br />Started on 192.168.1.35...<br />Finished on 192.168.1.35:<br />Successful on 1 node: 192.168.1.35<br />Ran on 1 node in 0.30 seconds<br />MacBook-Pro:~ thilina$<br /></pre><hr /><div class="blogger-post-footer"><div align="center"><a href="http://blog.thilina.org" target="_blank">තිළිණ පියසුන්දර | 2009 © 2013 | Thilina Piyasundara</a></div></div>Thilina Piyasundarahttp://www.blogger.com/profile/11398333907049187247noreply@blogger.com1tag:blogger.com,1999:blog-5437255813671013344.post-199457244834151742017-11-11T08:45:00.001+05:302017-11-11T08:45:40.297+05:30Run a Mongo cluster with authentication on kubernetes using StatefulSets.With StatefulSets running a mongo cluster with persistent storage is easy. <a href="http://blog.kubernetes.io/2017/01/running-mongodb-on-kubernetes-with-statefulsets.html">Kubernetes blog post</a> in [1] explains how to do that. But when we try to enable authentication there is a small problem with the above solution. Problem is we need to start the cluster without replica set (--replSet) option and add the admin user and a key file, then restart with the replica set and the key file.<br /><br />In order to do that we need to modify the above sample code to add a pod life cycle - post start command.<br /><br /><blockquote class="tr_bq"> spec:<br /> terminationGracePeriodSeconds: 10<br /> containers:<br /> - name: mongo<br /> image: mongo:3.4.9<br /> command:<br /> - /bin/sh<br /> - -c<br /> - ><br /> if [ -f /data/db/admin-user.lock ]; then<br /> mongod --replSet rs0 --clusterAuthMode keyFile --keyFile /etc/secrets/mongo.key --setParameter authenticationMechanisms=SCRAM-SHA-1;<br /> else<br /> mongod --auth;<br /> fi;<br /> lifecycle:<br /> postStart:<br /> exec:<br /> command:<br /> - /bin/sh<br /> - -c<br /> - ><br /> if [ ! -f /data/db/admin-user.lock ]; then<br /> sleep 5;<br /> touch /data/db/admin-user.lock<br /> if [ "$HOSTNAME" = "mongo-0" ]; then<br /> mongo --eval 'db = db.getSiblingDB("admin"); db.createUser({ user: "admin", pwd: "password", roles: [{ role: "root", db: "admin" }]});';<br /> fi;<br /> mongod --shutdown;<br /> fi;<br /> ports:<br /> - containerPort: 27017</blockquote><div>If you look at the <b>command</b> section of the above statefulSet part you can see I'm checking for a lock file. If that file exists I will start the cluster with replica set option. Else I will start the cluster with just auth.</div><br />Then you can notice the <b>postStart</b> section. In post start section we can define what to do at the start of a container in a pod. You can refer to <a href="https://blog.openshift.com/kubernetes-pods-life" target="_blank">this post</a> in [2] to get an idea of pod lifecycle. In that it will again check for the lock file. If the file does not exists it will create the file and if the hostname is equal to mongo-o it will add the mongo admin user to the cluster. Then it will stop the node. Stopping the node will result the container to restart. Since we are using persistent storage the initially created lock file will exist. Since the lock file is there command will start the cluster with replica set option and postStart will pass its loop.<br /><h3>Running the mongo cluster</h3>Generate a random key to enable keyFile authentication replication as described in <a href="https://docs.mongodb.com/manual/tutorial/enforce-keyfile-access-control-in-existing-replica-set/" target="_blank">this post</a>.<br /><br /><blockquote class="tr_bq">openssl rand -base64 741 > mongodb-keyfile</blockquote>Create a secret using that random string.<br /><blockquote class="tr_bq">kubectl create secret generic mongo-key --from-file=mongodb-keyfile</blockquote>Create statefulSet and headless service.<br /><blockquote class="tr_bq">kubectl create -f <a href="https://gist.githubusercontent.com/thilinapiy/0c5abc2c0c28efe1bbe2165b0d8dc115/raw/d3d0e64dfd35158907d076422c362f289d124dfc/mongo-statefulset.yaml">https://gist.githubusercontent.com/thilinapiy/0c5abc2c0c28efe1bbe2165b0d8dc115/raw/d3d0e64dfd35158907d076422c362f289d124dfc/mongo-statefulset.yaml</a></blockquote>Scale-up if you need mote high availability.<br /><blockquote class="tr_bq">kubectl scale --replicas=3 statefulset mongo</blockquote>Let me know if you need further help.<br /><br />1. http://blog.kubernetes.io/2017/01/running-mongodb-on-kubernetes-with-statefulsets.html<br />2. https://blog.openshift.com/kubernetes-pods-life<br />3. https://docs.mongodb.com/manual/tutorial/enforce-keyfile-access-control-in-existing-replica-set/<div class="blogger-post-footer"><div align="center"><a href="http://blog.thilina.org" target="_blank">තිළිණ පියසුන්දර | 2009 © 2013 | Thilina Piyasundara</a></div></div>Thilina Piyasundarahttp://www.blogger.com/profile/11398333907049187247noreply@blogger.com0tag:blogger.com,1999:blog-5437255813671013344.post-17044689671729633962017-10-14T08:37:00.000+05:302017-10-14T08:37:09.231+05:30Watch Kubernetes pod events stop/start<br />Run kube proxy to use curl without authentication<br /><br /><code>kubectl proxy</code><br /><br />Run the curl to watch the events and filter it with jq for pod starts and stops. <br /><br /><code>curl -s 127.0.0.1:8001/api/v1/watch/events | jq --raw-output \ 'if .object.reason == "Started" then . elif .object.reason == "Killing" then . else empty end | [.object.firstTimestamp, .object.reason, .object.metadata.namespace, .object.metadata.name] | @csv'</code><br /><br />Output will be <br /><br /><code>"2017-10-14T02:51:31Z","Killing","default","echo-1788535470-v3089.14ed5012be9b81d2" "2017-10-14T02:17:12Z","Started","default","hello-minikube-180744149-7sbj2.14ed4e335345db3d" "2017-10-14T02:17:15Z","Started","kube-system","default-http-backend-27b99.14ed4e341737f843" "2017-10-14T02:17:11Z","Started","kube-system","kube-addon-manager-minikube.14ed4e33195f434a" "2017-10-14T02:17:14Z","Started","kube-system","kube-dns-910330662-78fqv.14ed4e33d9790ee6" "2017-10-14T02:17:15Z","Started","kube-system","kube-dns-910330662-78fqv.14ed4e33e88e1b68" "2017-10-14T02:17:15Z","Started","kube-system","kube-dns-910330662-78fqv.14ed4e3404bfcffc" "2017-10-14T02:17:13Z","Started","kube-system","kube-state-metrics-3741290554-5cv05.14ed4e337556350c" "2017-10-14T02:17:13Z","Started","kube-system","kube-state-metrics-3741290554-5cv05.14ed4e33804c8647" "2017-10-14T02:17:15Z","Started","kube-system","kubernetes-dashboard-8991s.14ed4e340386d190" "2017-10-14T02:54:57Z","Killing","kube-system","kubernetes-dashboard-8991s.14ed5042a8fa1c81" "2017-10-14T02:54:58Z","Started","kube-system","kubernetes-dashboard-xd7h5.14ed5042d33aa3c7" "2017-10-14T02:17:16Z","Started","kube-system","nginx-ingress-controller-9qn5l.14ed4e3426ecdaa8" "2017-10-14T02:55:23Z","Killing","kube-system","nginx-ingress-controller-9qn5l.14ed50489b820cce" "2017-10-14T02:55:37Z","Started","kube-system","nginx-ingress-controller-rf6j3.14ed504c01cf90ea" "2017-10-14T02:17:13Z","Started","kube-system","prometheus-3898748193-jgxzk.14ed4e339109bcb4" "2017-10-14T02:17:14Z","Started","kube-system","prometheus-3898748193-jgxzk.14ed4e33af0e9433" </code><div class="blogger-post-footer"><div align="center"><a href="http://blog.thilina.org" target="_blank">තිළිණ පියසුන්දර | 2009 © 2013 | Thilina Piyasundara</a></div></div>Thilina Piyasundarahttp://www.blogger.com/profile/11398333907049187247noreply@blogger.com0tag:blogger.com,1999:blog-5437255813671013344.post-3931218054101684262017-08-29T10:20:00.004+05:302019-03-01T05:44:48.599+05:30Generate a SANs certificateWe are going to use openssl to generate a certificate with subject alternative names. When we use SANs in a certificate we can use the same certificate to front several websites with different domain names.<br /><br />First we need to generate a private key. Since we are going to use this in a web server like Nginx or apache I'm not going to encrypt the private key with a passphrase. <br /><br /><hr /><pre class="prittyprint prettyprinted">openssl genrsa -out thilina.org.key 2048</pre><hr /><br />Then we need to have a configurations file to add those alternative names into the certificate signing request (CSR).<br /><br />sans.conf<br /><hr /><pre class="prittyprint prettyprinted">[ req ]<br />default_bits = 2048<br />distinguished_name = req_distinguished_name<br />req_extensions = req_ext<br /><br />[ req_distinguished_name ]<br />countryName = Country Name (2 letter code)<br />stateOrProvinceName = State or Province Name (full name)<br />localityName = Locality Name (eg, city)<br />organizationName = Organization Name (eg, company)<br />commonName = Common Name (e.g. server FQDN or YOUR name)<br /><br />[ req_ext ]<br />subjectAltName = @alt_names<br /><br />[alt_names]<br />DNS.1=thilina.org<br />DNS.2=api.thilina.org<br />DNS.3=gateway.thilina.org<br /></pre><hr /><br />Now I'm going to generate the CSR in a single command.<br /><br /><hr /><pre class="prittyprint prettyprinted">openssl req -new -key thilina.org.key -sha256 -nodes -out thilina.org.csr \<br /> -subj "/C=LK/ST=Colombo/L=Colombo/O=Thilina Piyasundara/OU=Home/CN=thilina.org" \<br /> -config san.conf<br /></pre><hr /><br />Print and verify the CSR<br /><br /><hr /><pre class="prittyprint prettyprinted">openssl req -in thilina.org.csr -text -noout</pre><hr /><br /><hr /><pre class="prittyprint prettyprinted">Certificate Request:<br /> Data:<br /> Version: 1 (0x0)<br /> Subject: C = LK, ST = Colombo, L = Colombo, O = Thilina Piyasundara, OU = Home, CN = thilina.org<br /> Subject Public Key Info:<br /> Public Key Algorithm: rsaEncryption<br /> Public-Key: (2048 bit)<br /> Modulus:<br /> 00:d0:13:91:5d:62:7c:4f:57:6d:4c:79:85:59:d8:<br /> c5:ae:50:41:cc:db:fe:b4:75:fc:c1:73:e7:a7:ac:<br /> 89:36:3b:26:08:0f:33:b0:96:5c:29:a1:ee:9a:14:<br /> 13:4b:5b:43:74:74:a2:fd:97:2b:2b:bd:2a:b8:e6:<br /> 22:d2:01:15:f3:7f:e9:d8:c9:d4:65:04:5a:ef:f0:<br /> 03:41:63:56:39:eb:5f:e5:90:de:33:b7:bb:60:0e:<br /> e3:70:79:60:8f:cb:a9:71:3b:e3:0a:b1:17:47:aa:<br /> 41:08:b5:44:5e:1a:a1:fa:a2:ce:ed:18:c5:a3:b0:<br /> 6f:0f:57:ca:ae:28:7f:91:49:14:6b:94:4c:3c:33:<br /> fb:27:ed:77:37:a7:d6:54:4e:a7:6e:bc:c9:a2:a1:<br /> b5:f2:f0:aa:76:64:04:83:96:92:03:36:4c:3e:14:<br /> 0e:97:a6:79:9e:23:c1:2a:c4:7a:3d:6e:f3:1c:40:<br /> e3:d1:61:f2:56:51:8f:0f:04:76:62:ea:b0:1f:94:<br /> e8:a8:8b:54:d6:08:5a:79:a6:a4:a0:00:fb:5f:c3:<br /> d5:d4:50:ea:15:12:ea:9b:10:cc:9a:d9:32:6e:48:<br /> 93:30:4b:e7:2e:fe:a9:a0:31:16:61:24:3f:29:54:<br /> 2a:25:da:d2:b3:6a:d9:d5:a9:51:ee:d3:bb:b9:83:<br /> 86:59<br /> Exponent: 65537 (0x10001)<br /> Attributes:<br /> Requested Extensions:<br /> X509v3 Subject Alternative Name:<br /> DNS:thilina.org, DNS:api.thilina.org, DNS:gateway.thilina.org<br /> Signature Algorithm: sha256WithRSAEncryption<br /> 96:44:43:98:60:76:49:ad:8b:01:65:20:f1:ca:4a:47:84:67:<br /> dc:77:f0:2e:bb:30:68:8b:2f:79:c4:4c:10:91:ec:70:fe:73:<br /> 9c:3e:f4:69:18:8c:34:f6:85:05:26:b1:2a:35:38:f5:93:59:<br /> c2:a4:07:83:73:79:88:9b:ff:17:99:66:34:58:21:bc:de:8e:<br /> 65:b9:50:bb:18:52:53:9b:ed:a3:4e:c7:55:73:2e:42:47:dc:<br /> 94:4d:fb:cc:ba:b1:7a:57:a6:f9:fa:27:a2:54:aa:cd:f6:79:<br /> 3d:b7:0a:82:a3:18:41:ec:f5:db:cc:05:6a:43:64:d7:4a:00:<br /> fe:a3:89:f9:25:f3:79:55:f9:79:3a:b2:96:5e:9d:67:f5:c7:<br /> e4:ab:fc:da:cb:df:f5:76:36:44:fe:d2:87:3a:d7:a2:a9:2e:<br /> fc:7f:ba:a6:12:44:70:e0:c4:42:57:01:1e:51:0a:d4:2e:33:<br /> e2:63:20:c2:9a:07:1b:78:e8:fb:42:b5:e5:85:00:b1:2c:25:<br /> d8:ad:43:af:6a:01:09:59:7e:d0:af:dd:72:f3:93:18:30:38:<br /> c2:b0:6c:8e:88:79:4e:16:fe:e3:87:46:c2:eb:f3:2e:2b:aa:<br /> a7:a9:76:1d:fd:8b:d9:d9:1c:a3:1c:21:db:af:b0:0b:7e:15:<br /> 37:37:0f:25<br /></pre><hr /><br /><br />Validate the key, csr and certificates are matching. <br /><hr /><pre class="prittyprint prettyprinted">openssl rsa -noout -modulus -in domain.key | openssl md5<br />openssl x509 -noout -modulus -in domain.crt | openssl md5<br />openssl req -noout -modulus -in domain.csr | openssl md5<br /></pre><hr /><br /><div class="blogger-post-footer"><div align="center"><a href="http://blog.thilina.org" target="_blank">තිළිණ පියසුන්දර | 2009 © 2013 | Thilina Piyasundara</a></div></div>Thilina Piyasundarahttp://www.blogger.com/profile/11398333907049187247noreply@blogger.com0tag:blogger.com,1999:blog-5437255813671013344.post-21013426821372179102017-02-07T12:19:00.001+05:302017-02-07T13:44:04.541+05:30Running your spring-boot app in BitesizeFirst of all we have to have the spring-boot code in a git(svn) repo. I have create a sample spring-boot application using maven archetypes. You can find the code in;<br /><br /><a href="https://github.com/thilinapiy/SpringBoot">https://github.com/thilinapiy/SpringBoot</a><br /><br />Compile the code and generate the package using following command;<br /><pre class="prittyprint prettyprinted"># cd SpringBoot<br /># mvn clean package<br /></pre>This will build the app and create a jar file called 'SpringBoot-1.0.0.jar'.<br /><br />We can run the application with following command and it will start it in port 8080.<br /><pre class="prittyprint prettyprinted"># java -jar target/SpringBoot-1.0.0.jar<br /></pre>Now we switch to the next part. In this we need to update the bitesize files according to our needs.<br /><br /><a href="https://github.com/thilinapiy/bitesize-spring">https://github.com/thilinapiy/bitesize-spring</a><br /><br />First we'll update the <b>'build.bitesize'</b> file. In this we need to update the projects and name accordingly and give the source code repo url and related details as in all other projects. But if you look at the shell commands you can see that I have modified few of those. I have add the 'mvn clean package' command and change the 'cp' command to copy the build jar to '/app' directory. Then it will build the deb as previous.<br /><pre class="prittyprint prettyprinted">project: spring-dev<br />components:<br /> - name: spring-app<br /> os: linux<br /> repository:<br /> git: git@github.com:thilinapiy/SpringBoot.git<br /> branch: master<br /> build:<br /> - shell: sudo mkdir -p /app<br /> - shell: sudo mvn clean package<br /> - shell: sudo cp -rf target/*.jar /app<br /> - shell: sudo /usr/local/bin/fpm -s dir -n spring-app --iteration $(date "+%Y%m%d%H%M%S") -t deb /app<br /> artifacts:<br /> - location: "*.deb"<br /></pre>Then we'll check the <b>'application.bitesize'</b> file. I have change the 'runtime' to an ububtu-jdk8. Then change the command to run the jar.<br /><pre class="prittyprint prettyprinted">project: spring-dev<br />applications:<br /> - name: spring-app<br /> runtime: ubuntu-jdk8:1.0<br /> version: "0.1.0"<br /> dependencies:<br /> - name: spring-app <br /> type: debian-package<br /> origin:<br /> build: spring-app<br /> version: 1.0<br /> command: "java -jar /app/SpringBoot-1.0.0.jar"<br /></pre>In the <b>'environments.bitesize'</b> I have update the port to 8080.<br /><pre class="prittyprint prettyprinted">project: spring-dev<br />environments:<br /> - name: production<br /> namespace: spring-dev<br /> deployment:<br /> method: rolling-upgrade<br /> services:<br /> - name: spring-app<br /> external_url: spring.dev-bite.io<br /> port: 8080 <br /> ssl: "false"<br /> replicas: 2<br /></pre>In the stackstorm create_ns option give the correct manspace and the repo-url. <br />Reference : <a href="http://docs.prsn.io//deployment-pipeline/readme.html">http://docs.prsn.io//deployment-pipeline/readme.html</a><div class="blogger-post-footer"><div align="center"><a href="http://blog.thilina.org" target="_blank">තිළිණ පියසුන්දර | 2009 © 2013 | Thilina Piyasundara</a></div></div>Thilina Piyasundarahttp://www.blogger.com/profile/11398333907049187247noreply@blogger.com0tag:blogger.com,1999:blog-5437255813671013344.post-73471481806409748952017-02-04T18:31:00.000+05:302017-02-04T18:32:23.754+05:30Granting dbadmin privileges to a user in MongoDB clusterWe need to grant 'dbadmin' privileges to a user called 'store_db_user' to their mondo database in a 4 node cluster.<br /><br />First we need to connect to the primary database of the cluster with super.<br /><br /><pre class="prittyprint prettyprinted"># mongo -u supperuser -p password -h node1.mongo.local</pre><br />If you connect to the primary replica it will change the shell prompt to something like this;<br /><br /><pre class="prittyprint prettyprinted">mongoreplicas:PRIMARY></pre><br />Then you can list down the databases using following command.<br /><br /><pre class="prittyprint prettyprinted">mongoreplicas:PRIMARY>show dbs</pre><pre class="prittyprint prettyprinted">admin 0.078GB<br />local 2.077GB<br />store_db 0.078GB<br /></pre><br />Then switch to the relevant database;<br /><br /><pre class="prittyprint prettyprinted">mongoreplicas:PRIMARY>use store_db</pre><br />And grant permissions;<br /><br /><pre class="prittyprint prettyprinted">mongoreplicas:PRIMARY>db.grantRolesToUser(<br /> "store_db_user",<br /> [<br /> { role: "dbOwner", db: "store_db" },<br /> ]<br />)</pre><br />Exit from the admin user and login to the cluster as the database user.<br /><br /><pre class="prittyprint prettyprinted"># mongo -u store_db_user -p store_passwd -h node1.mongo.local/store_db</pre><br />Validate the change.<br /><br /><pre class="prittyprint prettyprinted">mongoreplicas:PRIMARY>show users<br />{<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>"_id" : "store_db.store_db_user",<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>"user" : "store_db_user",<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>"db" : "store_db",<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>"roles" : [<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>{<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>"role" : "dbOwner",<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>"db" : "store_db"<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>},<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>{<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>"role" : "readWrite",<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>"db" : "store_db"<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>}<br /><span class="Apple-tab-span" style="white-space: pre;"> </span>]<br />}</pre><br /><div class="blogger-post-footer"><div align="center"><a href="http://blog.thilina.org" target="_blank">තිළිණ පියසුන්දර | 2009 © 2013 | Thilina Piyasundara</a></div></div>Thilina Piyasundarahttp://www.blogger.com/profile/11398333907049187247noreply@blogger.com0tag:blogger.com,1999:blog-5437255813671013344.post-85286222895305389472016-04-27T08:28:00.000+05:302016-04-29T11:08:29.345+05:30Running your WordPress blog on WSO2 App CloudWSO2 App Cloud is now supporting Docker base PHP applications. In this blog post I will describe how to install a WordPress blog in this environment. In order to setup a WordPress environment we need to have two things;<br /><br /><ol><li>Web server with PHP support</li><li>MySQL database</li></ol><br />If we have both of these we can start setting up WordPress. In WSO2 App Cloud we can use the PHP application as the WordPress hosting web server which is a PHP enabled Apache web server docker image. Also it provides a database service where you can easily create and manage MySQL databases via the App Cloud user interface (UI).<br /><br /><b><span style="color: #660000;">Note:- </span></b><br /><span style="color: #660000;">For the moment WSO2 App Cloud is on beta therefore these docker images will have only 12h of lifetime with no data persistence in the file storage level. Data on MySQL databases will be safe unless you override. If you need more help don't hesitate to contact Cloud support.</span><br /><br /><b>Creating PHP application</b><br /><br />Signup or signin to WSO2 App Cloud via http://wso2.com/cloud. Then click on the "App Cloud <sub>beta</sub>" section.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-fBdxbQqv8bg/VyAqQTl7oFI/AAAAAAAAA_A/h9hkDEUXkm8Vy6io2ZraeKiJDS39e-j0gCK4B/s1600/Selection_165.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="228" src="https://3.bp.blogspot.com/-fBdxbQqv8bg/VyAqQTl7oFI/AAAAAAAAA_A/h9hkDEUXkm8Vy6io2ZraeKiJDS39e-j0gCK4B/s400/Selection_165.png" width="400" /></a></div>Then it will redirect you to the App Cloud user interface. Click on 'Add New Application' button on the left hand corner.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-UVN8i2wxKV0/VyArIhTJ00I/AAAAAAAAA_U/rpX7Jh6YfXEDCDlr8OhvOgJ1fUxgpZF6QCK4B/s1600/Selection_166.png" imageanchor="1"><img border="0" height="171" src="https://2.bp.blogspot.com/-UVN8i2wxKV0/VyArIhTJ00I/AAAAAAAAA_U/rpX7Jh6YfXEDCDlr8OhvOgJ1fUxgpZF6QCK4B/s400/Selection_166.png" width="400" /></a></div>This will prompt you to several available applications. Select 'PHP Web Application' box and continue.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-LVdq0Lqc9x0/VyArqgnngXI/AAAAAAAAA_g/hsNbQiPBiDApvXOv4R2XzfMUV-z2kBM8gCK4B/s1600/Selection_167.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="211" src="https://4.bp.blogspot.com/-LVdq0Lqc9x0/VyArqgnngXI/AAAAAAAAA_g/hsNbQiPBiDApvXOv4R2XzfMUV-z2kBM8gCK4B/s400/Selection_167.png" width="400" /></a></div>Then it will prompt you a wizard. In that give a proper name and a version to your application. Name and version will be use to generate the domain name for your application.<br /><br />There are several options that you can use to upload PHP content to this application. For the moment I will download the <a href="https://wordpress.org/latest.zip" target="_blank">wordpress-X.X.X.zip</a> file from the <a href="https://wordpress.org/" target="_blank">wordpress</a> site and upload it to application.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-x0EKO2944Wg/VyAsTJ9ohxI/AAAAAAAAA_s/D9Lwjol_rS0v0XRa5ArsicqkkyNO8QTRACK4B/s1600/Selection_168.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://3.bp.blogspot.com/-x0EKO2944Wg/VyAsTJ9ohxI/AAAAAAAAA_s/D9Lwjol_rS0v0XRa5ArsicqkkyNO8QTRACK4B/s400/Selection_168.png" width="381" /></a></div>In the below sections of the UI you can set the run time and container specification. Give the highest Apache version as the runtime and use minimal container speck as wordpress does not require much processing and memory.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-atgxtJksRTA/VyAtS2FjJyI/AAAAAAAAA_8/bkMnHKn5RfgmnMClLW5eWEpg-NjyGChvwCK4B/s1600/Selection_169.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="355" src="https://1.bp.blogspot.com/-atgxtJksRTA/VyAtS2FjJyI/AAAAAAAAA_8/bkMnHKn5RfgmnMClLW5eWEpg-NjyGChvwCK4B/s400/Selection_169.png" width="400" /></a></div>If the things are all set and the file upload is complete click on 'Create' button. You will get the following status pop-up when you click the create button and it will redirect you to the application when its complete.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-xldtHL1mNMw/VyAuRK7Q6JI/AAAAAAAABAI/9D0tiE54qekHGUVSUuXRJnYhf36d36LNACK4B/s1600/Selection_171.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="235" src="https://3.bp.blogspot.com/-xldtHL1mNMw/VyAuRK7Q6JI/AAAAAAAABAI/9D0tiE54qekHGUVSUuXRJnYhf36d36LNACK4B/s400/Selection_171.png" width="400" /></a></div>In the application UI note the URL. Now you can click on the 'Launch App' button so that it will redirect you to your PHP application.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-3yXle1VZnV4/VyAuxIFacKI/AAAAAAAABAQ/B7aX3M-CFhEPQsxzwSFM_Wh2hLaRdZenwCK4B/s1600/Selection_172.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="195" src="https://1.bp.blogspot.com/-3yXle1VZnV4/VyAuxIFacKI/AAAAAAAABAQ/B7aX3M-CFhEPQsxzwSFM_Wh2hLaRdZenwCK4B/s400/Selection_172.png" width="400" /></a></div>Newly installed WordPress site will be like this.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-mE8G7UWoJDs/VyAvNLYBCJI/AAAAAAAABAc/f5IwoemaWNwe_sb6QAs8W7h4z3WqONBHQCK4B/s1600/Selection_173.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="282" src="https://4.bp.blogspot.com/-mE8G7UWoJDs/VyAvNLYBCJI/AAAAAAAABAc/f5IwoemaWNwe_sb6QAs8W7h4z3WqONBHQCK4B/s400/Selection_173.png" width="400" /></a></div>Now we need to provide database details to it. Therefore, we need to create database and a user.<br /><br /><b>Creating database</b><br /><br />Go back to the Application UI and click on 'Back to listing' button.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-Dvahz9JM6RA/VyA0oHABTzI/AAAAAAAABAw/v6wTyknFB4gkob3hpGvf_9dCn5scjxuFQCK4B/s1600/Selection_174.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="347" src="https://4.bp.blogspot.com/-Dvahz9JM6RA/VyA0oHABTzI/AAAAAAAABAw/v6wTyknFB4gkob3hpGvf_9dCn5scjxuFQCK4B/s400/Selection_174.png" width="400" /></a></div>In that UI you can see a button in the top left hand corner called 'Create database'. Click on that.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-aINiBgssHnM/VyA1H1muMCI/AAAAAAAABA4/zh9U5M-WOUMeiyXHSRpsL6lWMb0x8WQZACK4B/s1600/Selection_175.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="197" src="https://4.bp.blogspot.com/-aINiBgssHnM/VyA1H1muMCI/AAAAAAAABA4/zh9U5M-WOUMeiyXHSRpsL6lWMb0x8WQZACK4B/s400/Selection_175.png" width="400" /></a></div>In the create database UI give a database name, database user name and a password . Password need to pass the password policy so you can click on 'Generate password' to generate a secure password easily. By the way of you use generate password option make sure you copy the generated password before you proceed with database creation. Otherwise you may need to reset the password.<br /><br />Also note that database name and database user name will append tenant domain and random string accordingly to the end of both. Therefore, those fields will only get few number of input characters.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-dPWEwyMkaOE/VyA3Vg63p7I/AAAAAAAABBU/upIPxojRoAI-PSTm7S9bqDOvO0qtJmckgCK4B/s1600/Selection_176.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="378" src="https://4.bp.blogspot.com/-dPWEwyMkaOE/VyA3Vg63p7I/AAAAAAAABBU/upIPxojRoAI-PSTm7S9bqDOvO0qtJmckgCK4B/s400/Selection_176.png" width="400" /></a></div><div class="separator" style="clear: both; text-align: center;"></div>If all set then click on 'Create database' button to proceed. After successfully creating the database it will redirect you to a database management user interface like following.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-bYN_pi_ykzc/VyA4QxHm9SI/AAAAAAAABBg/iZmtKe27dcwcyGIzFLZPkyJqTUAZhURswCK4B/s1600/Selection_177.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="176" src="https://4.bp.blogspot.com/-bYN_pi_ykzc/VyA4QxHm9SI/AAAAAAAABBg/iZmtKe27dcwcyGIzFLZPkyJqTUAZhURswCK4B/s640/Selection_177.png" width="640" /></a></div>Now you can use those details to login to the newly create mysql database as follows;<br /><blockquote class="tr_bq">$ mysql -h mysql.storage.cloud.wso2.com -p'<attached password="" user="">' -u <attached user=""> <database name=""></database></attached></attached></blockquote><div>eg :-</div><blockquote class="tr_bq">$ mysql -h mysql.storage.cloud.wso2.com -p'XXXXXXXXX' -u admin_LeWvxS3l wpdb_thilina </blockquote><b>Configuring WordPress</b><br /><br />If the database creation is successful and you can login to it without any issue we can use those details to configure WordPress.<br /><br />Go back to the WordPress UI and click on 'let's go' button. It will prompt to a database configuration wizard. Fill those fields with the details that we got from the previous section.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-JRuJoCF4eoI/VyA7I3LniPI/AAAAAAAABBs/uoOWiQN2Wz4m1givRnQpCz5dgVJza0n7wCK4B/s1600/Selection_178.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="288" src="https://1.bp.blogspot.com/-JRuJoCF4eoI/VyA7I3LniPI/AAAAAAAABBs/uoOWiQN2Wz4m1givRnQpCz5dgVJza0n7wCK4B/s400/Selection_178.png" width="400" /></a></div>If WordPress application can successfully establish a connection with the database using your inputs it will prompt you to a UI as follows.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-x7ODquUkheo/VyA7mdCQH7I/AAAAAAAABB0/R_uggf6ShJEPR0Oqrja_8Ut6hmValUrJgCK4B/s1600/Selection_179.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="150" src="https://4.bp.blogspot.com/-x7ODquUkheo/VyA7mdCQH7I/AAAAAAAABB0/R_uggf6ShJEPR0Oqrja_8Ut6hmValUrJgCK4B/s400/Selection_179.png" width="400" /></a></div>On that click on 'Run the install'. Then WordPress will start populating database tables and insert initial data to the given database.<br /><br />When its complete it will ask for some basic configurations like the site title, admin user name and passwords.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-TK0BmGMuoGg/VyA8k07QmsI/AAAAAAAABCE/6PYU9dPcBAYKJkA4gGxY-rJghx5bDo1dwCK4B/s1600/Selection_180.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://2.bp.blogspot.com/-TK0BmGMuoGg/VyA8k07QmsI/AAAAAAAABCE/6PYU9dPcBAYKJkA4gGxY-rJghx5bDo1dwCK4B/s400/Selection_180.png" width="370" /></a></div>Click on 'Install WordPress' after filling those information. Then it will redirect you to the WordPress admin console login page. Login to that using the username and password gave in the previous section.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-vnQOhxndusc/VyA9OYG5dCI/AAAAAAAABCQ/4UkBlEPuHck-9wv4Y49vpheCKwsvT3xkwCK4B/s1600/Selection_183.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="312" src="https://1.bp.blogspot.com/-vnQOhxndusc/VyA9OYG5dCI/AAAAAAAABCQ/4UkBlEPuHck-9wv4Y49vpheCKwsvT3xkwCK4B/s400/Selection_183.png" width="400" /></a></div>So now WordPress is ready to use. But the existing URL is not very attractive. If you have a domain you can use it as the base URL of this application.<br /><br /><b>Setting custom domain (Optional)</b><br /><br />IN the application UI click on the top left three lines button shown in the following image.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-GhvbnwEc9GI/VyA-oE4UMaI/AAAAAAAABCc/ZBLcL659IwUUON1CDVztM1JdeXEa9HisgCK4B/s1600/Selection_185.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="302" src="https://3.bp.blogspot.com/-GhvbnwEc9GI/VyA-oE4UMaI/AAAAAAAABCc/ZBLcL659IwUUON1CDVztM1JdeXEa9HisgCK4B/s400/Selection_185.png" width="400" /></a></div>It will show some advance configuration that we can use. In that list select the last one 'Custom URL' option.<br /><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-GZGBFkVafkw/VyA_CoAHenI/AAAAAAAABCs/yDUuTUhx0qoMCa9t8Tz__N5P1_VWoi0ZQCK4B/s1600/Selection_186.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="302" src="https://4.bp.blogspot.com/-GZGBFkVafkw/VyA_CoAHenI/AAAAAAAABCs/yDUuTUhx0qoMCa9t8Tz__N5P1_VWoi0ZQCK4B/s400/Selection_186.png" width="400" /></a></div>It will prompt you following user interface. Enter the domain name that you are willing to use.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-KR3yPwaGiiY/VyA_RGrb-vI/AAAAAAAABC4/LStYhMveyrEsM3cVeIxu5XQKxPN-Q2kgQCK4B/s1600/Selection_188.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://2.bp.blogspot.com/-KR3yPwaGiiY/VyA_RGrb-vI/AAAAAAAABC4/LStYhMveyrEsM3cVeIxu5XQKxPN-Q2kgQCK4B/s400/Selection_188.png" width="400" /></a></div>But before you validate make sure you add a DNS CNAME to that domain pointing to you application launch URL.<br /><br />Following is the wizard that I got when adding the CNAME via Godaddy. This user interface and adding CNAME options will be different for you DNS provider.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-EN5Y2Us2iGE/VyA_3NxszmI/AAAAAAAABDE/kJMWYSTBrXUauM1pecCQ7jNJUXCUMqGnwCK4B/s1600/Selection_187.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="385" src="https://3.bp.blogspot.com/-EN5Y2Us2iGE/VyA_3NxszmI/AAAAAAAABDE/kJMWYSTBrXUauM1pecCQ7jNJUXCUMqGnwCK4B/s400/Selection_187.png" width="400" /></a></div>You can validate the CNAME by running 'dig' command in Linux or nslookup in windows.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-dOqrgpmjn4s/VyBAaLf-ZyI/AAAAAAAABDQ/79L7LRKwVBo0xD7Vpk4Yd7D-MLSQYoDeACK4B/s1600/Selection_191.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="40" src="https://1.bp.blogspot.com/-dOqrgpmjn4s/VyBAaLf-ZyI/AAAAAAAABDQ/79L7LRKwVBo0xD7Vpk4Yd7D-MLSQYoDeACK4B/s640/Selection_191.png" width="640" /></a></div>If the CNAME is working click on 'Update'.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-UImtXvvIiJM/VyBA_KYKqoI/AAAAAAAABDg/wi7N8OQPv34MVGRETFTadbfyxOnAF3QuQCK4B/s1600/Selection_189.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="65" src="https://1.bp.blogspot.com/-UImtXvvIiJM/VyBA_KYKqoI/AAAAAAAABDg/wi7N8OQPv34MVGRETFTadbfyxOnAF3QuQCK4B/s400/Selection_189.png" width="400" /></a></div> If that is successful you will get the above notification and if you access that domain name it will show your newly created WordPress blog.<br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-QZu4NP4Sblk/VyBBaYm43cI/AAAAAAAABDo/i4txlRhzLuse7IfEBgpR64lC0_tAICpjACK4B/s1600/Selection_190.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="275" src="https://4.bp.blogspot.com/-QZu4NP4Sblk/VyBBaYm43cI/AAAAAAAABDo/i4txlRhzLuse7IfEBgpR64lC0_tAICpjACK4B/s400/Selection_190.png" width="400" /></a></div><div class="blogger-post-footer"><div align="center"><a href="http://blog.thilina.org" target="_blank">තිළිණ පියසුන්දර | 2009 © 2013 | Thilina Piyasundara</a></div></div>Thilina Piyasundarahttp://www.blogger.com/profile/11398333907049187247noreply@blogger.com1tag:blogger.com,1999:blog-5437255813671013344.post-68939354175205199442016-04-02T14:35:00.000+05:302016-04-02T14:35:41.278+05:30Add Let's Encrypt free SSL certificates to WSO2 API Cloud<a href="https://letsencrypt.org/about/" target="_blank">Let's encrypt</a> is a free and open <a href="https://en.wikipedia.org/wiki/Certificate_authority" target="_blank">certificate authority</a> runs for the public benefit. This service is provided by the Internet Security Research Group and there are lots of companies working with them to make the Internet secure. People who have a domain name can get free SSL certificate for their websites using this service for three months. I they need to use for more than that three months we need to renew the certificate and its also for free. But the best thing is that this certificate is accepted by most of the new web browsers and systems by default. So you don't need to add CA certs to you browsers any more.<br /><br />In this article I will explain how we can use that service to get a free SSL certificate and add that to <a href="http://api.cloud.wso2.com/" target="_blank">WSO2 API Cloud</a>. So that you can have your own API store like;<br /><a href="https://www.blogger.com/goog_995828250"><br /></a><a href="https://store.thilina.piyasundara.org/">https://store.thilina.piyasundara.org</a> <br /><br />In order to do that you need to have following things in hand.<br /><ul><li>Domain name.</li><li>Rights to add/delete/modify DNS A records and CNAMEs.</li><li>Publicly accessible webserver with root access or a home router with port forwarding capabilities. </li></ul><br /><b>Step 1</b><br /><br />If you have a publicly accessible webserver you can skip this step.If you don't have a publicly accessible webserver you can make your home PC/Laptop a temporary webserver if you can do port forwarding/NATing in you home router. I will show how I did that with my ADSL router. You can get help on port forwarding information by referring to this website <a href="http://portforward.com/">http://portforward.com</a>.<br /><br />a. Add a port forwarding rule in your home router.<br /><br />Get your local (laptop) IP (by running ifconfig/ip addr) and put that as the backend server in your router for. Set the WAN port as 80 and LAN port as 80.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-x-kTZBPbRvc/Vv9TT3Uo9bI/AAAAAAAAA9E/lQ5YTI1Ch2kSkIsjagnbVsYqD2zRi6IMw/s1600/Selection_150.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="460" src="https://1.bp.blogspot.com/-x-kTZBPbRvc/Vv9TT3Uo9bI/AAAAAAAAA9E/lQ5YTI1Ch2kSkIsjagnbVsYqD2zRi6IMw/s640/Selection_150.png" width="640" /></a></div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">After adding the rule it will be like this.</div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-I4zkkjDYVfQ/Vv9TdN1oZbI/AAAAAAAAA9M/LSzKy9l3VYE5Dr7vAygbavfG4YAyUFJrQ/s1600/Selection_151.png" imageanchor="1"><img border="0" height="104" src="https://2.bp.blogspot.com/-I4zkkjDYVfQ/Vv9TdN1oZbI/AAAAAAAAA9M/LSzKy9l3VYE5Dr7vAygbavfG4YAyUFJrQ/s640/Selection_151.png" width="640" /></a></div><br />b. Start a webserver in your laptop. We can use the simple Python server for this. Make sure to check the IPTable rules/Firewall rules.<br /><br /><div style="background: #ffffff; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0;"><span style="color: #888888;">mkdir /tmp/www</span><br /><span style="color: #888888;">cd /tmp/www/</span><br /><span style="color: #888888;">echo 'This is my home PC :)' > index.html</span><br /><span style="color: #888888;">sudo python3 -m http.server 80</span><br /></pre></div><br />c. Get the public IP of your router. Go to this link : http://checkip.dyndns.org it will give the public IP address. This IP is changing time-to-time so no worries.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-UeDYxqGHEWg/Vv9UMXyKrMI/AAAAAAAAA9g/3NQgk3CVC4sZt82kH7FHCaDmrzOmjS-4A/s1600/Selection_155.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="84" src="https://1.bp.blogspot.com/-UeDYxqGHEWg/Vv9UMXyKrMI/AAAAAAAAA9g/3NQgk3CVC4sZt82kH7FHCaDmrzOmjS-4A/s320/Selection_155.png" width="320" /></a></div><br />d. Try to access that IP from a browser.<br />If it is giving the expected output you have a publicly accessible webserver.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-YuAfOeWbW-c/Vv9TxaXSXbI/AAAAAAAAA9U/wXr9t4TvbxsExZNzcX13_BqPDe5gEVmDg/s1600/Selection_152.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="92" src="https://1.bp.blogspot.com/-YuAfOeWbW-c/Vv9TxaXSXbI/AAAAAAAAA9U/wXr9t4TvbxsExZNzcX13_BqPDe5gEVmDg/s320/Selection_152.png" width="320" /></a></div><br /><b>Step 2</b><br /><br />Now we need to update a DNS entry. My expectation is to have a single SSL certificate for both domains 'store.thilina.piyasundara.org' and 'api.thilina.piyasundara.org'.<br /><br />a. Go to your DNS provides console and add an A record for both domain names to point to the public IP of your webserver (or the IP that we got from the previous step).<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-ANfSBAUNpNU/Vv9UsN4nd6I/AAAAAAAAA9s/x91h_baSS8IQwHWvPAlpvg3dXtJJdL3Tw/s1600/Selection_153.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="56" src="https://1.bp.blogspot.com/-ANfSBAUNpNU/Vv9UsN4nd6I/AAAAAAAAA9s/x91h_baSS8IQwHWvPAlpvg3dXtJJdL3Tw/s640/Selection_153.png" width="640" /></a></div><br />b. Try to access both via a browser and if its giving the expected out put you can proceed to the next step.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-uCcIkTqQkn8/Vv9VIy_awhI/AAAAAAAAA94/z5VQv7ND-XYVlk2MAiBz-eiwlRYwqAtXw/s1600/Selection_154.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="72" src="https://3.bp.blogspot.com/-uCcIkTqQkn8/Vv9VIy_awhI/AAAAAAAAA94/z5VQv7ND-XYVlk2MAiBz-eiwlRYwqAtXw/s320/Selection_154.png" width="320" /></a></div><br /><b>Step 3</b><br /><br />I'm follow the instruction in the 'let's encrypt' <a href="https://letsencrypt.org/getting-started/" target="_blank">guide</a>. As I'm using the python server I need to use the 'certonly' option when running the command to generate the certs.<br /><br />a. Get the git clone of the letsencrypt project.<br /><br /><div style="background: #ffffff; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0;"><span style="color: #888888;">git clone https://github.com/letsencrypt/letsencrypt</span><br /><span style="color: #888888;">cd letsencrypt</span><br /></pre></div><br />b. Run cert generation command. (this requires root/sudo access)<br /><br /><div style="background: #ffffff; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0;"><span style="color: #888888;">./letsencrypt-auto certonly --webroot -w /tmp/www/ -d store.thilina.piyasundara.org -d api.thilina.piyasundara.org</span><br /></pre></div><br />If this succeed you can find the SSL keys and certs in '/etc/letsencrypt/live/store.thilina.piyasundara.org' location.<br /><br /><b>Step 4</b><br /><br />Check the content of the certs. (Be root before you try to 'ls' that directory)<br /><br /><div style="background: #ffffff; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0;"><span style="color: #888888;">openssl x509 -in cert.pem -text -noout</span><br /></pre></div><br /><b>Step 5</b><br /><br /><a href="https://docs.wso2.com/display/APICloud/Create+and+Publish+an+API" target="_blank">Create an API</a> in WSO2 API Cloud if you don't have one. Else start on adding a <a href="https://docs.wso2.com/display/APICloud/Customize+the+API+Store+and+Gateway+URLs" target="_blank">custom domain</a> to your tenant.<br /><br />a. Remove both A records and add CNAME records to those two domains. Both should point to the domain 'customdns.api.cloud.wso2.com'.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-Xrgc4yXhfK8/Vv9dN5gKb2I/AAAAAAAAA-M/JxEvbQX8oaUDM9mz2HuL2mXorHSqPnrCg/s1600/Selection_156.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="49" src="https://3.bp.blogspot.com/-Xrgc4yXhfK8/Vv9dN5gKb2I/AAAAAAAAA-M/JxEvbQX8oaUDM9mz2HuL2mXorHSqPnrCg/s640/Selection_156.png" width="640" /></a></div><br />b. Now click on the 'Configure' option in the top options bar and select the 'Custom URL' option.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-d7vPrxEwTLs/Vv9eK453w0I/AAAAAAAAA-Y/crrqXvzUhKUrRglRQ55XHUpJHp-x3YdoA/s1600/Selection_157.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="153" src="https://4.bp.blogspot.com/-d7vPrxEwTLs/Vv9eK453w0I/AAAAAAAAA-Y/crrqXvzUhKUrRglRQ55XHUpJHp-x3YdoA/s320/Selection_157.png" width="320" /></a></div><br />c. Make ready you SSL certs. Copy 'cert.pem', 'chain.pem' and 'privkey.pem' to you home directory.<br /><br />d. Modify API store domain. Click on the modify button, add the domain name click on verify. It will take few seconds. If that succeed you have correctly configured the CNAME to point to WSO2 cloud.<br /><br />e. Add cert files to the API Cloud. The order should be the certificate (cert.pem), private key (privatekey.pem) and the CAs chain file (chain.pem). Again it will take sometime to verify uploaded details.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-1GjiYLeFZuE/Vv9g5bJxL7I/AAAAAAAAA-k/VDTEjgyFjoQ8W-9A7A0CazJUKwAHyO3JA/s1600/Selection_158.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="432" src="https://4.bp.blogspot.com/-1GjiYLeFZuE/Vv9g5bJxL7I/AAAAAAAAA-k/VDTEjgyFjoQ8W-9A7A0CazJUKwAHyO3JA/s640/Selection_158.png" width="640" /></a></div><br />f. Update the gateway domain same as the previous.<br /><br />Now if you go the API Store it will show something like this.<br /><div style="text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-8NXIvCvRRFM/Vv9io2Bo4eI/AAAAAAAAA-w/iGr2wByhVwgBAj6hWhRxYPQG4N0eor6pA/s1600/Screenshot%2Bfrom%2B2016-04-02%2B11%253A39%253A39.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://1.bp.blogspot.com/-8NXIvCvRRFM/Vv9io2Bo4eI/AAAAAAAAA-w/iGr2wByhVwgBAj6hWhRxYPQG4N0eor6pA/s640/Screenshot%2Bfrom%2B2016-04-02%2B11%253A39%253A39.png" width="444" /></a></div><br /><br />g. Same way you can use the gateway domain when you need to invoke APIs.<br /><br /><div style="background: #ffffff; overflow: auto; padding: 0.2em 0.6em; width: auto;"><pre style="line-height: 125%; margin: 0;"><span style="color: #888888;">curl -X GET --header 'Accept: application/json' --header 'Authorization: Bearer <access token="">' 'https://gateway.api.cloud.wso2.com:8243/t/thilina/gituser/1.0.0/thilinapiy'</access></span><br /></pre></div><br />Now you don't need '-k' option. If not make sure you operating system (CA list) is up to date.<br /><br /><b>Step 6</b><br /><br />Make sure to remove port forwarding in you home router if you use that and any changes that you make while obtaining the SSL certificates.<br /><br /><div class="blogger-post-footer"><div align="center"><a href="http://blog.thilina.org" target="_blank">තිළිණ පියසුන්දර | 2009 © 2013 | Thilina Piyasundara</a></div></div>Thilina Piyasundarahttp://www.blogger.com/profile/11398333907049187247noreply@blogger.com0Colombo, Sri Lanka6.9270786 79.8612430000000596.8009751 79.69988150000006 7.0531821 80.022604500000057tag:blogger.com,1999:blog-5437255813671013344.post-1073518986539441592014-05-07T13:31:00.001+05:302014-07-08T11:48:22.224+05:30Run WSO2 products in a Docker container<a href="https://www.docker.io/" target="_blank">Docker</a> is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. There are two ways to run docker container;<br /><br />1. Run a pre-build docker image.<br />2. Build your own docker image and use it.<br /><br />In the first option you can use a base image like Ubuntu, CentOS or an image built by someone else like thilina/ubuntu_puppetmaster. You can find these images <a href="http://index.docker.io/">index.docker.io</a><br /><br />In the second option you can build the image using a "<a href="http://docs.docker.io/reference/builder/" target="_blank">Dockerfile</a>". In this approach we can do customizations to the container by editing this file.<br /><br />When creating a docker container for WSO2 products option 2 is the best. I have wrote a sample Dockerfile on <a href="https://github.com/thilinapiy/dockerfiles" target="_blank">github</a>. It describes how to build a Docker container for WSO2 API manager single node implementation. For the moment docker have some limitations like unable to edit the '/etc/hosts' file, etc. If you need to create a clusters of WSO2 products (an API manager cluster in this case) you need to do some additional things like setting up a DNS server, etc.<br /><br /><h3>How to build an API manager docker container?</h3><br />Get a git clone of the build repository.<br /><blockquote class="tr_bq">git clone <a href="https://github.com/thilinapiy/dockerfiles">https://github.com/thilinapiy/dockerfiles</a></blockquote>Download <a href="http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html" target="_blank">Oracle JDK 7</a> tar.gz (not JDK 8) and place it in '/dockerfiles/base/dist/'<br /><blockquote class="tr_bq">mv <download path="">/jdk-7u55-linux-x64.tar.gz /dockerfiles/base/dist/</download></blockquote>Download <a href="http://wso2.com/products/api-manager" target="_blank">WSO2 API manager</a> and place that in '/dockerfiles/base/dist/'<br /><blockquote class="tr_bq">mv <download path="">/wso2am-1.6.0.zip /dockerfiles/base/dist/</download></blockquote>Change directory to '/dockerfiles/base/'.<br /><blockquote class="tr_bq">cd dockerfiles/base/</blockquote>Run docker command to build image.<br /><blockquote class="tr_bq">docker build -t apim_image .</blockquote><h3>How to start API manager from the build image?</h3><br />Start in interactive mode<br /><blockquote class="tr_bq">docker run -i -t --name apim_test apim_image</blockquote>Start in daemon mode<br /><blockquote class="tr_bq">docker run -d --name apim_test apim_image</blockquote>Other options that can use when starting a docker image<br /><blockquote class="tr_bq">--dns < dns server address ><br />--host < hostname of the container ></blockquote><br /><h3>Major disadvantages in docker (for the moment)</h3><div><ul><li>Can't edit the '/etc/hosts' file in the container.</li><li>Can't edit the '/etc/hostname' file. --host option can use to set a hostname when starting.</li><li>Can't change DNS server settings in '/etc/resolve.conf'. --dns option can use to set DNS servers. Therefore, if you need to create a WSO2 product cluster you need to setup a DNS server too.</li></ul><div><h4>Read more about WSO2 API manager : <a href="http://wso2.com/library/webinars/2012/09/wso2-use-case-getting-started-api-manager/" target="_blank">Getting Started with API Manager</a></h4></div></div><div><br /></div><div class="blogger-post-footer"><div align="center"><a href="http://blog.thilina.org" target="_blank">තිළිණ පියසුන්දර | 2009 © 2013 | Thilina Piyasundara</a></div></div>Thilina Piyasundarahttp://www.blogger.com/profile/11398333907049187247noreply@blogger.com0tag:blogger.com,1999:blog-5437255813671013344.post-51480469098331529532014-05-06T19:05:00.001+05:302014-05-22T06:59:18.521+05:30Python 3 appindicator example script for Ubuntu 14.04On Ubuntu 14.04 Python 3 is the default python version. Therefor If you try to run previous appindicator scripts on Ubuntu 14.04 those will not work. This script is done using Python 3 and relevant libraries.<br /><br /><div class="gistLoad" data-id="ad618059af25af8f1b8d" id="gist-GistID">Loading ....</div><script src="https://raw.github.com/moski/gist-Blogger/master/public/gistLoader.js" type="text/javascript"></script><div class="blogger-post-footer"><div align="center"><a href="http://blog.thilina.org" target="_blank">තිළිණ පියසුන්දර | 2009 © 2013 | Thilina Piyasundara</a></div></div>Thilina Piyasundarahttp://www.blogger.com/profile/11398333907049187247noreply@blogger.com0tag:blogger.com,1999:blog-5437255813671013344.post-30636467581390039082014-03-20T21:35:00.000+05:302014-03-23T11:56:41.137+05:30Few best practices on setting up Puppet 3 master/agent environmentPuppet is a configurations management tool like Chef and CFEngine. This tool is to manage configurations of large dynamically changing infrastructures like clouds efficiently. Puppet 3 is the latest release from PuppetLabs but still some operating system distributions does not include those packages in their repositories. So we need to some manual things to install puppet 3.<br /><br />In this post I will explain few best practices to follow when installing a puppet master - agent environment. I have configure puppet master and agent environments several times and came across with this sequence and I think this a good way of doing this. But please note this not "the" best way of doing it and not recommended to use it as it is in a production environment. And also this will not describe about best practises of writing puppet manifests/modules.<br /><b><br /></b><b>Set a domain name for the environment</b><br />First of all use a domain name for your environment. Think that you are going to set up a puppet environment for ABC company, you can set the domain for that as '<i>abc.com</i>' or '<i>dc1.abc.com</i>' (data center 1 of ABC company). If you are doing it for testing purposes its advisory to use '<i>example.com</i>'. '<i>example.com</i>' is a reserved domain name for documentation and example purposes and no one can register that domain, so it will avoid many DNS resolution issues.<br /><br /><b>Give a proper FQDN for each hosts hostname.</b><br />Set a fully qualified domain name (FQDN) to each and every host within the puppet environment including the puppet master node. It will reduce lots of SSL related issues. It is not enough to just to give a hostname because most systems adds a domain (via DHCP) that will introduce some issues. Run '<i>hostname</i>' and ' <i>hostname -f </i>' and see the difference.<br /><br />Use 'puppet' as a prefix as the puppet masters hostname. So it would be like;<br /><br /> puppet.abc.com or<br /> puppet.cd1.adc.com or<br /> puppet.example.com<br /><br />And for the puppet agents;<br /><br /> 8976712.apache.abc.com or<br /> 8976712.apache.dc1.abc.com or<br /> 8976712.apache.example.com<br /><br />Or<br /><br /> 8976712.node001.abc.com or<br /> 8976712.node002.dc1.abc.com or<br /> 8976712.node003.example.com<br /><br />Use a UUID when creating the hostnames for puppet agents. Then give the service name (apache,mysql) or the node number (node002 - if using multiple services in a single server). That name must match the node definitions in the '<i>site.pp</i>' (or 'nodes.pp').<br /><br />Use the '<i>hostname</i>' command and edit the '<i>/etc/hostname</i>' configurations file to change the hostname. You can do it like this, assuming that the host is '<i>8976712.node001.abc.com</i>'<br /><br /># hostname 8976712.node001.abc.com<br /># echo '8976712.node001.abc.com' >/etc/hostname<br /><br /><b>Give and IP address to each FQDN.</b><br />It is a must to give an appropriate IP addresses to each hostname/FQDN. At least, the system should be able to refer to the '<i>/etc/hosts</i>' file and resolve the IP address of the relevant FQDN and should have following entries in the '<i>/etc/hosts</i>' file.<br /><br /> 127.0.0.1 localhost<br /> 127.0.0.1 < local fqdn ><br /> < puppet master ip > < puppet master fqdn ><br /><br />For an example, if you take '<i>8976712.node001.abc.com</i>' node, its '<i>/etc/hosts</i>' file should like this.<br /><br /> 127.0.0.1 localhost<br /> 127.0.0.1 8976712.node001.abc.com<br /> 192.168.1.100 puppet.abc.com<br /><br /><b>Check the system time and timezone information</b><br />Both puppet master and agents should have same system time and time zone on both systems. Use '<i>date</i>' command to check the system time and time zone. Synchronize the system time with a well known time server. Commands are bit different from one distribution to another.<br /><br /><b>Download and install puppet repositories from PuppetLabs website</b><br />PuppetLabs provide an apt and a yum repository. Most distributions does not support puppet 3 for the moment therefore, we need to add those manually.<br /><br />Please refer to <a href="http://docs.puppetlabs.com/guides/puppetlabs_package_repositories.html" target="_blank">"Using the Puppet Labs Package Repositories"</a> article and install the appropriate repository for your system. Then update your repository lists.<br /><br /><b>Install puppet master </b><br />After completing all above steps, then try to install puppet master using a package management system (apt/yum).<br /><br />It's better to go ahead with default setting. But you need to do few changes to some configuration files to make it work as a master-agent environment puppet master server. Use a '<i>autosign.conf</i>' file to automatically sign agents SSL requests. But avoid using ' * ' in that. Better to use it like this;<br /><br />*.abc.com<br /><br />It's better to add the '<i>server=puppet.< domain ></i>' in the '<i>puppet.conf </i>'s '<i>main</i>' section. On Debian based distros change the '<i>start</i>' option in to 'yes' to start the puppet master. After configuring all restart the puppet master service. Open port 8140 from the system firewall specially check that if you are using any RedHat distribution.<br /><br /><b>Track changes</b><br />Use a version controlling system like git or subversion to track changes to puppet manifests. Use branching, versioning/tagging features to do it effectively.<br /><br /><b>Install puppet agent</b><br />First of all it is better to have puppet master installed. Then check the hostname and DNS resolutions for the hostname and puppet master. Then try to install puppet agent using a package management system.<br /><br />You have to do few changes to connect to the puppet master server. Edit the '<i>/etc/puppet/puppet.conf </i>' and add '<i>server=puppet.< domain ></i>' to the '<i>main</i>' section. Change the '<i>start</i>' option to '<i>yes</i>' in '<i>/etc/default/puppet</i>' configuration file in debian based distros. Then restart the puppet agent.<br /><br /><b>Test the system</b><br />Add this into your puppet masters '<i>/etc/puppet/manifests/site.pp</i>' file.<br /><blockquote class="tr_bq">node default {<br /> file { '/tmp/mytestfile.t':<br /> owner => 'root',<br /> group => 'root',<br /> content => "This file was created by puppet.\n",<br /> ensure => present,<br /> }<br />} </blockquote>Then run '<i>puppet agent -vt </i>' on the agent and check the '<i>/tmp '</i> directory.<br /><br /><b>Automated script</b><br />I wrote a script to automate this and you can get it from <a href="https://github.com/thilinapiy/puppetinstall">here</a> on github. It support Debian, RedHat and SLES distributions. If you have any issues please report those to <a href="https://github.com/thilinapiy/puppetinstall/issues">this</a>.<div class="blogger-post-footer"><div align="center"><a href="http://blog.thilina.org" target="_blank">තිළිණ පියසුන්දර | 2009 © 2013 | Thilina Piyasundara</a></div></div>Thilina Piyasundarahttp://www.blogger.com/profile/11398333907049187247noreply@blogger.com0tag:blogger.com,1999:blog-5437255813671013344.post-87897957862761041542014-02-04T21:27:00.001+05:302014-02-04T21:32:53.253+05:30KVM with Virt-Manager as a virtualization tool for LinuxI have use several operating system (OS) level virtualization tools like VMware Workstation, VMware Player, Oracle VirtualBox, Microsoft VirtualPC and KVM for many years. <br /><br />Overall VMware Workstation is the best tool for me. But to use that we need to purchase a license. As an alternative to VMware Workstation we can use VMware player (a stripdown version of WMware Workstation) for free but only for non-commercial use. Also you can't run multiple guest operating systems concurrently using that.<br /><br />As an alternative to VMware products most of linux people use Oracle VirtualBox. I had some issues when I try to NAT a virtual instance (guest OS) on Ubuntu 12.10 (host OS) machine. As a solution for this most blogs forums suggest to change the virtual network option into Bridge. But most networks (including my home wifi network) doesn't allow this option because we do MAC address filtering.<br /><br />Obviously you can not install Microsoft VirtualPC on a Linux host (even with vine). Truly I haven't use Xen, so I can't give any opinions on that.<br /><br />kernel-based virtual machine (KVM) is another tool that we can use to do OS level virtualization. I will explain how to install KVM and Virt-Manager the graphical user interface which can use to interact with KVM on Ubuntu (Check this to <a href="http://blog.thilina.org/2013/04/installing-kvm-in-centos.html" target="_blank">install KVM on CentOS</a>).<br /><br /><h4><a href="http://blog.thilina.org/2014/02/kvm-with-virt-manager-as-virtualization.html#install-kvm-on-ubuntu" name="install-kvm-on-ubuntu">Installing KVM and Virt-manager on Ubuntu</a></h4><br />Update your repository list<br /><blockquote class="tr_bq">sudo apt-get update</blockquote>Install packages and dependencies<br /><blockquote class="tr_bq">sudo apt-get install kvm virt-manager</blockquote>After completing the installation you can search for "Virtual machine Manager" on the search of Ubuntu Unity. Give the sudo password in the popup window.<br /><br />Or else you can use the following command to start the virt-manager GUI from the terminal.<br /><blockquote class="tr_bq">sudo virt-manager</blockquote>In the first attempt it will prompt the following user interface. Use the default settings and click on "connect".<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-0oaq_id5skI/UvB3CQ0dh2I/AAAAAAAAAuM/TWsAKkWfNJ0/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="KVM Virt-Manager add connection" border="0" src="http://1.bp.blogspot.com/-0oaq_id5skI/UvB3CQ0dh2I/AAAAAAAAAuM/TWsAKkWfNJ0/s1600/1.png" height="305" title="KVM Virt-Manager add connection" width="320" /></a></div><br /><h4><a href="http://blog.thilina.org/2014/02/kvm-with-virt-manager-as-virtualization.html#install-kvm-guest-os" name="install-kvm-guest-os">Installing guest operating system in KVM</a></h4><br />Open virt-manager by clicking on the icon from unity search or using command. Then click on the left most icon of the GUI as follows. It will open a wizard to create a new virtual machine.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://3.bp.blogspot.com/-aPON9b6-7eU/UvB3DBhtRjI/AAAAAAAAAuo/jOQ7yFXP_wg/s1600/2.1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Create new virtual machine" border="0" src="http://3.bp.blogspot.com/-aPON9b6-7eU/UvB3DBhtRjI/AAAAAAAAAuo/jOQ7yFXP_wg/s1600/2.1.png" height="55" title="KVM Virt-Manager create new virtual machine" width="320" /></a></div><a href="http://3.bp.blogspot.com/-aPON9b6-7eU/UvB3DBhtRjI/AAAAAAAAAuo/jOQ7yFXP_wg/s1600/2.1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><strike></strike></a><br /><br />Give a proper name, that name will appear on the virt-manager virtual machine list.<br /><br />There are several ways to install an operating system and this tool also support few of them too. Usually we use a boot-able CD/DVD to install an operating system to a new machine/laptop. Also we can directly give the ISO image of an operating system. Therefore, I will go ahead with the "Local installation media" option and click on "Forward"<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-UyQxp5Dyp6A/UvB3CYHMJ3I/AAAAAAAAAuI/Vm9trHfe1fo/s1600/2.0.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-UyQxp5Dyp6A/UvB3CYHMJ3I/AAAAAAAAAuI/Vm9trHfe1fo/s1600/2.0.png" height="279" width="320" /></a></div><br />In this I'm going to give an Ubuntu 12.04 desktop ISO image. Select the "Use ISO image" option and click on "Browse".<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-4U51DbJAM2g/UvB3DXzlOgI/AAAAAAAAAuk/emlO_ufMl-8/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-4U51DbJAM2g/UvB3DXzlOgI/AAAAAAAAAuk/emlO_ufMl-8/s1600/3.png" height="275" width="320" /></a></div><br />It will open another window which will list down all the image files of your virtual machines. Click on the bottom "Browse Local" button and browse to the ISO image that you need to install. Give the OS type and version in relevant fields. Then continue the wizard. <br /><br /><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-f1i-qtO0CL8/UvCFX4yKCGI/AAAAAAAAAvY/6KdNPnm5Ucg/s1600/4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-f1i-qtO0CL8/UvCFX4yKCGI/AAAAAAAAAvY/6KdNPnm5Ucg/s1600/4.png" height="226" width="320" /></a></div><br />You can download those ISO images from relevant websites other than Windows.<br /><br />In this step you need to set the guest machines memory and CPU. As I'm going to install a Ubuntu Desktop with the user interface (UI), I'm going to give 1024 MB of RAM and a single CPU will work for this.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://4.bp.blogspot.com/-jw52c-4G0Rs/UvB3EfqlmWI/AAAAAAAAAu8/6APvKmlUmcE/s1600/5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-jw52c-4G0Rs/UvB3EfqlmWI/AAAAAAAAAu8/6APvKmlUmcE/s1600/5.png" height="277" width="320" /></a></div><br />Now we need to set the disk space. It is enough to give 8-10GB of disk space for a virtual (guest) machine.<br /><br />Specially, remove the default check on the "Allocate entire disk now" option. If you do so, KVM will not allocate full 10GB (or what you set) from your host machines hard disk. It will only use the real data capacity used in the installation and only when you add data to the guest system it will grow. So this save lot of disk space.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://1.bp.blogspot.com/-gNpqJVXUcAw/UvB3EVQ-RYI/AAAAAAAAAu0/3TYuR5yNS20/s1600/6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-gNpqJVXUcAw/UvB3EVQ-RYI/AAAAAAAAAu0/3TYuR5yNS20/s1600/6.png" height="275" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"></div>In the last step you will get a confirmation page.<br /><br /><h4><a href="http://blog.thilina.org/2014/02/kvm-with-virt-manager-as-virtualization.html#kvm-best-practices" name="kvm-best-practices">Few best practices when using KVM</a></h4><ul><li>To run virtual machine manager you need sudo permission. So you can create an alias for this.</li></ul><blockquote class="tr_bq">alias virt-manager='sudo virt-manager'</blockquote><ul><li>Or you can add "NOPASSWD" option to <a href="http://blog.thilina.org/2013/01/run-specific-command-as-root-without.html" target="_blank">sudoers list</a>.</li></ul><blockquote class="tr_bq">sudo visudo</blockquote><ul><li>Add the line with your username</li></ul><blockquote class="tr_bq">username ALL= NOPASSWD: ALL</blockquote><ul><li>Try to use text only installations of operating systems. It will reduce resources (RAM/disk space) usage. Most server edition operating systems by default install the text only (run level 3) environment.</li></ul><ul><li>Use base images</li></ul>Create some base operating system installations in the system. If you need a virtual machine you can get a clone of the base installation and use. In this figure I have create three base images (virtual machines)<br />a CentOS, RHEL and a Ubuntu.<br /><br />Other three machines are clones of a Ubuntu base machine which I used to simulate a Ubuntu base network. After the simulation I can delete those virtual machines with used virtual hard disk (.img file).<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-_6LYHghgj8o/UvB3Cfy92nI/AAAAAAAAAuE/YlzzbI4RXzY/s1600/10.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-_6LYHghgj8o/UvB3Cfy92nI/AAAAAAAAAuE/YlzzbI4RXzY/s1600/10.png" height="320" width="277" /></a></div><br />Install your favorite commonly used tools like vim/emacs, tree, htop, telnet, git, subversion, oracle JDK, links, debug tools and custom scripts.<br /><br />Install additional repositories like EPEL, RPMForge, repos on RedHat base distributions. Puppet repositories on all distributions.<br /><br />So how to clone a virtual machine? Right click on the virtual machine (should be on power off state) and select "Clone" option. It will give the following window. Give a proper name for that and continue it. It will take few minutes to copy and the time will depend on your base image size.<br /><br /><div class="separator" style="clear: both; text-align: center;"><a href="http://3.bp.blogspot.com/-DFdQD3Wwq9Q/UvDZL8OR0CI/AAAAAAAAAvs/f56wSj8v0Ig/s1600/11.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-DFdQD3Wwq9Q/UvDZL8OR0CI/AAAAAAAAAvs/f56wSj8v0Ig/s1600/11.png" height="320" width="284" /></a></div><br />When you need delete a virtual machine, select and right click on that and select "Delete" option. It will prompt another window as follows. Select the "Delete associated storage files" option and it will enable the list of storages which you need to delete in order to save your disk space. Keep in mind not to delete any iso images if those appear on this list.<br /><br /><div class="separator" style="clear: both; text-align: center;"></div><div class="separator" style="clear: both; text-align: center;"><a href="http://2.bp.blogspot.com/-DJDBCsfUT1I/UvDaf-5WWII/AAAAAAAAAv4/qVCJxKllytc/s1600/12.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-DJDBCsfUT1I/UvDaf-5WWII/AAAAAAAAAv4/qVCJxKllytc/s1600/12.png" height="211" width="320" /></a></div><br /> <!-- Blogger automated replacement: "https://images-blogger-opensocial.googleusercontent.com/gadgets/proxy?url=http%3A%2F%2F3.bp.blogspot.com%2F-aPON9b6-7eU%2FUvB3DBhtRjI%2FAAAAAAAAAuo%2FjOQ7yFXP_wg%2Fs1600%2F2.1.png&container=blogger&gadget=a&rewriteMime=image%2F*" with "https://3.bp.blogspot.com/-aPON9b6-7eU/UvB3DBhtRjI/AAAAAAAAAuo/jOQ7yFXP_wg/s1600/2.1.png" --><!-- Blogger automated replacement: "https://3.bp.blogspot.com/-aPON9b6-7eU/UvB3DBhtRjI/AAAAAAAAAuo/jOQ7yFXP_wg/s1600/2.1.png" with "https://3.bp.blogspot.com/-aPON9b6-7eU/UvB3DBhtRjI/AAAAAAAAAuo/jOQ7yFXP_wg/s1600/2.1.png" --><div class="blogger-post-footer"><div align="center"><a href="http://blog.thilina.org" target="_blank">තිළිණ පියසුන්දර | 2009 © 2013 | Thilina Piyasundara</a></div></div>Thilina Piyasundarahttp://www.blogger.com/profile/11398333907049187247noreply@blogger.com0tag:blogger.com,1999:blog-5437255813671013344.post-50263692641721559982014-01-09T12:20:00.000+05:302014-01-09T12:20:46.134+05:30How Netflix Operates Clouds for Maximum Freedom and Agility<div align="center"><iframe allowfullscreen="" frameborder="0" height="315" src="//www.youtube.com/embed/s0rCGFetdtM" width="560"></iframe></div><br />Via Amazon Web Services youtube channel : <a href="http://www.youtube.com/watch?v=s0rCGFetdtM">http://www.youtube.com/watch?v=s0rCGFetdtM</a><div class="blogger-post-footer"><div align="center"><a href="http://blog.thilina.org" target="_blank">තිළිණ පියසුන්දර | 2009 © 2013 | Thilina Piyasundara</a></div></div>Thilina Piyasundarahttp://www.blogger.com/profile/11398333907049187247noreply@blogger.com0tag:blogger.com,1999:blog-5437255813671013344.post-82087291272848482602014-01-08T19:44:00.000+05:302014-01-08T19:44:07.334+05:30What is DevOps?<div align="center"><iframe allowfullscreen="" frameborder="0" height="315" src="//www.youtube.com/embed/_I94-tJlovg" width="560"></iframe></div><br />Via Rackspace youtube channel : <a href="http://www.youtube.com/watch?v=_I94-tJlovg">http://www.youtube.com/watch?v=_I94-tJlovg</a><div class="blogger-post-footer"><div align="center"><a href="http://blog.thilina.org" target="_blank">තිළිණ පියසුන්දර | 2009 © 2013 | Thilina Piyasundara</a></div></div>Thilina Piyasundarahttp://www.blogger.com/profile/11398333907049187247noreply@blogger.com0tag:blogger.com,1999:blog-5437255813671013344.post-54040048465706748352013-10-01T13:22:00.000+05:302013-10-01T13:22:09.114+05:30Regular Expressions<iframe width="560" height="315" src="//www.youtube.com/embed/EkluES9Rvak" frameborder="0" allowfullscreen></iframe><div class="blogger-post-footer"><div align="center"><a href="http://blog.thilina.org" target="_blank">තිළිණ පියසුන්දර | 2009 © 2013 | Thilina Piyasundara</a></div></div>Thilina Piyasundarahttp://www.blogger.com/profile/11398333907049187247noreply@blogger.com0tag:blogger.com,1999:blog-5437255813671013344.post-46292622159437925322013-05-05T10:26:00.000+05:302013-05-05T10:29:29.613+05:30Connect to a Cisco VPN via VPNC using .pcf configurations fileIf you want to connect to a Cisco VPN from a Linux host, its better to use the Cisco AnyConnect VPN client for Linux. It is a free client tool but you need to login to the Cisco website. <br /><br />VPNC is a free VPN client which is capable of connecting to Cisco VPNs (3000).<br /><br />Use yum to install vpnc.<br /><br /><pre class="prittyprint"># yum install vpnc NetworkManager-vpnc vpnc-consoleuser -y</pre><br />It will install all necessary packages. In the installation it create a default configurations file in the configurations directory. You need to backup that.<br /><br /><pre class="prittyprint"># mv /etc/vpnc/default.conf /etc/vpnc/default.conf.bak</pre><br />Then you need to convert the <name>.pcf file into a vpnc configurations file. To do that you need to run a script. <br /><br /># perl /usr/share/doc/vpnc-*/pcf2vpnc your.pcf /etc/vpnc/default.conf</name><br /><br />After creating the configurations file you can try to connect to the VPN by;<br /><br /><pre class="prittyprint"># vpnc</pre><br />It will ask for the user password;<br /><br /><pre class="prittyprint"># Enter password for youusername@your.vpn.server :</pre><br />Give the password. If that succeed you can see a message like this.<br /><br /><pre class="prittyprint"># VPNC started in background (pid: 18957)</pre><br />If you want to disconnect from the VPN, simply type ;<br /><br /><pre class="prittyprint"># vpnc-disconnect</pre><br />Then it will try to disconnect your session from the VPN and will give a message like this.<br /><br /><pre class="prittyprint"># Terminating vpnc daemon (pid: 18957)</pre><br /><br /><div class="blogger-post-footer"><div align="center"><a href="http://blog.thilina.org" target="_blank">තිළිණ පියසුන්දර | 2009 © 2013 | Thilina Piyasundara</a></div></div>Thilina Piyasundarahttp://www.blogger.com/profile/11398333907049187247noreply@blogger.com0tag:blogger.com,1999:blog-5437255813671013344.post-43301747507825348752013-04-28T21:04:00.002+05:302013-04-28T21:04:55.740+05:30Front-end Tools for the Developer<div align="center"><object width="560" height="315"><param name="movie" value="http://www.youtube.com/v/5_nt5qV15po?hl=en_US&version=3&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/5_nt5qV15po?hl=en_US&version=3&rel=0" type="application/x-shockwave-flash" width="560" height="315" allowscriptaccess="always" allowfullscreen="true"></embed></object></div><div class="blogger-post-footer"><div align="center"><a href="http://blog.thilina.org" target="_blank">තිළිණ පියසුන්දර | 2009 © 2013 | Thilina Piyasundara</a></div></div>Thilina Piyasundarahttp://www.blogger.com/profile/11398333907049187247noreply@blogger.com1tag:blogger.com,1999:blog-5437255813671013344.post-16999533391661933562013-04-24T20:30:00.000+05:302013-04-24T20:30:10.950+05:30Virtual Networking in the Cloud<div align="center"><object width="560" height="315"><param name="movie" value="http://www.youtube.com/v/uytmpu5KbZU?hl=en_US&version=3"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/uytmpu5KbZU?hl=en_US&version=3" type="application/x-shockwave-flash" width="560" height="315" allowscriptaccess="always" allowfullscreen="true"></embed></object></div><div class="blogger-post-footer"><div align="center"><a href="http://blog.thilina.org" target="_blank">තිළිණ පියසුන්දර | 2009 © 2013 | Thilina Piyasundara</a></div></div>Thilina Piyasundarahttp://www.blogger.com/profile/11398333907049187247noreply@blogger.com0tag:blogger.com,1999:blog-5437255813671013344.post-14990257495370275102013-04-22T21:25:00.000+05:302013-04-22T21:41:25.510+05:30Setup a RedHat PXE serverYou need to have following packages and services installed and running.<br /><pre class="prittyprint prettyprinted">vsftpd<br />dhcpd<br />xinetd<br />tftpd<br />tftpd-server<br />system-config-netboot<br /></pre>Note: It is better to switch off IPTables untill you complete the hole process.<br /><br />First mount the RHEL DVD to the system.<br /><br />Then install the vsftpd system. I will use the vsftpd-* package in the RHEL6 instalation DVD.<br /><pre class="prittyprint prettyprinted"><br /># cd /media/rhel6/Packages<br /># yum localinstall vsftpd-* -y<br /></pre>Then start the service and switch it on at the startup<br /><pre class="prittyprint prettyprinted"><br /># service vsftpd start<br /># chkconfig vsftpd on<br /></pre>This will install the vsftp on the system. In the installation it will create a directory in "/var/ftp/pub". We can create the OS installation repository on this location. It is the public folder of our FTP server.<br /><pre class="prittyprint prettyprinted"><br />mkdir /var/ftp/pub/rhel6<br /></pre>I copy the full image to that location so we can use a FTP connection to do the installation.<br /><pre class="prittyprint prettyprinted">cp -r /media/rhel6/* /var/ftp/pub/rhel6<br /></pre>Change a repo to use that location as a local repository<br /><pre class="prittyprint prettyprinted"><br /># vim /etc/yum.repos.d/local.repo<br /></pre>on that;<br /><pre class="prittyprint prettyprinted"><br />[localrepo]<br />name= local repository<br />baseurl=ftp://192.168.0.10/pub/rhel6<br />gpgcheck=0<br /></pre>Then install the tftp service<br /><pre class="prittyprint prettyprinted"><br /># yum install -y tftp* xinetd*<br /></pre>Then you need to install the "system-config-netboot" package.<br /><pre class="prittyprint prettyprinted"><br /># wget http://mirrors.kernel.org/centos/5/os/x86_64/CentOS/alchemist-1.0.36-2.el5.x86_64.rpm<br /># wget http://mirrors.kernel.org/centos/5/os/x86_64/CentOS/system-config-netboot-0.1.45.1-5.el5.noarch.rpm<br /># wget http://mirrors.kernel.org/centos/5/os/x86_64/CentOS/system-config-netboot-cmd-0.1.45.1-5.el5.noarch.rpm<br /></pre>"system-config-netboot" depends on "alchemist-" package and it depends on "python-abi" package. Then again "python-abi" requires python-2.4 to install it, but RHEL6 almost have the latest python-2.6. So we install the "alchemist-" with --nodeps flag.<br /><pre class="prittyprint prettyprinted"><br /># rpm -ivh alchemist-1.0.36-2.el5.x86_64.rpm --nodeps<br /># rpm -ivh system-config-netboot-*<br /></pre>tftpd-server create this "/tftpboot/linux-install/" directory. Now we need to edit this "/etc/xinetd.d/tftp" file to point the tftpboot path to this automatically created directory.<br /><pre class="prittyprint prettyprinted"><br /># vim /etc/xinetd.d/tftp<br /></pre>on that file;<br /><pre class="prittyprint prettyprinted"><br />...<br />server_args = -s /tftpboot # change the original "/var/lib/tftpboot" to "/tftpboot"<br />...<br /></pre>Now run this command to generate the PXE boot item<br /><pre class="prittyprint prettyprinted"><br />pxeos -a -i "RedHat EL 6" -p FTP -D 0 -s 192.168.0.10 -L /pub/rhel6 RHEL6<br /></pre>This command will create a directory called as "/tftpboot/linux-install/RHEL6".<br /><br />Then restart the xinetd and tftp services.<br /><pre class="prittyprint prettyprinted"><br /># service xinetd restart<br /># chkconfig xinetd on<br /># chkconfig tftp on<br /></pre>Now you need to install the DHCP service. This will forward the tftp server details to the required server.<br /><pre class="prittyprint prettyprinted"><br /># yum install dhcp -y<br /></pre>Then edit the dhcp configurations file.<br /><pre class="prittyprint prettyprinted"><br /># vim /etc/dhcp/dhcpd.conf<br /></pre>on that file; <br /><pre class="prittyprint prettyprinted">option domain-name-servers 192.168.0.1;<br />allow bootp;<br />allow booting;<br /><br />subnet 192.168.0.0 netmask 255.255.255.0 {<br /> range 192.168.0.100 192.168.0.200;<br /> option routers 192.168.0.1;<br />}<br /><br />next-server 192.168.0.50; # name of your TFTP server<br />filename "linux-install/pxelinux.0"; # name of the boot loader program<br /></pre>Then restart the dhcp serice.<br /><pre class="prittyprint prettyprinted"><br /># service dhcpd restart<br /># chkconfig dhcpd on<br /></pre><br />Put a kickstart configurations file in the ftp pub location "/var/ftp/pub/ks.cfg".<br /><pre class="prittyprint prettyprinted"><br /># vim /tftpboot/linux-install/pxelinux.cfg/default<br /></pre>and add the kernel parameter (ks=ftp://192.168.0.10/pub/ks.cfg) for the kickstart file.<br /><pre class="prittyprint prettyprinted"><br />...<br />label 1<br /> kernel RHEL6/vmlinuz<br /> append initrd=RHEL6/initrd.img ramdisk_size=16000 method=ftp://192.168.0.10/pub/rhel6 ip=dhcp ks=ftp://192.168.0.10/pub/ks.cfg<br /></pre><div class="blogger-post-footer"><div align="center"><a href="http://blog.thilina.org" target="_blank">තිළිණ පියසුන්දර | 2009 © 2013 | Thilina Piyasundara</a></div></div>Thilina Piyasundarahttp://www.blogger.com/profile/11398333907049187247noreply@blogger.com0tag:blogger.com,1999:blog-5437255813671013344.post-71784040032444775212013-04-21T21:22:00.000+05:302013-04-21T21:22:01.819+05:30Introduction to Linux system hardening from Chris Jenks<div align="center"><object width="560" height="315"><param name="movie" value="http://www.youtube.com/v/euFh1FzcnWg?version=3&hl=en_US&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/euFh1FzcnWg?version=3&hl=en_US&rel=0" type="application/x-shockwave-flash" width="560" height="315" allowscriptaccess="always" allowfullscreen="true"></embed></object></div><div class="blogger-post-footer"><div align="center"><a href="http://blog.thilina.org" target="_blank">තිළිණ පියසුන්දර | 2009 © 2013 | Thilina Piyasundara</a></div></div>Thilina Piyasundarahttp://www.blogger.com/profile/11398333907049187247noreply@blogger.com0tag:blogger.com,1999:blog-5437255813671013344.post-47115851476340401432013-04-07T21:42:00.004+05:302013-04-07T22:07:13.750+05:30Installing KVM in CentOSFrom GUI : <br /><div align="center"><object width="560" height="315"><param name="movie" value="http://www.youtube.com/v/p5mnKsbhH9Y?version=3&hl=en_US&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/p5mnKsbhH9Y?version=3&hl=en_US&rel=0" type="application/x-shockwave-flash" width="560" height="315" allowscriptaccess="always" allowfullscreen="true"></embed></object></div>From console : <br /><div align="center"><object width="560" height="315"><param name="movie" value="http://www.youtube.com/v/QGPeGdAPJXs?version=3&hl=en_US&rel=0&start=690"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/QGPeGdAPJXs?version=3&hl=en_US&rel=0&start=690" type="application/x-shockwave-flash" width="560" height="315" allowscriptaccess="always" allowfullscreen="true"></embed></object></div><div class="blogger-post-footer"><div align="center"><a href="http://blog.thilina.org" target="_blank">තිළිණ පියසුන්දර | 2009 © 2013 | Thilina Piyasundara</a></div></div>Thilina Piyasundarahttp://www.blogger.com/profile/11398333907049187247noreply@blogger.com0tag:blogger.com,1999:blog-5437255813671013344.post-42918949587245614262013-03-25T20:23:00.001+05:302013-03-25T20:23:17.922+05:30Linux Filesystem Basics<div align="center"><object width="560" height="315"><param name="movie" value="http://www.youtube.com/v/-UeuoG5sAA4?hl=en_US&version=3&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/-UeuoG5sAA4?hl=en_US&version=3&rel=0" type="application/x-shockwave-flash" width="560" height="315" allowscriptaccess="always" allowfullscreen="true"></embed></object></div><div class="blogger-post-footer"><div align="center"><a href="http://blog.thilina.org" target="_blank">තිළිණ පියසුන්දර | 2009 © 2013 | Thilina Piyasundara</a></div></div>Thilina Piyasundarahttp://www.blogger.com/profile/11398333907049187247noreply@blogger.com0tag:blogger.com,1999:blog-5437255813671013344.post-66137865730071587402013-03-12T21:17:00.000+05:302013-03-12T21:17:26.016+05:30Business Impact Analysis<div align="center"><object width="560" height="315"><param name="movie" value="http://www.youtube.com/v/VsQ_SA3EIeY?version=3&hl=en_US&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/VsQ_SA3EIeY?version=3&hl=en_US&rel=0" type="application/x-shockwave-flash" width="560" height="315" allowscriptaccess="always" allowfullscreen="true"></embed></object></div><div class="blogger-post-footer"><div align="center"><a href="http://blog.thilina.org" target="_blank">තිළිණ පියසුන්දර | 2009 © 2013 | Thilina Piyasundara</a></div></div>Thilina Piyasundarahttp://www.blogger.com/profile/11398333907049187247noreply@blogger.com1tag:blogger.com,1999:blog-5437255813671013344.post-594711211310220802013-03-07T21:24:00.001+05:302013-03-07T21:24:25.832+05:30Keepalived IP Failover Installation and Configuration on RHEL<div align="center"><object width="560" height="315"><param name="movie" value="http://www.youtube.com/v/1iMPcZ5EuvI?version=3&hl=en_US&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/1iMPcZ5EuvI?version=3&hl=en_US&rel=0" type="application/x-shockwave-flash" width="560" height="315" allowscriptaccess="always" allowfullscreen="true"></embed></object></div><div class="blogger-post-footer"><div align="center"><a href="http://blog.thilina.org" target="_blank">තිළිණ පියසුන්දර | 2009 © 2013 | Thilina Piyasundara</a></div></div>Thilina Piyasundarahttp://www.blogger.com/profile/11398333907049187247noreply@blogger.com0tag:blogger.com,1999:blog-5437255813671013344.post-38429422652368187352013-03-03T18:25:00.001+05:302013-03-03T18:25:25.264+05:30Access Control Lists (ACLs) in Linux<div align="center"><object width="420" height="315"><param name="movie" value="http://www.youtube.com/v/6piQXXHTmqk?version=3&hl=en_US&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/6piQXXHTmqk?version=3&hl=en_US&rel=0" type="application/x-shockwave-flash" width="420" height="315" allowscriptaccess="always" allowfullscreen="true"></embed></object></div><div class="blogger-post-footer"><div align="center"><a href="http://blog.thilina.org" target="_blank">තිළිණ පියසුන්දර | 2009 © 2013 | Thilina Piyasundara</a></div></div>Thilina Piyasundarahttp://www.blogger.com/profile/11398333907049187247noreply@blogger.com0