Change cluster node IP in Proxmox

To update the present cluster host proxmox following files need to be updated:

/etc/network/interfaces
/etc/hosts
/etc/pve/corosync.conf (only on one node necessary)

However, corosync.conf needs special way to edit the file!

Edit corosync.conf

Editing the corosync.conf file is not always very straightforward. There are two on each cluster node, one in /etc/pve/corosync.conf and the other in /etc/corosync/corosync.conf. Editing the one in our cluster file system will propagate the changes to the local one, but not vice versa. The configuration will get updated automatically as soon as the file changes. This means changes which can be integrated in a running corosync will take effect immediately. So you should always make a copy and edit that instead, to avoid triggering some unwanted changes by an in-between safe.

cp /etc/pve/corosync.conf /etc/pve/corosync.conf.new

Then open the config file with your favorite editor, nano and vim.tiny are preinstalled on any Proxmox VE node for example. Continue reading “Change cluster node IP in Proxmox” »

Share

Enable and install SSL on Debian 8 apache server

Configure Apache2 for SSL.

root@www:~# vi /etc/apache2/sites-available/default-ssl.conf
# line 3: change to webmaster's email

ServerAdmin webmaster@srv.world
# line 32,33: change to the one created in [1]

SSLCertificateFile /etc/ssl/private/server.crt

SSLCertificateKeyFile /etc/ssl/private/server.key
root@www:~# a2ensite default-ssl
Enabling site default-ssl.

Continue reading “Enable and install SSL on Debian 8 apache server” »

Share

How to define outgoing firewall rules on pFSense

LAN rules are defining rights to access internet services from your local network. So, if you block port 80 and 443 nobody from your LAN will be able to access internet. WAN rules are defining access to the resources in your LAN (or DMZ) from the internet. In this short LAB we`ll be defining LAN rules. Let’s say we want to block access to the port 443 from our local network.

My blog is on port 443, so after defining this rule we should not be able to access my blog from LAB network (or any other HTTPS secured website for that matter)

Login to your pFSense configuration via web browser – mine is is still located on http://10.20.20.1/

Select Firewall | Rules

Continue reading “How to define outgoing firewall rules on pFSense” »

Share

Ubuntu 18.04: Disable Netplan switch back to networking /etc/network/interfaces

The following procedure works for Ubuntu 18.04 (Bionic Beaver)

I. Reinstall the ifupdown package:

# apt-get update
# apt-get install ifupdown

II. Configure your /etc/network/interfaces file with configuration stanzas such as:

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

allow-hotplug enp0s3
auto enp0s3
iface enp0s3 inet static
address 192.168.1.133
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.1
# Only relevant if you make use of RESOLVCONF(8)
# or similar...
dns-nameservers 1.1.1.1 1.0.0.1

III. Make the configuration effective (no reboot needed): Continue reading “Ubuntu 18.04: Disable Netplan switch back to networking /etc/network/interfaces” »

Share

Disable swap in Linux

  1. Identify configured swap devices and files with cat /proc/swaps.
  2. Turn off all swap devices and files with swapoff -a.
  3. Remove any matching reference found in /etc/fstab.
  4. Optional: Destroy any swap devices or files found in step 1 to prevent their reuse. Due to your concerns about leaking sensitive information, you may wish to consider performing some sort of secure wipe.
Share

Redhat / CentOS 8: text mode install guide

By default the RedHat 8 Linux installation will start in the graphical mode. In case you encounter some issues you have an option to force the text mode TTY installation. In this tutorial you will learn:How to modify GRUB boot entry to force text mode installation.

  1. Boot from the Redhat 8 installation ISO image.
  2. Press TAB while in the GRUB boot menu.
  3. Insert the inst.text text to the end of the GRUB boot line.
  4. Press ENTER to continue with the normal boot.
  5. Make selection from the above menu. Perform configuration and return back to the main menu by pressing the c key. Once ready begin the RHEL 8 installation by pressing the b key.

Continue reading “Redhat / CentOS 8: text mode install guide” »

Share

How to Enable /etc/rc.local with Systemd

If you are running a Linux distro that uses Systemd, then you may find that your command in /etc/rc.local file would not run on system boot. This guide explains how to enable /etc/rc.local script to run on system startup.

Enable /etc/rc.local on Systemd

If you type the following command in terminal:

sudo systemctl status rc-local

You may get this output:

rc-local.service - /etc/rc.local Compatibility
Loaded: loaded (/lib/systemd/system/rc-local.service; static; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2015-11-26 23:54:58 CST; 59s ago
Process: 1001 ExecStart=/etc/rc.local start (code=exited, status=1/FAILURE)
Nov 26 23:54:57 vivid rc.local[1001]: File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 920, in require
Nov 26 23:54:57 vivid rc.local[1001]: needed = self.resolve(parse_requirements(requirements))
Nov 26 23:54:57 vivid rc.local[1001]: File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 807, in resolve
Nov 26 23:54:57 vivid rc.local[1001]: raise DistributionNotFound(req)
Nov 26 23:54:57 vivid rc.local[1001]: pkg_resources.DistributionNotFound: shadowsocks==2.8.2
Nov 26 23:54:58 vivid sudo[1008]: pam_unix(sudo:session): session closed for user root
Nov 26 23:54:58 vivid systemd[1]: rc-local.service: control process exited, code=exited status=1
Nov 26 23:54:58 vivid systemd[1]: Failed to start /etc/rc.local Compatibility.
Nov 26 23:54:58 vivid systemd[1]: Unit rc-local.service entered failed state.
Nov 26 23:54:58 vivid systemd[1]: rc-local.service failed.

And if you try to enable /etc/rc.local to run on system boot with the command: Continue reading “How to Enable /etc/rc.local with Systemd” »

Share

Debian 7 wheezy – Certbot auto started failing with ’ No module named pip.__main__’

If you’re using Debian 7 a.k.a wheezy which is end of life at this moment and you were using Let’s Encrypt was your SSL, then you might need some backward compatibility to continue. A possible work around for me as below:

wget https://raw.githubusercontent.com/certbot/certbot/75499277be6699fd5a9b884837546391950a3ec9/certbot-auto
chmod +x ./certbot-auto
./certbot-auto --no-self-upgrade

For renewing an existing certificate you can use the following command instead:

./certbot-auto --no-self-upgrade
Share

Install cPanel on CentOS 7

cPanel is an online Linux-based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site or email.

Prerequisite:

  • Launch a CentOS 7 instance (Only install cPanel & WHM on a freshly-installed operating system).
  • Access the instance via SSH.
  • Run all the following commands from the shell/terminal (All commands need to be run as the root user).
  • You need to purchase your own cPanel license to use the control panel.

Instructions:

Step 1: Set a valid hostname (FQDN) for your system. Note: Replace “your-hostname.example.com” with a FQDN.

hostname <your-hostname.example.com>

Step 2: Disable SELinux.

sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/’ /etc/selinux/config

Step 3: Download and run the installation script. Tips: You may use the screen utility in case your session disconnects during installation.

cd /home && curl -o latest -L https://securedownloads.cpanel.net/latest && sh latest

Step 4: Wait for the installation to complete.

Step 5: While waiting for the installation, you might want to allow all the required ports on the security group for your instance (eg: WHM SSL, FTP, HTTP, HTTPS). Please follow the guide here.

Note: To know which ports are used by cPanel & WHM, please refer to this official documentation: https://documentation.cpanel.net/display/CKB/How+to+Configure+Your+Firewall+for+cPanel+Services

Step 6: Set a password for root.

passwd

Step 7: Browse to https://<your-server-ip>:2087 to access the WHM, and login as root.

Result:

Src: https://www.ipserverone.info/cloud/how-to-install-cpanel-on-centos-7/

Share