Linux Conquering Cloud

Wednesday, April 12, 2023

Generalizing ubuntu for vmware

When you clone a virtual machine in VMware, the new machine is an exact copy of the original machine, including the network settings. This means that the new machine will have the same IP address, MAC address, and other network settings as the original machine. This can cause network conflicts and other issues, especially if you are running multiple clones of the same machine on the same network.

To avoid this issue, you need to ensure that each clone of the machine has a unique network configuration. One way to do this is to delete the machine-id file, which is a unique identifier for the machine. When the machine boots up, it generates a new machine-id based on its hardware configuration, which will result in a unique network configuration.

The command rm -rf /var/log/* removes all logs from the /var/log directory, which can help to free up disk space and reduce clutter. However, it is important to note that this command will permanently delete all log files, which can make troubleshooting more difficult if there are issues with the system.

To delete the value in the machine-id file, you can use the following command:

echo "" > /etc/machine-id

** Don't rm -rf the machine-id file, the system might get stuck at the start.

This will clear the value in the file, effectively resetting the machine ID and generating a new ID on boot.

In addition to deleting the machine-id file, you may also want to clear the SSH keys and other sensitive information from the virtual machine. This can help to ensure that each clone of the machine is unique and secure.

Tuesday, April 11, 2023

Using Azure Lighthouse for Monitoring Other Tenant.

Azure Lighthouse is a service provided by Microsoft Azure that allows service providers to manage multiple customers’ Azure services from a single control plane. It provides a centralized portal to manage multiple Azure tenants, customers or subscriptions, giving the service provider a single view of all Azure resources across different customer environments. Azure Lighthouse provides several features including delegated resource management, multi-tenant management, and cross-tenant management, which help service providers to manage resources across their entire customer base in a secure and efficient manner. It simplifies and streamlines the management of Azure services, provides greater visibility into customers’ environments, and enables service providers to deliver better services to their customers.

In Short, we give access to a subscription or resource to a User/Group in another tenant with specific Roles.

Sample ARM Template for adding a Customer account to Service Providers Lighthouse.

"managedByTenantId": "a86bc255-XXXX-CCCC-VVVV-51fba84872aa"

Above is the Tenant ID of the Managed Services Provider.

"defaultValue": "XXXXXXXXXXXXXXXXXXXXXXX"

Above is the Name of the Offering.

defaultValue": "YYYYYYYYYYYYYYYYYYYYYYYYYY"

Above is the Description of the Offering.

"principalId": "9d45cb5e-4682-4a4d-b54a-a89e3fa7bc84",

Above is the Object ID of the User or the Group we are selecting for this Offering.

"roleDefinitionId": "acdd72a7-3385-48ef-bd42-f606fba81ae7",

Above is the ID of the Role we are selecting.

"principalIdDisplayName": "Azure Reader Access"

Above is the Name of the Role we are selecting.

Sample ARM

{
 "$schema": "https://schema.management.azure.com/schemas/2019-08-01/subscriptionDeploymentTemplate.json#",
 "contentVersion": "1.0.0.0",
 "parameters": {
  "mspOfferName": {
   "type": "string",
   "metadata": {
    "description": "Specify a unique name for your offer"
   },
   "defaultValue": "XXXXXXXXXXXXXXXXXXXXXXX"
  },
  "mspOfferDescription": {
   "type": "string",
   "metadata": {
    "description": "Name of the Managed Service Provider offering"
   },
   "defaultValue": "YYYYYYYYYYYYYYYYYYYYYYYYYY"
  }
 },
 "variables": {
  "mspRegistrationName": "[guid(parameters('mspOfferName'))]",
  "mspAssignmentName": "[guid(parameters('mspOfferName'))]",
  "managedByTenantId": "a86bc255-XXXX-CCCC-VVVV-51fba84872aa",
  "authorizations": [
   {
    "principalId": "9d45cb5e-AAAA-BBBB-CCCCC-DDDDDDDD",
    "roleDefinitionId": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
    "principalIdDisplayName": "Azure Reader Access"
   },
   {
    "principalId": "9d45cb5e-AAAA-BBBB-CCCCC-DDDDDDDD",
    "roleDefinitionId": "cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e",
    "principalIdDisplayName": "Support Request Contributor"
   }
  ]
 },
 "resources": [
  {
   "type": "Microsoft.ManagedServices/registrationDefinitions",
   "apiVersion": "2020-02-01-preview",
   "name": "[variables('mspRegistrationName')]",
   "properties": {
    "registrationDefinitionName": "[parameters('mspOfferName')]",
    "description": "[parameters('mspOfferDescription')]",
    "managedByTenantId": "[variables('managedByTenantId')]",
    "authorizations": "[variables('authorizations')]"
   }
  },
  {
   "type": "Microsoft.ManagedServices/registrationAssignments",
   "apiVersion": "2020-02-01-preview",
   "name": "[variables('mspAssignmentName')]",
   "dependsOn": [
    "[resourceId('Microsoft.ManagedServices/registrationDefinitions/', variables('mspRegistrationName'))]"
   ],
   "properties": {
    "registrationDefinitionId": "[resourceId('Microsoft.ManagedServices/registrationDefinitions/', variables('mspRegistrationName'))]"
   }
  }
 ],
 "outputs": {
  "mspOfferName": {
   "type": "string",
   "value": "[concat('Managed by', ' ', parameters('mspOfferName'))]"
  },
  "authorizations": {
   "type": "array",
   "value": "[variables('authorizations')]"
  }
 }
}

Monday, April 10, 2023

NextCloud Setup with Docker

One of the most commonly used self-hosted alternatives for cloud storages. Now it's easy to deploy with dockers. Following docker file and Nginx configuration can be used to deploy the nextcloud application behind the Nginx proxy server with SSL termination.

we can bring up and bring down the containers with the following commands

docket-compose up -f
docker-compose down

===========

version: '2'
#volumes:
# nextcloud: /root/nextcloud/ncdata
# db: /root/nextcloud/mysql
services:
db:
image: mariadb:10.5
restart: always
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
volumes:
- /root/nextcloud/mysql:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=XXXXXXXXX
- MYSQL_PASSWORD=XXXXXXXX
- MYSQL_DATABASE=XXXXXXXX
- MYSQL_USER=XXXXXXXX
app:
image: nextcloud
restart: always
links:
- db
volumes:
- /root/nextcloud/ncdata:/var/www/html
environment:
- MYSQL_PASSWORD=XXXXXXXX
- MYSQL_DATABASE=XXXXXXXX
- MYSQL_USER=XXXXXXXX
- MYSQL_HOST=XXXXXXXX
- NEXTCLOUD_TRUSTED_DOMAINS=abc.xyz.aa
- OVERWRITEHOST=abc.xyz.aa:XXXX
- OVERWRITEPROTOCOL=https

web:
image: nginx
restart: always
ports:
- 8082:8080
links:
- app
volumes:
- /root/nextcloud/nginx/nginx.conf:/etc/nginx/conf.d/default.conf
- /root/nextcloud/cert:/etc/cert
===========
Nginx Configuration file
===========

server {
listen 80;
server_name abc.xyz.aa;
return 301 https://$server_name:8080$request_uri;
add_header X-Content-Type-Options "nosniff";
}
server {
listen 8080 ssl;
server_name abc.xyz.aa;
ssl_certificate /etc/cert/abc.xyz.aa.crt;
ssl_certificate_key /etc/cert/abc.xyz.aa.key;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://app;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
===========

Pages