Difference between "ls -1" and "ls -l" ?
Thursday, July 15, 2021
AWS : EC2 Key Pairs : How to connect if I lose my Private Key : Replace Your SSH Keys: Login : AWS Key Lost
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html
A key pair, consisting of a public key and a private key, is a set of security credentials that you use to prove your identity when connecting to an EC2 instance. Amazon EC2 stores the public key on your instance, and you store the private key.
Create a key pair using Amazon EC2
Create a key pair using a third-party tool and import the public key to Amazon EC2
Tag a public key
Retrieve the public key from the private key
Retrieve the public key through instance metadata
Locate the public key on an instance
Identify the key pair that was specified at launch
Verify your key pair's fingerprint
Add or replace a key pair for your instance
Delete your key pair
Delete a public key from an instance
--------------------------------------------------------------------------------------------------------
::Connect to your Linux instance if you lose your private key::
Lost Private key --> Detach from orig- Attach to Temp - Modify authorized_keys - Detach from Temp - Attach Again to orig
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/replacing-lost-key-pair.html
Step 1: Create a new key pair
Step 2: Get information about the original instance and its root volume
Step 3: Stop the original instance
Step 4: Launch a temporary instance
Step 5: Detach the root volume from the original instance and attach it to the temporary instance
Step 6: Add the new public key to authorized_keys on the original volume mounted to the temporary instance
Step 7: Unmount and detach the original volume from the temporary instance, and reattach it to the original instance
Step 8: Connect to the original instance using the new key pair
Step 9: Clean up
--------------------------------------------------------------------------------------------------------
To add or replace a key pair
Connect to Instance using old mechanism=> Public Keys => add new Key => authorized-keys
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#replacing-key-pair
Linux Variables: Shell Variables: Local Variables : Environment Variables
https://www.tutorialspoint.com/unix/unix-using-variables.htm
https://www.serverlab.ca/tutorials/linux/administration-linux/how-to-set-environment-variables-in-linux/
export NAME=VALUE
export JAVA_HOME=/opt/openjdk11
unset VARIABLE_NAME
unset JAVA_HOME
::Listing All Set Environment Variables::
set
variable_name=variable_value
NAME="John Doe"
echo $NAME
readonly NAME
export NAME
Linux Variable Types
When a shell is running, three main types of variables are present −
Local Variables
Environment Variables
Shell Variables
AWS : Capacity Reservation: AWS Calculator : Savings Plan: Reserved Instances :Compute Savings Plans : EC2 Instance Savings Plans
Capacity Reservation
When you create a Capacity Reservation, we reserve the specified capacity for your use. The reserved capacity is charged at the selected instance type’s On-Demand rate whether an instance is running in it or not. You can also use your regional reserved instances with your Capacity Reservations to benefit from billing discounts.
AWS Calculator
Reserved Instances
Platform[Linux, Windows], Tenancy[Default/Dedicated], Offering class[Convertible,Standard]
Instance type[c2.medium], Term[1 year/3 Years], Payment option[Partial, Upfront, None]
Savings Plan
Savings Plans also offer significant savings on your Amazon EC2 costs compared to On-Demand Instance pricing. With Savings Plans, you make a commitment to a consistent usage amount, measured in USD per hour. This provides you with the flexibility to use the instance configurations that best meet your needs and continue to save money, instead of making a commitment to a specific instance configuration
---------------------------------------
SageMaker Savings Plans
Compute Savings Plans
EC2 Instance Savings Plans
---------------------------------------
Compute Savings Plans [Better than EC2 Instance Savings Plan]
Applies to EC2 instance usage, AWS Fargate, and AWS Lambda service usage, regardless of region, instance family, size, tenancy, and operating system.
Term, Payment option, Purchase commitment [Hourly commitment]
---------------------------------------
EC2 Instance Savings Plans
Applies to instance usage within the committed EC2 family and region, regardless of size, tenancy, and operating system.
Region,Instance family, Term, Payment option, Purchase commitment [Hourly commitment]
Tuesday, July 13, 2021
Docker Compose
- docker-compose logs --follow elasticsearch
- docker-compose -f docker-compose.elastic.yml up -d
- docker-compose ps
- docker-compose down
- docker-compose up
- docker-compose -f filename up
- docker-compose images
- docker-compose down -v [Removes all volumes created by docker]
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
Commands:
build Build or rebuild services
bundle Generate a Docker bundle from the Compose file
config Validate and view the Compose file
create Create services
down Stop and remove containers, networks, images, and volumes
events Receive real time events from containers
exec Execute a command in a running container
help Get help on a command
images List images
kill Kill containers
logs View output from containers
pause Pause services
port Print the public port for a port binding
ps List containers
pull Pull service images
push Push service images
restart Restart services
rm Remove stopped containers
run Run a one-off command
scale Set number of containers for a service
start Start services
stop Stop services
top Display the running processes
unpause Unpause services
up Create and start containers
version Show the Docker-Compose version information
Monday, July 12, 2021
Docker Compose YAML Elasticsearch HTTPS
https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-tls-docker.html
---------------------------------
services:
create_certs:
container_name: create_certs
image: docker.elastic.co/elasticsearch/elasticsearch:7.13.0
# command: >
# bash -c '
# if [[ ! -f /certs/bundle.zip ]]; then
# bin/elasticsearch-certutil cert --silent --pem --in config/certificates/instances.yml -out /certs/bundle.zip;
# unzip /certs/bundle.zip -d /certs;
# fi;
# chown -R 1000:0 /certs
# '
# user: "0"
# working_dir: /usr/share/elasticsearch
# volumes: ['certs:/certs', '.:/usr/share/elasticsearch/config/certificates']
command: >
bash -c '
if [[ ! -f ./config/certificates/elastic-certificates.p12 ]]; then
bin/elasticsearch-certutil cert -out config/certificates/elastic-certificates.p12 -pass ""
fi;
chown -R 1000:0 /usr/share/elasticsearch/config/certificates
'
user: "0"
working_dir: /usr/share/elasticsearch
volumes: ['certs:/usr/share/elasticsearch/config/certificates']
elasticsearch:
container_name: elasticsearch
depends_on: [create_certs]
image: docker.elastic.co/elasticsearch/elasticsearch:7.13.0
environment:
- cluster.name=docker-cluster
- discovery.type=single-node
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- ELASTIC_PASSWORD=$ELASTIC_PASSWORD # password for default user: elastic
- xpack.security.enabled=true
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.keystore.path=$CERTS_DIR/elastic-certificates.p12
- xpack.security.transport.ssl.truststore.path=$CERTS_DIR/elastic-certificates.p12
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.verification_mode=none
- xpack.security.http.ssl.truststore.path=$CERTS_DIR/elastic-certificates.p12
- xpack.security.http.ssl.keystore.path=$CERTS_DIR/elastic-certificates.p12
# - xpack.license.self_generated.type=trial
# - xpack.security.enabled=true
# - xpack.security.http.ssl.enabled=true
# - xpack.security.http.ssl.key=$CERTS_DIR/es01/es01.key
# - xpack.security.http.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
# - xpack.security.http.ssl.certificate=$CERTS_DIR/es01/es01.crt
# - xpack.security.transport.ssl.enabled=true
# - xpack.security.transport.ssl.verification_mode=certificate
# - xpack.security.transport.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
# - xpack.security.transport.ssl.certificate=$CERTS_DIR/es01/es01.crt
# - xpack.security.transport.ssl.key=$CERTS_DIR/es01/es01.key
volumes: ['esdata:/usr/share/elasticsearch/data', 'certs:$CERTS_DIR']
ulimits:
nofile:
soft: 65536
hard: 65536
memlock:
soft: -1
hard: -1
ports:
- "9200:9200"
volumes: {"esdata", "certs"}
Saturday, July 10, 2021
TLS SSL Docker Elasticsearch
https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup.html#generate-certificates
https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup-https.html#encrypt-http-communication
--------------------------------------------------------------------------------------------------------
https://stackoverflow.com/questions/50832249/enable-authentication-in-elasticsearch-with-docker-environment-variable
https://dev.to/thehoodsdev/securing-our-dockerized-elastic-stack-3o15
https://medium.com/@mandeep_m91/setting-up-elasticsearch-and-kibana-on-docker-with-x-pack-security-enabled-6875b63902e6
https://askubuntu.com/questions/772050/reset-the-password-in-ubuntu-linux-bash-in-windows
wsl --user root
elasticsearch has own cert creation module
https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-tls.html#tls-http
xpack.security.enabled to true
OS
Basic
Gold
Platinum
https://stackoverflow.com/questions/51445846/elasticsearch-max-virtual-memory-areas-vm-max-map-count-65530-is-too-low-inc/51447991#51447991
max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
sudo sysctl -w vm.max_map_count=262144
wsl --user root
https://stackoverflow.com/questions/22049212/docker-copying-files-from-docker-container-to-host
docker cp <containerId>:/file/path/within/container /host/path/target
docker cp elasticsearch:/usr/share/elasticsearch ~
docker run -it --rm --privileged --pid=host justincormack/nsenter1
PKCS#12 format
A PFX file indicates a certificate in PKCS#12 format
https://www.sslmarket.com/ssl/how-to-create-an-pfx-file#:~:text=A%20PFX%20file%20indicates%20a,need%20to%20deploy%20a%20certificate.
docker-compose down -v
https://www.bleepingcomputer.com/news/security/new-meow-attack-has-deleted-almost-4-000-unsecured-databases/
http://localhost:9200/_xpack
http://localhost:9200/
xpack.security.http.ssl.enabled
xpack.security.transport.ssl.enabled
- xpack.security.transport.ssl.enabled=true
Subscribe to:
Posts (Atom)