2017. szeptember 19., kedd

Alpine Linux install

If you start working on Docker these days it is inevitable to run into Alpine Linux at certain point. It offers 1/10 of the size of a Debian based container (5 mb vs 50 mb), and many application stacks already offer Alpine based image to derive your micro services from. Debian can be slimmed down pretty well and there is a loyal following using it for containers and servers as well.
To try it out I decided to build a VM based on Alpine so I can evaluate it as a container image base.
Adventures in the Alpines so far:
  1. There is a pretty good starting guide, with some caveats:
    1. use bridged connection instead of nat if you want to see your vm from your host/other machines in the network, and performs better too
    2. use the latest-stable url to enable community repository, otherwise you could get some ugly kernel incompatibility errors
  2. Minimalist samba install (loosely based on this wiki page)
    1. apk add samba
    2. mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
    3. nano /etc/samba/smb.conf
    4. Enter the above to the text editor, save and exit
workgroup = WORKGROUP
netbios name = server1
security = user
map to guest = Bad User
dns proxy = no
  1. Start/enable service
    1. rc-update add samba
    2. rc-service samba start
  2. Enable ssh access
    1. nano /etc/ssh/sshd_config
    2. #PermitRootLogin prohibit-password => PermitRootLogin yes
    3. rc-service sshd restart
  3. Docker install is fairly simple
    1. apk add docker
    2. rc-update add docker boot
    3. rc-service docker start
  4. Some other utilities to install:
    1. apk add git
    2. apk add nodejs

2017. szeptember 16., szombat

CentOS howto V - Custom systemd service

  1. nano /etc/systemd/system/cloning-vat.service
ExecStart=/usr/bin/npm start

  1. systemctl daemon-reload
  2. systemctl enable cloning-vat
  3. systemctl start cloning-vat

CentOS howto IV - Poking holes in security (in a meaningful way)

  1. Add an existing service
    1. firewall-cmd --permanent --zone=public --add-service=https
    2. firewall-cmd --reload
  2. Create a new service (to be added as above). In this example we will be using livereload default port 35729
    1. firewall-cmd --permanent --new-service=live-reload
    2. firewall-cmd --permanent --service=live-reload --set-description="live reload"
    3. firewall-cmd --permanent --service=live-reload --set-short="live reload"
    4. firewall-cmd --permanent --service=live-reload --add-port=35729/tcp
  3. Enabling an application (node.js in this example) to bind ports <1024
    1. setcap 'cap_net_bind_service=+ep'/ usr/bin/node

CentOS howto III - Advanced samba

  1. Create shared folder and grant permissions
    1. mkdir /home/shared/
    2. chmod -R 0777 /home/shared/
    3. chown -R nobody:nobody /home/shared/
    4. chcon -t samba_share_t /home/shared/
  2. add the text below to the /etc/samba/smb.conf
path = /home/shared
browsable = yes
guest ok = yes
read only = no
  1. Restart samba
    1. systemctl restart smb.service
    2. systemctl restart nmb.service
  2. Test samba
    1. testparm /etc/samba/smb.conf

CentOS howto II - Shared folders

  1. Install Guest additions on the guest
    1. Prerequisites on the guest OS side:
      1. yum install dkms kernel-devel
      2. yum groupinstall "Development Tools"
    2. and now the additions themselves:
      1. Devices / Insert Guest Additions CD image...
      2. mount /dev/sr0 /mnt
      3. cd /mnt
      4. ./VBoxLinuxAdditions.run
    3. Create a shared folder:
      1. Devices / Shared Folders / Shared folder settings
      2. Add new..
      3. Select "Auto mount" and "Permanent" options
      4. you can find the shared folder in /media/sf_{SHARE_NAME}
  2. Install guest additions on the host
    1. {VBoxManage} setextradata {VM_NAME} VBoxInternal2/SharedFoldersEnableSymlinksCreate/{SHARE_NAME} 1
      1. {VBoxManage} executable (ususally in C:\Program Files\Oracle\VirtualBox)
      2. {VM_NAME} is the name of the VM
      3. {SHARE_NAME} name of the share as in shared folders settings on in /media/sf_{SHARE_NAME}
    2. Run the VM as administrator. Simplest way to get that going is:
        1. In VirtualBox UI, right click on the VM and "Create Desktop shortcut"
        2. Right click on the desktop icon, properties, advanced, check "Run as administrator"
    3. Start the VM
    4. Watcher configuration: The Guest OS have 0 idea about any changes outside of its jurisdiction. In this setup this pretty much makes watching files from the Linux guest side nearly impossible - except if you use polling. This is an example take from my project's browsersync configuration, something similar must work for any other chokidar based frameworks as well.
    var sync = require("browser-sync").create();
      server: 'dist',
      port: 80,
      watchOptions: {
        usePolling: true

    CentOS howto I - basic VM

    1. Install Oracle VirtualBox
    2. Download CentOS DVD ISO: https://www.centos.org/download/
    3. Create a new VM
      1. mount DVD image as optical drive
      2. swap the network adapter type to Bridged network
    4. Start the VM, Install CentOS with "Minimal install"
      1. Start with partitioning, defaults should be good
      2. Go to network
        1. Make sure adapter configured to start automatically
        2. Rename the host
      3. Set time zone and ntp
    5. Login (as root) and make sure the adapter is set to autostart
      1. nmtui
      2. Edit a connection / enp0s8 (check the name in the VM settings)
      3. check Automatically connect
      4. Exit the ui
      5. systemctl restart network
    6. Disable ipv6 (it is sooo slow)
      1. Append below lines in /etc/sysctl.conf:
    net.ipv6.conf.all.disable_ipv6 = 1
    net.ipv6.conf.default.disable_ipv6 = 1

      1. sysctl -p
      2. nano /etc/ssh/sshd_config
      3. Append this to the config file:

    AddressFamily inet

      1. systemctl restart sshd
    1. Do a minimal samba installation

      1. Configure firewall
        1. firewall-cmd --permanent --zone=public --add-service=samba
        2. firewall-cmd --reload
      2. Install samba
        1. yum install samba 
        2. mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
        3. nano /etc/samba/smb.conf
        4. Enter the above to the text editor, save and exit
    workgroup = WORKGROUP
    netbios name = server1
    security = user
    map to guest = Bad User
    dns proxy = no
    1. Enable and start samba
      1. systemctl enable smb.service
      2. systemctl enable nmb.service
      3. systemctl restart smb.service
      4. systemctl restart nmb.service
    2. Test samba
      1. testparm /etc/samba/smb.conf
      2. At this point you should be able to login with Putty as well
    3. update your new server
      1. yum makecache fast
      2. yum install epel-release
      3. yum update
      4. yum install nano (unless you prefer vi)