NOTES: MIGRATE LINUX USERS TO ANOTHER LINUX SERVER
The Problem
I have a Debian 5.0.4 virtual machine that's no longer supported and my shop is pretty much a CentOS ecosystem. The server is primary use for sFTP with over 250 user accounts.
The PLAN: Migrate from Debain 5 to CentOS7, and avoid manually recreating user accounts or generating new passwords. Sounds easy right? Actually, it was and wasn’t as time consuming as I anticipated or took a lot effort to get all the user accounts including the host directory over to the new server.
I outlined the steps in gist below:
| #Setup UID filter limit | |
| export UGIDLIMIT=500 | |
| #copy /etc/passwd accounts to /opt/move/passwd.mig using awk to filter out system account | |
| awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534)' /etc/passwd > /opt/move/passwd.mig | |
| awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534)' /etc/group > /opt/move/group.mig | |
| awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534) {print $1}' /etc/passwd \ | |
| | tee - |egrep -f - /etc/shadow > /opt/move/shadow.mig | |
| cp /etc/gshadow /opt/move/gshadow.mig | |
| # | |
| scp -r /opt/move/* [email protected]:/path/to/location | |
| mkdir /root/newsusers.bak | |
| cp /etc/passwd /etc/shadow /etc/group /etc/gshadow /root/newsusers.bak | |
| cd /path/to/location | |
| cat passwd.mig >> /etc/passwd | |
| cat group.mig >> /etc/group | |
| cat shadow.mig >> /etc/shadow | |
| /bin/cp gshadow.mig /etc/gshadow | |
| #move home directory over ssh (tar to preserve ownership and permissions) | |
| ssh [email protected] "tar czvpf - /home" | tar xzpf - -C / | |
FYI: Linux is awesome! :D
GLIDE: ANDROID IMAGE LOADER LIBRARY
The past few weeks the Android community been ranting and raving over Glide, the new image loader kid on the block (well newish). It actually been around for almost a year. It was introduced in Google I/O 2014. I tried it last July, but the performance wasn’t significantly different to Picasso and the community was small, so I decided to continue using Picasso in all my projects. Yeah I know, I chose a product based on popularity :P Is that a bad thing?
So why did I decide to do the old switcheroo? I came across a blog post on The Cheese Factory with some performance benchmark, and it clearly illustrated how ridiculously fastER and bettER at memory usage Glide was to Picasso.
HOW TO QUICKLY CREATE A CENTOS VM ON MICROSOFT AZURE WITH A RESERVED IP
This cmdlet allows you to quickly create a CentOS VM with a public IP, and Yes! :) I’ve inlcuded some addition goodies.
| ##Start by Adding Azure Account | |
| Add-AzureAccountz | |
| #Configs | |
| $subscription = "Pay-As-You-Go" | |
| $vmname = "WEBSVR-001" | |
| $username = "cloud-usr" | |
| $pwd = "SUPERAWESOMEPASSWORD" | |
| $instanceSize = "Small" | |
| $cloudService = "WEB SERVICES" | |
| $location = "South Central US" | |
| $reservedIPname = "WEBSVR-001-ReservedIP" | |
| #Finds CENTOS-6.5 Image | |
| $image = Get-AzureVMImage | | |
| where { $_.ImageName -Match "OpenLogic*"}| | |
| sort PublishedDate -Descending | | |
| select -ExpandProperty ImageName -Last 1 | |
| ## Set Default Subscription | |
| Select-AzureSubscription $subcription | |
| #Request Reserved IP | |
| New-AzureReservedIP -ReservedIPName $reservedIPname" -Location $location | |
| #Verifiy Reserved IP created | |
| Get-AzureReservedIP | |
| #Creates VM with | |
| New-AzureVMConfig -Name $vmname -InstanceSize Small -ImageName $image | | |
| Add-AzureEndpoint -Name "HTTP" -Protocol "tcp" -PublicPort 80 -LocalPort 80 | | |
| Add-AzureProvisioningConfig -Linux -LinuxUser $username" -Password $pwd | | |
| New-AzureVM -ServiceName $cloudService -ReservedIPName $reservedIPname -Location $location |
TUTORIAL: HOW TO GENERATE A SELF SIGN CERT WITH OPENSSL ON CENTOS
What is openSSL and SSL, and why should you care?
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols as well as a full-strength general purpose cryptography library.
SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser; or a mail server and a mail client.
Normally, data sent between browsers and web servers is sent in plain text—leaving you vulnerable to eavesdropping. If an attacker is able to intercept all data being sent between a browser and a web server they can see and use that information. SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely.
It’s pretty much straight forward, and easy to generate as illustrated below.
| #Verfiy opensssl is installed | |
| rpm -qa | grep -i openssl | |
| #If it's not installed | |
| yum install openssl openssl-devel | |
| #Generate RSA key | |
| openssl genrsa -out domain.com.key 2048 | |
| #Create CSR | |
| openssl req -new -sha256 -key domain.com.key -out domain.com.csr | |
| #Varify CSR | |
| openssl req -noout -text -in domain.com.csr | |
| # Generate Self Signed Key | |
| openssl x509 -req -days 365 -in domain.com.csr -signkey domain.com.key -out domain.com.crt | |
| #Installation on APACHE | |
| <VirtualHost *:443> | |
| ServerName www.domain.com | |
| DocumentRoot /path/to/htdocs | |
| SSLEngine ON | |
| SSLCertificateFile /etc/pki/tls/certs/domain.com.crt | |
| SSLCertificateKeyFile /etc/pki/tls/private/domain.com.key | |
| #SSLCertificateChainFile /etc/pki/tls/certs/domain.com-chain.crt | |
| ErrorLog logs/ssl.domain.com.error_log | |
| CustomLog logs/ssl.domain.com.access_log combined | |
| </VirtualHost> |
FEATURED ON GRENADA 40 UNDER 40 LIST FOR TECHNOLOGY
A few months ago, I received an anonymous message on my tumblr blog about Grenada 40 project. The message didn’t have much details or contact information to get in touch with the sender. I thought it was one of those Facebook “most liked” competition where you get people to vote for you or your projects. At the time, I was swamped with work, projects, and classes. I really didn’t have free time to participate, so I didn’t made any attempt to follow up with them.
USING GIT TO DEPLOY AND UPDATE A WEBSITE PT. 2
Previously I wrote Tutorial: How to use Git to deploy and update a website Pt. 1, I was able to simultaneous push my changes seamlessly from my local machine to my git server, and web server.
It worked great, and reduced my deployment time significantly. Now I am taking it a step further. I want to push two different branches to different locations on my remote server. There are two branches on my local machine Master, and Beta.
LA NERDE: IN PURSUIT OF EXCELLENCE
La Nerde: In Pursuit of Excellencelanerde:
Excellence is a better teacher than mediocrity. The lessons of the ordinary are everywhere. Truly profound and original insights are to be found only in studying the exemplary. Warren G. Bennis
We have become a people of mediocrity.
We have chosen to accept things as they are, to limit our aspirations, to douse the dreams of others.