gpg - export all (private-)keys

Posted on Sat 04 May 2019 in Linux • Tagged with howto, linux, notepad, gpg • 1 min read

GPG export

for keyid in $( gpg -K --with-colons | grep ^sec | cut -d: -f5 ); do \
  [[ -d ~/.gnupg/export ]] || mkdir ~/.gnupg/export; \
  gpg --export -a --export-options export-minimal --output ~/.gnupg/export/${keyid}.pub $keyid; \
  gpg --export-secret-keys -a --output ~/.gnupg/export/${keyid}.key $keyid;
done

For a public key without signatures use --export-options export-minimal …


Continue reading

cryptsetup - remote unlocking over ssh

Posted on Fri 03 May 2019 in Linux • Tagged with howto, linux, notepad, work, initrd • 1 min read

Notes

Only vaild for Ubuntu/Debian!

Package(s)

  • dropbear-initramfs

Configuration

ip config

# egrep "(DEVICE|IP)=" /etc/initramfs-tools/initramfs.conf 
DEVICE=enp3s0f0
IP=10.12.13.11::10.12.13.1:255.255.255.0::enp3s0f0:off
IP=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:
   <device>:<autoconf>:<dns0-ip>:<dns1 …

Continue reading

CaaS3: Update hostname

Posted on Tue 18 December 2018 in Linux • Tagged with suse, caas, kubernetes, linux, notepad • 1 min read

linux-q0sf:~ # cat /var/lib/misc/infra-secrets/mariadb-root-password  
eVSf9Ss/HFa4Rj68ymzhmVsHvhdV6i5aqUpXuboMGRdwo1SVnysDd/wg0De+9FJymdBsJLdmYsdU
linux-q0sf:~ # docker exec -ti d72182149834 bash  
bash-4.3# mysql -u root -p  
Enter password:  
Welcome to the MariaDB monitor. Commands end with ; or \g.  
Your MariaDB connection id is 18  
Server version: 10.0.34-MariaDB SLE …

Continue reading

selinux - change default type

Posted on Thu 12 April 2018 in Linux • Tagged with selinux, linux • 1 min read

$ matchpathcon /tftpboot
/tftpboot       system_u:object_r:tftpdir_t:s0
$ semanage fcontext -a -t tftpdir_rw_t "/srv/tftp(/.*)?"
$ restorecon -Rv /srv/tftp

chrony - adjust time manually

Posted on Fri 22 September 2017 in Linux • Tagged with chrony, Linux, Notepad, Work • 1 min read

$ chronyc -m "password $( awk '{ print $2 }' /etc/chrony/chrony.keys  )" makestep

[notepad] ceph journal size/ssd speed

Posted on Tue 18 October 2016 in Linux • Tagged with ceph, journal, ssd • 1 min read

ceph journal size (doc)

not for bluestore

osd journal size = {2 * (expected throughput * filestore max sync interval)}

The default for filestore max sync interval is 5 therefore for a 10Gbit network the "perfect" size would be

osd journal size = { 2 * ( 1280 * 5 ) } = 12.5 GB

ceph ssd speed

The optimum …


Continue reading

Google Software Updater fuckups

Posted on Thu 22 September 2016 in Linux • Tagged with notepad, osx, linux, Google Chrome • 1 min read

google-software-updater

To disable the ksfetch (ks = keystone) daemon (which comes with google products) there are several ways to do this.

  1. Uninstall the Google Software Update Agent
$ /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle \
    /Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/Resources/ksinstall [--nuke] 

The --nuke parameter will also remove ksfetch related stuff.

  1. Set the checkInterval …

Continue reading

ejabberd + letsencrypt (ssl config)

Posted on Mon 05 September 2016 in Linux • Tagged with letsencrypt, Linux, notepad, ejabberd • 1 min read

[...]
listen: 
  - 
    port: 5222
    module: ejabberd_c2s
    certfile: "/etc/ejabberd/ejabberd.pem"
    starttls: true
    starttls_required: true
    protocol_options:
      - "no_sslv2"
      - "no_sslv3"
      - "no_tlsv1"
      - "no_tlsv1_1"
    ciphers: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
    dhfile: "/etc/ejabberd/dh2048.pem"
    [...]
  - 
    port: 5269
    ip: "::"
    module: ejabberd_s2s_in
    protocol_options:
      - "no_sslv2"
      - "no_sslv3"
      - "no_tlsv1"
      - "no_tlsv1_1"

[...]
s2s_use_starttls: required
s2s_certfile: "/etc/ejabberd …

Continue reading

entropy inside a virtual machine

Posted on Thu 30 June 2016 in Linux • Tagged with ceph, kvm, linux, notepad • 1 min read

Sometimes my ceph-(test!)deployments inside a VM failed.

The Problem is that the kernel/cpu can not provide enough entropy (random numbers) for the ceph-create-keys command - so it stuck/hang. It is not a ceph problem! This can also happen with ssl commands.

But first things first - we need …


Continue reading

openvswitch and OpenFlow

Posted on Fri 04 September 2015 in Linux • Tagged with ovs, linux, notepad, openflow, openvswitch • 2 min read

openflow

Layer 1

ovs-ofctl del-flow BRIDGE
ovs-ofctl add-flow BRIDGE priority=500,in_port=1,actions=output:2
ovs-ofctl add-flow BRIDGE priority=500,in_port=2,actions=output:1
ovs-ofctl dump-flows BRIDGE

Layer 2

ovs-ofctl del-flow BRIDGE
ovs-ofctl add-flow BRIDGE dl_src=00:00:00:00:00:01,dl_dst=00:00:00:00:00:02 …

Continue reading