Open range ports via ufw or iptables

For UFW

ufw allow from any to any port 4000:4020 proto tcp

For iptables

iptables -A tableName -p tcp  --match multiport --dports port1,port2 -j ACCEPT
iptables -A tableName -p udp  --match multiport --dports port1,port2 -j DROP
iptables -A tableName -p protocol  --match multiport --dports portRange1:PortRange2 -j ACCEPT
iptables -A tableName -p tcp  --match multiport --sports port1,port2 -j ACCEPT
iptables -A tableName -p udp  --match multiport --sports port1,port2 -j DROP
iptables -A tableName -p protocol  --match multiport --sports portRange1:PortRange2 -j ACCEPT

Correct way to move kvm vm

I have a problem to do live migration between two host computers via virt manager. It is a permission issue but I don’t have time to fig it out. It is not a big deal. It is ok to move KVM vms offline.

  1. stop VM from gui or cli or guest console
  2. dump guest configuration as xml
    virsh dumpxml VMNAME > domxml.xml
  3. copy the guest images to another server with same path
  4. define a VM from the dump xml file
    virsh define domxml.xml
  5. Check the configuration and start VM on new host. Usually need to check the network configuration, CPU, and memory.

source: http://serverfault.com/questions/434064/correct-way-to-move-kvm-vm

Ubuntu 16.04 Winbind and Active Directory

Official SSSD and Active Directory guide doesn’t work. It is hard to find what’s wrong. Using Winbind works well.

Installation:

sudo apt install winbind samba
sudo apt install cups-common python-crypto-dbg python-crypto-doc bind9 bind9utils ctdb ldb-tools ntp smbldap-tools heimdal-clients libnss-winbind libpam-winbind

Configuration:

sudo vi /etc/samba/smb.conf
[global]

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will part of
#   workgroup = GROUP

# server string is the equivalent of the NT Description field
  server string = %h server (Samba, Ubuntu)

        security = ads
        realm = MYDOMAIN.COM
# If the system doesn't find the domain controller automatically, you may need the following line
#        password server = 10.0.0.1
# note that workgroup is the 'short' domain name
        workgroup = MYDOMAIN
#       winbind separator = +
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        template homedir = /home/%D/%U
        template shell = /bin/bash
        client use spnego = yes
        client ntlmv2 auth = yes
        encrypt passwords = yes
        winbind use default domain = yes
        restrict anonymous = 2

Restart services:

sudo service winbind stop
sudo service samba-ad-dc restart
sudo service winbind start

Join the AD (see “net ads help”):

sudo kinit Admin@MYDOMAIN.COM
# check klist
sudo klist
# join (ignore the dns error messages)
sudo net ads join -k

OR
sudo net ads join -U Admin@MYDOMAIN.COM

Setup Authentication

sudo vi /etc/nsswitch.conf

 

passwd:         compat winbind
group:          compat winbind
shadow:         compat

Restart Winbind

sudo service winbind restart

PAM Configuration

sudo pam-auth-update

Create Home directory

sudo mkdir /home/MYDOMAIN

Add sudo users

sudo vi /etc/sudoers.d/MYDOMAIN

 

# replace adgroup as real domain group name
%adgroup        ALL=(ALL) NOPASSWD: ALL

Test

wbinfo -u
wbinfo -g

Login as a domain user and enjoy…

Ubuntu keeps running when laptop lid is closed

Keep running after closed lid

$ sudo vi /etc/systemd/logind.conf
...
HandleLidSwitch=ignore
...

$ sudo service systemd-logind restart

The values of HandleLidSwitch are ignore, suspend, hibernate, and poweroff.

Keep console screen always on:

$ sudo vi /etc/default/grub
...
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash consoleblank=0"
...

$ sudo update-grub
$ sudo shutdown -r now

Turn off console screen after 1 minute:

$ sudo vi /etc/default/grub
...
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash consoleblank=60"
...

$ sudo update-grub
$ sudo shutdown -r now

LXD images and multiple hosts

Remote operations require the following two commands having been run on the remote server:

lxc config set core.https_address "[::]:8443"
lxc config set core.trust_password some-password

Add a remote server:

lxc remote add <server alias> <ip address or DNS>

And after that, use all the same command as above but prefixing the container and images name with the remote host like:

lxc exec host-a:first -- apt-get update

Manually import images example:

lxc image copy images:gentoo/current/amd64 local: --alias gentoo --auto-update
lxc image import <tarball> --alias random-image
lxc image import https://dl.stgraber.org/lxd --alias busybox-amd64

List images:

lxc image list
lxc image list <remote server alias>:

Editing image:

lxc image edit <alias or fingerprint>

Deleting image:

lxc image delete <alias or fingerprint>

Create you own image from a container:

lxc publish my-container/some-snapshot --alias some-image

 

 

Reference:
Installing LXD and the command line tool
LXD 2.0: Image management [5/12]

Create service script on Ubuntu

Creating service script

$ vi myservice.sh
#!/bin/bash
...
case "$1" in
  (start)
    # start app command here
    ;;

  (stop)
    # stop app command here
    ;;

  (restart)
    # restart app command here
    ;;

  (*)
    echo "Unknown action!"
    exit 1
    ;;
esac
exit 0

Creating server configuration file

$ sudo vi /etc/systemd/myservice.service
[Unit]
Description=Job that runs the my application

[Service]
User=testuser
Group=testgroup
Type=forking
ExecStart=<path>/myservice.sh start
ExecStop=<path>myservice.sh stop
ExecReload=<path>myservice.sh restart

[Install]
WantedBy=multi-user.target

Testing your service

$ sudo systemctl start myservice
$ sudo systemctl status myservice

Enable your service

$ sudo systemctl enable myservice

Reference:
https://wiki.ubuntu.com/SystemdForUpstartUsers
http://stackoverflow.com/questions/33955604/start-a-python-script-at-boot-on-ubuntu

Install java on ubuntu

Installing default jre/jdk

sudo apt update
sudo apt install default-jre
sudo apt install default-jdk

Installing openjre/jdk 7

sudo apt-get install openjdk-7-jre 
sudo apt-get install openjdk-7-jdk

Installing Oracle java

sudo apt-get install python-software-properties
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update

sudo apt-get install oracle-java6-installer

sudo apt-get install oracle-java7-installer

sudo apt-get install oracle-java8-installer

Managing java

sudo update-alternatives --config java
sudo update-alternatives --config javac

Setting JAVA_HOME

sudo vi /etc/environment
JAVA_HOME="YOUR_PATH"