Open range ports via ufw or iptables


ufw allow from any to any port 4000:4020 proto tcp

For iptables

iptables -A tableName -p tcp  --match multiport --dports port1,port2 -j ACCEPT
iptables -A tableName -p udp  --match multiport --dports port1,port2 -j DROP
iptables -A tableName -p protocol  --match multiport --dports portRange1:PortRange2 -j ACCEPT
iptables -A tableName -p tcp  --match multiport --sports port1,port2 -j ACCEPT
iptables -A tableName -p udp  --match multiport --sports port1,port2 -j DROP
iptables -A tableName -p protocol  --match multiport --sports portRange1:PortRange2 -j ACCEPT

Correct way to move kvm vm

I have a problem to do live migration between two host computers via virt manager. It is a permission issue but I don’t have time to fig it out. It is not a big deal. It is ok to move KVM vms offline.

  1. stop VM from gui or cli or guest console
  2. dump guest configuration as xml
    virsh dumpxml VMNAME > domxml.xml
  3. copy the guest images to another server with same path
  4. define a VM from the dump xml file
    virsh define domxml.xml
  5. Check the configuration and start VM on new host. Usually need to check the network configuration, CPU, and memory.


Ubuntu 16.04 Winbind and Active Directory

Official SSSD and Active Directory guide doesn’t work. It is hard to find what’s wrong. Using Winbind works well.


sudo apt install winbind samba
sudo apt install cups-common python-crypto-dbg python-crypto-doc bind9 bind9utils ctdb ldb-tools ntp smbldap-tools heimdal-clients libnss-winbind libpam-winbind


sudo vi /etc/samba/smb.conf

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will part of
#   workgroup = GROUP

# server string is the equivalent of the NT Description field
  server string = %h server (Samba, Ubuntu)

        security = ads
        realm = MYDOMAIN.COM
# If the system doesn't find the domain controller automatically, you may need the following line
#        password server =
# note that workgroup is the 'short' domain name
        workgroup = MYDOMAIN
#       winbind separator = +
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        template homedir = /home/%D/%U
        template shell = /bin/bash
        client use spnego = yes
        client ntlmv2 auth = yes
        encrypt passwords = yes
        winbind use default domain = yes
        restrict anonymous = 2

Restart services:

sudo service winbind stop
sudo service samba-ad-dc restart
sudo service winbind start

Join the AD (see “net ads help”):

sudo kinit Admin@MYDOMAIN.COM
# check klist
sudo klist
# join (ignore the dns error messages)
sudo net ads join -k

sudo net ads join -U Admin@MYDOMAIN.COM

Setup Authentication

sudo vi /etc/nsswitch.conf


passwd:         compat winbind
group:          compat winbind
shadow:         compat

Restart Winbind

sudo service winbind restart

PAM Configuration

sudo pam-auth-update

Create Home directory

sudo mkdir /home/MYDOMAIN

Add sudo users

sudo vi /etc/sudoers.d/MYDOMAIN


# replace adgroup as real domain group name
%adgroup        ALL=(ALL) NOPASSWD: ALL


wbinfo -u
wbinfo -g

Login as a domain user and enjoy…

Ubuntu keeps running when laptop lid is closed

Keep running after closed lid

$ sudo vi /etc/systemd/logind.conf

$ sudo service systemd-logind restart

The values of HandleLidSwitch are ignore, suspend, hibernate, and poweroff.

Keep console screen always on:

$ sudo vi /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash consoleblank=0"

$ sudo update-grub
$ sudo shutdown -r now

Turn off console screen after 1 minute:

$ sudo vi /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash consoleblank=60"

$ sudo update-grub
$ sudo shutdown -r now

LXD images and multiple hosts

Remote operations require the following two commands having been run on the remote server:

lxc config set core.https_address "[::]:8443"
lxc config set core.trust_password some-password

Add a remote server:

lxc remote add <server alias> <ip address or DNS>

And after that, use all the same command as above but prefixing the container and images name with the remote host like:

lxc exec host-a:first -- apt-get update

Manually import images example:

lxc image copy images:gentoo/current/amd64 local: --alias gentoo --auto-update
lxc image import <tarball> --alias random-image
lxc image import --alias busybox-amd64

List images:

lxc image list
lxc image list <remote server alias>:

Editing image:

lxc image edit <alias or fingerprint>

Deleting image:

lxc image delete <alias or fingerprint>

Create you own image from a container:

lxc publish my-container/some-snapshot --alias some-image



Installing LXD and the command line tool
LXD 2.0: Image management [5/12]

Create service script on Ubuntu

Creating service script

$ vi
case "$1" in
    # start app command here

    # stop app command here

    # restart app command here

    echo "Unknown action!"
    exit 1
exit 0

Creating server configuration file

$ sudo vi /etc/systemd/myservice.service
Description=Job that runs the my application

ExecStart=<path>/ start
ExecStop=<path> stop
ExecReload=<path> restart


Testing your service

$ sudo systemctl start myservice
$ sudo systemctl status myservice

Enable your service

$ sudo systemctl enable myservice


Automatically enable HTTPS on your website with EFF’s Certbot, deploying Let’s Encrypt certificates.


For Apache on Ubuntu 16.04

$ sudo apt-get install python-letsencrypt-apache 
$ sudo letsencrypt --apache

Add cornjob

$ sudo vi /etc/crontab
# renew domain certificate
00 7   * * * root letsencrypt renew
00 19  * * * root letsencrypt renew

Install java on ubuntu

Installing default jre/jdk

sudo apt update
sudo apt install default-jre
sudo apt install default-jdk

Installing openjre/jdk 7

sudo apt-get install openjdk-7-jre 
sudo apt-get install openjdk-7-jdk

Installing Oracle java

sudo apt-get install python-software-properties
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update

sudo apt-get install oracle-java6-installer

sudo apt-get install oracle-java7-installer

sudo apt-get install oracle-java8-installer

Managing java

sudo update-alternatives --config java
sudo update-alternatives --config javac


sudo vi /etc/environment

Postfix Mail Queue Management

View mail queue

sudo mailq

Flush mail queue method1

sudo postfix flush

Flush mail queue method2

sudo postfix -f

Remove all mails in the deferred queue

sudo postsuper -d ALL deferred

Remove all mails from queue

sudo postsuper -d ALL