Tuesday, July 14, 2020

cloud-init change default user -AWS

If you are using custom AMI, you may want to use non-standard user instead of using default cloud-user. Replace cloud-user with any other user which you have probably already created for your AMI.

modify /etc/cloud/cloud.cfg

system_info:
  default_user:
    name: cloud-user
    lock_passwd: true
    gecos: Cloud User
    groups: [wheel, adm, systemd-journal]
    sudo: ["ALL=(ALL) NOPASSWD:ALL"]
    shell: /bin/bash
  distro: rhel
  paths:
    cloud_dir: /var/lib/cloud
    templates_dir: /etc/cloud/templates
  ssh_svcname: sshd
End it with folloowing command to rerun user related changes with new instance launch / reboot.
cloud-init clean

Monday, July 6, 2020

Postfix- Relay mails via office365.com

Following configuration will help you setup office365.com mail delivery using postfix.
Install required packages.
yum install cyrus-sasl-sql cyrus-sasl-plain cyrus-sasl-lib -y 
append following in /etc/postfix/main.cf
relayhost = [smtp.office365.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_generic_maps = hash:/etc/postfix/generic
smtp_tls_security_level = may
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
update generic file with sender email address, else office365.com server will reject your mails.
/etc/postfix/generic
@localdomain.local      your_office365_email_id
/etc/postfix/sasl_passwd
smtp.office365.com your_office365_email_id:your_password
restart service
postmap /etc/postfix/generic
postmap /etc/postfix/sasl_passwd
service postfix restart

Monday, June 29, 2020

Postfix- Relay mails via outlook.com

Following configuration will help you setup outlook.com mail delivery using postfix.
Install required packages.
yum install cyrus-sasl-sql cyrus-sasl-plain cyrus-sasl-lib -y 
append following in /etc/postfix/main.cf
relayhost = [smtp-mail.outlook.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_generic_maps = hash:/etc/postfix/generic
smtp_tls_security_level = may
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
update generic file with sender email address, else outlook.com server will reject your mails.
/etc/postfix/generic
@localdomain.local      your_id@outlook.com
/etc/postfix/sasl_passwd
smtp-mail.outlook.com your_id@outlook.com:your_password
restart service
postmap /etc/postfix/generic
postmap /etc/postfix/sasl_passwd
service postfix restart

Monday, June 22, 2020

Postfix- Relayhost with plain auth

If you wish to relay mails through your isp smtp server or any other, which requires plain/any auth, following config will help you.
Assuming that you have fresh postfix installed.

Install Dependency
yum install cyrus-sasl-plain -y

Postfix Configuration
add below lines in /etc/postfix/main.cf
relayhost = RELAY_SMTP_SERVER:PORT
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
myorigin = MY-MAIL-SERVER


Enable Smtp Auth for relayhost
cat /etc/postfix/sasl_passwd
RELAY_SMTP_SERVER EMAIL_ADDRESS:PASSWORD



postmap /etc/postfix/sasl_passwd
service postfix reload

Monday, June 15, 2020

udev renamed network interface eth0 to ...

udev renamed network interface eth0 to eth1 / eth2 (dmesg | grep eth)
Above message you'll hardly find while working on physical machine.
I have not faced this message on Citrix Xenserver, probably xenserver tools takes care of this.

This is what I faced while cloning one of VM on KVM. After cloning one of CentOS VM network wasn't working.

To resolve this, all you need is to remove / comment following lines from one of /etc/udev/rules.d/ files

Here I found eth0 entry in 70-persistent-net.rules

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="52:54:00:fe:18:e6", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="52:54:00:c2:b2:d3", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"


Once above lines removed / commented, you'll be able to configure interface as eth0.
You can also change eth1 / eth2 to eth0 for the relevant mac address.

Tuesday, June 9, 2020

SSH / SCP key authentication

Many time bash scrip demands scp. OR you may not wish to enter password every time you access remote server.
Generate key for local system.
ssh-keygen -t rsa
Copy key to remote server.
ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.1
Now you can ssh / scp without entering password.
For old system not equipped with ssh-copy-id
ssh-keygen -t rsa
scp ~/.ssh/id_rsa.pub root@192.168.1.1:
ssh root@192.168.1.1 ‘cat id_rsa.pub >> .ssh/authorized_keys’

Tuesday, June 2, 2020

NTP Client on CentOS / Fedora

NTP Client configuration.
It is very easy to configure NTP client on Linux machine.
Just two steps required to sync clock.
yum install ntp
ntpdate -u 1.pool.ntp.org
You can configure cron job to run 2nd step on schedule OR you can put in /etc/rc.local