AWS Lambda to stop ec2 instance with cron

  • Create aws lambda function
  • Attach IAM role as required
import boto3
region = 'ap-south-1'
instances = ['i-0e4e6863cd3da57b5']
ec2 = boto3.client('ec2', region_name=region)
def lambda_handler(event, context):
    ec2.stop_instances(InstanceIds=instances)
    print('stopped your instances: ' + str(instances))
  • Create Cloudwatch event bus rule and attach it to lambda function

integrate openvpn with AD

  • install openvpn-auth-ldap package
yum install openvpn-auth-ldap
  • /etc/openvpn/server/server.conf

local 192.168.0.183
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
push "redirect-gateway def1 bypass-dhcp"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
verb 3
crl-verify crl.pem
explicit-exit-notify
plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn/auth/ldap.conf"
verify-client-cert none
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
  • /etc/openvpn/auth/ldap.conf
<LDAP>
URL ldap://ad.example.com:389
BindDN CN=openvpn-svc,CN=Users,DC=example,DC=com
Password pass@123

Timeout 15
TLSEnable no

FollowReferrals yes
TLSCACertFile /etc/ssl/certs/ca-certificates.crt
TLSCACertDir /etc/ssl/certs

</LDAP>

<Authorization>

BaseDN "CN=Users,DC=example,DC=com"
SearchFilter "(&(SamAccountName=%u))"
RequireGroup true

<Group>
BaseDN "CN=Users,DC=example,DC=com"
SearchFilter "(cn=openvpn-group)"
MemberAttribute "member"
</Group>

</Authorization>
  • client-cert.ovpn
client
dev tun
proto udp
remote <publicip> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
auth-user-pass
verb 3
<ca>
Masked
</ca>
<cert>
Masked
</cert>
<key>
Masked
</key>
<tls-crypt>
Masked
</tls-crypt>

AD powershell command to get user and group details

Get-ADUser -Identity openvpn-svc -Properties *

Get-ADGroup openvpn-group -Properties *

Look at distinguished name and see the correct path

optimize your binary file size with strip command

Strip command strips the symbols form object file.

strip /path/to/binaryfile

strip -s /path/to/binaryfile

# on strip debug symbols

strip --strip-debug example

To view all symbols in binary(readelf)

readelf -s /path/to/binaryfile

nm command:

nm /path/to/binaryfile

More

Access/copy files in distroless container

Method 1 – using basic shell command

# Get the PID
ps -ef | grep <containerID>

# View all files
ls -ltr /proc/<PID>/root/

Method 2 – using kubectl , docker cp command

docker cp containerID:/path/to/file /path/file
kubectl cp pod_name:/path/to/file /path/file

More : https://blog.px.dev/container-filesystems/ 

Learning rust – guess number code

Why rust?
– Fast
– Reliable
– Deep WASM integration
https://aws.amazon.com/blogs/opensource/sustainability-with-rust/

use std::io;
use rand::Rng;
use std::cmp::Ordering;

fn main() {
    println!("Guess the number:");
    let secret_number = rand::thread_rng().gen_range(1..101);
    loop {

    
    println!("Please input your guess.");
    let mut guess = String::new();

    io::stdin()
        .read_line(&mut guess)
        .expect("fail to read line");

    
    let guess: u32 = match guess.trim().parse() {
        Ok(num) => num,
        Err(_) => continue,
    };
    println!("You guess : {}",guess);
    match guess.cmp(&secret_number) {
        Ordering::Less => println!("Too small!"),
        Ordering::Greater => println!("Too big!"),
        Ordering::Equal => {
            println!("You win!");
            break;
        }
    }
    }
}
  • It calls main function by default.
  • can accept parameter in ()
  • &mut guess uses reference rather value

Want to get started with Rust?

https://doc.rust-lang.org/book/title-page.html

stop(kill -SIGSTOP) current running process and start(kill -SIGCONT) into another terminal – linux

We can use screen, tmux, nohup command to run process in background.

But, what we can do if we already run the process and we want to send it to background.

We can use kill signal to achieve this.

kill -SIGSTOP PID 
kill -SIGCONT PID

SIGSTOP = pause the process
SIGCONT = continue the process

Here is example.

sleep-loop.sh

while(true)
do
echo "running loop...$(date +%s)"
sleep 5
done

You can close the 1st terminal after starting in running the SIGCONT in another terminal AND you can also close the 2nd second terminal as well as it’s running in backgroud.(kind of nohup)

Other method using jobs command

  1. Press CTRL + Z to Pause the current process
  2. bg = to send job to background
  3. disown %1

disow will remove form job queue and run in background so that we can close the terminal

More – https://stackoverflow.com/questions/625409/how-do-i-put-an-already-running-process-under-nohup

CKA certification tips

  • Join the exam 20 min before it start as it will take time to verify all your ID and Place.
  • During the exam you will have access to http://kubernetes.com/docs
  • Every question shows % weight so you can take high % weight questions first if it’s not related to other question.
  • Practice is very important. Complete mock testing at least 3-5 times
  • Complete your training with KodeKloud with practice and mock test.
  • You can practice your exam on killer.sh which you get it for free once you buy CKA certification. 2 mock sessions are available 36 hours each
  • killer.sh questions are hard. I was able to complete around 20 in 2 hours.
  • Exam time is 2 hours as of 25th JAN 2022
  • There was 17 question(there can be more than 17 also)

  • Exam result will be sent in 24 hours.(Exactly 24 hours 1 minute)

xargs understanding – linux

xargs pass the output(stdout) of first command to second command as argument. 

ls | xargs rm -f

This will remove all file listed by ls command

  • To understand properly what xargs is doing. use -p flag. It’s like dry-run.
[root@lp-k8control-1 xargs]# ls
test  test2  test3
[root@lp-k8control-1 xargs]# ls | xargs -p rm -f
rm -f test test2 test3 ?...

flag -n1 = one at a time

[root@lp-k8control-1 xargs]# ls | xargs -p -n1 rm -f
rm -f test ?...

flag -I % = run multiple command

[root@lp-k8control-1 xargs]# ls | xargs -p -n1 -I % /bin/bash -c 'ls %; ll %  '
/bin/bash -c ls test; ll test   ?...y
test

More : https://flaviocopes.com/linux-command-xargs/