May 31 2017

1and1 releases Cloud-Init support for NGCS

So it appears that 1&1 has silently released an update to their CloudPanel products to support the Cloud-Init functionality. This is the same functionality seen with AWS, Linode, and others where you can configure things to happen for your server upon creation. The ultimate goal, for those unfamiliar, is to try to allievate some of the hassles associated with creating servers where you need to do trivial tasks like install applications, create users, etc. For MailServer customers, this is great because by default 1&1 Images still install with the HOSTNAME set to localhost.localdomain which will get you blacklisted if you’re not speedy enough to resolve it before your first email is sent. (For more information on a MailServer checklist).

For information on what Cloud-Init can do, read up at https://cloudinit.readthedocs.io to get some great examples and perfect use cases. The net is also swimming in guides by other people. One that I ran today for a test run, as I’ve never had the pleasure of using the system before, was as follows:

#cloud-config 
users:  
 - name: tgarrity
  gecos: Tim Garrity  
  sudo: ['ALL=(ALL) NOPASSWD:ALL']  
  groups: wheel  
  ssh-authorized-keys:  
    - ssh-rsa ABCDE...12345 vm-key
package_upgrade: true
fqdn: server1.diyserver.guide
hostname: server1
manage_etc_hosts: true
disable_root: true

Short and simple, create a new user for me outside of the root user, disabled root so it can only be used during KVM, and set the hostname.

November 6 2016

Clear your Linux History | Snippet | Linux

There’s only a few times where I’ve decided I needed to clear out my bash history without a trace, typically it was because I needed to test sending to a mail provider but didn’t want to leave my email there, or I saw that the customer pasted his password into the command line with things like “mysql -uroot -pmypassword”.

 

For those jobs where I need to clear out a whole batch of lines:

for i in {1..50}; do history -d $((HISTCMD-1)) && history -d ####; done

That script there will clear out 50 lines, starting from whereever you set ####. So if you run “history” and you see that you need to clear from lines 350 – 380, you’ll run:
for i in {1..30}; do history -d $((HISTCMD-1)) && history -d 350; done

If you just want to delete a certain line:

history -d $((HISTCMD-1)) && history -d ####

March 29 2016

Plesk 12.5.3 on Ubuntu 16.04 working

So I set out to do a few things for some colleagues at work in order to answer a few questions. One was agents wanted to know if and how to do an in place upgrade from 1&1’s supported version of Ubuntu 14.04 to the bleeding edge development version of Ubuntu 16.04. Then, after that, someone also asked “is Plesk supported by 16.04?” Well, fun fact, it doesn’t appear that Plesk is supporting even Ubuntu 15.04 yet, so it goes without a surprise that they don’t support 16.04. However, that doesn’t mean that Plesk won’t run on 16.04, on the contrary, it runs fine. Just don’t expect to install any updates or components after the fact. It appears that since Plesk uses encrypted binaries for their updater scripts, we can’t even remove the checks to force it to install. Fortunately most things can’t still be done if it’s installed already and you can always work with the binaries in place to add components like PHP Versions.

How hard was it to update?

# apt-get update
# apt-get do-release-upgrade -d
# plesk repair all -n
# shutdown -r now

And that’s it.

2016-03-28 19_59_01-Home - Plesk 12.5.30

2016-03-28 19_59_39-Plesk Installer

March 28 2016

CentOS 7 | Reset Root Password | Grub Method

Imagine the situation where your Administrator is fired/quits, and with him takes the root password of the server and need access to the server right now. Fortunately, Linux makes the process incredibly easy since you have local access, at least in the eyes of the Linux OS. All this method requires is the ability to manipulate GRUB, so if you have a way of seeing the grub menu and working with it, then this method is for you.

Let’s Get Started

  1. Reboot the server and get to the Grub Menu
  2. Go to the line that says “linux16”.
    1. There’s going to be a few more lines compared to CentOS6‘s method, just scroll slowly, it’s there.
  3. Using the Right arrow, go into the “linux16” line and find the word “ro”.
    1. This is telling the server to boot into Read Only. The server boots that and then upon login/mounting you get a Read/Write access. We want to bypass that.
  4. Change “ro” to “rw” and follow it up with “init=/sysroot/bin/sh”
    1. “ro” becomes “rw init=/sysroot/bin/sh”
  5. Press Ctrl-X to boot with this configuration
    1. Note that this doesn’t save the configuration, just lets you boot into it for this Session
  6. Now you should have Root access, type the “passwd” command to change the password.
  7. Reboot the server and use your new password to login.

This method is great for 1&1’s Dedicated Servers using the Serial Console, 1&1’s Cloud Servers using either the KVM/VNC console, and Digitalocean’s KVM console. As long as you can see GRUB, you can change the root password.

March 28 2016

CentOS 6 | Root Password Reset (GRUB Method)

Imagine the situation where your Administrator is fired/quits, and with him takes the root password of the server and need access to the server right now. Fortunately, Linux makes the process incredibly easy since you have local access, at least in the eyes of the Linux OS. All this method requires is the ability to manipulate GRUB, so if you have a way of seeing the grub menu and working with it, then this method is for you.

Let’s get started:

  1. Boot to the grub menu
  2. At the Grub menu press ‘e’ for edit.
  3. You should see 3 lines, scroll to the kernel line
  4. Using the Right Arrow, scroll to the end of that line
  5. Type the number “1” at the end and then hit “Enter”
  6. Now you’re looking at the 3 line again, hit ‘B’ to boot with this configuration
    1. Note: This is not saving the configuration, just booting you into Single User Mode for this session.
  7. You should now be booted into Single User Mode with Root access. Change the password with the “passwd” command
    1. # passwd
  8. Reboot the server with the “reboot” command

This method is great for 1&1’s Dedicated Servers using the Serial Console, 1&1’s Cloud Servers using either the KVM/VNC console, and Digitalocean’s KVM console. As long as you can see GRUB, you can change the root password.

March 20 2016

SSH Keys with 1and1 Cloud Servers

1&1 has updated their NGCS (New Gen Cloud Server) platform to include the ability to have your Public SSH key added to the server upon creation. SSH keys gives you a secure Public/Private key solution that is much safer than using passwords. Unfortunately, you’ll still have to do a few security tasks such as disable password logins, change ports, and disable root login altogether for a nice and secure system, but for now this is a pleasant addition!

 

2016-03-16 20_38_48-1&1 Cloud Panel

Create your Public key using PuttyGen , then simply paste the contents of the Public Key into “SSH Key”. After the server is complete, you can use Pageant from the same Putty creator, or if your SSH client like MobaXterm allows it, load the Private Key then connect to your server.

November 21 2015

Arch Linux on 1and1 Cloud Server

Migrated from TimGarrity.me

With the inclusion of 1&1’s VMWare-based cloud servers, comes the ability to finally be able to install our OSes directly using the OS ISO rather than 1and1.com’s pre-created image. The goal of this article is that when we’re finished, we’ve figured out a way to install unsupported operating systems on to an NGCS VM without being able to use VMWare’s DVD or USB drive.

Now, as a disclaimer, this was the first time working on a task like this in all my years of running Linux. How often do you really find yourself without a USB drive or a CD/DVD? Also, 1&1’s stance is to provide support for the Hardware, and not the software, so they don’t support the OS and you can be sure they don’t support an OS that they have vetted. So please don’t do this on a live server that you wish to run your business off of unless you know exactly what it is you’re doing.

Preresequites:

  • Cloud Server S ($4.99)
  • CentOS7 ISO – Don’t choose image, as we want to make sure we parition to our liking.
  • ArchLinux ISO – to be downloaded after VM is spun up

Since we’re installing via the CentOS ISO, we’re going to need the use the KVM. So first, let’s create our VM:

2015-11-16 09_33_29-1&1 Control Panel

When complete, go ahead and load up the KVM Console. The creation strangely takes 2minutes, though creating a container with a preconfigured Image in cache takes 55seconds. IDK.
A few things I did, I used a 1GB swap and an 8GB main partition. Since I’m going to blow the 8GB CentOS install away later for ArchLinux, that seemed like a safe bet. However, you may want more or less swap space.

2015-11-16 09_36_27-ArchLinux Tutorial

2015-11-16 09_36_56-ArchLinux Tutorial

2015-11-16 09_37_23-ArchLinux Tutorial

2015-11-16 09_39_37-ArchLinux Tutorial

Remember to turn your Network Settings on so we don’t have to stay working in the KVM and can do things like Copy/Paste via SSH.

2015-11-16 09_39_56-ArchLinux Tutorial

2015-11-16 09_40_24-ArchLinux Tutorial

 

While you’re waiting for everything, maybe put on some music.

2015-11-16 09_42_34-Program Manager

 

Then finally, when all said and done, you should be able to start booting into CentOS7

2015-11-16 09_46_49-ArchLinux Tutorial

So let’s grab our IP Address and ssh into the machine

2015-11-16 09_47_02-1&1 Control Panel

# ssh [email protected]

[[email protected] ~]#

Now, we’re going to need wget to download our image. So let’s have Yum take over for that:

# yum install -y wget

Now we get our image from the mirror. Find the best one for you by going to https://www.archlinux.org/download/ . I chose http://mirrors.advancedhosters.com/archlinux/iso/2015.11.01/archlinux-2015.11.01-dual.iso

# wget http://mirrors.advancedhosters.com/archlinux/iso/2015.11.01/archlinux-2015.11.01-dual.iso

We’re now going to want to keep everything nice and orderly. This is helpful if you were keeping CentOS7 to stay, and just livebooting other OSes. So let’s create an “/iso” folder and move our file there.

# mkdir /iso 
# mv archlinux-2015.11.01-dual.iso /iso/archlinux.iso

Now, we have our image where we need it, renamed it so it’s easily remembered. Now we need to update grub to boot from it. Luckily I’ve tested this all out in VMWare so I have this down to a science now. First, we’re going to want to do two things. Let’s find out what sda we’re working with, let’s create a partition for Arch, then create a FS for Arch to install into, and THEN we’ll edit grub.

# fdisk -l

Disk /dev/sda: 32.2 GB, 32212254720 bytes, 62914560 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000affa2

 Device Boot Start End Blocks Id System
/dev/sda1 * 2048 16386047 8192000 83 Linux
/dev/sda2 16386048 18434047 1024000 82 Linux swap / Solaris

# fdisk /dev/sda
Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.


Command (m for help): n
Partition type:
 p primary (2 primary, 0 extended, 2 free)
 e extended
Select (default p): p
Partition number (3,4, default 3):
First sector (18434048-62914559, default 18434048):
Using default value 18434048
Last sector, +sectors or +size{K,M,G} (18434048-62914559, default 62914559):
Using default value 62914559
Partition 3 of type Linux and of size 21.2 GiB is set

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.

# shutdown -r now
Connection to 70.35.206.163 closed by remote host.
Connection to 70.35.206.163 closed.

We rebooted so that sda3 could sync. Let’s jump back into the server when it’s back up

# ssh [email protected]
# mkfs.ext4 /dev/sda3
mke2fs 1.42.9 (28-Dec-2013)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
1392640 inodes, 5560064 blocks
278003 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=2153775104
170 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
 4096000

Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

Now we’re good to go with editing grub, knowing that we need to mount the ArchISO to boot with sda1, though we’ll be installing to sda3

# vi /etc/grub.d/40_custom
menuentry "Archlinux" {
 set isofile="/iso/archlinux.iso"
 loopback loop (hd0,1)$isofile
 linux (loop)/arch/boot/i686/vmlinuz img_dev=/dev/sda1 img_loop=$isofile earlymodules=loop
 initrd (loop)/arch/boot/i686/archiso.img
 boot
}

:wq
#

# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.10.0-123.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-123.el7.x86_64.img
Warning: Please don't use old title `CentOS Linux, with Linux 3.10.0-123.el7.x86_64' for GRUB_DEFAULT, use `Advanced options for CentOS Linux>CentOS Linux, with Linux 3.10.0-123.el7.x86_64' (for versions before 2.00) or `gnulinux-advanced-89f6069e-b33b-4d18-aa43-bf2cd5702846>gnulinux-3.10.0-123.el7.x86_64-advanced-89f6069e-b33b-4d18-aa43-bf2cd5702846' (for 2.00 or later)
Found linux image: /boot/vmlinuz-0-rescue-d1222860536444a9811e04e8990a10ff
Found initrd image: /boot/initramfs-0-rescue-d1222860536444a9811e04e8990a10ff.img
done
#

So now….let’s do this, let’s get back into the KVM and reboot the server

 

We’re going to need to mount sda3 into the /mnt folder, and start the install process.

# mount /dev/sda3 /mnt

Now, we follow the ArchLinux install guide https://wiki.archlinux.org/index.php/Installation_guide#Install_the_base_packages

# pacstrap /mnt base

After you’ve finsihed the install and following that guide, you’ll get to the bootloader. Here we’re going to override and pretend that centOS never existed and just reinstall grub. An alternative approach would have been to add a menuentry for Arch to centOS’s GRUB menu or vice versa, but we’re not dual-booting here.

# pacman -S grub-bios
# grub-install /dev/sda
# grub-mkconfig -o /boot/grub/grub.cfg

Now, centOS is lost in the partitions. We are now Arch Linux. Let’s exit out of this chroot and reboot.

# exit
# reboot

So now we’re on ArchLinux, but…..we’re a remote server with no network capability. This is because our network interface doesn’t know it should be turned on and getting an IP from dhcp. So lets use the KVM and find out what the name of our NIC is.

# ls /sys/class/net
lo en01234567

Here we see our LoopBack is lo, and our Ethernet is en01234567. That’s a hell of a name to remember, so let’s change it to something simple like net0. First get the Mac Address and then edit the network interface and reboot

# ip link show en01234567
en01234567: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state DOWN mode DEFAULT group default qlen 1000
    link/ether 08:00:27:23:6f:3a brd ff:ff:ff:ff:ff:ff

# ip link set en01234567 down
# vi /etc/udev/rules.d/10-network.rules
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="08:00:27:23:6f:3a", NAME="net0"
:wq

# udevadm --debug test /sys/class/net/en01234567
# reboot

# systemctl enable [email protected]net0.service
# reboot

Now everything should be working and you should be able to install ssh and get out of the KVM. We’re going to allow root to login for now, but later, stick to better security measures.

# pacman -S openssh

# vi /etc/ssh/sshd_config
....
..
PERMITROOTLOGIN YES
:wq

# systemctl start openssh

 

And that’s it. We can now do what we’d like with our ArchLinux.

Maybe nexttime, we can get rid of the safety nets, mount the ArchLinux iso into /dev/sda3 and install directly onto the primary. I’d suspect that a better setup would have been 1GB Swap as sda1, 25GB SDA2 for Centos, then a 4GB parition to mount archlinux.iso into. Then we could have overridden sda2 with our ArchLinux install, and good, but for now, we have a safety net of going back to centos if things get foobar’d.