Showing posts with label Linux. Show all posts

Tuesday, May 19, 2020

Tmate, the perfect Instant terminal sharing Tool for Remote collaboration

We love Tmate and we bet you will!

“Visionary, outstanding, almost magic” that’s what I thought the first time I got my hands on Tmate.
Sure, we all know about TeamViewer, VNC, and other remote desktop products we used hundred times to help our parents or friends through a shared screen. But nothing compares nor prepares you for this in terms of simplicity and seamlessness, especially if Terminals are part of your daily job.

Remote collaboration, in these quarantine times, became more than vital. It was only after posting an issue on a random project on GitHub that someone proposed help through slack and mentioned “live troubleshooting”. I wasn’t sure what he meant but I decided to join and explained my problem. Next thing I know, a command line I pasted made him connect to my virtualbox vm and here he was hammering keys on my own terminal. All this with zero latency while he was in Madrid and I in Toronto. That was lit!
Total ubiquity, full encryption and of course completely free. Those were the features of Tmate, an opensource fork of Tmux (local terminal multiplexer) which lets you attach a terminal session from across the world. No more sharing all your desktop’s screen and worrying about your sensitive data or browser tabs you forgot to close.
That’s where I thought this little discovery deserved a post on its own.

For those wondering, Tmate was developped by Nicolas Viennot who opened its source since 2013 hoping to promote pair programing between strangers across the globe.

How it works

Once installed in your machine you’d run tmate command to establish a secure SSH connection with tmate.io’s public server that’ll return random SSH and HTML connection strings for your session. Your friend will then paste the connection string (or URL) to attach your terminal session and instantly start interacting with it. This is particularly helpful when using different keyboards. To add more to this awesomeness, remote clients don’t even need Linux as they can pair through a web browser. You can learn more about the architecture from the author’s paper, or by checking the below diagram I managed to draw from reading his publication ;).

Tmate Architecture

Network: The SSH public server (ssh.tmate.to) resolves 4 IPs spread across San Francisco, New York, London, and Singapore which makes it highly available. When the fastest server is elected, the remote tmate(tmux) daemon sends back the connection strings to the session running tmate. Whenever a disconnection happens between a host and remote tmate, or remote tmate & proxy, or proxy & master, sessions reconnect automatically and sync back (with likely a different socket name). Tmate goes through NATs and tolerate host IP changes while its proxy ensures the transparency of remote clients connection.
Connection string: The 25 character long random id generated for the session is called token.

Installation

In this tutorial, we will learn how to install and use Tmate for remote terminal sharing. It will prove handy for pair-programming, live troubleshooting, or managing servers from a remote location. The example depicts how I quickly shared my virtualbox environment with someone who could jump in live and resolve my issue (providing the vm had access to internet).

1. Open a terminal and enter the following command.

# curl -L https://github.com/tmate-io/tmate/releases/download/2.4.0/tmate-2.4.0-static-linux-amd64.tar.xz | tar Jxvf - ; mv tmate*/tmate /usr/bin

Usage

2. Run “tmate” command.

tmate

-Your will see all available connection strings for both web and ssh (read write/read only) accesses.
> Copy the content and hit q to clear the screen.

Tip: if you wish to use tmate only for remote access, run: tmate -F
[0/0]To see the following messages again, run in a tmate session: 
tmate show-messages
Press <q> or <ctrl-c> to continue
---------------------------------------------------------------------
Note: clear your terminal before sharing readonly access 
web session read only: https://tmate.io/t/ro-Kjh2VHM8xpAEEUjnNxz4aavMb
ssh session read only: ssh ro-Kjh2VHM8xpAEEUjnNxz4aavMb@nyc1.tmate.io
web session: https://tmate.io/t/ytNAPhtmczmkbPs2aAvWpEK5C
ssh session: ssh ytNAPhtmczmkbPs2aAvWpEK5C@nyc1.tmate.io

3. From the remote machine, open a terminal, past the ssh connection string, hit enter
and voila. You are now connected to the host session without any authentication setup.
> Let’s run a command.

- Alternatively, you could do the same from a web browser by entering the mentioned session URL.

4. Your host machine will now display the same command ran from above remote client.

5. Find tmate session information and currently connected clients, using the following command:

tmate show-messages

The proxy notifies the host of any clients joining or leaving the session.

- If you only want your remote client to interact with the session you can use the “-F” option

Note: For those who want to use named sessions instead of tokens to be restart consistent. They will have to request an API key from tmate website and then run a command that would look like this:

tmate -k API_KEY -n session-name

End Session

6. To end tmate session enter exit command (always remember this!).

exit

Install your own server

If you are a security freak you can always host the whole tmate infrastrcuture in your own server
by deploying the docker images listed below: (more details at tmate.io)

tmate-ssh-server (ssh access)
tmate-websocket (html and named sessions)
tmate-master (requires Postgres database)
tmate-kube (kubernetes to create and manage above containers)

Once installed your local machines you want to share sessions from should include the below attributes in the ~/.tmate.conf file

set tmate-server-host Mytmatehost
set tmate-server-port 2200
set -g tmate-server-rsa-fingerprint    "SHA256:MyTmateFngerprint" 
set -g tmate-server-ed25519-fingerprint"SHA256:tmateEdDSAFingerprint”

WHAT’S NEXT

I keep enjoying tmate as I was just live fixing a kvm terraform issue I was stuck on, yesterday, with the help of a developer from Sao Paulo (Brazil). Such a cool way to learn and discover the world ;). Feel free to talk about it with your colleagues.
#Dobrigado :)

Sunday, September 15, 2019

Vagrant: Create a Red Hat 8 base box packaged for Oracle 19c (Vbox)

Intro

Vagrant is an opensource tool for working with virtual environments (VirtualBox,HyperV,Vmware..etc). It provides a simple command-line client for managing these environments, using a text-file (VagrantFile) defining the attributes of each environment.
To know more about vagrant you can try their getting started guide or consult the Vagrant official documentation.

Vagrant cloud already offers a plethora of existing Boxes, from windows to BSD (including numbers of Linux distros. But in case you are looking for a specific setup for your builds, you may need a custom box.
In this article we will create a prepackaged Vagrant box from a existing RedHat 8 base box then uppload/publish it into the Vagrant cloud.

Note: This box will include necessary packages to install Oracle 19c Database or grid infrastrcuture software on Rhel8. Feel free to use it in your vagrant builds (see link at the bottom of this post).

Pre-requisites

To create a Vagrant box from scratch there are few requirements to respect regarding the virtual machine

The first network interface (adapter 1) must be a NAT adapter. Vagrant uses this to connect the first
VirtualBox Guest Additions must be installed so that things such as shared folders can function.

However, these steps won’t be necessary here since we are customizing an already existing base box.
If you still want to know more about doing this from a new vm, check out Tim Hall’s example.
This tutorial is divided in two parts : I. Create the Oracle 19c ready Vagrant box , II. Share it online

I. Create the Oracle 19c ready Vagrant box from an existing one

1. Import a generic RHEL8 base Box in the local vagrant environment

On a new location in your Computer, Initialize the current directory to be a Vagrant environment and populate our

target online RedHat8 base box in the created Vagrantfile.

- Open a cmd box in your system and run the following commands

D:\VM\vagrant> vagrant init generic/rhel8

- Startup the vm

D:\VM\vagrant> vagrant up

- Stop the vm and attach the RHEL8 iso file to the optical drive in VirtualBox

D:\VM\vagrant> vagrant halt

- Restart the vm

D:\VM\vagrant> vagrant up

2. Create a local yum repository

[root@linuxtechi-rhel8 ~]# mount /dev/cdrom /media

[root@linuxtechi-rhel8 ~]# vi /etc/yum.repos.d/rhel8.repo     

[InstallMedia-BaseOS]                                                        
name=Red Hat Enterprise Linux 8 - BaseOS                                     
metadata_expire=-1                                                           
gpgcheck=0                                                                   
enabled=1                                                                    
baseurl=file:///media/BaseOS/                                                

[InstallMedia-AppStream]                                                     
name=Red Hat Enterprise Linux 8 - AppStream                                  
metadata_expire=-1                                                           
gpgcheck=0                                                                   
enabled=1                                                                    
baseurl=file:///media/AppStream/

**2.1: If you don't have the .iso file at your disposal you can use the Online RedHat 8 beta repository to build your
repo (see below text ). Otherwise skip to next step.

[root@linuxtechi-rhel8 ~]# vi /etc/yum.repos.d/rhel8.repo     
[rhel-8-for-x86_64-baseos-beta-rpms]
name = Red Hat Enterprise Linux 8 for x86_64 - BaseOS Beta (RPMs)
baseurl = https://downloads.redhat.com/redhat/rhel/rhel-8-beta/baseos/x86_64/
enabled = 1
gpgcheck = 0

[rhel-8-for-x86_64-appstream-beta-rpms]
name = Red Hat Enterprise Linux 8 for x86_64 - AppStream Beta (RPMs)
baseurl = https://downloads.redhat.com/redhat/rhel/rhel-8-beta/appstream/x86_64/
enabled = 1
gpgcheck = 0

- Remove the Red Hat subscription warning (unable to read consumer identity)

[root@linuxtechi-rhel8 ~]# vi /etc/yum/pluginconf.d/subscription-manager.conf
[main]
enabled=0

- Clean subscription data

[root@linuxtechi-rhel8 ~]# subscription-manager clean
Clear the repository cache by running the following command.
[root@linuxtechi-rhel8 ~]# dnf clean all  -- or yum clean all

- Verify whether Yum / DNF is getting packages from Local Repo

[root@linuxtechi-rhel8 ~]# dnf/yum repolist
Red Hat Enterprise Linux 8 - AppStream      7.1 MB/s | 5.3 MB     00:00
Red Hat Enterprise Linux 8 - BaseOS          24 MB/s | 2.2 MB     00:00

Last metadata expiration check: 0:00:02 ago on Fri 23 Aug 2019 03:40:20 PM UTC.
repo id                  reponame                                status
InstallMedia-AppStream       Red Hat Enterprise Linux 8 - AppStream     4,672
InstallMedia-BaseOS          Red Hat Enterprise Linux 8 - BaseOS        1,658

- Download and Install the 19c preinstall rpm package provided by oracle: Same goes for any oracle preinstall version

[root@linuxtechi-rhel8 ~]# curl -o oracle-database-preinstall-19c-1.0-1.el7.x86_64.rpm https://yum.oracle.com/repo/OracleLinux/OL7/latest/x86_64/getPackage/oracle-database-preinstall-19c-1.0-1.el7.x86_64.rpm

[root@linuxtechi-rhel8 ~]# yum -y localinstall oracle-database-preinstall-19c-1.0-1.el7.x86_64.rpm

Error:
  Problem: conflicting requests
 - nothing provides compat-libcap1 needed by oracle-database-preinstall-19c-1.0-1.el7
 - nothing provides compat-libstdc++-33 needed by oracle-database-preinstall-19c-1.0-1.el7

Solution: The above error occurred because the two mentioned rpms were missing from Red Hat 8 package base. We will
have to install them manually before the 19c preinstall package.

[root@linuxtechi-rhel8]# curl -o compat-libstdc++-33-3.2.3-72.el7.x86_64.rpm https://yum.oracle.com/repo/OracleLinux/OL7/latest/x86_64/getPackage/compat-libstdc++-33-3.2.3-72.el7.x86_64.rpm
[root@linuxtechi-rhel8 ~]# curl -o compat-libcap1-1.10-7.el7.x86_64.rpm https://yum.oracle.com/repo/OracleLinux/OL7/latest/x86_64/getPackage/compat-libcap1-1.10-7.el7.x86_64.rpm 

[root@linuxtechi-rhel8]# rpm -ivh compat-libstdc++-33-3.2.3-72.el7.x86_64.rpm
[root@linuxtechi-rhel8]# rpm -ivh compat-libcap1-1.10-7.el7.x86_64.rpm

- Rerun yum Install on the 19c preinstall package

-- 
[root@linuxtechi-rhel8 ~]# yum -y localinstall oracle-database-preinstall-19c-1.0-1.el7.x86_64.rpm 
Installed products updated.
Installed:
oracle-database-preinstall-19c-1.0-1.el7.x86_64  
ksh-20120801-252.el8.x86_64                 libICE-1.0.9-13.el8.x86_64
libSM-1.2.3-1.el8.x86_64                    libX11-1.6.7-1.el8.x86_64                   
libX11-common-1.6.7-1.el8.noarch            libX11-xcb-1.6.7-1.el8.x86_64
libXau-1.0.8-13.el8.x86_64                  libXcomposite-0.4.4-14.el8.x86_64
libXext-1.3.3-9.el8.x86_64                  libXi-1.7.9-7.el8.x86_64                    libXinerama-1.1.4-1.el8.x86_64              libXmu-1.1.2-12.el8.x86_64
libXrandr-1.5.1-7.el8.x86_64                libXrender-0.9.10-7.el8.x86_64
libXt-1.1.5-8.el8.x86_64                    libXtst-1.2.3-7.el8.x86_64
libXv-1.0.11-7.el8.x86_64                   libXxf86dga-1.1.4-12.el8.x86_64
libXxf86misc-1.0.4-1.el8.x86_64             libXxf86vm-1.1.4-9.el8.x86_64
libdmx-1.1.4-3.el8.x86_64                   libxcb-1.13-5.el8.x86_64                    
xorg-x11-utils-7.5-28.el8.x86_64            xorg-x11-xauth-1:1.0.9-12.el8.x86_64
bc-1.07.1-5.el8.x86_64                      gssproxy-0.8.0-5.el8.x86_64
keyutils-1.5.10-6.el8.x86_64                libaio-devel-0.3.110-12.el8.x86_64          
libverto-libevent-0.3.0-5.el8.x86_64    nfs-utils-1:2.3.3-14.el8.x86_64     
quota-1:4.04-10.el8.x86_64                  quota-nls-1:4.04-10.el8.noarch
rpcbind-1.2.5-3.el8.x86_64                  smartmontools-1:6.6-3.el8.x86_64            
unzip-6.0-41.el8.x86_64

- Add few more packages that will be needed for future oracle installations and builds

# New for OL8/RHEL8
[root@rhel8 ~]# yum instal libnsl
# Other rpms
[root@rhel8 ~]# yum install bind sysstat unixODBC unixODBC-devel binutils zip dnsmasq

- Add the default Vagrant ssh public key to avoid having ssh access issues after packaging your box

[root@rhel8 ~]# wget --no-check-certificate https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub -O .ssh/authorized_keys
[root@rhel8 ~]# shutdown -h now

3. Package the box using Vagrant

Once the VM is created and the Vagrant configuration is complete, we can turn the VM into a Vagrant box using the "vagrant
package" command.

cd D:\VM
D:\VM> vagrant package --base rhel8 --output rhel8_ora.box
==> rhel8: Exporting VM...
==> rhel8: Compressing package to: D:/VM/rhel8_ora.box

- You can now add it locally to the list of available boxes.

D:\VM> vagrant box add D:/VM/rhel8_ora.box --name Scofieldd/rhel8_ora
==> box: Box file was not detected as metadata. Adding it directly...
==> box: Adding box 'scofieldd/rhel8_ora' (v0) for provider:
     box: Unpacking necessary files from: file:///D:/VM/rhel8_ora.box
     box: Progress: 100% (Rate: 437M/s, Estimated time remaining: --:--:--)
==> box: Successfully added box 'scofieldd/rhel8_ora' (v0) for 'virtualbox'!

- Check if the newly added base box is listed

D:\VM> vagrant box list
generic/rhel8       (virtualbox, 1.9.22)
rhel8               (virtualbox, 0)

II. Upload your custom Boxes via the Vagrant Cloud Web Interface :

   After you've created the .box file, these steps can be followed (the name is rhel8_ora and not
   rhel8_ora1) .

1. Go to the Create Box page and name the box and give it a simple description

   2. Create your first version for the box. This version must match the format [0-9].[0-9].[0-9]


   3. Create a release version and a provider for the box which is virtualbox.


    4. Upload the created rhel8_ora.box file for your provider (Virtualbox)

You can now find your new box in the Vagrant section of Vagrant Cloud.

To try this box just rerun the vagrant commands using the new box name (scofieldd/rhel8_ora) .

1. Initialise the vagrant file

D:\VM\vagrant> vagrant init scofieldd/rhel8_ora  
D:\VM\vagrant> vagrant up

I’ll share Oracle builds for this box in my next blog post. Stay tunned ;)

Monday, March 19, 2018

Restore standard naming of network interfaces on Red Hat enterprise linux 7

Disabling consistent network device naming

To disable The consistent network device naming feature and create your own manual ma,ing scheme ,for example eth0,internet0 or lan0. Follow the below steps so that all network device names will be eth followed by an integer.

Log in as root, or as a user with superuser privileges.
Edit the GRUB 2 general settings file.

Create a backup copy of the settings file.

# cp /etc/default/grub /etc/default/grub.bak

Open /etc/default/grub with a text editor.

Add kernel boot arguments to the value of the GRUB_CMDLINE_LINUX variable.

The arguments to add are biosdevname=0 and net.ifnames=0. Make sure the arguments are at the end and between the delimiter characters ("). .

GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet net.ifnames=0 biosdevname=0"

Save the file, and then close the text editor

Determine whether the host is configured for UEFI or legacy boot mode..
```
# find /boot -maxdepth 1 -type d
```

If the output includes /boot/efi, the host is configured for UEFI boot mode.
If the output does not include /boot/efi, the host is configured for legacy boot mode.

Recreate the GRUB 2 boot configuration file.

For UEFI boot mode:

# grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg

For legacy boot mode:

# grub2-mkconfig -o /boot/grub2/grub.cfg

Found linux image: /boot/vmlinuz-3.10.0-229.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-229.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-09377eb6cd424f3e802d04d64a5da531
Found initrd image: /boot/initramfs-0-rescue-09377eb6cd424f3e802d04d64a5da531.img
done

Change network device configurations.

Change directory to /etc/sysconfig/network-scripts.
```
# cd /etc/sysconfig/network-scripts
```
List the network device configuration files.
```
# ls ifcfg-* | grep -v ifcfg-lo
ifcfg-enp0s3
ifcfg-enp0s8
ifcfg-enp0s9
```
The ifcfg-lo file is excluded because it does not need to be changed.
Rename and edit device files.
For example, if you have a device file named ifcfg-eno16777736, use the mv command rename it to ifcfg-eth0,
```
# mv ifcfg-enp0s3 ifcfg-eth0 
# mv ifcfg-enp0s8 ifcfg-eth1 
# mv ifcfg-enp0s9 ifcfg-eth2
```
change the values of the NAME and DEVICE variables inside the file to eth0/1/2..

# vi ifcfg-eth0 
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=enp0s3   ---> change to eth0
UUID=54828c5b-65be-42b1-8b4e-07627c67487f
DEVICE=enp0s3 ---> change to eth0
ONBOOT=yes
IPADDR=192.168.78.51
PREFIX=24
DNS1=192.168.78.51
DNS2=192.168.78.52
DOMAIN=evilcorp.com
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_PRIVACY=no

Reboot the host.
You can confirme the configuration by runing network manager user interface (nmtui) or
the following commands :

# nmcli dev
DEVICE  TYPE      STATE      CONNECTION
eth0    ethernet  connected  eth0
eth1    ethernet  connected  eth1
eth2    ethernet  connected  eth2
lo      loopback  unmanaged  --

# nmcli con 
NAME  UUID                                  TYPE            DEVICE
eth0  54828c5b-65be-42b1-8b4e-07627c67487f  802-3-ethernet  eth0
eth2  04583597-c715-4ac5-954e-13dc748991a9  802-3-ethernet  eth2
eth1  2418c04d-4291-48e6-95d1-3de63cd58d6a  802-3-ethernet  eth1