Dietrich Schroff

Subscribe to Dietrich Schroff feed
Dietrich Schroffhttp://www.blogger.com/profile/18397485256708620180noreply@blogger.comBlogger489125
Updated: 1 month 2 weeks ago

Ubuntu Server: How to activate kernel dumps

Fri, 2019-06-21 14:25
If you are running ubuntu server, you can add kdump on your system to write kernel dumps in case of sudden reboots etc.

Installing is very easy:
root@ubuntuserver:/etc# apt install linux-crashdump
Reading package lists... Done
Building dependency tree      
Reading state information... Done
The following additional packages will be installed:
  binutils binutils-common binutils-x86-64-linux-gnu crash kdump-tools kexec-tools libbinutils libdw1 libsnappy1v5 makedumpfile
Suggested packages:
  binutils-doc
The following NEW packages will be installed:
  binutils binutils-common binutils-x86-64-linux-gnu crash kdump-tools kexec-tools libbinutils libdw1 libsnappy1v5 linux-crashdump makedumpfile
0 upgraded, 11 newly installed, 0 to remove and 43 not upgraded.
Need to get 2,636 B/5,774 kB of archives.
After this operation, 26.0 MB of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 linux-crashdump amd64 4.15.0.46.48 [2,636 B]
Fetched 2,636 B in 0s (28.1 kB/s)    
Preconfiguring packages ...
Selecting previously unselected package binutils-common:amd64.
(Reading database ... 66831 files and directories currently installed.)
Preparing to unpack .../00-binutils-common_2.30-21ubuntu1~18.04_amd64.deb ...
Unpacking binutils-common:amd64 (2.30-21ubuntu1~18.04) ...
Selecting previously unselected package libbinutils:amd64.
Preparing to unpack .../01-libbinutils_2.30-21ubuntu1~18.04_amd64.deb ...
Unpacking libbinutils:amd64 (2.30-21ubuntu1~18.04) ...
Selecting previously unselected package binutils-x86-64-linux-gnu.
Preparing to unpack .../02-binutils-x86-64-linux-gnu_2.30-21ubuntu1~18.04_amd64.deb ...
Unpacking binutils-x86-64-linux-gnu (2.30-21ubuntu1~18.04) ...
Selecting previously unselected package binutils.
Preparing to unpack .../03-binutils_2.30-21ubuntu1~18.04_amd64.deb ...
Unpacking binutils (2.30-21ubuntu1~18.04) ...
Selecting previously unselected package libsnappy1v5:amd64.
Preparing to unpack .../04-libsnappy1v5_1.1.7-1_amd64.deb ...
Unpacking libsnappy1v5:amd64 (1.1.7-1) ...
Selecting previously unselected package crash.
Preparing to unpack .../05-crash_7.2.1-1ubuntu2_amd64.deb ...
Unpacking crash (7.2.1-1ubuntu2) ...
Selecting previously unselected package kexec-tools.
Preparing to unpack .../06-kexec-tools_1%3a2.0.16-1ubuntu1_amd64.deb ...
Unpacking kexec-tools (1:2.0.16-1ubuntu1) ...
Selecting previously unselected package libdw1:amd64.
Preparing to unpack .../07-libdw1_0.170-0.4_amd64.deb ...
Unpacking libdw1:amd64 (0.170-0.4) ...
Selecting previously unselected package makedumpfile.
Preparing to unpack .../08-makedumpfile_1%3a1.6.3-2_amd64.deb ...
Unpacking makedumpfile (1:1.6.3-2) ...
Selecting previously unselected package kdump-tools.
Preparing to unpack .../09-kdump-tools_1%3a1.6.3-2_amd64.deb ...
Unpacking kdump-tools (1:1.6.3-2) ...
Selecting previously unselected package linux-crashdump.
Preparing to unpack .../10-linux-crashdump_4.15.0.46.48_amd64.deb ...
Unpacking linux-crashdump (4.15.0.46.48) ...
Processing triggers for ureadahead (0.100.0-20) ...
Setting up libdw1:amd64 (0.170-0.4) ...
Setting up kexec-tools (1:2.0.16-1ubuntu1) ...
Generating /etc/default/kexec...
Setting up binutils-common:amd64 (2.30-21ubuntu1~18.04) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Setting up makedumpfile (1:1.6.3-2) ...
Setting up libsnappy1v5:amd64 (1.1.7-1) ...
Processing triggers for systemd (237-3ubuntu10.12) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Setting up libbinutils:amd64 (2.30-21ubuntu1~18.04) ...
Setting up kdump-tools (1:1.6.3-2) ...

Creating config file /etc/default/kdump-tools with new version
Sourcing file `/etc/default/grub'
Sourcing file `/etc/default/grub.d/50-curtin-settings.cfg'
Sourcing file `/etc/default/grub.d/kdump-tools.cfg'
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-4.15.0-45-generic
Found initrd image: /boot/initrd.img-4.15.0-45-generic
done
Created symlink /etc/systemd/system/multi-user.target.wants/kdump-tools.service → /lib/systemd/system/kdump-tools.service.
Setting up linux-crashdump (4.15.0.46.48) ...
Setting up binutils-x86-64-linux-gnu (2.30-21ubuntu1~18.04) ...
Setting up binutils (2.30-21ubuntu1~18.04) ...
Setting up crash (7.2.1-1ubuntu2) ...
Processing triggers for ureadahead (0.100.0-20) ...
Processing triggers for libc-bin (2.27-3ubuntu1) ...
Processing triggers for systemd (237-3ubuntu10.12) ...
Within the installation you have to answer these questions:


After the installation the following parameter is added to the kernel cmdline:
grep -r crash /boot* |grep cfg
/boot/grub/grub.cfg:        linux    /boot/vmlinuz-4.15.0-46-generic root=UUID=a83c2a94-91c4-461a-b6a4-c7a81422a857 ro  maybe-ubiquity crashkernel=384M-:128M
/boot/grub/grub.cfg:            linux    /boot/vmlinuz-4.15.0-46-generic root=UUID=a83c2a94-91c4-461a-b6a4-c7a81422a857 ro  maybe-ubiquity crashkernel=384M-:128M
with
crashkernel=:[,:,...][@offset]
range=start-[end] 'start' is inclusive and 'end' is exclusive

The configuration is done via /etc/default/kdump-tools. Here the parameter to control the directory to dump the core into:

cat /etc/default/kdump-tools  |grep DIR
# KDUMP_COREDIR - local path to save the vmcore to.
KDUMP_COREDIR="/var/crash"
Next step is to reboot and verify the kernel cmdline.

#cat /proc/cmdline 
BOOT_IMAGE=/boot/vmlinuz-4.15.0-46-generic root=UUID=a83c2a94-91c4-461a-b6a4-c7a81422a857 ro maybe-ubiquity crashkernel=384M-:128M


To get a coredump just use the following commands:
root@ubuntuserver:/etc# sysctl -w kernel.sysrq=1
kernel.sysrq = 1
root@ubuntuserver:/etc# echo c > /proc/sysrq-trigger

Google Jamboard ?!

Sun, 2019-06-09 04:24
By reorganising my Google drive i ran into "Jamboard"...
This is a tiny Google web application, where you can do some fast sketches but the functionality is really limited:








Ubuntu Server: eBook

Sat, 2019-06-01 09:31
For testing waagent (Microsoft Azure Linux Guest Agent) i downloaded Ubuntu Server. Ubuntu advertised an ebook for administrators:

Here the short summary from this webpage:

Server provisioning: what Network Admins and IT pros need to knowThis document is designed to help system administrators and DevOps focused organisations to understand bare metal server provisioning, understand its value proposition, and learn about how leading companies are using server provisioning solutions within their hyperscale environments.
Canonical’s MAAS helps organisations to take full advantage of existing hardware investments by maximising hardware efficiency, and a pathway to leverage the performance and security of hardware based solutions with the economics and efficiencies of the cloud.With MAAS = Metal As A Service

The eBook contains 6 chapters on 20 pages:
  1. Executive summary
  2. Cloud speed with bare metal reliability and efficiency 
  3. Get the most out of your hardware investment
  4. How the smartest IT Pros let software do the work
  5. Make hardware investments more strategic 
  6. Conclusion
Ubuntus MAAS is the idea to create your own cloud with your own metal. Its about the automation of installing and provisioning hardware. There are region controllers (regiond) and rack controllers (rackd) which will manage your systems by using DNS, DHCP, PXE, TFTP and some others...
They are introducing availibility zones like they exist in Amazon Web Services or Microsoft Azure:
 If you are interested take a look here:


Get started with MAAS
To download and install MAAS for free please visit
ubuntu.com/download/server/provisioning

Oracle JDeveloper: Is this IDE dead? Are there new releases?

Fri, 2019-05-24 12:22
Some weeks ago i read the Java Magazine (http://www.javamagazine.mozaicreader.com)

They report from a survay taken place in 2018 about Java. One of the questions was which application server do you use in production:

This was not really amazing.
But the question about the IDE gave a really surprising result:



More developers use IntelliJ than Eclipse?
Not really surprising was the usage of Oracle's JDeveloper: Only 1% of the developers use this tool.

You have to keep in mind, that with using Oracle's SOA Suite / BPEL / ESB you are forced to use JDeveloper - which means this SOA stuff is not used by many people out there.

If you take a look on the Oracle homepage you will find:


The last version was released in august 2017 - this does look like living software.

For architects and consultants JDeveloper can be very useful because it has a very nice visualization of XSDs and XSLTs (Take a look here). So hopefully JDeveloper will stay alive...

Wireguard: Status information / using the wg command

Fri, 2019-05-10 14:10

After the installation of wireguard on two servers i shut down the secondary server and after 4h i did the wg command:
root@zerberus:~# wg
interface: wg0
  public key: XXX=
  private key: (hidden)
  listening port: 46932

peer: YYY=
  endpoint: 192.168.178.54:35891
  allowed ips: 10.0.0.2/32
  latest handshake: 4 hours, 19 minutes, 2 seconds ago
  transfer: 348 B received, 436 B sent
With the "ip addr" command there is nothing really interesting:
root@zerberus:~# ip addr show wg0
5: wg0: mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none
    inet 10.0.0.1/24 scope global wg0
       valid_lft forever preferred_lft forever
Just to get some information about the "wg" command:
root@zerberus:~# wg help
Usage: wg []

Available subcommands:
  show: Shows the current configuration and device information
  showconf: Shows the current configuration of a given WireGuard interface, for use with `setconf'
  set: Change the current configuration, add peers, remove peers, or change peers
  setconf: Applies a configuration file to a WireGuard interface
  addconf: Appends a configuration file to a WireGuard interface
  genkey: Generates a new private key and writes it to stdout
  genpsk: Generates a new preshared key and writes it to stdout
  pubkey: Reads a private key from stdin and writes a public key to stdout
You may pass `--help' to any of these subcommands to view usage.
and one more example:
root@zerberus:~# wg showconf wg0

[Interface]
ListenPort = 46932
PrivateKey = TTT=

[Peer]
PublicKey = XXX=
AllowedIPs = 10.0.0.2/32
Endpoint = 192.168.178.54:35891


firefox extension do not work anymore....

Sat, 2019-05-04 02:39
Today some of my extensions stopped to work and a reinstall failed due to "Download failed. Please check your connection.":

There is an article about this issue, which says, that this is due to an expired certificate:
https://www.bleepingcomputer.com/news/software/firefox-addons-being-disabled-due-to-an-expired-certificate/

The workarounds stated there, do not work for my extensions, so i have to wait, that firefox gets a solution (and a new certificate).

For all others with this problem: Do not deinstall your extensions (like i did) - just wait...

Edit: Here the statement from mozilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1548973
On twitter i found this nice comment

Edit: For latest infos read https://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/

Wireguard: Installation & configuration

Fri, 2019-05-03 04:31
To install wireguard i followed this instruction.
First step is to add the repository to your machine:

root@zerberus:~# add-apt-repository ppa:wireguard/wireguard
 WireGuard is a novel VPN that runs inside the Linux Kernel. This is the Ubuntu packaging for WireGuard. More info may be found at its website, listed below.

More info: https://www.wireguard.com/
Packages: wireguard wireguard-tools wireguard-dkms

Install with: $ apt install wireguard

For help, please contact
 Mehr Informationen: https://launchpad.net/~wireguard/+archive/ubuntu/wireguard
[ENTER] drücken zum Weitermachen oder Strg-c, um das Hinzufügen abzubrechen.

OK:1 http://de.archive.ubuntu.com/ubuntu bionic InRelease
OK:2 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic InRelease                                
OK:3 https://packages.microsoft.com/repos/azure-cli bionic InRelease                                                               
OK:4 http://ppa.launchpad.net/yannubuntu/boot-repair/ubuntu bionic InRelease                                                       
Paketlisten werden gelesen... Fertig               
Then the installion:

root@zerberus:~# apt install wireguard
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.      
Statusinformationen werden eingelesen.... Fertig
Die folgenden Pakete wurden automatisch installiert und werden nicht mehr benötigt:
  btrfs-tools geoip-database-extra libcryptui0a libjs-openlayers seahorse-daemon
Verwenden Sie »apt autoremove«, um sie zu entfernen.
Die folgenden zusätzlichen Pakete werden installiert:
  wireguard-dkms wireguard-tools
Die folgenden NEUEN Pakete werden installiert:
  wireguard wireguard-dkms wireguard-tools
0 aktualisiert, 3 neu installiert, 0 zu entfernen und 1 nicht aktualisiert.
Es müssen 640 kB an Archiven heruntergeladen werden.
Nach dieser Operation werden 4.814 kB Plattenplatz zusätzlich benutzt.
Möchten Sie fortfahren? [J/n]
Holen:1 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic/main amd64 wireguard-dkms all 0.0.20190123-wg1~bionic [551 kB]
Holen:2 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic/main amd64 wireguard-tools amd64 0.0.20190123-wg1~bionic [85,2 kB]
Holen:3 http://ppa.launchpad.net/wireguard/wireguard/ubuntu bionic/main amd64 wireguard all 0.0.20190123-wg1~bionic [4.136 B]
Es wurden 640 kB in 0 s geholt (1.307 kB/s).
Vormals nicht ausgewähltes Paket wireguard-dkms wird gewählt.
(Lese Datenbank ... 471444 Dateien und Verzeichnisse sind derzeit installiert.)
Vorbereitung zum Entpacken von .../wireguard-dkms_0.0.20190123-wg1~bionic_all.deb ...
Entpacken von wireguard-dkms (0.0.20190123-wg1~bionic) ...
Vormals nicht ausgewähltes Paket wireguard-tools wird gewählt.
Vorbereitung zum Entpacken von .../wireguard-tools_0.0.20190123-wg1~bionic_amd64.deb ...
Entpacken von wireguard-tools (0.0.20190123-wg1~bionic) ...
Vormals nicht ausgewähltes Paket wireguard wird gewählt.
Vorbereitung zum Entpacken von .../wireguard_0.0.20190123-wg1~bionic_all.deb ...
Entpacken von wireguard (0.0.20190123-wg1~bionic) ...
wireguard-dkms (0.0.20190123-wg1~bionic) wird eingerichtet ...
Loading new wireguard-0.0.20190123 DKMS files...
Building for 4.17.0-rc3
Building initial module for 4.17.0-rc3
Secure Boot not enabled on this system.
Done.

wireguard:
Running module version sanity check.
 - Original module
   - No original module exists within this kernel
 - Installation
   - Installing to /lib/modules/4.17.0-rc3/updates/dkms/

depmod.....

DKMS: install completed.
wireguard-tools (0.0.20190123-wg1~bionic) wird eingerichtet ...
wireguard (0.0.20190123-wg1~bionic) wird eingerichtet ...
Trigger für man-db (2.8.3-2ubuntu0.1) werden verarbeitet ...
root@zerberus:~#
And then the configuration:
(i extracted the steps from the video here)
root@zerberus:~# wg genkey > /root/private.wireguard
Warning: writing to world accessible file.
Consider setting the umask to 077 and trying again.

root@zerberus:~# ls -l /root/
insgesamt 4
-rw-r--r-- 1 root root 45 Apr 27 18:55 private.wireguard

root@zerberus:~# cat /root/private.wireguard 
XXXYYYY....=
root@zerberus:~# wg pubkey  < /root/private.wireguard
ZZZAAAA...=

root@zerberus:~# ip link add wg0 type wireguard
root@zerberus:~# ip addr add 10.0.0.1/24 dev wg0
root@zerberus:~# wg set wg0 private-key /root/private.wireguard
root@zerberus:~# ip link set wg0 up

root@zerberus:~# ifconfig
....
wg0: flags=209  mtu 1420
        inet 10.0.0.1  netmask 255.255.255.0  destination 10.0.0.1
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
All the steps up to here, have to be done on both servers.
My setup was
  • server 1: "public ip" 192.168.178.39, vpn ip 10.0.0.1
    public wireguard key XXX
    wirguard port: 46932 (how to get this number, just move on)
  • server 2: "public ip" 192.168.178.54, vpn ip 10.0.0.2
    public wireguard key YYY
    wireguard port: 35891
 To get the public keys and the port number use this command:
root@zerberus:~# wg

interface: wg0
  public key: XXX
  private key: (hidden)
  listening port: 46932
Then use the ip, port and public key from the secondary server:
root@zerberus:~# wg set wg0 peer 23P8GMzwpnpaw38wEERXev1jJIQlkhB/lZB35wwXVD4= allowed-ips 10.0.0.2/32 endpoint 192.168.178.54:35891
Do the some on the secondary machine with the ip, port and public key from primary server.

And after that you can check with:
root@zerberus:~# ping 10.0.0.2

PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=47.0 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=63.8 ms
^C
--- 10.0.0.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 47.018/55.442/63.866/8.424 ms
I think this was much easier than setting up IPSec or OpenVPN.


Review at amazon: SAP Cloud Platform

Mon, 2019-04-29 13:47
Last week i read this book:
Before starting with the Oracle Cloud i wanted to read something other than AWS or Microsoft Azure. I was surprised at the completely different target of this cloud in respect to AWS and Azure. It is much more focused on business and business value - which is clearly one core domains of SAP.

This book contains a very well written introduction into cloud services - many other books could take this as an example. Very impressing are the over 120 mainly conceptional pictures - they make it much easier to understand the SAP Cloud Platform.

If you are interested, take a look at my review at amazon.de (like all my reviews: written in german ;-).

Oracle Database 19c (19.3) released!

Sat, 2019-04-27 13:59
And after nearly 3 months of waiting - Oracle released 19c:


First special feature: The rpm is still there and the release is only done for Linux and Oracle Solaris.

To get to the Linux download page just click here.



But the Grid Infrastructure is still not delivered as RPM package. :-(


Wireguard: An easy way to build VPNs

Sat, 2019-04-27 03:35
Last week i came across the following tool:

If you want to build up a VPN you can choose one of the following strategies:
  • based on IPSec
  • using TLS
(These two are the options to choose - of course there are some others...)

The nice thing with wireguard (from the linux point of view) is, that the wireguard interfaces are handled like all other  network interfaces on your device.

If you are really interested in this way, you should read the whitepaper. Here some excerpts:

... IPSec ... updating these data structures based on the results of a key exchange, generally done with IKEv2 [13], itself a complicated protocol with much choice and malleability. The complexity, as well as the sheer amount of code, of this solution is considerable. Administrators have a completely separate set of firewalling semantics and secure labeling for IPsec packets.... based solution that uses TLS. By virtue of it being in user space, it has very poor performance—since packets must be copied multiple times between kernel space and user space—and a long-lived daemon is required; OpenVPN appears far from stateless to an administrator. A WireGuard interface,wg0, can be added and configured to have a tunnelIP address of10.192.122.3in a/24subnet with the standard ip(8)utilities...One design goal of WireGuard is to avoid storing any state prior to authentication and to not send any responses to unauthenticated packets. With no state stored for unauthenticated packets, and with no response generated,WireGuard is invisible to illegitimate peers and network scanners. Several classes of attacks are avoided bynot allowing unauthenticated packets to influence any state. And more generally, it is possible to implement WireGuard in a way that requires no dynamic memory allocation at all, even for authenticated packets, as explained in section 7.So next step is to install this VPN solution and see, if the administration is really so easy as promised...

Oracle VM Server: Working with ovm cli

Fri, 2019-04-19 06:01
After getting the ovmcli run, here some commands which are quite helpful, when you are working with Oracle VM server.
But first:
Starting the ovmcli is done via
ssh admin@localhost -p 10000
at the OVM Manager.

After that you can get some overviews:
OVM> list server
Command: list server
Status: Success
Time: 2019-01-25 06:56:55,065 EST
Data:
  id:18:e2:a6:9d:5c:b6:48:3a:9b:d2:b0:0f:56:7e:ab:e9  name:oraclevm
OVM> list vm
Command: list vm
Status: Success
Time: 2019-01-25 06:56:57,357 EST
Data:
  id:0004fb0000060000fa3b1b883e717582  name:myAlpineLinux
OVM> list ServerPool
Command: list ServerPool
Status: Success
Time: 2019-01-25 06:57:12,165 EST
Data:
  id:0004fb0000020000fca85278d951ce27  name:MyServerPool
A complete list of all list commands can be obtained like this:
OVM> list ?
          AccessGroup
          AntiAffinityGroup
          Assembly
          AssemblyVirtualDisk
          AssemblyVm
          BondPort
          ControlDomain
          Cpu
          CpuCompatibilityGroup
          FileServer
          FileServerPlugin
          FileSystem
          Job
          Manager
          Network
          PeriodicTask
          PhysicalDisk
          Port
          Repository
          RepositoryExport
          Server
          ServerController
          ServerPool
          ServerPoolNetworkPolicy
          ServerUpdateGroup
          ServerUpdateRepository
          StorageArray
          StorageArrayPlugin
          StorageInitiator
          Tag
          VirtualAppliance
          VirtualApplianceVirtualDisk
          VirtualApplianceVm
          VirtualCdrom
          VirtualDisk
          VlanInterface
          Vm
          VmCloneCustomizer
          VmCloneNetworkMapping
          VmCloneStorageMapping
          VmDiskMapping
          Vnic
          VolumeGroup
An overview which kind of command can be used like list:
OVM> help
For Most Object Types:
    create [(attribute1)="value1"] ... [on ]
    delete
    edit   (attribute1)="value1" ...
    list
    show
For Most Object Types with Children:
    add to
    remove from
Client Session Commands:
    set alphabetizeAttributes=[Yes|No]
    set commandMode=[Asynchronous|Synchronous]
    set commandTimeout=[1-43200]
    set endLineChars=[CRLF,CR,LF]
    set outputMode=[Verbose,XML,Sparse]
    showclisession
Other Commands:
    exit
    showallcustomcmds
    showcustomcmds
    showobjtypes
    showversion
If you want to get you vm.cfg file, you can use the id from "list vm" and type:
OVM> getVmCfgFileContent Vm id=0004fb0000060000fa3b1b883e717582
Command: getVmCfgFileContent Vm id=0004fb0000060000fa3b1b883e717582
Status: Success
Time: 2019-01-25 06:59:46,875 EST
Data:
  OVM_domain_type = xen_pvm
  bootargs =
  disk = [file:/OVS/Repositories/0004fb0000030000dad74d9c43176d2e/ISOs/0004fb0000150000226a713414eaa501.iso,xvda:cdrom,r,file:/OVS/Repositories/0004fb0000030000dad74d9c43176d2e/VirtualDisks/0004fb0000120000f62a7bba83063840.img,xvdb,w]
  bootloader = /usr/bin/pygrub
  vcpus = 1
  memory = 512
  on_poweroff = destroy
  OVM_os_type = Other Linux
  on_crash = restart
  cpu_weight = 27500
  OVM_description =
  cpu_cap = 0
  on_reboot = restart
  OVM_simple_name = myAlpineLinux
  name = 0004fb0000060000fa3b1b883e717582
  maxvcpus = 1
  vfb = [type=vnc,vncunused=1,vnclisten=127.0.0.1,keymap=en-us]
  uuid = 0004fb00-0006-0000-fa3b-1b883e717582
  guest_os_type = linux
  OVM_cpu_compat_group =
  OVM_high_availability = false
  vif = []
Very helpful is the Oracle documentation (here).


Oracle Database 19c download

Wed, 2019-04-17 15:20
In january 2019 Oracle released the documentation for Oracle Database 19c.

More than 7 weeks later there is still nothing at https://www.oracle.com/downloads/:


The gap between release date of the documentation and the on premises software was for 18c not so long...

Will 19c on premises software be released before may? Or later in summer?

AWS: Accessing S3 buckets from the internet and from ec2 instances (2)

Wed, 2019-04-10 12:42
After accessing a S3 bucket from an ec2 instance by adding an IAM role to my EC2 instance, i tried to get the access from an ec2 instance by using a AWS endpoint.

First step: Launch an ec2 instance within your VPC and try to access your S3 bucket:

[ec2-user@ip-172-31-30-93 ~]$ wget https://s3-eu-west-1.amazonaws.com/my.webtest/website.json
--2019-02-02 18:29:28--  https://s3-eu-west-1.amazonaws.com/my.webtest/website.json
Auflösen des Hostnamen »s3-eu-west-1.amazonaws.com (s3-eu-west-1.amazonaws.com)«... 52.218.16.244
Verbindungsaufbau zu s3-eu-west-1.amazonaws.com (s3-eu-west-1.amazonaws.com)|52.218.16.244|:443... verbunden.
HTTP-Anforderung gesendet, warte auf Antwort... 403 Forbidden
2019-02-02 18:29:28 FEHLER 403: Forbidden.

Second step: change the bucket policy to this:

{
    "Version": "2012-10-17",
    "Id": "Policy1119991119999",
    "Statement": [
        {
            "Sid": "Access-to-specific-VPC-only",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "*",
            "Resource": [
                "arn:aws:s3:::my.webtest",
                "arn:aws:s3:::my.webtest/*"
            ],
            "Condition": {
                "StringEquals": {
                    "aws:sourceVpc": "vpc-12e0cc74"
                }
            }
        }
    ]
}
The access to the bucket is still forbidden. So next step is to add the endpoint:
Goto VPC -> endpoint:
And then choose the following:



(Here you have to select your route table ID!!!)

After that everything works like expected:
[ec2-user@ip-172-31-30-93 ~]$ wget https://s3-eu-west-1.amazonaws.com/my.webtest/website.json
--2019-02-02 18:29:51--  https://s3-eu-west-1.amazonaws.com/my.webtest/website.json
Auflösen des Hostnamen »s3-eu-west-1.amazonaws.com (s3-eu-west-1.amazonaws.com)«... 52.218.53.66
Verbindungsaufbau zu s3-eu-west-1.amazonaws.com (s3-eu-west-1.amazonaws.com)|52.218.53.66|:443... verbunden.
HTTP-Anforderung gesendet, warte auf Antwort... 200 OK
Länge: 130 [application/json]
In »»website.json.1«« speichern.

100%[===============================================================================================================>] 130         --.-K/s   in 0s     

2019-02-02 18:29:51 (5,28 MB/s) - »»website.json.1«« gespeichert [130/130]

Oracle VM Server: OVM CLI via ssh admin@localhost -p 10000 does not work

Sat, 2019-04-06 04:57

In my Oracle VM server installation the ovmcli refuses to work:
ssh -l admin localhost -p 10000 

Connection to localhost closed by remote host.

Connection to localhost closed.
There some workarounds like:
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss -l  admin localhost -p 10000
But the result is the same.

Here a debug output from ssh -v:
[root@oraVMManager mnt]# ssh -l admin localhost -p 10000  -v
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to localhost [::1] port 10000.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version ${POM.ARTIFACTID}-${POM.VERSION}
debug1: no match: ${POM.ARTIFACTID}-${POM.VERSION}
debug1: Authenticating to localhost:10000 as 'admin'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: diffie-hellman-group1-sha1
debug1: kex: host key algorithm: ssh-dss
debug1: kex: server->client cipher: aes128-cbc MAC: hmac-sha1 compression: none
debug1: kex: client->server cipher: aes128-cbc MAC: hmac-sha1 compression: none
debug1: kex: diffie-hellman-group1-sha1 need=20 dh_need=20
debug1: kex: diffie-hellman-group1-sha1 need=20 dh_need=20
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Server host key: ssh-dss SHA256:E6FYsSD9om4ChxJT17vBGUyqHmz3kLLAIxxJZlYjJCM
debug1: Host '[localhost]:10000' is known and matches the DSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: password,publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/admin
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to localhost ([::1]:10000).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: Sending environment.
debug1: Sending env LANG = de_DE.UTF-8
debug1: channel 0: free: client-session, nchannels 1
Connection to localhost closed by remote host.
Connection to localhost closed.
Transferred: sent 3224, received 1432 bytes, in 0.0 seconds
Bytes per second: sent 2461309.8, received 1093236.9
debug1: Exit status -1

The solution was:
Upgrade the OVM Manager (take a look here)

And then:
ssh -l admin localhost -p 10000  -v
SHA256:pidDB23XNyVHE55Q7GJ+9uqJvBfoR3B1lm02gdYeus8
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:pidDB23XNyVHE55Q7GJ+9uqJvBfoR3B1lm02gdYeus8.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending DSA key in /root/.ssh/known_hosts:1
RSA host key for [localhost]:10000 has changed and you have requested strict checking.
Host key verification failed.
Ok - this was not expected, but the upgrade changed the host key.

But after removing that line from the known_hosts file:
[root@oraVMManager mnt]# ssh -l admin localhost -p 10000  
OVM> list server
Command: list server
Status: Success
Time: 2019-01-25 05:52:14,849 EST
Data:
  id:18:e2:a6:9d:5c:b6:48:3a:9b:d2:b0:0f:56:7e:ab:e9  name:oraclevm
OVM> ?
     add
     create
     delete
     edit
     embeddedcreate
     embeddeddelete
     embeddededit
     exit
     help
     list
     remove
     set
     show
     showallcustomcmds
     showclisession
     showcustomcmds
     showobjtypes
     showversion




review at amazon: Azure for Architects

Sun, 2019-03-31 10:31
This weekend i read "Azure for Architects - Implementing cloud design, DevOps, containers, IoT and serverless solutions on your public cloud".


After i had some trouble to publish my review on amazon.de and i put in onto my blog (take a look here), i wrote a smaller review only about 2 chapters. And this worked...

One statement i liked, was:
This is not only true for security, but sometimes it is important to state the obvious.

If you are interested, take a look at my review at amazon.de (like all my reviews: written in german ;-).

Microsoft Azure: Adding user requires more work as expected

Sat, 2019-03-23 02:49
Just to try some things in Microsoft Azure i wanted to add an additional user to my test account. But this was not so easy:

Go to "Azure Active Directory" and "Users":

 

 But then:

I thought this is not really a problem, because openesb.eu is my domain, so let's try to verify this one:


The problem is, that i am not able to change this settings. So i tried, if i am lucky, but:
So only way to add users in such a minimal setup, is to add accounts from live.com etc..

Microsoft Azure: How to use waagent (Microsoft Azure Linux Agent)

Sat, 2019-03-16 15:35
After installation waagent on my ubunu server, i tried to use this tool.
First guess was to read the manpages, but there is no entry for waagent:
root@ubuntuserver:~# man waagent
No manual entry for waagent
See 'man 7 undocumented' for help when manual pages are not available.So for documentation you have to visit the Microsoft Azure portal:
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/agent-linux



Here are some commands i tried:
root@ubuntuserver:~# waagent -show-configuration
AutoUpdate.Enabled = True
AutoUpdate.GAFamily = Prod
Autoupdate.Frequency = 3600
CGroups.EnforceLimits = False
CGroups.Excluded = customscript,runcommand
DVD.MountPoint = /mnt/cdrom/secure
DetectScvmmEnv = False
EnableOverProvisioning = True
Extension.LogDir = /var/log/azure
Extensions.Enabled = True
HttpProxy.Host = None
HttpProxy.Port = None
Lib.Dir = /var/lib/waagent
Logs.Verbose = False
OS.AllowHTTP = False
OS.CheckRdmaDriver = False
OS.EnableFIPS = False
OS.EnableFirewall = True
OS.EnableRDMA = False
OS.HomeDir = /home
OS.OpensslPath = /usr/bin/openssl
OS.PasswordPath = /etc/shadow
OS.RootDeviceScsiTimeout = 300
OS.SshClientAliveInterval = 180
OS.SshDir = /etc/ssh
OS.SudoersDir = /etc/sudoers.d
OS.UpdateRdmaDriver = False
Pid.File = /var/run/waagent.pid
Provisioning.AllowResetSysUser = False
Provisioning.DecodeCustomData = False
Provisioning.DeleteRootPassword = True
Provisioning.Enabled = False
Provisioning.ExecuteCustomData = False
Provisioning.MonitorHostName = False
Provisioning.PasswordCryptId = 6
Provisioning.PasswordCryptSaltLength = 10
Provisioning.RegenerateSshHostKeyPair = False
Provisioning.SshHostKeyPairType = rsa
Provisioning.UseCloudInit = True
ResourceDisk.EnableSwap = False
ResourceDisk.Filesystem = ext4
ResourceDisk.Format = False
ResourceDisk.MountOptions = None
ResourceDisk.MountPoint = /mnt
ResourceDisk.SwapSizeMB = 0
or list all commands:
root@ubuntuserver:~# waagent -help
usage: /usr/sbin/waagent [-verbose] [-force] [-help] -configuration-path:-deprovision[+user]|-register-service|-version|-daemon|-start|-run-exthandlers|-show-configuration]


review: architecting microsoft azure solutions

Wed, 2019-03-13 15:15
Last week i read the exam ref "architecting microsoft azure solutions"

The book cover states
Designed for architects and other cloud professionals ready to advance their status, Exam Ref focuses on the critical thinking and decision-making acumen needed for success at the MCSA level. The book "Architecting Microsoft Azure Solutions" comes with 320 pages and 6 chapters. The claim of the book: "This book teaches you how to design and architect secure, highly-available, performant, monitored and resilient solutions on Azure".

The first chapter is "Design compute infrastructure". The beginning is clearly structured: Fault Domains, Availabilty Sets and Update Domains. Unfortunately, when listing the VM types, thera are various letters shown, but an explanation of the abbreviations of that letters is missing.
The sub-chapter Migration contains only many URLs. Helpful examples are not provided. The next subchapters serverless computing and microservices are not worth reading. It is not at all clear which requirements have to be met in order to build an application serverless or in a container. But there are many comparisons when serverless computing fits better than microservices.
The subchapter "Design Web Applications" loses itself in general considerations regarding availability and description of REST.
The biggest problem with Chapter 1 is that there is a lack of examples that allow the topics to be played through once. Also missing at the end of the chapter of the typical question catalog, with which one could prepare for an exam.

After chapter 1 I did not want to read any further - that would have been a mistake. For all who buy this book: skip Chapter 1!

The chapters 2 and 3 (Storage & Networking) are really good. They provide brief explanations and for every use case detailed instructions for the Azure command line or the portal including screenshots are presented. Both chapters are very well written and give an overview of the respective topics. Here is a list for the storage chapter: Blob Storage, Azure Files, Azure Disks, Azure Data Catalog, Azure Data Factory, SQL Data Warehouse, Data Lake Analytics, Analysis Services, HDInsight, SQL Database, SQL Server Stretch Database, MySQL, Postgresql , Redis Cache, Data Lake, Azure Search, Azure Time Series, Comsmos DB, MongoDB. There is no topic left open. The same applies to the network chapter.

Chapter 4 "Design security and identity solutions" is very well structured. All terms are introduced at the beginning and then various options with sequence diagrams are played through. Subsequently, the appropriate services such as Azure Active Directoy are introduced. Very nice here is the representation of the integration possibilities with ASP.Net. Otherwise, topics such as integration with Office 365 (calendar access) or key management in the cloud are highlighted.

The fifth chapter is, in my view, more an outlook: "Design solutions by using platform service". Here are the topics like AI, IoT, streaming treated. Here you can take with you, what is possible and what building blocks Azure provides.

The final chapter "Design for operations" deals with cross-functionalities such as monitoring and alarming. A wrapper for the following services will be delivered: Azure Monitor, Azure Advisor, Azure Service Health, Azure Activity Log, Azure Dashboard, Azure Metrics Explorer, Azure Alerts, Azure Log Analytics, Azure Application Insights. Almost every topic has an example including configuration via the Azure portal.

Conclusion: Except for the first chapter a very good book to get started. It is not good for exam preparation, as no questionnaires / multiple choice lists are included. It is a pity that the subchapters have no numbering and you have to navigate with the font sizes. Nevertheless, you will hardly find a faster entry into Azure.



Microsoft Azure: Administration of Virtual Networks / Diagrams

Thu, 2019-03-07 14:45
After creating my first vm on Microsoft Azure, i took a closer look at the dashboard - especially at the menu bar of the dashboard:
First point of interest was the menu item "virtual networks", which led me to the following overview:
Hm. A little bit strange, that the virtual networks just show up with a list of the resource groups (you have to create one - otherwise you are not able to launch a virtual machine). But after doing a click on the resource group, a nice overview to my virtual network was provided:

The menu bar in the middle contains the entry "diagram". So let's see, what kind of diagram Azure will present:

The green item represents the network interface card. The other three items stand for the virtual machine, the network security group and public ip address. The next three screenshots show the details you can obtain, by clicking on these icons:



Pages