Ubuntu : Repository URLs for ‘sources.list’ File

Before modifying the sources.list
- create a backup using: sudo cp /etc/apt/sources.list /etc/apt/sources.list.backup

To to change repository sources
- sudo vi /etc/apt/sources.list OR sudo vi /etc/apt/sources.list.d/ubuntu.sources (latest Ubuntu version)

Long-Term Support (LTS) Versions Repo URLs

Ubuntu 24.04 LTS “Noble Numbat”
Types: deb deb-src
URIs: http://us.archive.ubuntu.com/ubuntu/
Suites: noble noble-updates noble-backports noble-proposed
Components: main restricted universe multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
Types: deb deb-src
URIs: http://security.ubuntu.com/ubuntu/
Suites: noble-security
Components: main restricted universe multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg

Ubuntu 22.04 LTS “Jammy Jellyfish”
deb http://archive.ubuntu.com/ubuntu/ jammy main restricted universe multiverse
# deb-src http://archive.ubuntu.com/ubuntu/ jammy main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu/ jammy-updates main restricted universe multiverse
# deb-src http://archive.ubuntu.com/ubuntu/ jammy-updates main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu/ jammy-security main restricted universe multiverse
# deb-src http://archive.ubuntu.com/ubuntu/ jammy-security main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu/ jammy-backports main restricted universe multiverse
# deb-src http://archive.ubuntu.com/ubuntu/ jammy-backports main restricted universe multiverse
deb http://archive.canonical.com/ubuntu/ jammy partner
# deb-src http://archive.canonical.com/ubuntu/ jammy partner


Ubuntu 20.04 LTS “Focal Fossa”
deb http://archive.ubuntu.com/ubuntu/ focal main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu/ focal main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu/ focal-updates main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu/ focal-updates main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu/ focal-security main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu/ focal-security main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu/ focal-backports main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu/ focal-backports main restricted universe multiverse
deb http://archive.canonical.com/ubuntu focal partner
deb-src http://archive.canonical.com/ubuntu focal partner

Ubuntu 18.04 LTS “Bionic Beaver”
deb http://us.archive.ubuntu.com/ubuntu/ bionic main restricted
deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates main restricted
deb http://us.archive.ubuntu.com/ubuntu/ bionic universe
deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates universe
deb http://us.archive.ubuntu.com/ubuntu/ bionic multiverse
deb http://us.archive.ubuntu.com/ubuntu/ bionic-updates multiverse
deb http://us.archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu bionic-security main restricted
deb http://security.ubuntu.com/ubuntu bionic-security universe
deb http://security.ubuntu.com/ubuntu bionic-security multiverse

Ubuntu 16.04 LTS “Xenial Xerus”
deb http://archive.ubuntu.com/ubuntu xenial main
deb http://archive.ubuntu.com/ubuntu xenial-updates main
deb http://archive.ubuntu.com/ubuntu xenial restricted
deb http://archive.ubuntu.com/ubuntu xenial-updates restricted
deb http://archive.ubuntu.com/ubuntu xenial universe
deb http://archive.ubuntu.com/ubuntu xenial-updates universe
deb http://archive.ubuntu.com/ubuntu xenial multiverse
deb http://archive.ubuntu.com/ubuntu xenial-updates multiverse
deb http://archive.ubuntu.com/ubuntu xenial-security main
deb http://archive.ubuntu.com/ubuntu xenial-security restricted
deb http://archive.ubuntu.com/ubuntu xenial-security universe
deb http://archive.ubuntu.com/ubuntu xenial-security multiverse
deb http://archive.ubuntu.com/ubuntu xenial-backports main
deb http://archive.ubuntu.com/ubuntu xenial-backports restricted
deb http://archive.ubuntu.com/ubuntu xenial-backports universe
deb http://archive.ubuntu.com/ubuntu xenial-backports multiverse
deb http://archive.canonical.com/ubuntu xenial partner

Read More

Nutanix : Restart / Shutdown Cluster for Maintenance

Shutting Down an AHV Cluster for Maintenance

1. Shutdown all the user VMs in the Nutanix cluster.

2. Stop the Nutanix cluster. 

a. Stopping the Nutanix Cluster

• Log on to any Controller VM using SSH with the Nutanix credentials and run the following command to stop the Nutanix cluster: #cluster stop
• Confirm using that the command has stopped the services successfully before continuing : #cluster status

b. Shutting down the Controller VMs

• #cvm_shutdown –P now

3. Shut down each node in the cluster.

• Physically power off each AHV host or login to IPMI and manual power off the AHV

Powering on the nodes and cluster after a shutdown 

1. Physically power on each AHV host OR login to IPMI and manual power on the AHV

2. Start the cluster 

All Controller VMs start automatically after the node powers on. Wait approximately 5 minutes after the last node is powered on to allow services to begin.

• Log on to any one Controller VM in the cluster with SSH using Nutanix credentials.
• Start the Nutanix cluster by issuing the following command: #cluster start
• Confirm that the cluster services are running: #cluster status

3. Power on the guest VMs.

Read More

Nutanix : Reset Prism stuck/incomplete task

1. SSH to Cluster of CVM IP

2. Enter the following to list running/failed tasks

#ecli task.list include_completed=false

3. Enter the following to cancel required task

#ergon_update_task --task_uuid='ENTER_TASK_UUID_HERE' --task_status=succeeded

4. Enter “Y” – Remember you do so at you own risk

5. Enter the following to confirm task have been completed/failed

#ecli task.list include_completed=false 

Read More

Install Oracle Instant Client (oci8) for PHP5.6 on Ubuntu 22.04

*make sure php5.6 is already install

1. Install Basic and the SDK Instant Client packages. Download from OTN

Download version 12.1.0.2.0. This file is required:

• instantclient-basic-linux.x64-12.1.0.2.0.zip
• instantclient-sdk-linux.x64-12.1.0.2.0.zip

2. Install OCI8 version oci8-2.0.10. Download from pecl.php.net

3. Manual install OCI8 

#tar -xzf oci8-2.0.10.tgz
#cd oci8-2.0.10
#phpize
#./configure -with-oci8=share,instantclient,/usr/lib/oracle/12.1/client64/lib
#make install

4. Enable the ORACLE global variables

#export LD_LIBRARY_PATH=/usr/lib/oracle/12.1/client64/lib
#export ORACLE_HOME=/usr/lib/oracle/12.1/client64 

5. Enable oci8 in php5.6

• create file oci.ini in /etc/php/5.6/mods-available/
• add the extension=oci8.so to the oci.ini

6. Create symlink in php5.6 folder

#ln -s /etc/php/5.6/mods-available/oci.ini 20-oci.ini in folder /etc/php/5.6/cli/conf.d
#ln -s /etc/php/5.6/mods-available/oci.ini 20-oci.ini in folder /etc/php/5.6/fpm/conf.d

7. Validate that it was successfully installed.

#php -i | grep oci8 

Read More

SSL : Generating Single or Wildcard SSL CSR

** Must install OpenSSL on your system

1. Single-name SSL Certificates

# openssl req -new -newkey rsa:2048 -nodes -keyout abc.com.key -out abc.com.csr

After pressing enter, you’ll be prompted with the following:

- Country Name (2 letter code) : Use your 2 char country code
- State or Province Name (full name) : Use your current State
- Locality Name (eg, city): City name
- Organization Name (eg, company) : Company name
- Organizational Unit Name (eg, section) : Your team in the organization.
- Common Name (eg, fully qualified host name): Domain name
- Email Address : Your offical email address
- Password :Leave it blank.

2. Wildcard SSL Certificates

- Create a configuration file
# openssl.cnf

- Add parameter as below

[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no

[req_distinguished_name]
commonName = *.abc.com
countryName = MY
stateOrProvinceName = <state>
localityName = <city>
organizationName = <org.name>

[req_ext]
subjectAltName = @alt_names

[alt_names]
DNS.1=abc.com
DNS.2=*.abc.com

- Generate private key
#openssl genrsa -out private.key 2048

- Generate CSR
#openssl req -new -nodes -key abc.com.key -config openssl.cnf -out abc.com.csr


3.Verification of CSR
#openssl req -in abc.com.csr -noout -text

Read More

Prometheus and Grafana : Monitor MySQL/MariaDB

 1.Install MySQL Exporter
#curl -s https://api.github.com/repos/prometheus/mysqld_exporter/releases/latest   | grep browser_download_url   | grep linux-amd64 | cut -d '"' -f 4   | wget -qi -
#tar xvf mysqld_exporter*.tar.gz
#sudo mv  mysqld_exporter-*.linux-amd64/mysqld_exporter /usr/local/bin/
#sudo chmod +x /usr/local/bin/mysqld_exporter

2.Checking version of mysql exporter
#mysqld_exporter  --version

3.Create a user to collect the matrices of MySQL
#mysql -u root -p

CREATE USER 'mysqld_exporter'@'localhost' IDENTIFIED BY 'StrongPassword';
GRANT PROCESS, REPLICATION CLIENT, SELECT ON *.* TO 'mysqld_exporter'@'localhost';
FLUSH PRIVILEGES;
EXIT

4.Create database credentials file
#sudo vi /etc/.mysqld_exporter.cnf

[client]
user=mysqld_exporter
password=StrongPassword

5.Enable ownership permission
#chown root:prometheus /etc/.mysqld_exporter.cnf

6.Create a service for mysql exporter
#vi /etc/systemd/system/mysql_exporter.servic

[Unit]
Description=Prometheus MySQL Exporter
After=network.target
User=prometheus
Group=prometheus

[Service]
Type=simple
Restart=always
ExecStart=/usr/local/bin/mysqld_exporter \
--config.my-cnf /etc/.mysqld_exporter.cnf \
--collect.global_status \
--collect.info_schema.innodb_metrics \
--collect.auto_increment.columns \
--collect.info_schema.processlist \
--collect.binlog_size \
--collect.info_schema.tablestats \
--collect.global_variables \
--collect.info_schema.query_response_time \
--collect.info_schema.userstats \
--collect.info_schema.tables \
--collect.perf_schema.tablelocks \
--collect.perf_schema.file_events \
--collect.perf_schema.eventswaits \
--collect.perf_schema.indexiowaits \
--collect.perf_schema.tableiowaits \
--collect.slave_status \
--web.listen-address=0.0.0.0:9104

[Install]
WantedBy=multi-user.target

7.Enable and start the mysql exporter service
#systemctl daemon-reload
#systemctl enable mysql_exporter
#systemctl start mysql_exporter
#systemctl status mysql_exporter

8.Configure the endpoint in “Prometheus.yaml” file

# mysql exporter
  - job_name: "mysqld"
    metrics_path: '/metrics'
    scheme: http
    static_configs:
      - targets: ["X.X.X.X:9104"]

9.Import dashboard from Grafana.com with ID:7362

source : https://shrihariharidas73.medium.com/unlocking-database-insights-monitoring-mysql-with-prometheus-and-grafana-ddd2c4f01929

Read More

Prometheus and Grafana : Monitor NGINX

A: nginx configuration

1.Expose the stub_status page at /stub_status on port 8080

    server {
        listen 8080;
        server_name _;
    
        location /stub_status {
               stub_status;
        }
    }

2. Restart nginx
#systemctl restart nginx

3. Verification
#curl http://localhost:8080/stub_status

B: nginx-prometheus-exporter

1.Install nginx-prometheus-exporter
#git clone https://github.com/nginxinc/nginx-prometheus-exporter.git

2.Building the Binary. Change to nginx-prometheus-exporter folder
#dnf install go
#make

3.Move the nginx-prometheus-exporter binary to /usr/local/binary
#mv nginx-prometheus-exporter /usr/local/bin

4.Modify and create nginx_exporter.socket in /etc/systemd/system
#vi nginx_exporter.socket  (add below parameter)

[Unit]
Description=NGINX Prometheus Exporter

[Socket]
ListenStream=9113

[Install]
WantedBy=sockets.target

4.Modify and create nginx_exporter.service in /etc/systemd/system
#useradd nginx_exporter --shell=/sbin/nologin
#vi nginx_exporter.service  (add below parameter)

[Unit]
Description=NGINX Prometheus Exporter
Requires=nginx_exporter.socket

[Service]
User=nginx_exporter
ExecStart=/usr/local/bin/nginx-prometheus-exporter --nginx.scrape-uri="http://127.0.0.1:8080/stub_status" --web.systemd-socket

[Install]
WantedBy=multi-user.target

5.Run #systemctl daemon-reload
6.Run #systemctl start nginx_prometheus_exporter.service
7.Run #systemctl status nginx_prometheus_exporter.service
8. Verification
#curl http://localhost:9113/metrics

C:Promethues

1.Configure Prometheus to scrape metrics from the server with the exporter.
2.Edit /etc/prometheus/prometheus.yml
3.Add the scrape metric

## NGINX
  - job_name: nginx
    static_configs:
      - targets: ['10.X.X.X:9113']

4.Run systemctl restart prometheus.service
5.Run systemctl status prometheus.service

D:Grafana

1.Use the New Dashboard button and click Import.
2.Upload dashboard.json or copy and paste the contents of the file in the textbox and click Load.
https://github.com/nginxinc/nginx-prometheus-exporter/blob/main/grafana/dashboard.json
3.Set the Prometheus data source and click Import.
4.The dashboard will appear.By default, all instances are selected
5.Access Grafana dashboard

source : https://github.com/nginxinc/nginx-prometheus-exporter/tree/main

Read More

Letsencrypt : Generate Let’s Encrypt Wildcard SSL Certificate

1.Install Let’s Encrypt Certbot Tool
#sudo apt-get OR dnf install letsencrypt

2.Generate Let’s Encrypt Wildcard SSL Certificate
#sudo certbot certonly --manual --preferred-challenges=dns --email webmaster@example.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d example.com  -d *.example.com

3.Certificates are generated and can be downloaded from the following path
#/etc/letsencrypt/live/example.com/

4.Generate Let’ Encrypt SSL certificate Manually using the DNS record using Certbot
- Create a variable for your desired domain
#DOMAIN=example.com

- Request a certificate using Certbot
#certbot certonly --manual -d *.$DOMAIN -d $DOMAIN --agree-tos --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory --register-unsafely-without-email --rsa-key-size 4096

- A value for a new DNS record will prompt
--------------------------------------------------------------------
Please deploy a DNS TXT record under the name_acme-challenge.example.com with the following value:XXXXXXXXXXXXXXXXXXXXXXXXX
Before continuing, verify the record is deployed.
--------------------------------------------------------------------

- Copy and add the value into DNS server, add a new TXT record
_acme-challenge.iderc.my.    3600    IN    TXT    "XXXXXXXXXXXXXXXXXXXXXXXXX"

- Before Enter the second time check if records were deployed 

- Install Certificate and Key
key will generate in this folder /etc/letsencrypt/live/example.com

5.Generate Let’ Encrypt SSL certificate Manually using the http challenge using Certbot
- Create a variable for your desired domain
#DOMAIN=example.com

- Request a certificate using Certbot
#certbot certonly --manual --preferred-challenges http -d *.$DOMAIN -d $DOMAIN --agree-tos --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory --register-unsafely-without-email --rsa-key-size 4096

- After get an output, then need to create an index.html with the above string
/.well-known/acme-challenge/xxxxxxxxxxxxxxxxxxxxxxx/index.html

- Install Certificate and Key
key will generate in this folder /etc/letsencrypt/live/example.com

Read More

Nginx : Deploy Laravel

1.Install Laravel

2.Edit parament in Nginx configuration

server {
        server_name example.com;
        listen X.X.X.X;
        root /home/example/public_html/laravel/public; <- change the active laravel folder
        index index.php index.htm index.html;
        access_log /var/log/virtualmin/example.com_access_log;
        error_log /var/log/virtualmin/example.com_error_log;

        location = /favicon.ico { access_log off; log_not_found off; }
        location = /robots.txt  { access_log off; log_not_found off; }
       
        error_page 404 /index.php;
       
        location / {
                       index index.php index.html index.htm;
                       try_files $uri $uri/ /index.php$is_args$args;
        }

        location ~ "\.php(/|$)" {
            try_files $uri $fastcgi_script_name =404;
            default_type application/x-httpd-php;
            fastcgi_pass unix:/run/php-fpm/1713861882126181.sock;
        }

        fastcgi_split_path_info "^(.+\.php)(/.+)$";
        if ($host = example.com) {
            rewrite "^/(.*)$" "https://example.com/$1" redirect;
        }

        # SSL Certiticate
        listen X.X.X.X:443 ssl;
        ssl_certificate /home/example/ssl.cert;
        ssl_certificate_key /home/example/ssl.key;
        rewrite /awstats/awstats.pl /cgi-bin/awstats.pl;
    }
}

3.Test nginx configuration

#nginx -t 

4. Restart nginx services

#systemctl restart nginx

 

Read More

Rocky 9 : Permanently Disable SELinux

1.Check the Linux OS and Kernel versions
# cat /etc/rocky-release
# uname -r

2.Verify SELinux status.SELinux by default runs in Enforcing mode
# sestatus

3.To disable SELinux grubby command is required
#dnf install -y grubby

4.Execute following command to permanently disable SELinux.
#grubby --update-kernel ALL --args selinux=0

5.Reboot the server
# reboot

6.Verify SELinux status
# sestatus

 

source : https://centlinux.com/permanently-disable-selinux/

Read More