systemd

systemctl
systemctl enable late_command.service
systemctl disable late_command.service
systemctl status late_command.service
journalctl -f
systemd-analyze verify

Example
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/preseed/master/late_command.service -O /etc/systemd/system/late_command.service && \
systemctl enable late_command.service

[Unit]
Description=preseed late_command script
After=network.target

[Service]
StandardOutput=tty
ExecStartPre=/usr/bin/wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/preseed/master/late_command.sh -O /tmp/late_command.sh
ExecStart=/bin/bash /tmp/late_command.sh
ExecStartPost=/bin/systemctl disable late_command.service

[Install]
WantedBy=multi-user.target

# test
[Unit]
After=getty.target

[Service]
TTYPath=/dev/tty1

# test
journalctl -xn
systemctl list-unit-files --all

# timesynchronization
https://feeding.cloud.geek.nz/posts/time-synchronization-with-ntp-and-systemd/

# cat /etc/systemd/timesyncd.conf
[Time]
NTP=ntp.ubuntu.com
FallbackNTP=ntp2.ubuntu.com

# apt purge ntp ntpdate
# systemctl restart systemd-timesyncd.service
# timedatectl set-ntp true
# systemctl status systemd-timesyncd.service
# timedatectl status

# resolv
systemd-resolve --status

Timeserver / sync
https://www.tecmint.com/set-time-timezone-and-synchronize-time-using-timedatectl-command/
# status
timedatectl status
# disable
timedatectl set-ntp 0
# enable
timedatectl set-ntp true
timedatectl set-timezone "Europe/Berlin"
timedatectl set-time 14:14:30
timedatectl set-time 20181120
timedatectl set-time '18:00:00 2018-11-22'
timedatectl set-local-rtc 1

# sync time
timedatectl set-ntp true

Status
systemctl is-active application.service
systemctl is-enabled application.service
systemctl is-failed application.service

Reload systemd configuration
systemctl daemon-reload

sudo systemctl --state=failed

Restart service on failure
...
[Service]
RestartSec=30s
Restart=on-failure

Restart another service (if running) on start
[Service]
...
ExecStartPost=/bin/systemctl try-restart wildfly.service

sudo systemctl edit apache2.service

Links
https://www.freedesktop.org/software/systemd/man/systemd.unit.html
https://wiki.ubuntuusers.de/systemd/
https://wiki.ubuntuusers.de/systemd/Service_Units/
http://www.freedesktop.org/software/systemd/man/systemd.service.html
https://wiki.archlinux.org/index.php/Systemd_FAQ
https://wiki.ubuntu.com/SystemdForUpstartUsers
http://www.freedesktop.org/software/systemd/man/systemd.special.html
https://www.digitalocean.com/community/tutorials/how-to-use-systemctl-to-manage-systemd-services-and-units

GitLab: Web-based Git repository manager

Install
http://www.panticz.de/install-gitlab

# restart gitlab
gitlab-ctl restart

# git home directory
/var/opt/gitlab

Reset admin password
gitlab-rails console production
u = User.where(id: 1).first
u.password = 'secret'
u.password_confirmation = 'secret'
u.save!

backup
https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/raketasks/backup_restore.md
# full backup
gitlab-rake gitlab:backup:create

# backup without reposiories
sudo gitlab-rake gitlab:backup:create SKIP=repositories

# backup target

Linux Kernel

#
# configure parameter
#
# determine the maximum size of a shared memory segment
cat /proc/sys/kernel/shmmax
 
# set default shared memory limit for shmmax (16 GB)
echo 17179869184 > /proc/sys/kernel/shmmax
 
# add the following line to /etc/sysctl.conf to make a change permanent
echo "kernel.shmmax=4294967296" >> /etc/sysctl.d/90-shmmax.conf
 
# load parameter
/sbin/sysctl -p /etc/sysctl.d/90-shmmax.conf

XEN: Create Debian Jessie DomU VM

wget https://raw.githubusercontent.com/panticz/xen/master/domains/debian.jessie.sh -O - | bash -

#!/bin/bash

# configure domU
DOMAIN_NAME=jessie
DOMAIN_MAC=00:10:01:aa:bb:cc
DOMAIN_RAM=2Gb
DOMAIN_HDD=8Gb
 
# create domU on LVM (for image file use --dir=/root)
xen-create-image \
 --hostname=${DOMAIN_NAME} \
 --dist=jessie \
 --lvm=vg0 \
 --size=${DOMAIN_HDD} \
 --fs=ext4 \
 --role=udev \
 --memory=${DOMAIN_RAM} \
 --swap=${DOMAIN_RAM} \
 --dhcp \
 --mac=${DOMAIN_MAC} \
 --genpass=0 \
 --password=t00r \
 --vcpus $(cat /proc/cpuinfo | grep processor | wc -l) \
 --pygrub
 
# --apt_proxy=http://apt-cacher:3142/
 
# rename vm config
mv /etc/xen/${DOMAIN_NAME}.cfg /etc/xen/${DOMAIN_NAME}
 
# OPTIONAL: add to autostart
ln -s /etc/xen/${DOMAIN_NAME} /etc/xen/auto
 
# start domU
xm create -c ${DOMAIN_NAME}

# login
user: root
password: t00r

# disable pc speaker
echo 'blacklist snd-pcsp' >> /etc/modprobe.d/blacklist.conf

# fix FQDN
echo "$(ifconfig eth0| grep "inet addr" | cut -d ":" -f2 | cut -d" " -f1)     $(hostname).$(cat /etc/resolv.conf | grep domain | cut -d" " -f2) $(hostname)" >> /etc/hosts
 
# OPTIONAL: enable APT auto update
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/scripts/master/enable_auto_update.sh -O - | bash -

LXC: create Debian Jessie container

wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/create.jessie.sh -O - | bash -s

#!/bin/bash

[ -z ${CONTAINER} ] && CONTAINER=jessie
LANG=en_US.UTF-8

# force, remove previous container
if [ "$1" == "-f" ]; then
  [ $(sudo lxc-ls ${CONTAINER} | wc -l) -gt 0 ] && sudo lxc-destroy -f -n ${CONTAINER}
  shift
fi

# create container
sudo lxc-create -t debian -n ${CONTAINER} -- template-options -r jessie $@

# workaround for "Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied"
echo "lxc.aa_profile = unconfined" | sudo tee -a /var/lib/lxc/${CONTAINER}/config

# start container in background
sudo lxc-start -d -n ${CONTAINER}

# wait 3 seconds until network is up
sleep 3

# copy APT proxy configuration from host
APT_PROXY=$(grep -h "Acquire::http::Proxy" /etc/apt/* -r | head -1)
[ -n "${APT_PROXY}" ] && echo ${APT_PROXY} | sudo tee /var/lib/lxc/${CONTAINER}/rootfs/etc/apt/apt.conf.d/01proxy

# update packages in container
sudo lxc-attach -n ${CONTAINER} -- apt-get update
sudo lxc-attach -n ${CONTAINER} -- apt-get dist-upgrade -y

# show containers status
sudo lxc-ls ${CONTAINER} -f

(re)create container
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/create.jessie.sh -O - | bash -s -- -f

Allow root SSH login with password
CONTAINER=jessie
sudo lxc-attach -n ${CONTAINER} -- sed -i 's|PermitRootLogin without-password|PermitRootLogin yes|' /etc/ssh/sshd_config
sudo lxc-attach -n ${CONTAINER} -- service ssh restart

Fix DNS
echo nameserver 8.8.8.8 | sudo tee /var/lib/lxc/${CONTAINER}/rootfs/etc/resolv.conf

Default login credentials
user: root
pass: root

FixMe
"Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied"
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1346734

Failed to open /dev/autofs: No such file or directory
Failed to initialize automounter: No such file or directory
[FAILED] Failed to set up automount Arbitrary Executable File Formats File System Automount Point.
See 'systemctl status proc-sys-fs-binfmt_misc.automount' for details.
Unit proc-sys-fs-binfmt_misc.automount entered failed state.

Socket service systemd-udevd.service not loaded, refusing.
[FAILED] Failed to listen on udev Kernel Socket.
See 'systemctl status systemd-udevd-kernel.socket' for details.
Socket service systemd-udevd.service not loaded, refusing.
[FAILED] Failed to listen on udev Control Socket.
See 'systemctl status systemd-udevd-control.socket' for details.

Bugs
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1347020
https://wiki.debian.org/LXC#Incompatibility_with_systemd

Fix DNS
echo nameserver 8.8.8.8 > /var/lib/lxc/${CONTAINER}/rootfs/etc/resolv.conf

# test
http://without-systemd.org/wiki/index.php/How_to_remove_systemd_from_a_Debian_jessie/sid_installation

Debian Jessie

wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/create.jessie.sh -O - | bash -

#!/bin/bash

[ -z ${CONTAINER} ] && CONTAINER=jessie
LANG=en_US.UTF-8

# force, remove previous container
if [ "$1" == "-f" ]; then
  [ $(sudo lxc-ls ${CONTAINER} | wc -l) -gt 0 ] && sudo lxc-destroy -f -n ${CONTAINER}
  shift
fi

# create container
sudo lxc-create -t debian -n ${CONTAINER} -- template-options -r jessie $@

# workaround for "Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied"
echo "lxc.aa_profile = unconfined" | sudo tee -a /var/lib/lxc/${CONTAINER}/config

# start container in background
sudo lxc-start -d -n ${CONTAINER}

# wait 3 seconds until network is up
sleep 3

# copy APT proxy configuration from host
APT_PROXY=$(grep -h "Acquire::http::Proxy" /etc/apt/* -r | head -1)
[ -n "${APT_PROXY}" ] && echo ${APT_PROXY} | sudo tee /var/lib/lxc/${CONTAINER}/rootfs/etc/apt/apt.conf.d/01proxy

# update packages in container
sudo lxc-attach -n ${CONTAINER} -- apt-get update
sudo lxc-attach -n ${CONTAINER} -- apt-get dist-upgrade -y

# show containers status
sudo lxc-ls ${CONTAINER} -f

LXC: create Debian Wheezy container

wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/create.wheezy.sh -O - | bash -

#!/bin/bash

[ -z ${CONTAINER} ] && CONTAINER=wheezy
LANG=en_US.UTF-8

# force, remove previous container
if [ "$1" == "-f" ]; then
  [ $(sudo lxc-ls ${CONTAINER} | wc -l) -gt 0 ] && sudo lxc-destroy -f -n ${CONTAINER}
  shift
fi

# create container
sudo lxc-create -t debian -n ${CONTAINER} -- template-options -r wheezy $@

# set container MAC address if specified
if [ ! -z ${CONTAINER_MAC} ]; then
  sed -i "s|lxc.network.hwaddr = .*|lxc.network.hwaddr = ${CONTAINER_MAC}|" /var/lib/lxc/${CONTAINER}/config
fi

# start container in background
sudo lxc-start -d -n ${CONTAINER}

# wait 3 seconds until network is up
sleep 3

# copy APT proxy configuration from host
APT_PROXY=$(grep -h "Acquire::http::Proxy" /etc/apt/* -r | head -1)
[ -n "${APT_PROXY}" ] && echo ${APT_PROXY} | sudo tee /var/lib/lxc/${CONTAINER}/rootfs/etc/apt/apt.conf.d/01proxy

# update packages in container
sudo lxc-attach -n ${CONTAINER} -- apt-get update
sudo lxc-attach -n ${CONTAINER} -- apt-get dist-upgrade -y

# show containers status
sudo lxc-ls ${CONTAINER} -f

(re)create container
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/create.wheezy.sh -O - | bash -s -- -f

Default login credentials
user: root
pass: root

Fix DNS
echo nameserver 8.8.8.8 > /var/lib/lxc/${CONTAINER}/rootfs/etc/resolv.conf

LXC: create Debian Squeeze container

wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/create.squeeze.sh -O - | bash -

#!/bin/bash

[ -z ${CONTAINER} ] && CONTAINER=squeeze
LANG=en_US.UTF-8

# force, remove previous container
if [ "$1" == "-f" ]; then
  [ $(sudo lxc-ls ${CONTAINER} | wc -l) -gt 0 ] && sudo lxc-destroy -f -n ${CONTAINER}
  shift
fi

# create container
sudo lxc-create -t debian -n ${CONTAINER} -- template-options -r squeeze $@

# start container in background
sudo lxc-start -d -n ${CONTAINER}

# wait 3 seconds until network is up
sleep 3

# copy APT proxy configuration from host
APT_PROXY=$(grep -h "Acquire::http::Proxy" /etc/apt/* -r | head -1)
[ -n "${APT_PROXY}" ] && echo ${APT_PROXY} | sudo tee /var/lib/lxc/${CONTAINER}/rootfs/etc/apt/apt.conf.d/01proxy

# update packages in container
sudo lxc-attach -n ${CONTAINER} -- apt-get update
sudo lxc-attach -n ${CONTAINER} -- apt-get dist-upgrade -y

# show containers status
sudo lxc-ls ${CONTAINER} -f

(re)create container
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/create.squeeze.sh -O - | bash -s -- -f

Default login credentials
user: root
pass: root

Fix DNS
echo nameserver 8.8.8.8 > /var/lib/lxc/${CONTAINER}/rootfs/etc/resolv.conf

Ubuntu: Ericsson H5321gw / F5521gw mini PCI-e WWAN / UMTS card

Ericsson H5321gw (Thinkpad T530)
# lsusb | grep Ericsson
Bus 003 Device 004: ID 0bdb:1926 Ericsson Business Mobile Networks BV

# fix kernel driver
echo "/etc/modprobe.d/avoid-mbib.conf" > options cdc_ncm prefer_mbim=N

cat < /etc/udev/rules.d/99-mbm.rules
ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="1926",
ENV{ID_USB_INTERFACE_NUM}=="09", ENV{MBM_CAPABILITY}="gps_nmea"
ATTRS{idVendor}=="0bdb", ATTRS{idProduct}=="1926",
ENV{ID_USB_INTERFACE_NUM}=="03", ENV{MBM_CAPABILITY}="gps_ctrl"
EOF

# force USB modem to only connect via EDGE and not 3G?

Git

git hooks post-merge example

#!/bin/bash

# check for modified files
for FILE in $(git diff-tree -r --name-only --no-commit-id ORIG_HEAD HEAD); do
  case "${FILE}" in
    *.json)
      # Repository configuration changed: update configuration
      ~/my_repository/scripts/json_update.sh
      ;;
    cronjobs/crontab)
      # Crontab changed: update user cronjobs
      ~/my_repository/scripts/crontab_update.sh
      ;;
  esac
done

# show repository info
git config -l

# show diff for one file
git diff

# commit only one file
git commit -m 'my comment' path/to/file

# create Git repository
git init

# add all files
git add .

# commit
git commit -m "initial project version"

# list tag
git tag -l

checkout
# checkout over SSH
git clone git@github.com:foo/bar.git

# pull single file
git checkout filename

# pull single file from remote
git checkout origin/master -- path/to/file

# checkout to checkout to specific folder
git clone https://github.com/panticz/installit.git /path/to/folder

# create tag
git tag -a v1.4 -m 'version 1.4'
git push --tags
git push origin

# remove tag
git tag -d tag123
git push origin :refs/tags/tag123

# checkout tag
git clone --branch bar-1.0.4 git@git.example.com:foo/ansible.git /tmp/bar-1.0.4

# git pull single file
git checkout origin/master -- file_name

# rollback to revision
git checkout 96fe40ded8277725d244aac83c42256ad554cc3b .

# switch branch
git checkout branch_name
git checkout master

# checkout branch
git clone --branch --single-branch []

# test
git reset file/to/overwrite

# search for string
git grep "string/regexp" $(git rev-list --all)

# grep
git grep foo HEAD

# remove last commit
git reset HEAD~1

# reset to latest revision
git reset --hard

git cherry-pick commit1

branch
# diff between branches
git diff master

# show branches
git branch

# push local Git branch to remote master branch
git push origin local_branch_1:master

# delete local branch
git branch -d local_branch_name

# delete remote branch
git push origin :remote_branch_name

# ignore
./.gitignore

# git global setup
git config --global user.name "first_name last_name"
git config --global user.email "user@example.com"
git config --global core.autocrlf true

# create a new repository
git clone git@example.com:repository_group/repository_name.git
cd repository_name
touch README.md
git add README.md
git commit -m "add README"
git push -u origin master

# Add existing folder or Git repository
cd existing_folder
git init
git remote add origin git@example.com:repository_group/repository_name.git
git add .
git commit
git push -u origin master

# search for string in commit
git grep foo $(git rev-list --all)

# check out single file
git archive --remote=git@git.example.com:foo/bar.git HEAD:path1/file_or_dir target_file_name | tar --extract

Syndicate content