ubuntu

Site to Site IPSec VPN with strongSwan and OpenStack VPNaaS (IPsec)

Setup

# Left (Ubuntu client, behind NAT)
Ubuntu Client IP: 212.8.9.10
Ubuntu net: 192.168.178.0/24
 
# Right (OpenStack VPNaaS)
VPN_SERVICE_ID=$(openstack vpn service list -c ID -f value)
VPN_SERVICE_IP=$(openstack vpn service show ${VPN_SERVICE_ID} -c external_v4_ip -f value)
echo ${VPN_SERVICE_IP}
 
OpenStack VPN IP: 217.50.60.70
OpenStack Net: 10.0.1.0/24

Create OpenStack VPN endpoint
http://www.panticz.de/openstack/vpnaas

/etc/ipsec.secrets

217.50.60.70 : PSK "PASS1234"

/etc/ipsec.conf

config setup
 
conn vpn1
 keyexchange=ikev1
 left=%defaultroute
 leftid=212.8.9.10
 leftsubnet=192.168.178.0/24
 leftauth=psk
 leftfirewall=yes
 authby=psk
 auto=start
 ike=aes256-sha512-modp1024
 esp=aes256-sha512
 right=217.50.60.70
 rightsubnet=10.0.1.0/24
 rightauth=psk
 ikelifetime=3600s
 keylife=3600s
 type=tunnel

CLI

sudo ipsec status
sudo ipsec statusall
sudo ipsec restart
 
sudo ipsec up vpn1
sudo ipsec down vpn1
 
sudo ipsec listalgs

List

Gnome / Ubuntu: Configure MIME-Type

Show default mime
https://wiki.ubuntuusers.de/xdg-utils/

xdg-mime query default inode/directory
xdg-mime query default text/html
xdg-mime query default x-scheme-handler/mailto
xdg-mime query default text/plain
xdg-mime query default image/jpeg
xdg-mime query default application/pdf

Configure user default MIME-Type application

xdg-mime default code.desktop text/plain
xdg-mime default code_code.desktop text/plain

# old
https://wiki.selfhtml.org/wiki/MIME-Type/%C3%9Cbersicht#T
by user

mkdir -p ~/.local/share/applications
 
cat <<EOF>> ~/.local/share/applications/mimeapps.list
[Default Applications]
text/plain = code.desktop
text/x-shellscript = code.desktop
EOF
 
sed -i 's|text/plain = .*|text/plain = code.desktop|g' ~/.local/share/applications/mimeapps.list

Configure global

/etc/gnome/defaults.list
sudo sed -i 's|text/plain=gedit.desktop|text/plain=code.desktop|g' /etc/gnome/defaults.list

gio
https://help.gnome.org/admin/system-admin-guide/stable/mime-types-application-user.html.en

Visual Studio Code

# deb download
# https://code.visualstudio.com/docs/setup/linux
curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
sudo install -o root -g root -m 644 microsoft.gpg /etc/apt/trusted.gpg.d/
sudo sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/vscode stable main" > /etc/apt/sources.list.d/vscode.list'

sudo apt-get install apt-transport-https
sudo apt-get update
sudo apt-get install code # or code-insiders

# manual download
wget -q https://update.code.visualstudio.com/latest/linux-deb-x64/stable -O /tmp/code.deb

Snap (Ubuntu package management)

Install
sudo apt install -y snapd

CLI
snap find
snap install

Configure proxy
sudo mkdir -p /etc/systemd/system/snapd.service.d/
echo -e '[Service]\nEnvironment="http_proxy=http://proxy.example.com:3128/"' | sudo tee /etc/systemd/system/snapd.service.d/http-proxy.conf
echo -e '[Service]\nEnvironment="https_proxy=http://proxy.example.com:3128/"' | sudo tee /etc/systemd/system/snapd.service.d/https-proxy.conf
sudo systemctl daemon-reload
sudo systemctl restart snapd

# debug proxy
systemctl show snapd | grep proxy

cloud-image-utils

sudo apt install -y qemu-kvm cloud-image-utils
wget https://cloud-images.ubuntu.com/releases/18.04/release/ubuntu-18.04-server-cloudimg-amd64.img

# cat seed
#cloud-config
password: ubuntu
chpasswd: { expire: False }
ssh_pwauth: True
ssh_import_id: ${USER}

cloud-localds seed.img seed
sudo kvm-spice -m 2048 -drive file=ubuntu-18.04-server-cloudimg-amd64.img,if=virtio,cache=writeback -cdrom seed.img -net nic,model=virtio -net user,hostfwd=tcp::222-:22
# -balloon virtio

# login credentials:
user: ubuntu
pass: ubuntu

ssh ubuntu@localhost:2222

Install prometheus under Ubuntu

Install from repository
sudo apt-get install -y prometheus
# optional
sudo apt-get install -y prometheus-node-exporter
sudo apt-get install -y prometheus-alertmanager
sudo apt-get install -y prometheus-pushgateway

Ansible installation
https://github.com/panticz/ansible/tree/master/roles/prometheus
- hosts: localhost
roles:
- prometheus

Login
http://SERVER_IP:9090/

Commands
avg_over_time(node_memory_MemAvailable[5m])/1024/1024

Repositroy