technology

Recently, I had to re-visit an old architectural challenge in AWS that I came across a couple of years ago but couldn’t quite remember how to resolve: EC2 instances which have no public IP address (residing in a private subnet) which can accept requests from (and serve responses back to) the internet. The motivation for this particular topology is security focused: The EC2 instances cannot be directly addressed via the internet due to the absence of a public IP, but can serve (web, in this example) content over the internet using the load balancer....

The following code snippets show how to create three private subnets in AWS using terraform with ‘count’, ‘join’ and ’element’: To start with the following variables were declared and set: terraform.tfvars base_cidr_block = "192.168.0.0/16" node_count = 3 availability_zones = ["a", "b", "c"] variables.tf variable "base_cidr_block" { description = "The base of the address range to be used by the VPC and corresponding Subnets" } variable "availability_zones" { description = "A list containing 3 AZs" type = list(string) } variable "node_count" { description = "The number of ec2 instances to deploy" type = number } Three subnets are then created using a single resource block....

Like most people, my domestic ISP goes down sometimes. I work from home most of the time and the most common solution when this problem occurs is to ’tether’ a phone to use it’s 4G connection. This is OK, but a solution which allowed my entire home network to switch over to a backup internet connection would be much better… As well as my laptop maintaining a connection, movies could still be streamed (backup connection bandwith permitting) and IoT devices would keep working - you get the general idea....

This is a very quick script to get a single instance of neo4j running in a docker container. The username and password is set using the NEO4J_AUTH environment variable. #!/bin/bash # # Script: neo4j-docker.sh # Purpose: install neo4j container image after some simple environmentment prep # DOCKER=$(which docker) [ $? == 0 ] || { echo "ERROR: Check if docker is installed (and in your PATH)" ; exit 1; } DATA_DIR="$HOME/docker/neo4j-volumes/data" LOG_DIR="$HOME/docker/neo4j-volumes/logs" IMPORT_DIR="$HOME/docker/neo4j-volumes/import" PLUGINS_DIR="$HOME/docker/neo4j-volumes/plugins" RUNNING_CONTAINER=$($DOCKER ps -a | grep "neo4j:latest" | awk {'print $1'}) [ -z "$RUNNING_CONTAINER" ] || docker rm -f $RUNNING_CONTAINER [ -d $DATA_DIR ] && rm -rf $DATA_DIR/* || mkdir $DATA_DIR [ -d $LOG_DIR ] && rm -rf $DATA_DIR/* || mkdir $LOG_DIR [ -d $IMPORT_DIR ] && rm -rf $DATA_DIR/* || mkdir $IMPORT_DIR [ -d $PLUGINS_DIR ] && rm -rf $DATA_DIR/* || mkdir $PLUGINS_DIR $DOCKER run \ --name testneo4j \ -p7474:7474 -p7687:7687 \ -d \ -v $DATA_DIR:/data \ -v $LOG_DIR:/logs \ -v $IMPORT_DIR:/var/lib/neo4j/import \ -v $PLUGINS_DIR:/plugins \ --env NEO4J_AUTH=neo4j/test1234 \ neo4j:latest

This is an article which I originally co-wrote for Rackspace Solve , in January 2021 It’s time to hit reset and bring some long-overdue clarity to the edge conversation. Ask 10 different people to define edge computing and you’ll probably get 10 different definitions. The reason is that edge computing is not, whatever many might say, a technology. Instead, it’s a concept or a philosophy relating to the management and use of data....

Restoring Web Applications for edrandall.co.uk Section A - Install & Configure the WebServer with SSL Support Install the required ubuntu webserver packages aptitude install apache2 php5 php5-mcrypt php5-curl Create the following webserver configuration files: * /etc/apache2/conf.d/ejr-servers.conf NameVirtualHost 192.168.2.2:443 * /etc/apache2/sites-available/restore.edrandall.co.uk ServerName restore.edrandall.co.uk <VirtualHost 192.168.2.2:443> SSLEngine On SSLCertificateFile /etc/apache2/ssl/server.crt SSLCertificateKeyFile /etc/apache2/ssl/server.key DocumentRoot /var/www/ <Directory "/var/www"> Order deny,allow Deny from all Authname "restore.edrandall.co.uk" AuthUserFile /var/www/.htpasswd AuthType Basic Require valid-user Allow from 192.168.2. Satisfy Any </Directory> </VirtualHost> * /etc/apache2/ports....

A) iptables script #!/bin/bash ipt=$(which iptables) #Flush all existing rules $ipt -F #Set default policies $ipt -P INPUT DROP $ipt -P OUTPUT ACCEPT $ipt -P FORWARD DROP $ipt -A INPUT -i lo -j ACCEPT #Allow stuff back in that we’ve sent out $ipt -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #Allow inbound SSH to this box $ipt -A INPUT -p tcp --dport 22 --source 172.16.0.0/16 -j ACCEPT #Save the rules /sbin/service iptables save #Show the rules $ipt --list -n -v Test (from desktop machine):...

Creating an Encrypted Disk Partition Created a new logical partition (/dev/vda5) which is 500MB in size After a reboot, check the partition is there and looks okay: fdisk -cul /dev/vda Prepare the partition for encryption (enter YES and passphrase when prompted): cryptsetup luksFormat /dev/vda5 Unlock the encrypted partition cryptsetup luksOpen /dev/vda5 encpartition Have a look in the /dev/mapper directory, there’s an entry for /dev/mapper/encrypted partition: lrwxrwxrwx. 1 root root 7 Feb 21 12:24 /dev/mapper/encpartition -> ....

Download the epel packages from: http://fedoraproject.org/wiki/EPEL Edit the files: /etc/yum.repos.d/epel-repo and /etc/yum.repos.d/epel-testing.repo Uncomment the following line: #baseurl=http:// Comment the following line (Otherwise yum won’t find the epel packages and won’t work properly.): mirrorlist=http:// Install cobbler: yum install cobbler policycoreutils-python-2.0.83-19.18.el6.i686 Install mod_python for apache yum install mod_python Install dhcp yum install dhcp Install syslinux and syslinux-tftpboot yum install syslinux syslinux-tftpboot Cobbler and SELinux don’t play nice together. Whilst it is possible to configure cobbler to work with selinux, it is easier to disable it altogether....

I know there’s many ways to do this, but I quite like this method for a batch file rename: ls foo*.jpg | awk '{print("mv "$1" "$1)}' | sed 's/foo/bar/2' | /bin/bash If you want to do a dry run first, then just omit the pipe to bash: ls foo*.jpg | awk '{print("mv "$1" "$1)}' | sed 's/foo/bar/2'