Category Archives: The Cloud and Networking

TTY – TeleTYpewriter on Linux

I came accross a tutorial talking about TTY command in linux. Basically its pertaining to terminals in the container. Lets drill down the terminology first.

– Terminal is just a term use pointing to a dumb machine connected to the main computer. Consist of a display and a keyboard.

– Console is use to describe a TERMINAL physically connected to the computer. Let say like a personal computer connected with a keyboard and monitor. Or like xbox console and ps4.

– TTY and PTY . TTY is technology that handles input and output to a display and the program it executes.It is a virtual console refer above to communicate with the host. Most terminal in linux is PTY pseudo-tty. Meaning a fake or technology that acts similar to tty.  Ssh terminal is type of PTY.

Using command tty, shows device name you are currently on. tty0 usually refers to your current terminal.

What are virtual terminals and when to use it?
“A Virtual Terminal is a full-screen terminal which doesn't run inside an X window (unlike the terminal window on your graphical desktop). Virtual terminals are found on all GNU/Linux systems, even on systems which don't have a desktop environment or graphical system installed.

Virtual terminals can be accessed on an Ubuntu system by pressing Ctrl+Alt+F1 till F6. To come back to the graphical session, press Ctrl+Alt+F7.“

So all in all my understanding is when you SSH to a server, you are using a pseudo-tty to the server giving you a virtual terminal to manage the machine. This also gives you a interactive shell. When you spawn a connection to sshd, it mounts a /dev/pts/* dynamically. Making it look like a real terminal is connected or physical device. And you can use this to refer to your connection, by using tty command on your terminal. Pseudo because you are emulating tty functionality, instead of actually connected to the server physically.

In the olden days terminal are real physical device connected to the pc. Linux didnt have a GUI before. To manage it, you remote to it and creates a “virtual terminal” or “virtual console”  like a real physical device terminal.

The tty 1-6 ctrl + alt + f1-6 are basically the same as a virtual console or terminal. The f7+ keys shortcut is when you have a gui terminal on the server. Gui terminal refers to let say, your ubuntu is your server. It can open a terminal in its window as you do. Then pressing keys above f(1-6) opens tty terminal without the gui as if you are back in a gui-less server and use your keyboard and monitor to manage it. Take note pressing these keys only works when you are physically logged-in on the console. But your terminal is still virtual, see below.

Additional info, when you are executing a command to connect to your server using ssh -t or -T flag remotely.

-t means to provide an interactive terminal or TTY terminal to execute commands.

-T to disable any interactivity.

Upon saying this. When you open a terminal connection via ssh. You most likely want tty/interactivity, that can execute commands etc. tty is just the technology that creates this connection between your remote pc keyboard to a server. A linux box by itself is a console. Connect a keyboard and a monitor to it and will generate a virtual console or terminal to administer it.

Taken from red-hat website

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/installation_guide/sn-guimode-virtual-consoles-ppc

“A virtual console is a shell prompt in a non-graphical environment, accessed from the physical machine, not remotely. Multiple virtual consoles can be accessed simultaneously.”

Docker & Docker-compose

So here we are in the DevOps world. Well not quite, so what is this docker thing here that will help us be productive as a developer?

Docker is like a virtual machine but is’nt. It is an image or an instance of an mini operating system that act as a host to your application and what not. This image or template creates a container that uses this template to create an environment.

You can either use Dockerfile or Docker Compose (yaml file) . Dockerfile lets you create your custom image. Docker compose manage multiple docker images to simplify the commands.

Here is a link to a cheat sheet for Dockerfile:

https://github.com/wsargent/docker-cheat-sheet

Basic Dockerfile configuration:
http://blog.flux7.com/blogs/docker/docker-tutorial-series-part-3-automation-is-the-word-using-dockerfile
FROM: <imagename> (You can have multiple from. Means multiple container)
MAINTAINER: <author name>
RUN: <command to run for extra provisioning>
ADD: <source from build context local path> <destination in the container> (add can be used to extract files from path similar to COPY)
COPY: <source from local machine> <destination> Always use copy for copying from local machine(windows) relative to the build context to container
ENTRYPOINT: <command to run after container starts eg: ping>
CMD: <command to feed to entry point>
(Difference between CMD and ENTRYPOINT https://stackoverflow.com/questions/21553353/what-is-the-difference-between-cmd-and-entrypoint-in-a-dockerfile?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa )
WORKDIR: <working directory for RUN, ENTRYPOINT and CMD>
ENV: <key> <value> set environment variable on the container
VOLUME: [‘/var/www’]  or “docker create or run -v source:destination” (Lets  you mount a directory to the host machine, this persist even the container is removed.This volume can be used by the container to read and write to , when the container is stopped or removed the data volume in the host will still be there. The HOST(path):CONTAINER(path) only applies in the command line)

Volume is a bit confusing to wrap your head around at least for me , please see this link: https://www.digitalocean.com/community/tutorials/how-to-work-with-docker-data-volumes-on-ubuntu-14-04

Basic docker-compose yaml config
Full Reference:

https://docs.docker.com/v17.09/compose/compose-file/#compose-file-structure-and-examples

Start with:
VERSION: 3
SERVICES:
___[SERVICE NAME – 1]:
______image: (image name) If BUILD is not specify this will just download the image from the internet.
______build: [context or below]
________context: ./dir
________dockerfile: Dockerfile-alternate
________args:
___________buildno: 1 [accessible in your dockerfile as $buildno]
______command: [“bundle”, “exec”, “thin”, “-p”, “3000”] (overrides the CMD in your dockerfile)
______ports: (“host:container”)
________  – “3000:8000”
______links:
________ -[service-name] ( any service name that this service links to)
______depends_on:
________ -[service-name] ( any service this service depends on)
______expose: (exposes/open a port on a container , can be use for other application that is serve using this port)
________ – “3000” (port numbers)
______networks: (group it belongs)
________- Network1
networks: (list of networks/groups the image belong)
______- Network1
These are the basic simplification configurations for docker. See full reference above for more information. Take note there is also a DEPLOY option only for docker version 3. This deploy option is for deploying to docker swarm which is a little bit advanced for me at the moment.

Common mistakes setting up docker:


https://runnable.com/blog/9-common-dockerfile-mistakes

 

CentOS Administration

List of administration tasks on a CentOS machine with VirtualMin/WebMin installed

SQL Server remote access

I just found a gem of a post in how to make Sql Server talk to anyone in your network!

Source: https://stackoverflow.com/questions/11278114/enable-remote-connections-for-sql-server-express-2012

I will definitely go back to this everytime I want access to a database in our network.

Basically, this will show us how to set up SQL Server so that any program on the network is allowed access to its content given they have the right user access to it. It has something to do with enabling Sql Server browser and enabling TCP/IP connection.

Understanding DNS, Nameservers and Record types

Are you a web developer, who mainly focuses on developing your application? Do you only just update your nameserver and point to your hosting company at the registry and think everything will just work with no hiccups and go on your business coding? If yes then dont be that developer as I was.

Nameservers comes first! 

You have to understand this bit to understand everything else in the DNS realm (https://webmasters.stackexchange.com/questions/16297/which-comes-first-dns-or-name-servers link to the article) .  I have spent my night trying to uncover this puzzle basically there is 2 entities that you will likely come across when dealing with DNS, the Domain Registry(where you bought your domain) and your Web Host DNS manager(your webhost).

When you change your nameservers to your new hosting, you are basically saying to delegate all DNS records to that server thus allowing your new web host to handle your DNS or RR(Resource Records). Your Domain Registry will be free of responsibility when it comes to other records you have on it. I am saying the A , AAAA, MX records etc. These records will now be handled by your web host dns manager.

Very important if you have existing RR in your domain registry make sure you leave them be until you actually know whats happening and make sure you read this blog post before committing. So what you can do is to copy all your resource records from your original DNS to your hosting company, which to be honest is I dont like doing because a lot things can go awry when you get it wrong and will take time for it to get right.

OR

Create an A record for your domain.com to point to the IP address of your hosting company. Then create an MX record for that domain.com to point to your current mail.domain.com DNS, then do the rest for every RR you have, that includes FTP, SFTP sub-domains.

Source: https://serverfault.com/questions/149509/changing-domain-name-dns-to-redirect-web-traffic-to-one-server-and-leave-mail-t

So there you have it! If you are wondering what those records do here is a quick rundown below.

A records – translate domain name to IP address eg. domain.com -> 118.123.9.12

MX records – for email service that only points to domain name. eg mail.domain.com -> A record.

CNAME record – an alias to another name record or domain name.

AAAA record – A record but points to IPv6 instead of IPv4

More info:
CNAME https://www.web24.com.au/tutorials/cname-records-used

What is ‘@’ record used for:
http://forums.devshed.com/dns-36/mean-setting-dns-settings-636502.html

Whats the go with SSL/TLS ?

Many have been confused to what is the go with SSL(Secure Socket Layer) security  aka TLS (Transport Layer Security). We all know its for security purposes online, to encrypt your communications between websites. We also know how it passes a public key or shared key in order for the client browser to decrypt and the server to decrypt using its private key. And protect communications from frying eyes.. etc etc.

But as I beginner in SSL , how would one implement this? And questions arises .. When I was learning it at these were the question that popped in my head.

  1. Why do we need a CA (Certification Authority)?
    • This Authority identifies who you are or in our case our website. A stranger cant just trust anyone online, let alone giving you their credit card details. So these guys are authorities that will ask a bunch of questions and documents so you can prove your identity and the authority will trust you and the public will trust the authority that trusted you.
  2. When should we implement a Self-signed certificate?
    • You can try to self-signed your own certificate but as mentioned, they will get a confirmation in your browser whether they should trust you or not. Your website will still be secure and protected but the trust issue is still at hand. That means you can generate your keys to encrypt your data line. But efficiency and peace of mind and for your audience in the internet, go with a CA otherwise use your self-signed only a need to need basis in your own network.
  3. Who generates the keys?
    • The keys will be generated upon creating a CSR (Certificate Signing Request) file,  a certificate signing request will also generate the public key and private key, then depending on your CA, you will get an intermediate key that also gets installed on your website, so that the CA can identify your website. Basically the CA will ask you to generate your a CSR against your server and complete the process.
      I will also include a step by step process in here from Comodo of how they normally process the purchase of a certificate. Most CA has a similar process or otherwise your webhost will do it for you.Comodo Step by Step acquiring SSL
      https://comodosslstore.com/blog/how-to-install-comodo-ssl-certificate-on-your-website.html

      More information here : http://stackoverflow.com/questions/5244129/use-rsa-private-key-to-generate-public-key

    • If you need to understand how the TSL/SSL handshake works here is a very thorough video explaining how they work. This is also a reminder to myself as I normally forget this stuff.Handshake Process of SSL
      https://www.youtube.com/watch?v=n_d1rCXNrx0
  4. What types of certifications are there?
    • Theres a bunch! Positive , wildcards are mostly offered by CA and quick search should point you to the right direction. But first off positive one only secures your yourdomain.com and www.yourdomain.com, wildcards as you may suspect gives your sub-domains plus the with or without www.

Now how do you actually set one up? Important thing to remember is, to get the certificate from your CA(Certificate Authority). You have to generate a CSR on your web server and submit this to your CA then you will get another certificate for you to install on server. See link below for a very detailed instructions on what really is the step to do it.

http://www.pontikis.net/blog/how-to-obtain-install-ssl-certificate


 

There are plenty of articles about how to implement this on your site. Especially a WordPress one like this one.

http://stackoverflow.com/questions/292732/self-signed-ssl-cert-or-ca

Most of the questions above will be answered by the above link.
Useful link below:

What is CSR file for?  https://www.sslshopper.com/what-is-a-csr-certificate-signing-request.html

 

From a Developer to a mind shifting cloud computing in AWS

As a developer that only develops application, there are a tons of things one should know outside the development stage and coding and these in itself is sometimes is as big or even bigger than all your programming knowledge put together. Your algorithm, your patterns, your OOP design, etc.

Then there are these: deployment, optimisation, unit testing, usability, ethics in code maintainability, platform agnostic, scalability,performance, and the availability to target audience and the platform knowledge to deploy them.

We cant be expert on everything but we have to have a solid foundation in which every technology is built upon. A product is born in Information Technology through the needs to have a better solution and automate certain task that are repetitive. Think of a boiler plate in your development having them around is essential but understanding how it works is even more important so when something of need arises that a feature is unavailable, you can open up the bonnet , adjust , or move things around accordingly.

I am a beginner in AWS/ or any Cloud Computing Environment and its something I want to be familiar in, Im just lucky that I have a decent amount of knowledge in Networking otherwise I will definitely have a big challenge at hand.

I found an article: https://wblinks.com/notes/aws-tips-i-wish-id-known-before-i-started/

who has experienced delving into AWS as a developer as a beginner, his tips and advice is very valuable for us beginner AWS user. Check him out.

AWS: VPC detailed explanation and use cases

Virtual Private Cloud in Amazon Web Service.

Fundamentals in creating your own Virtual Data Center using VPC in AWS. I have always wonder as a developer how would your audience consume your product? I thought of AWS (IaaS), then you got EC2, a virtual machine that can service any request you set it up to. But to build a whole bunch of them and provides different services to your customers or your internal consumption, that would look like a data center that we know naturally, only the know-how people can establish and a simple developer such as ourselves is a huge challenge to difficult to near impossible.

Enter VPC(Virtual Private Cloud). The author above puts a very thorough explanation on how to use it and what is.

Also you might wanna have read through this the difference between VPN, VPS, VPC:

https://www.comparitech.com/blog/vpn-privacy/whats-the-difference-between-a-vpn-vps-and-vpc/
Credit to the Authors who put a lot of effort to creating reference and tutorials like this for us new comers!