Migrated from ncnotes

LXC Cheatsheet.md

@@ -0,0 +1,113 @@
+# LXD/LXC cheat sheet
+
+I've installed LXD on my home server and have found a lot of syntax and one-liners that I've yet to commit to memory.  So I'll put them here.
+
+## Install LXD
+
+```shell
+snap install lxd  
+sudo apt install -y git build-essential libssl-dev python3-venv python3-pip python3-dev zfsutils-linux bridge-utils
+```
+
+## General links
+
+* [How to initialize LXD again](https://blog.simos.info/how-to-initialize-lxd-again/)
+
+## Install lxdMosaic
+
+[link](https://github.com/turtle0x1/LxdMosaic)
+
+```shell
+# Launch an ubuntu container
+lxc launch ubuntu: lxdMosaic
+# Connect to ubuntu console
+lxc exec lxdMosaic bash
+# Download the script
+curl https://raw.githubusercontent.com/turtle0x1/LxdMosaic/master/examples/install_with_clone.sh >> installLxdMosaic.sh
+# Then give the script execution permissions
+chmod +x installLxdMosaic.sh
+# Then execute the script
+./installLxdMosaic.sh
+```
+
+## Create zsf pool image file and add it to lxc
+
+```shell
+# bs = blocksize, count = number of blocks
+
+# create the image file - 250GB
+dd if=/dev/zero of=/mnt/data1/overlook-zfs-pool02 bs=1GB count=250
+# Create the loop device (check `df -h` first for available names)
+sudo losetup /dev/loop6 /mnt/data1/overlook-zfs-pool02
+# Create zfs pool
+sudo zpool create overlook-zfs-pool02 /dev/loop6
+# View existing zpool list
+zpool list
+# Add new zpool to lxc storage
+lxc storage create overlook-zfs-pool02 zfs source=overlook-zfs-pool02
+```
+
+* [block sizes and multiples](https://www.linuxnix.com/what-you-should-know-about-linux-dd-command/)
+* [How to use a file as a zpool](https://serverfault.com/questions/583733/how-to-use-a-file-as-a-zpool)
+
+## How to move containers to a new storage pool on the same host
+
+[link](https://discuss.linuxcontainers.org/t/how-to-move-containers-to-a-new-storage-pool-on-the-same-host/2798)
+
+```shell
+lxc stop container_name
+lxc move container_name temp_container_name -s new_storage_pool
+lxc move temp_container_name container_name
+lxc start container_name
+```
+
+## Changing existing containers to use the bridge profile
+
+Suppose we have an existing container that was created with the default profile, and got the LXD NAT network. Can we switch it to use the bridge profile?
+
+Here is the existing container.
+
+```shell
+lxc launch ubuntu:x mycontainer
+
+Creating mycontainerStarting mycontainer
+```
+
+Let’s assign mycontainer to use the new profile "bridgeprofile".
+
+```shell
+lxc profile assign mycontainer bridgeprofile
+```
+
+Now we just need to restart the networking in the container.
+
+```shell
+lxc exec mycontainer -- systemctl restart networking.service
+```
+
+* [Change lxc profile for container](https://blog.simos.info/how-to-make-your-lxd-containers-get-ip-addresses-from-your-lan-using-a-bridge/)
+
+
+## /etc/netplan/ for containers
+
+```shell
+network:
+    ethernets:
+        eth0:
+            addresses:
+            - 192.168.0.206/24
+            gateway4: 192.168.0.1
+            nameservers:
+              addresses: [ 1.1.1.1, 8.8.8.8 ]
+    version: 2
+```
+
+## backup (export) containers to a file
+```shell
+bdate=$(date +"%Y-%m-%d") && for ct in $(lxc list -c n --format csv); do lxc export $ct /mnt/data2/container-backup/$bdate-$ct.tgz; done
+```
+
+## restore container from backup
+```
+lxc import <path>/<backup-archive>.tgz
+```

SSH Notes.md

@@ -0,0 +1,211 @@
+# SSH Notes
+
+## SSH Tunneling
+
+### Local Forwarding
+
+#### Examples
+
+NOTE: these use autossh to prevent the tunnel from dying
+
+Plex
+
+```shell
+autossh -f -nNT -p3141 -N -L 8080:192.168.0.209:32400 chawley@aristotle.planethawleywood.com
+```
+
+ESXi
+
+```shell
+autossh -f -nNT -p3141 -N -L 8090:192.168.0.208:443 chawley@aristotle.planethawleywood.com
+```
+
+Both ESXi and AWX
+
+```shell
+autossh -f -nNT -p3141 -N -L 8090:192.168.0.208:443 -L 8091:192.168.0.25:80 chawley@aristotle.planethawleywood.com
+```
+
+Both Plex and Derry OD
+
+```shell
+autossh -f -nNT -p3141 -N -L 8080:192.168.0.209:32400 -L 8070:192.168.0.209:80 chawley@aristotle.planethawleywood.com
+```
+
+---
+
+
+<table>
+  <tr>
+   <td><strong>Protocol</strong>
+   </td>
+   <td>SSH
+   </td>
+  </tr>
+  <tr>
+   <td><strong>From</strong>
+   </td>
+   <td>my office workstation
+   </td>
+  </tr>
+  <tr>
+   <td><strong>To</strong>
+   </td>
+   <td>RRD Jumpbox (54.84.9.50)
+   </td>
+  </tr>
+  <tr>
+   <td><strong>Via</strong>
+   </td>
+   <td>chawley2@ladmin2
+   </td>
+  </tr>
+  <tr>
+   <td><strong>Notes</strong>
+   </td>
+   <td> I have the jumpbox host configured in.ssh/config on both machines
+   </td>
+  </tr>
+  <tr>
+   <td colspan="2" ><strong><code>ssh -N -L 8090:54.184.92.50:22 chawley2@ladmin2.precisiondm.com</code></strong>
+   </td>
+  </tr>
+</table>
+
+
+
+<table>
+  <tr>
+   <td><strong>Protocol</strong>
+   </td>
+   <td>web
+   </td>
+  </tr>
+  <tr>
+   <td><strong>From</strong>
+   </td>
+   <td>my office workstation
+   </td>
+  </tr>
+  <tr>
+   <td><strong>To</strong>
+   </td>
+   <td>Plex (derry)
+   </td>
+  </tr>
+  <tr>
+   <td><strong>Via</strong>
+   </td>
+   <td>chawley@aristotle
+   </td>
+  </tr>
+  <tr>
+   <td colspan="2" ><strong><code>ssh -p3141 -N -L 8080:192.168.0.209:32400 chawley@aristotle.planethawleywood.com</code></strong>
+   </td>
+  </tr>
+</table>
+
+
+### Remote Forwarding
+
+NOTE: By default, OpenSSH only allows connecting to remote forwarded ports from the server host. However, the GatewayPorts option in the server configuration file sshd_config can be used to control this. 
+
+The following alternatives are possible:
+
+```shell
+GatewayPorts no
+```
+
+This prevents connecting to forwarded ports from outside the server computer.
+
+```shell
+GatewayPorts yes
+```
+
+This allows anyone to connect to the forwarded ports. If the server is on the public Internet, anyone on the Internet can connect to the port.
+
+#### Examples
+
+<table>
+  <tr>
+   <td><strong>Protocol</strong>
+   </td>
+   <td>web
+   </td>
+  </tr>
+  <tr>
+   <td><strong>From</strong>
+   </td>
+   <td>derry
+   </td>
+  </tr>
+  <tr>
+   <td><strong>To</strong>
+   </td>
+   <td>overlook
+   </td>
+  </tr>
+  <tr>
+   <td><strong>Notes</strong>
+   </td>
+   <td>This allows you to access apache web pages on derry by visiting <code>http://overlook.planethawleywood.com:8888</code> as long as <code>GatewayPorts yes</code> is present in <code>/etc/ssh/sshd_config</code> (as explained above) and port 8888 is open on Overlook
+   </td>
+  </tr>
+  <tr>
+   <td colspan="2" ><strong><code>ssh -R 8888:localhost:80 root@overlook</code></strong>
+   </td>
+  </tr>
+</table>
+
+### Reference
+
+* [How To Use SSH Tunneling](https://www.howtogeek.com/168145/how-to-use-ssh-tunneling/)
+* [SSH Port Forwarding Example](https://www.ssh.com/ssh/tunneling/example)
+
+
+## Kill Unresponsive SSH
+
+### Summary
+
+Let’s say you’re happily typing in your remote shell when all of a sudden, the crappy Wi-Fi network you’re using goes down. You end up with a perfectly unusable frozen shell, ugh!
+
+To do that, assuming you lost connectivity, press in that order:
+
+
+```shell
+[Enter]
+~
+.
+```
+
+
+That is, &lt;return key> then tilde then period
+
+This will send an escape sequence to your local SSH client and terminate the connection.—So this will always work even without a network connection.
+
+Here’s the list of escape sequences:
+
+
+### Supported escape sequences:
+
+`~.` - terminate connection (and any multiplexed sessions) \
+`~B` - send a BREAK to the remote system \
+`~C` - open a command line \
+`~R` - Request rekey (SSH protocol 2 only) \
+`~^Z `- suspend ssh \
+<code>~<em>#</em></code> - list forwarded connections \
+<code>~&</code> - background ssh (when waiting for connections to terminate) \
+<code>~?</code> - this message \
+<code>~~</code> - send the escape character by typing it twice \
+ \
+(Note that escapes are only recognized immediately after newline.)
+
+
+## SSH Keygen
+
+### Generate an SSH Key with a comment
+
+```shell
+ssh-keygen -C "comment" -f <file>
+```
+