ansible create user and upload ssh key

Leave a reply

---
- hosts: all_servers
vars:
ansible_python_interpreter: auto_legacy_silent
users:
- "user1"
- "user2"
- "user2"
tasks:
- name: "Ensure group admin exists"
group:
name: admin
state: present
- name: "Create user accounts"
user:
name: "{{ item }}"
groups: "admin"
shell: /bin/bash
with_items: "{{ users }}"
- name: "Add authorized keys"
authorized_key:
user: "{{ item }}"
key: "{{ lookup('file', 'files/'+ item + '.pub') }}"
with_items: "{{ users }}"
- name: "Allow admin users to sudo without a password"
lineinfile:
dest: "/etc/sudoers" # path: in version 2.3
state: "present"
regexp: "^%admin"
line: "%admin ALL=(ALL) NOPASSWD: ALL"

Create SSH user keys in files directory:

ssh-keygen -t rsa -f ~/files/user1.pub -C user1
ssh-keygen -t rsa -f ~/files/user2.pub -C user2
ssh-keygen -t rsa -f ~/files/user3.pub -C user3

Run ansible yaml:
ansible-playbook users_create.yaml

That will create 3 users in all_servers group with sudo privileges.

ispconfig 8080 enable ssl

Leave a reply 
cd /usr/local/ispconfig/interface/ssl/
mv ispserver.crt ispserver.crt-$(date +"%y%m%d%H%M%S").bak
mv ispserver.key ispserver.key-$(date +"%y%m%d%H%M%S").bak
mv ispserver.pem ispserver.pem-$(date +"%y%m%d%H%M%S").bak
ln -s /var/www/clients/client0/webXXX/ssl/`hostname -f`-le.crt ispserver.crt
ln -s  /var/www/clients/client0/webXXX/ssl/`hostname -f`-le.key ispserver.key
cat ispserver.{key,crt} > ispserver.pem
chmod 600 ispserver.pem

Where XXX web number

nginx self signed

Leave a reply

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650 -nodes -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=CommonNameOrHostname" && cat key.pem cert.pem > /etc/nginx/crt.pem

Convert OpenVZ to LXC

Leave a reply


Convert OpenVZ VM to LXC VM

Install same version lxc OS
lxc launch ubuntu:20.04 lxc-server
lxc stop lxc-server

rm -rf /var/snap/lxd/common/lxd/storage-pools/default/containers/lxc-server/rootfs
mkdir /var/snap/lxd/common/lxd/storage-pools/default/containers/lxc-server/rootfs

On Ubuntu 20.04 OpenVZ VM run:
rsync -avz -e ssh --exclude=etc/inittab --exclude=etc/network/interfaces --exclude=dev/ --exclude=sys/ --exclude=proc/ / [email protected]:/var/snap/lxd/common/lxd/storage-pools/default/containers/lxc-server/rootfs/

vim /var/snap/lxd/common/lxd/storage-pools/default/containers/lxc-server/rootfs/etc/network/interfaces
auto lo
iface lo inet loopback
source /etc/network/interfaces.d/*.cfg

mkdir /var/snap/lxd/common/lxd/storage-pools/default/containers/lxc-server/rootfs/etc/network/interfaces.d/
vim /var/snap/lxd/common/lxd/storage-pools/default/containers/lxc-server/rootfs/etc/network/interfaces.d/eth0.cfg
# The primary network interface
auto eth0
iface eth0 inet dhcp

lxc start lxc-server

For sure you need to stop MySQL/PostgreSQL before rsync or if huge database you can resync database after syncing data from OpenVZ server

apt install keep skip alternatives

Leave a reply


To keep php7.2 default
before apt change priority value 72 -> 92 to keep this value biggest

/var/lib/dpkg/alternatives/php
/var/lib/dpkg/alternatives/php-fpm.sock

update-alternatives --query php
Name: php
Link: /usr/bin/php
Slaves:
php.1.gz /usr/share/man/man1/php.1.gz
Status: auto
Best: /usr/bin/php7.2
Value: /usr/bin/php7.2

Alternative: /usr/bin/php7.2
Priority: 92
Slaves:
php.1.gz /usr/share/man/man1/php7.2.1.gz

Alternative: /usr/bin/php7.4
Priority: 74
Slaves:
php.1.gz /usr/share/man/man1/php7.4.1.gz