Linux

Bash: falling back to file autocompletion if errors introduced by program autocompletion

At the Bash command line interface, there is the concept of programmable completion and regular file/directory completion. This means that when you press the <TAB>, the alternatives can be provided by a custom program or the filesystem hierarchy. There is always the chance that a program may introduce undesirable behavior to your auto-completion, and if Bash: falling back to file autocompletion if errors introduced by program autocompletion

yq: updating deeply nested elements

Mike Farah’s yq yaml processor has a a rich set of operators and functions for advanced usage.  In this article, I will illustrate how to update deeply nested elements in yaml.  This can be done for both known paths as well as arbitrarily deep paths. Sample yaml We will use the following yaml files to yq: updating deeply nested elements

yq: validate yaml syntax

Mike Farah’s yq yaml processor has a a full-featured validation command that is very detailed in its reporting, but the yaml specification itself is very lenient, which means yq may accept scenarios you did not expect (e.g. an empty file). yq -v file.yaml >/dev/null ; echo “final result = $?” Luckily, the yq tips-and-tricks section yq: validate yaml syntax

Ubuntu: LLama2 model on Ubuntu using llama.cpp

It is relatively easy to experiment with a base LLama2 model on Ubuntu, thanks to llama.cpp written by Georgi Gerganov. The llama.cpp project provides a C++ implementation for running LLama2 models, and works even on systems with only a CPU (although performance would be significantly enhanced if using a CUDA-capable GPU).

Bash: fixing “Too many authentication failures” for ssh with private key authentication

If you are using ssh private/public keypair authentication, and get an almost immediate error like below: $ ssh -i id_rsa.pub myuser@a.b.c.d -p 22 Received disconnect from a.b.c.d port 22:2: Too many authentication failures Disconnected from a.b.c.d port 22 Then try again using the ‘IdentitiesOnly‘ option. ssh -o ‘IdentitiesOnly yes’ -i id_rsa.pub myuser@a.b.c.d -p 22 The Bash: fixing “Too many authentication failures” for ssh with private key authentication

Ubuntu: resolving systemd error, “Start request repeated too quickly”

If your systemd service is failing with the following error message: XXX.service: Start request repeated too quickly The first thing to do is fix any underlying issues.  Use ‘systemctl status <service>’, ‘journalctl -u <service>’, and search any log files produced by the service to understand why the service failed multiple times and exceeded its StartLimitBurst. Ubuntu: resolving systemd error, “Start request repeated too quickly”

Bash: fixing SSH authentication error “bad ownership or modes for file/directory”

If ssh private/public keypair authentication is failing, check the logs on the server side for permission errors.  On Debian/Ubuntu check for these errors in “/var/log/auth.log”. # error if authorized_keys file has too wide a permission for others Authentication refused: bad ownership or modes for file /home/myuser/.ssh/authorized_keys # error if .ssh directory has too wide a Bash: fixing SSH authentication error “bad ownership or modes for file/directory”

Bash: extracting first or last N octets, paths, or domain from string with fixed separator

When parsing a string that is divided by a separator char, getting the first N values OR last N values is a common scenario when dealing with: IP address separated by periods, e.g. “10.11.12.13” File path separated by forward slash “/tmp/myfolder/subpath1/subpath2/subpath3” Fully qualified domain separated by periods “sub1.sub2.my.domain.com”

Docker: installing Docker CE on Ubuntu

Docker is a container platform that streamlines software delivery and provides isolation, scalability, and efficiency with less overhead than OS level virtualization. These instructions are taken from the official Docker for Ubuntu page, but I fine-tuned them per Ubuntu22+ standards.

Bash: decoding a JWT from the command line with jq

Although jwt.io has become a common online destination for decoding JWT, this can also be done locally using jq. # populate JWT variable JWT=… # decode with jq utility echo $JWT | jq -R ‘split(“.”) | .[0],.[1] | @base64d | fromjson’ Attribution of credit goes to this gist.

Bash: testing if a file exists, has content, and is recently modified

If you need to test for a file’s existence, content size, and whether it was recently modified, the ‘find‘ utility can provide this functionality in a single call. One scenario for this usage might be the cached results from a remote service call (database, REST service, etc).  If fetching these results was a relatively costly Bash: testing if a file exists, has content, and is recently modified

Ubuntu: ‘Connection to the Snap Store failed’ during upgrade from Ubuntu 20 to 22

If you are upgrading from Ubuntu 20 to Ubuntu 22 using ‘do-release-upgrade’ and get a fatal error ‘Connection to the the Snap Store failed’, this may be resolved by removing the ‘lxd’ package which is a lightweight container supervisor. sudo /etc/init.d/lxd stop sudo rm -fr /var/lib/lxd sudo dpkg –force depends -P lxd; sudo dpkg –force Ubuntu: ‘Connection to the Snap Store failed’ during upgrade from Ubuntu 20 to 22

Linux: using nmap to check the secure protocols and ciphers of a site

While enabling HTTPS is a important step in securing your web application, it is critical that you take steps to disable legacy protocols and low strength ciphers that can circumvent the very security you are attempting to implement. The Qualys SSL test is popular for grading the overall security of a public site, but you Linux: using nmap to check the secure protocols and ciphers of a site

Ubuntu: fixing apt NO_PUBKEY errors by converting deprecated keyring to signed-by attribute

If apt update throws warnings about invalid signature verification and NO_PUBKEY, you may need to migrate from using the deprecated system keyring to using a ‘signed-by’ attribute in your apt repo definition file. Here are examples of errors you might see when doing an ‘apt update’. W: An error occurred during the signature verification. The Ubuntu: fixing apt NO_PUBKEY errors by converting deprecated keyring to signed-by attribute

Bash: awk to extract Nth match from file based on line separator

If you need to extract the Nth occurrence of a match in a file (given definitive block separators), awk provides a convenient way to express the extraction. For example, a chained pem certificate will have multiple certification definitions with unique starting and ending marker lines.  Here is how you would extract the second certificate. awk Bash: awk to extract Nth match from file based on line separator

Jekyll: exporting a WordPress blog to a static Jekyll site on Ubuntu

If you have ever considered moving from WordPress to the Jekyll static site generator, you can preview this migration by running jekyll on your local Ubuntu host. This will allow you to assess whether you can find suitable replacements for the WordPress plugins you have come to rely upon, validate your content syntax, and tweak Jekyll: exporting a WordPress blog to a static Jekyll site on Ubuntu

Ubuntu: fix apt warning for Dropbox with key in legacy keyring

If you have Dropbox installed on your Linux desktop and have recently started seeing this warning message from apt: http://linux.dropbox.com/ubuntu/dists/disco/Release.gpg: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details This can be resolved by adding the Dropbox PGP key to the ‘signed-by’ of the apt repo definition (as Ubuntu: fix apt warning for Dropbox with key in legacy keyring

Github: automated Github release of GoLang binary using Github Actions

Github Actions provide the ability to define a build workflow directly in Github.  The workflow steps are defined as yaml and can be triggered by various events, including a code push, branch, or tagging in the repository. In this article I will detail the steps of creating a statically-linked GoLang binary that is automatically built Github: automated Github release of GoLang binary using Github Actions

GoLang: Running a Go binary as a systemd service on Ubuntu 22.04

The Go language with its simplicity, concurrency support,  rich package ecosystem, and ability to compile down to a single binary is an attractive solution for writing services on Ubuntu. However, the Go language does not natively provide a reliable way to daemonize itself.  In this article I will describe how to take a couple of simple Go language programs GoLang: Running a Go binary as a systemd service on Ubuntu 22.04

GoLang: Installing the Go Programming language on Ubuntu 22.04

Update Sept 2024: changed the page parsed for latest version, validated installation of go1.23.1 on Ubuntu22.04 The Go programming language consistently ranks as one of the most popular languages in developer surveys.  In fact, Kubernetes as well as most of the CNF projects are written in Go.  And it compiles down to machine code, which GoLang: Installing the Go Programming language on Ubuntu 22.04

Linux: openssl to validate whether private key and TLS certificate match

In environments where certificates are manually deployed, reloading TLS certs is often only done annually when the certificate is near expiration.  This long lapse in time often means that someone else has inherited the task of renewal, and the original key in use may even be in question. Luckily, openssl provides a way to validate Linux: openssl to validate whether private key and TLS certificate match

Linux: ssh-keygen to check whether ssh private key and public cert are keypair

When using a private key on the client to ssh into a remote server with the matching public certificate in ~/.ssh/authorized_keys, a common failure message from the client is: Permission denied (publickey) The most common reasons for this is private key permissions issues (chmod 600), a misconfiguration of authorized_keys, or trying to send the wrong Linux: ssh-keygen to check whether ssh private key and public cert are keypair

Bash: extend timeout for idle ssh sessions using TMOUT

The ClientAliveInterval and ClientAliveMaxCount settings in “/etc/sshd/sshd_config” work together to control the timeout value of an ssh session on the server side.  But under BASH, to keep idle client sessions from timing out, you also need to set the ‘TMOUT’ variable or you will see messages like below when disconnected. timed out waiting for input: Bash: extend timeout for idle ssh sessions using TMOUT

Terraform: creating an Ubuntu 22 template and then guest VM in vCenter

In this article I will demonstrate how to create an Ubuntu 22 template in vCenter.  Then use Terraform to create a vSphere VM based on this template. The VM template creation is done by manually stepping through the Ubuntu server ISO installation wizard, followed by a set of preparation steps. Then Terraform is used to Terraform: creating an Ubuntu 22 template and then guest VM in vCenter

Ubuntu: Installing .NET SDK 6 on Ubuntu 20.04

The Microsoft .NET SDK is an open-source development platform for developing applications across multiple architectures and operating systems. In this article, I will show you how to install the .NET SDK on Ubuntu 20.04 and then create/compile/run a simple web application. Ubuntu 22 will have the dotnet-sdk available in the default Ubuntu apt repositories, but Ubuntu: Installing .NET SDK 6 on Ubuntu 20.04