Fabian Lee : Software Engineer

Bash: fixing SSH authentication error “bad ownership or modes for file/directory”

November 5, 2023
Categories: Linux

If ssh private/public keypair authentication is failing, check the logs on the server side for permission errors. On Debian/Ubuntu check for these errors in “/var/log/auth.log”. # error if authorized_keys file has too wide a permission for others Authentication refused: bad ownership or modes for file /home/myuser/.ssh/authorized_keys # error if .ssh directory has too wide a … Bash: fixing SSH authentication error “bad ownership or modes for file/directory”

Python: flattening exported csv relational data with pandas

December 9, 2021
Categories: Python

If your data is coming from CSV dumps of relational database tables, then you probably need to flatten the data before starting the training or analysis. It requires an understanding of the relational schema so you can specify the foreign key lookups, but from that pandas can reconstruct the relationships and produce a single flattened … Python: flattening exported csv relational data with pandas

Ubuntu: loading a key into ssh-agent at login with a user-level systemd service

April 5, 2021
Categories: Linux

By default, if an SSH key file is dropped into your personal ‘~/.ssh’ directory that matches a set of standard names, then it will automatically be used as an identity when logging into a remote site (id_rsa, id_dsa, id_ecsda, id_ed25519, or identity). For example, this makes it simple to comply with Github’s requirement to use … Ubuntu: loading a key into ssh-agent at login with a user-level systemd service

GCP: Creating gcp service account with IAM roles using gcloud

March 17, 2021
Categories: Containers

Although the GCP console provides a manual interface for creating service accounts and assigning roles, it can also be done via the gcloud CLI. Using gcloud, even the json key file for the service account can be generated, which is essential for automation. The full Bash script, create_serviceaccount.sh can be found on github. But here … GCP: Creating gcp service account with IAM roles using gcloud

GCP: Using gcloud to create and configure a service account

January 30, 2021
Categories: Virtualization

If you need to bootstrap a GCP project’s infrastructure, one of the first things you will want is a service account. The creation of the service account, creating its key, and then assigning binding roles can all be done from the GCP console but for scripting purposes can also be done using the gcloud utility. … GCP: Using gcloud to create and configure a service account

Ubuntu: apt-get error, yarn signature verification

January 13, 2019
Categories: Linux

If you attempt an “apt-get update” and get a signature verification error from “dl.yarnpkg.com”, the problem is most likely an expired key. This can be resolved by reloading the new public key from the site: # add latest key curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add – # try refresh again sudo apt-get update Below … Ubuntu: apt-get error, yarn signature verification

Bash: Reading input from the console while looping over output of command

September 23, 2018
Categories: Linux, Scripting

If you are using the direct output of a command to feed a while loop in BASH, you may still want to take user input inside that loop. For example, if you need the user to confirm each line by pressing <ENTER>. Take a simple example like this: grep one test.txt | while read -r … Bash: Reading input from the console while looping over output of command

Ubuntu: Creating a self-signed SAN certificate using OpenSSL

February 17, 2018
Categories: Linux

There are numerous articles I’ve written where a certificate is a prerequisite for deploying a piece of infrastructure. This article will guide you through generating a self-signed certificate with SAN (Subject Alternative Name) and SAN wildcard entries, replacing the deprecated usage of CN=<FQDN>. In addition to the operational benefits of managing SAN, it is also … Ubuntu: Creating a self-signed SAN certificate using OpenSSL

Ubuntu: Creating a trusted CA and SAN certificate using OpenSSL

February 17, 2018
Categories: DNE, Linux

There are numerous articles I’ve written where a certificate is a prerequisite for deploying a piece of infrastructure. This article will guide you through creating a trusted CA (Certificate Authority), and then using that to sign a server certificate that supports SAN (Subject Alternative Name). Operationally, having your own trusted CA is advantageous over a … Ubuntu: Creating a trusted CA and SAN certificate using OpenSSL

Ansible: Installing Ansible on Ubuntu 16.04

June 6, 2017
Categories: Automation, Linux

Ansible is an agentless configuration management tool that helps operations teams manage installation, patching, and command execution across a set of servers. In this article I’ll describe how to deploy the latest release of Ansible using pip on Ubuntu 16.04, and then perform a quick validation against a client.

Ansible: Installing Ansible on Ubuntu 14.04

June 4, 2017
Categories: Automation, Linux

Ansible is an agentless configuration management tool that helps operations teams manage installation, patching, and command execution across a set of servers. In this article I’ll describe how to deploy the latest release of Ansible using pip on Ubuntu 14.04, and then perform a quick validation against a client.

SaltStack: Combine multiple pillar files under a single key

May 12, 2017
Categories: DevOps, Scripting

An issue that keeps coming up on the mailing lists as well as Stackoverflow[1,2] is how to merge multiple pillar files for use with a single state. The problem is that pillars using the same key overwrite each other, and there is no easy way to express the desire to merge instead. There are various workarounds, but all … SaltStack: Combine multiple pillar files under a single key

Ubuntu: Creating a self-signed certificate using OpenSSL on Ubuntu

February 21, 2017
Categories: Linux

There are numerous articles I’ve written where a certificate is a prerequisite for deploying a piece of infrastructure. Here are the quick steps for installing a simple self-signed certificate on an Ubuntu server. If you instead need to create a certificate with SAN (Subject Alternative Name) support, read my article here. Some of you will … Ubuntu: Creating a self-signed certificate using OpenSSL on Ubuntu