Filipino DevOps Engineer – Portfolio Weblog

Embracing continuing self-education and training aligned with helping do DevOps work to serve others

Author: Abe

  • Day 04 of 100 Days of DevOps – with Kode Kloud – File Permissions

    Day 04 of 100 Days of DevOps – with Kode Kloud – File Permissions

    Hey-yo!

    Hi there, folks.

    How are you folks doing where you’re at?

    I’m sorry, I posted this 4th day laboratory a bit late. Honestly, I began contemplating about doing it tomorrow instead of today. However, I had another after-thought that I felt like cheating myself. If I still have enough, or some time today to do it. Why not do it, to also stay on track? Yes, my friends?

    With this reflection.

    I’m jumped onto this chair behind a desk. And started up my aging, small computer.

    Okay.

    For today, we have a task to modify the file permissions (for all users, groups, and whatnot) for a script (shell script, denoted with a file extension of *.sh).

    It means, it’s a file containing text-based instructions for a computer when you run it.

    However, there’s a catch to this file. A problem. And good people at Kode Kloud gave us a task to fix it.

    To fix it.

    We need to modify this script file’s permission. From no permissions. Into it becoming an executable. Meaning, a file that can be run (like an application program, if you invoke it).

    So, okay. Let’s go.

    First, we SSH into our application server where the file lives. We do this from our jumphost (called “thor”).

    We shh (or login) to our 2nd server with username "steve".

    We “login” or ssh, using the username “steve”. Doing so, with this Linux command.

    ssh steve@stapp02

    You can do this.

    Or, you can invoke the server SSH connection via the IP address of the server. If the hostname isn’t mapped to it yet.

    Kindly don’t forget about the username for the app server (“steve”).

    ssh steve@172.16.238.11

    Enter your server’s password.

    You can find it from the Kode Kloud Engineer’s infrastructure details.

    Once logged in.

    You’ll still need to ask or request the elevate your present privileges, to become “root”.

    You’ll need the extra privileges in order to do necessary administrative tasks. Otherwise, you might see errors.

    My friend, you elevate your user privileges to become “root” temporarily through this Linux command.

    sudo su

    Once you’re able to escalate privileges to root.

    You must modify the script file’s permission for all users, groups, and whatnot. For it to become executable.

    Once more, executable means your file behaves more like a standalone application program. That when you invoke it. Instead of displaying you its contents. The script will “execute” or run the instructions the author wrote in it.

    Please do so with this command to make the file executable. 

    chmod +x /tmp/xfusioncorp.sh

    Details about above Linux command.

    • “chmod”: is a program in Linux that lets you change file permissions.
    • “+x”: tells chmod to “add execute permissions” for all users of the file
    • “/tmp/xfusioncorp.sh”: is the path and the filename and extension of our script file that we need to change the permissions for. It’s the file mentioned in our task containing some instructions when run, or read.

    If you put these three (3) fragments together.

    It tells Linux to please do the following:

    • Hey. Linux, please change the file permission for this shell file (xfusioncorp.sh) found inside directory (or folder) /tmp/. And modify it to become an executable file (chmod +x).

    However, folks after doing these set of steps.

    And after verifying that we have changed the file permission of file.

    I encountered a mistake, or I made a mistake. It made me wonder what was going on.

    Huh?! But the permission (executable) was set right. Hmm. This needs further looking into, me thinks. Alright, let’s go!

    For example, this screen shows that the file permission was changed and file is now executable.

    However…

    Task is failing validity checks from Kode Kloud

    Our task is failing the Kode Kloud task correctness test.

    If you look at the screen above, with the red “x” mark. It shows we made a mistake.

    After a while, it made me think about something.

    Folks, an executable file is good. Yes. However, if you can’t or don’t have “read” permissions.

    You can’t execute or run the file, at all.

    This could be, why our correctness test was failing.

    With this in mind.

    We try again. And do things, this time, enabling “read” permissions along with “execute” permissions.

    This time with read and execute permissions.

    Re-doing our task. We asked Linux to add “read” and “execute” permissions for the file.

    chmod +rx /tmp/xfusioncorp.sh

    Then, we verify that the permissions were set accordingly.

    And this time, finally, after a number of failed attempts, we got it right.

    We learn something new today, my friends. Yes folks?

    We give our thanks.

    Alright, that’s it for now.

    If you’re also trying this laboratory for the 100 Days of DevOps. And if you find yourself stuck. Feel free to reach out. And if I can, I’ll help you.

    Okay. Thanks.

    God bless you.

  • Day 03 of 100 Days of DevOps – with Kode Kloud – Secure Root Access

    Day 03 of 100 Days of DevOps – with Kode Kloud – Secure Root Access

    Hi’ya, folks!

    How are you doing?

    Today, we have a task to disable SSH root access unto our application servers.

    Tasks catalog

    Namely, app servers 01 (stapp01), 02 (stapp02), 03 (stapp03). Having the following users: tony, steve, and banner.

    Kindly refer to this infrastructure schematic.

    Kode Kloud Engineer Infra
    Day 03 of 100 Days of DevOps Task 03

    With this we do the following for all three servers.

    First, we SSH into a server from our jumphost (thor). Like so:

    ssh tony@stapp01

    Alternatively, we can also login or ssh into a server with its IP address. If the hostnames aren’t mapped to their respective IP address yet. 

    ssh tony@172.16.238.10

    This will result in the same thing, if the server is running on that IP address and can be found.

    Once we have SSH’ed into a server.

    First, we request to escalate our privileges. So that we can do administrative tasks on the server.

    sudo su

    Then. We’ll need to modify a line from a SSH daemon configuration file. We can utilize vi, vim, or nano text editors for this task.

    vi /etc/ssh/sshd_config

    In this case, we worked with a text editor called “vi”. It is the software that’s installed unto our server machines.

    However, other text editors like “nano” will work just as fine as vi, or vim.

    Now we change this line, saying the following.

    “PermitRootLogin yes”

    Into.

    “PermitRootLogin no”

    Manually set config file value for "PermitRootLogin" to "no"

    Finally, once we have saved the file with the modified value for PermitRootLogin”.

    We manually restart our sshd daemon service with the following command. 

    systemctl restart sshd

    Once this runs without throwing any errors. You should be good to go, my friends.

    You repeat this same process for the other two (2) application servers.

    • Application server 02
      • steve@stapp02
    • Application server 03
      • banner@stapp03

    When you’re done with the rest of the application servers.

    Then, remember to check your work, through Kode Kloud checker tool. So that your progress will be recorded and saved for later.

    Done with Laboratory task 3

    Alright, that’s it for now.

    Thanks!

    God bless.

  • Day 02 of 100 days of DevOps – Continual learning with Kode Kloud

    Day 02 of 100 days of DevOps – Continual learning with Kode Kloud

    Hey, how are you doing folks?

    My brothers and sisters, today, thankfully when I logged into my computer. I saw this opened web browser tab showing Kode Kloud Engineer. (https://engineer.kodekloud.com)

    Task for Day 2 of 100 days of DevOps from Kode Kloud

    Folks, we’re asked to create a temporary Linux development user for one of our friends, named: “Mariyam”.

    We’re told to set an expiry date for this Linux user to some time in the year 2023.

    After logging into Kode Kloud’s server called “stapp03” (application server 3). Through the “banner” username.

    Here’s the infrastructure of Kode Kloud Engineer, for this task. For your reference, my friends.

    You need to know the server’s access details, like IP address (or hostname), and its password, too. Okay, folks?

    After logging into “application server 3”.

    We login with ssh, with the following command.

    ssh banner@stapp03

    We ask to receive temporary “root” access first. 

    sudo su



    Then we start creating the needed temporary Linux user “Mariyam” with an expiry date.

    We’ve created a temporary Linux user.

    With the following Linux command, we perform the needed administrative action. 

    useradd -m -e 2023-12-07 mariyam

    And that’s that for our Day 02. If you want to also do this free training and continual learning program from Kode Kloud. Feel free to sign-up at this link (https://engineer.kodekloud.com/).

    Thanks, my dear brothers and sisters.

    Folks, let us keep trying to become present-day disciples of Christ.

    God bless you.

    Peace be with you all, folks.

  • 100 days of DevOps – from Kode Kloud (technical education)

    100 days of DevOps – from Kode Kloud (technical education)

    Hi, folks! How are you doing?

    It’s a cloudy Saturday morning over here.

    Good morning! Magandang umaga, mga kaibigan.

    Friends, this morning I took the learning program (it’s free of charge) from Kode Kloud (https://kodekloud.com).

    For our brothers and sisters who don’t know what Kode Kloud is. It’s an online website where you can learn and practice some hands-on DevOps, cloud computing, and more. Some of their content, including this thing called “100 days of DevOps” is free.

    Enlist and sign up for a free account to their Kode Kloud engineer program. (https://engineer.kodekloud.com) To also do this and participate in their free learning program(s) and a bunch of online laboratories that let you practice what you learn about DevOps.

    Earlier this morning, I did their first online laboratory for “Day 01”.

    Our task given was to create a Linux user called “Kareem”, having a non-interactive shell. Note: we’re given a free instance of CentOS instance (one of the distributions of Linux kernel).



    And now folks, while I remember that the command for creating a Linux user is “useradd”. I don’t remember what a non-interactive shell is exactly. Albeit, I had vague memories of what it is. Having encountered it before from Kode Kloud lessons also.

    Our task for Day 01 done. Also thanks for online resources.

    Looking up, it made all the difference. I re-learned that non-interactive shells are for Linux user accounts that you need not necessarily log into. Like what our cloud computing friends will describe as “service accounts” – like accounts that programmatic services or code utilize to perform automated tasks.

    Okay, so that’s our Day 01.

    Tomorrow, or… tomorrow after tomorrow (since it’s Sunday tomorrow over here – folks, I try to rest and drop lessons for a while during Sundays) we’ll do our Day 02.

    Finally, my friends you’ll need to look at this online note. (https://kodekloudhub.github.io/kodekloud-engineer/docs/projects/nautilus#infrastructure-details)

    Kode Kloud Engineer Infra

    Note please: all credit goes to our good friends from https://kodekloud.com

    It details the resources (or servers) you’ll need to log into and do work on for you to progress in your own 100 days of DevOps learning pathway.

    Let’s keep trying, my dear brothers and sisters.

    Thank you, that’s it for now.