Blog

sha256: 2b87a252a3d912530dd8c20df6bee7f6cbc4ede0074fdf217e318aab39d9736c

Fastapi Simple Security

Code

How to Protect your App with Simple Security

Let’s build a small API Endpoint with FastAPI and protect it with SimpleSecurity.

API key based security package for FastAPI, focused on simplicity of use:

  • Full functionality out of the box, no configuration required
  • API key security with local sqlite backend, working with both header and query parameters
  • Default 15 days deprecation for generated API keys
  • Key creation, revocation, renewing, and usage logs handled through administrator endpoints
  • No dependencies, only requiring FastAPI and the python standard library

Build new App

and show the Directory Structure

Restricted Shell

Linux

Restricting User to Script

Let’s assume you have some Users around and they should be able to run certain Scripts. These Scripts do various things, login to some systems, perform task, get data from an API, whatever you want. All these Actions needs Credentials which must be available to the script, although they are not part of the Script. They could be Provides via OS Env, .env File, Encrypted Password Store or whatever. But if the Script is able to access these Credentials, a logged in User would could access it also.

SSH LogLevels

OpenBSD

Log Levels for SSH

In SSH, the LogLevel option allows you to control the level of logging information generated by the SSH client and server.
There are several log levels you can use to adjust the verbosity of SSH logging. Here are the most commonly used log levels:

QUIET:
Suppresses all log messages, except for fatal errors. It provides the least amount of information.
FATAL:
Logs only fatal errors, indicating severe issues that may prevent the SSH session from being established.
ERROR:
Logs error messages, which are issues that might cause problems but don't necessarily prevent the session from being established.
INFO:
Logs informational messages, such as connection status and key exchange details. This is the default log level.
VERBOSE:
Provides more detailed logging than INFO, including additional debugging information.
DEBUG:
Generates detailed debugging messages. This level is useful when diagnosing connection and authentication issues.
DEBUG1, DEBUG2, DEBUG3:
Provides even more verbose debugging output, with DEBUG3 being the most detailed.

Settings per User

cat ~/.ssh/config
  Host *
    LogLevel QUIET
    LogLevel FATAL
    LogLevel ERROR
    LogLevel INFO
    LogLevel VERBOSE
    LogLevel DEBUG
    LogLevel DEBUG1
    LogLevel DEBUG2
    LogLevel DEBUG3
    ...
Any Comments ?

sha256: b62b3c4dc3fb31bf4d2cadbd8d3a632de0a9374ae4a2a6026d0b6d9d0bace367

Python Ping3

OpenBSD

Need a Litte Ping Function ?

Test

cat <<'EOF'> ping.py
import argparse
from ping3 import ping, verbose_ping

def do_ping(host: str, timeout: int = 3, size: int = 1500, output: str = "json"):
    # output: json|txt
    # '21.54 ms'
    if size > 1500:
        size = 1500
    result = (
        str(
            round(
                ping(dest_addr=host, timeout=timeout, size=size, unit="ms"),
                2,
            )
        )
        + " ms"
    )
    if output.lower() == "json":
        return {"host": host, "timeout": timeout, "size": size, "result": result}
    if output.lower() == "txt":
        return result
    else:
        return f"output format '{output} unknown! use 'json|txt'"


def do_multiple_ping(host: str, count: int = 3, interval: float = 0):
    # ping 'www.stoege.net' ... 23ms
    # ping 'www.stoege.net' ... 24ms
    # ping 'www.stoege.net' ... 20ms
    verbose_ping(
        dest_addr=host,
        count=count,
        interval=interval,
    )


def main():
    # Create the argument parser
    parser = argparse.ArgumentParser(description="Ping a domain or IP address.")

    # Add the host argument
    parser.add_argument(
        "host",
        metavar="HOST",
        type=str,
        nargs="?",
        default="www.stoege.net",
        help="the domain or IP address to ping",
    )

    # Parse the command-line arguments
    args = parser.parse_args()

    # Call the ping function
    output = do_ping(host=args.host, output="json")

    # Print the ping output
    print(f"\n{output}\n")

    # Call the ping function. No return Value !
    do_multiple_ping(host=args.host, count=10, interval=0.1)


if __name__ == "__main__":
    main()
EOF

add module

poetry, venv, whatever you like

Python Logger

OpenBSD

a custom logger for Python

let’s tune the default logger a bit so he write nice and colored messages.

Screenshot

config.py

a little config File …

cat <<'EOF'> config.py
LOGGER_MAX_FILE_LENGTH = 10
EOF

src/logger.py

the logger code in the ‘src’ Folder

mkdir src
cat <<'EOF'> src/logger.py
import logging
import datetime
import sys

from config import *

if isinstance(LOGGER_MAX_FILE_LENGTH, int):
    LOGGER_MAX_FILE_LENGTH = str(LOGGER_MAX_FILE_LENGTH)


def get_now() -> str:
    #
    # choose your format
    #
    current_time = datetime.datetime.now()

    # 2023-07-16 22:16:15.958
    formatted_time_1 = current_time.strftime("%Y-%m-%d %H:%M:%S.%f")[:-3]

    # 22:16:54.471
    formatted_time_2 = current_time.strftime("%H:%M:%S.%f")[:-3]

    # 22:17:21
    formatted_time_3 = current_time.strftime("%H:%M:%S")

    return formatted_time_2


class ExitOnCriticalHandler(logging.Handler):
    def emit(self, record):
        # Unset Color
        COLOR = RESET = "\033[0m"

        # Debug -> Black
        if record.levelno == logging.DEBUG:
            COLOR = "\033[0m"
        # Info -> Green
        elif record.levelno == logging.INFO:
            COLOR = "\033[92m"
        # Warn -> Blue
        elif record.levelno == logging.WARNING:
            COLOR = "\033[94m"
        # Error -> Orange
        elif record.levelno == logging.ERROR:
            COLOR = "\033[38;5;208m"
        # Critical -> Red
        elif record.levelno >= logging.CRITICAL:
            COLOR = "\033[91m"

        # Custom Line
        print(
            COLOR
            + "{:} {:} {:04} {:{w}} {:}".format(
                get_now(),
                record.levelname,
                record.lineno,
                record.filename,
                record.msg,
                w=LOGGER_MAX_FILE_LENGTH,
            )
            + RESET
        )

        # Exit on Critical
        if record.levelno >= logging.CRITICAL:
            logging.shutdown()
            print("\033[91m" + "GOT A CRITICAL -> EXIT HERE!" + "\033[0m")
            sys.exit()


# Init Logger
logger = logging.getLogger()
logger.setLevel(logging.INFO)

# Create and add the custom handler
exit_handler = ExitOnCriticalHandler()
logger.addHandler(exit_handler)


# Set Log Level
def set_log_level(level: str):
    # Parse/ Set LogLevel
    if level.lower() in ["d", "debug"]:
        logger.setLevel(logging.DEBUG)
    elif level.lower() in ["i", "info"]:
        logger.setLevel(logging.INFO)
    elif level.lower() in ["w", "warning"]:
        logger.setLevel(logging.WARNING)
    elif level.lower() in ["e", "error"]:
        logger.setLevel(logging.ERROR)
    elif level.lower() in ["c", "critical"]:
        logger.setLevel(logging.CRITICAL)

    # Custom level name mappings, Debug -> D
    logging.addLevelName(logging.DEBUG, "D")
    logging.addLevelName(logging.INFO, "I")
    logging.addLevelName(logging.WARNING, "W")
    logging.addLevelName(logging.ERROR, "E")
    logging.addLevelName(logging.CRITICAL, "C")


# Functions to Call
def ldebug(msg: str):
    logger.debug(msg)


def linfo(msg: str):
    logger.info(msg)


def lwarning(msg: str):
    logger.warning(msg)


def lerror(msg: str):
    logger.error(msg)


def lcritical(msg: str):
    logger.critical(msg)
EOF

main.py

the Main File with Argparse to set the Logging Level on Startup

Python - Build Executable

OpenBSD

wanna convert a script to a executable ?

Build a Sample Script

cat << EOF > main.py
a = "top"
b = "secret"
print("This is", a, b)
EOF

python3 main.py
This is top secret

update poetry ?

doas poetry self update
poetry self update

or

pip install poetry -U

add pyinstaller

poetry init
poetry add pyinstaller

build Binary

poetry run pyinstaller main.py --onefile

check Binary

ls -la dist/
file dist/main

ls -la dist/
4735533 Jun 26 22:17 main

```.sh
file dist/main

file dist/main
dist/main: ELF 64-bit LSB shared object, x86-64, version 1

run Binary

./dist/main

./dist/main
Hello World! geheim

find “Strings”

strings dist/main |sort

strings dist/main |sort
...
unsetenv
vfprintf
vsnprintf
w3M9
waitpid
wcsncpy
|$8H
~$E1

find Keywords in Strings

strings dist/main |grep -E "top|secret"

strings dist/main |grep -E "top|secret"
# -> nothing found

Object Dump

objdump -x dist/main

objdump -x dist/main

dist/main:     file format elf64-x86-64
dist/main
architecture: i386:x86-64, flags 0x00000150:
HAS_SYMS, DYNAMIC, D_PAGED
start address 0x0000000000005ed0

Program Header:
    PHDR off    0x0000000000000040 vaddr 0x0000000000000040 paddr 0x0000000000000040 align 2**3
         filesz 0x00000000000002a0 memsz 0x00000000000002a0 flags r--
  INTERP off    0x00000000000002e0 vaddr 0x00000000000002e0 paddr 0x00000000000002e0 align 2**0
         filesz 0x0000000000000013 memsz 0x0000000000000013 flags r--
    LOAD off    0x0000000000000000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**12
         filesz 0x0000000000004ecc memsz 0x0000000000004ecc flags r--
    LOAD off    0x0000000000004ed0 vaddr 0x0000000000005ed0 paddr 0x0000000000005ed0 align 2**12
         filesz 0x0000000000007700 memsz 0x0000000000007700 flags --x
    LOAD off    0x000000000000c5d0 vaddr 0x000000000000e5d0 paddr 0x000000000000e5d0 align 2**12
         filesz 0x0000000000000918 memsz 0x0000000000000918 flags rw-
    LOAD off    0x000000000000cee8 vaddr 0x000000000000fee8 paddr 0x000000000000fee8 align 2**12
         filesz 0x0000000000000004 memsz 0x000000000000602c flags rw-
 DYNAMIC off    0x000000000000c900 vaddr 0x000000000000e900 paddr 0x000000000000e900 align 2**3
         filesz 0x0000000000000140 memsz 0x0000000000000140 flags rw-
   RELRO off    0x000000000000c5d0 vaddr 0x000000000000e5d0 paddr 0x000000000000e5d0 align 2**0
         filesz 0x0000000000000918 memsz 0x0000000000000a30 flags r--
EH_FRAME off    0x0000000000003c1c vaddr 0x0000000000003c1c paddr 0x0000000000003c1c align 2**2
         filesz 0x000000000000030c memsz 0x000000000000030c flags r--
OPENBSD_RANDOMIZE off    0x000000000000c5d0 vaddr 0x000000000000e5d0 paddr 0x000000000000e5d0 align 2**3
         filesz 0x0000000000000308 memsz 0x0000000000000308 flags rw-
   STACK off    0x0000000000000000 vaddr 0x0000000000000000 paddr 0x0000000000000000 align 2**0
         filesz 0x0000000000000000 memsz 0x0000000000000000 flags rw-
    NOTE off    0x00000000000002f4 vaddr 0x00000000000002f4 paddr 0x00000000000002f4 align 2**2
         filesz 0x0000000000000018 memsz 0x0000000000000018 flags r--

Dynamic Section:
  NEEDED      libm.so.10.1
  NEEDED      libz.so.7.0
  NEEDED      libc.so.97.0
  FLAGS_1     0x8000000
  DEBUG       0x0
  RELA        0xf50
  RELASZ      0x6d8
  RELAENT     0x18
  RELACOUNT   0x46
  JMPREL      0x1628
  PLTRELSZ    0x6d8
  PLTGOT      0xec88
  PLTREL      0x7
  SYMTAB      0x310
  SYMENT      0x18
  STRTAB      0xcd8
  STRSZ       0x272
  GNU_HASH    0xa48
  HASH        0xa68

Sections:
Idx Name          Size      VMA               LMA               File off  Algn
  0 .interp       00000013  00000000000002e0  00000000000002e0  000002e0  2**0
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  1 .note.openbsd.ident 00000018  00000000000002f4  00000000000002f4  000002f4  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  2 .dynsym       00000738  0000000000000310  0000000000000310  00000310  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  3 .gnu.hash     00000020  0000000000000a48  0000000000000a48  00000a48  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  4 .hash         00000270  0000000000000a68  0000000000000a68  00000a68  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  5 .dynstr       00000272  0000000000000cd8  0000000000000cd8  00000cd8  2**0
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  6 .rela.dyn     000006d8  0000000000000f50  0000000000000f50  00000f50  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  7 .rela.plt     000006d8  0000000000001628  0000000000001628  00001628  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  8 .rodata       00001f1c  0000000000001d00  0000000000001d00  00001d00  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  9 .eh_frame_hdr 0000030c  0000000000003c1c  0000000000003c1c  00003c1c  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 10 .eh_frame     00000fa4  0000000000003f28  0000000000003f28  00003f28  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 11 .text         00006d90  0000000000005ed0  0000000000005ed0  00004ed0  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 12 .init         0000000e  000000000000cc60  000000000000cc60  0000bc60  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 13 .fini         0000000e  000000000000cc70  000000000000cc70  0000bc70  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 14 .plt          00000950  000000000000cc80  000000000000cc80  0000bc80  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 15 .openbsd.randomdata 00000308  000000000000e5d0  000000000000e5d0  0000c5d0  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 16 .jcr          00000008  000000000000e8d8  000000000000e8d8  0000c8d8  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 17 .ctors        00000010  000000000000e8e0  000000000000e8e0  0000c8e0  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 18 .dtors        00000010  000000000000e8f0  000000000000e8f0  0000c8f0  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 19 .dynamic      00000140  000000000000e900  000000000000e900  0000c900  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 20 .got          00000248  000000000000ea40  000000000000ea40  0000ca40  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 21 .got.plt      00000260  000000000000ec88  000000000000ec88  0000cc88  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 22 .data         00000004  000000000000fee8  000000000000fee8  0000cee8  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 23 .bss          00006024  000000000000fef0  000000000000fef0  0000ceec  2**4
                  ALLOC
SYMBOL TABLE:
no symbols

Disassemble

objdump -d dist/main

objdump -d dist/main |head -100

dist/main:     file format elf64-x86-64

Disassembly of section .text:

0000000000005ed0 <.text>:
    5ed0:	48 89 d1             	mov    %rdx,%rcx
    5ed3:	48 8b 3c 24          	mov    (%rsp),%rdi
    5ed7:	48 8d 54 fc 10       	lea    0x10(%rsp,%rdi,8),%rdx
    5edc:	48 8d 74 24 08       	lea    0x8(%rsp),%rsi
    5ee1:	48 83 ec 08          	sub    $0x8,%rsp
    5ee5:	48 83 e4 f0          	and    $0xfffffffffffffff0,%rsp
    5ee9:	48 83 c4 08          	add    $0x8,%rsp
    5eed:	eb 01                	jmp    5ef0 <_csu_finish@plt-0x6da0>
    5eef:	cc                   	int3
    5ef0:	55                   	push   %rbp
    5ef1:	48 89 e5             	mov    %rsp,%rbp
    5ef4:	41 57                	push   %r15
    5ef6:	41 56                	push   %r14
    5ef8:	41 55                	push   %r13
    5efa:	41 54                	push   %r12
    5efc:	53                   	push   %rbx
    5efd:	50                   	push   %rax
    5efe:	49 89 cd             	mov    %rcx,%r13
    5f01:	49 89 d4             	mov    %rdx,%r12
    5f04:	49 89 f6             	mov    %rsi,%r14
    5f07:	41 89 ff             	mov    %edi,%r15d
    5f0a:	48 89 f7             	mov    %rsi,%rdi
    5f0d:	48 89 d6             	mov    %rdx,%rsi
    5f10:	48 8b d1             	mov    %rcx,%rdx
    5f13:	e8 98 6d 00 00       	callq  ccb0 <_Jv_RegisterClasses@plt>
    5f18:	48 8b d8             	mov    %rax,%rbx
    5f1b:	4d 85 ed             	test   %r13,%r13
    5f1e:	0f 85 db 00 00 00    	jne    5fff <_csu_finish@plt-0x6c91>
    5f24:	48 89 5d d0          	mov    %rbx,0xffffffffffffffd0(%rbp)
    5f28:	48 8d 1d a1 ff ff ff 	lea    -95(%rip),%rbx        # 5ed0 <_csu_finish@plt-0x6dc0>
    5f2f:	48 8d 0d 9a ff ff ff 	lea    -102(%rip),%rcx        # 5ed0 <_csu_finish@plt-0x6dc0>
    5f36:	48 29 d9             	sub    %rbx,%rcx
    5f39:	48 8d 41 07          	lea    0x7(%rcx),%rax
    5f3d:	48 85 c9             	test   %rcx,%rcx
    5f40:	48 8b d1             	mov    %rcx,%rdx
    5f43:	48 0f 48 d0          	cmovs  %rax,%rdx
    5f47:	48 c1 fa 03          	sar    $0x3,%rdx
    5f4b:	74 46                	je     5f93 <_csu_finish@plt-0x6cfd>
    5f4d:	48 85 c9             	test   %rcx,%rcx
    5f50:	48 0f 49 c1          	cmovns %rcx,%rax
    5f54:	48 c1 f8 03          	sar    $0x3,%rax
    5f58:	48 83 f8 02          	cmp    $0x2,%rax
    5f5c:	41 bd 01 00 00 00    	mov    $0x1,%r13d
    5f62:	4c 0f 43 e8          	cmovae %rax,%r13
    5f66:	eb 08                	jmp    5f70 <_csu_finish@plt-0x6d20>
    5f68:	cc                   	int3
    5f69:	cc                   	int3
    5f6a:	cc                   	int3
    5f6b:	cc                   	int3
    5f6c:	cc                   	int3
    5f6d:	cc                   	int3
    5f6e:	cc                   	int3
    5f6f:	cc                   	int3
    5f70:	4c 8b 1b             	mov    (%rbx),%r11
    5f73:	44 89 ff             	mov    %r15d,%edi
    5f76:	4c 89 f6             	mov    %r14,%rsi
    5f79:	4c 89 e2             	mov    %r12,%rdx
    5f7c:	31 c9                	xor    %ecx,%ecx
    5f7e:	e8 9d 00 00 00       	callq  6020 <_csu_finish@plt-0x6c70>
    5f83:	48 87 d8             	xchg   %rbx,%rax
    5f86:	48 83 c0 08          	add    $0x8,%rax
    5f8a:	48 87 d8             	xchg   %rbx,%rax
    5f8d:	49 83 c5 ff          	add    $0xffffffffffffffff,%r13
    5f91:	75 dd                	jne    5f70 <_csu_finish@plt-0x6d20>
    5f93:	4c 8d 2d 36 ff ff ff 	lea    -202(%rip),%r13        # 5ed0 <_csu_finish@plt-0x6dc0>
    5f9a:	48 8d 0d 2f ff ff ff 	lea    -209(%rip),%rcx        # 5ed0 <_csu_finish@plt-0x6dc0>
    5fa1:	4c 29 e9             	sub    %r13,%rcx
    5fa4:	48 8d 41 07          	lea    0x7(%rcx),%rax
    5fa8:	48 85 c9             	test   %rcx,%rcx
    5fab:	48 8b d1             	mov    %rcx,%rdx
    5fae:	48 0f 48 d0          	cmovs  %rax,%rdx
    5fb2:	48 c1 fa 03          	sar    $0x3,%rdx
    5fb6:	74 3c                	je     5ff4 <_csu_finish@plt-0x6c9c>
    5fb8:	48 85 c9             	test   %rcx,%rcx
    5fbb:	48 0f 49 c1          	cmovns %rcx,%rax
    5fbf:	48 c1 f8 03          	sar    $0x3,%rax
    5fc3:	48 83 f8 02          	cmp    $0x2,%rax
    5fc7:	bb 01 00 00 00       	mov    $0x1,%ebx
    5fcc:	48 0f 43 d8          	cmovae %rax,%rbx
    5fd0:	4d 8b 5d 00          	mov    0x0(%r13),%r11
    5fd4:	44 89 ff             	mov    %r15d,%edi
    5fd7:	4c 89 f6             	mov    %r14,%rsi
    5fda:	4c 89 e2             	mov    %r12,%rdx
    5fdd:	31 c9                	xor    %ecx,%ecx
    5fdf:	e8 3c 00 00 00       	callq  6020 <_csu_finish@plt-0x6c70>
    5fe4:	49 83 c5 08          	add    $0x8,%r13
    5fe8:	48 87 d8             	xchg   %rbx,%rax
    5feb:	48 83 c0 ff          	add    $0xffffffffffffffff,%rax
    5fef:	48 87 d8             	xchg   %rbx,%rax
    5ff2:	75 dc                	jne    5fd0 <_csu_finish@plt-0x6cc0>
    5ff4:	c6 05 45 9f 00 00 01 	movb   $0x1,40773(%rip)        # ff40 <memcmp@plt+0x2e30>
    5ffb:	48 8b 5d d0          	mov    0xffffffffffffffd0(%rbp),%rbx
    5fff:	e8 5c 6c 00 00       	callq  cc60 <_csu_finish@plt-0x30>
    6004:	48 8b 13             	mov    (%rbx),%rdx
...

-> at least the variables are not obviously found in the binary. but don’t want to know what ghidra says about it :(

K8s - Hetzner

Cloud

Source

https://www.youtube.com/watch?v=dEAtD9PVr_Q

get Host

Build a VM on Hetzner, Ubuntu 22.04

Patch

Patch the Box

apt-get update
apt-get --fix-broken install
apt-get -y upgrade
apt-get install lynx uptimed

Kurl Small

give a try with kurl. the Open Source Kubernetes Installer ;)

time curl https://kurl.sh/ccedeec |bash |tee -a install.md

real	4m5.149s
user	1m26.425s
sys	0m22.249s

Kurl Full

same as small, but with most options enabled

curl https://kurl.sh/13609c3 | sudo bash

Ressource Warning

got a warning as i took a bit a small VM (CX21). Just ignore it.

K8s on Debian12

Cloud

Install Debian 12

or install Debian 11.7 and Upgrade to 12

Setup

3 Nodes

192.168.100.151     k8s-master
192.168.100.152     k8s-worker1
192.168.100.153     k8s-worker2

Locale

export LC_CTYPE=en_US.UTF-8
export LC_ALL=en_US.UTF-8

Kubernetes

https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"

Swap Off

swapoff -a
sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab

Install FW

apt-get install ufw
ufw enable

Master

ufw allow 22/tcp
ufw allow 6443/tcp
ufw allow 2379/tcp
ufw allow 2380/tcp
ufw allow 10250/tcp
ufw allow 10251/tcp
ufw allow 10252/tcp
ufw allow 10255/tcp
ufw reload

Worker

ufw allow 22/tcp
ufw allow 10250/tcp
ufw allow 30000:32767/tcp
ufw reload

Containerd

cat << EOF >> /etc/modules-load.d/containerd.conf
overlay
br_netfilter
EOF

modprobe overlay
modprobe br_netfilter

cat << EOF >> /etc/sysctl.d/99-kubernetes-k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF

sysctl --system

Containerd

apt update
apt -y install containerd

Adapt Containerd to Kubernetes

containerd config default > /etc/containerd/config.toml >/dev/null 2>&1

Update config.toml

sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml

Restart Containerd

systemctl enable containerd
systemctl restart containerd

add Kubernetes

apt install gnupg gnupg2 curl software-properties-common -y
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg |gpg --dearmour -o /etc/apt/trusted.gpg.d/cgoogle.gpg
apt-add-repository "deb http://apt.kubernetes.io/ kubernetes-xenial main"

Kubectl

apt update
apt install kubelet kubeadm kubectl -y
apt-mark hold kubelet kubeadm kubectl

Kube Init on MASTER

kubeadm init --control-plane-endpoint=k8s-master

Downgrade to 1.26

Version 1.27 seems not production ready, so, you may have to downgrade it :(

MacOS - Kernel Extensions

Categories

see: https://nektony.com/how-to/remove-kext-on-mac

System Extensions

> ll /System/Library/Extensions/ |head
total 0
drwxr-xr-x@ 3 root  wheel   96 May 13 00:29 AFKACIPCKext.kext
drwxr-xr-x@ 3 root  wheel   96 May 13 00:29 AFTK_Kext.kext
drwxr-xr-x@ 3 root  wheel   96 May 13 00:29 AGXFirmwareKextG13GRTBuddy.kext
drwxr-xr-x@ 3 root  wheel   96 May 13 00:29 AGXFirmwareKextG13XRTBuddy.kext
drwxr-xr-x@ 3 root  wheel   96 May 13 00:29 AGXFirmwareKextG14GRTBuddy.kext
drwxr-xr-x@ 3 root  wheel   96 May 13 00:29 AGXFirmwareKextG14PRTBuddy.kext
drwxr-xr-x@ 3 root  wheel   96 May 13 00:29 AGXFirmwareKextG14XRTBuddy.kext
drwxr-xr-x@ 3 root  wheel   96 May 13 00:29 AGXFirmwareKextRTBuddy64.kext
drwxr-xr-x@ 3 root  wheel   96 May 13 00:29 AGXG13G.kext

System Extensions

/Library/Apple/System/Library/Extensions> ll
total 0
drwxr-xr-x  3 root  wheel  96 May 13 00:29 AppleKextExcludeList.kext
drwxr-xr-x  3 root  wheel  96 May 13 00:29 AppleMobileDevice.kext

Own Extensions

stoege@play224:~> ll /Library/Extensions/ |head
total 0
drwxr-xr-x@  3 root  wheel    96 May 27 14:11 CH34xVCPDriver.kext
drwxr-xr-x@  3 root  wheel    96 May 27 14:17 Dropbox.kext
drwxr-xr-x   3 root  wheel    96 May 13 00:29 HighPointIOP.kext
drwxr-xr-x   3 root  wheel    96 May 13 00:29 HighPointRR.kext
drwxr-xr-x@  3 root  wheel    96 May 27 14:11 HoRNDIS.kext
drwxr-xr-x@  3 root  wheel    96 May 27 14:18 SiLabsUSBDriver.kext
drwxr-xr-x@  3 root  wheel    96 May 27 14:11 SoftRAID.kext
drwxr-xr-x@ 15 root  wheel   480 May 27 14:10 Unsupported
drwxr-xr-x@ 33 root  wheel  1056 May 27 14:26 backup
Any Comments ?

sha256: 8a9836f3b6b24efeab82363400d893d801e1576f4527a684805be9de0b609617

Vim

Categories

as i’m using vim almost every day, why not make some notes to improve the skillz ?

Source: https://www.computerhope.com/unix/vim.htm and others …

.vimrc

my vim config file. do backup of the old file first!

test -f ~/.vimrc && cp ~/.vimrc ~/.vimrc.bak-$(date "+%s")
cat << 'EOF' > ~/.vimrc
" sample .vimrc from https://blog.stoege.net/posts/vim/

" Use 2 spaces for tabs
set shiftwidth=2
set tabstop=2
set expandtab
set softtabstop=0
set ruler
set mouse=r

" Disable backup and swap files because they cause more problems than they solve
set nobackup
set noswapfile

" Display line numbers
set number

" Color
syntax on
" colorscheme delek
EOF

show whitespaces

:set list

show numbers

:set numbers

ignore case

:set ignorecase

Convert File to xxd (hex editor)

:%!xxd

Revert to VIM

:%!xxd -r

Search & Replace

search for ‘box’ from line 1 to the End of the File and replace it with ‘BOX’