Monday, June 5, 2023

How to Install Clustercontrol Using Podman on Ubuntu 22.04

Clustercontrol is a database cluster management system, developed by severalnines. This tool is really useful if you want to install and manage multiple database clusters from one interface, easily. This tool supports many database types such as mysql, mariadb, postgresql, timescaledb and also redis.


This software can easily be installed using docker, just follow the instructions here. For podman users, worry not, below are the detailed instructions on how to do the same using podman. These steps have been tested on ubuntu 22.04, but they should run in any linux that support podman.

1. Make sure you have podman installed, please refer here if you have not install podman

2. Create some directories for clustercontrol's data and configuration
$ mkdir -p clustercontrol/{cmon.d,datadir,sshkey,cmonlib,backups,prom-data,prom-conf}

3. Get the machine's ip address
$ hostname -I

4. Copy ssh key into sshkey directory
$ cp ~/.ssh/id_rsa ~/clustercontrol/sshkey

4.1 If you don't have ssh keys yet, please follow here to generate a pair

5. Run clustercontrol using podman (image 1.9.5-4 is fully working at the time of writing of this article)
podman run -d --name clustercontrol \
-h clustercontrol \
-p 5000:80 \
-p 5001:443 \
-p 9443:9443 \
-p 19501:19501 \
-e DOCKER_HOST_ADDRESS=192.168.10.10 \
-v $PWD/clustercontrol/cmon.d:/etc/cmon.d \
-v $PWD/clustercontrol/datadir:/var/lib/mysql \
-v $PWD/clustercontrol/sshkey:/root/.ssh \
-v $PWD/clustercontrol/cmonlib:/var/lib/cmon \
-v $PWD/clustercontrol/backups:/root/backups \
-v /storage/clustercontrol/prom-data:/var/lib/prometheus \
-v /storage/clustercontrol/prom-conf:/etc/prometheus \
docker.io/severalnines/clustercontrol:1.9.5-4

6. Open a browser, and browse to https://192.168.10.10:5001, and replace the 192.16810.10 to your own ip address that you use in the command above. You should be able to see below page. Register and create user to start using clustercontrol.


Wednesday, May 24, 2023

Unable to ssh into docker playground virtual machine (Permission denied (publickey) error)

Docker playground is a very useful place to learn how to use docker. However, the web interface is sometimes can be quite difficult to use, especially if we are trying to copy long commands into the virtual machine. 


A good solution to this, is to connect to the virtual machine using ssh. We can copy the link at the ssh column of the virtual machine, and paste it in our terminal. 




One of the issue that we encounter when we are trying to ssh into the virtual machine, is we will get permission denied (publickey) error, like below 








The reason this happened is, the ssh server inside the playground's virtual machine is expecting the client to connect from a machine that owns a ed25519 key. This can be verified by running below command inside the playground's virtual machine






To encounter that, simply create an ed25519 in our machine, using ssh-keygen
$ ssh-keygen -t ed25519


























We should be able to ssh into the playground's virtual machine now


Tuesday, May 16, 2023

Hide Apache Httpd Version in HTTP Header

Hiding software version in any deployment is a basic security practice that we can use to lower the risk of the deployment being breached. In this post, we will see how we can hide the apache httpd version from the http header, and from server generated pages.


To check our header, just use curl. Let's say we have an apache httpd server running on localhost
$ curl --header http://localhost












The version will also showing in the server generated page, like when we tried to access non existent page
$ curl --header http://localhost/error








To hide the version number, we can just add below line into httpd.conf. I usually will put it at the bottom of the configuration file. The location of the httpd.conf will varies depending on how you install httpd. The usual location is at /etc/httpd/conf/httpd.conf:
ServerToken Prod
ServerSignature Off

"ServerToken Prod" will hide apache httpd version from http header, while "ServerSignature Off" will hide the version from server generated pages.

Example is like below











To make sure that our change is syntax error free, test with "apachectl -t"








Once we are satisfied, restart apache httpd
# systemctl restart httpd

Then, we test it back using curl, and we do not see the version anymore
$ curl --head http://localhost
$ curl --head http://localhost/error


Tuesday, May 9, 2023

Exiting a docker container running in interactive mode

To exit from a docker container while in interactive mode (using the -it option without -d), there are 2 options:


1. Press ctrl-d to exit the shell (if you are in it) and exiting the container

2. Press ctrl-p, then ctrl-q to daemonize the container, making it run in the background without occupying the terminal

Monday, May 1, 2023

Using psql from command line to get data from postgresql

Sometimes we need to get some data from postgresql database, and we want the output to appear on the terminal so that we can further process the output.

Lets say, we want to get a list of actor from a database called dvdrental, we can simply use below command:
$ psql -U postgres -d dvdrental -c "select * from actor;"

The output will be in an interactive mode if the output is very long.



In order to run psql with output that is not interactive, we can use here-document method. The method comprise of a "<<" symbol followed by some text used as ending text for the here-document. For example, in order to get the same result as above using here-document method, we can use below command:
$ psql -U postgres -d dvdrental <<END
select * from actor;
END

The END keyword is a signal to end the here-document, thus executing the command. The output will be like below, which is not interactive, but easy to copy and paste: