jason.sh jason-idk

RKE2 Windows Troubleshooting

For any and all RKE2 Windows Clusters, v1.22.x or higher of RKE2 needs to be used. This is due to a Calico 3.19.x bug in v1.21.x of RKE2 that Tigera will not backport.
The minor version of Calico was changed midway through the RKE2 v1.22 lifecycle.
- rke2 v1.22.3+rke2r1 through v1.22.6+rke2r1 have Calico 3.20.x (3.20.1 for v1.22.3+rke2r1 only and then 3.20.2 until v1.22.7+rke2r1)
- rke2 v1.22.7+rke2r1 and up have Calico 3.21.4 (or higher)

	All About FACLs on Linux... (POSIX) Cheat Sheet and Examples…

	Viewing ACLs for file:

	root@server # getfacl /tmp/test
	# file: test —> File name
	# owner: root —> Owner of file
	# group: root —> Group owner of file
	user::rw- —> Standard file permissions for owner
	user:john:rw- —> First ACL given to user John

	System Auditing with Auditd:

	About: auditd is the user-space component of the Linux auditing subsystem. When auditd is running audit messages sent by the kernel
	will be collected in the log file configured for auditd (normally /var/log/audit/audit.log). If auditd is not running for any reason
	kernel audit messages will be sent to rsyslog.


	Configuration files:
	- /etc/sysconfig/auditd (startup options)
	- /etc/audit/auditd.conf (main config file)

	Enabling pam_tally2 on RHEL/CentOS 6:

	It is important to understand that if you place the pam_tally2 entries in the same order in
	both /etc/pam.d/system-auth and /etc/pam.d/password-auth and use sudo, your account
	will be marked as a failed login from tally even if the password is correct.

	Please edit the following files accordingly:

	FILE ---> /etc/pam.d/system-auth:

	CHEF Notes:
	################################################################################################################

	~ How it works at a high level:
	1. Push configs from admin workstation to the chef server.
	2. Chef server then pushes recipes out to the nodes.

	You really don't need to know Ruby to use Chef.

	Random MySQL Notes:

	#### Login to MySQL on Plesk by issuing:
	If you cannot access DB on Ubuntu, check /etc/mysql/debian.cnf it will be in clear text... Im not joking...

	(only on debian based systems… this is definitely a hack and not supposed to be widely used.)
	mysql -u admin -p`cat /etc/psa/.psa.shadow`

	Enabling a persistent journal can be done by using the following steps:

	1. Create the directory /var/log/journal.

	[root@demo ~]# mkdir /var/log/journal

	2. Set the group ownership of the new directory to systemd-journal, and the permissions to 2755.

	[root@demo ~]# chown root:systemd-journal /var/log/journal
	[root@demo ~]# chmod 2755 /var/log/journal

	##### Securing Console Access #####

	Securing GRUB bootloader:
	- Setting GRUB password
	- Setting Operating specific GRUB password


	In environments where physical console access can not be prohibited, or as a layer of additional authentication on the console,
	a systems administrator can add a password to the GRUB bootloader... You can do so using the following command:

	### Calculate the average apache process memory size… ###

	ps --no-headers -o "rss,cmd" -C httpd \| awk '{ sum+=$1 } END { printf ("%d%s\n", sum/NR/1024,"M") }'

	Example with output:
	# ps --no-headers -o "rss,cmd" -C apache2 \| awk '{ sum+=$1 } END { printf ("%d%s\n", sum/NR/1024,"M") }'
	10M

	Error handling:

	Command: Behavior: Recommendation:
	#!/bin/bash -p Prevents loading the initialization scriots. Recommended, but wwill need to set the PATH
	variable manually.

	set -o pipefail Will return error codes thrown by command. set -e Recommended for error handling.
	will just crash if a command returns error code.