Blog

Bienvenue...

...sur mon blog, j'utilise ce site pour noter les petites choses qui me sont utiles, que ça soit informatique ou autre :)

Il y a 10 years 5 months

I've had problems generating a GPG Key Pair, finaly found that it was because I was trying to generate the key with another user than the one I was logged with...

You must have a console opened to be able to generate the key.

...and a little script found here to automatically launch the gpg-agent :

#!/bin/bash
 
# Decide wether to start gpg-agent daemon.
# Create necessary symbolic link in $HOME/.gnupg/S.gpg-agent
 
SOCKET=S.gpg-agent
PIDOF=`pidof gpg-agent`
RETVAL=$?
 
if [ "$RETVAL" -eq 1 ]; then
        echo "Starting gpg-agent daemon."
        eval `gpg-agent --daemon`
else
        echo "Daemon gpg-agent already running."
fi
 
# Nasty way to find gpg-agent's socket file...
GPG_SOCKET_FILE=`find /tmp/gpg-* -name $SOCKET 2> /dev/null`
echo "Updating socket file link."
cp -fs $GPG_SOCKET_FILE $HOME/.gnupg/S.gpg-agent

Another little usefull command generating GPG Key Pair (this entropy stuff whatever...) is :

sudo dd if=/dev/sda of=/dev/zero

When you get "We need to generate a lot of random bytes. It is a good idea to perform <blabla>" open another shell and launch the command, it will accelerate the generation...

Il y a 10 years 7 months

Add rules in /etc/sysconfig/iptables :

#elasticsearch
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9200 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9300 -j ACCEPT
-A INPUT -m pkttype --pkt-type multicast -j ACCEPT
Il y a 10 years 8 months

...in just one and simple command :

[root@host ~]# ssh -fNT -L <local port>:localhost:<distant port> -R <distant port>:localhost:<local port> <host/ip to connect to> -l <trusted user>

God bless ssh :P

PS : by the way, you may have trusted your servers with an ssh key's exchange

  • f : tells ssh to go to the background
  • N : tells ssh there is no remote command to execute
  • T : tells ssh to disable pseudo-tty allocation
Il y a 10 years 8 months

First download rpms and install rabittmq-server (cf. here).

Then, you must add rabittmq's binary directory to your PATH :

[root@host ~]# export PATH=$PATH:/usr/lib/rabbitmq/bin

You can then activate plugins :

[root@host ~]# rabbitmq-plugins enable rabbitmq_management rabbitmq_mqtt
The following plugins have been enabled:
  rabbitmq_mqtt
  mochiweb
  webmachine
  rabbitmq_web_dispatch
  amqp_client
  rabbitmq_management_agent
  rabbitmq_management
Plugin configuration has changed. Restart RabbitMQ for changes to take effect.

rabittmq_management is to enable the web console to manage the server. You'll have to add iptables rules if you have enabled the firewall. Add those lines in /etc/sysconfig/iptables

#rabbitmq
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5672 -j ACCEPT
#rabbitmq mgmt
-A INPUT -m state --state NEW -m tcp -p tcp --dport 15672 -j ACCEPT

You can then start the server :

[root@host ~]# service rabbitmq-server start

If you get a FAILED message, this may have been caused by another service like qpidd which listens to the same port.

[root@host ~]# netstat -apn |grep 5672
tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      1553/qpidd

Two choices then, you take the blue pill : stop & disable qpidd's service. You take the red pill : create a rabittmq-server's config file to specify another listening port...

Il y a 10 years 8 months

I was trying to find a way to connect logstash input to mqtt...

I didn't want to code a ruby plugin, as I don't know ruby... then I saw logstash's websocket input... googled "mqtt mosquitto websocket"... humm seems simple but no in fact it's not so simple ;)

So I've managed to make it working with apache-websocket plus mod_websocket_mosquitto

Also, besides iptables considerations (open 1883/80/443 ports), I've had to allow httpd to connect to network, as I have selinux enabled centos :

[ user@host ] setsebool -P httpd_can_network_connect 1

The final solution (mod_websocket_mosquitto) was found on Digits Domotica Blog

Pages