Docker Image for Azure CLI and Azure Powershell

If you are a MAC or Linux user like I am and you like to manage your azure environment with azure-cli or azure-powershell you can use the following docker Image: cvugrinec/ubuntu-azure-powershellandcli:latest

Just type the following:

docker run –it  cvugrinec/ubuntu-azure-powershellandcli /bin/sh

Please note that for azure-powershell only ARM mode is supported. Azure cli supports ASM and ARM mode.

Setup VPN server and client on MACOS

You like to access your home network from outside your network. For example you are on holiday or at work, via Internet access you like to access your home network to view the WIFI IP camera at your house or just access some files on your server at home.

If you don’t like your network to be accessible for the whole internet you can use the same technology that some companies use; a VPN. A Virtual Private Network (VPN) makes your network available through another (slightly bigger) network…in our case: the internet 🙂

In order to establish this you need to do the following:

  • Setup a VPN server
  • Make your VPN server available through your router or cable modem
  • Test this with your VPN client, you need to configure this as well

I have the following stuff and this article is based on this equipment:

  • IMAC (running Yosemite 10.10.3)
  • MAC AIRPORT EXTREME Router
  • Cable Modem provided by Internet provider (davolink)
  • Iphone 6 (needed for external internet connection) will be needed in order to test the client (my setup (and probably yours too) will not allow external access through your cable modem within the same connection…therefore you need to test your client with another connection)

I am providing this information and I am aware that this could be dangerous for evil-do-ers…but I trust in the goodness of people and that sharing this information would do more good than bad:

Schermafbeelding 2015 07 05 om 23 12 27 Setup VPN MACOS server

Your MAC comes default with all the VPN server stuff installed. There are many VPN servers available from the app store, but if you don’t mind executing some commands within your terminal to configure your built-in VPN server you don’t need to buy stuff. You can configure 2 VPN methods, PPTP or L2TP…you can configure them both, but when connecting you need to choose one of them.

In my network the IMAC with IP 10.0.1.10 (Comp1) will be configured as VPN server: On Comp1, open a terminal and execute the following command:

Create shared key (needed for L2PT) and add to keychain sudo security add-generic-password -a com.apple.ppp.l2tp -s com.apple.net.racoon -T /usr/sbin/racoon -p “SHARED-SECRET-PHRASE” /Library/Keychains/System.keychain Configure the builtin VPND service

  • chown root:wheel /Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist
  • chmod 644 /Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist
  • vi /Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist
  • configure lines 19-20, the OfferedServersAddress
  • configure lines 29-30, the DestAddressRanges
  • create a LaunchD file (will start automatically after reboot)
  • vi /Library/LaunchDaemons/com.apple.ppp.l2tp.plist
  • chown root:wheel /Library/LaunchDaemons/com.apple.ppp.l2tp.plist
  • chmod 644 /Library/LaunchDaemons/com.apple.ppp.l2tp.plist
  • enter the following contents:  
<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd“>
<plist version=”1.0″>
<dict>
<key>Label</key>
<string>com.apple.ppp.l2tp</string>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/vpnd</string>
<string>-x</string>
<string>-i</string>
<string>com.apple.ppp.l2tp</string>
</array>
<key>OnDemand</key>
<false/>
</dict>
</plist>
  • Start the service manually: sudo launchctl load -w /Library/LaunchDaemons/com.apple.ppp.l2tp.plist 

I used the following (excellent) blog as source: http://jonsview.com/how-to-setup-os-x-10-9-as-a-l2tp-vpn-server-without-apples-server-app

After running this, when you do an netstat -an, you should be listening to port 1701 in case of L2TP or 1723 in case of PPTP. If you are not then please check if the VPN Daemon is running, otherwise start it with: vpnd

Note: When you have configured your VPN server you can test it directly within your WIFI network (so not yet from outside). At least you know if your vpn server is working… My comp1 , has IP address 10.0.1.10, so when I do the following command: nmap 10.0.1.10 , I should see at least port 1723 listening (for PPTP) or 1701 (for L2TP)

Please note the following ports:

  • UDP port 500 for ISAKMP/ IKE
  • UDP 1701 for L2TP
  • UDP 4500 for IPSEC NAT Traversal (had to wiki this one 🙂
  • TCP 1723 for PPTP

Configure (cable modem) router 

First determine what your external IP address is, This is the address your network will be accessible from, you can find this out by navigating to:

http://whatismyipaddress.com/  or look in the configuration of your router and lookup the value of the WAP IP ADDRESS element

Now configure your cable modem router, in my case I go to the following URL : http://192.168.1.1

There are 2 ways (at least on my cable modem) to make your network accessible…via NAT PORT Forwarding, you will see the following screen:

 

Schermafbeelding 2015 07 05 om 23 51 48

Here you configure your port forwarding per PORT (see overview above, for e.g. port 1723) how to forward it to the next host in your network…in my case 192.168.1.6 (see overview of landscape above).

As I am a lazy person…I configure a DMZ host

Schermafbeelding 2015 07 05 om 23 55 54

this means that all ports will be forwarded to the host defined in the DMZ host section…in my case 192.168.1.6

Configure internal wifi router

As I am the proud owner of an airport extreme, I can configure this device with the airport-configuration utility:

Schermafbeelding 2015 07 06 om 00 03 00

Select the airport extreme (the big fat one on top)…the other devices are just wifi extenders, they are not within the scope of this article

Configuring the airport extreme, go to the NETWORK tab:

Schermafbeelding 2015 07 06 om 00 05 41

Here you configure the ports mentioned earlier in the article, import field is the private IP-address field…this is the IP adress of the VPN server in your network… in my case is this comp1: 10.0.1.10

Schermafbeelding 2015 07 06 om 00 08 55

please note that you see DHCP and NAP on the Router Modus…this is the reason why I have a 192.168.1.x range from my cable modem…this one creates an own internal network within the 10.0.1.x range

Configure and test with VPN client

On your Iphone, go to Configuration —> General —> VPN…configure your external IP adres, your username and password of your IMAC and configure the shared key (in case of choosing the L2TP method)…the IP address I use is: 87.212.242.223…remember test this on an external connection (not within your wifi connection). In the APP store I downloaded FileBrowser…a nice tool to access services and files in your network.

If you have trouble connecting, please also check your firewall rules on your IMAC.

Connect with Virtual box to sshd of your macos

Ok this is the situation,

you own a beautifull macbook and you like to do some soa suite or OSB development.

On the oracle site you find a beautifull VM image which runs on the Virtual Box app from Oracle.

This image contains everything you need…the soa suite, the database, Enterprise Manager, RCU items all filled,jdeveloper….you might even consider installing OSB in your image later on.

Within a jiffie you download the image and have everything up and running….but then you like to access files from your MAC.

Virtual Box provides tooling to mount local folders ….or access USB disks….but you will see that it is a hassle to install to be able to mount your disk from the OS you are running the Virtual box on…As per default you need to install packages on the VM in order to mount NTFS or in my case the HFS filesystem (MAC)

What worked for me, was just enabling the SSHD from Mac and connecting from the VM to the MAC, these are the steps to get it done (after that you can copy file with scp )

– in your macbook configure sshd, go to vi /etc/sshd_config

– uncomment the following lines:

Port 22

AddressFamily any

ListenAddress 0.0.0.0

ListenAddress ::

– restart sshd

now you need to know which ip address to connect to from your VM, find out by typing

ifconfig -a

you might get an interface that looks something like this (using NAT option in virtual box)

vmnet1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

        ether 00:50:56:c0:00:01

        inet 172.16.70.1 netmask 0xffffff00 broadcast 172.16.70.255

This means that from your virtual box you will be able to connect to your os with

username@172.16.70.1

NOTE: in mac if you like to use the .bashrc function like you are used in your linux os…use the .profile file in your home folder

…..I will post another blog how to connect to your VM via an ssh (the other way around) very soon…

best of luck

Chris

Backing up or synchronizing your DATA at home…how I do it….

CASE

my situation at home….I have the following machines

  • OFFICE-PENGUIN; a linux desktop, this contains my office stuff…invoices and such..
  • PORTABLE-PENGUIN; a linux laptop, this is my machine for development/ education whatever
  • FRUIT-PENGIUN; a Apple Imac, this is in my living room…and is used as a media centre (music/tv/ movies)….and for the internet, but also contains valuable data
  • one Windows machine, this is used for playing games for the kids
  • other connected devices (PS3,Xbox, PsP, Skype Telephone,Popcorn hour C200, Iphone)…I know it’s a lot 🙂

Problem

The 1st three machines (the PENGIUNS) contain data that I like to backup but also data I like to share and synchronize amongst the 3 devices.
In other words there are directories on the individual devices I like to backup on a separate device….BACKUP
There are directories on the individual machines that suppose to be the same on all devices including the backup device….SYNCHRONIZE

Solution

In order to achieve this… I use the following:

  • a WIFI router that is used as a router for my local network and that contains a USB port as well
  • an USB harddisk that is connected to this WIFI router, making the disk available for all the machines …. ( in my case the WIFI router is an Apple Airport Extreme)
  • Linux/ Unix software for backing up…. I love rsync so I use this…this is ideal in my case..you can configure it to handle updates, but also give preferences to sources
  • Linux/ Unix software for file synchronization, I used UNISON for that…a wonderfull tool that does excellent synchronization between the clients and the USB drive…For the mac you can download File Sync…it’s freeware

1st I need to mount the USB disk (which is connected to the WIFI router) from my client:

sudo mount_afp ‘afp://username:apassword@hostname_of_wifi_router/directoryOfShare’ /mnt/BACKUP_DSK/

backup

once my backup device is available I could use the following command to backup the directories of one of my clients:

rsync -cavz /home/chris/.evolution/ /mnt/BACKUP_DSK/office-penguin/linux/.evolution

this command will backup all my evolution mails in my home directory to a directory on the USB disk…do a man rsync to see all the options, and see what they mean. Ps if you don’t have rsync installed on your ubuntu/ Debian machine…just do a sudo apt-get install rsync

synchronize

On all my PENGUINS I have a /WORK directory I like to use on all machines…I use unison for that, with the following command:

unison -ui=text -auto=true -prefer=/WORK/ /WORK/ /mnt/BACKUP_DSK/WORK/ -perms=0 -batch

This tells me to run unison in text mode (is easier for scripting/or cronjobbing), auto tells it to use the defaults defined in my home directory under unison.pref. In case of a conflict of versions (between the file on the remote disk and the local file) I give preference to the local file, as this is probably the file which has been worked on the last time. Then the directory on the Remote disk is given… the perms option I tell to ignore…and the batch option disables the last manual confirmation step…also used for scripting reasons, but should only be used if you are certain that the command that has been excecuted does want you want. Also for this, use the unison man pages for more info.

Conclusion

Backing up and synchronizing are 2 different concepts that are ofter mistaken. Each of them have different behavior and potential issues. Rsync is a wonderful tool for backing up purposes…it’s important to understand the concept of the parameters you can use but also understand that the behavior is more like a copy command…from SOURCE to DESTINATION. I do everything local as my USB backup disk is mounted as a local disk, but rsync also supports this on remote hosts…
Synchronizing files is more the behavior of a version control system like CVS or Subversion. There is a repository of files which needs to be synced amongst the potential clients. Unison contains loads of intelligentsia for avoiding potential conflicts, you can tweak the behavior of your sync almost any way you like. Of course unison is not the same as a version control system as it doesn’t keep track of versions…