Friday, July 13, 2018

Create ssl certificate for undercloud

If you do not have a trusted CA signed certificate file, you can alternatively generate a self-signed certificate file using the following command:
openssl genrsa -out privkey.pem 2048
The next command will prompt for some identification details. Most of these don’t matter, but make sure the Common Name entered matches the value of undercloud_public_vip in undercloud.conf:
openssl req -new -x509 -key privkey.pem -out cacert.pem -days 365
Combine the two files into one for HAProxy to use. The order of the files in this command matters, so do not change it:
cat cacert.pem privkey.pem > undercloud.pem

Openstack TripleO Installation with Ceph and HA

Create 10 vm with 2 NIC:
1 Director Node: 2 CPU, 8G RAM, 40G Disk
3 Controller Node: 4 CPU, 32G RAM, 100G Disk
3 Compute Node: 4 CPU, 16G RAM, 100G Disk
3 Ceph Node: 4 CPU, 16G RAM, 60G Disk and 100G Disk
Network Layout:


  • 1Undercloud Installation
    • 1.1Create ssl certificate:
    • 1.2Download images
  • 2Register Nodes
  • 3Introspect Nodes
  • 4Tagging Nodes
  • 5Defining the Root Disk for Ceph Storage Nodes
  • 6Enabling Ceph Storage in the Overcloud
  • 7Formatting Ceph Storage Node Disks to GPT
  • 8Delpoy Nodes
  • 9Sources

Undercloud Installation

sudo yum install -y
sudo -E tripleo-repos -b newton current ceph
sudo yum install -y python-tripleoclient
sudo yum install -y ceph-ansible
cp /usr/share/instack-undercloud/undercloud.conf.sample ~/undercloud.conf

Tuesday, June 12, 2018

Heat Template to install wordpress

We can automatically install wordpress during instance creation on openstack. We only need to create the heat template and call it from orchestration menu. Below is the template example to install wordpress.

Create file WordPress.yaml

Monday, May 07, 2018

Prevent user from uploading malicious script to cpanel

To prevent user from uploading malicious script to cpanel, we need to scan the uploaded script from 2 most common ways the user upload the script.

  1. From cpanel upload interface.
  2. From ftp client.

First we need to install clamdscan and maldet, after that we need to configure modsec on whm and use pure-uploadscript binary to call clamdscan or maldet to scan the uploaded file. Here are the steps:

Create additional modsec config :

nano /etc/apache2/conf.d/modsec/modsec2.user.conf
SecRequestBodyAccess On
SecTmpSaveUploadedFiles On
SecRule FILES_TMPNAMES "@inspectFile /usr/local/maldetect/" \
Then restart apache.

Monday, August 17, 2015

Sample bash backup script

I made a backup script using bash, this script will backup html directory and skip some folder that do not need to be included. The backup process will be written in the log file, so that we know whether backup running successfully or not.

Variable that needed to be changed:
LOG: the log file.
TEMPDIR: temporary directory
BKPDIR: directory to save the back up files
WWWDIR: parent directory that needed to be backed up
BKP: list of directory that will be backed up
NOTBKP: list directory that will not be backed up

Second synchronized disk with drbd, corosync and pacemaker

A couple years a go, I configured a Fail Over system using DRBD, Corosync and Pacemaker with this tutorial. After years, I need more disk space on the system and also make it synchronize each other. So here I show the configuration example for that, if you want to adapt this configuration into your system, just make sure that you start the service in a correct order within crm console because if not, your Fail Over system will not work correctly.

Hacking TL-WA901N v2 AP into a Wifi Router

A TP-Link TL-WA901N/ND v2 is an Access Point, you can use this AP as Wifi client, WDS or standard repeater and bridge. I have this AP and had been used for repeater for several years without problems. But now, I want to use this AP as a wifi router because my existing router is quiet old and only support wireless G. Of course, there is no official firmware that can change this AP into wifi router. So, I decided to try an opensource firmware for this task.

Sunday, November 09, 2014

Video and Audio Streaming from A20SOM-EVB using crtmpserver

To stream video and audio from A20SOM-EVB, ffmpeg and crtmpserver are used. FFmpeg is used to encode the video and audio from A20SOM-EVB csi-camera and mic-in and then feed the stream to crtmpserver. Crtmpserver act as streaming server to provide rtmp stream for flash player, or rtsp stream for video player such as videolan.

If the csi camera is not yet functioning on the default debian distro, please follow my previous article how to enable csi-camera on A20SOM-EVB.

Friday, November 07, 2014

System info on MOD-LCD3310 for Olimex A20SOM-EVB

To show the system information and other information on MOD-LCD3310, we can use python library. I found the implementation from this project and made a little modification to show ip address of wifi interface.

I also add one function to automatically cut the text and write it on the next line.
The function is longstr(linenumber,string). Example :
lcd.longstr(0,"Welcome to Open Hardware world!")

Wednesday, October 01, 2014

enable csi camera on A20-SOM EVB

The csi camera on the debian image with kernel 3.4.79+ from olimex doesn't work. To make it works, we need to change the configuration in script.bin and /etc/modules. We must convert script.bin to script.fex using bin2fex tools to change the configuration.
olimex@a20-Lime2-SOM:~$ bin2fex script.bin script.fex
We will have script.fex file after that command. Open the file and change the value as below:
csi_used = 1
Convert back script.fex to script.bin.
olimex@a20-Lime2-SOM:~$ fex2bin script.fex script.bin
Add the following value in the /etc/modules file:
sun4i_csi0 i2c_addr=0x78 ccm="gt2005"
After that, we can reboot the board. Wait a couple second, and voila...the csi camera will now work.
But there is still error message from the kernel log as follow:
[CSI_ERR]input index invalid!
Nevertheless, the csi camera works fine, if someone know how to solve this error, please let me know.