Sunday, September 29, 2019

Tip: NC to test Kubernetes DNS Port

Kube-DNS listens on port 53 UDP

UDP port 53:
nc -vzu 10.96.5.5 53

TCP port: 53:
nc -vz 10.96.5.5 53

Thursday, September 26, 2019

Tip: X-Forwarded-Proto in APEX


The auth scheme is configured to use https. It redirects to EMAIL_INSTANCE_URL if it's not https. Since https terminates at the LB, APEX thinks it has to do this redirect.
There are 2 ways to disable it.
One option is to set the use_secure_cookie_yn flag to N.

The other is to pass the information that we are using https to ORDS and APEX.
You can do that with the X-Forwarded-Proto header

https://webmasters.stackexchange.com/questions/97005/setting-x-forwarded-proto-under-apache-2-4

That should do the trick: RequestHeader set X-Forwarded-Proto "https"


Tip: Sql to create Sql to turn on autoextend for all datafiles

select
   'alter database datafile '||''''||file_name||''''||' autoextend on maxsize unlimited;'  from  dba_data_files;

Wednesday, September 18, 2019

Tip: Use Plink in Putty for Bastion Access

Symptom:

    When we first to set up plink in putty to bypass bastion.  We often get such error
  "incoming packet was garbled on decryption"

Solution:

   There are quite a few reasons for that.  One of reason is that on the first time. plink need users to consent if store key in cache or not.  As it is on proxy command, thus users can't input, thus we can get this  "incoming packet was garbled on decryption" which is nothing related
To fix this, we run below command to plink know, next time plink won't ask again.

$ plink opc@<bastion server> -nc <target host>:22
The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's ssh-ed25519 key fingerprint is:
ssh-ed25519 255 d7:56:12:9f:2a:ee:d2:55:24:5a:73:dc:a0:f2
If you trust this host, enter "y" to add the key to
PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without
adding the key to the cache, enter "n".
If you do not trust this host, press Return to abandon the
connection.
Store key in cache? (y/n) y

Tip: Create tls secret with key cert and ca cert files in Kubernetes

Requirement:

    We need to create tls secrets in Kubernetes for our oracle OCI balancer. Refer doc. However, the command only accepts key and cert files.

"kubectl create secret tls ssl-certificate-secret --key tls.key --cert tls.crt"

There is no option to add the CA certificate file here.

Solution:

    We need to combine CA certificate files with the cert file to form 1 cert file for Kubernetes. We simply copy the content of CA certificate files and append at the end of the cert file.