Ir al contenido principal

Google compute engine autoinstall script

Lately I've been following several security blogs in order to be notified about the state of art of cryptography standards compliance in the browsers. One of them, Charles Engelke's Blog, published a series of posts about getting a Google SaaS up and running with its own SSL certificate. This series is composed of:
 - Let’s Encrypt on Google Compute Engine
 - Creating a Compute Engine Instance
 - Setting up Apache Web Server
 - Getting a Certificate from Let’s Encrypt

Since my last project, autoinstall, fits into this task quite good, I've decided to extend it to accomplish these goals:
 - Install and config a Tomcat server, in the default 80 and 443 ports, with its manager prepared for remote maven deploys.
 - Install and config a daemon, which it's given the task of renewing the let's encrypt SSL cert when it's necessary.
 - Install mysql 5.5 database.
 - Install other tools: ftpd, nmap, tree, etc.

So, the steps to get this running are:
 - Buy a domain, or obtain one, but be sure that it allows you to create A records
 - Go to https://console.cloud.google.com/compute, sign up if you haven't done it yet and setup all the payment details. At the time of this writing you can get 1 year testing period.
 - Create a new VM instance, my configuration is Debian 8 with default settings and http/s allowed. I've further created a ssh keys to login to the machine directly through common ssh apps, but you can skip this. Please go to Charles Engelke's post for more info.
 - Once you have the new instance running, go to your DNS maintenance page and create a new A record that points to the public IP of the new fresh instance.
 - Login to the instance, and


debuti@alien:~$ ssh test.nubuza.com
The authenticity of host 'test.nubuza.com (130.211.193.122)' can't be established.
ECDSA key fingerprint is db:c4:6f:c2:27:5a:b2:10:2b:65:ea:92:20:1a:62:01.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'test.nubuza.com,130.211.193.122' (ECDSA) to the list of known hosts.

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.

debuti@test:~$ sudo su

root@test:/home/debuti# apt-get -y install git
Reading package lists... Done
Building dependency tree      
Reading state information... Done
...

root@test:/home/debuti# git clone https://github.com/debuti/autoinstall
Cloning into 'autoinstall'...
...

root@test:/home/debuti# cd autoinstall/
root@test:/home/debuti/autoinstall# ./src/autoinstall.sh res/repositories/cloud/compute-engine/compute-engine.config
./src/autoinstall.sh: line 30: bc: command not found
./src/autoinstall.sh: line 31: bc: command not found
Retrieving info:
/home/debuti/autoinstall/res/repositories/cloud/compute-engine/x86_64/debian/8/expect/latest/expect.sh preinstall
/home/debuti/autoinstall/res/repositories/cloud/compute-engine/x86_64/debian/8/vsftpd/latest/vsftpd.sh preinstall
/home/debuti/autoinstall/res/repositories/cloud/compute-engine/x86_64/debian/8/vsftpd/latest/vsftpd.sh preconfigure
/home/debuti/autoinstall/res/repositories/cloud/compute-engine/x86_64/debian/8/openssl/latest/openssl.sh preinstall
/home/debuti/autoinstall/res/repositories/cloud/compute-engine/x86_64/debian/8/authbind/latest/authbind.sh preinstall
/home/debuti/autoinstall/res/repositories/cloud/compute-engine/x86_64/debian/8/tomcat/8/tomcat.sh preinstall
/home/debuti/autoinstall/res/repositories/cloud/compute-engine/x86_64/debian/8/tomcat/8/tomcat.sh preconfigure
Tomcat Manager user: admin
Tomcat Manager password: ********
HTTPS cert pwd: ********

/home/debuti/autoinstall/res/repositories/cloud/compute-engine/x86_64/debian/8/certbot/latest/certbot.sh preinstall
/home/debuti/autoinstall/res/repositories/cloud/compute-engine/x86_64/debian/8/certbot/latest/certbot.sh preconfigure
Hostname (just whole dns name, without http and shit): test.nubuza.com
Password for tomcat keystore: ********

/home/debuti/autoinstall/res/repositories/cloud/compute-engine/x86_64/debian/8/mysql/5.5/mysql.sh preinstall
Mysql root passwd: ********

/home/debuti/autoinstall/res/repositories/cloud/compute-engine/x86_64/debian/8/vim/latest/vim.sh preinstall
/home/debuti/autoinstall/res/repositories/cloud/compute-engine/x86_64/debian/8/tree/latest/tree.sh preinstall
/home/debuti/autoinstall/res/repositories/cloud/compute-engine/x86_64/debian/8/ncdu/latest/ncdu.sh preinstall
/home/debuti/autoinstall/res/repositories/cloud/compute-engine/x86_64/debian/8/nmap/latest/nmap.sh preinstall
/home/debuti/autoinstall/res/repositories/cloud/compute-engine/x86_64/debian/8/screen/latest/screen.sh preinstall
/home/debuti/autoinstall/res/repositories/cloud/compute-engine/x86_64/debian/8/crontab/latest/crontab.sh preconfigure
Applying actions:
System:compute-engine Arq:x86_64 OS:debian OSver:8 App:expect v:latest Action:install[OK]
System:compute-engine Arq:x86_64 OS:debian OSver:8 App:vsftpd v:latest Action:install[OK]
System:compute-engine Arq:x86_64 OS:debian OSver:8 App:vsftpd v:latest Action:configure[OK]
System:compute-engine Arq:x86_64 OS:debian OSver:8 App:openssl v:latest Action:install[FAIL]Unknown error: 236
System:compute-engine Arq:x86_64 OS:debian OSver:8 App:authbind v:latest Action:install[OK]
System:compute-engine Arq:x86_64 OS:debian OSver:8 App:tomcat v:8 Action:install[OK]
System:compute-engine Arq:x86_64 OS:debian OSver:8 App:tomcat v:8 Action:configure[OK]
System:compute-engine Arq:x86_64 OS:debian OSver:8 App:certbot v:latest Action:install[OK]
System:compute-engine Arq:x86_64 OS:debian OSver:8 App:certbot v:latest Action:configure[OK]
System:compute-engine Arq:x86_64 OS:debian OSver:8 App:mysql v:5.5 Action:install[OK]
System:compute-engine Arq:x86_64 OS:debian OSver:8 App:vim v:latest Action:install[FAIL]Unknown error: 236
System:compute-engine Arq:x86_64 OS:debian OSver:8 App:tree v:latest Action:install[OK]
System:compute-engine Arq:x86_64 OS:debian OSver:8 App:ncdu v:latest Action:install[OK]
System:compute-engine Arq:x86_64 OS:debian OSver:8 App:nmap v:latest Action:install[OK]
System:compute-engine Arq:x86_64 OS:debian OSver:8 App:screen v:latest Action:install[FAIL]Unknown error: 236
System:compute-engine Arq:x86_64 OS:debian OSver:8 App:crontab v:latest Action:configure[OK]

root@test:/home/debuti/autoinstall#


There you have it, try to access your instance with http and https protocols, and test its SSL config with SSL Labs SSL Server Test. If you wish to improve autoinstall, or want to add another standard system, just make a pull request.

Till the next one!

Comentarios

Entradas populares de este blog

Ahi va la segunda ventanilla rota, puto megane cc

Era cuestion de tiempo viendo la calidad de los componentes que monta Renault. Esta vez ha sido la ventanilla trasera el pasajero, asique he tenido que volver a investigar como arreglarla. Ahi va el procedimiento, intentare narrarlo bien porque no pude sacar fotos ya que estaba muy oscuro.
Lo primero y mas importante de todo es NO ACCIONAR LA VENTANILLA DESPUES DE QUE SE SEPA QUE SE HA ROTO, ya que lo unico que se consigue es liarla mas, pues funcionan con sistemas de cables tensos y cuando pierden la tension porque se ha roto una pieza o lo que sea, los cables se empiezan a enrrollar mal y se rompen mas, es decir, una averia de 10 euros se convierte en la de 300. Y no estamos para gastos.
Para empezar hay que intentar no maximizar el problema, asique lo que yo hice fue desconectar los botones de las ventanillas en la puerta del conductor, simplemente levantando el panel con un destornillador plano por la parte de delante, y en el panel de freno de mano, abriendo la guantera y tirando d…

Arreglando el elevalunas del megane II CC

Os voy a poner en antecedentes.

Nazco, crezco y el otro dia me meto en mi coche y al abrir la ventanilla suena un pedazo-de-ostia de mucho cuidado dentro de la puerta y le doy a subir y sube a trompicones, asique nada, me armé de valor y me puse a desmontar la puerta. Esto se hace siguiendo las instrucciones del hilo del foro meganecc que cuenta como cambiar el receptor de rf de la maneta del coche para la version manos libres, pero voy a contarlo un poco de palabra.