Feb

Dockerfile

Posted by: admin in Mẹo vặt của hiếu râu

build the Dockerfile with :

docker build -f Dockerfile ./
docker login
docker tag c2740dd0aeea hieuvpn/lap:5
docker push hieuvpn/lap:5
docker run -ti -p 80:80 –rm c2740dd0aeea

==========Dockerfile==========

FROM jdeathe/centos-ssh
RUN yum -y install httpd php mod_php
COPY ./index.php /var/www/html/index.php
RUN touch /var/www/html/counter
RUN chmod 666 /var/www/html/counter
RUN echo "KeepAlive Off" >> /etc/httpd/conf/httpd.conf
RUN mkdir -p /_100MB/test/counter
RUN chmod 777 /_100MB/test/counter
EXPOSE 80
CMD ["sh","-c","/usr/sbin/httpd ; sleep 5; tail -f /var/log/httpd/access_log"]

=========index.php=============


<?php $refresh=$_GET['refresh']?$_GET['refresh']:2; ?>
<head>
 <meta http-equiv="refresh" content="<?php echo $refresh; ?>">
</head>
<?php
$ip = explode('.',$_SERVER["SERVER_ADDR"]);
echo "<div style=\"width: 20%; background-color:#".dechex($ip[1]%16*16*256*256+$ip[2]%16*16*256+$ip[3]%8*32)."\">";
echo ($ip[1] % 16 * 16)." ".($ip[2]%16*16)." ".($ip[3]%8*32)."<BR>";
echo "</div>";

echo "<H3> server IP = ". $_SERVER["SERVER_ADDR"]." hostname: ".getenv("HOSTNAME");
echo "<H3> remote IP = ". $_SERVER["REMOTE_ADDR"];
echo "<HR>".date("Y-m-d H:i:s");
$i = file_get_contents("./counter");
$i = $i * 1;
$i++;
file_put_contents("./counter",$i);
file_put_contents("/_100MB/test/counter/".getenv("HOSTNAME"),$i);
echo "<HR>Counter: $i <HR>";
exec('for i in `ls /_100MB/test/counter/`; do echo -n $i" : "; cat /_100MB/test/counter/$i; echo ; done;',$out);
echo implode("<BR>",$out);
if ($_GET['info']) phpinfo();

Comments Off

Feb

kubectl

Posted by: admin in Mẹo vặt của hiếu râu

Create a deployment and expose service port

kubectl create deployment json-server --image=hieuvpn/lap:8 -r 2 kubectl expose deployment json-server --type=LoadBalancer --name=json-server --port=8092

#allow pods run on master-node
kubectl taint nodes --all node-role.kubernetes.io/master-
kubectl taint nodes --all  node-role.kubernetes.io/control-plane-

#kubectl taint node master-node node-role.kubernetes.io/master=:NoSchedule

expose port 8080

‘ name: json-server
‘ ports:
‘ - containerPort: 80
‘ protocol: TCP
‘ resources: {}

Limit resouce

‘ resources:
‘ limits:
‘ cpu: 200m
‘ memory: 300M
‘ requests:
‘ cpu: 50m
‘ memory: 200M

Volume mount

‘ resources: {}
‘ volumeMounts:
‘ - mountPath: /data
‘ name: jsrv
‘ subPath: json-server

‘ terminationGracePeriodSeconds: 30
‘ volumes:
‘ - name: jsrv
‘ persistentVolumeClaim:
‘ claimName: json-server

Liveness Probe

‘ resources: {}
‘ livenessProbe:
‘ failureThreshold: 3
‘ httpGet:
‘ path: /livez
‘ port: https
‘ scheme: HTTPS
‘ periodSeconds: 10
‘ successThreshold: 1
‘ timeoutSeconds: 1
‘ readinessProbe:
‘ failureThreshold: 3
‘ exec:
‘ command:
‘ - /bin/bash
‘ - c
‘ - /ready.sh

‘ initialDelaySeconds: 20
‘ periodSeconds: 10
‘ successThreshold: 1
‘ timeoutSeconds: 1

Public IP

clusterIPs:
- 10.110.15.54
externalIPs:
- 69.30.241.22

Longhorn

curl -sSfL https://raw.githubusercontent.com/longhorn/longhorn/v1.4.0/scripts/environment_check.sh | bash
#kernel version (uname -r) must be the same on all nodes

kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/v1.4.0/deploy/prerequisite/longhorn-iscsi-installation.yaml
kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/v1.4.0/deploy/prerequisite/longhorn-nfs-installation.yaml

kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/v1.4.0/deploy/longhorn.yaml
web portal = service longhorn-frontend
Create Volume, PV/PVC, mount /dev/sdb /mnt/longhorn
MetricServer

wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml -O metrics-server-components.yaml

wget  https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/high-availability.yaml -O metrics-server-ha.yaml

kubectl apply -f  metrics-server-ha.yaml

edit the deployment, add - --kubelet-insecure-tls
Execute pod command
kubectl exec mysql-set-0 -- sh -c "mysql --defaults-extra-file=/etc/mysql/conf.d/my.key <  /etc/mysql/conf.d/init.sql"
kubectl exec mysql-set-0 -i -- bash < mysql-set0.cmd

Restart Pod
kubectl delete pod  mysql-set-0
Restart Deployment
kubectl rollout restart deployment json-server



Docker rmi --prune

crictl -r /run/containerd/containerd.sock rmi --prune

docker system prune --volumes


Copy file from host to pods

kubectl cp /tmp/foo <some-namespace>/<some-pod>:/tmp/bar

Comments Off

Jan

gitlab CICD

Posted by: admin in Lăng nhăng lít nhít

.gitlab-ci.yml

stages:
  - build
  - deploy_to_cluster
  - rollback_on_failure
  - cleanup

variables:
  PIPELINE_ID: "pipeline_id"
  GIT_STRATEGY: clone
 
build:
  stage: build
  tags:
    - build
  only:
    - master
  script:
    - |
        echo "Build"
        sudo /bin/docker image build -t $CI_REGISTRY/jason/$CI_PROJECT_NAME/frontend_harry:$CI_PIPELINE_ID -f Dockerfile .
        sudo /bin/docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
        sudo /bin/docker push $CI_REGISTRY/jason/$CI_PROJECT_NAME/frontend_harry:$CI_PIPELINE_ID
        cat data/db.json > /home/gitlab-runner/db.json
        sudo /bin/docker kill json-server || echo "no json-server running"
        echo "restart json-server..."
        sudo /bin/docker run --rm -d -p 127.0.0.1:8091:80 -v /home/gitlab-runner/db.json:/data/db.json --name json-server clue/json-server

kubernetes_deploy:
  stage: deploy_to_cluster
  tags:
    - build
  only:
    - master
  timeout: 30m
  script:
    - |
        echo "Deploy revision $CI_PIPELINE_ID @ $CI_REGISTRY to Kubernetes cluster"
        echo "`date`" > build_time
        sudo /bin/kubectl get secret/regcred || sudo /bin/kubectl create secret docker-registry regcred --docker-server="$CI_REGISTRY" --docker-username="k8s_git_runner" --docker-password="$k8s_git_runner" --docker-email="harry@helpusdefend.com"
        sudo /bin/kubectl get service frontend-harry || sudo /bin/kubectl apply -f k8s/frontend_harry.svc.yaml
        sudo /bin/kubectl get deploy frontend-harry-app || sudo /bin/kubectl apply -f k8s/frontend_harry-app.yaml
        sudo /bin/kubectl set image deployment frontend-harry-app frontend-harry=$CI_REGISTRY/jason/$CI_PROJECT_NAME/frontend_harry:$CI_PIPELINE_ID --record
        echo "Deploy $CI_REGISTRY/jason/$CI_PROJECT_NAME/frontend_harry:$CI_PIPELINE_ID" > imagetag.txt
        sudo /bin/kubectl rollout history deploy frontend-harry-app
        sudo /bin/kubectl rollout status --timeout=5m deploy frontend-harry-app

rollback_to_previous_version:
  stage: rollback_on_failure
  when: on_failure
  tags:
    - build
  only:
    - master
  script:
    - |
        echo "rollback to previous version"
        cat imagetag.txt && kubectl rollout undo deploy frontend-harry-app --to-revision=`sudo /bin/kubectl rollout history  deploy/frontend-harry-app | tail -n 3 | head -n 1 | cut -f 1 -d' '`
        
cleanup_build:
  stage: cleanup
  when: always
  tags:
    - build
  only:
    - master
  script:
    - |
        echo "cleanup"
        rm -f build_time
        rm -f imagetag.txt

frontend-harry.svc.yaml

apiVersion: v1
kind: Service
metadata:
  name: frontend-harry
  labels:
    app: frontend-harry
spec:
  type: LoadBalancer
  selector:
    app: frontend-harry
  ports:
    - port: 9080
      targetPort: 8000

frontend-harry-app.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: frontend-harry-app
  labels:
    app: frontend-harry
spec:
  replicas: 3
  selector:
    matchLabels:
      app: frontend-harry
  minReadySeconds: 5
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 1
    type: RollingUpdate      
  template:
    metadata:
      labels:
        app: frontend-harry
    spec:
      containers:
        - image: c..com:5050/jason/front-end-/frontend_harry:latest
          name: frontend-harry
          ports:
          - containerPort: 8000
      imagePullSecrets:
      - name: regcred

gitlab-runner ALL=(ALL) NOPASSWD: /bin/yum, /bin/docker, /bin/pip3, /bin/docker-composei, /bin/kubectl, /bin/k9s

wget https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.rpm.sh

sh script.rpm.sh

yum -y install gitlab-runner

gitlab menu -> /settings/reposistory/deploy-tokens/read_registry

squid.conf

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS #

# Example rule allowing access from your local networks.

# Adapt localnet in the ACL section to list your (internal) IP networks

# from where browsing should be allowed

# Squid normally listens to port 3128

http_port 80 accel defaultsite=46.17.175.144 vhost

cache_peer 10.109.76.54 parent 9080 0 no-query originserver name=harry_frontend

cache_peer 127.0.0.1 parent 8091 0 no-query originserver name=json_server

cache_peer 192.168.5.5 parent 8091 0 no-query originserver name=json_server2

cache_peer 10.100.43.53 parent 8888 0 no-query originserver name=anna_api

acl sites_harry_frontend dstdomain frontend.helpusdefend.org www.helpusdefend.org

acl sites_json_server dstdomain json-server.helpusdefend.org

acl sites_anna_api dstdomain anna.api.helpusdefend.org

cache_peer_access harry_frontend allow sites_harry_frontend

cache_peer_access json_server allow sites_json_server

cache_peer_access json_server2 allow sites_json_server

cache_peer_access anna_api allow sites_anna_api

http_access allow sites_harry_frontend

http_access allow sites_json_server

http_access allow sites_anna_api

http_access allow localnet

http_access allow localhost

# And finally deny all other access to this proxy

http_access deny all

# Squid normally listens to port 3128

#http_port 3128

Comments Off

Dec

OCR pytesseract and google OCR

Posted by: admin in Mẹo vặt của hiếu râu

27 yum install gcc openssl-devel bzip2-devel libffi-devel zlib-devel xz-devel

31 wget https://www.python.org/ftp/python/3.7.11/Python-3.7.11.tgz

32 tar -xvf Python-3.7.11.tgz

33 cd Python-3.7.11

34 ./configure –enable-optimizations

35 make altinstall

37 yum install -y https://repo.ius.io/ius-release-el7.rpm

38 yum install -y python36u python36u-libs python36u-devel python36u-pip

39 yum install epel-release

43 python3.7 –version

44 python3.7 -m pip

47 python3.7 -m ensurepip

49 pip3.7 install pytesseract

50 pip3.7 install tox

70 wget –no-check-certificate https://download.opensuse.org/repositories/home:/Alexander_Pozdnyakov/CentOS_7/x86_64/tesseract-4.1.3+git4271-3.1.x86_64.rpm

73 wget –no-check-certificate https://download.opensuse.org/repositories/home:/Alexander_Pozdnyakov/CentOS_7/noarch/tesseract-langpack-eng-4.00~git30-5.5.noarch.rpm

74 rpm -ivh tesseract-langpack-eng-4.00~git30-5.5.noarch.rpm

78 wget –no-check-certificate https://download.opensuse.org/repositories/home:/Alexander_Pozdnyakov/CentOS_7/noarch/tesseract-langpack-osd-4.00~git30-5.5.noarch.rpm

87 rpm –nodeps -ivh tesseract-langpack-osd-4.00~git30-5.5.noarch.rpm

88 rpm -ivh tesseract-4.1.3+git4271-3.1.x86_64.rpm

90 wget –no-check-certificate https://download.opensuse.org/repositories/home:/Alexander_Pozdnyakov/CentOS_7/x86_64/leptonica-1.76.0-2.5.x86_64.rpm

92 yum install libjpeg

94 yum install libtiff

96 yum install libwebp

97 rpm -ivh leptonica-1.76.0-2.5.x86_64.rpm

98 rpm -ivh tesseract-4.1.3+git4271-3.1.x86_64.rpm

[root@centos7-min OCR]# tox

ROOT: No tox.ini or setup.cfg or pyproject.toml found, assuming empty tox.ini at /root/OCR

py: OK (0.05 seconds)

congratulations

(0.15 seconds)

[root@centos7-min OCR]#

=====================

https://github.com/tesseract-ocr/tesseract

https://tesseract-ocr.github.io/tessdoc/Installation.html

https://download.opensuse.org/repositories/home:/Alexander_Pozdnyakov/CentOS_7/

# Import modules

from PIL import Image

import pytesseract

# Include tesseract executable in your path

#pytesseract.pytesseract.tesseract_cmd = r”./Tesseract-OCR/tesseract.exe”

pytesseract.pytesseract.tesseract_cmd = r”/usr/bin/tesseract”

# Create an image object of PIL library

image = Image.open(’example.jpg’)

# pass image into pytesseract module

# pytesseract is trained in many languages

image_to_text = pytesseract.image_to_string(image, lang=’eng’)

# Print the text

print(image_to_text)

=========== Dockerfile =================

FROM jdeathe/centos-ssh

RUN yum -y install httpd php mod_php
COPY ./index.php /var/www/html/index.php
RUN touch /var/www/html/counter
RUN chmod 666 /var/www/html/counter
RUN echo "KeepAlive Off" >> /etc/httpd/conf/httpd.conf
RUN mkdir -p /_100MB/facecrop
RUN chmod 777 /_100MB/facecrop
WORKDIR /opt
RUN yum install -y  gcc openssl-devel bzip2-devel libffi-devel zlib-devel xz-devel
RUN yum -y install wget
RUN cd /opt
RUN wget https://www.python.org/ftp/python/3.7.11/Python-3.7.11.tgz
RUN tar -xvf Python-3.7.11.tgz
RUN cd /opt/Python-3.7.11
WORKDIR /opt/Python-3.7.11
RUN chmod 755 configure
RUN ./configure -enable-optimizations
RUN make altinstall
#RUN yum install -y https://repo.ius.io/ius-release-el7.rpm
#RUN yum install -y python36u python36u-libs python36u-devel python36u-pip
#RUN yum install epel-release
RUN python3.7 -m ensurepip
RUN pip3.7 install pytesseract
RUN pip3.7 install tox
RUN wget --no-check-certificate https://download.opensuse.org/repositories/home:/Alexander_Pozdnyakov/CentOS_7/x86_64/tesseract-4.1.3+git4271-3.1.x86_64.rpm
RUN wget --no-check-certificate https://download.opensuse.org/repositories/home:/Alexander_Pozdnyakov/CentOS_7/noarch/tesseract-langpack-eng-4.00~git30-5.5.noarch.rpm
RUN rpm -ivh tesseract-langpack-eng-4.00~git30-5.5.noarch.rpm
RUN wget --no-check-certificate https://download.opensuse.org/repositories/home:/Alexander_Pozdnyakov/CentOS_7/noarch/tesseract-langpack-osd-4.00~git30-5.5.noarch.rpm
RUN rpm --nodeps -ivh tesseract-langpack-osd-4.00~git30-5.5.noarch.rpm
RUN wget --no-check-certificate https://download.opensuse.org/repositories/home:/Alexander_Pozdnyakov/CentOS_7/x86_64/leptonica-1.76.0-2.5.x86_64.rpm
RUN yum -y install libjpeg libtiff libwebp libpng
RUN rpm -ivh leptonica-1.76.0-2.5.x86_64.rpm
RUN rpm -ivh tesseract-4.1.3+git4271-3.1.x86_64.rpm
RUN yum -y install libglvnd-devel
RUN pip3.7 install opencv-python==4.6.0.66
WORKDIR /opt
COPY . /opt
EXPOSE 80
CMD ["sh","-c","python3.7 detect.py --image harry.jpg"]
#"/usr/sbin/httpd ; sleep 5; tail -f /var/log/httpd/access_log"]

Comments Off

Dec

AWS Lambda - Layer

Posted by: admin in Mẹo vặt của hiếu râu, python

mkdir lambda-layer

cd lambda-layer

cat requirements.txt

pgpy

docker run -v "$PWD":/var/task "lambci/lambda:build-python3.8" /bin/sh \

  -c "pip install -r requirements.txt -t python/lib/python3.8/site-packages/; exit"

zip -r -9 layer.zip python

AWS Lambda, create layer from zip file, linux_x86 python3.8

AWS Lambda, create function, add custom layer

https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html

https://docs.aws.amazon.com/lambda/latest/dg/python-package.html

import json, boto3,os, sys, uuid, pgpy

s3_client = boto3.client("s3")
S3_BUCKET = 'defend-ai-images'
S3_ENCRYPTED = 'defend-encrypted-images'
S3_PREFIX = 'my'

def lambda_handler(event, context):
    response = s3_client.list_objects_v2(
        Bucket=S3_BUCKET,)
    keyCount = response["KeyCount"]
    if keyCount==0:
        return keyCount
    s3_files = response["Contents"]

    pub_blob="""-----BEGIN PGP PUBLIC KEY BLOCK-----

xsFNBGOI6lMBEACYAJgGRJaIXz1XWimgsuCLwXV2l3aPYCIFv4dRg6deLKJH/bVW
R35eileDuA8e3ynvlsBHwiJL+l2gxDMUI03iL+DxXN7OqpR43Hxh/E8MyPHVsi19
OB6XDtkJ8LdFGAZqBP+E6tctw02nn7D4PoGdDa7LSDFnjivBXLQcT5omH+7ftbkI
cUTQWGg4dTHtSOIR8IvCm9r8oF4lDAjiwIIQn1NPTfYsYy+IS+nJ9uzUBCr9PCuK
6SJmnw+ikd+nuhl/ljJiWRL0JcJrKxk7W1UuoqVITmNsrtVDCjF0tKZEy/uIDrYH
9d9KMKcN0zR/dZZZrPVtl5cWg0lBkAplk800nx56z6MHQs0SDOI/bLssqeP0auml
rnTxFpCaQXSgFsE9AvjE8zX807gok7D4tpjFIWPA6Ns9W8wUoNbu2mgiJzYhZCQW
lqJ+N0FuJ1oTllyne+YVzWe/MydU6e9N6e1y6NkrKkqUHMG6b8igePoX3ug2z2MZ
XRnSMVkcq50+VV3c6ymBL8GtqNgYf7e3njfQicnGfniG1tE8iPcy8gcKOgjO8mZe
50eyWHRR1kFMWsbVthQByzPnkfAK4dCb7tcZ6SHruuU9iF+6fvKLxsERC9jsWIqm
8zJ1Q4ZsxL/NNXRaCED4DHWrjiAZBN+QTsluZQnah6rattXl0/CQJflVJwARAQAB
zTBIYXJyeSAoSGFycnlzIHRlc3Qga2V5KSA8aGFycnlAaGVscHVzZGVmZW5kLmNv
bT7CwYoEEwEIADQFAmOI6q0CGw4ECwkIBwUVCAkKCwUWAgMBAAIeARYhBBXleiAB
F1iZVTFWE9uksLIDVhvQAAoJENuksLIDVhvQ+GkQAIfDEYgvQMWRSWdJQ7LRAiHr
7OJY21CCJhUZdfJnNqVmcuK3n9n7m+qRpb8FjrKPgXjspGzUHbGpVnRurBOLRFFE
71V56xMmBzsR2Ku47pxoif3ZBZjOHE8DplMTP62uAcBjMaHpkHCjZh1FCzj7syEZ
khtO+Zhc6WCIZBzRPSoS7EBRG8ayxlox09PnDOnWNIanA/fHrY9RsGA36XToamQ+
0Kv8H2i+kfPVFxIWFAJea+Oaud1igzOATcu5NmYcF9Cc17ELy1JMYnxxoCZIAZs3
mLPhv+7BqWiflIuxx7hKPlJ1N4s7dsJNE+emMuXf/N9r8p9hOnCfscrW1qxsv+if
WekfuAmjs/E29pA1MVe3Rqrf65aQcjXPynRQbbIdVo0Ln9mkJL+6SkTV/Nl014YU
w33+Tuep7MFERRuBBGQ1RMgRqSd8T5f4DEnlwVkEvd5F2ZafjfWf01SZ2q5Dmowa
nS/MOtOTMYSCn3SlQyCMKDdbJ6pMe1GYWfPUIU2EEG/JtBuiCtjw1m/8EpJIoGo6
4DgxPjQEQR1Dqz0ZZ/fQii+F6EFrVGsEOBZgnMYod9m4ONxU1zDJAxvihb0gi0hm
rv+u4/VyE7nrsFxDMFN6lzQd6psSe5m++ENjzTNA/pN1B7HtLlTc/ioL6qaCMDg0
tRbz8aGnRHl9XWWIPPsW
=28Qw
-----END PGP PUBLIC KEY BLOCK-----
"""
    pubkey, _ = pgpy.PGPKey.from_blob(pub_blob)
    s3_jpgs = filter(lambda obj: obj['Key'].endswith('.jpg'), s3_files)
    s3 = boto3.resource("s3")
    for s3_file in s3_jpgs:
        file_content = s3_client.get_object(
            Bucket=S3_BUCKET, Key=s3_file["Key"])["Body"].read()
        message = pgpy.PGPMessage.new(file_content)
        encrypt_content = pubkey.encrypt(message)
        output_file_name=s3_file["Key"]
        s3.meta.client.put_object(Body=bytes(encrypt_content), Bucket=S3_ENCRYPTED, Key=output_file_name)
        s3.meta.client.delete_object(Bucket=S3_BUCKET, Key=s3_file["Key"])

    return keyCount

Comments Off

Dec

Python: Encrypt/Decrypt file with PGP

Posted by: admin in Mẹo vặt của hiếu râu, python

pip3 install pgpy

[root@master-node pgp]# cat keygen.py

from pgpy.constants import PubKeyAlgorithm, KeyFlags, HashAlgorithm, SymmetricKeyAlgorithm, CompressionAlgorithm

import pgpy

key = pgpy.PGPKey.new(PubKeyAlgorithm.RSAEncryptOrSign, 4096)

uid = pgpy.PGPUID.new(’Harry’, comment=’Harrys test key’, email=’harry@——.com’)

key.add_uid(uid, usage={KeyFlags.Sign, KeyFlags.EncryptCommunications, KeyFlags.EncryptStorage},

hashes=[HashAlgorithm.SHA256, HashAlgorithm.SHA384, HashAlgorithm.SHA512, HashAlgorithm.SHA224],

ciphers=[SymmetricKeyAlgorithm.AES256, SymmetricKeyAlgorithm.AES192, SymmetricKeyAlgorithm.AES128],

compression=[CompressionAlgorithm.ZLIB, CompressionAlgorithm.BZ2, CompressionAlgorithm.ZIP, CompressionAlgorithm.Uncompressed])

print(key)

print(key.pubkey)

==================================

[root@master-node pgp]# cat encrypt.py

import sys

import pgpy

pubkey, _ = pgpy.PGPKey.from_file(”pgpkey.pub”)

message = pgpy.PGPMessage.new(sys.argv[1], file=True)

encrypted_message = pubkey.encrypt(message)

fo=sys.argv[2]

f2=open(fo,”w”)

f2.write(str(encrypted_message))

f2.close()

=====================================

[root@master-node pgp]# cat decrypt.py

import sys

import pgpy

key, _ = pgpy.PGPKey.from_file(”pgpkey”)

#f1=open(sys.argv[1],”rb”)

#message=f1.read()

#f1.close()

message = pgpy.PGPMessage.from_file(sys.argv[1])

decrypted_message = key.decrypt(message).message

fo=sys.argv[2]

f2=open(fo,”wb”)

f2.write(bytes(decrypted_message))

f2.close()

=========================================

Examples — PGPy 0.6.0 documentation

Comments Off

Dec

Python: Encrypt/Decrypt with Public/Private RSA key

Posted by: admin in Mẹo vặt của hiếu râu, python

pip3 install pyopenssl

pip3 install cryptography

============================================

[root@master-node encryption]# cat keygen.py

from cryptography.hazmat.primitives.asymmetric import rsa

from cryptography.hazmat.primitives import serialization

# Generate the RSA private key

key = rsa.generate_private_key(

public_exponent=65537,

key_size=2048,

)

pem = key.private_bytes(

encoding=serialization.Encoding.PEM,

format=serialization.PrivateFormat.TraditionalOpenSSL,

encryption_algorithm=serialization.NoEncryption()

)

print(pem)

public_key = key.public_key()

pem = public_key.public_bytes(

encoding=serialization.Encoding.PEM,

format=serialization.PublicFormat.SubjectPublicKeyInfo

)

print(pem)

===========================================

[root@master-node encryption]# cat encrypt.py

from cryptography.hazmat.primitives import hashes

from cryptography.hazmat.primitives.asymmetric import rsa, padding

from cryptography.hazmat.primitives.serialization import load_pem_public_key

import sys

public_pem_data=b’—–BEGIN PUBLIC KEY—–\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ikdHKIUkRKKmxm5OMmH\nX8T2mx05ggDD7oEqZBd8×9lrzLOmADPoYT/qZGpFkXu6ys9IWlIqGp96qRsXQaRA\nO5EJziNdrCpMYGZFX5cxc8hnVh15h8DrvWj7pKoNmWkZhLiQ+vFsWLq3m41omQi/\ndhNMybPLsLGqS7EOO17z1VifSp33XOXLNZkrU3otItoqPPNq6nAXuINXZsPTdRY7\nk/ERmEXU2l6+GMKWnesRWm7txJSTgdpH8hjfoSZmJTHy7+uZqTdHC3PpCojZeIRw\ndgOEErYnKEHMQ6/4DV0a0tF5BzwXhrolSYkWmpt65pblbLQAzgR0KA91F8iJHp5Y\ncQIDAQAB\n—–END PUBLIC KEY—–\n’

key = load_pem_public_key(public_pem_data)

fi.open(sys.argv[1],’rb’)

message = fi.read()

fi.close()

ciphertext = key.encrypt(

message,

padding.OAEP(

mgf=padding.MGF1(algorithm=hashes.SHA256()),

algorithm=hashes.SHA256(),

label=None

)

fo=open(sys.argv[2],’wb’)

f.write(ciphertext)

f.close()

===========================================

[root@master-node encryption]# cat decrypt.py

from cryptography.hazmat.primitives.serialization import load_pem_private_key

from cryptography.hazmat.primitives import hashes

from cryptography.hazmat.primitives.asymmetric import rsa, padding

pem_data=b’—–BEGIN RSA PRIVATE KEY—–\nMIIEogIAdf8a1kupHcqgVHzcBlgBfRDBr\nEQyKr9JWXzLTwgbpft/7qvOkv4T0pOzhWBvKJaKvm1sY+4l+Z1g=\n—–END RSA PRIVATE KEY—–\n’

fi=open(sys.argv[1],’rb’)

ciphertext=fi.read()

fi.close()

key = load_pem_private_key(pem_data, password=None)

plaintext = key.decrypt(

ciphertext,

padding.OAEP(

mgf=padding.MGF1(algorithm=hashes.SHA256()),

algorithm=hashes.SHA256(),

label=None

)

print(plaintext)

fo=open(sys.argv[2],’wb’)

f.write(plaintext)

f.close()

==========================================

https://www.misterpki.com/python-public-private-key-encryption/

RSA — Cryptography 39.0.0.dev1 documentation

Comments Off

Oct

pv - Progress monitoring

Posted by: admin in Mẹo vặt của hiếu râu

To turn on the display bar, use the -p option.
To view the elapsed time, use the –timer option.
To turn on ETA timer which tries to guess how long it will take before completion of an operation, use the –eta option. The guess is based on previous transfer rates and the total data size.
To turn on a rate counter use the –rate option.
To display the total amount of data transferred so far, use the –bytes option.
To display progress inform of integer percentage instead of visual indication, use the -n option. This can be good when using pv with the dialog command to show progress in a dialog box.

copy file

# pv source > /tmp/dest

zip a file

#pv /var/log/syslog | zip > syslog.zip
tar dir
# tar -czf - ./Downloads/ | (pv -p --timer --rate --bytes > backup.tgz)
tar with dialog
# tar -czf - ./Documents/ | (pv -n > backup.tgz) 2>&1 | dialog --gauge "Progress" 10 70

Comments Off

Aug

iSCSI targetcli

Posted by: admin in Linux nông dân

#yum install targetcli
#targetcli
/> ls
o- / [...]
o- backstores [...]
| o- block [Storage Objects: 1]
| | o- dev_sdb [/dev/sdb (60.0GiB) write-thru activated]
| | o- alua [ALUA Groups: 1]
| | o- default_tg_pt_gp [ALUA state: Active/optimized]
| o- fileio [Storage Objects: 0]
| o- pscsi [Storage Objects: 0]
| o- ramdisk [Storage Objects: 0]
o- iscsi [Targets: 1]
| o- iqn.2003-01.org.linux-iscsi.iscsid.x8664:sn.bfc48a1cbef2 [TPGs: 1]
| o- tpg1 [no-gen-acls, no-auth]
| o- acls [ACLs: 1]
| | o- iqn.1998-01.com.vmware:3a4fc8a8-5206-a0e0-146c-500100030000-057c77a5 [Mapped LUNs: 1]
| | o- mapped_lun1 [lun1 block/dev_sdb (rw)]
| o- luns [LUNs: 1]
| | o- lun1 [block/dev_sdb (/dev/sdb) (default_tg_pt_gp)]
| o- portals [Portals: 1]
| o- 0.0.0.0:3260 [OK]
o- loopback [Targets: 0]
/>

To create a block backstore from the targetcli shell:

/> cd /backstores/block
/backstores/block> create name=LUN_1 dev=/dev/xvdb

To create a fileio backstore from the targetcli shell:

/> cd /backstores/fileio
/backstores/fileio> create name=LUN_3 /root/disk1.img 5G

To create an iSCSI target

/> cd /iscsi
/iscsi> create

cd tpg1/luns
tpg1/luns> create /backstores/block/LUN_1 lun1

ACLs
cd tpg1/acls
create iqn.1998-01.com.vmware:3a4fc8a8-5206-a0e0-146c-500100030000-057c77a5

/>saveconfig

Comments Off

Mar

Linux NFS

Posted by: admin in Mẹo vặt của hiếu râu

Server side

yum install nfs-utils
systemctl enable rpcbind
systemctl enable nfs-server
systemctl enable nfs-lock
systemctl enable nfs-idmap
systemctl start rpcbind
systemctl start nfs-server
systemctl start nfs-lock
systemctl start nfs-idmap


vi /etc/exports
/_ISOs  *(rw,sync,no_subtree_check,insecure)
mkdir -p /_ISOs

chmod -R 777 /_ISOs

exportfs -rav
exportfs -v
showmount -e


systemctl stop nfs-server
systemctl start nfs-server
systemctl status nfs-server
Client side

yum install nfs-utils
mkdir /_ISOs

mount -t nfs <serverIP>:/_ISOs /_ISOs/

Comments Off

Previous Entries Next Entries

HAOTU-LAINUC

Dockerfile

kubectl

gitlab CICD

OCR pytesseract and google OCR

AWS Lambda - Layer

Python: Encrypt/Decrypt file with PGP

Python: Encrypt/Decrypt with Public/Private RSA key

pv - Progress monitoring

iSCSI targetcli

Linux NFS

Categories

wndws days left

Recent Posts

Pages

Archives

Links

Meta