Friday, November 3, 2023

Plex Media Server Issue: "Failed to Load Preferences" - Solution

Plex Media Server is a popular media management platform, but like any software, it can encounter issues. One common problem users might face is the "Failed to load preferences" error. In this blog post, we'll explore this issue and provide a solution.

Issue Description:

When attempting to start the Plex Media Server, you might encounter the following error message:

Failed to load preferences at /var/lib/plexmediaserver/Library/Application Support/Plex Media Server

This error indicates a problem with loading preferences for Plex Media Server.


Step 1: Stop Plex Media Server

Before proceeding with the solution, stop the Plex Media Server. You can do this using the following command:

sudo systemctl stop plexmediaserver

Step 2: Rename Preferences Directory

The "Failed to load preferences" error often occurs due to a corrupted or misconfigured preferences directory. To resolve this issue, you can rename the existing preferences directory, and Plex Media Server will create a new one.

sudo mv /var/lib/plexmediaserver/Library/Application\ Support/Plex\ Media\ Server /var/lib/plexmediaserver/Library/Application\ Support/Plex\ Media\ Server.bak

This command renames the preferences directory to create a backup.

Step 3: Restart Plex Media Server

Now, start Plex Media Server again:

sudo systemctl start plexmediaserver

Step 4: Verify Operation

Check the status of Plex Media Server to ensure it's running without any errors:

sudo systemctl status plexmediaserver

If everything is working as expected, you should see Plex Media Server as "active (running)" in the status output.

Thursday, August 24, 2023

Generating SSL Certificates for Websites on Non-Standard Ports

Ensuring secure communication is essential for websites, even if they are not published on the default ports 80 or 443. This guide demonstrates how to obtain SSL certificates using Certbot when your website is hosted on a non-standard port. We'll walk through the steps using a generalized URL and domain name for clarity.


Before starting, make sure you have the following:
  • A server hosting your website is accessible via a specific port.
  • Domain name and DNS management access for the domain.

Step 1: Install Certbot

Begin by installing Certbot using the following commands

sudo dnf install epel-release -y sudo dnf install certbot -y

Step 2: Generate SSL Certificate

Generate an SSL certificate using Certbot's manual mode with DNS challenge. Replace with your actual domain name.

sudo certbot --manual --preferred-challenges dns certonly -d

Follow the prompts provided by Certbot. You'll be asked to add a specific DNS TXT record to your DNS configuration to prove domain ownership.

Step 3: Certificate Location

Upon successful completion, Certbot will provide a confirmation message and indicate the location where the certificate and key files are stored. These files will be required for your web server's SSL configuration plaintext

Certificate is saved at: /etc/letsencrypt/live/ 
Key is saved at: /etc/letsencrypt/live/

Step 4: Next Steps

The certificate obtained is not set to automatically renew. To renew it, repeat the same Certbot command before the certificate's expiration date.

Remember, you'll need to configure your web server to use the obtained SSL certificate. or else replace the old certificates with new certificates with same name.

Wednesday, August 16, 2023

Resolving File Update Issues in Nextcloud: Correcting Permissions and Indexing

Modern cloud storage solutions like Nextcloud offer seamless file synchronization and sharing capabilities, enhancing collaboration and accessibility. However, sometimes you might encounter issues where manually copied files fail to get updated or indexed. This blog post provides insights into tackling this problem and presents commands to correct file permissions and trigger file indexing in Nextcloud.

Understanding the Issue

When manually copying files into your Nextcloud directory, you might notice that these files don't seem to sync or get indexed properly. This discrepancy can often be attributed to incorrect permissions or a lack of indexing triggers within the Nextcloud environment.

Correcting Permissions

File permissions play a crucial role in ensuring that the Nextcloud server can access, modify, and index files appropriately. Incorrect permissions can lead to issues such as files not being recognized or processed by Nextcloud.

To rectify this, you can adjust the ownership of your Nextcloud directory using the chown command. The following command changes the ownership of the Nextcloud directory to the nginx user and group:
sudo chown nginx. -R /PATH TO THE NEXTCLOUD DIRECTORY/ABC/nextcloud
This ensures that the Nextcloud server has access to your files for indexing and synchronization. In case we are using an Apache server relevant user has to be added. 

Triggering File Indexing

Nextcloud relies on indexing to keep track of file changes and updates. If manually copied files aren't being indexed automatically, you can initiate the indexing process using the occ command-line tool.
Use the following command to run a full file scan and index all files in your Nextcloud installation:

sudo -u nginx /PATH TO THE NEXTCLOUD DIRECTORY/ABC/nextcloud/occ files:scan --all
This command runs the indexing process under the nginx user, ensuring that the permissions are correctly managed throughout the process.

Thursday, August 10, 2023

Building a Secure Nextcloud Deployment with NFS Backend and Nginx on CentOS 9 with SELinux

We will walk through the meticulous process of setting up a secure Nextcloud installation on your personal CentOS 9 server, utilizing NFS as a robust backend storage solution. Furthermore, we will ensure the integrity of your server environment by enabling SELinux and configuring Nginx for optimal performance.


This comprehensive guide will walk us through the meticulous process of setting up a secure Nextcloud installation on your personal CentOS 9 server, utilizing NFS as a robust backend storage solution. Furthermore, we will ensure the integrity of your server environment by enabling SELinux and configuring Nginx for optimal performance.


Before embarking on this endeavor, make sure you have the following prerequisites:

  • A server running CentOS 9.
  • Administrative access to the server.
  • Familiarity with Linux command-line operations.
  • A functional NFS server with shared storage.
  • Selinux Enabled 

Installing Nginx

Installing Nginx on CentOS 9 is a straightforward process. Before you begin, updating your system packages to ensure you're using the latest versions is good practice. Use the DNF package manager to install Nginx. After the installation, start the Nginx service and enable it to start automatically at the system boot
sudo dnf update
sudo dnf install nginx
Start and Enable Nginx:
sudo systemctl start nginx
sudo systemctl enable nginx

Configure Firewall, If you have the firewall enabled, you need to allow HTTP and HTTPS traffic through it.
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

Install MariaDB Server

Use the dnf package manager to install MariaDB. After installation, start the MariaDB service and enable it to start automatically on system boot. Start and Enable MariaDB after the installation. 
sudo dnf install mariadb-server
sudo systemctl start mariadb
sudo systemctl enable mariadb

Secure MariaDB Installation

MariaDB comes with a script to help you secure your installation. It will prompt you to set a root password, remove anonymous users, disallow root login remotely, and more.

sudo mysql_secure_installation
Follow the on-screen prompts to secure your MariaDB installation according to your preferences. Check MariaDB Status. Verify that MariaDB is running without any errors.
sudo systemctl status mariadb
Access MariaDB, You can now access the MariaDB command-line interface using the following command. Enter the root password you set during the secure installation.
sudo mysql -u root -p
That's it! You have successfully installed and secured MariaDB on your CentOS 9 server. You can now use MariaDB for your applications or databases.

CREATE USER 'nextclouduser'@'localhost' IDENTIFIED BY 'your_password';
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextclouduser'@'localhost';

Installing and configuring PHP

Install EPEL and Remi Repositories:

You're installing the EPEL and Remi repositories to get access to more recent versions of PHP and its extensions.
sudo dnf install -y
sudo dnf install -y

Reset PHP Module:

You're resetting the PHP module to ensure a clean installation.
dnf module reset PHP

Install PHP 7.4:

You're installing PHP 7.4 using the Remi repository.
dnf module install php:remi-7.4
dnf update

Install PHP Extensions:

You're installing various PHP extensions that are commonly used with Nextcloud and other web applications.
dnf install -y php php-gd php-mbstring php-intl php-pecl-apcu php-mysqlnd php-opcache php-json php-zip

Enable PHP-FPM:

You're enabling and starting the PHP-FPM service, which is used to serve PHP files through Nginx.
systemctl enable --now php-fpm

Additional Extensions:

You're installing more PHP extensions that can be useful for various purposes.
dnf install -y php-gd php-json php-curl php-mbstring php-intl php-xml php-zip php-pear php-soap php-bcmath php-gmp php-opcache php-imagick php-pecl-redis php-pecl-apcu

These commands set up PHP and its extensions, making your server ready to support applications like Nextcloud. After completing these steps, you should be closer to having a functional web environment for hosting your applications. Always ensure to follow official documentation and best practices when setting up your server.

Edit PHP-FPM Configuration:

You're editing the www.conf file to set the user and group for PHP-FPM.
vi /etc/php-fpm.d/www.conf

Inside the file, update the user and group settings to use nginx:
user = nginx
group = nginx

Set SELinux Boolean:

You're setting a SELinux boolean to allow PHP to execute memory-mapped shared libraries.
setsebool -P httpd_execmem 1

Enable and Restart Services:

You're enabling and starting the PHP-FPM service and restarting the Nginx service.
systemctl enable --now php-fpm.service
systemctl restart nginx.service

Create PHP Info File:

You're creating a PHP info file to check the PHP configuration.
vi /usr/share/nginx/html/info.php
Add the following content to the file:
<?php phpinfo(); ?>

Check PHP and FPM Status:

You're checking thestatus of the PHP-FPM service.
netstat -pl | grep php
systemctl status php-fpm

Update PHP Configuration:

You're editing the PHP configuration file to adjust some settings.
nano /etc/php.ini
Uncomment and/or modify the following lines:

Further, Adjust PHP-FPM Configuration:

You're modifying the www.conf file for PHP-FPM to fine-tune its settings.
nano /etc/php-fpm.d/www.conf 
user = nginx
group = nginx
Uncomment these lines by removing the ‘;’.
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp 
Follow the instructions you provided to set the user, group, environment variables, and process manager settings for PHP-FPM.

Edit OPCache Configuration:

You're editing the OPCache configuration file to optimize PHP performance.
nano /etc/php.d/10-opcache.ini
Uncomment and adjust values for various OPCache settings.

Downloading and Configuring NextCloud

Install wget, You're installing wget, which is a good idea for downloading files. Download and Extract Nextcloud, You're downloading and extracting the Nextcloud archive. Remember to adjust the version number in the URL to the latest version.

sudo dnf install wget
sudo dnf install unzip -y
unzip -d /usr/share/nginx/

Set Ownership

You're setting ownership of the Nextcloud files to the nginx user. This is needed for Nginx to have the appropriate permissions.

sudo chown -R nginx:nginx /usr/share/nginx/nextcloud

Adjust PHP Permissions

You're adjusting permissions for PHP directories. However, it seems like you're trying to adjust /var/lib/php paths. If this is related to your PHP configuration, ensure that these paths match your actual PHP setup.

sudo chgrp -R nginx /var/lib/php/{opcache,session,wsdlcache}

Create Nextcloud Data Directory

You're creating the data directory for Nextcloud. This is where Nextcloud will store user data and files.

sudo mkdir /usr/share/nginx/nextcloud/data

Installing and Mounting NFS

Install NFS Utilities:

You're installing the NFS utility package, which is necessary for working with NFS shares.
sudo dnf install nfs-utils

Show Available NFS Exports:

You're using the showmount command to list the available NFS exports on a remote server with the IP address
showmount -e ""
This will display a list of directories that are shared through NFS on the specified server.

Mount NFS Share:

You're mounting an NFS share from the remote server with the IP address The share path is /Volume2/Media, and you're mounting it to the local directory /etc/plex/media.
sudo mount /usr/share/nginx/nextcloud/data

This command mounts the remote NFS directory onto the local /etc/plex/media directory on your CentOS 9 server. The contents of the remote directory will now be accessible from the local directory.

Enabling the SELINUX

Change Ownership:

You're changing the ownership of the Nextcloud directory to the nginx user and group.
chown -R nginx:nginx /usr/share/nginx/nextcloud/

Configure SELinux Contexts:

You're using the semanage fcontext command to adjust SELinux file contexts for various Nextcloud directories and files. This allows SELinux to work with these files without causing permission issues.
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/nextcloud/data(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/nextcloud/config(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/nextcloud/apps(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/nextcloud/assets(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/nextcloud/.htaccess'
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/nextcloud/.user.ini'

Adjust Data Directory Permissions:

You're again changing ownership of the Nextcloud data directory.
chown -R nginx:nginx /usr/share/nginx/nextcloud/data

Restore SELinux Contexts:

You're using the restorecon command to restore SELinux file contexts for the Nextcloud directories and files you've adjusted.
restorecon -Rv '/usr/share/nginx/nextcloud/'

Set SELinux Boolean for NFS:

You're using the setsebool command to enable the httpd_use_nfs boolean. This allows the HTTP server (httpd) to access NFS shares.
setsebool -P httpd_use_nfs=1

Getting the SSL for Domain

Obtain SSL/TLS Certificate:

You're using Certbot in manual mode with the DNS challenge. This means Certbot will prompt you to add a specific DNS TXT record to your domain's DNS configuration as a way to verify that you have control over the domain.

sudo dnf install certbot -y 
sudo certbot --manual --preferred-challenges dns certonly -d

In this command, -d specifies the domain for which you want to obtain the certificate.
Following this command, Certbot will provide you with instructions on what DNS TXT record to add, where to add it, and how to proceed. This process might involve temporarily adding the TXT record to your DNS zone and then waiting for DNS propagation before Certbot can validate it.

Update the Nginx Config

cat /etc/nginx/sites-available/nextcloud.conf 
upstream php-handler {
    server unix:/run/php-fpm/www.sock;

server {
    listen 80;
    # enforce https
    return 301 https://$server_name:443$request_uri;

server {
    listen 8443 ssl http2;

    ssl_certificate /etc/letsencrypt/live/;
    ssl_certificate_key /etc/letsencrypt/live/;

    add_header Strict-Transport-Security “max-age=15552000" always;
    add_header Referrer-Policy "no-referrer" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Download-Options "noopen" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Permitted-Cross-Domain-Policies "none" always;
    add_header X-Robots-Tag "none" always;
    add_header X-XSS-Protection "1; mode=block" always;
    fastcgi_hide_header X-Powered-By;

    # Path to the root of your installation
    root /usr/share/nginx/nextcloud;

    access_log /var/log/nginx/nc_access_log;
    error_log /var/log/nginx/nc_error_log;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;

    rewrite ^/.well-known/webfinger /nextcloud/public.php?service=webfinger last;
    rewrite ^/.well-known/nodeinfo /nextcloud/public.php?service=nodeinfo last;
    location = /.well-known/carddav {
      return 301 $scheme://$host:$server_port/remote.php/dav;
    location = /.well-known/caldav {
      return 301 $scheme://$host:$server_port/remote.php/dav;

    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;

    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/ application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

    location / {
        rewrite ^ /index.php;

    location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
        deny all;
    location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;

    location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
        fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
        set $path_info $fastcgi_path_info;
        try_files $fastcgi_script_name =404;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
        fastcgi_param HTTPS on;
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;

    location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
        try_files $uri/ =404;
        index index.php;

    location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
        try_files $uri /index.php$request_uri;
        add_header Cache-Control "public, max-age=15778463";
        add_header Referrer-Policy "no-referrer" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-Download-Options "noopen" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-Permitted-Cross-Domain-Policies "none" always;
        add_header X-Robots-Tag "none" always;
        add_header X-XSS-Protection "1; mode=block" always;

        access_log off;

    location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
        try_files $uri /index.php$request_uri;
        access_log off;

Now restart the Nginx and Start Initializing the NextCloud

Wednesday, July 12, 2023

Demo Rancher - K8s Platform

Rancher is a complete software stack for teams to manage, deploy, and scale containers in production. It's built on Kubernetes and provides a streamlined interface for deploying, scaling, and managing Kubernetes clusters.

Here are the steps to deploy Rancher on a Linux machine:

Step 1: Provisioning a Linux Host

The requirements for the Linux Host are as follows: Any modern Linux distribution. Ubuntu 18.04 is commonly used for this purpose.
  • A minimum of 4GB RAM.
  • A minimum of 2 CPUs.

Step 2: Install Docker

You can install Docker on your Linux machine by following the official Docker installation documentation for your respective Linux distribution.

For Ubuntu, you can install Docker using the following commands:

sudo apt-get update sudo apt-get install apt-transport-https ca-certificates curl software-properties-common curl -fsSL | sudo apt-key add - sudo add-apt-repository "deb [arch=amd64] $(lsb_release -cs) stable" sudo apt-get update sudo apt-get install docker-ce

To verify that Docker is installed correctly, run the following command
sudo docker run hello-world

Step 3: Install Rancher

Run the following Docker command to install Rancher
sudo docker run -d --restart=unless-stopped -p 80:80 -p 443:443 --privileged rancher/rancher:latest
This will pull the latest Rancher server Docker image and start a container.

Step 4: Access Rancher

Rancher operates an HTTPS server on port 443 and HTTP on port 80 of the host machine. You can connect to Rancher using a web browser at the host's IP address or DNS name.

Step 5: Set the Admin Password and URL

The first time you access Rancher, you'll be prompted to set a password for the admin user, and then confirm the server URL.

Step 6: Creating a Kubernetes Cluster

From the Global view, navigate to Clusters and click on "Add Cluster". You will have a list of options to choose from for where to deploy your Kubernetes cluster. It could be on existing nodes, an infrastructure provider, or hosted Kubernetes providers.

After the selection, just follow the respective on-screen instructions to proceed with the cluster creation.

Step 7: Deploying Workloads

Once your cluster is active, you can start deploying workloads. This can be done from the 'Default' project within your cluster.

These steps should allow you to deploy Rancher on a Linux machine and manage other Kubernetes clusters. Note that Rancher's flexibility allows for many other configurations, which may vary based on your specific requirements.

Friday, April 14, 2023

Installing Brew in Mac

Homebrew is a free and open-source package manager for macOS that simplifies the process of installing, updating, and managing software packages on your Mac. It allows you to easily install and manage a wide range of software packages, libraries, and tools that are not included in macOS by default.
Homebrew uses a command-line interface to install packages and dependencies, which means that you can easily manage and customize your software installations using simple commands in the Terminal.
Some of the benefits of using Homebrew on your Mac include:
  • Easy installation of software packages and dependencies
  • Automatic updates of installed packages
  • Uninstallation of packages and dependencies
  • Ability to customize software installations with different options and versions
  • Access to a large and active community of developers who contribute to Homebrew's package repository
Following are commands to install the brew and add it to CLI.

xcode-select --install
/bin/bash -c "$(curl -fsSL" 
Following will be at the end of the installation, Copy and run that in the Mac CLI. 
  (echo; echo 'eval "$(/opt/homebrew/bin/brew shellenv)"') >> /Users/<Username>/.zprofile\n    eval "$(/opt/homebrew/bin/brew shellenv)"

xcode-select --install is a command that installs the command-line tools for Xcode on your Mac. Xcode is a development environment for macOS that provides tools for developing software for macOS, iOS, watchOS, and tvOS. The command-line tools for Xcode include a variety of tools and libraries that are necessary for building and compiling software on your Mac, even if you are not using Xcode itself.
Running xcode-select --install will open a dialog box that prompts you to install the command-line tools for Xcode. This may take a few minutes to complete, depending on your internet connection speed.

The command /bin/bash -c "$(curl -fsSL" installs Homebrew on your Mac. Homebrew is a package manager that allows you to easily install and manage software packages and libraries on your Mac.
The installation script for Homebrew will download and install the necessary files and dependencies for Homebrew, and will configure your system to use Homebrew as your default package manager.

The last command (echo; echo 'eval "$(/opt/homebrew/bin/brew shellenv)"') >> /Users/<Username>/.zprofile\n eval "$(/opt/homebrew/bin/brew shellenv)" adds the necessary configuration to your .zprofile file to ensure that Homebrew is properly configured on your system. This command adds a line to your .zprofile file that tells your terminal to evaluate the output of the brew shellenv command, which sets up your environment variables to use Homebrew. This ensures that when you open a new terminal session, your system is properly configured to use Homebrew.

Thursday, April 13, 2023

Troubleshooting Ansible and VMware: Resolving 'Failed to import PyVmomi library' Error

When working with Ansible and VMware, you may encounter an error message similar to the following:

msg: Failed to import the required Python library (PyVmomi) on <hostname>'s Python <path/to/python>. Please read the module documentation and install it in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter.

This error message indicates that Ansible is unable to import the required Python library PyVmomi when running a playbook. This library is required to interact with VMware virtualization products.

To resolve this issue, you should first ensure that the PyVmomi library is installed in the appropriate location. You can use pip to install the library:

pip install pyvmomi

Next, you should verify that Ansible is using the correct version of Python and pip. The error message may indicate that Ansible is using the wrong Python interpreter or version of pip. You can check which version of Python Ansible is using by running the ansible --version command and looking for the ansible_python_interpreter line in the output. If the interpreter is incorrect, you can set the correct interpreter path using the ansible_python_interpreter variable in your playbook or in your inventory file.
It's also important to ensure that you are using the correct version of pip to install packages. If you have multiple versions of Python installed, you may also have multiple versions of pip. You can check the version of pip you are using with the pip --version command. If you are using the wrong version of pip, you can switch to the correct version using the appropriate command for your operating system.

If the issue persists, you may need to uninstall any conflicting libraries or packages, such as pyvim, and try reinstalling PyVmomi to ensure that there are no conflicts or version mismatches.

By following these steps, you can resolve the Failed to import the required Python library error message and ensure that Ansible is using the correct Python interpreter and version of pip for installing packages.

Wednesday, April 12, 2023

Generalizing ubuntu for vmware

When you clone a virtual machine in VMware, the new machine is an exact copy of the original machine, including the network settings. This means that the new machine will have the same IP address, MAC address, and other network settings as the original machine. This can cause network conflicts and other issues, especially if you are running multiple clones of the same machine on the same network.
To avoid this issue, you need to ensure that each clone of the machine has a unique network configuration. One way to do this is to delete the machine-id file, which is a unique identifier for the machine. When the machine boots up, it generates a new machine-id based on its hardware configuration, which will result in a unique network configuration.

The command rm -rf /var/log/* removes all logs from the /var/log directory, which can help to free up disk space and reduce clutter. However, it is important to note that this command will permanently delete all log files, which can make troubleshooting more difficult if there are issues with the system.

To delete the value in the machine-id file, you can use the following command:

echo "" > /etc/machine-id

** Don't rm -rf the machine-id file, the system might get stuck at the start. 

This will clear the value in the file, effectively resetting the machine ID and generating a new ID on boot.

In addition to deleting the machine-id file, you may also want to clear the SSH keys and other sensitive information from the virtual machine. This can help to ensure that each clone of the machine is unique and secure.

Tuesday, April 11, 2023

Using Azure Lighthouse for Monitoring Other Tenant.

Azure Lighthouse is a service provided by Microsoft Azure that allows service providers to manage multiple customers’ Azure services from a single control plane. It provides a centralized portal to manage multiple Azure tenants, customers or subscriptions, giving the service provider a single view of all Azure resources across different customer environments. Azure Lighthouse provides several features including delegated resource management, multi-tenant management, and cross-tenant management, which help service providers to manage resources across their entire customer base in a secure and efficient manner. It simplifies and streamlines the management of Azure services, provides greater visibility into customers’ environments, and enables service providers to deliver better services to their customers.

In Short, we give access to a subscription or resource to a User/Group in another tenant with specific Roles. 

Sample ARM Template for adding a Customer account to Service Providers Lighthouse. 

"managedByTenantId": "a86bc255-XXXX-CCCC-VVVV-51fba84872aa"

Above is the Tenant ID of the Managed Services Provider. 


Above is the Name of the Offering.


Above is the Description of the Offering.

"principalId": "9d45cb5e-4682-4a4d-b54a-a89e3fa7bc84",

Above is the Object ID of the User or the Group we are selecting for this Offering.

"roleDefinitionId": "acdd72a7-3385-48ef-bd42-f606fba81ae7",

Above is the ID of the Role we are selecting.

"principalIdDisplayName": "Azure Reader Access"

Above is the Name of the Role we are selecting.

Sample ARM

"$schema": "",
"contentVersion": "",
"parameters": {
"mspOfferName": {
"type": "string",
"metadata": {
"description": "Specify a unique name for your offer"
"mspOfferDescription": {
"type": "string",
"metadata": {
"description": "Name of the Managed Service Provider offering"
"variables": {
"mspRegistrationName": "[guid(parameters('mspOfferName'))]",
"mspAssignmentName": "[guid(parameters('mspOfferName'))]",
"managedByTenantId": "a86bc255-XXXX-CCCC-VVVV-51fba84872aa",
"authorizations": [
"principalId": "9d45cb5e-AAAA-BBBB-CCCCC-DDDDDDDD",
"roleDefinitionId": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
"principalIdDisplayName": "Azure Reader Access"
"principalId": "9d45cb5e-AAAA-BBBB-CCCCC-DDDDDDDD",
"roleDefinitionId": "cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e",
"principalIdDisplayName": "Support Request Contributor"
"resources": [
"type": "Microsoft.ManagedServices/registrationDefinitions",
"apiVersion": "2020-02-01-preview",
"name": "[variables('mspRegistrationName')]",
"properties": {
"registrationDefinitionName": "[parameters('mspOfferName')]",
"description": "[parameters('mspOfferDescription')]",
"managedByTenantId": "[variables('managedByTenantId')]",
"authorizations": "[variables('authorizations')]"
"type": "Microsoft.ManagedServices/registrationAssignments",
"apiVersion": "2020-02-01-preview",
"name": "[variables('mspAssignmentName')]",
"dependsOn": [
"[resourceId('Microsoft.ManagedServices/registrationDefinitions/', variables('mspRegistrationName'))]"
"properties": {
"registrationDefinitionId": "[resourceId('Microsoft.ManagedServices/registrationDefinitions/', variables('mspRegistrationName'))]"
"outputs": {
"mspOfferName": {
"type": "string",
"value": "[concat('Managed by', ' ', parameters('mspOfferName'))]"
"authorizations": {
"type": "array",
"value": "[variables('authorizations')]"

Monday, April 10, 2023

NextCloud Setup with Docker

One of the most commonly used self-hosted alternatives for cloud storages. Now it's easy to deploy with dockers. Following docker file and Nginx configuration can be used to deploy the nextcloud application behind the Nginx proxy server with SSL termination. 
we can bring up and bring down the containers with the following commands

docket-compose up -f
docker-compose down


version: '2'
#  nextcloud: /root/nextcloud/ncdata
#  db: /root/nextcloud/mysql
    image: mariadb:10.5
    restart: always
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
      - /root/nextcloud/mysql:/var/lib/mysql
    image: nextcloud
    restart: always
      - db
      - /root/nextcloud/ncdata:/var/www/html
       image: nginx
       restart: always
         - 8082:8080
         - app
         - /root/nextcloud/nginx/nginx.conf:/etc/nginx/conf.d/default.conf
         - /root/nextcloud/cert:/etc/cert
Nginx Configuration file

server {
  listen 80;
  return 301 https://$server_name:8080$request_uri;
  add_header X-Content-Type-Options              "nosniff";
server {
  listen 8080 ssl;
  ssl_certificate /etc/cert/;
  ssl_certificate_key /etc/cert/;
  ssl_prefer_server_ciphers on;
  location / {
  proxy_pass http://app;
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;


Kubernetes(k8s) Sample Commands - 02

Following are a few of the  kubectl commands for managing Kubernetes clusters:

  • kubectl get nodes -o=jsonpath='{XX}'
    • This command retrieves information about the nodes in the cluster using the jsonpath output format. Replace {XX} with the desired path.
  • kubectl get nodes -o=custom-columns=<Column name>
    • This command retrieves information about the nodes in the cluster using custom columns output format. Replace <Column name> with the desired column name
  • --sort-by=
    • This option is used to sort the output based on a specified field.
  • kubectl get node node01 -o json > /opt/outputs/node01.json
    • This command retrieves information about a specific node and saves it as a JSON file.
  • kubectl get nodes -o jsonpath='{.items[*].status.nodeInfo.osImage}' > /opt/outputs/nodes_os.txt
    • This command retrieves the OS image of all the nodes in the cluster and saves it in a text file.
  • kubectl config view --kubeconfig=my-kube-config -o jsonpath="{.users[*].name}" > /opt/outputs/users.txt
    • This command retrieves the names of all users in the kubeconfig file and saves it in a text file.
  • kubectl get pv > /opt/outputs/storage-capacity-sorted.txt
    • This command retrieves the capacity of all persistent volumes and sorts the output by storage capacity.
  • kubectl config view --kubeconfig=my-kube-config -o jsonpath="{.contexts[?(@.context.user=='aws-user')].name}" > /opt/outputs/aws-context-name
    • This command retrieves the context name for a specific user in the kubeconfig file.
  • kubectl run test-nslookup --image=busybox:1.28 --rm -it --restart=Never -- nslookup nginx-resolver-service
    • This command creates a pod named test-nslookup and runs a DNS lookup on nginx-resolver-service.
  • kubectl run test-nslookup --image=busybox:1.28 --rm -it --restart=Never -- nslookup nginx-resolver-service > /root/CKA/nginx.svc
    • This command creates a pod named test-nslookup and redirects the output of the DNS lookup to a file.
  • K get nodes -o jason | jq -c paths |grep type
    • This command retrieves the paths of all fields in the node objects in the cluster that contain the word "type".
  • kubectl create deployment --image=nginx nginx --replicas=4 --dry-run=client -o yaml > nginx-deployment.yaml
    • This command creates a deployment named nginx with 4 replicas and saves the deployment manifest as a YAML file. The --dry-run=client flag is used to simulate the deployment without actually creating it.