AMDGPU firmware and homebuild kernel

Not sure how it happens in less DIY type distributions, but in Crux I struggled to add firmware of AMDGPU drivers to a initrmfs. Maybe I haven't tried long enough, but without firmware in the initial ramfs, I could not properly start my desktop.

I learnt that drivers are on a disk, in what looked like the right directory (/lib/firmware/amdgpu/). They just were not loaded. After passing a few times the directory name via a CLI option I figured out that the path could be added to the dracut config.

Now, I have following config file on which make rebuilding kernel much easier.

cat /etc/dracut.conf.d/wawrzek.conf
install_items+=/lib/firmware/amdgpu/*

Thanks to that I can simple run command like that to add ramfs to:

mkinitrd /boot/initramfs-5.4.0-1.img 5.4.0

Copy files around in CentOS with SELinux (e.g. Nginx)

Imagine that you want to enable https traffic on a site served by Nginx. Sounds simple. A series of command like these should work:

scp example.com.* your_remote_server:
ssh your_remote_server
sudo mkdir /etc/nginx/ssl
sudo cp example.com.* /etc/nginx/ssl

Edit appropriate configuration file(s). Finally, run:

sudo systemctl restart nginx

and nothing, or rather an error message with information that nginx cannot access ssl certificate files. You check and files exists, so what's the problem?

The problem is a SELinux security context, diffrent for /etc/ngnix and /home/X

To change it you need to run chcon. For example:

chcon --reference /etc/nginx/nginx.conf /etc/nginx/ssl/example.com.*

More info at: https://www.cyberciti.biz/faq/rhel-centos-feora-linux-change-copy-selinux-context/

OpenSSL and certs

I was battling with SSL certificates recently and have two useful command I would like to store in my extended memory (this blog).


a) To ensure that all certificates in a bundle are OK. There should be a clear 'line of trust' in output.

FILENAME=your.domain.crt
openssl crl2pkcs7 -nocrl -certfile $FILENAME | openssl pkcs7 -print_certs -noout

b) To ensure that the EC (Eliptic Curve) key in the csr and the certifciate is equal to the actual signing key run these 3 commands. The public key for each command should be the same.

NAME=your.domain

openssl ec -pubout -in $NAME.key

openssl req -noout -pubkey -in $NAME.csr

openssl x509 -noout -pubkey -in $NAME.crt

Ansi control characters in Vim

The ANSI/VT100 terminals and their emulators allows to use escape sequences to  display colours and formatted text. (Check this link for more information on how to do this.) That's look cool in a terminal window. Problems starts when terminal output is redirected to a file (e.g. logs). Editors like Vim are virtual useless with such files, because files are full of "rubbish". At least by default, because for Vim there is a good plug-in called "Asci Highlighting". It takes escapes sequences and colour text appropriately.


Links:

• https://misc.flogisoft.com/bash/tip_colors_and_formatting 
• http://www.drchip.org/astronaut/vim/index.html#ANSIESC

Get Public IP address of Azure VM from shell on VM

Sometimes you need to get an IP address of the VM from inside of it. You can do this relatively simple from Azure VM with curl and jq thanks to Metadata endpoint as described in this document https://azure.microsoft.com/en-us/blog/announcing-general-availability-of-azure-instance-metadata-service/

And if you need the public IP address of interface eth0 this is the command:

curl -H Metadata:true http://169.254.169.254/metadata/instance?api-version=2017-04-02| jq '.network.interface[0].ipv4.ipAddress[0].publicIpAddress'