Mattermost fun

I set up a mattermost chat server at my last job, but half the team was on board with it. I thought it would be fun to set up a chat server for fun.

After a little bit of troubleshooting on my home network, it was going too slow for my liking and I think Comcast really does filter traffic and the last time the Comcast guy was there to upgrade something, we got a new modem and it’s on a 10.0.0.0/24 network and then plugs into a router which is a 192.168.1.0/24 network, which creates a double-NAT situation. I thought I could work around this, and I did, but the page would resolve really slowly.

So the first thing I ran in to was I only had certbot set up for the domain miles-smith.info and www.miles-smith.info. I tried to modify it so it would create a certificate for chat.miles-smith.info, but it didn’t work. After a little bit of digging and thinking about it, I realized I should have created a wildcard DNS certificate, so I issued this command and it generated them to the appropriate folder:

./certbot-auto certonly --manual --preferred-challenges=dns [[EMAIL]] --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.miles-smith.info

I should have screenshot what it asked for, but I had to create a DNS record that they asked for with a generated TXT field to verify that I did indeed have that domain but here’s a screenshot of my Route53 settings that I added.

I did have a little bit of trouble getting the certificate and key loaded into the mattermost configuration because I was editing it through their server GUI, but after some digging I just edited the mattermost.conf file directly and pointed the ssl certificate and key to what I had generated. I also didn’t have the permissions set properly on them so I had to change them as well.

It was a bit more involved than that, but I’m leaving out the searching and digging and Comcast issues. I also looked for a place to host it, but lightsail seemed as good as place as any.

New HP server… sort of + scripting

Story time boys and girls.

So we got 2 brand spanking new HP servers earlier this year and I set up one of them for a few new VMs we were using.  We use virt-manager for our environment, and I hadn’t ever used it before, but it was pretty easy to set up, use and configure.  The other one had been on the floor over the whole summer since we didn’t have a use for it, which for me is weird because it has 128 GB RAM, like 48 total cores and a few TB on 8 15k drives.  I even asked him if we had too much hardware and he admitted we did.

My counterpart was tasked with building a test environment for a few weeks of training classes that will be held since it’s more reliable to bring an environment with you than trust a connection in a hotel will not break.  So he in turn, wanted me to get some of the leg work done getting it set up before the environment was built.  This training environment would be torn down after it wasn’t needed any longer, but may need to be rebuilt if there are enough classes to justify it.

I had previously investigated what was running on older hardware and noticed that several of the older machines weren’t running a lot of VM’s anymore because they had been moved over to newer hardware and never documented or the VM itself was no longer needed.  I brought this up to him and we found 2 servers that if we were able to migrate the VM’s off of them, we could consolidate the hardware (RAM mostly) into one server and then use the older hardware as the training environment.  Both of these servers we were looking at were well past their service date, so if they fell apart, it wouldn’t be a huge deal, but now we have spare parts for them.

It turned out however, that the first server was all we needed.  After digging into it some more, it looks like there is barely enough RAM on the first server for it to work.  So I migrated the VM’s from the old hardware off and wiped it, installing the latest version of Centos 7 according to the standards we have.  So the good news is we now have a spare server (still) because I recommended reusing old harder in a creative way.

What I did for this round as well, was I thought of other things that need to be done and automated them.  I kept in mind that there is another script that runs when a new server/VM is added, but there are always things you look back on that could have been done on the front end.  I mostly added other tools, ssh-keygen, added the appropriate ssh keys if they aren’t added already, made sure ‘PermitRootLogin no’ was set, things like that.

As I was make the script (bash), I thought about it in ansible or something because that would have made it not matter if a command had already been run.  This would make it easier in the long run, but the downside is there is already a tcsh script that’s been made so it wouldn’t be as compatible so I was conflicted.  The work around I did that for the most part was grep’ing something out of a file or using sed to see if it’s been added and if it’s already there, move onto the next block of script.  Overall I am pleased with it and am sure that there are more things that can be added in the future.

CISSP update + git

I have forgot about this for 2 weeks, but I wanted to get out a quick update.  I’m done with the Sybex book and started on the videos by Larry [something].  I got the feedback that his video course was great, but honestly it is lacking.  He goes on tangents and seems to gloss over the information quite a bit.  I’ve watched 2 days worth and I don’t know if it’s worth my time to finish the other 3 days.  Oh well, money spent on education is generally worth the cost.

 

I started the Sybex Practice Exams, and have had to realize that I need to slow down when reading the questions.  I’ve tried to get into a cadence of reading the question, re reading it and looking for keywords they are trying to get at, then read the answers, back to the questions then substitute each answer in with the question that’s being asked.  Normally I know off the bat one or two that are obviously not the answer, so that narrows it down.

 

This morning when I got to work I got the idea to go through some git tutorials from online and a udemy course I purchased.  I get the idea behind it and I know it’s not that hard, but I haven’t really used it much.  I would really like to automate a lot of the stuff I do at work and it would feel a lot better to use something like that to keep track of what changes are made and make it more open for the other admin to see what I’m working on.