Author: Bian Xi

Systemd-resolved DNS configuration for VPN

Systemd-resolved DNS configuration for VPN

VPN GUI

When using ubuntu GUI VPN connection, the DNS might not be updated correctly. Following command can be used to update search domain and DNS server.

sudo systemd-resolve --interface tun0 --set-dns <dns_server> --set-domain <domain>

Note: The latest test in VPN GUI, the DNS setting is working as expected.

VPN CLI

For openvpn command line,

openvpn --config client.ovpn --script-security 2 --up ./manual-config

The manual-config script can be as follow

#!/bin/sh
set -e
resolvectl dns $dev 192.0.2.53 192.0.2.54
resolvectl domain $dev "~foo.example.com" "~bar.example.com"
resolvectl dnssec $dev off

or

#!/bin/sh
systemd-resolve -i $dev \
  --set-dns=192.0.2.53 --set-dns=192.0.2.54 \
  --set-domain=foo.example.com --set-domain=bar.example.com \
  --set-dnssec=off  # <- Not super nice, but might be needed.

Another method is to use /etc/openvpn/update-systemd-resolved script, which is in openvpn-systemd-resolved package,

openvpn \
  --config client.ovpn \
  --up /etc/openvpn/update-systemd-resolved \
  --down /etc/openvpn/update-systemd-resolved \
  --down-pre \

NetworkManager Integration

To allow DNS and other options applied to new interface, a dispatcher file can be created, for example, /etc/NetworkManager/dispatcher.d/10-openvpn-tun0-up. The content can be as follows

#!/usr/bin/env bash

interface=$1
event=$2

if [[ $interface != "tun0" ]] || [[ $event != "up" ]]
then
  return 0
fi

# place your commands bellow this line

resolvectl dns tun0 192.168.1.1 192.168.1.2
resolvectl domain tun0 "~new.com"

References

Systemd-resolved DNS configuration for VPN
Network Manager script when interface up?

Learning – Introduction to AWS Services

Learning - Introduction to AWS Services

AWS Global Datacenter

  • AWS Account - Global (Billing, IAM, Route53)
  • Regions - Independent Geographic Area (S3, CDN, DynamoDB)
  • VPCs (ELB)
  • Availability Zones - Multiple isolated locations / data centers within a region (EC2, RDS, EBS)
  • Edge locations
  • Ragional Caches
  • Services

Storage

References

Introduction to AWS Services

Learning – Ansible 101 – Episode 3 – Introduction to Playbooks

Learning - Ansible 101 - Episode 3 - Introduction to Playbooks

Playbooks

Default module

The ansible command default module is command. So following commands are the same

ansible -i inventory multi -m command -a "date"
ansible -i inventory multi -a "date"

update_cache task

For idempotence, can update_cache task

Molecule

Testing Ansible roles using Molecule.

Background

Timeout

Timeout in 3600 seconds.

ansible -i inventory multi -b -B 3600 -P 0 -a "yum -y update"

Pulling time

Using -P for seconds

ansible -i inventory multi -b -B 3600 -P 0 -a "yum -y update"

Job ID

The result shows ansible job ID, which can be used to query in the server.

192.168.60.6 | CHANGED => {
    ...
    "ansible_job_id": "991487770448.3711",
    ...
    "results_file": "/root/.ansible_async/991487770448.3711",
    ...
}

Query by job id

ansible -i inventory db -b -m async_status -a "jid=991487770448.3711"

*Note: This will not show log or error of job"

Check log

ansible -i inventory multi -b -a "tail /var/log/messages"
ansible -i inventory multi -b -m shell -a "tail /var/log/messages | grep ansible-command | wc -l"

Cron

ansible -i inventory multi -b -m cron -a "name=something hour=4 job=/path/to/script.sh"
ansible -i inventory multi -b -m cron -a "name=something hour=4 job=/path/to/script.sh state=absent"

Git

ansible -i inventory multi -b -m git -a "repo=github_url_goes_here dest=/opt/app update=yes version=1.2.4"

Reuse SSH connection

Ansible configuration file ansible.cfg

[ssh_connection]
pipelining = True

Clean up

Destroy VMs

vagrant destroy -f

Playbooks

mkdir playbooks
cd playbooks

Inventory

[ec2]
35.175.148.144

[ec2:vars]
ansible_user=centos
ansible_ssh_private_key_file=~/.ssh/jeffgeerling_aws.pem

Create a shell script

shell-script.sh

# Install Apache.
yum install --quiet -y httpd httpd-devel
# Copy configuration files.
cp httpd.conf /etc/httpd/conf/httpd.conf
cp httpd-vhosts /etc/httpd/conf/httpd-vhosts.conf
# Start Apache and configure it to run at boot.
service httpd start
chconfig httpd on

Create playbook.yml

---
- name: Install Apache.
  hosts: all

  tasks:
    - name: Install Apache
      command: yum install --quiet -y httpd httpd-devel
    - name: Copy configuration files.
      command: >
        cp httpd.conf /etc/httpd/conf/httpd.conf
    - command: >
        cp httpd-vhosts /etc/httpd/conf/httpd-vhosts.conf
    - name: Start Apache and configure it to run at boot.
      command: service httpd start
    - command: chkconfig httpd on

or

---
- name: Install Apache.
  hosts: all

  tasks:
    - name: Install Apache
      shell: |
        yum install --quiet -y httpd httpd-devel
        cp httpd.conf /etc/httpd/conf/httpd.conf
        cp httpd-vhosts /etc/httpd/conf/httpd-vhosts.conf

    - name: Start Apache and configure it to run at boot.
      command: service httpd start
    - command: chkconfig httpd on

or

---
- name: Install Apache.
  hosts: all
  become: true

  tasks:
    - name: Install Apache
      yum:
        name:
          - httpd
          - httpd-devel
        state: present
      become: true
    - name: Copy configuration files.
      copy:
        src: "{{ item.src }}"
        dest: "{{ item.dest }}"
        owner: root
        group: root
        mode: 0644
      with_items:
        - src: httpd.conf
          dest: /etc/httpd/config/httpd.conf
        - src: httpd-vhosts.conf
          dest: /etc/httpd/conf/httpd-vhosts.conf

  - name: Make sure Apache is started now and at boot.
    service:
      name: httpd
      state: started
      enabled: true

    - command: >
        cp httpd-vhosts /etc/httpd/conf/httpd-vhosts.conf
    - name: Start Apache and configure it to run at boot.
      command: service httpd start
    - command: chkconfig httpd on

run on all nodes except one

ansible-playbook -i inventory multi --limit db
ansible-playbook -i inventory multi --limit=192.168.60.6
ansible-playbook -i inventory multi --limit="!:db"

List inventory

ansible-inventory --list i inventory

References

Ansible 101 - Episode 3 - Introduction to Playbooks