FastNetMon

Thursday, 25 August 2022

How to enable ssh on JunOS 19.4?

First of all, we need to set root password as default one is username root with no password.

Then run cli, then switch into configuration mode with: configure

And apply following command:

set system root-authentication plain-text-password

You will be asked to provide password and password confirmation.

Then you need to apply change using commit command. 

After that enable ssh:

set system services ssh

And enable root login over ssh (not recommended for production use):

set system service ssh root-login allow 

And finally apply all changes using commit command. 

Tuesday, 3 May 2022

How to create GitHub access token limited only for specific repository?

You cannot do it using standard approach with personal access tokens (PAT) but GitHub offers amazing workaround which allows you to accomplish it.

First of all, you need to create app using this guide which is little bit unclear about Installation ID.

There is a simple way to get it from page's URL. We need to open organisation where we've installed this app then open Settings and then open:


And then click Configure on right side from App's name and you will see URL: https://github.com/organizations/AAAA/settings/installations/XXX.

XXX - is our installation id in URL.

For me I used npx to retrieve auth token:
npx github-app-installation-token --appId AAA       --installationId XXX      --privateKeyLocation ~/key.pem

After getting key we can authenticate with this token using GitHub cli tool:

gh auth login

What account do you want to log into? GitHub.com

What is your preferred protocol for Git operations? HTTPS

Authenticate Git with your GitHub credentials? No

How would you like to authenticate GitHub CLI? Paste an authentication token

And after that you can do any required commands on specific repo like creation of new release:

gh api   --method POST   -H "Accept: application/vnd.github.v3+json"   /repos/<org_name>/<repo_name/releases   -f tag_name='v1.0.0'  -f target_commitish='main'  -f name='New Fancy Release' 

 



Tuesday, 5 April 2022

UK immigration for IT engineers

I wasn't born in the UK and I had no right to work here. I was ordinary engineer. I wasn't special in any way.

And I got Global Talent visa after successful endorsement by #TechNation UK as exceptional talent in digital field.

Want to live in the UK? Want to work for the World leading companies? Want to lead them? Want to start new company and change World?

Apply for Global Talent visa NOW because YOU deserve it.

Want to know more? Ask me on LinkedIN.

Thursday, 17 March 2022

How to unpack bzip2 faster using parallel approach?

There are multiple tools which claim option to decompress bzip2 in parallel:

  • pbzip2
  • lbzip2
Let's compare pbzip2 performance with reference singe thread bzip2:

$ time bzip2 -d /tmp/rib.bz2  --stdout > /dev/null

real 0m52.188s
user 0m52.019s
sys 0m0.160s
$ time pbzip2 -d /tmp/rib.bz2  --stdout > /dev/null

real 0m49.380s
user 0m49.473s
sys 0m0.241s
You may notice that we have no speed improvement at all which means that pbzip2 cannot do decompression in parallel for standard bz2 compressed files.

But lbzip2 actually can do it and it offers great performance improvement:
$ time bzip2 -d /tmp/rib.bz2  --stdout > /dev/null

real 0m52.790s
user 0m52.549s
sys 0m0.224s
$ time lbzip2 -d /tmp/rib.bz2   --stdout > /dev/null

real 0m8.604s
user 1m8.099s
sys 0m0.420s
It's 9 seconds vs 53 seconds. It's 6 times improvement on 8 CPU server. 

Conclusions: use lbzip2 for parallel decompression. 

Monday, 7 March 2022

How to disable systemd-resolved on Ubuntu 18.04 server with Netplan

NB! This guide is not applicable for Ubuntu 18.04 with Desktop environment, please use another one as you will need to change Network Manager configuration too.

In our case we decided to disable it because of non RFC compliant resolver in customer's network:

Jan 18 18:19:05 fastnetmon systemd-resolved[953]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying  

First of all, confirm current DNS server:

sudo systemd-resolve --status|grep 'DNS Servers' 

Currently default configuration is following:

ls -la /etc/resolv.conf 

lrwxrwxrwx 1 root root 39 Mar  2 17:23 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf

You will need to stop and disable resolved:

sudo systemctl disable systemd-resolved.service

sudo systemctl stop systemd-resolved.service 

Then remove symlink:

sudo rm /etc/resolv.conf 

And add customer's configuration (replace x.x.x.x by IP address of DNS server in your network):

echo 'search companyname.com' | sudo tee -a /etc/resolv.conf

echo 'nameserver x.x.x.x' | sudo tee -a /etc/resolv.conf

echo 'nameserver 8.8.8.8' | sudo tee -a /etc/resolv.conf

echo 'nameserver 1.1.1.1' | sudo tee -a /etc/resolv.conf

After that, I can recommend rebooting and checking that DNS resolution works fine on this server.