Cloud/Shahed/AL: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
← Older edit
VisualWikitext
 
(10 intermediate revisions by the same user not shown)
Line 31: Line 31:
Type=oneshot
Type=oneshot
ExecStart=/sbin/ip link add warp0 type dummy
ExecStart=/sbin/ip link add warp0 type dummy
ExecStartPost=/sbin/ip addr add 10.20.41.12/32 dev warp0
ExecStartPost=/sbin/ip addr add 10.20.40.12/32 dev warp0
ExecStartPost=/sbin/ip link set warp0 up
ExecStartPost=/sbin/ip link set warp0 up
ExecStop=/sbin/ip link delete warp0
ExecStop=/sbin/ip link delete warp0
Line 118: Line 118:
LOGGER_FILE=${LOGGER_BASE}/argo.log
LOGGER_FILE=${LOGGER_BASE}/argo.log
AUTHNZ_FILE=${AUTHNZ_BASE}/argo.json
AUTHNZ_FILE=${AUTHNZ_BASE}/argo.json
 
</syntaxhighlight>
# pi01w armv6l based single core cpu, less powerful
----
<syntaxhighlight lang="bash">
# armv6l based pi01w is a single core cpu, less powerful
# qemu-arm-static emulator take more time to run armhf binary
# qemu-arm-static emulator take more time to run armhf binary
# for this case it would best to use another pc to generate the json token
# for this case it would best to use another pc to generate the json token
Line 126: Line 128:
qemu-arm-static -cpu cortex-a7 /usr/local/bin/cloudflared tunnel create shahed-al-${USER}
qemu-arm-static -cpu cortex-a7 /usr/local/bin/cloudflared tunnel create shahed-al-${USER}
ln -s ${CONFIG_BASE}/3d1105e6-e8f4-403e-9b2d-3367947e0a9e.json ${AUTHNZ_FILE}
ln -s ${CONFIG_BASE}/3d1105e6-e8f4-403e-9b2d-3367947e0a9e.json ${AUTHNZ_FILE}
</syntaxhighlight>
----
<syntaxhighlight lang="bash">
# use another pc
cd ~/.cloudflared/
cloudflared tunnel login
mv cert.pem cert.pem.bkp
mkdir -p ~/.cloudflared/tokens
cloudflared tunnel create shahed-al-${USER}
mv aa6db449-f14f-4e79-be14-44b49174d17f.json tokens/shahed-al_aa6db449-f14f-4e79-be14-44b49174d17f.json
rsync -avz tokens/shahed-al_aa6db449-f14f-4e79-be14-44b49174d17f.json pi@shahed-al.local:~/.config/
ssh -qt pi@shahed-al.local bash
# on demand update needed
cat << EXE | sudo bash
mv ~/.config/shahed-al_aa6db449-f14f-4e79-be14-44b49174d17f.json /home/system/chorke-com-argo/.cloudflared/aa6db449-f14f-4e79-be14-44b49174d17f.json
chown chorke-com-argo:chorke-com-argo /home/system/chorke-com-argo/.cloudflared/aa6db449-f14f-4e79-be14-44b49174d17f.json
ls -alh /home/system/chorke-com-argo/.cloudflared/
EXE
</syntaxhighlight>
</syntaxhighlight>


Line 172: Line 193:
source ~/.profile
source ~/.profile
   cat ~/.cloudflared/argo.yml
   cat ~/.cloudflared/argo.yml
qemu-arm-static -cpu cortex-a9 /usr/local/bin/cloudflared tunnel run shahed-al-${USER}
qemu-arm-static -cpu cortex-a7 /usr/local/bin/cloudflared tunnel run shahed-al-${USER}
exit
exit
</syntaxhighlight>
</syntaxhighlight>
Line 196: Line 217:
TimeoutStartSec=0
TimeoutStartSec=0
Type=notify
Type=notify
ExecStart=qemu-arm-static -cpu cortex-a9 \
ExecStart=qemu-arm-static -cpu cortex-a7 \
/usr/local/bin/cloudflared --no-autoupdate \
/usr/local/bin/cloudflared --no-autoupdate \
--config /home/system/chorke-com-argo/\
--config /home/system/chorke-com-argo/\
Line 224: Line 245:
TimeoutStartSec=0
TimeoutStartSec=0
Type=notify
Type=notify
ExecStart=qemu-arm-static -cpu cortex-a9 \
ExecStart=qemu-arm-static -cpu cortex-a7 \
/usr/local/bin/cloudflared --no-autoupdate \
/usr/local/bin/cloudflared --no-autoupdate \
--config /home/system/chorke-org-argo/\
--config /home/system/chorke-org-argo/\
Line 252: Line 273:
TimeoutStartSec=0
TimeoutStartSec=0
Type=notify
Type=notify
ExecStart=qemu-arm-static -cpu cortex-a9 \
ExecStart=qemu-arm-static -cpu cortex-a7 \
/usr/local/bin/cloudflared --no-autoupdate \
/usr/local/bin/cloudflared --no-autoupdate \
--config /home/system/shahed-biz-argo/\
--config /home/system/shahed-biz-argo/\
Line 362: Line 383:
{|
{|
|valign="top"|
|valign="top"|
* [[OpenLDAP/BackSQL|OpenLDAP » BackSQL]]
* [[Cloud/Hetzner/AA|Cloud » Hetzner » AA]]
* [[Google Cloud CLI]]
* [[Cloud/Hetzner/AB|Cloud » Hetzner » AB]]
* [[EKSctl|AWS » EKS » CLI]]
* [[Cloud/Shahed/AA|Cloud » Shahed » AA]]
* [[Swap Space]]
* [[Cloud/Shahed/AB|Cloud » Shahed » AB]]
* [[Online App]]
* [[Cloud/Shahed/AC|Cloud » Shahed » AC]]
* [[OpenLDAP]]
* [[Cloud/Shahed/AD|Cloud » Shahed » AD]]
* [[Terraform]]
* [[Cloud/Shahed/AE|Cloud » Shahed » AE]]
* [[AWS CLI]]
* [[Cloud/Shahed/AF|Cloud » Shahed » AF]]
* [[CLI App]]
* [[Cloud/Shahed/AG|Cloud » Shahed » AG]]
* [[Kubectl]]
* [[Cloud/Shahed/AH|Cloud » Shahed » AH]]
 
|valign="top"|
* [[Cloud/Shahed/AI|Cloud » Shahed » AI]]
* [[Cloud/Shahed/AJ|Cloud » Shahed » AJ]]
* [[Cloud/Shahed/AK|Cloud » Shahed » AK]]
* [[Cloud/Shahed/AM|Cloud » Shahed » AM]]
* [[Cloud/Shahed/AN|Cloud » Shahed » AN]]
* [[Cloud/Shahed/VA|Cloud » Shahed » VA]]


|valign="top"|
|valign="top"|
* [[HAProxy]]
* [[Jasypt]]
* [[CURL]]
* [[K8s]]
* [[K9s]]


|valign="top"|
|valign="top"|


|-
|-
| colspan="3" |
|colspan="4"|
----
----
|-
|-
| valign="top" |
|valign="top"|
* [[Cloudflare/WARP Connector|Cloudflare » WARP Connector]]
* [[Minikube Ingress DNS| Minikube » Ingress » DNS]]
* [[Cloudflare/Argo Tunnel|Cloudflare » Argo Tunnel]]
* [[Minikube Systemd|Minikube » Systemd]]
* [[Cloudflare/WARP Host|Cloudflare » WARP Host]]
* [[Minikube MetalLB|Minikube » MetalLB]]
* [[Cloudflare]]
* [[Minikube Registry|Minikube » Registry]]
* [[Minikube Tunnel|Minikube » Tunnel]]
* [[Minikube]]
* [[CIDR]]
* [[UFW]]
* [[YQ Tool|YQ]]
* [[JQ Tool|JQ]]
 
|valign="top"|
* [[K8s/Academia/Ingress|K8s » Academia » Ingress]]
* [[K8s/HAProxy/Ingress|K8s » HAProxy » Ingress]]
* [[K8s/Apache/Ingress|K8s » Apache » Ingress]]
* [[K8s/Nginx/Ingress|K8s » Nginx » Ingress]]
* [[K8s/Swiss Knife|K8s » Swiss Knife]]
* [[K8s/Storage|K8s » Storage]]
* [[K8s/Ingress|K8s » Ingress]]
* [[K8s/Service|K8s » Service]]
* [[K8s/Run|K8s » Run]]
* [[K8s]]


| valign="top" |
|valign="top"|
* [[Cloud/Hetzner/AA|Cloud » Hetzner » AA]]
* [[Helm/Prometheus Stack|Helm » Prometheus Stack]]
* [[Cloud/Shahed/AF|Cloud » Shahed » AF]]
* [[Helm/Cert Manager|Helm » Cert Manager]]
* [[Helm/Elasticsearch|Helm » Elasticsearch]]
* [[Minikube MetalLB|Helm » MetalLB]]
* [[Helm/Jenkins|Helm » Jenkins]]
* [[Helm/GitLab|Helm » GitLab]]
* [[Helm/Nexus|Helm » Nexus]]
* [[Helm/MinIO|Helm » MinIO]]
* [[Helm/Kafka|Helm » Kafka]]
* [[Helm/Redis|Helm » Redis]]


| valign="top" |
|valign="top"|
* [[Security/Container/Snyk|Security » Container » Snyk]]
* [[Security/Container/Trivy|Security » Container » Trivy]]
* [[Security/Certificate/TLS|Security » Certificate » TLS]]
* [[Java Key Store|Security » Java » Key Store]]
* [[Java Mail API|Security » Java » Mail API]]
* [[Security/Password|Security » Password]]
* [[ZA Proxy|Security » ZA Proxy]]
* [[Security/Domain|Security » Domain]]
* [[Jasypt|Security » Jasypt]]
* [[HTTP Security|Security » HTTP]]


|-
|-
| colspan="3" |
|colspan="4"|
----
----
|-
|-
| valign="top" |
|valign="top"|
* [[Ubuntu/Raspberry Pi]]
* [[Benchmarks]]
* [[Ubuntu Upgrade]]
* [[IPTables]]
* [[ActiveMQ]]
* [[Kubectl]]
* [[Minikube]]
* [[Keycloak]]
* [[Hadoop]]
* [[Jenkins]]
* [[WildFly]]
* [[Spark]]
* [[MinIO]]
 
| valign="top" |
* [[Alpine/Morefine]]
* [[Ruby on Rails]]
* [[TensorFlow]]
* [[Homebrew]]
* [[Linuxbrew]]
* [[PyEnv]]
* [[PyEnv]]
* [[CURL]]
* [[TMux]]
* [[TMux]]
* [[7Zip]]
* [[7Zip]]
* [[Linux Containers|LXC]]
* [[Zip]]
* [[Zip]]
* [[Tar]]
* [[Tar]]


| valign="top" |
|valign="top"|
* [[Linux Service Creation]]
* [[Ubuntu Upgrade|Linux » Ubuntu Upgrade]]
* [[Bash/Port/Forward]]
* [[Linux Service Creation|Linux » Service Creation]]
* [[Linux Mount Drive]]
* [[Linux User Creation|Linux » User Creation]]
* [[YouTube/Channel]]
* [[Linux Mount Drive|Linux » Mount Drive]]
* [[Bash/Network]]
* [[Swap Space|Linux » Swap Space]]
* [[Bash/RAM]]
* [[EKSctl|CLI » AWS » EKS]]
* [[Bash/CPU]]
* [[AWS CLI|CLI » AWS]]
* [[Bash/Port]]
* [[Google Cloud CLI|CLI » GCP]]
* [[CLI App|CLI]]
* [[K9s]]
 
|valign="top"|
* [[Cloudflare/WARP Host|Cloudflare » Host]]
* [[Cloudflare]]
* [[Terraform]]
* [[ActiveMQ]]
* [[Keycloak]]
* [[Hadoop]]
* [[Jenkins]]
* [[Spark]]
* [[Bash]]
* [[Bash]]
* [[Port]]
* [[Port]]
|valign="top"|
* [[Private Enterprise Number]]
* [[Chorke Academia Backup]]
* [[Cloud Computing Cost|Cost » Cloud » Computing]]
* [[Cloud/Cost/Chorke|Cost » Cloud » Chorke]]
* [[YouTube/Channel]]


|-
|-
|colspan="3"|
|colspan="4"|
----
----
|-
|-
|valign="top"|
|valign="top"|
* [[Private Enterprise Number]]
* [[Linux User Creation]]
* [[Linux Containers]]
* [[PostgreSQL]]
* [[IPTables]]
* [[MySQL]]
* [[CIDR]]
* [[UFW]]
* [[YQ Tool|YQ]]
* [[JQ Tool|JQ]]


|valign="top"|
|valign="top"|
* [[Chorke Academia Backup]]
 
* [[Cloud Computing Cost]]
|valign="top"|
* [[Helm/PostgreSQL|Helm » PostgreSQL]]
* [[Helm/MariaDB|Helm » MariaDB]]
* [[Benchmarks]]
* [[Helm]]


|valign="top"|
|valign="top"|


|}
|}

Latest revision as of 02:15, 17 June 2025

SSH

ssh pi@shahed-al.local

cat <<'EXE' | sudo bash
free -th && echo && systemd-analyze && echo
df -h    && echo && lsblk && echo
swapon --show
EXE

APT Update

cat << EXE | sudo bash
apt-get update;echo
mkdir -p /etc/apt/keyrings
apt list -a --upgradable;apt-get upgrade -y;echo
apt-get install -y qemu-user-static
ls -lah /usr/bin/qemu-*
apt-get clean cache
EXE

Cloudflare » VIRT

cat << INI | sudo tee /etc/systemd/system/warp0.service >/dev/null
[Unit]
Description=Cloudflared WARP Routing Virtual Interface
After=network.target
[Service]
Type=oneshot
ExecStart=/sbin/ip link add warp0 type dummy
ExecStartPost=/sbin/ip addr add 10.20.40.12/32 dev warp0
ExecStartPost=/sbin/ip link set warp0 up
ExecStop=/sbin/ip link delete warp0
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
INI

cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable --now warp0.service
systemctl status       warp0.service
EXE

ip a

Cloudflare » Argo » Tunnel

wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-armhf.deb -P ${HOME}/Downloads
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-armhf.deb; sudo apt install -f
      rm -rf ${HOME}/Downloads/cloudflared-linux-armhf.deb

qemu-arm-static -cpu cortex-a7 /usr/local/bin/cloudflared --version

cat <<'SYS' | sudo tee -a /etc/sysctl.conf >/dev/null

###################################################################
# Cloudflared Tunnel Private Network Config
# This config added by Chorke Academia, Inc
# ICMP Group ID Range 0 to 10,000 Users
net.ipv4.ping_group_range = 0 10000

# 208 KiB Default RX Buffer
net.core.rmem_default=212992

# 208 KiB Default TX Buffer
net.core.wmem_default=212992

# 8 MB Maximum RX Buffer
net.core.rmem_max=8388608

# 8 MB Maximum TX Buffer
net.core.wmem_max=8388608

SYS

sudo sysctl -p

Skipped » Find More » 👈

Cloudflare » Argo » Tunnel » Qemu

sudo -i -u chorke-com-argo
LOGGER_BASE=/var/log/cloudflared/chorke.com

sudo -i -u chorke-org-argo
LOGGER_BASE=/var/log/cloudflared/chorke.org

sudo -i -u shahed-biz-argo
LOGGER_BASE=/var/log/cloudflared/shahed.biz

CONFIG_BASE=${HOME}/.cloudflared
AUTHNZ_BASE=${HOME}/.cloudflared
CONFIG_FILE=${CONFIG_BASE}/argo.yml
LOGGER_FILE=${LOGGER_BASE}/argo.log
AUTHNZ_FILE=${AUTHNZ_BASE}/argo.json

# armv6l based pi01w is a single core cpu, less powerful
# qemu-arm-static emulator take more time to run armhf binary
# for this case it would best to use another pc to generate the json token
qemu-arm-static -cpu cortex-a7 /usr/local/bin/cloudflared tunnel login && cd ~/.cloudflared/
curl -fsSL https://login.cloudflareaccess.org/aHK9jfkm_uvN9PW6-RGWote9FwyCv5VKqBfPjUZ7RCk= | tee ~/.cloudflared/cert.pem >/dev/null
qemu-arm-static -cpu cortex-a7 /usr/local/bin/cloudflared tunnel create shahed-al-${USER}
ln -s ${CONFIG_BASE}/3d1105e6-e8f4-403e-9b2d-3367947e0a9e.json ${AUTHNZ_FILE}

# use another pc
cd ~/.cloudflared/
cloudflared tunnel login
mv cert.pem cert.pem.bkp
mkdir -p ~/.cloudflared/tokens
cloudflared tunnel create shahed-al-${USER}
mv aa6db449-f14f-4e79-be14-44b49174d17f.json tokens/shahed-al_aa6db449-f14f-4e79-be14-44b49174d17f.json
rsync -avz tokens/shahed-al_aa6db449-f14f-4e79-be14-44b49174d17f.json pi@shahed-al.local:~/.config/

ssh -qt pi@shahed-al.local bash
# on demand update needed
cat << EXE | sudo bash
mv ~/.config/shahed-al_aa6db449-f14f-4e79-be14-44b49174d17f.json /home/system/chorke-com-argo/.cloudflared/aa6db449-f14f-4e79-be14-44b49174d17f.json 
chown chorke-com-argo:chorke-com-argo /home/system/chorke-com-argo/.cloudflared/aa6db449-f14f-4e79-be14-44b49174d17f.json 
ls -alh /home/system/chorke-com-argo/.cloudflared/
EXE

cat << YML | tee ${CONFIG_FILE} >/dev/null
---
tunnel: shahed-al-${USER}
credentials-file: ${AUTHNZ_FILE}

warp-routing:
  enabled: true

loglevel: info
logfile: ${LOGGER_FILE}

heartbeat:
  interval: 10s
  max_retries: 3

restart: true
YML

cat <<'ENV'|tee -a ${HOME}/.bashrc >/dev/null
# cloudflare tunnel config
export CLOUDFLARED_CONFIG=${HOME}/.cloudflared/argo.yml
ENV

cat <<'ENV'|tee -a ${HOME}/.profile >/dev/null
if [ -f ${HOME}/.bashrc ]; then
    . ${HOME}/.bashrc
fi
ENV

source ~/.profile
   cat ~/.cloudflared/argo.yml
qemu-arm-static -cpu cortex-a7 /usr/local/bin/cloudflared tunnel run shahed-al-${USER}
exit

SYSTEM_FILE=cloudflared@chorke.com.service
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE}

cat << INI | sudo tee ${SYSTEM_PATH} >/dev/null
[Unit]
Description=cloudflared
After=network-online.target
Wants=network-online.target

[Service]
Group=chorke-com-argo
User=chorke-com-argo
TimeoutStartSec=0
Type=notify
ExecStart=qemu-arm-static -cpu cortex-a7 \
/usr/local/bin/cloudflared --no-autoupdate \
--config /home/system/chorke-com-argo/\
.cloudflared/argo.yml tunnel run
Restart=on-failure
RestartSec=5s

[Install]
WantedBy=multi-user.target
INI

SYSTEM_FILE=cloudflared@chorke.org.service
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE}

cat << INI | sudo tee ${SYSTEM_PATH} >/dev/null
[Unit]
Description=cloudflared
After=network-online.target
Wants=network-online.target

[Service]
Group=chorke-org-argo
User=chorke-org-argo
TimeoutStartSec=0
Type=notify
ExecStart=qemu-arm-static -cpu cortex-a7 \
/usr/local/bin/cloudflared --no-autoupdate \
--config /home/system/chorke-org-argo/\
.cloudflared/argo.yml tunnel run
Restart=on-failure
RestartSec=5s

[Install]
WantedBy=multi-user.target
INI

SYSTEM_FILE=cloudflared@shahed.biz.service
SYSTEM_PATH=/etc/systemd/system/${SYSTEM_FILE}

cat << INI | sudo tee ${SYSTEM_PATH} >/dev/null
[Unit]
Description=cloudflared
After=network-online.target
Wants=network-online.target

[Service]
Group=shahed-biz-argo
User=shahed-biz-argo
TimeoutStartSec=0
Type=notify
ExecStart=qemu-arm-static -cpu cortex-a7 \
/usr/local/bin/cloudflared --no-autoupdate \
--config /home/system/shahed-biz-argo/\
.cloudflared/argo.yml tunnel run
Restart=on-failure
RestartSec=5s

[Install]
WantedBy=multi-user.target
INI

cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable cloudflared@chorke.com.service
systemctl start  cloudflared@chorke.com.service
systemctl status cloudflared@chorke.com.service
EXE

cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable cloudflared@chorke.org.service
systemctl start  cloudflared@chorke.org.service
systemctl status cloudflared@chorke.org.service
EXE

cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable cloudflared@shahed.biz.service
systemctl start  cloudflared@shahed.biz.service
systemctl status cloudflared@shahed.biz.service
EXE

tail -n100 \
-f /var/log/cloudflared/chorke.com/argo.log
journalctl -xeu cloudflared@chorke.com.service

tail -n100 \
-f /var/log/cloudflared/chorke.org/argo.log
journalctl -xeu cloudflared@chorke.org.service

tail -n100 \
-f /var/log/cloudflared/shahed.biz/argo.log
journalctl -xeu cloudflared@shahed.biz.service

cat << EXE | sudo bash
systemctl daemon-reload
systemctl disable cloudflared@chorke.com.service
systemctl stop    cloudflared@chorke.com.service
systemctl status  cloudflared@chorke.com.service
EXE

cat << EXE | sudo bash
systemctl daemon-reload
systemctl disable cloudflared@chorke.org.service
systemctl stop    cloudflared@chorke.org.service
systemctl status  cloudflared@chorke.org.service
EXE

cat << EXE | sudo bash
systemctl daemon-reload
systemctl disable cloudflared@shahed.biz.service
systemctl stop    cloudflared@shahed.biz.service
systemctl status  cloudflared@shahed.biz.service
EXE

References

Retrieved from "https://wiki.chorke.org/index.php?title=Cloud/Shahed/AL&oldid=14949"