Install a Docker Registry using Ansible and LXD

I want to start using Docker more in my infrastructure, but I like the flexibility of LXD containers a lot so I want to set out adapting my Ansible playbook to install a Docker Registry on a LXD/LXC container on one of my servers.

This article documents my PoC setup.

The set-up

  • I’m using an Ubuntu 18.04 VM with LXD 3.13.
  • The LXD container is called dockerregistry and also is an Ubuntu 18.04 container.

What’s not covered.

  • How to install LXD, figure it out, it’s simple.
  • Ansible knowledge, the playbook I refer to has been setup pretty simply.

The steps

Create LXD container

As root execute the following

CT="dockerregistry"
lxc launch ubuntu:18.04 ${CT}

Prep LXD Container

For Ansible we’ll need Python and the ability to SSH into the container.

CT="dockerregistry"
# Set Nesting to true so that we can have container inception ūüėé
lxc config set ${CT} security.nesting true
# Install Python
lxc exec ${CT} -- apt install python python-apt -y
# Forward port 221 on the host to port 22 on the container
lxc config device add ${CT} ssh-${CT} proxy listen=tcp:0.0.0.0:221 connect=tcp:127.0.0.1:22
# Forward port 5000 on the host to port 5000 on the container for Docker Registry's port to be exposed on.
lxc config device add ${CT} registry-${CT} proxy listen=tcp:0.0.0.0:5000 connect=tcp:127.0.0.1:5000

The playbook

Take the playbook from my repo on https://gitlab.com/masterdam79/docker-playground/blob/master/playbook.yml and look at the YAML block for the registry server.

An example of how I run this playbook against a hosts.yml file containing my dockerregistry server with the different ansible_port: 221

ansible-playbook -i hosts.yml playbook.yml -t registry -l dockerregistry

The test

When I query the server, I get a response.

curl -X GET http://dockerregistry:5000/v2/_catalog 
{"repositories":[]}

Install TWRP and Magisk to root Pocophone F1

Disclaimer: I am not responsible for your phone if you do anything covered on this page, this page merely documents how I did it for myself.

What am I using?

I’m using Windows 10 for the MIUI unlock tool, Ubuntu 18.04 for fastboot and adb.

Unlock Bootloader

This sucks, I needed to dust off my Windows install and visit https://en.miui.com/unlock/ to download a .zip file which contained an executable.

Before being able to unlock it, I needed to wait 72 hours…

Install TWRP

Once unlocked I found a recovery-20181012.img file from this file host: https://www.androidfilehost.com/?w=files&flid=283470 which was shared on https://forum.xda-developers.com/poco-f1/development/recovery-twrp-3-2-3-decryption-t3853004

I installed it by pressing power+vol-down for a long time to get into fastboot and using the following command from my Linux terminal

fastboot flash recovery recovery-20181012.img

Recovery wiped

Booting into Android unfortunately resulted in the recovery being restored to MI-Recovery 3.0, so…

Download DisableForceExcryption

From¬†https://drive.google.com/drive/folders/1QtcAbo5YklB9w-H4PeXEBB0nBoT42fwF I downloaded the DisableForceEncryption_Treble.zip file and placed it along with therecovery-20181012.img file onto the phone’s storage.

(The¬†twrp-3.2.3.0-beryllium-20180831.img file in the GDrive wasn’t decrypting the storage in TWRP, so I didn’t use that anymore.

Boot into TWRP

Formatted data, flashed the DisableForceEncryption_Treble.zip file.

Flashing DisableForceEncryption_Treble.zip  actually installed Magisk as well and rooted the device in the process.

Run a backup

At this point I made a backup of all partitions to my MicroSD card to capture the current OS, booted into the OS, downloaded some apps, registered the device again in MIUI, made some changes and tested a restore.

Restore

First do a standard wipe (data, cache & Dalvik are standard) and then do the restore of all partitions (excl. storage).

Soft-bricked

This resulted in a bootloop, at least TWRP is still there..

Install MIUI 10 Global Stable

On https://forum.xda-developers.com/poco-f1/how-to/xiaomi-poco-f1-unlock-bootloader-custom-t3839405 I found http://bigota.d.miui.com/V10.0.4.0.OEJMIFH/miui_POCOF1Global_V10.0.4.0.OEJMIFH_ef67c4052e_8.1.zip

Unbricked

It started booting into Android again and encrypting the device ūüôā

Recovery also restored

Unfortunately this also set me back to the MI-Recovery 3.0, at least the device was still unlocked, so back to fastboot it was.

Install Icinga Using Ansible

I wanted to play around with Icinga and automate the installation of it as documented on https://www.icinga.com/docs/icinga2/latest/doc/02-getting-started/

Prerequisites

  • Vagrant
  • Virtualbox
  • Ansible
  • Ansible-vault
  • .vault file in your home folder
  • encrypted_variables.yml in your icinga-poc folder (ignored by .gitignore containing the following variables with your own preferred passwords:
mysql_root_passwd: "abcdefghijklmn"
# SELECT PASSWORD('abcdefghijklmn');
mysql_root_passwd_encrypted: "*1A2B3C4D5E6F7G8H9I0J"
icinga_db_pass: "abcdefghijklmn"
icinga_api_root_pass: "abcdefghijklmn"
icinga_api_pass: "abcdefghijklmn"
icingaweb2_setup_token: "abcdefghijklmn"

If you’ll have cloned https://bitbucket.org/masterdam79/icinga-poc/src/master/ and cd into the icinga-poc directory, you’ll be able to run the playbook doing most of the install as follows:

ansible-playbook -i hosts --vault-password-file=~/.vault playbook.yml

If you then go to¬†http://192.168.22.155/icingaweb2/setup you’ll be able to set-up your icinga2 server with the credentials above.

Nexus 5x Unlock Bootloader, Flash TWRP and SuperSU

Warning

Use this howto at your own risk, I am not responsible if you brick your device and I will not support you.

Prerequisites

  • Nexus 5x Bullhead
    • LGH791F 32GB
  • Linux Desktop or Laptop
    • adb and fastboot installed
      • android-tools-adb
      • android-tools-fastboot

Steps

Enable USB-Debugging

Go to Settings -> System -> About Phone -> Build number and hit it about 5 times until you’re a developer.

Go to Settings -> System -> Options for developers -> USB Debugging -> On

Enable OEM Unlock

Go to Settings -> System -> Options for developers -> USB Debugging -> On

See if adb is working

sudo adb devices

Unauthorized

At first I was presented with the following.

This was because I forgot to sudo the command above.

* daemon not running. starting it now on port 5037 * 
* daemon started successfully * 
List of devices attached 
????????????    no permissions

Restart adb-server

sudo adb kill-server
sudo adb start-server

See if adb is working now

sudo adb devices
List of devices attached 
02566a514593b4ac        device

Reboot into bootloader

sudo adb reboot-bootloader

List device

sudo fastboot devices
02566a514593b4ac        fastboot

Unlock the bootloader

Warning: This will erase your phone completely, be sure to have backed up everything!

sudo fastboot oem unlock

Confirm it on your screen

Reboot device

Don’t skip this step, this will reboot your device.

sudo fastboot reboot

Enable USB-Debugging (again)

Go to Settings -> System -> About Phone -> Build number and hit it about 5 times until you’re a developer.

Go to Settings -> System -> Options for developers -> USB Debugging -> On

Allow all future connections from your computer

Enable OEM Unlock

This should still be on.

See if adb is working

sudo adb devices

All is well if you see:

List of devices attached 
02566a514593b4ac        device

Reboot into bootloader

sudo adb reboot-bootloader

Download TWRP

Download the most recent .img file from https://eu.dl.twrp.me/bullhead/

Flash the TWRP image to the Recovery partition

For some reason the defice was locked again after the reboot so I had to unlock it again.

cd Downloads/
sudo fastboot flash recovery twrp-3.1.1-0-bullhead.img
target reported max download size of 536870912 bytes 
sending 'recovery' (14604 KB)... 
OKAY [  0.545s] 
writing 'recovery'... 
FAILED (remote: device is locked. Cannot flash images) 
finished. total time: 0.564s
sudo fastboot oem unlock
... 
OKAY [  5.490s] 
finished. total time: 5.490s
sudo fastboot flash recovery twrp-3.1.1-0-bullhead.img
target reported max download size of 536870912 bytes 
sending 'recovery' (14604 KB)... 
OKAY [  0.440s] 
writing 'recovery'... 
OKAY [  0.159s] 
finished. total time: 0.599s

Get into Recovery mode

Press down a couple of times until it shows recovery mode and press power to confirm

Download SuperSU

Download the .zip file from https://download.chainfire.eu/1220/SuperSU/

Upload SuperSU to your internal SD

adb push SR5-SuperSU-v2.82-SR5-20171001224502.zip /sdcard/
6589 KB/s (6882992 bytes in 1.020s)

Install SuperSU .zip

Install -> Browse to SR5-SuperSU-v2.82-SR5-20171001224502.zip and select it.

Swipe

To confirm the installation.

Reboot

You might get a prompt about the device being unable to decrypt your previously encrypted volume, it’ll bring you back to TWRP to do a factory reset.

Install AICP Oreo ROM

Download AICP

Download the latest nightly on http://dwnld.aicp-rom.com/?device=bullhead and get into TWRP.

Download Magisk

Download Magisk Manager Latest Version 7.2.0 For Android 2019

AICP doesn’t go well with SuperSU but it does with Magisk.

Download OpenGApps

http://opengapps.org/

ARM64 -> 8.0 -> Full

Upload the .zip files

adb push aicp_bullhead_o-13.0-NIGHTLY-20171020.zip /sdcard/
adb push Magisk-v14.0.zip /sdcard/
adb push open_gapps-arm64-8.0-full-20171020.zip /sdcard/

Flash AICP & Magisk

This is the usual procedure through TWRP, wipe caches afterwards and boot into the system.

Install OpenGApps

This took me some debugging as the nano version didn’t work, but the full version might do.

 

 

 

Installing LXD as a Snap with Ubuntu Core 16.04 on a Raspberry Pi 3

I have for a long time experimented with LXC/LXD and I’ve got a server running 24/7 in my household to do (among others) DHCP and NS, not because I need but just because I can.

This is of course costing me way too much electricity so I’m exploring the idea to run these services as Linux Containers on a Raspberry Pi 3.

Continue reading “Installing LXD as a Snap with Ubuntu Core 16.04 on a Raspberry Pi¬†3”

Ansible Jinja2 join dict nected values

For a certain configuration file I needed all my SSH users to be listed as p.puk,j.snot,s.sjors  etc from the following dict.

USERS:
  - name: "Pietje Puk"
    account: p.puk
  - name: "Jan Snot"
    account: j.snot
  - name: "Sjaakie Sjors"
    account: s.sjors

But whenever I ran the following task:

- template:
    src: templates/file
    dest: /tmp/file

With the following template:

{{ USERS.account | join(',') }}

it would give me:

AnsibleUndefinedVariable: ‘list object’ has no attribute ‘account’

But having found:

https://stackoverflow.com/questions/42698232/complex-string-concatenation-in-jinja-ansible-template#

I put the following in my template:

{{ SSH_USERS | json_query('[*].account') | join(',') }}

It gave me the following in /tmp/file.

p.puk,j.snot,s.sjors

The StackOverflow article covered something else so I wasn’t able to thank Crypto¬†for his/her contribution but hopefully by creating this small post I can reach out to this person to say that this little fix saved my evening!

Guess I’d overlooked¬†http://docs.ansible.com/ansible/latest/playbooks_filters.html#json-query-filter as I was of the assumption that my dict was YAML structured and therefor such a thing as json-query-filter wouldn’t work.

But then again:

Source: https://nl.pinterest.com/pin/301881981246842503/

 

Install GPMDP using Ansible

Just a quick playbook to install/update GPMDP using Ansible.

- name: Fetch the download_url from API
  uri:
    url: https://api.github.com/repos/MarshallOfSound/Google-Play-Music-Desktop-Player-UNOFFICIAL-/releases/assets/3731260
    return_content: yes
  register: gpmdp
  tags:
    - gpmdp
- name: Install GPMDP
  apt:
    deb: "{{ gpmdp | json_query('json.browser_download_url') }}"
  tags:
    - gpmdp

 

NextCloud install on Apache/2.4.18 php7.0-fpm ERR_TOO_MANY_REDIRECTS

I was confronted with an ERR_TOO_MANY_REDIRECTS when installing NextCloud on my Apache/2.4.18 php7.0-fpm setup.

It took some searching but this fix was so unbelievably easy thanks to this guy.

http://serverfault.com/questions/263589/how-to-fix-script-name-with-php-fpm-and-apaches-mod-fastcgi#423965

So basically modifying:

cgi.fix_pathinfo=0

To:

cgi.fix_pathinfo=1

And/etc/php/7.0/fpm/php.ini, restarting apache2 & php7.0-fpm made my day.

 

KMail – Configure Send Later Agent [SOLVED]

According to the documentation of KMail there should be a “Configure Send Later Agent…” menu option underneath “Settings” but in KMail 5.2.3 there is no such option.

I’ve found out where you can see which emails you’ve configured to send later:

Settings -> Configure KMail… -> Misc -> Plugin Settings -> Send Later Agent.

Install Ansible devel on LXD container Ubuntu 16.04 using PIP

I came across the Ansible page explaining how to install their latest version using PIP but I ran in a few dependencies which I’ll share here.

Continue reading “Install Ansible devel on LXD container Ubuntu 16.04 using PIP”