When Does the DNS Server Override the /etc/hosts File for FQDN or Domain Name Resolution?

Problem scenario
You notice that on some Linux servers the /etc/hosts file controls the resolution of hostnames and on other servers the DNS server overrides the /etc/hosts file. Which has precedence in DNS resolution, /etc/hosts or the DNS server on the network?

Answer
It depends. The /etc/nsswitch.conf file will decide. There is a “hosts” stanza. This setting will have the DNS server override the /etc/hosts file:

hosts:dns files

This setting will have the /etc/hosts file take precedence for name resolution:

hosts:files dns

To get the hostname,

 » Read more..

How Do You Create a GCP VM to Be a Web Server?

Problem scenario
You have a GCP server. You can run curl commands to its URL via localhost. But with a URL constructed with the server’s external IP address the curl command times out. You cannot reach the URL from your workstation. How do you get the GCP server to present the web service to other machines?

Solution
Modify the firewall rule by following these steps below.

 » Read more..

What is an Ingress Resource in Kubernetes?

Question
What is an Ingress resource in Kubernetes?

Answer
It is a Kubernetes technique of exposing services via an individual IP address (page 135 of Kubernetes in Action by Luksa). In TCP/IP networking, the Ingress port allows inbound traffic to route somewhere. Kubernetes supports other IP address to service mapping methods (e.g., NodePort or LoadBalancer). NodePort operates on layer 4 of the OSI seven-layer model (according to this posting).

 » Read more..

How Do You Open a Port to Connect to a GCP server?

Problem scenario
You are used to AWS Security Groups. You created a firewall rule in GCP. You cannot seem to reach the GCP server. What is wrong?

Possible Solution
Does the GCP firewall rule use the same shorthand notation like this?
x.x.x.x/32

Inbound rules in AWS Security Groups use the /32 to allow an IP address to connect to an EC-2 instance or service.

 » Read more..

How Do You Troubleshoot a Web Server in GCP Not Working via a Web Browser when Port 80 Is Not Blocked?

Problem scenario
From a web browser these commands succeed (where x.x.x.x is the external IP address of the Linux VM serving the web service):

Test-NetConnection -ComputerName x.x.x.x -Port 80
Test-NetConnection -ComputerName x.x.x.x -Port 443

But when you open a web browser and go to the x.x.x.x IP address, but the page does not load. You may get an error message about it timing out or not being reached or available.

 » Read more..

How Do You Get Oracle VirtualBox Guest Servers to Communicate with Each Other?

Problem scenario
You want to allow for TCP/IP connectivity between two VMs running Linux in Oracle VirtualBox. What do you do?

Solution
The network settings for the VMs should be as follows:

  • The “Attached to:” setting hould be “Host-only Adapter”
  • The “Adapter type:” setting should be “Paravirtualized Network”
  • The “Cable connected” option should be checked.

 » Read more..

How Do You Troubleshoot the nmap Result “Host seems down. If it is really up, but blocking our ping probes”?

Problem scenario
You use nmap and get this error from one server but not another:

Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.05 seconds

There seems to be no intermediate firewall rule stopping one server. What should you do?

Solution
The error message suggests using “-Pn”.

 » Read more..

How Do You Interpret the dstat Utility’s Results on a Linux Server in AWS?

Problem scenario
You want to monitor network traffic on an EC-2 server’s NICs. You are not sure what to look for or what a baseline should look like. What do you do?

Solution
1. Install dstat. With a CentOS/RHEL/Fedora server, run this: sudo yum -y install dstat
2. Run this command: dstat -nt
3. With no network activity beyond the PuTTy session to the EC-2 server,

 » Read more..

Why Cannot You Ping a Server when Nmap Commands to The Server Work?

Problem scenario
You cannot ping a server, but my nmap results show that port 22 on the server is open. You can reach the server with nmap, but not with ping. What is wrong?

Possible solution
Is the server in the AWS Security Group that you think it is? Go to the AWS console and verify the security group for the server is what you think is correct.

 » Read more..

How Do You Set Up a Multi-Node Cluster of Zookeeper?

Problem scenario
You want to set up Zookeeper with three nodes in AWS. What do you do?

Solution
1. Install Zookeeper on each of the servers. If you need assistance with this, see this posting.

2. Modify the zoo.cfg file on each of the servers. Add stanzas like these but substitute foobarX.amazonaws.com with the Public DNS name of each server:

server.1=foobar1.amazonaws.com:2888:3888
server.2=foobar2.amazonaws.com:2888:3888
server.3=foobar3.amazonaws.com:2888:3888
initLimit=5
syncLimit=5

3.

 » Read more..