Useful Azure Links

Advertisements

Add user to Azure SQL Server

Problem

  • Add user to Azure SQL Server

Solution

On Master:

CREATE LOGIN newLogin WITH password='<PASSWORD>’;

On target database:

CREATE USER newUser FROM LOGIN newLogin
EXEC sp_addrolemember ‘db_datareader’, ‘newUser’;

In this example, a read only user is created. But you can also set the following roles:

  • db_accessadmin
  • db_backupoperator
  • db_datareader
  • db_datawriter
  • db_ddladmin
  • db_denydatareader
  • db_denydatawriter
  • db_owner
  • db_securityadmin
  • LimitedCreatorRights
  • public

Send to Azure IoT Hub Rest Endpoint with C# without library

Problem

  • Send Device to Cloud messages to Azure IoT Hub without libraries only using REST Endpoint
  • Integrate Proxy Support
  • Getting SharedAccessSignature

Solution

private static void sendToIOTHUB(string s)
{
string iotHub = “<<IoTHubName>>”;
string deviceId = “<<DevideID>>”;
string api = “2016-02-03”;

string restUri = String.Format(“https://{0}.azure-devices.net/devices/{1}/messages/events?api-version={2}”, iotHub, deviceId, api);

using (WebClient client = new WebClient())
{
client.Headers.Set(“Content-Type”, “application/json”);
//Proxy – can be deleted
WebProxy wp = new WebProxy(“<<PROXY>>:<<PORT>>”);
client.Proxy = wp;
client.Headers.Set(“Authorization”, “<<SharedAccessSignature>>”);
string res = client.UploadString(new Uri(restUri), s);
Console.WriteLine(res);
}
}

Getting SharedAccessSignature

First, you have to download the Device Explorer from here.

Got to Management and SAS Token.

device_explorer

Generate the SASToken. You need something like this:

SharedAccessSignature sr=<<IOTHUBNAME>>.azure-devices.net%2Fdevices%2F<<DEVIDEID>>&sig=<<SIG>>%3D&se=<<SOMENUMBER>>”

sastoken

 

Convert .NET Dictionary to JSON without Libraries in C#

Problem

  • You want to convert a C# Dictionary to JSON
  • You do not want use external libraries

Solution

private string DictionaryToJson(Dictionary<string, object> dict)
{
string entries = “”;
foreach (KeyValuePair<string, object> entry in dict)
{
if(entries.Length>0)
entries = entries + “,” + “\”” + entry.Key + “\”:\”” + entry.Value.ToString() + “\””;
else
entries = “\”” + entry.Key + “\”:\”” + entry.Value.ToString() + “\””;
}
return “{” + entries + “}”;
}

Install Splunk on Ubuntu and hide behind Apache2 Proxy

Problem

  • Hide Splunk behind Apache2
  • Enable .htaccess
  • Ubuntu 16.04 LTS

Solution

Install Splunk

dpkg -i splunk_package_name.deb

/opt/splunk/bin/splunk start –accept-license

For enable this behavior, please set the following in /opt/splunk/etc/system/default/web.conf

root_endpoint=/NAME

Restart Splunk:

/opt/splunk/bin/splunk restart

Start at boot time:

opt/splunk/bin/splunk enable boot-start

Apache

Enable needed modules:

  • sudo a2enmod proxy
  • sudo a2enmod proxy_http

Edit /etc/apache2/sites-available/000-default.conf

<VirtualHost *:80>
ProxyPreserveHost On

ProxyPass / http://127.0.0.1:8000/NAME
ProxyPassReverse / http://127.0.0.1:8000/NAME
</VirtualHost>

Add .htaccess to VirtualHost

<Location /NAME>
AuthType Basic
AuthName “Wrapper auth”
AuthBasicProvider file
AuthUserFile “/PATHTOHTPASSWD/htpasswd”
Require valid-user
</Location>

Restart

sudo systemctl restart apache2

Install Apache2 with SSL/HTTPs on Ubuntu

Problem

  • You need a Apache2 with HTTPs on Ubuntu

Solution

Prepare

sudo apt-get update && sudo apt-get upgrade -y

sudo apt-get install apache2

Create certificate

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt

You will be asked for some infomation. Just put in, what you want:

Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:

Optional

Create strong Diffie-Hellman

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

SSL Params

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
# Disable preloading HSTS for now. You can use the commented out header line that includes
# the “preload” directive if you understand the implications.
#Header always set Strict-Transport-Security “max-age=63072000; includeSubdomains; preload”
Header always set Strict-Transport-Security “max-age=63072000; includeSubdomains”
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
SSLSessionTickets Off
SSLUseStapling on
SSLStaplingCache “shmcb:logs/stapling-cache(150000)”

Edit /etc/apache2/sites-available/default-ssl.conf

sudo nano /etc/apache2/sites-available/default-ssl.conf

Change to

SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key

Eanble everything

sudo a2enmod ssl
sudo a2enmod headers
sudo a2ensite default-ssl
sudo a2enconf ssl-params

Restart Apache2

sudo systemctl restart apache2

 

 

 

Install RabbitMQ on Ubuntu 16.04

Problem

  • Install RabbitMQ on Ubuntu Server

Solution

Install Repository

echo ‘deb http://www.rabbitmq.com/debian/ testing main’ | sudo tee /etc/apt/sources.list.d/rabbitmq.list

wget -O- https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | sudo apt-key add –

Install RabbitMQ

sudo apt-get update

sudo apt-get install rabbitmq-server

Status

sudo systemctl status rabbitmq-server

Start RabbitMQ

sudo systemctl start rabbitmq-server

Stop RabbitMQ

sudo systemctl stop rabbitmq-server

Limits

sudo nano /etc/sysctl.conf

Add

fs.file-max = 65536

Run

sudo sysctl -p

Edit

sudo nano /etc/security/limits.conf

Add

* soft nproc 65536
* hard nproc 65536
* soft nofile 65536
* hard nofile 65536
root soft nproc 65536
root hard nproc 65536
root soft nofile 65536
root hard nofile 65536

Edit

sudo nano /etc/pam.d/common-session

Add

session required pam_limits.so

Restart

sudo reboot

Ports

Open Ports: 15672 (Mgmt), 5672 and 5671 (Messages)

Management Plugin

sudo rabbitmq-plugins enable rabbitmq_management

sudo systemctl restart rabbitmq-server

Add Admin

rabbitmqctl add_user admin <<password>>
rabbitmqctl set_user_tags admin administrator
rabbitmqctl set_permissions -p / admin “.*” “.*” “.*”

See Management Site

Open http://<<IP>>:15672

Install iTop on Linux

Problem

  • Install itop on Linux with SELinux

Setting

  • Oracle Linux
  • iTop Version 2.3.4

Solution

Install MySQL

yum install mysql mysql-server

#Set root password
/usr/bin/mysql_secure_installation

mysql – u -p <>

mysql> create database itop;
mysql> create user ‘itop’@’%’ identified by ‘itop-password’;
mysql> grant all privileges on itop.* to ‘itop’@’%’;

mysql> quit;

Install Apache and PHP

yum install httpd php php-mysql php-xml php-soap

systemctl start httpd

Get iTop

wget https://downloads.sourceforge.net/project/itop/itop/2.3.4/iTop-2.3.4-3302.zip?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fitop%2Ffiles%2Fitop%2F2.3.4%2F&ts=1502963636&use_mirror=10gbps-io

Files

mv ./web /var/www/itop

cd /var/www/html/itop

mkdir conf
mkdir env-production

chmod 777 conf
chmod 777 data
chmod 777 env-production
chmod 777 log

# If SELinux blocks access
chcon –user system_u –type httpd_sys_content_t -Rv /var/www/html/itop/
# or
sudo setenforce 0

Start install process

Go in your browser and type: http://localhost/itop

Fin