Provision a new Chromebook development environment

Terraform Repository Configuration

The Terraform packages are signed using a private key controlled by HashiCorp, so in most situations the first step would be to configure your system to trust that HashiCorp key for package authentication. For example:

curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -

However, this perhaps is a recent bug: https://github.com/hashicorp/terraform/issues/29663

After registering the key, you can add the official HashiCorp repository to your system:

sudo apt-add-repository "deb [arch=$(dpkg --print-architecture)] https://apt.releases.hashicorp.com $(lsb_release -cs) main"

The above command line uses the following sub-shell commands:

dpkg --print-architecture to determine your system's primary APT architecture/ABI, such as amd64.
lsb_release -cs to find the distribution release codename for your current system, such as buster, groovy, or sid. apt-add-repository usually automatically runs apt update as part of its work in order to fetch the new package indices, but if it does not then you will need to so manually before the packages will be available.

To install Terraform from the new repository:

sudo apt install terraform

Installing Ansible via apt-get

To begin using Ansible as a means of managing your server infrastructure, you need to install the Ansible software on the machine that will serve as the Ansible control node. We’ll use the default Ubuntu repositories for that.

First, refresh your system’s package index with:

sudo apt update

Following this update, you can install the Ansible software with:

sudo apt install ansible

Press Y when prompted to confirm installation.

Your Ansible control node now has all of the software required to administer your hosts. Next, we’ll go over how to set up an inventory file, so that Ansible can communicate with your managed nodes.

Ansible Setup

Tasks:

Ensure you have a sudo non-root user in the home node as well as the remote node
Ensure the .ssh directory is owned by the user
Ensure the .ssh directory has the correct permissions
Ensure the files in the .ssh directory have the correct owner and group

Finally, we’ll ensure that the ~/.ssh directory and authorized_keys file have the appropriate permissions set:

chmod -R go= ~/.ssh

This recursively removes all “group” and “other” permissions for the ~/.ssh/ directory.

If you’re using the root account to set up keys for a user account, it’s also important that the ~/.ssh directory belongs to the user and not to root:

chown -R sammy:sammy ~/.ssh

In this tutorial our user is named sammy but you should substitute the appropriate username into the above command.

Create an inventory file

code inventory

Set the contents as follows:

[dev]
137.184.96.25

[all:vars]
ansible_python_interpreter=/usr/bin/python3

Set the contents of /etc/ansible/hosts

code /etc/ansible/hosts

Set the following content:

[servers]
137.184.96.25
CloudPod ansible_host=137.184.96.25

[all:vars]
ansible_python_interpreter=/usr/bin/python3

Test the connection

ansible all -m ping

Output

137.184.96.25 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
CloudPod | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

some examples of ad-hoc ansible commands

ansible all -m ping
ansible all -m ping -u sammy
ansible all -m ping -u root

ansible all -a "df -h" -u root

ansible all -m apt -a "name=vim state=latest" -u root

ansible CloudPod -m apt -a "name=ansible state=latest" -u root

Step 2 — Copying the Public Key to Your Ubuntu Server

The quickest way to copy your public key to the Ubuntu host is to use a utility called ssh-copy-id. Due to its simplicity, this method is highly recommended if available. If you do not have ssh-copy-id available to you on your client machine, you may use one of the two alternate methods provided in this section (copying via password-based SSH, or manually copying the key).

Copying the Public Key Using ssh-copy-id

The ssh-copy-id tool is included by default in many operating systems, so you may have it available on your local system. For this method to work, you must already have password-based SSH access to your server.

To use the utility, you specify the remote host that you would like to connect to, and the user account that you have password-based SSH access to. This is the account to which your public SSH key will be copied.

The syntax is:

ssh-copy-id username@remote_host

You may see the following message:

Output

The authenticity of host '203.0.113.1 (203.0.113.1)' can't be established.
ECDSA key fingerprint is fd:fd:d4:f9:77:fe:73:84:e1:55:00:ad:d6:6d:22:fe.
Are you sure you want to continue connecting (yes/no)? yes

This means that your local computer does not recognize the remote host. This will happen the first time you connect to a new host. Type “yes” and press ENTER to continue.

Next, the utility will scan your local account for the id_rsa.pub key that we created earlier. When it finds the key, it will prompt you for the password of the remote user’s account:

Output

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
username@203.0.113.1's password:

Type in the password (your typing will not be displayed, for security purposes) and press ENTER. The utility will connect to the account on the remote host using the password you provided. It will then copy the contents of your ~/.ssh/id_rsa.pub key into a file in the remote account’s home ~/.ssh directory called authorized_keys.

You should see the following output:

Output

Number of key(s) added: 1

Now try logging into the machine, with:

ssh username@203.0.113.1

and check to make sure that only the key(s) you wanted were added. At this point, your id_rsa.pub key has been uploaded to the remote account. You can continue on to Step 3.

Copying the Public Key Using SSH

If you do not have ssh-copy-id available, but you have password-based SSH access to an account on your server, you can upload your keys using a conventional SSH method.

We can do this by using the cat command to read the contents of the public SSH key on our local computer and piping that through an SSH connection to the remote server.

On the other side, we can make sure that the ~/.ssh directory exists and has the correct permissions under the account we’re using.

We can then output the content we piped over into a file called authorized_keys within this directory. We’ll use the >> redirect symbol to append the content instead of overwriting it. This will let us add keys without destroying previously added keys.

The full command looks like this:

cat ~/.ssh/id_rsa.pub | ssh username@remote_host "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys"

You may see the following message:

Output

The authenticity of host '203.0.113.1 (203.0.113.1)' can't be established.
ECDSA key fingerprint is fd:fd:d4:f9:77:fe:73:84:e1:55:00:ad:d6:6d:22:fe.
Are you sure you want to continue connecting (yes/no)? yes

This means that your local computer does not recognize the remote host. This will happen the first time you connect to a new host. Type yes and press ENTER to continue.

Afterwards, you should be prompted to enter the remote user account password:

Output

username@203.0.113.1's password:

After entering your password, the content of your id_rsa.pub key will be copied to the end of the authorized_keys file of the remote user’s account.

Alternate install method - download terraform zip file

# get zip file
wget https://releases.hashicorp.com/terraform/1.0.7/terraform_1.0.7_linux_amd64.zip

# unzip file
unzip terraform_1.0.7_linux_amd64.zip 

# check local path
printenv | grep PATH

# move to a location in the existing path
mv terraform /usr/local/bin

# remove zip file
rm terraform_1.0.7_linux_amd64.zip 

# validate version
terraform --version

Terraform v1.0.7
on linux_amd64

create file terraform.tfvars

terraform.tfvars

do_token = ""
ssh_fingerprint = ""

Fill in each variable:

do_token: is your personal access token for the DigitalOcean API
ssh_fingerprint: the DigitalOcean API refers to SSH keys using their fingerprint, which is a shorthand identifier based on the key itself.

To get the fingerprint for your key, run the following command, being sure to update the path (currently ~/.ssh/id_rsa.pub) to the key you're using with DigitalOcean, if necessary:

ssh-keygen -E md5 -lf ~/.ssh/id_rsa.pub | awk '{print $2}'

The output will be similar to this:

MD5:ac:eb:de:c1:95:18:6f:d5:58:55:05:9c:51:d0:e8:e3

Copy everything except the initial MD5: and paste it into the variable.

Now we can initialize Terraform. This will download some information for the DigitalOcean Terraform provider, and check our configuration for errors.

terraform init

You should get some output about initializing plugins. Now we're ready to provision the infrastructure and configure it.

Add Cockpit for system monitoring

sudo apt-get install cockpit

Add local users

https://github.com/coding-to-music/coding-to-music.github.io/issues/238

# add the user
sudo adduser username

# grant sudo
sudo usermod -aG sudo username

# verify 
su - username

Installing the .deb package will automatically install the apt repository and signing key to enable auto-updating using the system's package manager. Note that 32-bit and .tar.gz binaries are also available on the VS Code download page.

The repository and key can also be installed manually with the following script: ::

curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > packages.microsoft.gpg

sudo install -o root -g root -m 644 packages.microsoft.gpg /usr/share/keyrings/

sudo sh -c 'echo "deb [arch=amd64 signed-by=/usr/share/keyrings/packages.microsoft.gpg] 
 https://packages.microsoft.com/repos/vscode stable main" > /etc/apt/sources.list.d/vscode.list'

Then update the package cache and install the package using:

sudo apt-get install apt-transport-https
sudo apt-get update
sudo apt-get install code

sudo apt install gnome-keyring

apt-get update --allow-releaseinfo-change

Installing Visual Studio Code on Ubuntu

https://linuxize.com/post/how-to-install-visual-studio-code-on-ubuntu-18-04

To install Visual Studio Code on your Ubuntu system, follow these steps:

1. First, update the packages index and install the dependencies by typing:
2. `sudo apt update`
3. `sudo apt install software-properties-common apt-transport-https wget`
4. Next, import the Microsoft GPG key using the following [wget command](https://linuxize.com/post/wget-command-examples/):
5. `wget -q https://packages.microsoft.com/keys/microsoft.asc -O- | sudo apt-key add -`
6. And enable the Visual Studio Code repository by typing:
7. `sudo add-apt-repository "deb [arch=amd64] https://packages.microsoft.com/repos/vscode stable main"`
8. Once the [apt repository is enabled](https://linuxize.com/post/how-to-add-apt-repository-in-ubuntu/), install the latest version of Visual Studio Code with:
9. `sudo apt update`
10. `sudo apt install code`

That’s it. Visual Studio Code has been installed on your Ubuntu desktop and you can start using it.

Mount external Drive

https://github.com/coding-to-music/coding-to-music.github.io/issues/259


# install
sudo apt-get install sshfs

# create the local mount point
sudo mkdir /mnt/ap

# mount the remote file system
sudo sshfs -o allow_other,default_permissions,IdentityFile=/home/tmc/.ssh/id_rsa root@xxx.xxx.xxx.xxx:/mnt/ap /mnt/ap

# notice
# /home/tmc/.ssh_id_rsa is supplying the SSH key
# mounting locally to /mnt/ap
# mount root@xxx.xxx.xxx.xxx:/mnt/ap

# to unmount - but it is busy if you are there, issue command where your CWD is not the mount
sudo umount /mnt/ap

sudo sshfs -o allow_other,default_permissions,IdentityFile=/home/tmc/.ssh/id_rsa root@xxx.xxx.xxx.xxx:/mnt/ap /mnt/ap

# validate
df -h

cd /mnt/ap

sudo fdisk -l

# Permenantly mounting the remote file system

nano /etc/fstab

# Scroll the file to the bottom and then paste the following text:

sshfs#user@server_ip:/path/to/mount /mnt/server_folder

# add this to the bottom of the file:
sshfs#root@xxx.xxx.xxx.xxx:/ /mnt/droplet

# for the above example
sshfs#root@xxx.xxx.xxx.xxx:/mnt/ap /mnt/ap

# this example was from here: 
https://askubuntu.com/questions/326977/sshfs-is-not-mounting-automatically-at-boot-despite-etc-fstab-configuration

sshfs#user@host:/remote/dir /local/dir fuse delay_connect,idmap=user,uid=1000,gid=1000,umask=0,allow_other,_netdev,workaround=rename 0 0

Install frequent software

Install Mongo

https://hub.docker.com/_/mongo

docker pull mongo

docker run --name some-mongo -d mongo:tag

... via docker stack deploy or docker-compose

Example stack.yml for mongo:

# Use root/example as user/password credentials
version: '3.1'

services:

  mongo:
    image: mongo
    restart: always
    environment:
      MONGO_INITDB_ROOT_USERNAME: root
      MONGO_INITDB_ROOT_PASSWORD: example

  mongo-express:
    image: mongo-express
    restart: always
    ports:
      - 8081:8081
    environment:
      ME_CONFIG_MONGODB_ADMINUSERNAME: root
      ME_CONFIG_MONGODB_ADMINPASSWORD: example
      ME_CONFIG_MONGODB_URL: mongodb://root:example@mongo:27017/

Try in PWD

http://localhost:8081/

Run 
docker stack deploy -c stack.yml mongo 
or 
docker-compose -f stack.yml up

 wait for it to initialize completely, and visit http://swarm-ip:8081, http://localhost:8081, or http://host-ip:8081 (as appropriate).

Installing MongoDB Compass on Ubuntu 20.04 | Debian 11/10

Download MongoDB Compass with wget command:

wget https://downloads.mongodb.com/compass/mongodb-compass_1.28.4_amd64.deb

sudo dpkg -i mongodb-compass_1.28.4_amd64.deb

# To fix any dependency issues run:

sudo apt -f install

# Launching MongoDB Compass
mongodb-compass

Download MongoDB Compass with wget command:

wget https://fastdl.mongodb.org/mongocli/mongocli_1.20.1_linux_x86_64.deb

dpkg -i mongocli_1.20.1_linux_x86_64.deb

mongocli --version

mongocli config

Configure mongocli get API Public and Private Key

https://docs.mongodb.com/mongocli/stable/configure/#std-label-mcli-configure

root@docker-ubuntu-s-2vcpu-4gb-nyc1-01:~/ap/mongosh# mongocli --version
mongocli version: 1.20.1
git version: 57751bb7f7284e303c4b5105a7254c54f540375f
Go version: go1.17
   os: linux
   arch: amd64
   compiler: gc
root@docker-ubuntu-s-2vcpu-4gb-nyc1-01:~/ap/mongosh# mongocli config
You are configuring a profile for mongocli.

All values are optional and you can use environment variables (MCLI_*) instead.

Enter [?] on any option to get help.

? Public API Key: gexeivgc
? Private API Key: [? for help] ************************************
? Choose a default organization: Tom's Org - 2021-09-19 (6146xxxxxxx5a0b0)
? Choose a default project: Project 0 (6146f93axxxxxxx)
? Default Output Format: json
? Default MongoDB Shell Path: /usr/bin/mongosh

Your profile is now configured.
You can use [mongocli config set] to change these settings at a later time.

Installing Git so you can work with GitHub

Download and install Git

sudo apt-get install git

Now git should be installed. To check use

git --version

git version 2.19.1

Configuring GitHub git config user.name user.email

Once the installation has successfully completed, the next thing to do is to set up the configuration details of the GitHub user. To do this use the following two commands by replacing “user_name” with your GitHub username and replacing “email_id” with your email-id you used to create your GitHub account.

Set the git config global values

git config --global user.name coding-to-music
git config --global user.email connors.tom@gmail.com

To validate correct git setup

git config --list

Check that GitHub can be reached

ssh -vT git@github.com

coding-to-music / coding-to-music.github.io