Multiverse: Science or Fiction?

Written on Mon, 21 November 2016

The concept of multiverse is really easy to understand, i.e., there is more than 1 universe. It is also called Many-worlds. How scientific is that concept?

To begin with, we must realise that no one has ever observed another universe. Nothing has been measured and recorded that strongly indicate a multiverse. Before the multiverse idea came, many viewed reality as a single unfolding history. It was Edwin Schrodinger who proposed that reality is like a tree with many branches, each with every possible quantum outcome realised. Every possible outcome is a history of its own, thus a world of its own. While many studies have been dedicated to this notion, none of it has ever proven multiverse existense.

A work of Fiction

If this is starting to sound like science fiction, because that's what it is. It's a work of fiction. Multiverse has got nothing to do with science. It is merely an idea in an attempt to reconcile the improbability of life with reality. Even Stephen Hawkings admits that "a DNA molecule arising by random fluctuations are very small", let alone life itself. But if there were an infinite number of universe, then that eliminates probability and introduces inevitability. After all, many studies have indicated a Fine-tuned Universe. It would take an infinite amount of outcomes for our universe to exist.

Getting rid of Design

Since the beginning, evolutionist have been attempting to get rid of the idea of design, despite evidence of it. When they proposed the idea that we are mere descendents of single-cell organism, they are essentially telling us we are nothing more than animals. When the idea of life happening else where came about, they are essentially telling us that we, and the Earth, are not as unique as we think. The idea of multiverse is also the same, that we, and the Earth, and the universe, are not as unique as we think.

The whole idea of us being an accident, and not designed, is built on nothing more than faith. None of the proposed ideas has been observed, much less proven. They remain nothing more than ideas.

Fearfully and Wonderfully Created

To think that we are merely products of a mathematical equation, is to devalue life. But we are not an accident, we a purposefully designed being. The evidence of design is everywhere, from the simplest DNA to the most enormous star in our observable universe. None of the properties of our universe could come about by chance.

High Availability Storage with iSCSI

Written on Thu, 3 November 2016

If you have built storage devices, you know that hardware will eventually fail you one day. This is no exception when it comes to cloud storage. Although I recommend using AWS S3, you might have occasions where you just need to use iSCSI for data storage in the cloud and still need the ability to grow storage. Here's a tutorial for that.

You can perform this tutorial on-premise too. You just need to replace the cloud related devices to your physical ones.

I followed many tutorials from many different sites that I could no longer keep track. So here's a thank you to Google for helping me search through the sea of wonderous content to make this tutorial possible. There was very few tutorial on this subject on Ubuntu, let alone Ubuntu 16.04. Most of the tutorials I run across is based on Centos. But fear not, I have overcomed the dragons and I present you this tutorial on Ubuntu 16.04.

Disclaimer: I didn't actually build this on AWS yet. I used virtual machines on my xenserver. Once I have tried it on AWS, I'll update this tutorial and remove this disclaimer.

---

By the end of this tutorial, you will have:

• 2 EC2 instances for File Storage with 500GB each, excluding disk for Os

What you need

• Amazon Web Service account
  • Some knowledge administrating the AWS console
• Basic linux administration experience
• Some Networking Knowledge

---

Preparations

We are going to prepare the materials for the following tutorial.
Setting up Security Group for File Server
First, we create a security group for your file server. Configure accordingly for your use case.

• Name: Fileserver for Webserver
  • Description: Fileserver
  • Inbound Port: 22
    • Source: Anywhere
  • Inbound Port: 3260
    • Source: Custom - Select the previous Security Group: Webserver you created
  • Inbound Port: 7788
    • Source: Custom - Select the Security Group: Fileserver. This is tricky. You need to create this Group without this rule first, then edit it and add this rule.
  • Inbound Port: 7789
    • Source: Custom - Select the Security Group: Fileserver. This is tricky. You need to create this Group without this rule first, then edit it and add this rule.

---

Setting up your File Storage

We set up 2 EC2 instances here in 2 different availability zone for high availability.

Step 1: Choose AMI
When launching a new instance, choose Ubuntu 16.04.

Step 2: Choose Instance Type
Instance type: t2.nano (Choose the type that suits your production environment)

Step 3: Configure Instance
Here's where you ensure High Availability. You need to set up your instance such that they exist in different availability zone, so that if 1 zone goes bad, another zone serves as backup. For now, you launch 1 instance in ZoneA. Later, you need to repeat all the steps here for ZoneB.

Step 4: Add Storage
Here's the important part of the tutorial. The AMI you selected uses 8GiB to run. In most cases, this is more than enough to run the OS and the application you want to use. By the end of the tutorial, you will still have about ~6GiB to play around with.

Next, let's add another volume to the instance and give it 500GiB, more if your production environment needs it. This will be the volume for web hosting. For volume type, choose the one that suits your production environment. For tutorial purposes, "Cold HDD (SC1)" is good enough.
Volume Type: Cold HDD (SC1)
Size: 500GiB

Step 5: Tag Instance
Configure the tags you need. I recommend that you name the instance as FS1 for your first instance, and FS2 for your second instance.

Step 6: Configure Security Group
Use the security group you made, Fileserver.

Step 7: Review Instance Launch
Have a final check on the settings and configuration. If everything is good, go ahead and launch the instance. It will take about 5 minutes.

Set up the second file server instance by repeating the steps above. Be sure to launch your instance in ZoneB for HA and name your instance a different name so that you can differentiate easily.

---

Configuring infinite storage for your file servers

Know your instance IP address name hostname. You will need it later for your configuration. Look into your EC2 details in the AWS console and find the private IP and private DNS. It should look like:

• FS1
  • IP Address: 10.0.0.2
  • ip-10-0-0-2.ec2.internal
• FS2
  • IP Address: 10.0.0.3
  • ip-10-0-0-3.ec2.internal

Your ip address will be different from mine. Another important thing to note, your VPC must be able to resolve DNS hostname. Enable it in your AWS console if it isn't. Otherwise, the hostname cannot be resolved in the file servers we are about to configure.

Let's make sure your file server has the latest patches

apt-get update
apt-get -y dist-upgrade
apt-get -y autoremove

After an update, it's usually a good idea to give your instance a reboot

reboot

Look for your attached hard disk of 500GiB.

parted -l

It should look something like these if you've followed the previous steps accordingly.

So our hard disk is /dev/xvdb. We are going to let LVM manage this disk.

pvcreate /dev/xvdb

Next, we are going to create a volume group called "inifinitestoreVG" with the hard disk.

vgcreate infinitestoreVG /dev/xvdb

We can't use all 500GiB because LVM just seems to need some space for itself. 0.1GiB ain't significant when you can infinitely add storage anyway. So for the LUN, we will use 499.9GiB.

lvcreate -n infinitestoreLV -L 499.9g infinitestoreVG

Let's look at your Logical Volumes.

lvdisplay

---

Configuring DRBD

This section of the tutorial involves both nodes. All commands are executed on both nodes.

We need to install drbd8-utils and pacemaker. We will also use ntp for accurate time sync

apt-get install -y drbd8-utils pacemaker corosync ntp tgt

Avoid the DRBD startup script from being automatically launch at startup

update-rc.d -f drbd remove

We need to configure the hosts.

nano /etc/hosts

Ensure that the entry looks like this:

10.0.0.2 ip-10-0-0-2.ec2.internal ip-10-0-0-2
10.0.0.3 ip-10-0-0-3.ec2.internal ip-10-0-0-3

Your IP and DNS will likely be different, so use yours.

Edit drbd configuration and define the resource.

nano /etc/drbd.d/iscsi.res

Add the following to the file.

resource iscsi {
on ip-10-0-0-2 {
device /dev/drbd0;
disk /dev/infinitestoreVG/infinitestoreLV;
address 10.0.0.2:7788;
meta-disk internal;
}

on ip-10-0-0-3 {
device /dev/drbd0;
disk /dev/infinitestoreVG/infinitestoreLV;
address 10.0.0.3:7788;
meta-disk internal;
}
}

Be sure to replace the hostname and the ip address to match yours.

Initialize the meta-data disk on both servers.

drbdadm create-md iscsi
drbdadm up iscsi

if these commands check with you on whether to destroy existing data or not. Just reply yes. It's a new disk anyway.

Now restart drbd service

service drbd restart

---

Preparing DRBD for iSCSI target

In this section of the tutorial, all commands are specific to each node and will be indicated.

We will use node1 as the primary for the drbd device that will contain the iSCSI configuration files and initiate first full sync.

[node1] drbdadm -- --overwrite-data-of-peer primary iscsi

Check the progress of sync with:

[node1] cat /proc/drbd

---

Pacemaker and Corosync Configuration

Generate a key for the cluster to communicate with each other. Be prepared for tired fingers.

[node1] corosync-keygen

Then we copy [node1]/etc/corosync/authkey to the other node either through SFTP or other means to [node2]/etc/corosync/authkey. Ensure it has the right permissions on both nodes.

chmod 644 /etc/corosync/authkey

Now we are going to tell Corosync the cluster we are making on both nodes. In AWS, broadcast is disabled, so we must specify the individual members of the nodes manually. We will also have to use UDPU as the transport protocol.

We open up /etc/corosync/corosync.conf on both nodes.

nano /etc/corosync/corosync.conf

If there is anything existing, leave it as it's default. Your bindnetaddr is the network address, not the node address. Your totem configuration should look something like this:

totem {
version: 2
secauth: off
interface {
member {
memberaddr: 10.0.0.2
}
member {
memberaddr: 10.0.0.3
}
ringnumber: 0
bindnetaddr: 10.0.0.0
mcastport: 5405
ttl: 1
}
transport: udpu
}

Now append the following to the file.

service {
name: pacemaker
ver: 1
}

Save this file and proceed.

Open /etc/default/corosync on both nodes.

nano /etc/default/corosync

Now set this configuration. If it does not exist, just append it to the file.

START=yes

If your drbd sync is complete, it is a good time to reboot the computer for all the settings to take effect. Otherwise, just wait for a bit till the sync finishes.

cat /proc/drbd
reboot

Now let's see Cluster Resource Mamangement (CRM) in action.

crm_mon

You should see that a connection has been established. If it's attempting to connect, somewhere has gone wrong. Restart the tutorial.

We configure the CRM on node 1.

[node1] crm configure

These are the configurations you need to type

[node1] primitive p_drbd_iscsi ocf:linbit:drbd params drbd_resource="iscsi"
[node1] primitive p_target_iscsi ocf:heartbeat:iSCSITarget params implementation="tgt" iqn="iqn.2016-10.me.shurn:disk.0" tid="1" additional_parameters="DefaultTime2Retain=60 DefaultTime2Wait=5" op monitor interval="10"
[node1] primitive p_lu_iscsi_lun1 ocf:heartbeat:iSCSILogicalUnit params lun="1" path="/dev/drbd0" target_iqn="iqn.2016-10.me.shurn:disk.0" op monitor interval="10"
[node1] primitive p_ip ocf:heartbeat:IPaddr2 params ip="10.0.0.4" cidr_netmask="16" nic="eth0"
[node1] ms ms_drbd_iscsi p_drbd_iscsi meta notify="true" master-max="1" master-node-max="1" clone-max="2" clone-node-max="1"
[node1] order o_drbd_before_target inf: ms_drbd_iscsi:promote p_target_iscsi:start
[node1] order o_target_before_lun inf: p_target_iscsi:start p_lu_iscsi_lun1:start
[node1] order o_drbd_before_ip inf: ms_drbd_iscsi:promote p_ip:start
[node1] colocation c_drbd_with_target inf: p_target_iscsi ms_drbd_iscsi:Master
[node1] colocation c_drbd_with_lun inf: p_lu_iscsi_lun1 ms_drbd_iscsi:Master
[node1] colocation c_drbd_with_ip inf: p_ip ms_drbd_iscsi:Master
[node1] property stonith-enabled=false
[node1] property no-quorum-policy=ignore
[node1] commit
[node1] exit

Verify that the changes you have done is in effect

crm status

---

You are done

If you are building an application that wants to use HA iSCSI instead of standalone iSCSI, such as Xenserver and VDI, you now have a peace of mind.

Installing Zimbra with Docker

Written on Tue, 11 October 2016

Installing Zimbra on your own can be quite a daunting task for even experienced administrators. Fortunately, with docker, the process is very much simplified. On top of that, you will also get to have letsencrypt certificates running on your mail server.

The following tutorial is based on Zimbra Community Docker, zextras' docker page, Certbot Installation and Zimbra's letsencrypt installation.

Step 1: Getting Docker

It goes without saying that you must get docker. Check out my tutorial for more information.

Step 2: Getting the docker image

We will be using the image from xextras and also its 8.7.0 version.

docker pull zextras/zimbra8:8.7.0

Step 3: Launch the image

There will be some configuration you need to do.

According to zextras instructions:

• EXTERNALDNS: Provide your upstream DNS server for resolutions other than the container itself. You can modify configuration later by adding config lines to dnsmasq configuration (/etc/dnsmaq.conf). Default value is 8.8.8.8.
• MAILBOXD_DEBUG: If set to "yes", copies the zmmailboxdmgr.unrestricted executable over zmmailboxdmgr and applies some magic options (Default value is "no").
• PASSWORD: no need to go deeper, huh? :-P
• TIMEZONE: The timezone of the container and the principal domain of Zimbra. It must be specified according to Zimbra timezones. Default Value: "Etc/UTC"

Host name is required. Make sure the DNS mx entry by your DNS provider is pointing to the IP of the machine your are installing. Your hostname should be something like mail.domain.tld. Be sure to replace this with your own hostname.

There will also be many ports to forward. Here's how the command will look like:

docker run -d -p 25:25 -p 80:80 -p 465:465 -p 587:587 -p 110:110 -p 143:143 -p 993:993 -p 995:995 -p 443:443 -p 8080:8080 -p 8443:8443 -p 7071:7071 -p 9071:9071 -h mail.domain.tld -v ${your-authorized_keys}:/root/.ssh/authorized_keys -e TIMEZONE="Asia/Singapore" -e PASSWORD="SUPERSECRETPASSWORD" -e MAILBOXD_DEBUG="no" zextras/zimbra8:8.7.0

This command will take about 5 minutes to complete, depending on your hardward capabilities. Have a cup of drink while you wait.

Browse to your domain, https://mail.domain.tld, on your browser to see if it's working. If you see that your site is insecure, it's due to self-signed certificates. Proceed to next step once you see this.

Step 4: Get Letsencrypt Certificate
We are going to install letsencrypt into the container itself. Let's list out the containers so that we can attach to the container.

docker ps

You will see a big bunch of details due to the number of ports we port forwarded. We need to look out for the container id, which will look like 250a24730351. Let's get attached to this container:

docker exec -it 250a24730351 /bin/bash

Now login to zimbra user

su zimbra

Disable these 2 services.

zmproxyctl stop
zmmailboxdctl stop

Exit back to root user

exit

We need to get the certbot that will issue us certificates.

cd /root
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

We must run the certbot script so that it installs all its dependencies to make issuing cert works.

./certbot-auto

Select yes if it prompts you to install additional packages
Let's get the certbot to issue us a cert.

./certbot-auto certonly

When it prompts you how you would like to authenticate, select "Spin up a temporary server (standalone)". Then enter your email so that letsencrypt can contact you for lost key recovery and other urgent notices. Agree to the terms and conditions. Enter the hostname of your server, like mail.domain.tld. Your certificate will be stored in /etc/letsencrypt/live/mail.domain.tld/fullchain.pem.

I highly recommend backing up your certs, up to this point.

Step 5: Installing the cert in Zimbra

Now, we need a proper Intermediate CA plus Root CA in chain.pem file. Open up chain.pem file.

nano /etc/letsencrypt/live/mail.domain.tld/chain.pem

Append the following text to the file. Do not remove previous text. Just add the follow right after the original text ends.

-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----

Create a folder that Zimbra will read the certs from.

mkdir /opt/zimbra/ssl/letsencrypt

Then we link everything that's in /etc/letsencrypt/live/mail.domain.tld/ to the new folder and set permissions for zimbra to read.

ln -s /etc/letsencrypt/live/mail.domain.tld/cert.pem /opt/zimbra/ssl/letsencrypt/cert.pem
ln -s /etc/letsencrypt/live/mail.domain.tld/chain.pem /opt/zimbra/ssl/letsencrypt/chain.pem
ln -s /etc/letsencrypt/live/mail.domain.tld/fullchain.pem /opt/zimbra/ssl/letsencrypt/fullchain.pem
ln -s /etc/letsencrypt/live/mail.domain.tld/privkey.pem /opt/zimbra/ssl/letsencrypt/privkey.pem
chmod 777 -R /etc/letsencrypt/live
chmod 777 -R /etc/letsencrypt/archive

Let's log in as zimbra and verify the certs

su zimbra
cd /opt/zimbra/ssl/letsencrypt
/opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem

Once you see that the certs are valid, we need to link the privkey to the commercial path.

exit
ln -s /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key

Now, it's time to deploy!

su zimbra
/opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain.pem

We restart zimbra and go to the browser with https in your url to see your achievement!

zmcontrol restart

Congratulations! You have working mail server with a certificate from letsencrypt.

Renewing Cert

So the time has come to renew the certificate. As you need to go through specific steps to renew the cert, we cannot use the automated renewal provided. Here's how to renew certificate, if you have followed the tutorial accordingly.

Login to zimbra user

su zimbra

Disable these 2 services.

zmproxyctl stop
zmmailboxdctl stop

Renew the certificate

cd /root
./certbot-auto renew

We must append the CA to the certificate again as the renewal process removed it.

nano /etc/letsencrypt/live/mail.domain.tld/chain.pem

Append the following text to the file. Do not remove previous text. Just add the follow right after the original text ends.

-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----

Verify that the certificate works:

cd /opt/zimbra/ssl/letsencrypt
/opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem

Then deploy and restart zimbra services.

/opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain.pem
zmcontrol restart

That's it! Now you have another 3 months of certificate.

Multiple SSL Certificates per domain each

It is quite common to have multiple domains in a zimbra server. After all, it's cost-efficient and network-efficient to consolidate domains into 1 server. I assume you have already generated your other certificates from the instructions before, and you have already restarted zimbra, but you did not install the certificate.

• Domain: myawesomedomain.com
• Mail Server Domain: mail.myawesomedomain.com

Add the virtual host name.

su zimbra
zmprov md myawesomedomain.com zimbraVirtualHostName mail.myawesomedomain.com zimbraVirtualIPAddress 1.2.3.4
exit

Make sure you use your IP address. If you are behind firewall or NAT, make sure you use your public address instead of local address.

We must append the CA to the certificate.

nano /etc/letsencrypt/live/mail.myawesomedomain.com/chain.pem

Append the following text to the file. Do not remove previous text. Just add the follow right after the original text ends.

-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----

Let's verify that the certificate works:

su zimbra
/opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem

We need to merge the certificate and the chain into a single file.

cat cert.pem chain.pem >> myawesomedomain.com.bundle

Now we save the certificate to LDAP.

/opt/zimbra/libexec/zmdomaincertmgr savecrt myawesomedomain.com myawesomedomain.com.bundle privkey.pem

The syntax for this command is:

/opt/zimbra/libexec/zmdomaincertmgr savecrt

Now we deploy the certificates.

/opt/zimbra/libexec/zmdomaincertmgr deploycrts

Let's ensure SNI is enabled in all proxies.

zmprov mcf zimbraReverseProxySNIEnabled TRUE

If you are using other proxies, make sure all of it has SNI enabled.

Restart Proxy.

zmproxyctl restart

That's it! You can now browse to the domain and see your work. Repeat these steps as many times as you have domains.

Learning Machine Learning with Josh Gordon

Written on Thu, 29 September 2016

You won't believe how amazingly easy to understand machine learning with Josh Gordon from Google. He has explained almost everything in the simplest steps for any beginner to understand.

Needless to say, you are expected to already know some programming language and linux administration. This is not for absolute IT beginner, but for those who are already programmers, wanting to picking Machine Learning. Be sure to check out his channel.

Here's the first tutorial for you to get started:

Creating Custom Ubuntu Containers in Docker

Written on Thu, 29 September 2016

Sometimes, you don't want to use any docker images created by community, but created your own, for many reasons:

• You built your own application and you want to make an image out of it
• You are using readily available images, but you made so much customisation you rather make a new container out of it
• You want to maintain your own image, maybe because the original author no longer maintains it

Whatever the reasons, let me guide you through the steps to create a new image from Ubuntu base.

Download Ubuntu Image

We are going to take the existing Ubuntu 16.04 image and configure it from there. The current latest Ubuntu version at the time of writing is 16.04.

docker pull ubuntu:16.04

You should see somewhat the following:

16.04: Pulling from library/ubuntu
cad964aed91d: Pull complete
3a80a22fea63: Pull complete
50de990d7957: Pull complete
61e032b8f2cb: Pull complete
9f03ce1741bf: Pull complete
Digest: sha256:28d4c5234db8d5a634d5e621c363d900f8f241240ee0a6a978784c978fe9c737
Status: Downloaded newer image for ubuntu:16.04

Next, run the image in bash

docker run -i -t ubuntu:16.04 /bin/bash

Let's make sure we update the ubuntu image with the latest patches:

apt-get update
apt-get dist-upgrade

Next, you may go ahead to install whatever application you want and customise it. Once you're down, you can exit the container.

exit

Generate an image from the container

Show the list of containers.

docker ps -a

It should look like this:

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9dbd13c7a5ba ubuntu:16.04 "/bin/bash" 33 minutes ago Exited (0) 10 minutes ago compassionate_joliot

Take note of the Container ID. You need it to make a new image

Next, we need to commit this as a new image.

docker commit 9dbd13c7a5ba newimagename:v1

Be sure to use your container ID and name the container accordingly.

You will now see the new image you've created when you list the images.

docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
newimagename v1 29d9cae9fdfd 9 minutes ago 166 MB
ubuntu 16.04 c73a085dc378 2 days ago 127 MB

Run the new docker image

Now run the newly created docker image

docker run -i -t newimagename:v1 /bin/bash

Substitute the name of the image name with yours.

There you go. You are now running an instance of the newly created image. Exit from the image and list the containers to see your achievement.

exit
docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
273f542f36e5 newimagename:v1 "/bin/bash" 14 seconds ago Exited (0) 10 seconds ago cranky_pike
9dbd13c7a5ba ubuntu:16.04 "/bin/bash" 43 minutes ago Exited (0) 19 minutes ago compassionate_joliot

You can see the new container is created from your new image.