Update openSSL to latest 1.1.1 version (1.1.1w)

 

By the time(2024) one our system use this old OpenSSL version 1.1.1g and we are going to update it to latest version of 1.1.1 openSSL version.

1st we verify the current verions of openSSL.

openssl version.

Then we need to download openssl. By the time the latest version of openSSL does not appear in directly openSSL downloads. Therefore, we need to fetch it from archive.  

Archive page:https://openssl-library.org/source/old/1.1.1/index.html

1.  Fetch the tarball: wget https://github.com/openssl/openssl/releases/download/OpenSSL_1_1_1w/openssl-1.1.1w.tar.gz
2. Unpack the tarball with tar -zxf openssl-1.1.1g.tar.gz && cd openssl-1.1.1g
3. Issue the command ./config.
4. Issue the command make (You may need to run sudo apt install make gcc before running this command successfully).
5. Run make test to check for possible errors.
6. Backup current openssl binary: sudo mv /usr/bin/openssl ~/tmp
7. Issue the command sudo make install.
8. Create symbolic link from newly install binary to the default location:

9. sudo ln -s /usr/local/bin/openssl /usr/bin/openssl
   

10. 
    
11. Run the command sudo ldconfig to update symlinks and rebuild the library cache.

Assuming that there were no errors in executing steps 4 through 10, you should have successfully installed the new version of OpenSSL.

Again, from the terminal issue the command to verify the installation:

openssl version

කරුණාදාසගේ උකස් කොලේ CHORDS

Lyrics and Vocal- Shanaka Udara
Sub vocal- Nuwan Dharshana Weerakoon
Music - Shayan Vimukthi Panda Six
Video production - Art Armory productions
Guitar- Deshanka Weerasooriya



C                         
කරුණාදාසගේ සාක්කුවේ
F                    Am
ගැඹුරේ තිබු ඒ උකස් කොලේ
Dm                                       G
හුඟක්ම දාඩියටයි තෙත්වෙන්නේ...
Dm                       G            C              
අව්වේ සැරටම ආයෙත් වේලෙන්නේ...

C
කරුණාදාසගේ උකස් කොලේ
F
පහේ කාසි යට තෙරපෙන්නේ
Am                                      G
තෙරපී තෙරපී මිරිකී යට යන්නේ...
Dm                              G                          C     
ඉරුණොත් අම්මපා මොන දෙයියද දන්නේ...

C
පොඩි එකීට ඇස්ටෝන්
Am
ලඟ ලඟ දන්නැද්දෝ
Dm
ලොකු කෙලීට ලැප්ටොප්
C
ඔලු පොලේ ගහන්න වෙන්නැද්දෝ...

C                                                     Dm
යකඩ ඉන්නටයි පොක්කලන් කැඩුණේ
Am
පාරේ වලවල්වලයි ජීවිතේ ගෙවුණේ
Dm                                                    G
පඩියම ඉවරයි ණය ටිකයි ගෙවුණේ
G
අන්තිමේ කසාද මුද්දටත් කෙලියේ

C                                          Dm
බෝතල් පිරිච්ච රාක්ක එහෙමත්
Am
කරුණාදාසට හිනාවෙයි කොහොමත්
Dm
කොහොමනමුත් එක උගුරයි මොන කාලත්
C                   G
සංතෝසය තිබුණේ...

C
සෑහෙන්න බෑ මූට
Am
පෑහෙන්නෙ පාරමයි
Am                      D
රෑ වෙන්න වෙන්න තව
Am
ස්පාත් කතාකරයි...

C
වේලෙන්නෙ වැස්සටයි

පාරෙ වතුරෙන් එකයි
Am
දාසගේ රස්සාව

එහෙම්මම වතුරේ යයි...

C                      Am
තිබුණානම්... වඩයක්වත්...//

C
ගොනා ඇන්නේ දාසගේ ගෑනිට බන්
F
වැටෙන්න ගහකුත් නෑ ඌට දැන්
Am                                    G
අතහැරියේ ඌ හීනයි පොදි ගණන්...
                                                                       C
හිටිගමන් පිස්සා දුවයි කෝච්චිය ලඟම ලඟ‍යි...

C
උකස් කොලේ කාපුදෙන් යකඩ යකා
Am                                    F
හිතන් දාස රේල් පාරේ දිගා උනා
Dm                                                         G
ලඟ එන කෝච්චිය පොඩි දුව මතක් කරා
Dm                                                          C
දාසගේ ඔලුවේ බර බෙල්ලත් එක්ක ගියා...
Dm                                                           C
උකස් කොල දහස් ගණන් උගේ බෙල්ල උඩින් ගියා...

 

EKS change ownership of cluster.

Issue:
Your current user or role does not have access to Kubernetes objects on this EKS cluster

This may be due to the current user or role not having Kubernetes RBAC permissions to describe cluster resources or not having an entry in the cluster’s auth config map.

Root Cause:
When an EKS cluster created by an IAM user, the auth config map only recorded by that specific IAM user name. In such kind of scenario any other IAM user will not be able, read, write cluster properties even the account administrator.

Best practice:
AWS EKS best practice is the using separate IAM user/role to create or operate clusters to avoid such kind of scenarios.

Fix:

Please note that, you should have AWS administrator access to perform this.

Step 1: Get cluster creation role.

Either, we should know the cluster creation role or it should be retrieved by aws internal-control-plane. But none of AWS user do not have permission for this, hence, we have to get AWS technical support for this action.

Step 2: Generate new access key for cluster owner.

Please note that, this can be done only if cluster owner still exist in AWS IAM accounts,
Otherwise, create a new IAM user with the same name and proceed to next steps.

Goto AWS IAM service and select the cluster owner. Then select “Security Credentials tab“ below over there create new access key.

Step 3: Define cluster owner access ID to aws cli.

Edit ~/.aws/credentials file and include cluster owner programmatic access credentials over there.
First, backup your credentials as another profile and add cluster owner credentials as default.

Step 4: Verify active user.

aws sts get-caller-identity

Output should be like this, you should get the cluster owner arn in the ARN field :

{

"UserId": "AIDAQDUJLDNY5HP6BVNL5",

"Account": "007804230513",

"Arn": "arn:aws:iam::007804230513:user/kavishka"

}

Step 5: Change to kubeconfig to related cluster.

You need to update cluster config to the related cluster. In order to do that change name and region in following command.

aws eks update-kubeconfig --name bahasanlp --region ap-southeast-1

Step 6: Verify the cluster and nodes.

kubectl get nodes

Sample output:
NAME STATUS ROLES AGE VERSION

ip-192-168-17-164.ap-southeast-1.compute.internal Ready <none> 28d v1.19.6-eks-49a6c0

ip-192-168-182-188.ap-southeast-1.compute.internal Ready <none> 76d v1.19.6-eks-49a6c0

Step 7: Change the owner to the current user.

In following command define the cluster name, region and user arn of new user accordingly and execute the command.

eksctl create iamidentitymapping --cluster bahasanlp --region=ap-southeast-1 --arn arn:aws:iam::007804230513:user/kavishka --group system:masters --username admin

Step 8: Revert back aws auth config.

Edit ~/.aws/credentials file again and remove previous cluster owner credentials.

Step 9: Verify active user.

aws sts get-caller-identity

Output should be like this, you should get the cluster owner arn in the ARN field :

{

"UserId": "AIDAQDUJLDNY5HP6BVNL5",

"Account": "007804230513",

"Arn": "arn:aws:iam::007804230513:user/kavishka"

}

Step 6: Verify the access cluster and nodes.

kubectl describe cm aws-auth -n kube-system
If you have change the cluster owner successfully, the output must be like following,

Name: aws-auth
Namespace: kube-system
Labels: <none>
Annotations: <none>

Data

mapRoles:

• groups:

  • system:bootstrappers

  • system:nodes
    rolearn: arn:aws:iam::007804230513:role/eksctl-airflow-nodegroup-workers-NodeInstanceRole-74NMVN4R9NC2
    username: system:node:{{EC2PrivateDNSName}}

mapUsers:

• groups:

  • system:masters
    userarn: arn:aws:iam::007804230513:user/kavishka
    username: admin

Events: <none>

 

Setup username-token authentication for Gradle

 

What is github authentication?

Well as it sounds, github authentication is used for accessing github resources(repositories/registries). 

Also github offering various kind of authentication methods to authenticate a resource. You have to use one of them in most cases and unless the resources is not public.

Let’s have a look on authentication methods in github.

• username - password authentication
• ssh authentication
• Token authentication 
• SSO authentication

why we need token authentication for github?

So as we discussed there are few authentication methods in github. But, why we need token authentication with gradle?

The simplest answer is “to access to github registry packages”

In gradle, it is not supported to ssh or sso authentication. So we have to choose user-pass authentication or token authentication,

Under the best practices and security reasons best option is using token authentication.

Setting up Token authentication in github and gradle

Github:

1. Verify your email address, if it hasn't been verified yet.
2. In the upper-right corner of any page, click your profile photo, then click Settings.

3. In the left sidebar, click Developer settings.

4. 
   

5. Click Generate new token.

6. Give your token a descriptive name.
7. Select the scopes, or permissions, you'd like to grant this token. To use your token to access repositories from the command line, select repo.

8. Click Generate token.

Setting up github token with gradle

To use github token in gradle you need to add it to gradle global properties

The global properties file should be located in your home directory:

• On Windows: C:\Users\<you>\.gradle\gradle.properties
• On Mac/Linux: /Users/<you>/.gradle/gradle.properties

Replace youre username and Token.

USERNAME="Your username"

TOKEN="Your password"

• 
  

Now try to build your favorite gradle project.