General - Linux
This section is about how to perform a specific task. If you want to understand how a certain component works, please see Reference
The rest of the page assumes you installed using the ansible playbooks from wire-server-deploy
For any command below, first ssh into the server:
ssh <name or IP of the VM>
Which ports and network interface is my process running on?
The following shows open TCP ports, and the related processes.
sudo netstat -antlp | grep LISTEN
which may yield output like this:
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1536/sshd
How can I see if my TLS certificates are configured the way I expect?
Note
The following assumes you’re querying a server from outside (e.g. your laptop). See the next section if operating on a server from an SSH session.
You can use openssl to check, with e.g.
DOMAIN=example.com
PORT=443
echo Q | openssl s_client -showcerts -connect $DOMAIN:$PORT
or
DOMAIN=example.com
PORT=443
echo Q | openssl s_client -showcerts -connect $DOMAIN:$PORT 2>/dev/null | openssl x509 -inform pem -noout -text
To see only the validity (expiration):
DOMAIN=example.com
PORT=443
echo Q | openssl s_client -showcerts -connect $DOMAIN:$PORT 2>/dev/null | openssl x509 -inform pem -noout -text | grep Validity -A 2
How can I see if my TLS certificates are configured the way I expect (special case kubernetes from a kubernetes machine)
When you first SSH to a kubernetes node, depending on the setup, DNS may not resolve, in which case you can use the -servername
parameter:
# the IP of the network interface that kubernetes is listening on. 127.0.0.1 may or may not work depending on the installation. It's one of those from
# ifconfig | grep "inet addr"
IP=1.2.3.4
# PORT can be 443 or 31773, depending on the installation
PORT=443
# not the root domain, but one of the 5 subdomains for which kubernetes is serving traffic
DOMAIN=app.example.com
echo Q | openssl s_client -showcerts -servername $DOMAIN -connect $IP:$PORT 2>/dev/null | openssl x509 -inform pem -noout -text | grep Validity -A 2