Daily Archives: December 24, 2016

How to setup Mailjet on exim for cPanel dnsonly on Google Cloud

I have been experimenting with Google Compute Engine (GCE) for the past few days. I wanted to migrate a slave DNS server to Google as an experiment and this blog post will talk about the shortcomings, my workarounds, configuration and tips to achieve the goal of having cPanel DNSonly installed and setup using Google’s infrastructure.

What is Google Compute Engine?

Google Compute Engine (or “GCE”) is Google’s answer to Amazon’s AWS, it basically offers you the ability to deploy Virtual Machines (VMs) at Google’s datacenters. In the most simplistics of setups you would use a single VM or “compute instance” and if you wanted to have a more complex setup you could deploy multiple instances in different geographic locations spread across different datacenters in the United States to achieve a more redundant setup or to provide you with better capacity for large traffic workflows.

It all depends on what your goals are, myself I am just starting out with a simple requirement. I would like to use a single compute instance running CentOS linux that runs cPanel DNSonly (proprietary control panel/dns clustering solution for cPanel servers).

The goal is not to host websites or any critical services on this instance, but rather only keep a copy of my DNS zones. If my experiment fails or my instance goes down or gets destroyed there won’t be any losses or damages for this experiment as my primary server is still running on Proxmox PVE.

The limitations of GCE… What I learned so far

GCE instances run behind Google’s firewalls and depending on the datacenter you decide to host your instance your VM will have an internal IP within that datacenters network scope/range (for example: us-central1 datacenter zone has a range for all VMs).

This means that assigning a IPv4 public static IP, which is needed to allow anyone to query the DNS server we’ll be hosting inside this instance will actually have to forward packets to the instances internal network. Not really a big deal unless your application can’t be behind a NAT firewall like it is the case here.

For our intensive use and purposes it is fine. One important issue that I found is that doing any kind of e-mail server related activities on GCE is prohibited (source). You won’t be able to use SMTP (Simple Mail Transfer Protocol) port 25, 465 or 587 to send or receive email.

Now for a DNS server that will not be a mailserver this is not a blocker, but it is really a pain in the ass. Why? because monitoring scripts running on the server need to email the administrator to notify me of issues or errors so they can be investigated.

Continued on the next page.

My first post in 5 years. I’m alive and well

A lot changes in 5 years, where it be in your personal life, social circle or career. It’s been a pretty busy five years since my last post on my website (just checked and it was on 2011/10/20)… so wow 5 years is a long time and a lot has changed since then.

You may be wondering why I stopped posting System Administration tips/code snippets and solutions to problems I have had for the past five years, mainly I have nobody but myself to blame for not dedicating time to writing up more articles but the trigger that caused me to go offline for so long had to do with a security vulnerability that my blog software (wordpress) suffered; back then in 2011 someone had decided to exploit my blog and redirect all my web traffic elsewhere.

As a “nuke it all” overkill solution I decided to take down the website, place a simple index.html site and thought to myself “I will fix my website when I get some free time and wordpress fixes their security” – this also happened during my senior year in college so my time was limited. I was running around trying to finish my last couple of high level courses and my final project to graduate while at the same time working part-time to pay for school.

The good news? In mid 2012 after 5 years at California State University Fullerton (CSUF) I had finally completed all my courses and obtained my Business Management Computer Information Systems degree. Shortly after that I started concentrating on my career. My internship at a major bank in southern California had yielded me a nice full-time job offer right out of college and so I went from being a full-time student into becoming a full-time Network Operations Center Technician.

During my time working in a Network Operations Center (NOC) I learned a lot about being a part of corporate america, but I learned way more about networking. This incentivized me to pursue and become better in networking by studying and successfully obtaining the Cisco Certified Entry Networking Technician (CCENT).

The thirst for more career growth

Work at the bank was good, but my learning had plateau for a good 12 months and opportunities to transfer into a Network Engineer role was non-existent, so I started looking elsewhere for opportunities while still working full-time at the NOC.

A few weeks into my job search I came across an opportunity on LinkedIn for a very small company I had never heard from before, they claimed on their website that their business was digital media and asset delivery. At the time I did not understand much other than some sort of transcoding in the cloud was what they did.

Sure enough, submitted my resume and the next day received a phone screen and an invite to come for an onsite interview in their office in Los Angeles. The job opportunity was for a linux system administrator role with networking duties in a datacenter environment.

Although in my professional career I had never used Linux, I did have some personal experience with Linux as I had been experimenting and using Redhat Linxu 7.2 since the early 2000s (back when Redhat was free! and wayy before Fedora even existed). After a written technical test on linux, of 25 questions or so I did get about 17 of my answers right and so I ended up with a job offer as a System & Network Engineer.

I was excited, I decided to take the plunge and leave a relatively safe position at a bank with no growth into the unknown of a job that depended on my linux skills. It was a perfect mix as I would still be able to use my networking skills by being responsible of the datacenter deployments in Los Angeles for this little company that had just hired me.

The green card crusade is finally over… and the job at Google

Fast forwarding a couple of years, I was able to finally get my green card after waiting in line and dealing with all the red tape that is involved with trying to become a permanent resident the right way.

Around the same time, I had accepted a job offer with Google in their Los Angeles office and that is where I have been for almost two years. During my time at Google I still try to learn new skills on my own and play around with new technologies, just a few months ago in October 2016 I attended PuppetConf 2016, studied and passed their Puppet Certified Professional 2016 exam.

As you can see, it has been a pretty busy five years for me. A lot of learning, growth, career moves and finally achieving one of my most ambitious goal, becoming a U.S. permanent resident.

What’s next for 2017?…

Learning never stops and if there is something I regret is not bringing back my website back online sooner. I have worked on some cool things and have found a couple tips and solutions that originally took me several days or even weeks to learn. As a first step for the next year I am hoping to be able to use my blog again to help people find all this information and help others grow.

The technology landscape also keeps continually changing, recall my post discussing building a vmware ESXi (all-in-one) server. Nowadays there are exciting new technologies like Docker that I am hoping to dig into it myself sometime soon.