Friday, May 1, 2020

Create Private Docker Registry with SSL

In this post we will see Create Private Docker Registry with SSL (TLS support)So you will able to push to your own image to secured registry and can pull from it.
Here is the process:


Create Directory 

mkdir -p /opt/docker/containers/docker-registry/certs

Create certification
openssl req  -newkey rsa:2048  -nodes -sha256 -x509 -days 365  -keyout /opt/docker/containers/docker-registry/certs/docker-registry.key  -out /opt/docker/containers/docker-registry/certs/docker-registry.crt

Create Auth Directory
mkdir -p /opt/docker/containers/docker-registry/auth

Create Entrypoint for authentication for registry
docker run  --entrypoint htpasswd  registry -Bbn docker d0ck3rrU73z > /opt/docker/containers/docker-registry/auth/htpasswd

Create directory for registry
mkdir /opt/docker/containers/docker-registry/registry

Pull Registry image from docker hub
docker pull registry

Check if certs is created with in directory 
ls /opt/docker/containers/docker-registry/certs/
o/p: [shrii@worker-node1 ~]$ ls /opt/docker/containers/docker-registry/certs/
docker-registry.crt  docker-registry.key

Create registry container with required options
docker run -d  --name docker-registry  --restart=always  -p 443:443 -e REGISTRY_HTTP_ADDR=0.0.0.0:443  -v /opt/docker/containers/docker-registry/registry:/var/lib/registry  -v /opt/docker/containers/docker-registry/auth:/auth  -e "REGISTRY_AUTH=htpasswd"  -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm"  -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd  -v /opt/docker/containers/docker-registry/certs:/certs  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/docker-registry.crt  -e REGISTRY_HTTP_TLS_KEY=/certs/docker-registry.key  registry:2

Make temp. domain name in hosts file; for this we need to create cert
vi /etc/hosts
o/p:
192.168.56.109 docker-registry.example.com docker-registry

Check docker process and see if container is running successfully
docker ps
o/p:
[root@worker-node1 shrii]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                            NAMES
63bf7013ae03        registry:2          "/entrypoint.sh /e..."   41 minutes ago      Up 41 minutes       0.0.0.0:443->443/tcp, 5000/tcp   docker-registry
[root@worker-node1 shrii]#

Create directory for where ca cert need to place 
mkdir -p /etc/docker/certs.d/docker-registry.example.com:443

Copy CA.cert in the created directory
cp /opt/docker/containers/docker-registry/certs/docker-registry.crt /etc/docker/certs.d/docker-registry.example.com:443/ca.crt


[root@worker-node1 shrii]# ls /etc/docker/certs.d/docker-registry.example.com\:443/
ca.crt

    ****Steps After creation private registry******

Pull budybox image from docker hub Public
docker pull busybox

Tag the budyboxy image with name
docker tag busybox:latest docker-registry.example.com:443/busybox

Login to Newly created private Docker registry
docker login docker-registry.example.com:443

Push to Newly created private Docker registry
docker push docker-registry.example.com:443/busybox

Check the images
docker images | grep busybox

Friday, March 3, 2017

Jenkins Error : ERROR: Error cloning remote repo 'origin'


If you upgraded and you face following error. 
---------------------------------------------------------------------
Started by user shrikant
Building on master in workspace /var/lib/jenkins/workspace/DEvops
Cloning the remote Git repository
Cloning repository git@xyzserver.com:04761G744/Jpetstore_App.git
 > git init /var/lib/jenkins/workspace/DEvops # timeout=10
ERROR: Error cloning remote repo 'origin'
hudson.plugins.git.GitException: Could not init /var/lib/jenkins/workspace/DEvops
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$5.execute(CliGitAPIImpl.java:663)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$2.execute(CliGitAPIImpl.java:464)
at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1057)
at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1097)
at hudson.scm.SCM.checkout(SCM.java:485)
at hudson.model.AbstractProject.checkout(AbstractProject.java:1276)
at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:610)
at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:532)
at hudson.model.Run.execute(Run.java:1744)
at hudson.maven.MavenModuleSetBuild.run(MavenModuleSetBuild.java:529)
at hudson.model.ResourceController.execute(ResourceController.java:98)
at hudson.model.Executor.run(Executor.java:374)
Caused by: hudson.plugins.git.GitException: Error performing command: git init /var/lib/jenkins/workspace/DEvops
---------------------------------------------------------------------------

** Solution is This **

Enter Jenkins System Configure (Jenkins -> Manage Jenkins -> Configure System )
When you mention absolute path.

 Go Here
and check your git path e.g. /bin/git or /usr/local/bin/git, /usr/bin/git etc.
This error will go away! 

Tuesday, July 14, 2015

Application Deployment on ISeries/IBM i /OS 400

Application Deployment on IBM Power Series i.e.  ISeries/IBM i /OS 400

We all knows Deployment on *Nix base System/Platforms most of all flavors but do you know how to deployment on IBM Power Series ?

Here I have tried and done successful deployment with tools like: Jenkins and Capistrano.

Jenkins :
1. Object base Deployment i.e. File/Folder etc.
2. With Publish Over SSH plugin

It is pushing code from source to destination directory and after that you can add shell script for post and pre build.
You can configure SSH option with Password either SSH key.

Capistrano :
1. Using Source Control Repository ( Version Control i.e. SVN/GIT/CVS)
2. Using Pre and Post build script using custom Cap recipes.

In this case Cap is clone or exporting code from version control system. Capistrano is purely interactive ruby script.

So if anyone interested for more details please let me know. :)

Tuesday, June 11, 2013

Mysql Enterprise Monitor Server and Agent Installtion.


MEM Server:

10.0.2.1 us1-linuxcloud.in

Agent:
10.4.0.1 ind-linuxcloud.in


MEM Installtion: 10.0.2.1 us1-linuxcloud.in

cd /opt/mysql/enterprise/agent/etc/instances
mysql mysql1 sd2 sq1 sq2         (You can configure Agents here.)
E.g. cp -a sq2 sq3

then Enter in that Dir.

cd sq3/ >> Edit agent-instance.ini

And Add your agents hostname in that file:

/etc/init.d/mysql-monitor-server restart

/etc/init.d/mysql-monitor-agent restart


Agent Installation: 10.4.0.1 ind-linuxcloud.in
Create User in mysql on agent

mysql > GRANT ALL ON *.* TO 'agent'@'localhost' identified by 'agent123';

then :

cd /opt/mysql/enterprise/agent/etc/
vi mysql-monitor-agent.ini

check this config :

# Agent Parameters

agent-mgmt-hostname = https://10.0.2.1:443/heartbeat     (You need to check this if agent not connecting.)
agent-mgmt-username = agent
agent-mgmt-password = agent
mysqld-instance-dir= etc/instances

agent-item-files = share/mysql-monitor-agent/items/items-mysql-monitor.xml,share/mysql-monitor-agent/items/items-mysql-cluster.xml,share/mysql-monitor-agent/items/custom.xml

agent-uuid = 587a1d86-0a7d-46ed-bbf4-8bc2d423a97b

user = root


/etc/init.d/mysql-monitor-agent restart





Thursday, May 23, 2013

How To Upgrade The Mysql To Percona on WHM/cPanel Server.!

Imp: Please take backup of database and mysql config file my.cnf

cp -Rf /var/lib/mysql /var/lib/mysql-old
mv /etc/my.cnf /etc/my.cnf-old

Check the Mysql version:

mysql -V
mysql Ver 14.12 Distrib 5.0.77, for redhat-linux-gnu (x86_64)

We need to Disable the Mysql in cPanel:

/scripts/update_local_rpm_versions --edit target_settings.MySQL51 uninstalled

The following script will remove the mysql from your server.

/scripts/check_cpanel_rpms --fix --targets=MySQL51


Then, Download the Percoana repository and install it on server:

rpm -Uhv http://www.percona.com/downloads/percona-release/percona-release-0.0-1.x86_64.rpm

Retrieving http://www.percona.com/downloads/percona-release/percona-release-0.0-1.x86_64.rpm
Preparing...                ########################################### [100%]
   1:percona-release        ########################################### [100%]

After that you can install the Percona server and req. pacakges.

 yum install Percona-Server-client-55 Percona-Server-server-55 Percona-Server-devel-55 Percona-Server-shared-55 Percona-Server-55-debuginfo.x86_64   Percona-Server-test-55.x86_64

Start the Percona Mysql:
/etc/init.d/mysql start

Upgrade your data with Percona: It will shows you "OK" if its done successfully.
mysql_upgrade

Then again restart the Mysql:
/etc/init.d/mysql restart

Now, For PHP and Apache you have to rebuild the Apache and PHP using following script:
/scripts/easyapache --build

After completion it will shows you.

!!
!! Build Complete! !!

Good You Done IT..Now you can have well optimized PerconaDB.. and you can Enjoy the performance :)

Tuesday, April 9, 2013

Nginx-php-fpm Installation With Yum on Centos.


Install Nginx with php-FPM
 rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

yum install nginx  php-fpm php-cli php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc php-xcache php-magickwand php-magpierss php-mbstring php-mcrypt php-mssql php-shout php-snmp php-soap php-tidy

vi /etc/nginx/conf.d/domain.conf
server {
   listen 80;
   server_name www.domain domain;
   root /usr/share/nginx/html;
   location / {
       index  index.html index.htm index.php;
   }
   location ~ \.php$ {
       include /etc/nginx/fastcgi_params;
       fastcgi_pass  127.0.0.1:9000;
       fastcgi_index index.php;
       fastcgi_param  SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name;
   }
}

/etc/init.d/nginx restart

 /etc/init.d/php-fpm restart

You can check php-fpm if it is running
[root@yo html]# netstat -anltup | grep php-fpm
tcp        0      0 127.0.0.1:9000              0.0.0.0:*                   LISTEN      23249/php-fpm

Thursday, April 4, 2013

PV Name unknown device


If you allocate the one volume to one VM and you did created PV after that you did dettach the volume without unmounting the volume.
So here is the procedure how to troubleshoot with it.

[root@localhost ~]#  pvdisplay
  --- Physical volume ---
  PV Name               /dev/sda2
  VG Name               VolGroup00
  PV Size               19.89 GB / not usable 19.49 MB
  Allocatable           yes (but full)
  PE Size (KByte)       32768
  Total PE              636
  Free PE               0
  Allocated PE          636
  PV UUID               KhAEcp-48eH-a3nz-HFzF-sXPt-4duo-Vl0NAa

  --- Physical volume ---
  PV Name               unknown device
  VG Name               VolGroup00
  PV Size               10.00 GB / not usable 32.00 MB
  Allocatable           yes
  PE Size (KByte)       32768
  Total PE              319
  Free PE               319
  Allocated PE          0
  PV UUID               7CeL4J-wKL1-EigZ-YpWc-qufr-Gbwp-UcFOne


[root@localhost ~]# vgreduce --removemissing --force

Now just check following things.. your issue is resolved.
[root@localhost ~]# vgdisplay
 
  --- Volume group ---
  VG Name               VolGroup00
  System ID
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  4
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                2
  Open LV               2
  Max PV                0
  Cur PV                2
  Act PV                1
  VG Size               29.84 GB
  PE Size               32.00 MB
  Total PE              955
  Alloc PE / Size       636 / 19.88 GB
  Free  PE / Size       319 / 9.97 GB
  VG UUID               7o4aWW-Euef-k2Ti-n4rt-QTB0-6RZr-4u7Y9w

Wednesday, February 27, 2013

Clean up old backup files.


For clean up old backup files.

cat  /backup/backup_forcleanup.sh

#find /backup/scripts -type d -mtime +10 -name "2009*" -exec rm -rf {} \;
find /backup/scripts/201* -type d -mtime +10 -exec rm -rf {} \;

mail -s "Daily Report for `hostname`"  shrikant.lokhande@example.in < /home/shrikant/daily_report/D_Report_$(date +\%d\%b\%y-\%H%M).txt


mail -s "Hourly Check Result of `hostname` " shrikant.lokhande@example.in < /home/shrikant/daily_logs/oraprod_$(date +\%d\%b\%y-\%H\%M).txt


mail -s "Syslog check of `hostname`"    shrikant.lokhande@example.in <  /home/shrikant/chksyslog/oraprod1_$(date +\%d\%b\%y-\%H\%M)

Tuesday, January 22, 2013

History command With Date and Time In Linux.



Add the line at end of file.

[root@neonserv ~]# vi  /etc/bashrc

# vim:ts=4:sw=4
##
test -s /etc/bash.bashrc.local && . /etc/bash.bashrc.local


Create one file name  "/etc/bash.bashrc.local"  and edit like as follows.

[root@neonserv ~]# vi /etc/bash.bashrc.local

#local bashrc mods
#
# turn on date time stamps in history
#
export HISTTIMEFORMAT="%h/%d - %H:%M:%S "
export HISTCONTROL=ignoreboth
export HISTSIZE=2000

---------------------------
So when you will fire command output will be like this:
[root@neonserv ~]# history
 1033  Jan/22 - 15:30:44 accton
 1034  Jan/22 - 15:31:16 /etc/init.d/psacct start
 1040  Jan/22 - 15:32:06 lastcomm shrii
 1041  Jan/22 - 15:32:10 lastcomm root
 1042  Jan/22 - 15:32:38 lastcomm
 1043  Jan/22 - 15:32:48 lastcomm rm
 1044  Jan/22 - 15:32:51 lastcomm ls
 1045  Jan/22 - 15:32:53 lastcomm root
 1050  Jan/22 - 21:49:44 history
--------------------------


Monday, January 21, 2013

How To Lock/Unlock and Check The User In Linux.


## You can use this command to lock the User: shrii.

[root@localhost ~]# passwd -l shrii
Locking password for user shrii.
passwd: Success

##  This command shows you particular user status. If it is locked or unlock.

[root@localhost ~]# passwd -S shrii
shrii PS 2013-01-21 0 99999 7 -1 (Password set, MD5 crypt.)

## Using this command it will give you list.
[root@localhost ~]# cat /etc/passwd | cut -d : -f 1 | awk '{ system("passwd -S " $0) }' 

test PS 2012-12-27 0 99999 7 -1 (Password set, MD5 crypt.)
shrii PS 2013-01-21 0 99999 7 -1 (Password set, MD5 crypt.)
shrikant LK 2013-01-21 0 99999 7 -1 (Password locked.)
yo LK 2013-01-21 0 99999 7 -1 (Password locked.)


## Using the -u option you can unlock the user.
[root@localhost ~]# passwd -u shrii
Unlocking password for user shrii.
passwd: Success.

####### Another way to lock/unlock the user is "usermod".

## For Locking user.

usermod -L username

## for Unlocking the user.
usermod -U username