Tag Archives: DevOps

Kubernetes

Unlocking helm commands for Kubernetes

Leave a comment

Introduction

Explore the essential Helm commands for Kubernetes in this detailed tutorial. Whether you’re a beginner or a seasoned Kubernetes user, this guide will help you install Helm and utilize its commands to manage charts and repositories effectively, streamlining your Kubernetes deployments.

In this tutorial, How to install helm and run helm commands. Helm provides many commands for managing charts and Helm repositories. Now, let’s helm commands for Kubernetes

  • Helm Commands for Kubernetes: Simplifies application deployment and management in Kubernetes environments.
  • What is a Helm Chart?: A package containing pre-configured Kubernetes resources used for deploying applications.
  • Purpose of Helm: Streamlines deployments, manages versions and rollbacks and allows customization of installations through charts.
  • Using Helm Charts: Install Helm, add repositories, and manage applications within your Kubernetes cluster using Helm’s command suite, including install, update, and delete operations.

Install Helm commands for Kubernetes

You can ref here.

From Homebrew (Mac)

brew install helm

From Windows

choco install kubernetes-helm

Check version

helm version

The output is as below:

Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

Try the new cross-platform PowerShell https://aka.ms/pscore6

PS C:\Windows\system32> choco install kubernetes-helm
Chocolatey v0.10.15
Installing the following packages:
kubernetes-helm
By installing you accept licenses for the packages.
Progress: Downloading kubernetes-helm 3.5.4... 100%

kubernetes-helm v3.5.4 [Approved]
kubernetes-helm package files install completed. Performing other installation steps.
The package kubernetes-helm wants to run 'chocolateyInstall.ps1'.
Note: If you don't run this script, the installation will fail.
Note: To confirm automatically next time, use '-y' or consider:
choco feature enable -n allowGlobalConfirmation
Do you want to run the script?([Y]es/[A]ll - yes to all/[N]o/[P]rint): Yes

Downloading kubernetes-helm 64 bit
  from 'https://get.helm.sh/helm-v3.5.4-windows-amd64.zip'
Progress: 100% - Completed download of C:\Users\USERNAME\AppData\Local\Temp\chocolatey\kubernetes-helm\3.5.4\helm-v3.5.4-windows-amd64.zip (11.96 MB).
Download of helm-v3.5.4-windows-amd64.zip (11.96 MB) completed.
Hashes match.
Extracting C:\Users\USERNAME\AppData\Local\Temp\chocolatey\kubernetes-helm\3.5.4\helm-v3.5.4-windows-amd64.zip to C:\ProgramData\chocolatey\lib\kubernetes-helm\tools...
C:\ProgramData\chocolatey\lib\kubernetes-helm\tools
 ShimGen has successfully created a shim for helm.exe
 The install of kubernetes-helm was successful.
  Software installed to 'C:\ProgramData\chocolatey\lib\kubernetes-helm\tools'

Chocolatey installed 1/1 packages.
 See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Did you know the proceeds of Pro (and some proceeds from other
 licensed editions) go into bettering the community infrastructure?
 Your support ensures an active community, keeps Chocolatey tip top,
 plus it nets you some awesome features!
 https://chocolatey.org/compare
PS C:\Windows\system32> helm version
version.BuildInfo{Version:"v3.5.4", GitCommit:"1b5edb69df3d3a08df77c9902dc17af864ff05d1", GitTreeState:"clean", GoVersion:"go1.15.11"}
PS C:\Windows\system32>

Helm Commands kubernetes

Add Helm repo link here

# Example
helm repo add stable https://charts.helm.sh/stable

I will add bitnami repo and search for the Nginx server as command follows:

helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
helm search repo nginx
helm search repo bitnami/nginx

The output is as commands follows:

E:\Study\cka\devopsroles>helm search repo nginx
NAME                                    CHART VERSION   APP VERSION     DESCRIPTION
bitnami/nginx                           8.9.1           1.19.10         Chart for the nginx server
bitnami/nginx-ingress-controller        7.6.9           0.46.0          Chart for the nginx Ingress controller
stable/nginx-ingress                    1.41.3          v0.34.1         DEPRECATED! An nginx Ingress controller that us...
stable/nginx-ldapauth-proxy             0.1.6           1.13.5          DEPRECATED - nginx proxy with ldapauth
stable/nginx-lego                       0.3.1                           Chart for nginx-ingress-controller and kube-lego
bitnami/kong                            3.7.4           2.4.1           Kong is a scalable, open source API layer (aka ...
stable/gcloud-endpoints                 0.1.2           1               DEPRECATED Develop, deploy, protect and monitor...

E:\Study\cka\devopsroles>helm search repo bitnami/nginx
NAME                                    CHART VERSION   APP VERSION     DESCRIPTION
bitnami/nginx                           8.9.1           1.19.10         Chart for the nginx server
bitnami/nginx-ingress-controller        7.6.9           0.46.0          Chart for the nginx Ingress controller

Install Nginx using the helm command

helm install nginx bitnami/nginx

Update Nginx

helm upgrade nginx bitnami/nginx --dry-run

# Upgrade using values in overrides_nginx.yaml
helm upgrade nignx bitnami/nginx -f overrides_nginx.yaml

# rollback
helm rollback nginx REVISION_NUMBER

Basic helm command

helm status nginx
helm history nginx
# get manifest and values from deployment
helm get manifest nginx
helm get values nginx
helm uninstall nginx

Conclusion

Mastering Helm commands enhances your Kubernetes management skills, allowing for more efficient application deployment and management. This tutorial provides the foundation you need to confidently use Helm in your Kubernetes environment, improving your operational capabilities.

You have to use helm commands for Kubernetes. I hope will this your helpful. Thank you for reading the DevopsRoles page!

Ansible

Securing Sensitive Data with Ansible vault encrypt decrypt Guide

Leave a comment

Introduction

In this tutorial, How to use Ansible vault encrypt decrypt to secure sensitive data. you’ll learn how to use Ansible Vault to secure sensitive data within your configurations, an essential skill for maintaining robust security protocols. Ansible Vault encrypts variables and files to protect sensitive information like passwords and credentials from unauthorized access.

The guide covers the initial setup of Ansible Vault, including detailed steps to encrypt your data effectively. You’ll gain insights into the practical applications of these security measures in real-world scenarios.

Finally, the tutorial provides practical tips for decrypting data when necessary for your deployments. Whether you are new to Ansible or have advanced experience, understanding how to manage Vault’s encryption and decryption processes is crucial for enhancing your operational security.

Ansible vault encrypt decrypt

Encrypted files use Ansible Vault

Ansible uses the AES256 algorithm for encrypting sensitivity. We will create an encrypted file using the ansible-vault utility tool as shown.

ansible-vault create pass-file.xml

The content before the Encrypted file is shown.

cat pass-file.xml
welcome to DevopsRoles.com site!

After the Encrypted file as shown.

cat pass-file.xml
$ANSIBLE_VAULT;1.1;AES256
37383139356630386365643264393833663535643534663962643664366634626334383735343861
6265633335646266363233333930303436633063373931380a613635373435366561353534663432
66366631336335393562333233363762633130393336646462633031383239363332616338376633
3630633835646238610a373431323839396636316463633564356535383065626663386135366338
3431

We will view an Encrypted file in Ansible using ansible-vault

ansible-vault view pass-file.xml

Edit an Encrypted file using ansible-vault

ansible-vault edit pass-file.xml

Encrypt an Existing file using the Ansible vault command

ansible-vault encrypt pass-file2.xml

For example the picture below

Decrypting files Ansible

Use an ansible vault to decrypt a file or revert to plain text.

ansible-vault decrypt pass-file2.xml

Reset the Ansible vault password

ansible-vault rekey pass-file2.xml

Encrypt a playbook file in Ansible

Example Ansible Setup NFS server here. I will Encrypt file exports.j2 the content as below:

[vagrant@ansible_controller ~]$ cat ./ansible/exports.j2
# /etc/exports: the access control list for filesystems which may be exported
#   to NFS clients.  See exports(5).
/home/vagrant/nfs_test            192.168.1.0/24(rw,sync,no_root_squash,no_subtree_check)

Encryption with vault_pass.txt as below:

[vagrant@ansible_controller ~]$ cat vault_pass.txt
123456789@
[vagrant@ansible_controller ~]$ ansible-vault encrypt ./ansible/exports.j2 --vault-password-file vault_pass.txt
Encryption successful
[vagrant@ansible_controller ~]$ cat ./ansible/exports.j2
$ANSIBLE_VAULT;1.1;AES256
38376166636635393464306333653230663865303966626137346536393231623862333532313061
6334326531333734663936336436323034643261666462640a353833363437633761656136306433
30383331633836346563323962346663373664646538636135663866346435643834613937643664
3763383131363761370a363632613539303239366166613339663133653938646665613530633633
64613233636434323031326137376636613536396330623338326230366664376339653431643831
63386431633837643265343662643338626339656630336666613565303738643038373131383530
61383637666462376663306536333736623339346364653462633730383961353531613830343534
66393339363061643861373162663832333561663763313339626365353139376433303333373133
65373461313531323735623135616535363638353963343563643439363461613236646433313461
39653733633638396663636236346638393036323831386535333933373764616334343431316234
31376537653434653931613931646465393638373039363335616364613638633264356531323332
65336164333334303765393361616233373138663530386466383032333334393465363632303435
64383332313635326661333431613561666431356331363963633137623965323963666338393865
3235393266326566663463363861613166643130313430653736

As a result, run the Ansible playbook as below:

[vagrant@ansible_controller ~]$ ansible-playbook -i ansible/hosts nfs-server.yml --vault-password-file vault_pass.txt
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details

PLAY [nfs-server] ***************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************
ok: [servernfs]

TASK [install nfs-utils] ********************************************************************************************
ok: [servernfs]

TASK [Create a mountable directory if it does not exist] ************************************************************
ok: [servernfs]

TASK [enable rpcbind nfslock nfs] ***********************************************************************************
ok: [servernfs] => (item=rpcbind)
ok: [servernfs] => (item=nfslock)
ok: [servernfs] => (item=nfs)

TASK [Copy exports file.] *******************************************************************************************
changed: [servernfs]

TASK [NFS system start] *********************************************************************************************
changed: [servernfs]

PLAY RECAP **********************************************************************************************************
servernfs                  : ok=6    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

File /etc/exports on server NFS as below:

[vagrant@servernfs ~]$ cat /etc/exports
# /etc/exports: the access control list for filesystems which may be exported
#   to NFS clients.  See exports(5).
/home/vagrant/nfs_test            192.168.1.0/24(rw,sync,no_root_squash,no_subtree_check)

Conclusion

In conclusion, using Ansible Vault for encryption and decryption is a key skill for safeguarding your sensitive data in DevOps environments. The examples provided in this guide illustrate practical applications of Ansible Vault, enhancing your security practices. We hope you find this information beneficial. Thank you for reading on the DevopsRoles page!

Vagrant

Install Vagrant and VirtualBox on Fedora

Leave a comment

Introduction

In this tutorial, How to Install Vagrant and VirtualBox on Fedora. You use Vagrant for DevOps professionals and coder sysadmin. I will be installing VirtualBox and Vagrant on My Laptop is Fedora 32.

How to Install Vagrant and VirtualBox

Check CPU has Intel VT or AMD-V Virtualization extensions

sudo lscpu | grep Virtualization

Add VirtualBox RPM repository

dnf -y install wget
wget http://download.virtualbox.org/virtualbox/rpm/fedora/virtualbox.repo
mv virtualbox.repo /etc/yum.repos.d/virtualbox.repo

Install VirtualBox

[root@localhost ~]# dnf install -y VirtualBox*

The output on my terminal is below

[root@localhost ~]# dnf install -y  VirtualBox*
Last metadata expiration check: 0:06:53 ago on Mon 05 Oct 2020 09:32:56 PM +07.
Dependencies resolved.
======================================================================================================================
 Package                         Architecture      Version                                Repository             Size
======================================================================================================================
Installing:
 VirtualBox-6.1                  x86_64            6.1.14_140239_fedora32-1               virtualbox             88 M
Installing dependencies:
 SDL                             x86_64            1.2.15-43.fc32                         fedora                213 k
 annobin                         x86_64            9.27-1.fc32                            updates                98 k
 dwz                             x86_64            0.13-2.fc32                            fedora                109 k
 efi-srpm-macros                 noarch            4-4.fc32                               fedora                 22 k
 fonts-srpm-macros               noarch            2.0.3-1.fc32                           fedora                 26 k
 fpc-srpm-macros                 noarch            1.3-1.fc32                             fedora                7.6 k
 ghc-srpm-macros                 noarch            1.5.0-2.fc32                           fedora                7.7 k
 gnat-srpm-macros                noarch            4-11.fc32                              fedora                8.2 k
 go-srpm-macros                  noarch            3.0.9-1.fc32                           updates                25 k
 nim-srpm-macros                 noarch            3-2.fc32                               fedora                8.3 k
 ocaml-srpm-macros               noarch            6-2.fc32                               fedora                7.7 k
 openblas-srpm-macros            noarch            2-7.fc32                               fedora                7.2 k
 perl-srpm-macros                noarch            1-34.fc32                              fedora                8.3 k
 python-srpm-macros              noarch            3-59.fc32                              updates                17 k
 python27                        x86_64            2.7.18-2.fc32                          updates                11 M
 qt5-srpm-macros                 noarch            5.14.2-3.fc32                          updates               8.4 k
 redhat-rpm-config               noarch            150-1.fc32                             fedora                 63 k
 rust-srpm-macros                noarch            14-1.fc32                              updates               9.6 k
 tix                             x86_64            1:8.4.3-27.fc31                        fedora                246 k
 tk                              x86_64            1:8.6.10-3.fc32                        fedora                1.6 M

Transaction Summary
======================================================================================================================
Install  21 Packages

Total download size: 101 M
Installed size: 257 M
Downloading Packages:
(1/21): go-srpm-macros-3.0.9-1.fc32.noarch.rpm                                         82 kB/s |  25 kB     00:00    
(2/21): python-srpm-macros-3-59.fc32.noarch.rpm                                        49 kB/s |  17 kB     00:00    
(3/21): qt5-srpm-macros-5.14.2-3.fc32.noarch.rpm                                      130 kB/s | 8.4 kB     00:00    
(4/21): annobin-9.27-1.fc32.x86_64.rpm                                                210 kB/s |  98 kB     00:00    
(5/21): rust-srpm-macros-14-1.fc32.noarch.rpm                                          75 kB/s | 9.6 kB     00:00    
(6/21): SDL-1.2.15-43.fc32.x86_64.rpm                                                 217 kB/s | 213 kB     00:00    
(7/21): efi-srpm-macros-4-4.fc32.noarch.rpm                                            72 kB/s |  22 kB     00:00    
(8/21): dwz-0.13-2.fc32.x86_64.rpm                                                     82 kB/s | 109 kB     00:01    
(9/21): fpc-srpm-macros-1.3-1.fc32.noarch.rpm                                          67 kB/s | 7.6 kB     00:00    
(10/21): fonts-srpm-macros-2.0.3-1.fc32.noarch.rpm                                    116 kB/s |  26 kB     00:00    
(11/21): ghc-srpm-macros-1.5.0-2.fc32.noarch.rpm                                       44 kB/s | 7.7 kB     00:00    
(12/21): gnat-srpm-macros-4-11.fc32.noarch.rpm                                         47 kB/s | 8.2 kB     00:00    
(13/21): nim-srpm-macros-3-2.fc32.noarch.rpm                                           40 kB/s | 8.3 kB     00:00    
(14/21): ocaml-srpm-macros-6-2.fc32.noarch.rpm                                         37 kB/s | 7.7 kB     00:00    
(15/21): python27-2.7.18-2.fc32.x86_64.rpm                                            4.8 MB/s |  11 MB     00:02    
(16/21): openblas-srpm-macros-2-7.fc32.noarch.rpm                                      35 kB/s | 7.2 kB     00:00    
(17/21): perl-srpm-macros-1-34.fc32.noarch.rpm                                         40 kB/s | 8.3 kB     00:00    
(18/21): redhat-rpm-config-150-1.fc32.noarch.rpm                                      631 kB/s |  63 kB     00:00    
(19/21): tix-8.4.3-27.fc31.x86_64.rpm                                                 866 kB/s | 246 kB     00:00    
(20/21): tk-8.6.10-3.fc32.x86_64.rpm                                                  811 kB/s | 1.6 MB     00:01    
(21/21): VirtualBox-6.1-6.1.14_140239_fedora32-1.x86_64.rpm                           5.1 MB/s |  88 MB     00:17    
----------------------------------------------------------------------------------------------------------------------
Total                                                                                 4.9 MB/s | 101 MB     00:20     
warning: /var/cache/dnf/virtualbox-a644194517384f93/packages/VirtualBox-6.1-6.1.14_140239_fedora32-1.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 98ab5139: NOKEY
Fedora 32 - x86_64 - VirtualBox                                                       945  B/s | 1.7 kB     00:01    
Importing GPG key 0x98AB5139:
 Userid     : "Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>"
 Fingerprint: 7B0F AB3A 13B9 0743 5925 D9C9 5442 2A4B 98AB 5139
 From       : https://www.virtualbox.org/download/oracle_vbox.asc
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                              1/1 
  Running scriptlet: tk-1:8.6.10-3.fc32.x86_64                                                                   1/21 
  Installing       : tk-1:8.6.10-3.fc32.x86_64                                                                   1/21 
  Installing       : tix-1:8.4.3-27.fc31.x86_64                                                                  2/21 
  Running scriptlet: tix-1:8.4.3-27.fc31.x86_64                                                                  2/21 
  Installing       : perl-srpm-macros-1-34.fc32.noarch                                                           3/21 
  Installing       : openblas-srpm-macros-2-7.fc32.noarch                                                        4/21 
  Installing       : ocaml-srpm-macros-6-2.fc32.noarch                                                           5/21 
  Installing       : nim-srpm-macros-3-2.fc32.noarch                                                             6/21 
  Installing       : gnat-srpm-macros-4-11.fc32.noarch                                                           7/21 
  Installing       : ghc-srpm-macros-1.5.0-2.fc32.noarch                                                         8/21 
  Installing       : fpc-srpm-macros-1.3-1.fc32.noarch                                                           9/21 
  Installing       : efi-srpm-macros-4-4.fc32.noarch                                                            10/21 
  Installing       : dwz-0.13-2.fc32.x86_64                                                                     11/21 
  Installing       : SDL-1.2.15-43.fc32.x86_64                                                                  12/21 
  Installing       : rust-srpm-macros-14-1.fc32.noarch                                                          13/21 
  Installing       : qt5-srpm-macros-5.14.2-3.fc32.noarch                                                       14/21 
  Installing       : annobin-9.27-1.fc32.x86_64                                                                 15/21 
  Installing       : go-srpm-macros-3.0.9-1.fc32.noarch                                                         16/21 
  Installing       : python-srpm-macros-3-59.fc32.noarch                                                        17/21 
  Installing       : fonts-srpm-macros-2.0.3-1.fc32.noarch                                                      18/21 
  Installing       : redhat-rpm-config-150-1.fc32.noarch                                                        19/21 
  Installing       : python27-2.7.18-2.fc32.x86_64                                                              20/21 
  Running scriptlet: VirtualBox-6.1-6.1.14_140239_fedora32-1.x86_64                                             21/21 
  Installing       : VirtualBox-6.1-6.1.14_140239_fedora32-1.x86_64                                             21/21 
  Running scriptlet: VirtualBox-6.1-6.1.14_140239_fedora32-1.x86_64                                             21/21 

Creating group 'vboxusers'. VM users must be member of that group!


  Verifying        : annobin-9.27-1.fc32.x86_64                                                                  1/21 
  Verifying        : go-srpm-macros-3.0.9-1.fc32.noarch                                                          2/21 
  Verifying        : python-srpm-macros-3-59.fc32.noarch                                                         3/21 
  Verifying        : python27-2.7.18-2.fc32.x86_64                                                               4/21 
  Verifying        : qt5-srpm-macros-5.14.2-3.fc32.noarch                                                        5/21 
  Verifying        : rust-srpm-macros-14-1.fc32.noarch                                                           6/21 
  Verifying        : SDL-1.2.15-43.fc32.x86_64                                                                   7/21 
  Verifying        : dwz-0.13-2.fc32.x86_64                                                                      8/21 
  Verifying        : efi-srpm-macros-4-4.fc32.noarch                                                             9/21 
  Verifying        : fonts-srpm-macros-2.0.3-1.fc32.noarch                                                      10/21 
  Verifying        : fpc-srpm-macros-1.3-1.fc32.noarch                                                          11/21 
  Verifying        : ghc-srpm-macros-1.5.0-2.fc32.noarch                                                        12/21 
  Verifying        : gnat-srpm-macros-4-11.fc32.noarch                                                          13/21 
  Verifying        : nim-srpm-macros-3-2.fc32.noarch                                                            14/21 
  Verifying        : ocaml-srpm-macros-6-2.fc32.noarch                                                          15/21 
  Verifying        : openblas-srpm-macros-2-7.fc32.noarch                                                       16/21 
  Verifying        : perl-srpm-macros-1-34.fc32.noarch                                                          17/21 
  Verifying        : redhat-rpm-config-150-1.fc32.noarch                                                        18/21 
  Verifying        : tix-1:8.4.3-27.fc31.x86_64                                                                 19/21 
  Verifying        : tk-1:8.6.10-3.fc32.x86_64                                                                  20/21 
  Verifying        : VirtualBox-6.1-6.1.14_140239_fedora32-1.x86_64                                             21/21 

Installed:
  SDL-1.2.15-43.fc32.x86_64                            VirtualBox-6.1-6.1.14_140239_fedora32-1.x86_64                
  annobin-9.27-1.fc32.x86_64                           dwz-0.13-2.fc32.x86_64                                        
  efi-srpm-macros-4-4.fc32.noarch                      fonts-srpm-macros-2.0.3-1.fc32.noarch                         
  fpc-srpm-macros-1.3-1.fc32.noarch                    ghc-srpm-macros-1.5.0-2.fc32.noarch                           
  gnat-srpm-macros-4-11.fc32.noarch                    go-srpm-macros-3.0.9-1.fc32.noarch                            
  nim-srpm-macros-3-2.fc32.noarch                      ocaml-srpm-macros-6-2.fc32.noarch                             
  openblas-srpm-macros-2-7.fc32.noarch                 perl-srpm-macros-1-34.fc32.noarch                             
  python-srpm-macros-3-59.fc32.noarch                  python27-2.7.18-2.fc32.x86_64                                 
  qt5-srpm-macros-5.14.2-3.fc32.noarch                 redhat-rpm-config-150-1.fc32.noarch                           
  rust-srpm-macros-14-1.fc32.noarch                    tix-1:8.4.3-27.fc31.x86_64                                    
  tk-1:8.6.10-3.fc32.x86_64                           

Complete!

Configure VirtualBox Drivers

/usr/lib/virtualbox/vboxdrv.sh setup

The output my terminal as below

[root@localhost ~]# /usr/lib/virtualbox/vboxdrv.sh setup
vboxdrv.sh: Stopping VirtualBox services.
vboxdrv.sh: Starting VirtualBox services.
vboxdrv.sh: Building VirtualBox kernel modules.

Download Extension Pack

cd /tmp/
wget https://download.virtualbox.org/virtualbox/6.1.2/Oracle_VM_VirtualBox_Extension_Pack-6.1.2.vbox-extpack

Install the extension pack by clicking on the Downloaded file. The picture below

Install Vagrant on Fedora

Run command on your terminal as below

dnf -y install vagrant

Test Vagrant and Virtualbox

Create a minimal Vagrantfile

$ mkdir vagrant-test
$ cd vagrant-test
$ vi Vagrantfile

An example that also sets the amount of memory and number of CPUs in the Vagrantfile file

[huupv@localhost vagrant-test]$ cat Vagrantfile 
Vagrant.configure("2") do |config|
  config.ssh.insert_key = false
  config.vm.provider :virtualbox do |vb|
    vb.memory = 256
    vb.cpus = 1
  end
  
  config.vm.define "DevopsRoles" do |server01|
    server01.vm.hostname = "DevopsRoles.com"
    server01.vm.box = "centos/7"
    #server01.vm.network :private_network, ip: "192.168.3.4"
  end
end

The output on my terminal as below

huupv@localhost vagrant-test]$ vagrant up
Bringing machine 'DevopsRoles' up with 'virtualbox' provider...
==> DevopsRoles: Box 'centos/7' could not be found. Attempting to find and install...
    DevopsRoles: Box Provider: virtualbox
    DevopsRoles: Box Version: >= 0
==> DevopsRoles: Loading metadata for box 'centos/7'
    DevopsRoles: URL: https://vagrantcloud.com/centos/7
==> DevopsRoles: Adding box 'centos/7' (v2004.01) for provider: virtualbox
    DevopsRoles: Downloading: https://vagrantcloud.com/centos/boxes/7/versions/2004.01/providers/virtualbox.box
Download redirected to host: cloud.centos.org
    DevopsRoles: Calculating and comparing box checksum...
==> DevopsRoles: Successfully added box 'centos/7' (v2004.01) for 'virtualbox'!
==> DevopsRoles: Importing base box 'centos/7'...
==> DevopsRoles: Matching MAC address for NAT networking...
==> DevopsRoles: Checking if box 'centos/7' version '2004.01' is up to date...
==> DevopsRoles: Setting the name of the VM: vagrant-test_DevopsRoles_1601910055210_96696
==> DevopsRoles: Clearing any previously set network interfaces...
==> DevopsRoles: Preparing network interfaces based on configuration...
    DevopsRoles: Adapter 1: nat
==> DevopsRoles: Forwarding ports...
    DevopsRoles: 22 (guest) => 2222 (host) (adapter 1)
==> DevopsRoles: Running 'pre-boot' VM customizations...
==> DevopsRoles: Booting VM...
==> DevopsRoles: Waiting for machine to boot. This may take a few minutes...
    DevopsRoles: SSH address: 127.0.0.1:2222
    DevopsRoles: SSH username: vagrant
    DevopsRoles: SSH auth method: private key
==> DevopsRoles: Machine booted and ready!
==> DevopsRoles: Checking for guest additions in VM...
    DevopsRoles: No guest additions were detected on the base box for this VM! Guest
    DevopsRoles: additions are required for forwarded ports, shared folders, host only
    DevopsRoles: networking, and more. If SSH fails on this machine, please install
    DevopsRoles: the guest additions and repackage the box to continue.
    DevopsRoles: 
    DevopsRoles: This is not an error message; everything may continue to work properly,
    DevopsRoles: in which case you may ignore this message.
==> DevopsRoles: Setting hostname...
==> DevopsRoles: Rsyncing folder: /home/huupv/vagrant-test/ => /vagrant

Conclusion

You have to install and run Vagrant using VirtualBox. I hope will this your helpful. Thank you for reading the DevopsRoles page!

Jenkins

SonarQube from a Jenkins Pipeline job in Docker

Leave a comment

Introduction

In today’s fast-paced DevOps environment, maintaining code quality is paramount. Integrating SonarQube with Jenkins in a Docker environment offers a robust solution for continuous code inspection and improvement.

This guide will walk you through the steps to set up SonarQube from a Jenkins pipeline job in Docker, ensuring your projects adhere to high standards of code quality and security.

Integrating SonarQube from a Jenkins Pipeline job in Docker: A Step-by-Step Guide.

Docker Compose for SonarQube

Create directories to keep SonarQube’s data

# mkdir -p /data/sonarqube/{conf,logs,temp,data,extensions,bundled_plugins,postgresql,postgresql_data}

Create a new user and change those directories owner

# adduser sonarqube
# usermod -aG docker sonarqube
# chown -R sonarqube:sonarqube /data/sonarqube/

Find UID of sonarqube user

# id sonarqube

Create a Docker Compose file using the UID in the user.

version: "3"

networks:
  sonarnet:
    driver: bridge

services:
  sonarqube:
    // use UID here
    user: 1005:1005
    image: sonarqube
    ports:
      - "9000:9000"
    networks:
      - sonarnet
    environment:
      - sonar.jdbc.url=jdbc:postgresql://db:5432/sonar
    volumes:
      - /data/sonarqube/conf:/opt/sonarqube/conf
      - /data/sonarqube/logs:/opt/sonarqube/logs
      - /data/sonarqube/temp:/opt/sonarqube/temp
      - /data/sonarqube/data:/opt/sonarqube/data
      - /data/sonarqube/extensions:/opt/sonarqube/extensions
      - /data/sonarqube/bundled_plugins:/opt/sonarqube/lib/bundled-plugins

  db:
    image: postgres
    networks:
      - sonarnet
    environment:
      - POSTGRES_USER=sonar
      - POSTGRES_PASSWORD=sonar
    volumes:
      - /data/sonarqube/postgresql:/var/lib/postgresql
      - /data/sonarqube/postgresql_data:/var/lib/postgresql/data

Use docker-compose start

# docker-compose -f sonarqube-compose.yml up

Install and configure Nginx

Nginx Install

# yum install nginx

Start Nginx service

# service nginx start

Configure nginx

I have created a “/etc/nginx/conf.d/sonar.devopsroles.com.conf” file, look like as below:

upstream sonar {
    server 127.0.0.1:9000;
}


server {

    listen 80;
    server_name  dev.sonar.devopsroles.com;


    root /var/www/html;
        allow all;
    }

    location / {
        return 301 https://dev.sonar.devopsroles.com;
    }
}

server {

    listen       443 ssl;
    server_name  dev.sonar.devopsroles.com;

    access_log  /var/log/nginx/dev.sonar.devopsroles.com-access.log proxy;
    error_log /var/log/nginx/dev.sonar.devopsroles.com-error.log warn;

    location / {
        proxy_http_version 1.1;
        proxy_request_buffering off;
        proxy_buffering off;

        proxy_redirect          off;
        proxy_set_header        Host            $host;
        proxy_set_header        X-Real-IP       $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto   $scheme;
        proxy_pass http://sonar$request_uri;
    }
}

Check syntax and reload NGINX’s configs

# nginx -t && systemctl start nginx

Jenkins Docker Compose

Here is an example of a Jenkins Docker Compose setup that could be used for integrating SonarQube from a Jenkins pipeline job:

version: '3'

services:
  jenkins:
    image: jenkins/jenkins:lts
    container_name: jenkins
    ports:
      - "8080:8080"
      - "50000:50000"
    volumes:
      - jenkins_home:/var/jenkins_home
    networks:
      - jenkins-sonarqube

  sonarqube:
    image: sonarqube:latest
    container_name: sonarqube
    ports:
      - "9000:9000"
    environment:
      - SONAR_JDBC_URL=jdbc:postgresql://db:5432/sonarqube
      - SONAR_JDBC_USERNAME=sonar
      - SONAR_JDBC_PASSWORD=sonar
    networks:
      - jenkins-sonarqube

  db:
    image: postgres:latest
    container_name: postgres
    environment:
      - POSTGRES_USER=sonar
      - POSTGRES_PASSWORD=sonar
      - POSTGRES_DB=sonarqube
    networks:
      - jenkins-sonarqube

networks:
  jenkins-sonarqube:

volumes:
  jenkins_home:

Explanation:

  • Jenkins Service: Runs Jenkins on the default LTS image. It exposes ports 8080 (Jenkins web UI) and 50000 (Jenkins slave agents).
  • SonarQube Service: Runs SonarQube on the latest image. It connects to a PostgreSQL database for data storage.
  • PostgreSQL Service: Provides the database backend for SonarQube.
  • Networks and Volumes: Shared network (jenkins-sonarqube) and a named volume (jenkins_home) for Jenkins data persistence.

Conclusion

By following this comprehensive guide, you have successfully integrated SonarQube with Jenkins using Docker, enhancing your continuous integration pipeline. This setup not only helps in maintaining code quality but also ensures your development process is more efficient and reliable. Thank you for visiting DevOpsRoles, and we hope this tutorial has been helpful in improving your DevOps practices.

Linux

Influxdb examples: Enhancing Your Time-Series Data Management

Leave a comment

Introduction

InfluxDB, a widely-used open-source time series database, excels in handling large volumes of time-stamped data for applications like monitoring systems, IoT devices, and financial tracking. This tutorial will guide you through querying InfluxDB, demonstrating practical examples and setup instructions.

If you haven’t installed InfluxDB yet, refer to the installation guide provided earlier to get started. This introduction sets the stage for you to effectively manage and analyze time-series data using InfluxDB’s powerful features.

InfluxDB examples

InfluxDB show databases

[root@MonitoringServer ~]# influx
Connected to http://localhost:8086 version 1.7.4
InfluxDB shell version: 1.7.4
Enter an InfluxQL query

> show databases                                                                                                         
name: databases
name
----
_internal
devopsrolesDB
telegraf

Use databases

> use devopsrolesDB                                                                                                              
Using database devopsrolesDB
>

Uptime Server

> select last("uptime_format") as "value" from "system" where "host" =~ /DevopsRoles\.com$/ AND time >= now() - 1h GROUP BY time(60s)

Check Root FS used

> SELECT last("used_percent") FROM "disk" WHERE ("host" =~ /^DevopsRoles\.com$/ AND "path" = '/') AND time >= now() -6h GROUP BY time(5m) fill(null)

Swap used

> SELECT last("used_percent") FROM "swap" WHERE ("host" =~ /^DevopsRoles\.com$/) AND time >= now() -1h GROUP BY time(5m) fill(null)

Users login

> SELECT last("n_users") FROM "system" WHERE ("host" =~ /^DevopsRoles\.com$/) AND time >= now() -1h GROUP BY time(5m) fill(null)

CPU usage

> SELECT last("usage_idle") * -1 + 100 FROM "cpu" WHERE ("host" =~ /^DevopsRoles\.com$/ AND "cpu" = 'cpu-total') AND time >= now() -1h GROUP BY time(5m) fill(null)

RAM Usage

> SELECT last("used_percent") FROM "mem" WHERE ("host" =~ /^DevopsRoles\.com$/) AND time >= now() -1h GROUP BY time(5m) fill(null)

CPU Load

> SELECT mean(load1) as load1,mean(load5) as load5,mean(load15) as load15  FROM "system" WHERE host =~ /^DevopsRoles\.com$/ AND time >= now() -1h GROUP BY time(5m) fill(null)

CPUs number

>  SELECT last("n_cpus") FROM "system" WHERE ("host" =~ /^DevopsRoles\.com$/) AND time >= now() -1h GROUP BY time(5m) fill(null)

Other Influxdb examples

How to list all value systems, swap, CPUs, Memory, and so on.

Enter as following for the system

> select * from "system" where host =~ /^DevopsRoles\.com$/ AND time >= now() -1h

## The output as below:
name: system
time                host                         load1 load15 load5 n_cpus n_users uptime  uptime_format
----                ----                         ----- ------ ----- ------ ------- ------  -------------
1574665340000000000 DevopsRoles.com 0.27  0.03   0.11  4      1       8105215 93 days, 19:26
1574665350000000000 DevopsRoles.com 0.22  0.03   0.1   4      1       8105225 93 days, 19:27
1574665360000000000 DevopsRoles.com 0.19  0.03   0.1   4      1       8105235 93 days, 19:27

CPU

> select * from "cpu" where host =~ /^DevopsRoles\.com$/ AND time >= now() - 120s

## The output as below:                                                                                                                                             
name: cpu
time                cpu       host                         usage_guest usage_guest_nice usage_idle        usage_iowait        usage_irq usage_nice usage_softirq        usage_steal          usage_system         usage_user
----                ---       ----                         ----------- ---------------- ----------        ------------        --------- ---------- -------------        -----------          ------------         ----------
1574670090000000000 cpu-total DevopsRoles.com 0           0                99.92494371410935 0                   0         0          0                    0                    0.025018764076678877 0.050037528153357755
1574670090000000000 cpu0      DevopsRoles.com 0           0                100               0                   0         0          0                    0                    0                    0
1574670090000000000 cpu1      DevopsRoles.com 0           0                99.89989990213955 0                   0         0          0                    0                    0.1001001000954934   0
1574670090000000000 cpu2      DevopsRoles.com 0           0                99.89979960143319 0                   0         0          0                    0                    0.10020040080409609  0
1574670090000000000 cpu3      DevopsRoles.com 0           0                100               0                   0         0          0                    0                    0                    0
1574670100000000000 cpu-total DevopsRoles.com 0           0                99.79989994515057 0.12506253122346286 0         0          0                    0                    0.05002501250212444  0.02501250625561197
1574670100000000000 cpu0      DevopsRoles.com 0           0                99.49949949205266 0.5005005005184352  0         0          0                    0                    0                    0
1574670100000000000 cpu1      DevopsRoles.com 0           0                100               0                   0         0          0                    0                    0                    0
1574670100000000000 cpu2      DevopsRoles.com 0           0                99.79999999517575 0                   0         0          0                    0                    0.09999999999286956  0.09999999998377461
1574670100000000000 cpu3      DevopsRoles.com 0           0                100               0                   0         0          0                    0                    0                    0
1574670110000000000 cpu-total DevopsRoles.com 0           0                99.64982491096929 0.22511255633968244 0         0          0                    0.025012506253392856 0.05002501250223596  0.05002501249768622

DISK

> select * from "disk" where host =~ /^DevopsRoles\.com$/ AND time >= now() - 120s

## The output as below:                                                                                                                                            
name: disk
time                device                         free        fstype host                         inodes_free inodes_total inodes_used mode path         total        used        used_percent
----                ------                         ----        ------ ----                         ----------- ------------ ----------- ---- ----         -----        ----        ------------
1574670150000000000 10.10.10.225:/mnt_nfs/data_volume/ 64795705344 nfs4   DevopsRoles.com 5924993     6553600      628607      rw   /mnt_nfs/data 105554903040 35373711360 35.313883742109724
1574670150000000000 mapper/VolGroup-lv_root        40046198784 ext4   DevopsRoles.com 3014316     3182400      168084      rw   /            51484815360  8823488512  18.0551360162319
1574670150000000000 vda1                           427900928   ext4   DevopsRoles.com 127976      128016       40          rw   /boot        507744256    53628928    11.137196859502726
1574670150000000000 vdb1                           9870200832  ext4   DevopsRoles.com 655325      655360       35          rw   /app         10568843264  161775616   1.612599639149392

Diskio

> select * from "diskio" where host =~ /^DevopsRoles\.com$/ AND time >= now() - 120s

## The output as below:              
name: diskio
time                host                         io_time   iops_in_progress name read_bytes read_time reads  weighted_io_time write_bytes write_time writes
----                ----                         -------   ---------------- ---- ---------- --------- -----  ---------------- ----------- ---------- ------
1574670240000000000 DevopsRoles.com 137167292 0                dm-0 2659918848 2451413   181804 3747940429       51691593728 3745384372 12620365
1574670240000000000 DevopsRoles.com 3102      0                vdb1 5949440    3049      770    5493             315904      2445       59
1574670240000000000 DevopsRoles.com 6376      0                dm-1 7897088    31096     1928   68191            27774976    37096      6781
1574670240000000000 DevopsRoles.com 137161235 0                vda  2674118656 1651142   137682 1886179382       51719428096 1884529301 4253428
1574670240000000000 DevopsRoles.com 667       0                vda1 2124800    370       521    667              47104       297        19
1574670240000000000 DevopsRoles.com 107       0                sr0  155648     107       49     107              0           0          0

Kernel

> select * from "kernel" where host =~ /^DevopsRoles\.com$/ AND time >= now() - 120s

## The output as below:                                                                                                                                           
name: kernel
time                boot_time  context_switches entropy_avail host                         interrupts processes_forked
----                ---------  ---------------- ------------- ----                         ---------- ----------------
1574670390000000000 1566560125 897266212        1320          DevopsRoles.com 611974729  543719
1574670400000000000 1566560125 897267347        1320          DevopsRoles.com 611975497  543719
1574670410000000000 1566560125 897268311        1320          DevopsRoles.com 611976101  543719
1574670420000000000 1566560125 897269308        1355          DevopsRoles.com 611976734  543719
1574670430000000000 1566560125 897270363        1396          DevopsRoles.com 611977420  543719
1574670440000000000 1566560125 897271391        1412          DevopsRoles.com 611978084  543719
1574670450000000000 1566560125 897272328        1412          DevopsRoles.com 611978685  543719
1574670460000000000 1566560125 897273390        1423          DevopsRoles.com 611979457  543719
>

Network

> select bytes_recv,bytes_sent,drop_in,drop_out from "net" where host =~ /^DevopsRoles\.com$/ AND time >= now() - 120s

## The output as below:                                                                                                        
name: net
time                bytes_recv  bytes_sent  drop_in drop_out
----                ----------  ----------  ------- --------
1574670830000000000 42310540034 60204453178 0       0
1574670840000000000 42310549919 60204469772 0       0
1574670850000000000 42310565133 60204488497 0       0
1574670860000000000 42310577265 60204503755 0       0
1574670870000000000 42310587249 60204520594 0       0
1574670880000000000 42310613504 60204538330 0       0

Processes

> select * from "processes" where host =~ /^DevopsRoles\.com$/ AND time >= now() - 120s

## The output as below:                                                                                                                                         
name: processes
time                blocked dead host                         idle paging running sleeping stopped total total_threads unknown zombies
----                ------- ---- ----                         ---- ------ ------- -------- ------- ----- ------------- ------- -------
1574670990000000000 0       0    DevopsRoles.com 0    0      0       126      0       126   209           0       0
1574671000000000000 0       0    DevopsRoles.com 0    0      0       126      0       126   209           0       0
1574671010000000000 0       0    DevopsRoles.com 0    0      0       126      0       126   210           0       0
1574671020000000000 0       0    DevopsRoles.com 0    0      0       126      0       126   210           0       0
1574671030000000000 0       0    DevopsRoles.com 0    0      0       126      0       126   210           0       0
1574671040000000000 0       0    DevopsRoles.com 0    0      0       126      0       126   210           0       0
1574671050000000000 0       0    DevopsRoles.com 0    0      0       126      0       126   210           0       0
1574671060000000000 0       0    DevopsRoles.com 0    0      0       126      0       126   210           0       0

swap

> select * from "swap" where host =~ /^DevopsRoles\.com$/ AND time >= now() - 120s

## The output as below:                                                                                                                                              
name: swap
time                free      host                         in      out      total     used     used_percent
----                ----      ----                         --      ---      -----     ----     ------------
1574671030000000000 831287296 DevopsRoles.com 6680576 27774976 855629824 24342528 2.8449835801889956
1574671040000000000 831287296 DevopsRoles.com 6680576 27774976 855629824 24342528 2.8449835801889956
1574671050000000000 831287296 DevopsRoles.com 6680576 27774976 855629824 24342528 2.8449835801889956
1574671060000000000 831287296 DevopsRoles.com 6680576 27774976 855629824 24342528 2.8449835801889956
1574671070000000000 831287296 DevopsRoles.com 6680576 27774976 855629824 24342528 2.8449835801889956
1574671080000000000 831287296 DevopsRoles.com 6680576 27774976 855629824 24342528 2.8449835801889956
1574671090000000000 831287296 DevopsRoles.com 6680576 27774976 855629824 24342528 2.8449835801889956
1574671100000000000 831287296 DevopsRoles.com 6680576 27774976 855629824 24342528 2.8449835801889956
1574671110000000000 831287296 DevopsRoles.com 6680576 27774976 855629824 24342528 2.8449835801889956

How to show tag values.

SHOW TAG VALUES FROM system WITH KEY=host
SHOW TAG VALUES FROM "cpu" WITH KEY = "cpu" WHERE host =~ /$server/
SHOW TAG VALUES FROM "disk" WITH KEY = "device"
SHOW TAG VALUES FROM "net" WITH KEY = "interface" WHERE host =~ /$server/

Conclusion

Through the article, How to query Influxdb examples above. InfluxDB is widely used in various domains, including DevOps, IoT, monitoring and observability, and real-time analytics, due to its high performance, scalability, and ease of use. I hope will this your helpful. Thank you for reading DevOpsRoles.com page

AWS

AWS Certified Solutions Architect Exercises- part 3 Amazon VPC

Leave a comment

Introduction

In the ever-evolving landscape of technology, mastering the skills and knowledge of AWS solution architecture is more crucial than ever. Understanding and practicing exercises related to Amazon Virtual Private Cloud (VPC) is a key component in becoming an AWS Certified Solutions Architect. This article, the third installment in our series, will guide you through essential exercises involving Amazon VPC. We will help you grasp how to set up and manage VPCs, understand their core components, and create a secure, flexible networking environment for your applications.

In this article, we’ll learn about Amazon VPC, the best way to become familiar with Amazon VPC is to build your own custom Amazon VPC and then deploy Amazon EC2 instances into it. AWS Certified Solutions Architect Exercises- part 3 Amazon VPC

1. Today’s tasks

  • Create a Custom Amazon VPC
  • Create Two Subnets for Your Custom Amazon VPC
  • Connect Your Custom Amazon VPC to the Internet and Establish Routing
  • Launch an Amazon EC2 Instance and Test the Connection to the Internet.

2. Before you begin AWS Certified Solutions Architect

  • Command-line tool to SSH into the Linux instance.

3. Let’s do it

EXERCISE 1:

Create a Custom Amazon VPC

1. Open the Amazon VPC console

2. In the navigation pane, choose Your VPCs, and Create VPC.

3. Specify the following VPC details as necessary and choose to Create.

  • Name tag: My First VPC
  • IPv4 CIDR block: 192.168.0.0/16
  • IPv6 CIDR block:  No IPv6 CIDR Block
  • Tenancy:  Default

EXERCISE 2:

Create Two Subnets for Your Custom Amazon VPC

To add a subnet to your VPC using the console

1. Open the Amazon VPC console

2. In the navigation pane, choose SubnetsCreate subnet.

3. Specify the subnet details as necessary and choose to Create.

  • Name tag: My First Public Subnet.
  • VPC: Choose the VPC from Exercise 1.
  • Availability Zone: Optionally choose an Availability Zone in which your subnet will reside, or leave the default No Preference to let AWS choose an Availability Zone for you.
  • IPv4 CIDR block: 192.168.1.0/24.

4. Create a subnet with a CIDR block equal to 192.168.2.0/24 and a name tag of My First Private Subnet. Create the subnet in the Amazon VPC from Exercise 1, and specify a different Availability Zone for the subnet than previously specified (for example, ap-northeast-1c). You have now created two new subnets, each in its own Availability Zone.

EXERCISE 3:

Connect Your Custom Amazon VPC to the Internet and Establish Routing

1. Create an IGW with a name tag of My First IGW and attach it to your custom Amazon VPC.

2. Add a route to the main route table for your custom Amazon VPC that directs Internet traffic (0.0.0.0/0) to the IGW.

3. Create a NAT gateway, place it in the public subnet of your custom Amazon VPC, and assign it an EIP.

4. Create a new route table with a name tag of My First Private Route Table and place it within your custom Amazon VPC. Add a route to it that directs Internet traffic (0.0.0.0/0) to the NAT gateway and associate it with the private subnet.

EXERCISE 4:

Launch an Amazon EC2 Instance and Test the Connection to the Internet

1. Launch a t2.micro Amazon Linux AMI as an Amazon EC2 instance into the public subnet of your custom Amazon VPC, give it a name tag of My First Public Instance and select your key pair for secure access to the instance.

2. Securely access the Amazon EC2 instance in the public subnet via SSH with a key pair.

3. Execute an update to the operating system instance libraries by executing the following command:

sudo yum update -y

4. You should see an output showing the instance downloading software from the Internet and installing it.

5. Delete all resources created in this exercise.

Conclusion

Mastering exercises related to Amazon VPC not only prepares you better for the AWS Certified Solutions Architect exam but also equips you with vital skills for deploying and managing cloud infrastructure effectively. From creating and configuring VPCs to setting up route tables and network ACLs, each step in this process contributes to building a robust and secure network system. We hope this article boosts your confidence in applying the knowledge gained and continues your journey toward becoming an AWS expert.

If you have any questions or need further assistance, don’t hesitate to reach out to us. Best of luck on your path to becoming an AWS Certified Solutions Architect! AWS Certified Solutions Architect Exercises- part 3 Amazon VPC. Happy Clouding!!! Thank you for reading the DevopsRoles page!

Kubernetes

How to Kubernetes Minikube Deploy Pods

Leave a comment

Introduction

In the rapidly evolving world of cloud-native applications, Kubernetes has emerged as the go-to platform for automating deployment, scaling, and managing containerized applications. For those who are new to Kubernetes or looking to experiment with it in a local environment, Minikube is the ideal tool. Minikube allows you to run a single-node Kubernetes cluster on your local machine, making it easier to learn and test.

This guide will walk you through the process of deploying and managing Pods on Kubernetes Minikube. We will cover everything from basic concepts to advanced operations like scaling and exposing your services. Whether you are a beginner or an experienced developer, this guide will provide you with valuable insights and practical steps to effectively manage your Kubernetes environment.

What is Kubernetes Minikube?

Kubernetes is an open-source platform that automates the deployment, scaling, and operation of application containers across clusters of hosts. Minikube is a tool that enables you to run a single-node Kubernetes cluster on your local machine. It’s an excellent way to start learning Kubernetes without needing access to a full-fledged Kubernetes cluster.

Key Components of Kubernetes Minikube

Before diving into the hands-on steps, let’s understand some key components you’ll interact with:

  • Service: An abstract way to expose an application running on a set of Pods as a network service.
  • Pod: The smallest and simplest Kubernetes object. A Pod represents a running process on your cluster and contains one or more containers.
  • kubectl: The command-line interface (CLI) tool used to interact with Kubernetes clusters.

Kubernetes Minikube Deploy Pods

Create Pods

[root@DevopsRoles ~]# kubectl run test-nginx --image=nginx --replicas=2 --port=80 
[root@DevopsRoles ~]# kubectl get pods

The output environment variable for test-nginx pod

[root@DevopsRoles ~]# kubectl exec test-nginx-c8b797d7d-mzf91 env

Access to test-nginx pod

[root@DevopsRoles ~]# kubectl exec -it test-nginx-c8b797d7d-mzf91 bash
root@test-nginx-c8b797d7d-mzf91:/# curl localhost

show logs of test-nginx pod

[root@DevopsRoles ~]# kubectl logs test-nginx-c8b797d7d-mzf91

How to scale out pods

[root@DevopsRoles ~]# kubectl scale deployment test-nginx --replicas=3 
[root@DevopsRoles ~]# kubectl get pods

set service 

[root@DevopsRoles ~]# kubectl expose deployment test-nginx --type="NodePort" --port 80 
[root@DevopsRoles ~]# kubectl get services test-nginx
[root@DevopsRoles ~]# minikube service test-nginx --url
[root@DevopsRoles ~]# curl http://10.0.2.10:31495

Delete service and pods

[root@DevopsRoles ~]# kubectl delete services test-nginx
[root@DevopsRoles ~]# kubectl delete deployment test-nginx

Frequently Asked Questions

What is Minikube in Kubernetes?

Minikube is a tool that allows you to run a Kubernetes cluster locally on your machine. It’s particularly useful for learning and testing Kubernetes without the need for a full-blown cluster.

How do I create a Pod in Kubernetes Minikube?

You can create a Pod in Kubernetes Minikube using the kubectl run command. For example: kubectl run test-nginx --image=nginx --replicas=2 --port=80.

How can I scale a Pod in Kubernetes?

To scale a Pod in Kubernetes, you can use the kubectl scale command. For instance, kubectl scale deployment test-nginx --replicas=3 will scale the deployment to three replicas.

What is the purpose of a Service in Kubernetes?

A Service in Kubernetes is used to expose an application running on a set of Pods as a network service. It allows external traffic to access the Pods.

How do I delete a Service in Kubernetes?

You can delete a Service in Kubernetes using the kubectl delete services <service-name> command. For example: kubectl delete services test-nginx.

Conclusion

Deploying and managing Pods on Kubernetes Minikube is a foundational skill for anyone working in cloud-native environments. This guide has provided you with the essential steps to create, scale, expose, and delete Pods and Services using Minikube.

By mastering these operations, you’ll be well-equipped to manage more complex Kubernetes deployments in production environments. Whether you’re scaling applications, troubleshooting issues, or exposing services, the knowledge gained from this guide will be invaluable. Thank you for reading the DevopsRoles page!

Linux

Grafana reset admin password

Leave a comment

Introduction

I have forgotten the password admin Grafana dashboard. Yesterday, I can not log in to my Grafana dashboard. I have searched google and reset the Admin password in Grafana. Now, let’s go Grafana reset admin password.

Grafana is a powerful open-source platform for monitoring and observability. Its user-friendly dashboards make it a favorite among DevOps teams and system administrators. However, there may be situations where you need to reset the admin password, such as forgotten credentials or initial setup. In this comprehensive guide, we’ll cover everything you need to know about resetting the admin password in Grafana, from basic commands to advanced security practices.

Why Resetting the Admin Password Is Essential

Resetting the admin password in Grafana is necessary in scenarios like:

  • Forgotten Admin Credentials: If the admin password is lost, resetting it ensures access to the platform.
  • Security Maintenance: Resetting passwords regularly minimizes the risk of unauthorized access.
  • Initial Setup Needs: During initial configuration, resetting the default password enhances security.

Grafana provides multiple ways to reset the admin password, catering to different environments and user needs. Let’s dive into these methods step-by-step.

How do I Grafana reset admin password

Log in to the database

$ sudo sqlite3 /var/lib/grafana/grafana.db

Reset the admin password to “admin”

sqlite> update user set password = '59acf18b94d7eb0694c61e60ce44c110c7a683ac6a8f09580d626f90f4a242000746579358d77dd9e570e83fa24faa88a8a6', salt = 'F3FAxVm33R' where login = 'admin';
sqlite> .quit

Now you can log in using these credentials:

  • username: admin
  • password: admin

FAQs on Grafana Reset Admin Password

1. What happens if I reset the admin password?

Resetting the admin password updates the login credentials for the admin user only. Other user accounts and settings remain unaffected.

2. Can I reset the password without restarting Grafana?

No, most methods require restarting the Grafana service to apply changes.

3. Is the grafana-cli command available for all installations?

The grafana-cli tool is available in standard installations. If it’s missing, verify your installation method or use alternative methods.

4. How can I hash passwords for SQL resets?

Use a tool like openssl or online SHA256 hashing tools to generate a hashed password.

5. Is it possible to automate password resets?

Yes, you can automate resets using scripts that interact with grafana-cli or directly modify the database.

Additional Resources

Conclusion

Resetting the admin password in Grafana is a straightforward process, whether using the grafana-cli command, editing the configuration file, or updating the database directly. By following this guide, you can efficiently regain access to your Grafana instance and secure it against unauthorized access. Remember to adopt best practices for password management to maintain a robust security posture.

You have reset admin password Grafana dashboard. Afterward, you need to change the admin password. Thank you for reading the DevopsRoles page!

Docker

Creating a Dockerfile step by step Instructions

Leave a comment

Introduction

Creating efficient and reliable Docker images starts with a well-crafted Dockerfile step by step. In this article, we will provide a step-by-step guide to writing Dockerfiles, covering essential commands, best practices, and tips to optimize your Docker workflow. Whether you are new to Docker or looking to enhance your skills, this comprehensive guide will help you create Dockerfiles that streamline your development and deployment processes. For a detailed walkthrough, visit Dockerfile Step-by-Step.

Docker Image command

  • shows all images: docker images
  • creates an image from Dockerfile: docker build
  • creates an image from a tarball: docker import
  • turns container filesystem into tarball archive stream to STDOUT: docker export
  • loads an image from a tar archive as STDIN, including images and tags (as of 0.7): docker load
  • saves an image to a tar archive stream to STDOUT with all parent layers, tags & versions (as of 0.7): docker save
  • removes an image: docker rmi
  • tags an image to a name (local or registry): docker tag
  • shows the history of the image: docker history
  • creates an image from a container, Pausing it temporarily if it is running: docker commit

Dockerfile step by step

What is Dockerfile?

A Dockerfile is a text document that contains all the commands a user.

FROM, RUN, CMD in Dockerfile

Example Dockerfile for installing the Nginx web server.

FROM centos:7
RUN yum install -y nginx
CMD ["nginx", "-g", "daemon off;"]

Docker shell command line

docker build -t test/nginx:v1 .
docker run -it --rm -p 80:80 test/nginx:v1

Docker build cache

After each build step, Docker takes a snapshot of the resulting image. You can force a rebuild with docker build –no-cache

Docker JSON syntax

Most Dockerfile arguments

Plain string format: 

RUN yum install -y nginx

JSON format list:

RUN ["yum", "install", "-y", "nginx"]

COPY, ENV, EXPOSE in Dockerfile

Example Dockerfile 

FROM centos:7
RUN yum update -y
RUN yum install -y nginx
# make utf-8 enabled by default
ENV LANG en_US.utf8
COPY index.html /usr/share/nginx/html/index.html
EXPOSE 80 443
CMD ["nginx", "-g", "daemon off;"]

VOLUME in Dockerfile

For example Dockerfile

VOLUME ["/etc/nginx/"]

ENTRYPOINT vs CMD in Dockerfile

#For example
CMD ["nginx", "-g", "daemon off;"]
ENTRYPOINT ["/docker-entrypoint.sh"]

You will use ENTRYPOINT and CMD together

  • ENTRYPOINT will define the base command for our container.
  • CMD will define the default parameter(s) for this command.
  • They both have to use JSON syntax.

More

  • MAINTAINER: Set the Author field of the generated images. Ex: MAINTAINER Huu Phan “huupv@gmail.com”
  • ADD: Copies new files, directories, or remote files to the container. Invalidates caches. Avoid ADD and use COPY instead. Ex: ADD build-nginx /tmp/build-nginx
  • STOPSIGNAL: Sets the system call signal that will be sent to the container to exit. Ex: STOPSIGNAL SIGINT
  • WORKDIR: Sets the working directory. Ex: WORKDIR /etc/nginx
  • USER: Sets the username for following RUN / CMD / ENTRYPOINT commands. Ex: USER nginx
  • LABEL: Apply key/value metadata to your images, containers, or daemons. Ex: LABEL architecture=”amd64″
  • ARG: Defines a build-time variable. Ex: ARG buildno
  • ONBUILD: Adds a trigger instruction when the image is used as the base for another build. Ex: ONBUILD COPY . /app/src

Conclusion

A solid understanding of Dockerfile construction is crucial for leveraging the full potential of Docker in your projects. This step-by-step guide aims to equip you with the knowledge and techniques to create efficient and effective Dockerfiles.

By following these guidelines, you can ensure smoother builds, reduced image sizes, and enhanced performance in your Docker environments. To stay updated with the latest tips and best practices, be sure to visit Dockerfile Step-by-Step. Let this guide be your roadmap to mastering Dockerfile creation.

Linux

Install Prometheus on RHEL / CentOS 7

Leave a comment

In this tutorial, How to install Prometheus on RHEL / CentOS 7. Prometheus is an open-source applications and microservices. Prometheus releases Github

Install Prometheus

Create user and group Prometheus system

sudo groupadd --system prometheus
sudo useradd -s /sbin/nologin --system -g prometheus prometheus

Create the data directory for Prometheus

sudo mkdir /var/lib/prometheus

Prometheus creates the configuration directory

sudo mkdir -p -m 775 /etc/prometheus/{rules,rules.d,files_sd}

Download and extract Prometheus

cd /tmp
export RELEASE=2.8.1
wget https://github.com/prometheus/prometheus/releases/download/v${RELEASE}/prometheus-${RELEASE}.linux-amd64.tar.gz
tar xvf prometheus-${RELEASE}.linux-amd64.tar.gz
cd prometheus-${RELEASE}.linux-amd64/

Copy Prometheus binary, consoles and console_libraries

sudo cp prometheus promtool /usr/local/bin/
sudo cp -r consoles/ console_libraries/ /etc/prometheus/

Create a Prometheus configuration file.

sudo vi /etc/prometheus/prometheus.yml

The content as below

# Global config
global: 
  scrape_interval:     15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.  
  evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.  
  scrape_timeout: 15s  # scrape_timeout is set to the global default (10s).

# A scrape configuration containing exactly one endpoint to scrape:# Here it's Prometheus itself.
scrape_configs:
  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
  - job_name: 'prometheus'

    # metrics_path defaults to '/metrics'
    # scheme defaults to 'http'.

    static_configs:
    - targets: ['localhost:9090']

Create a Prometheus systemd service unit file.

sudo vi /etc/systemd/system/prometheus.service

The content Prometheus systemd service as below

[Unit]
Description=Prometheus
Documentation=https://prometheus.io/docs/introduction/overview/
Wants=network-online.target
After=network-online.target

[Service]
Type=simple
Environment="GOMAXPROCS=2"
User=prometheus
Group=prometheus
ExecReload=/bin/kill -HUP $MAINPID
ExecStart=/usr/local/bin/prometheus \
  --config.file=/etc/prometheus/prometheus.yml \
  --storage.tsdb.path=/var/lib/prometheus \
  --web.console.templates=/etc/prometheus/consoles \
  --web.console.libraries=/etc/prometheus/console_libraries \
  --web.listen-address=0.0.0.0:9090 \
  --web.external-url=

SyslogIdentifier=prometheus
Restart=always

[Install]
WantedBy=multi-user.target

Note: You remember to edit the line: Environment=”GOMAXPROCS=2 with replacing 2 is the number of vcpus on the server.

Clean install

rm -rf prometheus-${RELEASE}.linux-amd64.tar.gz
rm -rf prometheus-${RELEASE}.linux-amd64/

Change directory permission.

sudo chown -R prometheus:prometheus /etc/prometheus
sudo chown -R prometheus:prometheus /var/lib/prometheus/

Reload systemd daemon and start the Prometheus service

sudo systemctl daemon-reload
sudo systemctl start prometheus

Configure firewalld

sudo firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" \
source address="192.168.10.0/24" port protocol="tcp" port="9090" accept'
sudo firewall-cmd --reload

Test access Prometheus service on port 9090

$ telnet localhost 9090

Access Prometheus Web dashboard on server

You have to install Prometheus on your system! You got it. Thank you for reading the DevopsRoles page!