Monday, April 30, 2018

Set up my own git server.

The procedure to setup a git server

1. Create few directories
$ mkdir -p ~/gitserver/repos ~/gitserver/keys
2. Create an empty project named myrepo
$ cd ~/gitserver/repos
$ git init --bare myrepo.git
3. Add some public keys to the keys directory ~/gitserver/keys by simply copy pub key files in that directory.

4. Run the following command to start up the git server:
docker run -d -p 2222:22 \
  --restart unless-stopped \
  -v /home/ibmadmin/gitserver/repos:/git-server/repos \
  -v /home/ibmadmin/gitserver/keys:/git-server/keys \
  --name gitserver jkarlos/git-server-docker
5. Now access the project at this url:
ssh://git@9.42.91.228:2222/git-server/repos/myrepo.git
Notice that the user for this git server is called "git".

The procedure to setup a mirror repo of another repo. In the following example, mirror.git is the mirror of the original.git repo.

Do the following initially:
git clone --mirror git@example.com/original.git
cd original.git
git push --mirror git@example.com/mirror.git
Do not delete the original.git, keep that directory. When there is an update, make sure that the private key which matches the public key used for the git server was added to ssh-agent, then simply do the following: 
cd original.git
git fetch
git push --mirror git@example.com/mirror.git
Posted by at No comments:

Start a gerrit server using docker container

docker run -d -p 9090:8080 -p 29418:29418 \
  --restart unless-stopped \
  -v /home/ibmadmin/gerrit/gerrit_vol:/var/gerrit/review_site \
  -e AUTH_TYPE=DEVELOPMENT_BECOME_ANY_ACCOUNT \
  --name gerrit openfrontier/gerrit

see openfrontier/gerrit for more starting parameters.
Posted by at No comments:

Tuesday, April 24, 2018

Make virtualbox VM using host dns

Run the following command on the host where VirtualBox runs to make changes to a VM.

VBoxManage modifyvm "NewJenkins" --natdnshostresolver1 on

This has to run when the VM is shutdown. The name of the VM in the above case is called 'NewJenkins'
Posted by at No comments:

Friday, April 20, 2018

what is the dns doing

with the following deployment file:

apiVersion: v1
kind: Service
metadata:
  name: tongpeer
spec:
  selector:
    name: busybox
  clusterIP: None
  ports:
  - name: foo # Actually, no port is needed.
    port: 1234
    targetPort: 1234
---
apiVersion: v1
kind: Pod
metadata:
  name: busybox1
  labels:
    name: busybox
spec:
  hostname: busybox-1
  subdomain: tongpeer
  containers:
  - image: busybox
    command:
      - sleep
      - "3600"
    name: busybox
---
apiVersion: v1
kind: Pod
metadata:
  name: busybox2
  labels:
    name: busybox
spec:
  hostname: busybox-2
  subdomain: tongpeer
  containers:
  - image: busybox
    command:
      - sleep
      - "3600"
    name: busybox
 
When this gets deployed onto default namespace, 
 
The service name becomes tongpeer.default.svc.fabricnet, which can be nslookup by
 
nslookup tongpeer
nslookup tongpeer.default.svc.fabricnet
 
 
Two busybox get names like the following:
 
busybox-1.tongpeer.default.svc.fabricnet
busybox-2.tongpeer.default.svc.fabricnet 


nslookup will work with the full name for pods.




If the namespace is called tongnet, then the names will be


tongpeer
tongpeer.tongnet.svc.fabricnet


busybox-1.tongpeer.tongnet.svc.fabricnet
busybox-2.tongpeer.tongnet.svc.fabricnet




Need to figure out why there is svc.fabricnet at the end.
Posted by at No comments:

Thursday, April 5, 2018

Run docker inside a docker container but produce containers side by side. 

docker run -v /var/run/docker.sock:/var/run/docker.sock ...
 
For example:
 
    docker run -v /var/run/docker.sock:/var/run/docker.sock \
       -ti docker 
 
or start the docker and use it from a different instance
 
    docker run --privileged --name some-docker -d docker:dind 


    docker exec -it some-docker /bin/sh
Posted by at No comments:

Sunday, April 1, 2018

Setting up nexus3 with docker and raw repo with ldap and tls enabled

1. Create a directory to hold all nexus3 data and keystore:
mkdir -p /home/ubuntu/nexus3/etc/ssl

2. Create a keystore by running the following commands:
cd /home/ubuntu/nexus3/etc/ssl
keytool -genkeypair -keystore keystore.jks -storepass password \
-alias fabric.com -keyalg RSA -keysize 2048 -validity 5000 \
-keypass password -dname 'CN=*.fabric.com, dc=fabric, dc=com, C=US' \
-ext 'SAN=DNS:fabric.com,IP:192.168.56.30' -ext "BC=ca:true"

   This creates a file named keystore.jks, if you use other name for the nexus3, for some reasons, it won't work, very strange.

3. Make the user 200:200 to own the directory:
sudo chown -R 200:200 /home/ubuntu/nexus3
4. Run the following command to start it.
docker run -d -p 8081:8081 -p 8443:8443 --restart always \
--name nexus -v /home/ubuntu/nexus3:/nexus-data \
-v /home/ubuntu/nexus3/etc/ssl:/opt/sonatype/nexus/etc/ssl \
sonatype/nexus3

   This command starts up nexus3 container and hookup with the container with the right keystore location and data location.

5. Configure the nexus3 to use ldap by login to https://192.168.56.30:8081

      Administration -> Security -> LDAP
      Connection:
      LDAP server address:      ldap://192.168.56.30:389
      Search base:                     dc=fabric,dc=com
      Authentication method:   Simple Authentication
      Username or DN:            cn=admin,dc=fabric,dc=com
      Password:                        fabric123

      User and group:
      Base DN:        empty string
      Are users locate in structures below the user base DN?  off
      User filter:      empty string
      User ID sttribute:        uid
      Real name attribute:      cn
      Email attribute:       mail
      Password attribute:      userpassword
      Map LDAP groups as roles:    off

     Administration -> Security -> Realms
     add LDAP Realm to the left box

6. Raw repository:

    Create a raw hosted repository,
    Create a role so that people in the role can operator the raw repository
        Administration -> Security -> Roles,  Click on Create role button, Nexus role
        basically add nx-repository-view-raw-<repo-name>-* to the left box.
    Map users to that role.
        Administration -> Security -> Users, Source: LDAP, search for all the users
        basically associate each user to the role created in above step.
    Then use the following command to upload a file to the repository

curl -u user1:fabric123 -k --upload-file users.ldif \
https://192.168.56.30:8081/repository/fabricImages
   The above command uploads the file users.ldif to the raw (hosted) repository named fabricImages 
curl -u user1:fabric123 -k -T users.ldif \
https://192.168.56.30:8081/repository/fabricImages/testfolder/users.ldif
   The above command uploads a file and create the testfolder directory as well at the same time.

7. Docker repository:

   Create docker hosted repository, set https port to be 8443, Force basic authentication
   and allow redeploy. Since this is using the self signed certificate, any docker client
   wants to access it, will need to put the server certificate in

/etc/docker/certs.d/<server>:<port>/ca.crt file
   the server has to be the server name or IP address.
   the port in this case is 8443

   To get the server certificate file, run the following command:
keytool -printcert --sslserver 192.168.56.30:8443 -rfc
Posted by at No comments:
Subscribe to: Posts (Atom)