Friday, June 7, 2019

System performance measure tool

vmstat -w 3 20

This will measure the system 3 times per second and show 20 data points

Here is what each column means:

Procs
    r: The number of processes waiting for run time.
    b: The number of processes in uninterruptible sleep.
Memory
    swpd: the amount of virtual memory used.
    free: the amount of idle memory.
    buff: the amount of memory used as buffers.
    cache: the amount of memory used as cache.
    inact: the amount of inactive memory. (-a option)
    active: the amount of active memory. (-a option)
Swap
    si: Amount of memory swapped in from disk (/s).
    so: Amount of memory swapped to disk (/s).
IO
    bi: Blocks received from a block device (blocks/s).
    bo: Blocks sent to a block device (blocks/s).
System
    in: The number of interrupts per second, including the clock.
    cs: The number of context switches per second.
CPU
    These are percentages of total CPU time.
    us: Time spent running non-kernel code. (user time, including nice time)
    sy: Time spent running kernel code. (system time)
    id: Time spent idle. Prior to Linux 2.5.41, this includes IO-wait time.
    wa: Time spent waiting for IO. Prior to Linux 2.5.41, included in idle.
    st: Time stolen from a virtual machine. Prior to Linux 2.6.11, unknown.
 
We can use 
 
fdisk -l
 
to list all the disks in the system
 
Then use the following command to see block size
 
dumpe2fs /dev/sda1 | fgrep -e 'Block size'
Posted by at No comments:

Sunday, April 14, 2019

The steps to create ingress in k8s

1. Create a namespace and service account
2. Create nginx server secret, basically a pair of crt and key file using the following command:
    
openssl req -newkey rsa:2048 -nodes -keyout nginx.key -x509 -days 365 -out nginx.crt
 
3. Create k8s configmap for customizing nginx which can include sub_filter directives etc.
4. k8s rbac to allow the service account to do things
5. Deploy ingress controller using either daemon set or deployment
6. Use either NodePort service or LoadBalancer to allow access to the daemon set.

The above steps are really just the steps to make sure that the access to the services uses nginx ingress controller.

The next few steps are to deploy the actual application.

1. Deploy your actually application using either pods or replicateset or whatever you prefer.
2. Create an Ingress service which maps path to each app. It is this service also has tls and basic authentication in like the following:


apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: nginx-test 
  annotations:
    # type of authentication
    nginx.ingress.kubernetes.io/auth-type: basic
    # name of the secret that contains the user/password definitions
    nginx.ingress.kubernetes.io/auth-secret: TheNameOfK8sSecret
    # message to display with an appropriate context why the authentication is required
    nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - foo'
  
spec:
  tls:
    - hosts:
      - foo.bar.com
      # This assumes tls-secret exists and the SSL 
      # certificate contains a CN for foo.bar.com
      secretName: tls-secret
  rules:
    - host: foo.bar.com
      http:
        paths:
        - path: /
          backend:
            # This assumes http-svc exists and routes to healthy endpoints
            serviceName: http-svc
            servicePort: 80
Posted by at 1 comment:

Friday, March 8, 2019

Update cello ansible agent to allow peer external endpoint to be available before start peers

first start services, then get IP address. then generate the deployment yaml file.
Posted by at No comments:

Wednesday, February 20, 2019

What information contains in a certificate?

Certificate is normally issued to an individual or a company by CA. In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the ownership of a public key. Which contains the following information.

openssl x509 -in tlsca.org2msp-cert.pem -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            df:c6:71:a4:bb:41:1f:73:83:ed:d5:95:93:24:2f:f6
    Signature Algorithm: ecdsa-with-SHA256
        Issuer: C=US, ST=California, L=San Francisco, O=org2msp, CN=tlsca.org2msp
        Validity
            Not Before: Feb 20 17:20:00 2019 GMT
            Not After : Feb 17 17:20:00 2029 GMT
        Subject: C=US, ST=California, L=San Francisco, O=org2msp, CN=tlsca.org2msp
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:02:ea:14:c2:52:0d:02:10:02:c1:6e:41:8e:b7:
                    33:0e:73:4b:1f:9d:8a:b3:d0:90:41:2d:4f:49:4f:
                    ee:cf:20:05:d4:e6:26:99:d4:d4:90:1c:71:02:bc:
                    1f:30:15:b1:b2:d4:b2:49:d5:9f:7b:f8:20:15:e6:
                    cc:ae:75:05:12
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment, Certificate Sign, CRL Sign
            X509v3 Extended Key Usage:
                TLS Web Client Authentication, TLS Web Server Authentication
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier:
                1A:23:57:FF:C1:BC:12:26:EA:94:44:2A:35:E6:A6:AA:9A:58:26:B1:03:52:04:44:10:DA:54:AA:08:2D:D5:5D
    Signature Algorithm: ecdsa-with-SHA256
         30:44:02:20:68:f1:1c:b3:25:ac:a8:99:31:f1:a9:c5:ce:51:
         c6:cc:90:2f:06:1e:d0:8c:51:e3:1c:f6:30:3d:dd:59:49:8e:
         02:20:1b:88:49:b2:ce:c8:1e:30:52:d1:25:a7:7a:47:ff:a4:
         03:1b:8d:e5:48:4e:6a:e9:2d:eb:07:36:d3:b5:c0:d4

Posted by at No comments:

Thursday, February 14, 2019

Install perf on fabric container

1. apt install linux-tools-generic
2. apt install linux-tools-4.4.0-141-generic

dstat
apt install dstat

dstat -cd --disk-util --disk-tps

apt install atop ioping

iotop
lsblk

ioping /dev/xvdc
Posted by at No comments:

Sunday, February 10, 2019

Resize VirtualBox Hard disk

After your virtual machine run for awhile, you found that your originally allocated virtual hard disk may run out of the space. You may not always want to recreate the vm since you may have things in the VM that you do not want to destroy. Here is the process to size the hard disk without destroy what is already in the VM.

1. Use VBoxManage modifyhd command:

   VBoxManage modifyhd NGINX.vdi --resize 30000
 
  The parameter for --resize is in MB. 30000 is 30GB. 40000 is 40GB.
2. If your VM has snapshots, you will have to do the exact same command for each snapshot vdi file. Without doing this, you will not be able to do the next step.

3. Use gparted iso mounted onto your VM and then boot up your VM.
4. Use the gparted to resize your disk, then reboot your VM. Your VM at this point will have resized disk size. 
Posted by at No comments:

Friday, November 9, 2018

Getting all running jobs from jenkins

http://hfrdrestsrv.rtp.raleigh.ibm.com:8080/computer/api/xml?tree=computer[oneOffExecutors[currentExecutable[url]]]&xpath=//url&wrapper=build
Posted by at No comments:
Subscribe to: Posts (Atom)