Wednesday, April 12, 2017

Use openssl to create certificates

openssl can be use to manually generate certificates for your cluster.

1. Generate a key "ca.key" using 2048 bits: 
openssl genrsa -out ca.key 2048

2. Use the ca.key to generate a certificate "ca.crt" (use -days to set the certificate effective time):
openssl req -x509 -new -nodes -key ca.key \
    -subj "/CN=${MASTER_IP}" -days 1000 -out ca.crt

3. Generate a key "server.key" using 2048 bits, same as generate ca key: 
 openssl genrsa -out server.key 2048
4. Use the server.key to generate a Certificate Signing Request "server.csr": 
openssl req -new -key server.key -subj "/CN=${MASTER_IP}" \
    -out server.csr

5.Use the CA key "ca.key", certificate "ca.crt" and a server CSR "server.csr" to generate a certificate "server.crt": 
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key \
    -CAcreateserial -out server.crt -days 10000

6. View the certificate.
openssl x509  -noout -text -in ./server.crt 


The above procedure uses openssl generate the ca certificate, and a server certificate that the ca will be able to validate since the server certificate was generated by using the CA certificate.

csr file - certificate signing request file. It is a message sent from an applicant to a Certificate Authority in order to apply for a digital identity certificate.
crt file - certificate file,  crt files are used to verify a secure website's authenticity, distributed by certificate authority (CA) companies such as GlobalSign, VeriSign and Thawte.
A certificate contains a public key.

The certificate, in addition to the public key, contains additional information, such as issuer, what it's supposed to be used for, and any other type of metadata.

Typically a certificate is itself signed with a private key, that verifies its authenticity.
Posted by at No comments:

Sunday, February 26, 2017

All about containers

Here is the command to create a docker container by using google container image.

  docker run --rm gcr.io/google-containers/busybox
 
Use docker to run an interactive container from gcr


  docker run -i -t gcr.io/google-containers/busybox 
 
Use kubectl to run an interactive container from gcr 
 
  kubectl run -i -t tongbusy --image=gcr.io/google-containers/busybox
 
Attach to a running container in a pod.
 
  kubectl attach tongbusy-400598208-v0jpg -c tongbusy -i -t 
 
 
Install pypy to coreos
 
  wget https://bitbucket.org/squeaky/portable-pypy/downloads/pypy-5.6-linux_x86_64-portable.tar.bz2
   
  tar xf pypy-5.6-linux_x86_64-portable.tar.bz2 
 
Check coreos releases:
 
  cat /etc/os-release
Posted by at No comments:

Inspect log files of systemd server 

journalctl -u [unitfile]
 
for example, for a service named kube-apiserver, you should do the following:
 
   sudo journalctl -u kube-apiserver
 
 
Other kubernetes services checking log files:
 
sudo journalctl -u kube-controller-manager
sudo journalctl -u kube-scheduler
sudo journalctl -u kubelet
sudo journalctl -u kube-proxy    
 
Posted by at No comments:

Thursday, February 2, 2017

Get various networking related parameters by using basic bash command

vifcidr=$(ip -4 -o addr | grep -v '127.0.0.1' | awk '{print $4}’)
Find the cidr

vifbrd=$(ip -4 -o addr | grep -v '127.0.0.1' | awk '{print $6}’)
Find the broadcast address

vifmtu=$(ip -4 -o link | grep -v 'LOOPBACK' | awk '{print $5}’)
Find MTU

vifip=$(echo $vifcidr | awk -F '/' '{print $1 }')
Find IP address based on the cidr found above

vifname=$(ip -4 -o addr | grep -v '127.0.0.1' | awk '{print $2}')
Find the non-loopback interface card

defaultgw=$(ip route | awk '/default / {print $3}')
Find the default gateway ip address
Posted by at No comments:

Tuesday, January 3, 2017

Setup ansible environment with specific version on Ubuntu 



sudo apt-get update
sudo apt-get install python-dev python-pip libssl-dev libffi-dev -y
sudo pip install --upgrade pip

sudo pip install six==1.10.0
sudo pip install shade==1.16.0
sudo pip install ansible==2.2.1.0

The versions above shows the versions which were used by OpenStack Interop Challenge workload needed versions.
Posted by at No comments:

Tuesday, December 13, 2016

cron automation

Use cron to setup automated log file removal or other periodic tasks in linux environment is very useful. Here are the steps to automate that.

1. Run the following command to export the current crontab:
 
crontab -u john -l > john-cron-backup.txt

2. Edit the exported john-cron-backup.txt file to your need.

3. Run the following command to restore from the edited file to make it taking effects:
    
crontab -u john john-cron-backup.txt
 
Here is an example backup file: 


MAILTO=""
SHELL=/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin

# m h  dom mon dow   command
0 1 * * 1 rm -r -f /var/log/**/*.gz
0 1 * * 1 rm -r -f /var/log/**/*.log.1
0 1 * * 1 rm -r -f /var/log/*.gz


 


    


 










Posted by



at





No comments:
  


































          

        

          

        

Tuesday, December 6, 2016


          

        









How to backup and restore alive Ubuntu server










Backup and restore alive Ubuntu system is useful for developers who maintain and install systems all the time, the follow procedure should help when your system is using lvm file system.



Backup the live Ubuntu system by following the below steps:



Use df -h command to figure out what is the logical volume where the root file system is on. Also look into /dev directory for the logical volumes. In the example below, the logical volume that holds the entire system is /dev/vg00/vg00-lv01



Only do this once when the system is clean:

1. Create a logical volume from a volume group (vg01) which will store the backup:

           lvcreate -L 40G -n space vg01 

2. Create the file system on the new logical volume:

           mkfs -t ext4 /dev/vg01/space

3. Create snapshot of the root logical volume:

           lvcreate --size 6G -s -n cleansystem /dev/vg00/vg00-lv01

4. Create a directory to mount the logical volume:

           mkdir /space

           mount /dev/vg01/space /space           mkdir -p /space/snap /space/backup

5. Mount snapshot and save everything

          mount /dev/vg00/cleansystem /space/snap

          cd /space/snap

          tar -pczvf /space/backup/cleansystem.tar.gz *

          umount /space/snap

          lvremove /dev/vg00/cleansystem



After these steps, a tar.gz file named cleansystem.tar.gz should be produced in /space/backup directory. This is the file should be kept for restore later.



Restore the Ubuntu sytem by following the below steps:



The follow steps are to recover the system from the saved tar.gz in /space/backup directory, assume that the logical volume which contains the backup tar.gz file has been mounted on /space.



lvcreate —size 20G -s -n resetpoint /dev/vg00/vg00-lv01

mount /dev/vg00/resetpoint /space/snap

cd /space/snap

rm -r -f *



tar -xvf /space/backup/cleansystem.tar.gz

umount /space/snap

lvconvert —merge /dev/vg00/resetpoint











Posted by



at





No comments:
  


































        

      









Subscribe to:
Posts (Atom)