Child pages
- Active Infrastructure
- CI/CD
- Databases
- Docker Reference Images by Language
- Encryption
- Java Application Servers
- KIND
- Kubernetes Devops
- LDAP
- Logging Frameworks
- Monitoring - Metrics
- Performance
- Software
- Sonar
- SSL Certificates
- Ubuntu
- UNIX
- Windows
TOC
Infrastructure
see https://github.com/obrienlabs/infrastructure
Docker
windows corporate docker desktop install issues - https://github.com/docker/for-win/issues/6091
Kubernetes
Kubernetes Cluster on AWS EC2
We will be using the Rancher Labs RKE tool - currently at version 0.2.4 as of 20190606 - we are still on a stable 0.2.1 - to bootstrap our Kubernetes cluster based on work I did in ONAP with the OOM team as the Logging-Analytics PTL.
see https://github.com/obrienlabs/infrastructure/issues/1 for https://github.com/obrienlabs/infrastructure/blob/master/scripts/rke_setup.sh
# prep your key for vm copy $ cp ~/.ssh/ob*.pem . $ chmod 777 ob*.pem $ scp -i ~/.ssh/ob*.pem ob*.pem ubuntu@rke.obrienlabs.cloud:~/ # ssh to the VM, clone the repo, add your key cp ob*.pem ~/.ssh sudo chmod 400 ~/.ssh/ob*.pem git clone https://github.com/obrienlabs/infrastructure.git cp infrastructure/scripts/rke_setup.sh . chmod 777 rke_setup.sh ubuntu@ip-172-31-81-46:~$ sudo vi /etc/hosts 127.0.0.1 rke.obrienlabs.cloud 3.x.x.x rke.obrienlabs.cloud sudo ./rke_setup.sh -b master -s rke.obrienlabs.cloud -e obrienlabs -k ob*.pem -l ubuntu ubuntu@ip-172-31-81-46:~$ kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE ingress-nginx default-http-backend-78fccfc5d9-phzgr 1/1 Running 0 7m56s ingress-nginx nginx-ingress-controller-vntxd 1/1 Running 0 7m57s kube-system canal-2kj7k 2/2 Running 0 8m13s kube-system kube-dns-58bd5b8dd7-4gkfs 3/3 Running 0 8m9s kube-system kube-dns-autoscaler-77bc5fd84-mmtbb 1/1 Running 0 8m8s kube-system metrics-server-58bd5dd8d7-44hs6 1/1 Running 0 8m4s kube-system rke-ingress-controller-deploy-job-9v857 0/1 Completed 0 8m1s kube-system rke-kube-dns-addon-deploy-job-sn9m6 0/1 Completed 0 8m11s kube-system rke-metrics-addon-deploy-job-w78b8 0/1 Completed 0 8m6s kube-system rke-network-plugin-deploy-job-mkrpz 0/1 Completed 0 8m16s kube-system tiller-deploy-dbb85cb99-99sxp 1/1 Running 0 5m49s ubuntu@ip-172-31-81-46:~$ kubectl get services --all-namespaces NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE default kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 8m53s ingress-nginx default-http-backend ClusterIP 10.43.78.65 <none> 80/TCP 8m7s kube-system kube-dns ClusterIP 10.43.0.10 <none> 53/UDP,53/TCP 8m20s kube-system metrics-server ClusterIP 10.43.87.73 <none> 443/TCP 8m15s kube-system tiller-deploy ClusterIP 10.43.253.254 <none> 44134/TCP 6m
Deploy sonar via helm chart
The cluster has been up for 80+ days - see pom config in Sonar
install helm on top of your kubernetes cluster - Kubernetes Developer Guide#HelmCharts
ubuntu@ip-172-31-81-46:~$ kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE default difference-nbi-5fc754f69-hqkr2 1/1 Running 0 77d default nfs-serv-prov-nfs-server-provisioner-0 1/1 Running 0 77d ingress-nginx default-http-backend-78fccfc5d9-phzgr 1/1 Running 0 82d ingress-nginx nginx-ingress-controller-vntxd 1/1 Running 0 82d kube-system canal-2kj7k 2/2 Running 0 82d kube-system kube-dns-58bd5b8dd7-4gkfs 3/3 Running 0 82d kube-system kube-dns-autoscaler-77bc5fd84-mmtbb 1/1 Running 0 82d kube-system metrics-server-58bd5dd8d7-44hs6 1/1 Running 0 82d kube-system rke-ingress-controller-deploy-job-9v857 0/1 Completed 0 82d kube-system rke-kube-dns-addon-deploy-job-sn9m6 0/1 Completed 0 82d kube-system rke-metrics-addon-deploy-job-w78b8 0/1 Completed 0 82d kube-system rke-network-plugin-deploy-job-mkrpz 0/1 Completed 0 82d kube-system tiller-deploy-dbb85cb99-99sxp 1/1 Running 0 82d ubuntu@ip-172-31-81-46:~$ helm version Client: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"} Server: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"} ubuntu@ip-172-31-81-46:~$ helm list NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE difference-nbi 1 Mon Jun 10 19:00:59 2019 DEPLOYED difference-nbi-0.1.0 1.0 default nfs-serv-prov 1 Mon Jun 10 18:16:03 2019 DEPLOYED nfs-server-provisioner-0.3.0 2.2.1-k8s1.12 default ubuntu@ip-172-31-81-46:~$ ls obrienlabs/difference-nbi Chart.yaml charts templates values.yaml ubuntu@ip-172-31-81-46:~$ sudo helm repo update ubuntu@ip-172-31-81-46:~$ sudo helm install stable/sonarqube NAME: icy-boxer LAST DEPLOYED: Tue Aug 27 00:04:55 2019 NAMESPACE: default STATUS: DEPLOYED RESOURCES: ==> v1/Secret NAME TYPE DATA AGE icy-boxer-postgresql Opaque 1 1s ==> v1/ConfigMap NAME DATA AGE icy-boxer-sonarqube-config 0 1s icy-boxer-sonarqube-copy-plugins 1 1s icy-boxer-sonarqube-install-plugins 1 1s icy-boxer-sonarqube-tests 1 1s ==> v1/PersistentVolumeClaim NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE icy-boxer-postgresql Pending 1s ==> v1/Service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE icy-boxer-postgresql ClusterIP 10.43.14.33 <none> 5432/TCP 1s icy-boxer-sonarqube LoadBalancer 10.43.253.249 <pending> 9000:31089/TCP 0s ==> v1beta1/Deployment NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE icy-boxer-postgresql 1 1 1 0 0s icy-boxer-sonarqube 1 1 1 0 0s ==> v1/Pod(related) NAME READY STATUS RESTARTS AGE icy-boxer-postgresql-5cdb8df966-skspn 0/1 Pending 0 0s icy-boxer-sonarqube-6b45bcf666-hvtsz 0/1 Init:0/1 0 0s NOTES: 1. Get the application URL by running these commands: NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status of by running 'kubectl get svc -w icy-boxer-sonarqube' export SERVICE_IP=$(kubectl get svc --namespace default icy-boxer-sonarqube -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo http://$SERVICE_IP:9000 ubuntu@ip-172-31-81-46:~$ sudo helm list NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE difference-nbi 1 Mon Jun 10 19:00:59 2019 DEPLOYED difference-nbi-0.1.0 1.0 default icy-boxer 1 Tue Aug 27 00:04:55 2019 DEPLOYED sonarqube-2.1.4 7.8 default nfs-serv-prov 1 Mon Jun 10 18:16:03 2019 DEPLOYED nfs-server-provisioner-0.3.0 2.2.1-k8s1.12 default ubuntu@ip-172-31-81-46:~$ kubectl get services --all-namespaces NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE default difference-nbi ClusterIP 10.43.82.98 <none> 80/TCP 77d default icy-boxer-postgresql ClusterIP 10.43.14.33 <none> 5432/TCP 45s default icy-boxer-sonarqube LoadBalancer 10.43.253.249 <pending> 9000:31089/TCP 44s default kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 82d default nfs-serv-prov-nfs-server-provisioner ClusterIP 10.43.53.214 <none> 2049/TCP,20048/TCP,51413/TCP,51413/UDP 77d ingress-nginx default-http-backend ClusterIP 10.43.78.65 <none> 80/TCP 82d kube-system kube-dns ClusterIP 10.43.0.10 <none> 53/UDP,53/TCP 82d kube-system metrics-server ClusterIP 10.43.87.73 <none> 443/TCP 82d kube-system tiller-deploy ClusterIP 10.43.253.254 <none> 44134/TCP 82d ubuntu@ip-172-31-81-46:~$ kubectl logs icy-boxer-sonarqube-6b45bcf666-hvtsz 2019.08.27 00:08:58 INFO web[][o.s.s.p.LogServerVersion] SonarQube Server / 7.8.0.26217 / daf4da5c554d4153a11e68d13a662313e6cecc92 2019.08.27 00:08:58 INFO web[][o.sonar.db.Database] Create JDBC data source for jdbc:postgresql://icy-boxer-postgresql:5432/sonarDB 2019.08.27 00:09:08 ERROR web[][o.s.s.p.Platform] Web server startup failed java.lang.IllegalStateException: Fail to connect to database at org.sonar.db.DefaultDatabase.start(DefaultDatabase.java:88) default icy-boxer-postgresql-5cdb8df966-skspn 0/1 Pending 0 5m28s default icy-boxer-sonarqube-6b45bcf666-hvtsz 0/1 CrashLoopBackOff 4 5m28s #rebooting cluster ubuntu@ip-172-31-81-46:~$ sudo helm list NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE difference-nbi 1 Mon Jun 10 19:00:59 2019 DEPLOYED difference-nbi-0.1.0 1.0 default icy-boxer 1 Tue Aug 27 00:04:55 2019 DEPLOYED sonarqube-2.1.4 7.8 default nfs-serv-prov 1 Mon Jun 10 18:16:03 2019 DEPLOYED nfs-server-provisioner-0.3.0 2.2.1-k8s1.12 default ubuntu@ip-172-31-81-46:~$ sudo helm delete icy-boxer release "icy-boxer" deleted ubuntu@ip-172-31-81-46:~$ sudo helm delete nfs-serv-prov release "nfs-serv-prov" deleted ubuntu@ip-172-31-81-46:~$ sudo helm list NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE difference-nbi 1 Mon Jun 10 19:00:59 2019 DEPLOYED difference-nbi-0.1.0 1.0 default
AWS Cloud Native Services
- OBRIENLABS-5Getting issue details... STATUS
see AWS Developer Guide#AWSDevOps
Confluence on Docker
https://hub.docker.com/r/atlassian/confluence-server/
Confluence on AWS EC2 Linux
20210901 Confluence Crypto Miner CVE-2021-26084
CVE-2021-26084 CPU Effect
The following logs are for an older t2.medium, the newer t3a.medium(2c/4g) and a t3a.large (4c/8g).
Notice the 100% spike for a day around the 30th - 600 credits were drained in 6h for a 2vcore VM - it took 28h to regain the balance.
CPU Spike
CPU Usage Credit Drainage
CPU Credit Balance
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 22387 conflue+ 20 0 2721416 2.288g 2108 S 199.3 60.2 11:05.62 kdevtmpfsi
20210901 crypto miner critical CVE - the patch worked for 2 weeks - restarted at 20210916:1800U - in the end upgrade from 6 to 7 LTS
https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html
https://confluence.atlassian.com/doc/installing-confluence-on-linux-143556824.html
20211121 kdevtmpfsi returns even after a clean and upgrade to the latest 7.13.0
https://censys.io/blog/cve-2021-26084-confluenza/
from https://www.reddit.com/r/atlassian/comments/pg8eyl/public_confluence_instances_vulnerable_to/
obrienbiometrics:_dev michaelobrien$ scp ~/Downloads/atlassian-confluence-6.15.4-x64.bin ubuntu@wiki.obrienlabs.cloud:~/ atlassian-confluence-6.15.4-x64.bin 90% 537MB 9.8MB/s 00:05 ETA obrienbiometrics:_dev michaelobrien$ ssh ubuntu@wiki.obrienlabs.cloud ubuntu@ip-172-31-56-62:~$ sudo chmod a+x atlassian-confluence-6.15.4-x64.bin ubuntu@ip-172-31-56-62:~$ sudo ./atlassian-confluence-6.15.4-x64.bin Installing fontconfig... Unpacking JRE ... Starting Installer ... This will install Confluence 6.15.4 on your computer. OK [o, Enter], Cancel [c] o Click Next to continue, or Cancel to exit Setup. Choose the appropriate installation or upgrade option. Please choose one of the following: Express Install (uses default settings) [1], Custom Install (recommended for advanced users) [2, Enter], Upgrade an existing Confluence installation [3] 2 Select the folder where you would like Confluence 6.15.4 to be installed, then click Next. Where should Confluence 6.15.4 be installed? [/opt/atlassian/confluence] Default location for Confluence data [/var/atlassian/application-data/confluence] Configure which ports Confluence will use. Confluence requires two TCP ports that are not being used by any other applications on this machine. The HTTP port is where you will access Confluence through your browser. The Control port is used to Startup and Shutdown Confluence. Use default ports (HTTP: 8090, Control: 8000) - Recommended [1, Enter], Set custom value for HTTP and Control ports [2] 1 Confluence can be run in the background. You may choose to run Confluence as a service, which means it will start automatically whenever the computer restarts. Install Confluence as Service? Yes [y, Enter], No [n] y Extracting files ... Please wait a few moments while we configure Confluence. Installation of Confluence 6.15.4 is complete Start Confluence now? Yes [y, Enter], No [n] y Please wait a few moments while Confluence starts up. Launching Confluence ... Installation of Confluence 6.15.4 is complete Your installation of Confluence 6.15.4 is now ready and can be accessed via your browser. Confluence 6.15.4 can be accessed at http://localhost:8090 get license from https://my.atlassian.com/product
Install Apache for use as a reverse proxy from 8090 to 80
# install apache sudo apt update sudo apt install apache2 # Put this after the other LoadModule directives LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so LoadModule proxy_wstunnel_module /usr/lib/apache2/modules/mod_proxy_wstunnel.so LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so # Put this in the main section of your configuration (or virtual host, if using Apache virtual hosts) ProxyRequests Off ProxyPreserveHost On RewriteEngine On RewriteCond %{REQUEST_URI} !^/synchrony RewriteRule ^/(.*) http://wiki.obrienlabs.cloud:8090/$1 [P] <Proxy *> Require all granted </Proxy> ProxyPass /synchrony http://wiki.obrienlabs.cloud:8091/synchrony <Location /synchrony> Require all granted RewriteEngine on RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC] RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC] RewriteRule .* ws://wiki.obrienlabs.cloud:8091%{REQUEST_URI} [P] </Location> ProxyPass / http://wiki.obrienlabs.cloud:8090/ ProxyPassReverse / http://wiki.obrienlabs.cloud:8090/ <Location /> Require all granted </Location>
ubuntu@ip-172-31-56-62:~$ sudo vi /opt/atlassian/confluence/conf/server.xml ubuntu@ip-172-31-56-62:~$ sudo vi /etc/apache2/apache2.conf add the following end slashes to the config described in missing the end / on the 2 following parts of the conf https://confluence.atlassian.com/doc/using-apache-with-mod_proxy-173669.html?_ga=2.216530710.1274748369.1558470658-348466763.1489247865 ProxyPass / http://wiki.obrienlabs.cloud:8090 ProxyPassReverse / http://wiki.obrienlabs.cloud:8090 needs to be ProxyPass / http://wiki.obrienlabs.cloud:8090/ ProxyPassReverse / http://wiki.obrienlabs.cloud:8090/ ubuntu@ip-172-31-56-62:~$ sudo apachectl graceful
Migrating a Confluence Server and Database between AWS Regions
Take a backup of your RDS instance and an AMI of your confluence server for backup.
Stop the initial instance, Stand up a 2nd instance of the database, standup a 2nd instance of the server, optionally increase the size of the EBS drive.
Re-associate the EIP after startup or optionally create a new EIP - associate and write an A record to route53
Note: make sure the DF is below 99% full - or the new EBS will not kick in.
Optionally: clean old backups or set the backup admin configuration to a monthly cron job
/var/atlassian/application-data/confluence/backups
# delete a range of older backup files sudo rm -rf /var/atlassian/application-data/confluence/backups/backup-2020_04_{00..99}.zip
I didn't need to do http://www.messor.com/increase-disk-size-for-an-ec2-instance-in-aws/
Gliffy Plugin for Confluence
Get the $10 gliffy plugin so you can draw up embedded AWS, Azure, UML diagrams.
Jira Server on AWS EC2 Linux
Restarting Jira
sudo /opt/atlassian/jira/bin/start-jira.sh
obrienbiometrics:difference-kubernetes michaelobrien$ scp ~/Downloads/atlassian-jira-core-8.2.2-x64.bin ubuntu@jira.obrienlabs.cloud:~/ atlassian-jira-core-8.2.2-x64.bin 100% 332MB 3.2MB/s 01:43 ubuntu@ip-172-31-68-232:~$ sudo ./atlassian-jira-software-8.2.1-x64.bin Unpacking JRE ... Starting Installer ... This will install JIRA Software 8.2.1 on your computer. OK [o, Enter], Cancel [c] Click Next to continue, or Cancel to exit Setup. Choose the appropriate installation or upgrade option. Please choose one of the following: Express Install (use default settings) [1], Custom Install (recommended for advanced users) [2, Enter], Upgrade an existing JIRA installation [3] 1 Details on where JIRA Software will be installed and the settings that will be used. Installation Directory: /opt/atlassian/jira Home Directory: /var/atlassian/application-data/jira HTTP Port: 8080 RMI Port: 8005 Install as service: Yes Install [i, Enter], Exit [e] i Extracting files ... Please wait a few moments while JIRA Software is configured. Installation of JIRA Software 8.2.1 is complete Start JIRA Software 8.2.1 now? Yes [y, Enter], No [n] y Please wait a few moments while JIRA Software starts up. Launching JIRA Software ... Installation of JIRA Software 8.2.1 is complete Your installation of JIRA Software 8.2.1 is now ready and can be accessed via your browser. JIRA Software 8.2.1 can be accessed at http://localhost:8080 Finishing installation ...
Installing a proxy in front of JIRA
running on the default 8080 port is no good - and unless we are running as a container in a kubernetes cluster where we have an ingres service or on amazon API gateway where we can redirect L7 traffic (effectively an ALB) - we need to proxy the 8080 port to 80.
ubuntu@ip-172-31-68-232:~$ sudo vi /opt/atlassian/jira/conf/server.xml #uncomment <Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" bindOnInit="false" scheme="http" proxyName="<subdomain>.<domain>.com" proxyPort="80"/> to <Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" bindOnInit="false" scheme="http" proxyName="jira.obrienlabs.cloud" proxyPort="80"/> sudo apt update sudo apt install apache2 ubuntu@ip-172-31-68-232:~$ sudo a2enmod proxy_http Considering dependency proxy for proxy_http: Enabling module proxy. Enabling module proxy_http. To activate the new configuration, you need to run: systemctl restart apache2 ubuntu@ip-172-31-68-232:~$ systemctl restart apache2 ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units === Authentication is required to restart 'apache2.service'. Authenticating as: Ubuntu (ubuntu) Password: ubuntu@ip-172-31-68-232:~$ sudo systemctl restart apache2 sudo /opt/atlassian/jira/bin/stop-jira.sh sudo /opt/atlassian/jira/bin/start-jira.sh # configure URL
Link JIRA and Confluence Applications
Configure the JIRA URL to point away from 8080
Enable Anonymous Access
Add group | anyone - to either/both browse/create issues - for the default software scheme.
Jenkins Server Installation
Run the docker or helm chart version - here on Ubuntu 16.04 and Docker 18.06
sudo useradd --home-dir /home/jenkins --create-home --shell /bin/bash jenkins sudo passwd jenkins su jenkins awk -F: '/\/home/ {printf "%s:%s\n",$1,$3}' /etc/passwd docker run -u 1001 -d --name jenkins -p 80:8080 -p 50000:50000 -it -v /home/jenkins:/var/jenkins_home jenkins/jenkins:lts curl https://releases.rancher.com/install-docker/18.06.sh | sh sudo usermod -aG docker ubuntu sudo docker run -u 1001 -d --name jenkins -p 80:8080 -p 50000:50000 -it -v /home/jenkins:/var/jenkins_home jenkins/jenkins:lts docker exec -it jenkins bash sudo docker exec -it jenkins bash sudo docker volume create jenkins sudo mkdir /var/jenkins_home sudo docker run -u 1001 -d --name jenkins -p 80:8080 -p 50000:50000 -it -v /home/jenkins:/var/jenkins_home jenkins/jenkins:lts sudo mkdir backup docker cp jenkins:/var/jenkins_home docker cp jenkins:/var/jenkins_home backup sudo docker cp jenkins:/var/jenkins_home backup ... sudo docker run -u 1001 -d --name jenkins -p 80:8080 -p 50000:50000 -it -v /home/jenkins:/var/jenkins_home jenkins/jenkins:lts
Upgrade Jenkins Maven plugin to 2.4 to support https for maven central
Upgrade Jenkins to run Java 11 from 8
https://jenkins.io/doc/administration/requirements/jenkins-on-java-11/
Jenkins Multibranch pipeline Jenkinsfile
https://www.jenkins.io/blog/2017/02/07/declarative-maven-project/
example Jenkinsfile at https://github.com/obrienlabs/difference-cloud/blob/master/Jenkinsfile
pipeline { agent any tools { maven 'mvn' } /*agent { label 'maven' }*/ options { disableConcurrentBuilds() } stages { stage('Build') { steps { echo 'Building..' sh 'mvn clean install -U -DskipTests=true' } } stage('Test') { steps { echo 'Testing..' } } stage('Deploy') { steps { echo 'Deploying....' } } } }
MySQL Database Service
Drupal
Deployment
Deployment Architectures
AWS + Terraform + Ansible + ECS
AWS + Ansible + EKS
Deployment Environments
Deployment environments need a discriminator to differentiate between developer and release (staging/production) deployments. For example debug ports and https ports will be exposed differently and the cluster topology will be minimal or single node in dev.
Dev Deployment Environment
Staging/Production Deployment Environment
Deployment Testing
Power Cycling
Cluster Changes
How to handle shutting down the cluster without false positive pod rescheduling
Data Migration
Istio for rolling upgrade
Offline Data Migration
Live Data Migration
Schema Migration
Undercloud Software Migration
Microservice Migration
Example DevOps Architectures
ONAP
See https://wiki.onap.org/display/DW/Cloud+Native+Deployment
Remote Access
see also https://guacamole.apache.org/
Secondary SSH Server or Bastion Jumpbox target for remote SSH jobs
Sometimes you don;t want to enable a CLI capability directly on a build server like jenkins - or you wish to run a remote shell from a build project to perform for example AWS CLI work. Use the following docker container in place of a formal on prem VM, EC2 VM if required.
$ docker run -d -P --name test_sshd rastasheep/ubuntu-sshd:18.04 Unable to find image 'rastasheep/ubuntu-sshd:18.04' locally 18.04: Pulling from rastasheep/ubuntu-sshd Status: Downloaded newer image for rastasheep/ubuntu-sshd:18.04 b906a1bceb3507d66eacae50ea840b0a0a6bd113bd1d3262b1c212b2daaa3c75 $ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b906a1bceb35 rastasheep/ubuntu-sshd:18.04 "/usr/sbin/sshd -D" 11 seconds ago Up 10 seconds 0.0.0.0:32768->22/tcp test_sshd $ ssh root@localhost -p 32768 The authenticity of host '[localhost]:32768 ([127.0.0.1]:32768)' can't be established. root@localhost's password: root root@b906a1bceb35:~# exit logout Connection to localhost closed.
OSX
RDP
https://www.royalapps.com/ts/win/features
1 Comment
Michael O'Brien
Infrastructure as code
gitops operator
governance, audit
Densify + Terraform = Optimization as Code