Page tree
Skip to end of metadata
Go to start of metadata

Child pages

TOC

Infrastructure

see https://github.com/obrienlabs/infrastructure

Docker

windows corporate docker desktop install issues  - https://github.com/docker/for-win/issues/6091

see Java Spring JPA Microservice on Kubernetes or EKS or ECS or Docker or Beanstalk or EC2 Tomcat Spring Boot#Docker

Kubernetes

Kubernetes Cluster on AWS EC2

We will be using the Rancher Labs RKE tool - currently at version 0.2.4 as of 20190606  - we are still on a stable 0.2.1 - to bootstrap our Kubernetes cluster based on work I did in ONAP with the OOM team as the Logging-Analytics PTL.

see https://github.com/obrienlabs/infrastructure/issues/1 for https://github.com/obrienlabs/infrastructure/blob/master/scripts/rke_setup.sh

# prep your key for vm copy
$ cp ~/.ssh/ob*.pem .
$ chmod 777 ob*.pem
$ scp -i ~/.ssh/ob*.pem ob*.pem ubuntu@rke.obrienlabs.cloud:~/
# ssh to the VM, clone the repo, add your key
cp ob*.pem ~/.ssh
sudo chmod 400 ~/.ssh/ob*.pem
git clone https://github.com/obrienlabs/infrastructure.git
cp infrastructure/scripts/rke_setup.sh .
chmod 777 rke_setup.sh
ubuntu@ip-172-31-81-46:~$ sudo vi /etc/hosts
127.0.0.1 rke.obrienlabs.cloud
3.x.x.x rke.obrienlabs.cloud
sudo ./rke_setup.sh -b master -s rke.obrienlabs.cloud -e obrienlabs -k ob*.pem -l ubuntu

ubuntu@ip-172-31-81-46:~$ kubectl get pods --all-namespaces
NAMESPACE       NAME                                      READY   STATUS      RESTARTS   AGE
ingress-nginx   default-http-backend-78fccfc5d9-phzgr     1/1     Running     0          7m56s
ingress-nginx   nginx-ingress-controller-vntxd            1/1     Running     0          7m57s
kube-system     canal-2kj7k                               2/2     Running     0          8m13s
kube-system     kube-dns-58bd5b8dd7-4gkfs                 3/3     Running     0          8m9s
kube-system     kube-dns-autoscaler-77bc5fd84-mmtbb       1/1     Running     0          8m8s
kube-system     metrics-server-58bd5dd8d7-44hs6           1/1     Running     0          8m4s
kube-system     rke-ingress-controller-deploy-job-9v857   0/1     Completed   0          8m1s
kube-system     rke-kube-dns-addon-deploy-job-sn9m6       0/1     Completed   0          8m11s
kube-system     rke-metrics-addon-deploy-job-w78b8        0/1     Completed   0          8m6s
kube-system     rke-network-plugin-deploy-job-mkrpz       0/1     Completed   0          8m16s
kube-system     tiller-deploy-dbb85cb99-99sxp             1/1     Running     0          5m49s
ubuntu@ip-172-31-81-46:~$ kubectl get services --all-namespaces
NAMESPACE       NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
default         kubernetes             ClusterIP   10.43.0.1       <none>        443/TCP         8m53s
ingress-nginx   default-http-backend   ClusterIP   10.43.78.65     <none>        80/TCP          8m7s
kube-system     kube-dns               ClusterIP   10.43.0.10      <none>        53/UDP,53/TCP   8m20s
kube-system     metrics-server         ClusterIP   10.43.87.73     <none>        443/TCP         8m15s
kube-system     tiller-deploy          ClusterIP   10.43.253.254   <none>        44134/TCP       6m

Deploy sonar via helm chart

The cluster has been up for 80+ days - see pom config in Sonar

install helm on top of your kubernetes cluster - Kubernetes Developer Guide#HelmCharts

ubuntu@ip-172-31-81-46:~$ kubectl get pods --all-namespaces
NAMESPACE       NAME                                      READY   STATUS      RESTARTS   AGE
default         difference-nbi-5fc754f69-hqkr2            1/1     Running     0          77d
default         nfs-serv-prov-nfs-server-provisioner-0    1/1     Running     0          77d
ingress-nginx   default-http-backend-78fccfc5d9-phzgr     1/1     Running     0          82d
ingress-nginx   nginx-ingress-controller-vntxd            1/1     Running     0          82d
kube-system     canal-2kj7k                               2/2     Running     0          82d
kube-system     kube-dns-58bd5b8dd7-4gkfs                 3/3     Running     0          82d
kube-system     kube-dns-autoscaler-77bc5fd84-mmtbb       1/1     Running     0          82d
kube-system     metrics-server-58bd5dd8d7-44hs6           1/1     Running     0          82d
kube-system     rke-ingress-controller-deploy-job-9v857   0/1     Completed   0          82d
kube-system     rke-kube-dns-addon-deploy-job-sn9m6       0/1     Completed   0          82d
kube-system     rke-metrics-addon-deploy-job-w78b8        0/1     Completed   0          82d
kube-system     rke-network-plugin-deploy-job-mkrpz       0/1     Completed   0          82d
kube-system     tiller-deploy-dbb85cb99-99sxp             1/1     Running     0          82d
ubuntu@ip-172-31-81-46:~$ helm version
Client: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"}

ubuntu@ip-172-31-81-46:~$ helm list
NAME          	REVISION	UPDATED                 	STATUS  	CHART                       	APP VERSION  	NAMESPACE
difference-nbi	1       	Mon Jun 10 19:00:59 2019	DEPLOYED	difference-nbi-0.1.0        	1.0          	default  
nfs-serv-prov 	1       	Mon Jun 10 18:16:03 2019	DEPLOYED	nfs-server-provisioner-0.3.0	2.2.1-k8s1.12	default  
ubuntu@ip-172-31-81-46:~$ ls obrienlabs/difference-nbi
Chart.yaml  charts  templates  values.yaml


ubuntu@ip-172-31-81-46:~$ sudo helm repo update
ubuntu@ip-172-31-81-46:~$ sudo helm install stable/sonarqube
NAME:   icy-boxer
LAST DEPLOYED: Tue Aug 27 00:04:55 2019
NAMESPACE: default
STATUS: DEPLOYED

RESOURCES:
==> v1/Secret
NAME                  TYPE    DATA  AGE
icy-boxer-postgresql  Opaque  1     1s

==> v1/ConfigMap
NAME                                 DATA  AGE
icy-boxer-sonarqube-config           0     1s
icy-boxer-sonarqube-copy-plugins     1     1s
icy-boxer-sonarqube-install-plugins  1     1s
icy-boxer-sonarqube-tests            1     1s

==> v1/PersistentVolumeClaim
NAME                  STATUS   VOLUME  CAPACITY  ACCESS MODES  STORAGECLASS  AGE
icy-boxer-postgresql  Pending  1s

==> v1/Service
NAME                  TYPE          CLUSTER-IP     EXTERNAL-IP  PORT(S)         AGE
icy-boxer-postgresql  ClusterIP     10.43.14.33    <none>       5432/TCP        1s
icy-boxer-sonarqube   LoadBalancer  10.43.253.249  <pending>    9000:31089/TCP  0s

==> v1beta1/Deployment
NAME                  DESIRED  CURRENT  UP-TO-DATE  AVAILABLE  AGE
icy-boxer-postgresql  1        1        1           0          0s
icy-boxer-sonarqube   1        1        1           0          0s

==> v1/Pod(related)
NAME                                   READY  STATUS    RESTARTS  AGE
icy-boxer-postgresql-5cdb8df966-skspn  0/1    Pending   0         0s
icy-boxer-sonarqube-6b45bcf666-hvtsz   0/1    Init:0/1  0         0s

NOTES:
1. Get the application URL by running these commands:
     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
           You can watch the status of by running 'kubectl get svc -w icy-boxer-sonarqube'
  export SERVICE_IP=$(kubectl get svc --namespace default icy-boxer-sonarqube -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
  echo http://$SERVICE_IP:9000

ubuntu@ip-172-31-81-46:~$ sudo helm list
NAME          	REVISION	UPDATED                 	STATUS  	CHART                       	APP VERSION  	NAMESPACE
difference-nbi	1       	Mon Jun 10 19:00:59 2019	DEPLOYED	difference-nbi-0.1.0        	1.0          	default  
icy-boxer     	1       	Tue Aug 27 00:04:55 2019	DEPLOYED	sonarqube-2.1.4             	7.8          	default  
nfs-serv-prov 	1       	Mon Jun 10 18:16:03 2019	DEPLOYED	nfs-server-provisioner-0.3.0	2.2.1-k8s1.12	default  

ubuntu@ip-172-31-81-46:~$ kubectl get services --all-namespaces
NAMESPACE       NAME                                   TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                                  AGE
default         difference-nbi                         ClusterIP      10.43.82.98     <none>        80/TCP                                   77d
default         icy-boxer-postgresql                   ClusterIP      10.43.14.33     <none>        5432/TCP                                 45s
default         icy-boxer-sonarqube                    LoadBalancer   10.43.253.249   <pending>     9000:31089/TCP                           44s
default         kubernetes                             ClusterIP      10.43.0.1       <none>        443/TCP                                  82d
default         nfs-serv-prov-nfs-server-provisioner   ClusterIP      10.43.53.214    <none>        2049/TCP,20048/TCP,51413/TCP,51413/UDP   77d
ingress-nginx   default-http-backend                   ClusterIP      10.43.78.65     <none>        80/TCP                                   82d
kube-system     kube-dns                               ClusterIP      10.43.0.10      <none>        53/UDP,53/TCP                            82d
kube-system     metrics-server                         ClusterIP      10.43.87.73     <none>        443/TCP                                  82d
kube-system     tiller-deploy                          ClusterIP      10.43.253.254   <none>        44134/TCP                                82d

ubuntu@ip-172-31-81-46:~$ kubectl logs icy-boxer-sonarqube-6b45bcf666-hvtsz
2019.08.27 00:08:58 INFO  web[][o.s.s.p.LogServerVersion] SonarQube Server / 7.8.0.26217 / daf4da5c554d4153a11e68d13a662313e6cecc92
2019.08.27 00:08:58 INFO  web[][o.sonar.db.Database] Create JDBC data source for jdbc:postgresql://icy-boxer-postgresql:5432/sonarDB
2019.08.27 00:09:08 ERROR web[][o.s.s.p.Platform] Web server startup failed
java.lang.IllegalStateException: Fail to connect to database
	at org.sonar.db.DefaultDatabase.start(DefaultDatabase.java:88)

default         icy-boxer-postgresql-5cdb8df966-skspn     0/1     Pending            0          5m28s
default         icy-boxer-sonarqube-6b45bcf666-hvtsz      0/1     CrashLoopBackOff   4          5m28s

#rebooting cluster

ubuntu@ip-172-31-81-46:~$ sudo helm list
NAME          	REVISION	UPDATED                 	STATUS  	CHART                       	APP VERSION  	NAMESPACE
difference-nbi	1       	Mon Jun 10 19:00:59 2019	DEPLOYED	difference-nbi-0.1.0        	1.0          	default  
icy-boxer     	1       	Tue Aug 27 00:04:55 2019	DEPLOYED	sonarqube-2.1.4             	7.8          	default  
nfs-serv-prov 	1       	Mon Jun 10 18:16:03 2019	DEPLOYED	nfs-server-provisioner-0.3.0	2.2.1-k8s1.12	default  
ubuntu@ip-172-31-81-46:~$ sudo helm delete icy-boxer
release "icy-boxer" deleted
ubuntu@ip-172-31-81-46:~$ sudo helm delete nfs-serv-prov
release "nfs-serv-prov" deleted
ubuntu@ip-172-31-81-46:~$ sudo helm list
NAME          	REVISION	UPDATED                 	STATUS  	CHART               	APP VERSION	NAMESPACE
difference-nbi	1       	Mon Jun 10 19:00:59 2019	DEPLOYED	difference-nbi-0.1.0	1.0        	default  


AWS Cloud Native Services

OBRIENLABS-5 - Getting issue details... STATUS

see AWS Developer Guide#AWSDevOps

Confluence on Docker

https://hub.docker.com/r/atlassian/confluence-server/

Confluence on AWS EC2 Linux


20210901 Confluence Crypto Miner CVE-2021-26084


CVE-2021-26084 CPU Effect

The following logs are for an older t2.medium, the newer t3a.medium(2c/4g) and a t3a.large (4c/8g).

Notice the 100% spike for a day around the 30th - 600 credits were drained in 6h for a 2vcore VM - it took 28h to regain the balance.

CPU Spike

CPU Usage Credit Drainage

CPU Credit Balance

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND                                                                                                  
22387 conflue+  20   0 2721416 2.288g   2108 S 199.3 60.2  11:05.62 kdevtmpfsi 


20210901 crypto miner critical CVE - the patch worked for 2 weeks - restarted at 20210916:1800U - in the end upgrade from 6 to 7 LTS
https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html

https://community.atlassian.com/t5/Confluence-questions/No-access-to-Conlfuence-Webpage-100-CPU-usage-from-quot-dbused/qaq-p/1793393?utm_source=atlcomm&utm_medium=email&utm_campaign=immediate_general_reply&utm_content=topic#U1815642

https://confluence.atlassian.com/doc/installing-confluence-on-linux-143556824.html

https://confluence.atlassian.com/doc/confluence-installation-and-upgrade-guide-214864161.html?_ga=2.186635305.1274748369.1558470658-348466763.1489247865

https://community.atlassian.com/t5/Confluence-questions/Mining-malware-and-DDOS-attack-to-remote-host-from-Confluence/qaq-p/1794688

20211121 kdevtmpfsi returns even after a clean and upgrade to the latest 7.13.0

https://censys.io/blog/cve-2021-26084-confluenza/

from https://www.reddit.com/r/atlassian/comments/pg8eyl/public_confluence_instances_vulnerable_to/

obrienbiometrics:_dev michaelobrien$ scp ~/Downloads/atlassian-confluence-6.15.4-x64.bin ubuntu@wiki.obrienlabs.cloud:~/
atlassian-confluence-6.15.4-x64.bin                                                                                                                                90%  537MB   9.8MB/s   00:05 ETA

obrienbiometrics:_dev michaelobrien$ ssh ubuntu@wiki.obrienlabs.cloud
ubuntu@ip-172-31-56-62:~$ sudo chmod a+x atlassian-confluence-6.15.4-x64.bin
ubuntu@ip-172-31-56-62:~$ sudo ./atlassian-confluence-6.15.4-x64.bin 
Installing fontconfig...
Unpacking JRE ...
Starting Installer ...

This will install Confluence 6.15.4 on your computer.
OK [o, Enter], Cancel [c]
o
Click Next to continue, or Cancel to exit Setup.

Choose the appropriate installation or upgrade option.
Please choose one of the following:
Express Install (uses default settings) [1], 
Custom Install (recommended for advanced users) [2, Enter], 
Upgrade an existing Confluence installation [3]
2

Select the folder where you would like Confluence 6.15.4 to be installed,
then click Next.
Where should Confluence 6.15.4 be installed?
[/opt/atlassian/confluence]
Default location for Confluence data
[/var/atlassian/application-data/confluence]
Configure which ports Confluence will use.
Confluence requires two TCP ports that are not being used by any other
applications on this machine. The HTTP port is where you will access
Confluence through your browser. The Control port is used to Startup and
Shutdown Confluence.
Use default ports (HTTP: 8090, Control: 8000) - Recommended [1, Enter], Set custom value for HTTP and Control ports [2]
1
Confluence can be run in the background.
You may choose to run Confluence as a service, which means it will start
automatically whenever the computer restarts.
Install Confluence as Service?
Yes [y, Enter], No [n]
y
Extracting files ...
                                                                          
Please wait a few moments while we configure Confluence.
Installation of Confluence 6.15.4 is complete
Start Confluence now?
Yes [y, Enter], No [n]
y
Please wait a few moments while Confluence starts up.
Launching Confluence ...
Installation of Confluence 6.15.4 is complete
Your installation of Confluence 6.15.4 is now ready and can be accessed via
your browser.
Confluence 6.15.4 can be accessed at http://localhost:8090
get license from https://my.atlassian.com/product

Install Apache for use as a reverse proxy from 8090 to 80

https://confluence.atlassian.com/doc/using-apache-with-mod_proxy-173669.html?_ga=2.216530710.1274748369.1558470658-348466763.1489247865

# install apache
sudo apt update
sudo apt install apache2

# Put this after the other LoadModule directives
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module /usr/lib/apache2/modules/mod_proxy_wstunnel.so
LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so

# Put this in the main section of your configuration (or virtual host, if using Apache virtual hosts)
ProxyRequests Off
ProxyPreserveHost On
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/synchrony
RewriteRule ^/(.*) http://wiki.obrienlabs.cloud:8090/$1 [P]
<Proxy *>
Require all granted
</Proxy>
ProxyPass /synchrony http://wiki.obrienlabs.cloud:8091/synchrony
<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://wiki.obrienlabs.cloud:8091%{REQUEST_URI} [P]
</Location>

ProxyPass / http://wiki.obrienlabs.cloud:8090/
ProxyPassReverse / http://wiki.obrienlabs.cloud:8090/
<Location />
Require all granted
</Location>


ubuntu@ip-172-31-56-62:~$ sudo vi /opt/atlassian/confluence/conf/server.xml 
ubuntu@ip-172-31-56-62:~$ sudo vi /etc/apache2/apache2.conf 
add the following end slashes to the config described in 

missing the end / on the 2 following parts of the conf
https://confluence.atlassian.com/doc/using-apache-with-mod_proxy-173669.html?_ga=2.216530710.1274748369.1558470658-348466763.1489247865
  ProxyPass / http://wiki.obrienlabs.cloud:8090
  ProxyPassReverse / http://wiki.obrienlabs.cloud:8090

needs to be
  ProxyPass / http://wiki.obrienlabs.cloud:8090/
  ProxyPassReverse / http://wiki.obrienlabs.cloud:8090/
  
ubuntu@ip-172-31-56-62:~$ sudo apachectl graceful

Migrating a Confluence Server and Database between AWS Regions

Take a backup of your RDS instance and an AMI of your confluence server for backup.

Stop the initial instance, Stand up a 2nd instance of the database, standup a 2nd instance of the server, optionally increase the size of the EBS drive.
Re-associate the EIP after startup or optionally create a new EIP - associate and write an A record to route53

Note: make sure the DF is below 99% full - or the new EBS will not kick in.

Optionally: clean old backups or set the backup admin configuration to a monthly cron job

/var/atlassian/application-data/confluence/backups

# delete a range of older backup files
sudo rm -rf /var/atlassian/application-data/confluence/backups/backup-2020_04_{00..99}.zip 


I didn't need to do http://www.messor.com/increase-disk-size-for-an-ec2-instance-in-aws/


Gliffy Plugin for Confluence

Get the $10 gliffy plugin so you can draw up embedded AWS, Azure, UML diagrams.

Jira Server on AWS EC2 Linux

Restarting Jira

sudo /opt/atlassian/jira/bin/start-jira.sh 


https://confluence.atlassian.com/adminjiraserver/installing-jira-applications-on-linux-938846841.html

obrienbiometrics:difference-kubernetes michaelobrien$ scp ~/Downloads/atlassian-jira-core-8.2.2-x64.bin ubuntu@jira.obrienlabs.cloud:~/
atlassian-jira-core-8.2.2-x64.bin                                                                                                                              100%  332MB   3.2MB/s   01:43    
ubuntu@ip-172-31-68-232:~$ sudo ./atlassian-jira-software-8.2.1-x64.bin 
Unpacking JRE ...
Starting Installer ...

This will install JIRA Software 8.2.1 on your computer.
OK [o, Enter], Cancel [c]

Click Next to continue, or Cancel to exit Setup.

Choose the appropriate installation or upgrade option.
Please choose one of the following:
Express Install (use default settings) [1], Custom Install (recommended for advanced users) [2, Enter], Upgrade an existing JIRA installation [3]
1

Details on where JIRA Software will be installed and the settings that will be used.
Installation Directory: /opt/atlassian/jira 
Home Directory: /var/atlassian/application-data/jira 
HTTP Port: 8080 
RMI Port: 8005 
Install as service: Yes 
Install [i, Enter], Exit [e]
i

Extracting files ...
                                                                           
Please wait a few moments while JIRA Software is configured.
Installation of JIRA Software 8.2.1 is complete
Start JIRA Software 8.2.1 now?
Yes [y, Enter], No [n]
y

Please wait a few moments while JIRA Software starts up.
Launching JIRA Software ...
Installation of JIRA Software 8.2.1 is complete
Your installation of JIRA Software 8.2.1 is now ready and can be accessed
via your browser.
JIRA Software 8.2.1 can be accessed at http://localhost:8080
Finishing installation ...

Installing a proxy in front of JIRA

running on the default 8080 port is no good - and unless we are running as a container in a kubernetes cluster where we have an ingres service or on amazon API gateway where we can redirect L7 traffic (effectively an ALB) - we need to proxy the 8080 port to 80.

https://confluence.atlassian.com/kb/proxying-atlassian-server-applications-with-apache-http-server-mod_proxy_http-806032611.html

ubuntu@ip-172-31-68-232:~$ sudo vi /opt/atlassian/jira/conf/server.xml
#uncomment
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>"
                   maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
                   maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
                   acceptCount="100" disableUploadTimeout="true" bindOnInit="false" scheme="http"
                   proxyName="<subdomain>.<domain>.com" proxyPort="80"/>
to
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>"
                   maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
                   maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
                   acceptCount="100" disableUploadTimeout="true" bindOnInit="false" scheme="http"
                   proxyName="jira.obrienlabs.cloud" proxyPort="80"/>

sudo apt update
sudo apt install apache2

ubuntu@ip-172-31-68-232:~$ sudo a2enmod proxy_http
Considering dependency proxy for proxy_http:
Enabling module proxy.
Enabling module proxy_http.
To activate the new configuration, you need to run:
  systemctl restart apache2
ubuntu@ip-172-31-68-232:~$ systemctl restart apache2
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to restart 'apache2.service'.
Authenticating as: Ubuntu (ubuntu)
Password: 
ubuntu@ip-172-31-68-232:~$ sudo systemctl restart apache2
sudo /opt/atlassian/jira/bin/stop-jira.sh 
sudo /opt/atlassian/jira/bin/start-jira.sh 

# configure URL

Link JIRA and Confluence Applications


Configure the JIRA URL to point away from 8080

Enable Anonymous Access

https://confluence.atlassian.com/adminjiracloud/allowing-anonymous-access-to-your-project-779172888.html

Add group | anyone - to either/both browse/create issues - for the default software scheme.


Jenkins Server Installation

Run the docker or helm chart version - here on Ubuntu 16.04 and Docker 18.06

sudo useradd --home-dir /home/jenkins --create-home --shell /bin/bash jenkins
sudo passwd jenkins
su jenkins
awk -F: '/\/home/ {printf "%s:%s\n",$1,$3}' /etc/passwd
docker run -u 1001 -d --name jenkins -p 80:8080 -p 50000:50000  -it -v /home/jenkins:/var/jenkins_home  jenkins/jenkins:lts
curl https://releases.rancher.com/install-docker/18.06.sh | sh
sudo usermod -aG docker ubuntu
sudo docker run -u 1001 -d --name jenkins -p 80:8080 -p 50000:50000  -it -v /home/jenkins:/var/jenkins_home  jenkins/jenkins:lts
docker exec -it jenkins bash
sudo docker exec -it jenkins bash
sudo docker volume create jenkins
sudo mkdir /var/jenkins_home
sudo docker run -u 1001 -d --name jenkins -p 80:8080 -p 50000:50000  -it -v /home/jenkins:/var/jenkins_home  jenkins/jenkins:lts
sudo mkdir backup
docker cp jenkins:/var/jenkins_home
docker cp jenkins:/var/jenkins_home backup
sudo docker cp jenkins:/var/jenkins_home backup
...
sudo docker run -u 1001 -d --name jenkins -p 80:8080 -p 50000:50000  -it -v /home/jenkins:/var/jenkins_home  jenkins/jenkins:lts

Upgrade Jenkins Maven plugin to 2.4 to support https for maven central

Upgrade Jenkins to run Java 11 from 8

https://jenkins.io/doc/administration/requirements/jenkins-on-java-11/


Jenkins Multibranch pipeline Jenkinsfile

https://www.jenkins.io/blog/2017/02/07/declarative-maven-project/

example Jenkinsfile at https://github.com/obrienlabs/difference-cloud/blob/master/Jenkinsfile

pipeline {
    agent any
    tools {
        maven 'mvn'
    }

    /*agent {
        label 'maven'
    }*/

    options {
        disableConcurrentBuilds() 
    }

    stages {
        stage('Build') {
            steps {
                echo 'Building..'
                sh 'mvn clean install -U -DskipTests=true'
            }
        }
        stage('Test') {
            steps {
                echo 'Testing..'
            }
        }
        stage('Deploy') {
            steps {
                echo 'Deploying....'
            }
        }
    }
}


MySQL Database Service

Databases

 

Drupal

https://www.drupal.org/

Deployment

Deployment Architectures

AWS + Terraform + Ansible + ECS

AWS + Ansible + EKS

Deployment Environments

Deployment environments need a discriminator to differentiate between developer and release (staging/production) deployments.  For example debug ports and https ports will be exposed differently and the cluster topology will be minimal or single node in dev.

Dev Deployment Environment

Staging/Production Deployment Environment

Deployment Testing

Power Cycling

Cluster Changes

How to handle shutting down the cluster without false positive pod rescheduling

Data Migration

Istio for rolling upgrade

Offline Data Migration

Live Data Migration

Schema Migration

Undercloud Software Migration

Microservice Migration




Example DevOps Architectures

ONAP

See https://wiki.onap.org/display/DW/Cloud+Native+Deployment

Remote Access

see also https://guacamole.apache.org/

Secondary SSH Server or Bastion Jumpbox target for remote SSH jobs


Sometimes you don;t want to enable a CLI capability directly on a build server like jenkins - or you wish to run a remote shell from a build project to perform for example AWS CLI work.  Use the following docker container in place of a formal on prem VM, EC2 VM if required.


$ docker run -d -P --name test_sshd rastasheep/ubuntu-sshd:18.04
Unable to find image 'rastasheep/ubuntu-sshd:18.04' locally
18.04: Pulling from rastasheep/ubuntu-sshd
Status: Downloaded newer image for rastasheep/ubuntu-sshd:18.04
b906a1bceb3507d66eacae50ea840b0a0a6bd113bd1d3262b1c212b2daaa3c75

$ docker ps -a
CONTAINER ID        IMAGE                                    COMMAND                  CREATED             STATUS                     PORTS                    NAMES
b906a1bceb35        rastasheep/ubuntu-sshd:18.04             "/usr/sbin/sshd -D"      11 seconds ago      Up 10 seconds              0.0.0.0:32768->22/tcp    test_sshd

$ ssh root@localhost -p 32768
The authenticity of host '[localhost]:32768 ([127.0.0.1]:32768)' can't be established.
root@localhost's password: root
root@b906a1bceb35:~# exit
logout
Connection to localhost closed.


OSX 

RDP

https://www.royalapps.com/ts/win/features


SSH

SCP


  • No labels

1 Comment

  1. Infrastructure as code

    gitops operator

    governance, audit

    Densify + Terraform = Optimization as Code