Child pages
- Active Infrastructure
- CI/CD
- Databases
- Docker Reference Images by Language
- Encryption
- Java Application Servers
- KIND
- Kubernetes Devops
- LDAP
- Logging Frameworks
- Monitoring - Metrics
- Performance
- Software
- Sonar
- SSL Certificates
- Ubuntu
- UNIX
- Windows
TOC
Infrastructure
see https://github.com/obrienlabs/infrastructure
Docker
windows corporate docker desktop install issues - https://github.com/docker/for-win/issues/6091
Kubernetes
Kubernetes Cluster on AWS EC2
We will be using the Rancher Labs RKE tool - currently at version 0.2.4 as of 20190606 - we are still on a stable 0.2.1 - to bootstrap our Kubernetes cluster based on work I did in ONAP with the OOM team as the Logging-Analytics PTL.
see https://github.com/obrienlabs/infrastructure/issues/1 for https://github.com/obrienlabs/infrastructure/blob/master/scripts/rke_setup.sh
# prep your key for vm copy $ cp ~/.ssh/ob*.pem . $ chmod 777 ob*.pem $ scp -i ~/.ssh/ob*.pem ob*.pem ubuntu@rke.obrienlabs.cloud:~/ # ssh to the VM, clone the repo, add your key cp ob*.pem ~/.ssh sudo chmod 400 ~/.ssh/ob*.pem git clone https://github.com/obrienlabs/infrastructure.git cp infrastructure/scripts/rke_setup.sh . chmod 777 rke_setup.sh ubuntu@ip-172-31-81-46:~$ sudo vi /etc/hosts 127.0.0.1 rke.obrienlabs.cloud 3.x.x.x rke.obrienlabs.cloud sudo ./rke_setup.sh -b master -s rke.obrienlabs.cloud -e obrienlabs -k ob*.pem -l ubuntu ubuntu@ip-172-31-81-46:~$ kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE ingress-nginx default-http-backend-78fccfc5d9-phzgr 1/1 Running 0 7m56s ingress-nginx nginx-ingress-controller-vntxd 1/1 Running 0 7m57s kube-system canal-2kj7k 2/2 Running 0 8m13s kube-system kube-dns-58bd5b8dd7-4gkfs 3/3 Running 0 8m9s kube-system kube-dns-autoscaler-77bc5fd84-mmtbb 1/1 Running 0 8m8s kube-system metrics-server-58bd5dd8d7-44hs6 1/1 Running 0 8m4s kube-system rke-ingress-controller-deploy-job-9v857 0/1 Completed 0 8m1s kube-system rke-kube-dns-addon-deploy-job-sn9m6 0/1 Completed 0 8m11s kube-system rke-metrics-addon-deploy-job-w78b8 0/1 Completed 0 8m6s kube-system rke-network-plugin-deploy-job-mkrpz 0/1 Completed 0 8m16s kube-system tiller-deploy-dbb85cb99-99sxp 1/1 Running 0 5m49s ubuntu@ip-172-31-81-46:~$ kubectl get services --all-namespaces NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE default kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 8m53s ingress-nginx default-http-backend ClusterIP 10.43.78.65 <none> 80/TCP 8m7s kube-system kube-dns ClusterIP 10.43.0.10 <none> 53/UDP,53/TCP 8m20s kube-system metrics-server ClusterIP 10.43.87.73 <none> 443/TCP 8m15s kube-system tiller-deploy ClusterIP 10.43.253.254 <none> 44134/TCP 6m
Deploy sonar via helm chart
The cluster has been up for 80+ days - see pom config in Sonar
install helm on top of your kubernetes cluster - Kubernetes Developer Guide#HelmCharts
ubuntu@ip-172-31-81-46:~$ kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
default difference-nbi-5fc754f69-hqkr2 1/1 Running 0 77d
default nfs-serv-prov-nfs-server-provisioner-0 1/1 Running 0 77d
ingress-nginx default-http-backend-78fccfc5d9-phzgr 1/1 Running 0 82d
ingress-nginx nginx-ingress-controller-vntxd 1/1 Running 0 82d
kube-system canal-2kj7k 2/2 Running 0 82d
kube-system kube-dns-58bd5b8dd7-4gkfs 3/3 Running 0 82d
kube-system kube-dns-autoscaler-77bc5fd84-mmtbb 1/1 Running 0 82d
kube-system metrics-server-58bd5dd8d7-44hs6 1/1 Running 0 82d
kube-system rke-ingress-controller-deploy-job-9v857 0/1 Completed 0 82d
kube-system rke-kube-dns-addon-deploy-job-sn9m6 0/1 Completed 0 82d
kube-system rke-metrics-addon-deploy-job-w78b8 0/1 Completed 0 82d
kube-system rke-network-plugin-deploy-job-mkrpz 0/1 Completed 0 82d
kube-system tiller-deploy-dbb85cb99-99sxp 1/1 Running 0 82d
ubuntu@ip-172-31-81-46:~$ helm version
Client: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.12.3", GitCommit:"eecf22f77df5f65c823aacd2dbd30ae6c65f186e", GitTreeState:"clean"}
ubuntu@ip-172-31-81-46:~$ helm list
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
difference-nbi 1 Mon Jun 10 19:00:59 2019 DEPLOYED difference-nbi-0.1.0 1.0 default
nfs-serv-prov 1 Mon Jun 10 18:16:03 2019 DEPLOYED nfs-server-provisioner-0.3.0 2.2.1-k8s1.12 default
ubuntu@ip-172-31-81-46:~$ ls obrienlabs/difference-nbi
Chart.yaml charts templates values.yaml
ubuntu@ip-172-31-81-46:~$ sudo helm repo update
ubuntu@ip-172-31-81-46:~$ sudo helm install stable/sonarqube
NAME: icy-boxer
LAST DEPLOYED: Tue Aug 27 00:04:55 2019
NAMESPACE: default
STATUS: DEPLOYED
RESOURCES:
==> v1/Secret
NAME TYPE DATA AGE
icy-boxer-postgresql Opaque 1 1s
==> v1/ConfigMap
NAME DATA AGE
icy-boxer-sonarqube-config 0 1s
icy-boxer-sonarqube-copy-plugins 1 1s
icy-boxer-sonarqube-install-plugins 1 1s
icy-boxer-sonarqube-tests 1 1s
==> v1/PersistentVolumeClaim
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
icy-boxer-postgresql Pending 1s
==> v1/Service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
icy-boxer-postgresql ClusterIP 10.43.14.33 <none> 5432/TCP 1s
icy-boxer-sonarqube LoadBalancer 10.43.253.249 <pending> 9000:31089/TCP 0s
==> v1beta1/Deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
icy-boxer-postgresql 1 1 1 0 0s
icy-boxer-sonarqube 1 1 1 0 0s
==> v1/Pod(related)
NAME READY STATUS RESTARTS AGE
icy-boxer-postgresql-5cdb8df966-skspn 0/1 Pending 0 0s
icy-boxer-sonarqube-6b45bcf666-hvtsz 0/1 Init:0/1 0 0s
NOTES:
1. Get the application URL by running these commands:
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc -w icy-boxer-sonarqube'
export SERVICE_IP=$(kubectl get svc --namespace default icy-boxer-sonarqube -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:9000
ubuntu@ip-172-31-81-46:~$ sudo helm list
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
difference-nbi 1 Mon Jun 10 19:00:59 2019 DEPLOYED difference-nbi-0.1.0 1.0 default
icy-boxer 1 Tue Aug 27 00:04:55 2019 DEPLOYED sonarqube-2.1.4 7.8 default
nfs-serv-prov 1 Mon Jun 10 18:16:03 2019 DEPLOYED nfs-server-provisioner-0.3.0 2.2.1-k8s1.12 default
ubuntu@ip-172-31-81-46:~$ kubectl get services --all-namespaces
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default difference-nbi ClusterIP 10.43.82.98 <none> 80/TCP 77d
default icy-boxer-postgresql ClusterIP 10.43.14.33 <none> 5432/TCP 45s
default icy-boxer-sonarqube LoadBalancer 10.43.253.249 <pending> 9000:31089/TCP 44s
default kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 82d
default nfs-serv-prov-nfs-server-provisioner ClusterIP 10.43.53.214 <none> 2049/TCP,20048/TCP,51413/TCP,51413/UDP 77d
ingress-nginx default-http-backend ClusterIP 10.43.78.65 <none> 80/TCP 82d
kube-system kube-dns ClusterIP 10.43.0.10 <none> 53/UDP,53/TCP 82d
kube-system metrics-server ClusterIP 10.43.87.73 <none> 443/TCP 82d
kube-system tiller-deploy ClusterIP 10.43.253.254 <none> 44134/TCP 82d
ubuntu@ip-172-31-81-46:~$ kubectl logs icy-boxer-sonarqube-6b45bcf666-hvtsz
2019.08.27 00:08:58 INFO web[][o.s.s.p.LogServerVersion] SonarQube Server / 7.8.0.26217 / daf4da5c554d4153a11e68d13a662313e6cecc92
2019.08.27 00:08:58 INFO web[][o.sonar.db.Database] Create JDBC data source for jdbc:postgresql://icy-boxer-postgresql:5432/sonarDB
2019.08.27 00:09:08 ERROR web[][o.s.s.p.Platform] Web server startup failed
java.lang.IllegalStateException: Fail to connect to database
at org.sonar.db.DefaultDatabase.start(DefaultDatabase.java:88)
default icy-boxer-postgresql-5cdb8df966-skspn 0/1 Pending 0 5m28s
default icy-boxer-sonarqube-6b45bcf666-hvtsz 0/1 CrashLoopBackOff 4 5m28s
#rebooting cluster
ubuntu@ip-172-31-81-46:~$ sudo helm list
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
difference-nbi 1 Mon Jun 10 19:00:59 2019 DEPLOYED difference-nbi-0.1.0 1.0 default
icy-boxer 1 Tue Aug 27 00:04:55 2019 DEPLOYED sonarqube-2.1.4 7.8 default
nfs-serv-prov 1 Mon Jun 10 18:16:03 2019 DEPLOYED nfs-server-provisioner-0.3.0 2.2.1-k8s1.12 default
ubuntu@ip-172-31-81-46:~$ sudo helm delete icy-boxer
release "icy-boxer" deleted
ubuntu@ip-172-31-81-46:~$ sudo helm delete nfs-serv-prov
release "nfs-serv-prov" deleted
ubuntu@ip-172-31-81-46:~$ sudo helm list
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
difference-nbi 1 Mon Jun 10 19:00:59 2019 DEPLOYED difference-nbi-0.1.0 1.0 default
AWS Cloud Native Services
OBRIENLABS-5 - Getting issue details... STATUS
see AWS Developer Guide#AWSDevOps
Confluence on Docker
https://hub.docker.com/r/atlassian/confluence-server/
Confluence on AWS EC2 Linux
20210901 Confluence Crypto Miner CVE-2021-26084
CVE-2021-26084 CPU Effect
The following logs are for an older t2.medium, the newer t3a.medium(2c/4g) and a t3a.large (4c/8g).
Notice the 100% spike for a day around the 30th - 600 credits were drained in 6h for a 2vcore VM - it took 28h to regain the balance.
CPU Spike
CPU Usage Credit Drainage
CPU Credit Balance
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 22387 conflue+ 20 0 2721416 2.288g 2108 S 199.3 60.2 11:05.62 kdevtmpfsi
20210901 crypto miner critical CVE - the patch worked for 2 weeks - restarted at 20210916:1800U - in the end upgrade from 6 to 7 LTS
https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html
https://confluence.atlassian.com/doc/installing-confluence-on-linux-143556824.html
20211121 kdevtmpfsi returns even after a clean and upgrade to the latest 7.13.0
https://censys.io/blog/cve-2021-26084-confluenza/
from https://www.reddit.com/r/atlassian/comments/pg8eyl/public_confluence_instances_vulnerable_to/
obrienbiometrics:_dev michaelobrien$ scp ~/Downloads/atlassian-confluence-6.15.4-x64.bin ubuntu@wiki.obrienlabs.cloud:~/
atlassian-confluence-6.15.4-x64.bin 90% 537MB 9.8MB/s 00:05 ETA
obrienbiometrics:_dev michaelobrien$ ssh ubuntu@wiki.obrienlabs.cloud
ubuntu@ip-172-31-56-62:~$ sudo chmod a+x atlassian-confluence-6.15.4-x64.bin
ubuntu@ip-172-31-56-62:~$ sudo ./atlassian-confluence-6.15.4-x64.bin
Installing fontconfig...
Unpacking JRE ...
Starting Installer ...
This will install Confluence 6.15.4 on your computer.
OK [o, Enter], Cancel [c]
o
Click Next to continue, or Cancel to exit Setup.
Choose the appropriate installation or upgrade option.
Please choose one of the following:
Express Install (uses default settings) [1],
Custom Install (recommended for advanced users) [2, Enter],
Upgrade an existing Confluence installation [3]
2
Select the folder where you would like Confluence 6.15.4 to be installed,
then click Next.
Where should Confluence 6.15.4 be installed?
[/opt/atlassian/confluence]
Default location for Confluence data
[/var/atlassian/application-data/confluence]
Configure which ports Confluence will use.
Confluence requires two TCP ports that are not being used by any other
applications on this machine. The HTTP port is where you will access
Confluence through your browser. The Control port is used to Startup and
Shutdown Confluence.
Use default ports (HTTP: 8090, Control: 8000) - Recommended [1, Enter], Set custom value for HTTP and Control ports [2]
1
Confluence can be run in the background.
You may choose to run Confluence as a service, which means it will start
automatically whenever the computer restarts.
Install Confluence as Service?
Yes [y, Enter], No [n]
y
Extracting files ...
Please wait a few moments while we configure Confluence.
Installation of Confluence 6.15.4 is complete
Start Confluence now?
Yes [y, Enter], No [n]
y
Please wait a few moments while Confluence starts up.
Launching Confluence ...
Installation of Confluence 6.15.4 is complete
Your installation of Confluence 6.15.4 is now ready and can be accessed via
your browser.
Confluence 6.15.4 can be accessed at http://localhost:8090
get license from https://my.atlassian.com/product
Install Apache for use as a reverse proxy from 8090 to 80
# install apache
sudo apt update
sudo apt install apache2
# Put this after the other LoadModule directives
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module /usr/lib/apache2/modules/mod_proxy_wstunnel.so
LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
# Put this in the main section of your configuration (or virtual host, if using Apache virtual hosts)
ProxyRequests Off
ProxyPreserveHost On
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/synchrony
RewriteRule ^/(.*) http://wiki.obrienlabs.cloud:8090/$1 [P]
<Proxy *>
Require all granted
</Proxy>
ProxyPass /synchrony http://wiki.obrienlabs.cloud:8091/synchrony
<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://wiki.obrienlabs.cloud:8091%{REQUEST_URI} [P]
</Location>
ProxyPass / http://wiki.obrienlabs.cloud:8090/
ProxyPassReverse / http://wiki.obrienlabs.cloud:8090/
<Location />
Require all granted
</Location>
ubuntu@ip-172-31-56-62:~$ sudo vi /opt/atlassian/confluence/conf/server.xml ubuntu@ip-172-31-56-62:~$ sudo vi /etc/apache2/apache2.conf add the following end slashes to the config described in missing the end / on the 2 following parts of the conf https://confluence.atlassian.com/doc/using-apache-with-mod_proxy-173669.html?_ga=2.216530710.1274748369.1558470658-348466763.1489247865 ProxyPass / http://wiki.obrienlabs.cloud:8090 ProxyPassReverse / http://wiki.obrienlabs.cloud:8090 needs to be ProxyPass / http://wiki.obrienlabs.cloud:8090/ ProxyPassReverse / http://wiki.obrienlabs.cloud:8090/ ubuntu@ip-172-31-56-62:~$ sudo apachectl graceful
Migrating a Confluence Server and Database between AWS Regions
Take a backup of your RDS instance and an AMI of your confluence server for backup.
Stop the initial instance, Stand up a 2nd instance of the database, standup a 2nd instance of the server, optionally increase the size of the EBS drive.
Re-associate the EIP after startup or optionally create a new EIP - associate and write an A record to route53
Note: make sure the DF is below 99% full - or the new EBS will not kick in.
Optionally: clean old backups or set the backup admin configuration to a monthly cron job
/var/atlassian/application-data/confluence/backups
# delete a range of older backup files
sudo rm -rf /var/atlassian/application-data/confluence/backups/backup-2020_04_{00..99}.zip
I didn't need to do http://www.messor.com/increase-disk-size-for-an-ec2-instance-in-aws/
Gliffy Plugin for Confluence
Get the $10 gliffy plugin so you can draw up embedded AWS, Azure, UML diagrams.
Jira Server on AWS EC2 Linux
Restarting Jira
sudo /opt/atlassian/jira/bin/start-jira.sh
obrienbiometrics:difference-kubernetes michaelobrien$ scp ~/Downloads/atlassian-jira-core-8.2.2-x64.bin ubuntu@jira.obrienlabs.cloud:~/
atlassian-jira-core-8.2.2-x64.bin 100% 332MB 3.2MB/s 01:43
ubuntu@ip-172-31-68-232:~$ sudo ./atlassian-jira-software-8.2.1-x64.bin
Unpacking JRE ...
Starting Installer ...
This will install JIRA Software 8.2.1 on your computer.
OK [o, Enter], Cancel [c]
Click Next to continue, or Cancel to exit Setup.
Choose the appropriate installation or upgrade option.
Please choose one of the following:
Express Install (use default settings) [1], Custom Install (recommended for advanced users) [2, Enter], Upgrade an existing JIRA installation [3]
1
Details on where JIRA Software will be installed and the settings that will be used.
Installation Directory: /opt/atlassian/jira
Home Directory: /var/atlassian/application-data/jira
HTTP Port: 8080
RMI Port: 8005
Install as service: Yes
Install [i, Enter], Exit [e]
i
Extracting files ...
Please wait a few moments while JIRA Software is configured.
Installation of JIRA Software 8.2.1 is complete
Start JIRA Software 8.2.1 now?
Yes [y, Enter], No [n]
y
Please wait a few moments while JIRA Software starts up.
Launching JIRA Software ...
Installation of JIRA Software 8.2.1 is complete
Your installation of JIRA Software 8.2.1 is now ready and can be accessed
via your browser.
JIRA Software 8.2.1 can be accessed at http://localhost:8080
Finishing installation ...
Installing a proxy in front of JIRA
running on the default 8080 port is no good - and unless we are running as a container in a kubernetes cluster where we have an ingres service or on amazon API gateway where we can redirect L7 traffic (effectively an ALB) - we need to proxy the 8080 port to 80.
ubuntu@ip-172-31-68-232:~$ sudo vi /opt/atlassian/jira/conf/server.xml
#uncomment
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false" scheme="http"
proxyName="<subdomain>.<domain>.com" proxyPort="80"/>
to
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false" scheme="http"
proxyName="jira.obrienlabs.cloud" proxyPort="80"/>
sudo apt update
sudo apt install apache2
ubuntu@ip-172-31-68-232:~$ sudo a2enmod proxy_http
Considering dependency proxy for proxy_http:
Enabling module proxy.
Enabling module proxy_http.
To activate the new configuration, you need to run:
systemctl restart apache2
ubuntu@ip-172-31-68-232:~$ systemctl restart apache2
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to restart 'apache2.service'.
Authenticating as: Ubuntu (ubuntu)
Password:
ubuntu@ip-172-31-68-232:~$ sudo systemctl restart apache2
sudo /opt/atlassian/jira/bin/stop-jira.sh
sudo /opt/atlassian/jira/bin/start-jira.sh
# configure URL
Link JIRA and Confluence Applications
Configure the JIRA URL to point away from 8080
Enable Anonymous Access
Add group | anyone - to either/both browse/create issues - for the default software scheme.
Jenkins Server Installation
Run the docker or helm chart version - here on Ubuntu 16.04 and Docker 18.06
sudo useradd --home-dir /home/jenkins --create-home --shell /bin/bash jenkins
sudo passwd jenkins
su jenkins
awk -F: '/\/home/ {printf "%s:%s\n",$1,$3}' /etc/passwd
docker run -u 1001 -d --name jenkins -p 80:8080 -p 50000:50000 -it -v /home/jenkins:/var/jenkins_home jenkins/jenkins:lts
curl https://releases.rancher.com/install-docker/18.06.sh | sh
sudo usermod -aG docker ubuntu
sudo docker run -u 1001 -d --name jenkins -p 80:8080 -p 50000:50000 -it -v /home/jenkins:/var/jenkins_home jenkins/jenkins:lts
docker exec -it jenkins bash
sudo docker exec -it jenkins bash
sudo docker volume create jenkins
sudo mkdir /var/jenkins_home
sudo docker run -u 1001 -d --name jenkins -p 80:8080 -p 50000:50000 -it -v /home/jenkins:/var/jenkins_home jenkins/jenkins:lts
sudo mkdir backup
docker cp jenkins:/var/jenkins_home
docker cp jenkins:/var/jenkins_home backup
sudo docker cp jenkins:/var/jenkins_home backup
...
sudo docker run -u 1001 -d --name jenkins -p 80:8080 -p 50000:50000 -it -v /home/jenkins:/var/jenkins_home jenkins/jenkins:lts
Upgrade Jenkins Maven plugin to 2.4 to support https for maven central
Upgrade Jenkins to run Java 11 from 8
https://jenkins.io/doc/administration/requirements/jenkins-on-java-11/
Jenkins Multibranch pipeline Jenkinsfile
https://www.jenkins.io/blog/2017/02/07/declarative-maven-project/
example Jenkinsfile at https://github.com/obrienlabs/difference-cloud/blob/master/Jenkinsfile
pipeline {
agent any
tools {
maven 'mvn'
}
/*agent {
label 'maven'
}*/
options {
disableConcurrentBuilds()
}
stages {
stage('Build') {
steps {
echo 'Building..'
sh 'mvn clean install -U -DskipTests=true'
}
}
stage('Test') {
steps {
echo 'Testing..'
}
}
stage('Deploy') {
steps {
echo 'Deploying....'
}
}
}
}
MySQL Database Service
Drupal
Deployment
Deployment Architectures
AWS + Terraform + Ansible + ECS
AWS + Ansible + EKS
Deployment Environments
Deployment environments need a discriminator to differentiate between developer and release (staging/production) deployments. For example debug ports and https ports will be exposed differently and the cluster topology will be minimal or single node in dev.
Dev Deployment Environment
Staging/Production Deployment Environment
Deployment Testing
Power Cycling
Cluster Changes
How to handle shutting down the cluster without false positive pod rescheduling
Data Migration
Istio for rolling upgrade
Offline Data Migration
Live Data Migration
Schema Migration
Undercloud Software Migration
Microservice Migration
Example DevOps Architectures
ONAP
See https://wiki.onap.org/display/DW/Cloud+Native+Deployment
Remote Access
see also https://guacamole.apache.org/
Secondary SSH Server or Bastion Jumpbox target for remote SSH jobs
Sometimes you don;t want to enable a CLI capability directly on a build server like jenkins - or you wish to run a remote shell from a build project to perform for example AWS CLI work. Use the following docker container in place of a formal on prem VM, EC2 VM if required.
$ docker run -d -P --name test_sshd rastasheep/ubuntu-sshd:18.04 Unable to find image 'rastasheep/ubuntu-sshd:18.04' locally 18.04: Pulling from rastasheep/ubuntu-sshd Status: Downloaded newer image for rastasheep/ubuntu-sshd:18.04 b906a1bceb3507d66eacae50ea840b0a0a6bd113bd1d3262b1c212b2daaa3c75 $ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b906a1bceb35 rastasheep/ubuntu-sshd:18.04 "/usr/sbin/sshd -D" 11 seconds ago Up 10 seconds 0.0.0.0:32768->22/tcp test_sshd $ ssh root@localhost -p 32768 The authenticity of host '[localhost]:32768 ([127.0.0.1]:32768)' can't be established. root@localhost's password: root root@b906a1bceb35:~# exit logout Connection to localhost closed.
OSX
RDP
https://www.royalapps.com/ts/win/features
1 Comment
Michael O'Brien
Infrastructure as code
gitops operator
governance, audit
Densify + Terraform = Optimization as Code