June 2019
M T W T F S S
« May    
 12
3456789
10111213141516
17181920212223
24252627282930

Categories

WordPress Quotes

Happiness depends more on the inward disposition of mind than on outward circumstances.
Benjamin Franklin
June 2019
M T W T F S S
« May    
 12
3456789
10111213141516
17181920212223
24252627282930

Short Cuts

2012 SERVER (64)
2016 windows (9)
AIX (13)
Amazon (36)
Ansibile (19)
Apache (134)
Asterisk (2)
cassandra (2)
Centos (211)
Centos RHEL 7 (267)
chef (3)
cloud (2)
cluster (3)
Coherence (1)
DB2 (5)
DISK (25)
DNS (9)
Docker (30)
Eassy (11)
ELKS (1)
EXCHANGE (3)
Fedora (6)
ftp (5)
GIT (3)
GOD (2)
Grub (1)
Hacking (10)
Hadoop (6)
health (1)
horoscope (23)
Hyper-V (10)
IIS (15)
IPTABLES (15)
JAVA (7)
JBOSS (32)
jenkins (1)
Kubernetes (6)
Ldap (5)
Linux (188)
Linux Commands (166)
Load balancer (5)
mariadb (14)
Mongodb (4)
MQ Server (24)
MYSQL (84)
Nagios (5)
NaturalOil (13)
Nginx (35)
Ngix (1)
openldap (1)
Openstack (6)
Oracle (35)
Perl (3)
Postfix (19)
Postgresql (1)
PowerShell (2)
Python (3)
qmail (36)
Redis (12)
RHCE (28)
SCALEIO (1)
Security on Centos (29)
SFTP (1)
Shell (64)
Solaris (58)
Sql Server 2012 (4)
squid (3)
SSH (10)
SSL (14)
Storage (1)
swap (3)
TIPS on Linux (28)
tomcat (62)
Uncategorized (29)
Veritas (2)
vfabric (1)
VMware (28)
Weblogic (38)
Websphere (71)
Windows (19)
Windows Software (2)
wordpress (1)
ZIMBRA (17)

WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.

Who's Online

15 visitors online now
4 guests, 11 bots, 0 members

Hit Counter provided by dental implants orange county

CentOS 7.6 configures Nginx reverse proxy

First, the experiment introduction
Using a three CentOS 7 virtual machine to build a simple Nginx reverse proxy load cluster, three virtual machine addresses and functions
192.168.1.76 nginx load balancer
192.168.1.82 web01 server
192.168.1.78 web02 server
Second, install the nginx software (the following operations must be carried out on three virtual machines)
Some Centos 7.6 does not have the wget command installed, so install it yourself:
yum -y install wget

Install nginx software: (three servers must be installed)

$ wget http://dl.Fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
$ rpm -ivh epel-release-latest-7.noarch.rpm
$ yum install nginx (direct yum installation)

Installation is so simple and convenient, after the installation is complete, you can use systemctl to control the startup of nginx.
$ systemctl enable nginx (join boot)
$ systemctl start nginx (turn on nginx)
$ systemctl status nginx (view status)
After the three servers are installed with nginx respectively, the test can run normally and provide web services. If the error is probably the cause of the firewall, please see the last few steps about the firewall.
Modify the configuration file of the nginx of the proxy server to implement load balancing. As the name implies, multiple requests are distributed to different services to achieve a balanced load and reduce the pressure on a single service.

$ vi /etc/nginx/nginx.conf (modify configuration file, global configuration file)
For more information on configuration, see:
* Official English Documentation: http://nginx.org/en/docs/
* Official Russian Documentation: http://nginx.org/ru/docs/
User nginx;
worker_processes auto; (default is automatic, you can set it yourself, generally no more than cpu core)
error_log /var/log/nginx/error.log; (error log path)
pid /run/nginx.pid; (pid file path)
Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
Events { accept_mutex on; (set network connection serialization to prevent surprises, default is on) multi_accept on; (set whether a process accepts multiple network connections at the same time, the default is off) worker_connections 1024; (the maximum of a process Number of connections)
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main; Sendfile on; # tcp_nopush on; (not commented out here) tcp_nodelay on; keepalive_timeout 65; (connection timeout) types_hash_max_size 2048; gzip on; (open compression) include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf;
Here to set load balancing, load balancing has multiple strategies, nginx comes with polling, weights, ip-hash, response time and so on.
Default is to split the http load, the way to poll.
is to distribute the request according to the weight, the load with high weight is large
ip-hash, according to ip to allocate, keep the same ip on the same server.
Response time, according to the response time of the server nginx, preferentially distributed to the server with fast response.
The centralized strategy can be combined with
upstream tomcat { (tomcat is a custom load balancing rule name)
ip_hash; (ip_hash is the ip-hash method)
??????server 192.168.1.78:80 weight=3 fail_timeout=20s;
??????server 192.168.1.82:80 weight=4 fail_timeout=20s;
can define multiple sets of rules
}
Server { listen 80 default_server; (default listening port 80) listen localhost; (listening server) server_name _; root /usr/share/nginx/html; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; Location / { ( / means all requests, can be customized to set different load rules and services for different domain names)
proxy_pass http://tomcat; (reverse proxy, fill in your own load balancing rule name)
proxy_redirect off; (The following settings can be copied directly. If not, it may lead to some problems such as unauthentication.)
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 90; The following are just some timeout settings, but don't)
proxy_send_timeout 90;
proxy_read_timeout 90;
}
# location ~.(gif|jpg|png)$ { (for example, write in regular expression)
# root /home/root/ Images;
# }
error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } }
Settings for a TLS enabled server.
#
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name _;
root /usr/share/nginx/html;
#
ssl_certificate "/etc/pki/nginx/server.crt";
ssl_certificate_key "/etc/pki/nginx/private/server.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
#
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
#
location / {
}
#
error_page 404 /404.html;
location = /40x.html {
}
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
After the configuration is updated, the reload configuration can take effect without restarting the service.
nginx -s reload
If you can't access it, it may be because the firewall is open and the port is not open:
Start: systemctl start firewalld
off: systemctl stop firewalld
view status: systemctl status firewalld
boot disable: systemctl disable firewalld
boot enable: systemctl enable firewalld
Open a port:
Add
firewall-cmd --zone=public --add-port=80/tcp --permanent (--permanent is permanent, no failure after restarting this parameter)
Reload
firewall-cmd --reload
view
firewall-cmd -- zone = public --query-port = 80 / tcp
delete
firewall-cmd --zone = public --remove- port = 80 / tcp --permanent

Apache-based Web virtual host under Linux

Web virtual host refers to running multiple web sites in the same server, each of which does not actually occupy the entire server. Therefore, it is called a “virtual” web host, and the virtual web hosting service can make full use of the server. Hardware resources.

Using httpd makes it easy to set up a virtual host server. It only needs to run an httpd service to support a large number of web sites at the same time. There are three types of virtual hosts supported by httpd (like the Windows IIS service):

  1. A virtual host with the same IP, port number, and different domain name;
  2. Virtual host with the same IP and different port numbers;
  3. Virtual hosts with different IP addresses and the same port number;

Most O&M personnel should adopt the first solution when setting up a virtual host. The virtual host is based on different domain names, which is also the most user-friendly solution.

First, start building a domain-based virtual host:

  1. Provide domain name resolution for virtual hosts

[root@localhost /]

# vim /etc/named.conf

zone “mohan1.com” in {
type master;
file “mohan1.com.zone”;
};

zone “mohan2.com” in {
type master;
file “mohan2.com.zone”;
};

root@localhost /]# vim /var/named/mohan1.com.zone
in ns www.mohan1.com.
www in a 192.168.1.1

[root@localhost /]

# vim /var/named/mohan2.com.zone

    in      ns      www.mohan2.com.

www in a 192.168.1.1

2, prepare web documents for the virtual host

Prepare website directories and web documents for each virtual web host. For the convenience of mohaning, each virtual web host is provided with a different home page file:

[root@localhost named]

# mkdir -p /var/www/mohan1com

[root@localhost named]

# mkdir -p /var/www/mohan2com

[root@localhost named]

# echo “

www.mohan1.com

” > /var/www/mohan1com/index.html

[root@localhost named]

# echo “

www.mohan2.com

” > /var/www/mohan2com/index.html

3, add virtual host configuration

[root@localhost named]

# vim /usr/local/httpd/conf/extra/httpd-vhosts.conf

ServerAdmin admin@mohan.com DocumentRoot “/var/www/mohan1com” ServerName www.mohan1.com ErrorLog “logs/mohan1-error_log” CustomLog “logs/mohan1-access_log” common require all granted

mohan2
ServerAdmin admin@mohan.com DocumentRoot “/var/www/mohan2com” ServerName www.mohan2.com ErrorLog “logs/mohan2-error_log” CustomLog “logs/mohan2-access_log” common require all granted

[root@localhost named]

# vim /usr/local/httpd/conf/httpd.conf

Include conf/extra/httpd-vhosts.conf

[root@localhost named]

# systemctl restart httpd

  1. Access the virtual web host in the client

Verify it, the result is as follows:

Second, the virtual host based on IP address:

(100,000 don’t want to write down, because the next content can be understood, it won’t be used, but….. Just in case, just write it)

Note that there is no connection between each method. Don’t confuse IP-based virtual hosts with domain-based ones.

[root@localhost named]

# vim /usr/local/httpd/conf/extra/httpd-vhosts.conf
…………..
ServerAdmin admin@mohan.com DocumentRoot “/var/www/mohan1com” ErrorLog “mohan1-error_log” CustomLog “mohan1-access_log” common require all granted

ServerAdmin admin@mohan.com DocumentRoot “/var/www/mohan2com” ErrorLog “mohan2-error_log” CustomLog “mohan2-access_log” common require all granted

[root@localhost named]

# vim /usr/local/httpd/conf/httpd.conf
………………….
Include conf/extra/httpd-vhosts.conf

[root@localhost named]

# systemctl restart httpd

Second, the port-based virtual host:

[root@localhost named]

# vim /usr/local/httpd/conf/extra/httpd-vhosts.conf

ServerAdmin admin@mohan.com DocumentRoot “/var/www/mohan1com” ErrorLog “mohan1-error_log” CustomLog “mohan1-access_log” common require all granted

ServerAdmin admin@mohan.com DocumentRoot “/var/www/mohan2com” ErrorLog “mohan2-error_log” CustomLog “mohan2-access_log” common require all granted

listen 8000

[root@localhost named]

# vim /usr/local/httpd/conf/httpd.conf
………………….
Include conf/extra/httpd-vhosts.conf

[root@localhost named]

# systemctl restart httpd

Create an SSH server alias on a Linux system

If you frequently access many different remote systems via SSH, this technique will save you some time. You can create SSH aliases for frequently accessed systems via SSH, so you don’t have to remember all the different usernames, hostnames, SSH port numbers, and IP addresses. In addition, it avoids repeatedly entering the same username, hostname, IP address, and port number when SSHing to a Linux server.

Create an SSH alias in Linux
Before I know this trick, I usually use one of the following methods to connect to a remote system via SSH.

Use IP address:

$ ssh 192.168.225.22
Or use the port number, username, and IP address:

$ ssh -p 22 ec2-user@192.168.225.22
Or use the port number, username, and hostname:

$ ssh -p 22 ec2-user@server.example.com
Here

22 is the port number,
ec2-user is the username of the remote system.
192.168.225.22 is the IP of my remote system,
Server.example.com is the host name of the remote system.
I believe that most Linux novices and/or some administrators will connect to remote systems via SSH in this way. However, if you connect to multiple different systems via SSH, remembering all hostnames or IP addresses, as well as usernames, is difficult unless you write them on paper or save them in a text file. do not worry! This can be easily solved by creating an alias (or shortcut) for the SSH connection.

We can create aliases for SSH commands in two ways .

Method 1 – Use an SSH Profile
This is my preferred method of creating an alias.

We can use the SSH default configuration file to create an SSH alias. To do this, edit the ~/.ssh/config file (if this file doesn’t exist, just create one):

$ vi ~/.ssh/config
Add details for all remote hosts as follows:
Host webserver
HostName 192.168.225.22
User ec2-user

Host dns
HostName server.example.com
User root

Host dhcp
HostName 192.168.225.25
User ec2-user
Port 2233

Create an SSH alias in Linux using an SSH configuration file

Replace the values ??of the Host, Hostname, User, and Port configuration with your own values. After adding the details of all remote hosts, save and exit the file.

Now you can access the system via SSH using the following command :

$ ssh webserver
$ ssh dns
$ ssh dhcp
It’s that simple!

Access remote systems using SSH aliases

see it? I only use an alias (such as webserver) to access a remote system with an IP address of 192.168.225.22.

Please note that this is only for the current user. If you want to provide an alias for all users (system-wide), add the above line to the /etc/ssh/ssh_config file.

You can also add a lot of other content to your SSH configuration file. For example, if you have configured SSH key-based authentication, the location of the SSH key file is as follows:

Host Ubuntu
HostName 192.168.225.50
User senthil
IdentityFIle ~/.ssh/id_rsa_remotesystem
Make sure you have replaced your hostname, username, and SSH key file path with your own values.
Now connect to the remote server using the following command:

$ ssh ubuntu
This way, you can add as many remote hosts you want to access via SSH and quickly access them using aliases.

Method 2 – Use a Bash Alias
This is an emergency workaround for creating SSH aliases that speed up communication. You can make this taec2-user easier with the alias command.

Open the ~/.bashrc or ~/.bash_profile file:

Alias ??webserver=’ssh ec2-user@server.example.com’
Alias ??dns=’ssh ec2-user@server.example.com’
Alias ??dhcp=’ssh ec2-user@server.example.com -p 2233′
Alias ??ubuntu=’ssh ec2-user@server.example.com -i ~/.ssh/id_rsa_remotesystem’
Again, make sure you have replaced the host, hostname, port number, and IP address with your own values. Save the file and exit.
Then, use the command to apply the changes:

$ source ~/.bashrc
or
$ source ~/.bash_profile
In this method, you don’t even need to use the ssh alias command. Instead, just use an alias as shown below.
$ webserver
$ dns
$ dhcp
$ ubuntu

How to create a TCP listener or open ports in unix os

You can create a port listener using Netcat .

yum install nc -y

root@rmohan:~# nc -l 5000
you can also check if port is open or not using netstat command .

root@vm-rmohan:~# netstat -tulpen | grep nc
tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN 0 710327 17533/nc
you can also check with nc :

Netcat Server listener :

nc -l localhost 5000
Netcat Client :

root@vm-rmohan:~# nc -v localhost 5000
Connection to localhost 5000 port [tcp/*] succeeded!

INSTALLING KUBERNETES ON CENTOS7

[RUN ALL BELOW COMMADS on ALL NODES]

yum update
yum install -y epel-release

yum install docker [v1.11 or 1.12 or 1.13]

setup kubernates respos

kubeadm kubectl kubelet

[root@kubmaster yum.repos.d]

# cat kubernetes.repo

[kubernetes]

name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg

setenforce 0

yum install -y kubelet kubeadm kubectl

  • Add host entry in /etc/hosts

systemctl start Docker
swapoff /dev/centos/swap
systemctl enable kubelet.service
systemctl enable docker

echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables

useradd kubeadmin
ifdown enp0s3

NOTE: On Virtual BOX disable NAT network interface before hitting init
or else port 6443 will get bound to NAT IP
disconnect N/A from console and reboot

kubeadm init –pod-network-cidr=10.244.0.0/16

Note: If you have multiple IPs / Hostname to bind ; run following to add name/ip in certificate

kubeadm init –pod-network-cidr=10.244.0.0/16 –apiserver-advertise-address 192.168.56.240 –apiserver-cert-extra-sans kubemaster.mhn.com

Create User

su – kubeadmin

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config


Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run “kubectl apply -f [podnetwork].yaml” with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of machines by running the following on each node
as root:

kubeadm join 192.168.56.240:6443 –token wxf3y9.ci2txlf7ja04svyg –discovery-token-ca-cert-hash sha256:ea3eeb5de0ffd9efe6d0f304f4fd9853c005ee98902ad7a7c110425c23eeab04


In order for your pods to communicate with one another, you’ll need to install pod networking. We are going to use Flannel for our Container Network Interface (CNI) because it’s easy to install and reliable. Enter this command:

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

If you see error like beow

The connection to the server localhost:8080 was refused – did you specify the right host or port?

Do the following as normal user

su – kubeadmin

sudo cp /etc/kubernetes/admin.conf $HOME/

sudo chown $(id -u):$(id -g) $HOME/admin.conf

export KUBECONFIG=$HOME/admin.conf

[root@kubmaster ~]

# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
clusterrole.rbac.authorization.k8s.io “flannel” created
clusterrolebinding.rbac.authorization.k8s.io “flannel” created
serviceaccount “flannel” created
configmap “kube-flannel-cfg” created
daemonset.extensions “kube-flannel-ds” created


[kubeadmin@kubmaster ~]

$ kubectl get pods
No resources found.

[kubeadmin@kubmaster ~]

$ kubectl get pods –all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system etcd-kubmaster 1/1 Running 0 47m
kube-system kube-apiserver-kubmaster 1/1 Running 0 47m
kube-system kube-controller-manager-kubmaster 1/1 Running 0 47m
kube-system kube-dns-86f4d74b45-mrq4d 3/3 Running 0 1h
kube-system kube-flannel-ds-854ns 1/1 Running 0 47m
kube-system kube-proxy-rlpbc 1/1 Running 0 1h
kube-system kube-scheduler-kubmaster 1/1 Running 0 47m

[kubeadmin@kubmaster ~]

$

k8s ansible install

Ansible role to setup 1 master +2 node kubernetes cluster (more nodes can be added)

setup centos VMs
configure hostnames
Update hosts file template in ../roles/kubernetes-deploy/files/hosts.template with host names and ipaddress
setup password less auth between your Ansible host and Kubernetes nodes

$ ssh-copyid root@kube-nodes?

setup Ansible inventory

kube-master.rmohan.com hostrole=master
kube-node1.rmohan.com hostrole=node
kube-node2.rmohan.com hostrole=node

Run Ansible Role

$ ansible-playbook install-kubernetes-centos7.yml

Role does follwoing

  • updated os
  • reboot
  • setup kubernetes environment

upon completion of ansible play, copy following command from stdout of play and run on all node as root

kubeadm join 192.168.1.240:6443 –token ce2b82.hbu4u9x12luwbhyr –discovery-token-ca-cert-hash sha256:510573c7ec722ac20674e96403517e97696e2110635d57455d869bae06ffefaa

  • Validation on Master

kubectl get nodes (check node status)

kubectl get pods –all-namespaces (you may need to wait for sometime to get the containers up)

[RUN ALL BELOW COMMADS on ALL NODES]

yum update
yum install -y epel-release

yum install docker [v1.11 or 1.12 or 1.13]

setup kubernates respos

kubeadm kubectl kubelet

[root@kubmaster yum.repos.d]

# cat kubernetes.repo

[kubernetes]

name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg

setenforce 0

yum install -y kubelet kubeadm kubectl

  • Add host entry in /etc/hosts

systemctl start Docker
swapoff /dev/centos/swap
systemctl enable kubelet.service
systemctl enable docker

echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables

useradd kubeadmin
ifdown enp0s3

NOTE: On Virtual BOX disable NAT network interface before hitting init
or else port 6443 will get bound to NAT IP
disconnect N/A from console and reboot

kubeadm init –pod-network-cidr=10.244.0.0/16

Note: If you have multiple IPs / Hostname to bind ; run following to add name/ip in certificate

kubeadm init –pod-network-cidr=10.244.0.0/16 –apiserver-advertise-address 192.168.56.240 –apiserver-cert-extra-sans kubemaster.mhn.com

Create User

su – kubeadmin

mkdir -p $HOME/.kube

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config


Your Kubernetes master has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

You should now deploy a pod network to the cluster.
Run “kubectl apply -f [podnetwork].yaml” with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/

You can now join any number of machines by running the following on each node
as root:

kubeadm join 192.168.56.240:6443 –token wxf3y9.ci2txlf7ja04svyg –discovery-token-ca-cert-hash sha256:ea3eeb5de0ffd9efe6d0f304f4fd9853c005ee98902ad7a7c110425c23eeab04


In order for your pods to communicate with one another, you’ll need to install pod networking. We are going to use Flannel for our Container Network Interface (CNI) because it’s easy to install and reliable. Enter this command:

kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

If you see error like beow

The connection to the server localhost:8080 was refused – did you specify the right host or port?

Do the following as normal user

su – kubeadmin

sudo cp /etc/kubernetes/admin.conf $HOME/

sudo chown $(id -u):$(id -g) $HOME/admin.conf

export KUBECONFIG=$HOME/admin.conf

[root@kubmaster ~]

# kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
clusterrole.rbac.authorization.k8s.io “flannel” created
clusterrolebinding.rbac.authorization.k8s.io “flannel” created
serviceaccount “flannel” created
configmap “kube-flannel-cfg” created
daemonset.extensions “kube-flannel-ds” created


[kubeadmin@kubmaster ~]

$ kubectl get pods
No resources found.

[kubeadmin@kubmaster ~]

$ kubectl get pods –all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system etcd-kubmaster 1/1 Running 0 47m
kube-system kube-apiserver-kubmaster 1/1 Running 0 47m
kube-system kube-controller-manager-kubmaster 1/1 Running 0 47m
kube-system kube-dns-86f4d74b45-mrq4d 3/3 Running 0 1h
kube-system kube-flannel-ds-854ns 1/1 Running 0 47m
kube-system kube-proxy-rlpbc 1/1 Running 0 1h
kube-system kube-scheduler-kubmaster 1/1 Running 0 47m

[kubeadmin@kubmaster ~]

$

Get YAML for deployed Kubernetes

ombining other answers, this is what I came up with for bash:

for n in $(kubectl get -o=name pvc,configmap,serviceaccount,secret,ingress,service,deployment,statefulset,hpa,job,cronjob) do     
mkdir -p $(dirname $n)
kubectl get -o=yaml --export $n > $n.yaml
done





kubectl get all --export=true -o yaml


!/bin/env bash
i=$((0))
for n in $(kubectl get -o=custom-columns=NAMESPACE:.metadata.namespace,KIND:.kind,NAME:.metadata.name pv,pvc,configmap,ingress,service,secret,deployment,statefulset,hpa,job,cronjob --all-namespaces | grep -v 'secrets/default-token')
do
if (( $i < 1 )); then
namespace=$n
i=$(($i+1))
if [[ "$namespace" == "PersistentVolume" ]]; then
kind=$n
i=$(($i+1))
fi
elif (( $i < 2 )); then
kind=$n
i=$(($i+1))
elif (( $i < 3 )); then
name=$n
i=$((0))
if [[ "$namespace" != "NAMESPACE" ]]; then
mkdir -p $namespace
yaml=$((kubectl get $kind -o=yaml $name -n $namespace ) 2>/dev/null) if [[ $kind != 'Secret' || $yaml != *"type: kubernetes.io/service-account-token"* ]]; then echo "Saving ${namespace}/${kind}.${name}.yaml" kubectl get $kind -o=yaml --export $name -n $namespace > $namespace/$kind.$name.yaml fi fi fi
done





To get the yaml for a deployment (service, pod, secret, etc):
kubectl get deploy deploymentname -o yaml --export




kubectl get deployment,service,pod yourapp -o yaml --export
Answering @Sinaesthetic question:
any idea how to do it for the full cluster (all deployments)?
kubectl get deploy --all-namespaces -o yaml --export
The problem with this method is that export doesn't include the namespace. So if you want to export many resources at the same time, I recommend doing it per namespace:
kubectl get deploy,sts,svc,configmap,secret -n default -o yaml --export > default.yaml
Unfortunately kubernetes still doesn't support a true get all command, so you need to list manually the type of resources you want to export. You can get a list of resource types with
kubectl api-resources

AWS : SIMPLE SYSTEMS MANAGER (SSM)

What is Simple Systems Manager

Amazon EC2 Simple Systems Manager (SSM) is an Amazon Web Services tool that allows us to automatically configure virtual servers in a cloud or in on-premises data center.

We can use scripts, commands or the Elastic Compute Cloud (EC2) console to manage EC2 instances, virtual machines (VMs) or servers hosted on other clouds, or within local environments such as Windows.

Granting user account access to Systems Manager

Our user account must be configured to communicate with the SSM API.

We need to use the following the procedure to attach a managed AWS Identity and Access Management (IAM) policy to our user account that grants us full access to SSM API actions.

To create the IAM policy for our user account:

  1. Open the IAM console at https://console.aws.amazon.com/iam/.
  2. In the navigation pane, choose Policies.
  3. In the Filter field, type AmazonSSMFullAccess and press Enter.
  4. Select the check box next to AmazonSSMFullAccess and then choose Policy ActionsAttach.
  5. On the Attach Policy page, choose the user account and then choose Attach Policy.

AWS Identity and Access Management (IAM)

We must configure an AWS Identity and Access Management (IAM) instance profile role for Systems Manager.

The AmazonEC2RoleforSSM role should be attached to an Amazon EC2 instance. Let’s create it first:

Attach the role while the instance is being created:

This role enables the instance to communicate with the Systems Manager API.

Install the SSM Agent (Linux)

The SSM agent processes Run Command requests and configures the instances that are specified in the request. The agent is installed, by default, on Windows instance. However, we must manually install the agent on Linux. The following procedure describes how to install the agent on Ubuntu:

$ cd /tmp			
$ wget https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb
$ sudo dpkg -i amazon-ssm-agent.deb
$ sudo systemctl enable amazon-ssm-agent

We can use User data instead:

#!/bin/bash
cd /tmp			
wget https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb
sudo dpkg -i amazon-ssm-agent.deb
sudo start amazon-ssm-agent

We can check if the agent is running on the instance:

$ ps -ef|grep agent | grep -v grep
root      1723     1  0 01:13 ?        00:00:00 /usr/bin/amazon-ssm-agent

SSM Agent Installation

  1. Access the EC2 instance you have created with the SSH key for the one time SSM agent configuration.
  2. Execute the commands below after you login(sudo) as root.
# mkdir /tmp/ssm
# cd /tmp/ssm
# yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
# systemctl enable amazon-ssm-agent
# systemctl start amazon-ssm-agent



Make sure that SSM agent version is 2.3.630 or above.

[root@ip-172-31-28-88 tmp]# rpm -qa | grep ssm
amazon-ssm-agent-2.3.634.0-1.x86_64
[root@ip-172-31-28-88 tmp]#

Sending a Command Using the EC2 Console

We can use the following steps to list all services running on the instance by using Run Command from the Amazon EC2 console.

To execute a command using Run Command from the EC2 console:

  1. In the navigation pane, choose Run Command:
  1. Choose Run a command:
  1. For Command document, choose AWS-RunPowerShellScript for Windows instances, and AWS-RunShellScript for Linux instances.
  2. For Target instances, choose the instance we created. If we don’t see the instance, verify that we are currently in the same region as the instance we created. Also verify that we configured the IAM role and trust policies as described earlier.
  3. For Commands, type Get-Service for Windows, or ps -aux | less for Linux.
  4. (Optional) For Working Directory, specify a path to the folder on our EC2 instances where we want to run the command.
  5. (Optional) For Execution Timeout, specify the number of seconds the EC2Config service or SSM agent will attempt to run the command before it times out and fails.
  6. For Comment, providing information is recommended so that it will help us identify this command in our list of commands.
  7. For Timeout (seconds), type the number of seconds that Run Command should attempt to reach an instance before it is considered unreachable and the command execution fails.
  8. Choose Run to execute the command. Run Command displays a status screen. Choose View result.
  9. To view the output, choose the command invocation for the command, choose the Output tab.
  1. Then choose View Output.

Sending a Command via AWS CLI

We must either have administrator privileges on the instances we want to configure or we must have been granted the appropriate permission in IAM.

The following command returns a list of Linux and Windows documents:

$ aws ssm list-documents
DOCUMENTIDENTIFIERS	Command	1	AWS-ApplyPatchBaseline	Amazon	1.2
PLATFORMTYPES	Windows
PLATFORMTYPES	Linux
DOCUMENTIDENTIFIERS	Command	1	AWS-ConfigureAWSPackage	Amazon	2.0
PLATFORMTYPES	Windows
PLATFORMTYPES	Linux
...

To check if an instance is ready to receive commands:

$ aws ssm describe-instance-information --output text --query "InstanceInformationList[*]"
2.0.796.0	ip-172-31-38-206	172.31.38.206	i-0698042a954420857	True	1496457091.34	Online	Ubuntu	Linux	16.04	EC2Instance

Using Run Command and the AWS-RunShellScript document, we can execute any command or script on an EC2 instance as if we were logged on locally.

To view the description and available parameters, we can use the following command to view a description of the Systems Manager JSON document:

$ aws ssm describe-document --name "AWS-RunShellScript" --query "[Document.Name,Document.Description]"
AWS-RunShellScript	Run a shell script or specify the commands to run.

We can use the following command to view the available parameters and details about those parameters:

$ aws ssm describe-document --name "AWS-RunShellScript" --query "Document.Parameters[*]"
	(Required) Specify a shell script or a command to run.	commands	StringList
	(Optional) The path to the working directory on your instance.	workingDirectory	String
3600	(Optional) The time in seconds for a command to complete before it is considered to have failed. Default is 3600 (1 hour). Maximum is 28800 (8 hours).	executionTimeout	String

We may want to use the following command to get IP information for an instance:

$ aws ssm send-command --instance-ids "i-0698042a954420857" --document-name "AWS-RunShellScript" --comment "IP config" --parameters commands=ifconfig --output text
COMMAND	e4d8a901-34b7-480d-9e47-f0a71179be64	IP config	0	AWS-RunShellScript	0	1496465253.78	50	0		1496458053.78		Pending	Pending	1
INSTANCEIDS	i-0698042a954420857
NOTIFICATIONCONFIG		
COMMANDS	ifconfig

The following command uses the Command ID that was returned from the previous command to get the details and response data of the command execution. The system returns the response data if the command completed. If the command execution shows “Pending” we will need to execute this command again to see the response data:

$ aws ssm list-command-invocations --command-id "e4d8a901-34b7-480d-9e47-f0a71179be64" --details

The following command displays the default user account running the commands:

$ sh_command_id=$(aws ssm send-command --instance-ids "i-0698042a954420857" --document-name "AWS-RunShellScript" --comment "Demo run shell script on Linux Instance" --parameters commands=whoami --output text --query "Command.CommandId")

The following command uses the Command ID to get the status of the command execution on the instance. This example uses the Command ID that was returned in the previous command:

$ aws ssm list-commands  --command-id $sh_command_id
COMMANDS	136b1a05-6724-45f1-a23b-f98062fca64d	Demo run shell script on Linux Instance	1	AWS-RunShellScript	0	1496465641.83	50	0			1496458441.83		Success	Success	1
INSTANCEIDS	i-0698042a954420857
NOTIFICATIONCONFIG		
COMMANDS	whoami

The following command uses the Command ID from the previous command to get the status of the command execution on a per instance basis:

$ aws ssm list-command-invocations --command-id $sh_command_id --details

mysqldump + gzip + aws

A shell script to backup MYSQL database and upload it to Amazon S3.

Note
Make sure the AWS CLI is installed properly

  1. mysqldump + gzip + aws
    Dump the database with mysqldump and gzip it into a folder, later uses the aws command to upload the file to Amazon S3

backup-script.sh

!/bin/bash

#

#

MySQL Database To Amazon S3

#

NOW=$(date +”%Y-%m-%d”)

BACKUP_DIR=”/home/mohan/backup”
MYSQL_HOST=”localhost”
MYSQL_PORT=”3306″
MYSQL_USER=”YOUR_DB_USER”
MYSQL_PASSWORD=”YOUR_DB_PASSWORD”
DATABASE_NAME=”YOUR_DB_NAME”

AMAZON_S3_BUCKET=”s3://mohan/backup/mysql/”
AMAZON_S3_BIN=”/home/mohan/.local/bin/aws”

FOLDERS_TO_BACKUP=(“/home/mohan/bk1” “/home/mohan/bk2”)

#

mkdir -p ${BACKUP_DIR}

backup_mysql(){
mysqldump -h ${MYSQL_HOST} \
-P ${MYSQL_PORT} \
-u ${MYSQL_USER} \
-p${MYSQL_PASSWORD} ${DATABASE_NAME} | gzip > ${BACKUP_DIR}/${DATABASE_NAME}-${NOW}.sql.gz
}

backup any folders?

backup_files(){

    tar -cvzf ${BACKUP_DIR}/backup-files-${NOW}.tar.gz ${FOLDERS_TO_BACKUP[@]}

}

upload_s3(){
${AMAZON_S3_BIN} s3 cp ${BACKUP_DIR}/${DATABASE_NAME}-${NOW}.sql.gz ${AMAZON_S3_BUCKET}
}

backup_mysql
upload_s3
Copy

  1. How to run?
    Assign execute permission to the shell script, and run it directly.

Terminal
$ chmod +x backup-script.sh

run it

$ ./backup-script.sh
Copy

  1. Run it daily
    3.1 cron schedule to run the script daily.

Terminal
$ crontab -e

Daily, 7pm

0 19 * * * /path.to/backup-script.sh > /dev/null 2>&1

International Men’s Health Week: Here are 7 tests Every Man Above 40 Should Consider

International Men’s Health Week, which is celebrated annually during the week ending on Father’s Day, honours the importance of the health and wellness of boys and men. International Men’s Health Week provides an opportunity to educate the public about what can be done to improve the state of men’s health.

With today’s world becoming full of stress, pressures and health crises, the body faces early depreciation than before. On the occasion of International Men’s Health Week, we take a look at some important health tests men should take to indicate how fit they are and what changes they need to bring about for a healthier life.

Blood Sugar Test: It measures the amount of glucose in the blood and is an important screening for diabetes or pre-diabetes and insulin resistance. Untreated diabetes can cause problems with eyes, feet, heart, skin, nerves, kidneys and more. It can also affect mental health. The risk of prostate and other cancers also increases with high blood sugar.

Colorectal Cancer Screening: Men above 40 should get screened for colon cancer. Any of the three following tests: the sigmoidoscopy, colonoscopy, and the faecal occult blood test can help in detection. A colonoscopy is painless and takes only 15 to 20 minutes. Even better, this test can detect colon cancer early, when it’s most treatable.

Cholesterol test: There are three kinds of cholesterol circulating in the blood. Men above forty should get themselves checked for total cholesterol, low-density lipoprotein (LDL) or bad cholesterol and high-density lipoprotein (HDL) or good cholesterol. High cholesterol is the cause of heart disease.

Bone Density: While osteoporosis may be more common in women, men get it too. According to experts, men over 50 who are in a high-risk group (family history, sedentary lifestyle etc) should get themselves tested. A bone density can determine the strength of a person’s bone and the risk of a fracture.

Testosterone test: With age, there is a risk in a dip in libido as well. Low testosterone can cause erectile dysfunction, fatigue, weight gain, loss of muscle, loss of body hair, sleep problems, trouble concentrating, bone loss, and personality changes.

Stool sample Test: This test helps determine if there are any impurities in the blood and must be done once in every 2 years once you cross 40.

PSA test: The PSA test is a blood test used primarily to screen for prostate cancer. The test measures the amount of prostate-specific antigen (PSA) in your blood.

Eye test: Getting eye tests done post 40 is pertinent as the risk of Hypermetropia or long-sightedness as well as myopia increases with age. Diabetes could also increase the risk of both eye ailments.