Friday, 1 June 2018

RHEL6 v/s RHEL7 

RHEl 6 v/s RHEl 7

1. Default File System is ext4 for 6 & xfs for 7
2. Kernel Version is 2.6.x-x Kernel for 6 & 3.10.x-x kernel for 7
3. Kernel Code Name is santiago for 6 & Miapo for 7
4. First Process is initd in 6 and systemd in 7.
5. Runlevels
in 6:           in 7:
runlevel 0    runlevel0.target -> poweroff.target
runlevel 1    runlevel1.target -> rescue.target
runlevel 2    runlevel2.target -> multi-user.target
runlevel 3    runlevel3.target -> multi-user.target
runlevel 4    runlevel4.target -> multi-user.target
runlevel 5    runlevel5.target -> graphical.target
runlevel 6    runlevel6.target -> reboot.target



/etc/systemd/system/default.target (this by default is linked to the multi-user target)



# cat default.target
[Unit]
Description=Graphical Interface
Documentation=man:systemd.special(7)
Requires=multi-user.target
Wants=display-manager.service
Conflicts=rescue.service rescue.target
After=multi-user.target rescue.service rescue.target display-manager.service
AllowIsolate=yes

6. Change In UID Allocation - 
In RHEL7, by default any new users created would get UIDs assigned starting from 1000. 
In RHEL6, Default UID assigned to users would start from 500.
7. Max Supported File Size - In RHEL7, Maximum (individual) file size = 500TB Maximum filesystem size = 500TB,  In RHE6, same is 16TB.
8. File System Check - "xfs_repair", XFS does not run a file system check at boot time. "e2fsck" File system check would gets executed at boot time. 
9. Difference Between xfs_growfs & resize2fs- xfs_growfs takes mount point as arguments. resize2fs takes logical volume name as arguments.
10. Default Firewall - Firewalld (Dynamic Firewall) in RHEL7 & ipatbles in RHEL6.
11. Network Bonding - 
 "Team Driver"-/etc/sysconfig/network-scripts/ifcfg-team0
 "Bonding"-/etc/sysconfig/network-scripts/ifcfg-bond0
at No comments:
Labels:

Thursday, 31 May 2018

Ansible Cheat Sheet 

Ansible
------------------------------------------------------------------------------------------------------------
Playbook Format
------------------------------------------------------------------------------------------------------------
- name: play1
  hosts: class
  become: true
  tasks:
  - name: Adding user
    user:
      name: ansible
      comment: "GECOS VALUE"
      groups: wheel
      password:changeme
      generate_ssh_key: yes
      createhome: yes
    tags:
      - useradd
  - name: Deleting user
    user:
      name: ansible
      state: absent
    tags:
      - userdel
------------------------------------------------------------------------------------------------------------------------
Basic Commands
------------------------------------------------------------------------------------------------------------------------
Running ansible playbook
# ansible-playbook playbook.yml

Running commands using ssh and sudo password
# ansible-playbook user.yaml -u username --ask-pass --ask-su-pass

Dry run
ansible-playbook -C user.yaml

Syntax Check
# ansible-playbook --syntax-check user.yaml

To enter encrypted password in palybbok
# openssl passwd -1 "plaintextpassword"

To set password of vault:
# ansible-vault encrypt playbook.yml

To edit encrypted yml file:
# ansible-vault edit playbook.yml

To decrypt password:
# ansible-vault decrypt playbook.yml

To run encrypted playbook:
# ansible-vault playbook.yml --ask-vault-pass

To run playbook using tags:
# ansible-playbook playbook.yml --tags tag-name

Creating roles
# ansible-galaxy init users
-----------------------------------------------------------------------------------------------------------------------------
Roles directory structure
-----------------------------------------------------------------------------------------------------------------------------
defaults: default variables used by a role
vars: vars and defaults house variables, but variables in vars have a higher priority
files: where you put files that need to be added to the machine being provisioned
handlers: contain targets for notify directives, and are almost always associated with services
meta: metadata of an Ansible role consists of attributes such as author, supported platforms, and dependencies
tasks: houses a series of Ansible plays to install, configure, and run software
templates: similar to files except that templates support modification as they’re added to the machine being provisioned
-----------------------------------------------------------------------------------------------------------------------------
Configuration file
-----------------------------------------------------------------------------------------------------------------------------
[defaults]
inventory=/home/ansible/inventory                      -- location of inventory file
remote_user=username                                            -- User used to execute tasks
forks=5          -- Tasks will be executed on 5 hosts in parallel
[priviledge_escalation]   
become=True                                                       -- To activate priviledges escalation
become_method=sudo                                                -- Method used for root priviledges
become_ask_pass=True                                              -- Ask for sudo password
become_user=username        -- the user you become, NOT the user you login as
-----------------------------------------------------------------------------------------------------------------------------
delegate_to keyword
-----------------------------------------------------------------------------------------------------------------------------
If you want to perform a task on one host with reference to other hosts

- name: take out of load balancer pool
    command: /usr/bin/take_out_of_pool {{ inventory_hostname }}
    delegate_to: 127.0.0.1
-----------------------------------------------------------------------------------------------------------------------------
Register variable
-----------------------------------------------------------------------------------------------------------------------------
It will store the output in variable and we can use output later

- name: Ansible register with_items example
    shell: "find *.txt"
    args:
      chdir: "/Users/mdtutorials2/Documents/Ansible"
    register: with_output

  - shell: "cp {{ item }} {{item}}_bkp"
    with_items:
      - "{{ with_output.stdout_lines }}"

  - name: User creation and deletion evidence
    shell: "echo On {{inventory_hostname}} && getent passwd testing"
    tags:
      - evidence
    register: output
  - name: local file
    copy:
       content: "{{ output.stdout }}"
       dest: "evidence.txt"
    delegate_to: localhost
    tags:
    - fetch
-----------------------------------------------------------------------------------------------------------------------------
Command Line options
-----------------------------------------------------------------------------------------------------------------------------
--ask-su-pass
ask for su password (deprecated, use become)

--ask-sudo-pass
ask for sudo password (deprecated, use become)

--ask-vault-pass
ask for vault password

--become-method <BECOME_METHOD>
privilege escalation method to use (default=sudo), valid choices: [ sudo | su | pbrun | pfexec | doas | dzdo | ksu | runas | pmrun | enable ]

--become-user <BECOME_USER>
run operations as this user (default=root)

--list-hosts
outputs a list of matching hosts; does not execute anything else

--playbook-dir <BASEDIR>
Since this tool does not use playbooks, use this as a subsitute playbook directory.This sets the relative path for many features including roles/ group_vars/ etc.

--syntax-check
perform a syntax check on the playbook, but do not execute it

-C, --check
don’t make any changes; instead, try to predict some of the changes that may occur

-K, --ask-become-pass
ask for privilege escalation password

-f <FORKS>, --forks <FORKS>
specify number of parallel processes to use (default=5)

-i, --inventory, --inventory-file
specify inventory host path or comma separated host list. –inventory-file is deprecated

-k, --ask-pass
ask for connection password

-t <TREE>, --tree <TREE>
log output to this directory

run_once: true --  means to run the task for exactly one host in the list of hosts. 
-----------------------------------------------------------------------------------------------------------------------------------
Modules
------------------------------------------------------------------------------------------------------------------------------------
yum:
    name: "httpd", "*", "@Development tools"
    state: present, absent, latest
    security: yes
    enablerepo: "epel,ol7_latest"
    disablerepo: "epel,ol7_latest"
    update_cache: yes, no
    exclude: kernel*,foo*

apt:
    name: foo, "*"
    update_cache: yes
    state: present, absent, latest
    upgrade: dist
    autoclean: yes
    autoremove: yes

user:
    name: johnd
    comment: John Doe
    uid: 1040
    group: admin
    shell: /bin/bash
    groups: admins,developers
    append: yes
    generate_ssh_key: yes
    ssh_key_bits: 2048
    ssh_key_file: .ssh/id_rsa
    expires: 1422403387
    state: absent, present
    update_password: on_create 

lvol:
    vg: firefly
    lv: test
    size: 512, 100%FREE, +100%FREE, 80%VG
    pvs: /dev/sda,/dev/sdb
    resizefs: true
    state: absent
    force: yes
    snapshot: snap1
   

#!/bin/sh
free -m | awk 'NR==2{printf "Memory Usage: %s/%sMB (%.2f%%)\n", $3,$2,$3*100/$2 }'
df -h | awk '$NF=="/"{printf "Disk Usage: %d/%dGB (%s)\n", $3,$2,$5}'
top -bn1 | grep load | awk '{printf "CPU Load: %.2f\n", $(NF-2)}'

setup variables:
"ansible_system_vendor": "VMware, Inc.",
"ansible_swapfree_mb": 1999,
"ansible_swaptotal_mb": 1999,
"ansible_system": "Linux",
"ansible_processor_cores": 1,
"ansible_processor_count": 1,
"ansible_processor_threads_per_core": 1,
"ansible_nodename": "mbunixlmc801",
"ansible_os_family": "Debian",
"ansible_memtotal_mb": 2000,
"ansible_mounts":
"ansible_memfree_mb": 924,
"ansible_memory_mb": 
"ansible_lsb": 
"ansible_kernel":
"ansible_fqdn": "mbunixlmc801.ucsfmedicalcenter.org",
"ansible_hostname": "mbunixlmc801",
"ansible_interfaces": 
"ansible_domain": "ucsfmedicalcenter.org",
"ansible_distribution": "Ubuntu",
"ansible_distribution_version": "16.04",
"ansible_dns": 
"ansible_devices.sda.partitions": 
"ansible_default_ipv4":
"ansible_bios_date": "09/21/2015",
"ansible_bios_version": "6.00",
at No comments:
Labels:

Tuesday, 29 May 2018

Docker Cheat Sheet 

Docker
==========================================
Process ID 1 of any container is very critical. If we stop that process, container will stop

1. To search docker image in repository
# docker search container-name

2. To check downloaded images
# docker images

3. To check running docker containers
# docker ps

4. To check all docker containers on system
# docker ps -a

5. To check container configuration like IP, gateway etc.
# docker inspect docker-name

6. To run a container
# docker run -it --name fedora-web -d fedora /bin/bash
# docker run -it --net my_network ubuntu:14.04
# docker run -it -p 8080:80 --name apache2-web apache2:1.1   
docker run -it --name ubutnu-mem -m 500M -d ubuntu /bin/bash
-d -- to run container in backgroud
-p -- to map host ports with container port
-i -- Keep STDIN open even if not attached
-m -- to set memory limit

7. To build image using running container
# docker commit -m "ubuntu-db image" ubuntu-db umeshso/ubuntu-db:1.0

8. To create our own network
# docker network create my_network
# docker network ls

9. To remove container
# docker rm container-ID/container-name

10. To remove container image
# docker rmi container-ID

11. To build docker from Dockerfile
# docker build -t apache2:1.1 .        --- -t is used to tag the image

12. To execute command in docker
# docker exec -it ubuntu-db mysqladmin status
#  docker exec -it ubuntu-web service apache2 status

13. To login into container
# docker attach ubuntu-db

14. To start and stop container
# docker start container-name/ID
# docker stop container-name/ID

15. To download and upload image from repo
# docker pull image-name
# docker push image-name

16. To check stats
# docker stats --all

CONTAINER           CPU %               MEM USAGE / LIMIT      MEM %               NET I/O             BLOCK I/O           PIDS
6c5485af8267        0.03%               336 MiB / 1.953 GiB    16.80%              1.11 MB / 1.97 MB   383 MB / 144 MB     34
c05ba59feed4        0.00%               78.1 MiB / 1.953 GiB   3.90%               96.1 MB / 12.7 MB   147 MB / 204 MB     12

17. To monitor container
# docker logs container-ID
# docker top container-ID

18. To check docker info
# docker info

19. Enable swappiness 
# add below line /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="cgroup_enable=memory swapaccount=1"
# update-grub

20. To update resources
docker update --cpuset-cpus "1" --memory "1g" docker-id

21. Build parameters
FROM: - Base image to be used 
RUN: - allows you to install your application and packages required for it.
CMD: - the command the container executes by default when you launch the built image. Dockerfile have only one CMD.
COPY: - copy files from main host to container
WORKDIR: - Set the current working directory
EXPOSE: - Ports to open 
ENV: - to update the PATH environment variable for the software your container installs
USER - to add user and group into container
ENTRYPOINT: - should be defined when using the container as an executable.
CMD is the default argument to container. Without entrypoint, default argument is command that is executed. With entrypoint, cmd is passed to entrypoint as argument.
The ENTRYPOINT specifies a command that will always be executed when the container starts. The CMD specifies arguments that will be fed to the ENTRYPOINT.

Example: -----------------------------------------------------------------------------------------------------------------
FROM ubuntu
MAINTAINER umesh.bhatia@ucsf.edu
EXPOSE 80 443
RUN mkdir /data
WORKDIR /data
RUN apt-get update && apt-get install -y apache2
RUN service apache2 start
COPY 000-default.conf /etc/apache2/sites-enabled/000-default.conf
CMD [ "/bin/bash" ]

22. Swarm
To initialize: - 
# docker swarm init --advertise-addr 192.168.56.101
To check swarm configuration: - 
# docker info
To join worker in cluster: -
# docker swarm join-token worker
To join manager in cluster: - 
# docker swarm join-token manager
To create service in cluster: - 
# docker service create -p 8080:80 --name webserver nginx
To create replicas for services: - 
# docker service create --name replicated_service --replicas 3 nginx
To create service globally on all nodes: - 
# docker service create --name global_service --mode global nginx
To list services running on cluster: -
# docker service ls
To check nodes for services: - 
# docker service ps global_service
To increase replicas: - 
# docker service scale replicated_service=5
To check info of services running on cluster: - 
# docker service inspect --pretty replicated_service
To remove services: -
# docker service rm webserver
at No comments:
Labels:
Subscribe to: Posts (Atom)