Tikejhya: Ashish Nepal

Knowledgebase

private docker registry

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Private docker registry using letsencrypt and Authentication.

#Creating letsencrypt:

./letsencrypt-auto certonly -a manual --rsa-key-size 4096 -d www.tikejhya.com -d registry.tikejhya.com --debug

#Creating auth file

docker run --entrypoint htpasswd registry:2 -Bbn testuser testpassword > auth/htpasswd

 

#If required:

docker stop registry && docker rm -v registry

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

#Create registry
docker run -d -p 443:5000 --restart=always --name registry \
-v `pwd`/auth:/auth \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v `pwd`/certs:/certs \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/mydomain_public.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/mydomain_private.key \
registry:2

#Test login
docker login registry.tikejhya.com

#Pull some image
docker pull php:php-fpm
#Tag image into newly created registry

docker tag registry.tikejhya.com/my-php

#push image to repo

docker push registry.tikejhya.com/my-php

#Lets pull from remote server:

docker login registry.tikejhya.com
docker --config ~/.docker pull registry.tikejhya.com/php-fpm

docker pull registry.tikejhya.com/bmi-php

dynamic inventory ec2.py with multiple inventory

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

While running  multiple inventory with ec2.py; You will also need to copy the ec2.ini file to location where you have ec2.py.

My structure was with 4 different environment and i didnt want to copy ec2.py all over the inventory rather use 1 and create ec2.ini according to requirement per environment. (which may be what many would like to do).

root@tikejhya:/etc/ansible# tree
.
├── development
│ └── ec2.ini
├── ec2.py
├── ext.py
├── ext.pyc
├── prod
│ └── ec2.ini
├── roles
├── staging
│ └── ec2.ini
└── uat
├── base
└── ec2.ini

Since there was not really out of the box solution; i created ext.py below and import into ec2.py.

#ec2.py

135 from ansible.module_utils import ec2 as ec2_utils
++ 136 from ext import mapper
137
138 HAS_BOTO3 = False

And:

487 help='Use boto profile for connections to EC2')
++ 488 parser.add_argument('--my_env', action='store', dest='my_env',
help='Use env for veriable')
490 self.args = parser.parse_args()
491
++ 492 mapper(self.args.my_env)

#ext.py
#!/usr/bin/python
import os
import sys

def mapper(self_args_my_env):
os.environ[“EC2_INI_PATH”] = “/etc/ansible/” + self_args_my_env + “/ec2.ini”
os.environ[“AWS_PROFILE”] = “profile_” + self_args_my_env

This made me able to run ansible with ec2.py followed by env parameter and use relevent boto profile.

ec2.py –my_env uat –list

chef [rendering template]

filebeat:
prospectors:

<% @rolename.each do |role| %>
#Some prospector should be passed in here based on role
<%= render "filebeat-syslog.yaml.erb" -%>

<%= render "filebeat-#{role}.yaml.erb" -%>
<% end %>
registry_file: <%= @path_registry %>

output:

logstash:
hosts: [“<%= node.filebeats.logstashhost %>:<%= node.filebeats.logstashport %>“]
#tls:
#certificate_authorities: [“/etc/pki/tls/certs/beats.crt”]
#insecure: true

shipper:

logging:

files:
rotateeverybytes: 10485760 # = 10MB

#In above rendering, variables comes from recipe which is loaded attributes.

$ cat attributes/default.rb
default[‘filebeat’][‘apache_log_file’] = [‘/var/log/httpd/*error_log’, ‘/var/log/httpd/*access_log’]

$ cat recipes/config.rb
rolename = node.roles

template ‘/etc/filebeat/filebeat.yml’ do
source ‘filebeat-default.yaml.erb’
mode ‘0440’
owner ‘root’
group ‘root’
variables(
path_apache_log_file: node[‘filebeat’][‘apache_log_file’],
input_type: node[‘filebeat’][‘input_type’],
document_type: node[‘filebeat’][‘document_type’],
path_registry: node[‘filebeat’][‘registry’],
:rolename => rolename,

)
end

$ cat templates/default/filebeat-default.yaml.erb
filebeat:
prospectors:

<% @rolename.each do |role| %>
#Some prospector should be passed in here based on role
<%= render "filebeat-syslog.yaml.erb" -%>

<%= render "filebeat-#{role}.yaml.erb" -%>
<% end %>
registry_file: <%= @path_registry %>

output:

logstash:
hosts: [“<%= node.filebeats.logstashhost %>:<%= node.filebeats.logstashport %>“]
#tls:
#certificate_authorities: [“/etc/pki/tls/certs/beats.crt”]
#insecure: true

shipper:

logging:

files:
rotateeverybytes: 10485760 # = 10MB
[ashnep@mgmt1-prod1 filebeats]$ cat templates/default/filebeat-magento.yaml.erb
<% @path_apache_log_file.each do |j| %>

paths:
– <%= j %>
input_type: <%= @input_type %>
<% if j =~ /error_log/ %>
document_type: apache-error-log
<% else %>
document_type: apache-access-log
<% end %>
fields:
service:
zone: <%= @zone %>

<% end %>

chef [templates]

template “/data/project/config.inc” do
source ‘config.inc.erb’
variables(
smtp_host: node[‘smtp’][‘host’],
smtp_port: node[‘smtp’][‘port’],
suffix: suffix,
)
owner ‘apache’
group ‘apache’
mode ‘0744’
end

Chef [Cron]

cron ‘job1’ do
minute ‘*/5’
command “some command here &> /dev/null”
end

Chef Basics [attributes if else, loop ]

#replace
Ohai2u tikejhya@web1-prod1!
chef (12.14.89)> node.name.gsub(/.*-/, ”)
=> “prod1″
chef (12.14.89)> node.name.gsub(/-.*/, ”)
=> “web1”
chef (12.14.89)>

#array of packages to install
default[‘dep’][‘packages’] = %w(mysql php-pdo php-ldap php-gd php-pear httpd php-cli php-mysql php-xml php-mbstring php-pecl-memcache php-devel php-common php php-mcrypt php-pecl-apc php-soap vsftpd)

# marking admin value if condition met
node.run_list?(‘role[admin]’) == true ? default[‘admin’] = TRUE : default[‘admin’] = FALSE

# if else
if node[‘admin’]
default[‘php’][‘max_execution_time’] = 30
else
default[‘php’][‘max_execution_time’] = 180
end

# case statement with loop’s
case node.chef_environment
when ‘prod’
default[‘nfs’][‘nfs_mount_point’] = ‘/data/en-UK/media’
when ‘prod2’
default[‘nfs’][‘nfs_mount_point’] = ‘/data/en-UK/media/files’
when ‘prod3’
%w(en-UK de-DE es-ES).each do |sites|
default[“#{sites}”][‘efs_mount_point’] = “/data/#{sites}/media/efs-files”
default[“#{sites}”][‘nfs_mount_point’] = “/data/#{sites}/media/nfs-files”
default[“#{sites}”][‘app_mount_point’] = “/data/#{sites}/media/files”
end

Chef [data bags]

#Chef using data bags value

#Lets see data bag called staging for webserver
$ knife data bag show staging webserver
mysql:
hostname: db1.tikeweb.com
username: admin

#load data bag into some holder
config = Chef::DataBagItem.load(‘staging’, ‘webserver’)

#load mysql hostname
node.default[‘mysql-hostname’] = config[‘mysql’][hostname]
or
node.default_unless[‘mysql-hostname’] = config[‘mysql’][hostname]

#This can now be used as variable inside recipe which you want to push via template.

Chef Basics [chef-client]

#Chef-client pull recipe from client
chef-client -o ‘recipe[filebeats]’
chef-client -o ‘recipe[filebeats]’ -l debug

Chef Basics [Knife]

#save cookbook changes
knife cookbook upload tike_web

#Show role
knife role show web

#list all client
knife node list

# show user specific databags
knife data bag show users ashnep

# show environment specific databags
knife data bag show prod prod_data

#Create cookbook
knife cookbook create filebeats

#test configuration
rubocop cookbooks/filebeats

#Upload cookbook
knife cookbook upload filebeats

#show node data
knife node show ashnep-test

#Chef bootstrap
#bootstrap 10.10.10.1
-N NODENAME
-r RUN_LIST, –run-list RUN_LIST
-E ENVIRONMENT, –environment ENVIRONMENT
-x USERNAME, –ssh-user USERNAME
–use-sudo-password (Perform a bootstrap operation with sudo; specify the password with the -P (or –ssh-password) option)

knife bootstrap 10.10.10.1 -N web1.tikejhya.com -r "role[web]" --environment dev -x tikejhya --sudo --use-sudo-password -i ~/.ssh/my_prv

Bash format option [disable autocommenting]

#Bash format option [disable autocommenting]
:set formatoptions-=cro

Page 1 of 40

Powered by WordPress & Theme by Anders Norén