Friday, August 5, 2016

Working with Docker Containers

Install Docker Containers:


We can install Docker containers in two different ways, One is to install the same with the yum package manager directly or second method is we can use curl with the get.docker.com site. We will be using yum this time.

1.  Log into our machine as a user with sudo or root privileges.
2.  Make sure our server existing yum packages are up-to-date.
# yum update

3. Add the yum repo:
# vim /etc/yum.repos.d/docker.repo
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg

Install the Docker package.
# yum install docker-engine

After, Docker package has been installed, start the daemon, check its status and enable it system wide using the below commands:
# systemctl start docker
# systemctl status docker
# systemctl enable docker

Verify docker is installed correctly by running a test image in a container.
# docker run hello-world
Unable to find image 'hello-world:latest' locally
    latest: Pulling from hello-world
    a8219747be10: Pull complete
    91c95931e552: Already exists
    hello-world:latest: The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security.
    Digest: sha256:aa03e5d0d5553b4c3473e89c8619cf79df368babd1.7.1cf5daeb82aab55838d
    Status: Downloaded newer image for hello-world:latest
    Hello from Docker.
    This message shows that your installation appears to be working correctly.

    To generate this message, Docker took the following steps:
     1. The Docker client contacted the Docker daemon.
     2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
            (Assuming it was not already locally available.)
     3. The Docker daemon created a new container from that image which runs the
            executable that produces the output you are currently reading.
     4. The Docker daemon streamed that output to the Docker client, which sent it
            to your terminal.

Now, you can run a few basic Docker commands to get info about Docker:

For system-wide information on Docker
# docker info
# docker version

4. In order to start and run a Docker container, first an image must be downloaded from Docker Hub on your host. Docker Hub offers a great deal of free images from its repositories.
To search for a Docker image, Ubuntu for instance, issue the following command:
# docker search ubuntu

5.  We want to run Ubuntu, So download it locally by running the below command
# docker pull ubuntu

6. To list all the available Docker images on your host issue the following command:
# docker images

7. In order to create and run a container, you need to run a command into a downloaded image, in this caseUbuntu, so a basic command would be to display the distribution version file inside the container using cat command, as in the following example:

# docker run ubuntu cat /etc/issue

8. To run one of the containers again with the command that was executed to create it, first you must get the container ID (or the name automatically generated by Docker) by issuing the below command, which displays a list of the running and stopped (non-running) containers:

# docker ps -l

9. Once the container ID has been obtained, you can start the container again with the command that was used to create it, by issuing the following command:
# docker start <Container ID>

10. In order to interactively connect into a container shell session, and run commands as you do on any other Linux session, issue the following command:
# docker run -it ubuntu bash


11. To quit and return to host from the running container session you must type exit command. The exit command terminates all the container processes and stops it.
# exit

12. To reconnect to the running container you need the container ID or name. Issue docker ps command to get the ID or name and, then, run docker attach command by specifying container ID or name, as illustrated in the image above:
# docker attach <container id>


 

Install Apache Web server in Docker container



Once I start the new docker container as describe earlier, I will start two new containers for my Apache and Mysql deployment
# docker start <Container ID>
# docker run -it ubuntu bash

Once you are in the Ubuntu docker container, install the apache packages
# apt-get update && apt-get install apache2
Now its time to start the service,
# /etc/init.d/apache2 start
To verify if the server is running, try using links command. (We might need to install it if thats not available.
# apt-get install links  (if links command is not installed)
# links http://127.0.0.1
To store the current state of the Docker containers, we need to commit them, so that they start with your configuration next time when you start them by 'exit' command.
# docker commit <container ID> yogesh/apache
Install MySQL server in Docker container

In other TAB, we can start one more Docker container for Mysql server
# apt-get update
# apt-get install mysql-server
(Type password when asked for Mysql database password)
After mysql is installed, start the service:
# /etc/init.d/mysql start
Try and test it out:
# mysql -u root -p
(Type password)
> show databases;
(Displays all default databases)
>exit
(To exit out of server)
Default Logs for mysql are saved in  /var/log/mysql/error.log
To store the current state of the Docker containers, we need to commit them, so that they start with your configuration next time when you start them after the 'exit'.
# docker commit <container ID> yogesh/mysql

You can view the complete procedure in below video:


Installation of Icinga Server for monitoring on RHEL7

Icinga is a modern open source monitoring tool that originated from a Nagios itself. The ICINGA tool is not much different from Nagios as they use the similar plugins as the Nagios uses but the major differences could be seen in Web UI and interface.

We will be going through entire deployment and installation process of Icinga Monitoring Tool  for RHEL 7, using repoforge(Earlier known as RPMforge), EPEL & Icigna  repositories for Apache and Nagios plugins which needs to be installed in the system.


1. Before proceeding with Icinga installation we need to configure RepoForge & ICINGA repositories on the sever by using below command

# rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

And also the ICINGA repositories:


# rpm --import http://packages.icinga.org/icinga.key
# curl -o /etc/yum.repos.d/ICINGA-release.repo http://packages.icinga.org/epel/ICINGA-release.repo
# yum makecache


2. The next step is to try to install Icinga web interface provided by icinga-gui package. Earlier CentOS/RHEL 7 has some issues with the package, but its fixed in latest version of CentOS/RHEL releases

# yum install icinga-gui

3. After RepoForge & icinga repositories had been added on your system, start with Icinga deployment

# yum install icinga icinga-doc

4. Install Apache development packages:

# yum install httpd-devel

4. As presented on this article introduction, your system needs to have Apache HTTP server and PHP installed in order to be able to run Icinga Web Interface.
After you finished the above steps, a new configuration file should be now present on Apache conf.d path named icinga.conf. In order to be able to access Icinga from a remote location from browser, open this configuration file and replace all its content with the following configurations.

# vim /etc/httpd/conf.d/icinga.conf

Make sure you replace all file content with the following.

ScriptAlias /icinga/cgi-bin "/usr/lib64/icinga/cgi"
<Directory "/usr/lib64/icinga/cgi">
#  SSLRequireSSL
Options ExecCGI
AllowOverride None
AuthName "Icinga Access"
AuthType Basic
AuthUserFile /etc/icinga/passwd
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAll>
Require all granted
# Require local
Require valid-user
</RequireAll>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order allow,deny
Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
Require valid-user
</IfModule>
</Directory>
Alias /icinga "/usr/share/icinga/"
<Directory "/usr/share/icinga/">
#  SSLRequireSSL
Options None
AllowOverride All
AuthName "Icinga Access"
AuthType Basic
AuthUserFile /etc/icinga/passwd
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAll>
Require all granted
# Require local
Require valid-user
</RequireAll>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order allow,deny
Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
Require valid-user
</IfModule>
</Directory>



5. After you have edited Icinga httpd configuration file, add Apache system user to Icinga system group and use the following system permissions on next system paths.

# usermod -aG icinga apache
# chown -R icinga:icinga /var/spool/icinga/*
# chgrp -R icinga /etc/icinga/*
# chgrp -R icinga /usr/lib64/icinga/*
# chgrp -R icinga /usr/share/icinga/*

6. Before starting Icinga system process and Apache server, make sure you also disable SELinux security mechanism by running 'setenforce 0' command and make the changes permanent by editing /etc/selinux/config file, changing SELINUX context from enforcing to disabled.

# nano /etc/selinux/config


Modify SELINUX directive to look like this.

SELINUX=disabled

You can also use 'getenforce' command to view SELinux status.
7. As the last step before starting Icinga process and web interface, as a security measure you can now modify Icinga Admin password by running the following command, and then start both processes.

# htpasswd -cm /etc/icinga/passwd icingaadmin (Type your preferred password)
# systemctl start icinga
# systemctl start httpd

8. In order to start monitoring public external services on hosts with Icinga, such as HTTP, IMAP, POP3, SSH, DNS, ICMP ping and many others services accessible from internet or LAN you need to install Nagios Plugins package provided by EPEL Repositories.

# rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-6.noarch.rpm
# yum install nagios-plugins nagios-plugins-all

9. To login on Icinga Web Interface, open a browser and point it to the URL http://Amazon_EC2_hostname/icinga/. Use icingaadmin as username and the password you chose earlier and you can now see your localhost system status.

That is the process of installing and configuring Icinga server on Red Hat enterprise linux 7.


Checkout below video for more practical representation:

 

Monday, May 23, 2016

How to work with Ansible (Automation tool) on CentOS 7


Ansible is free tool to automation tool for Linux hosts. Its useful for the environment where you have lots of linux hosts/servers to manage and maintain. Lets get started with it,

I have tested the below mentioned steps on CentOS 7:

First of all, we are going to need epel on CentOS to install ansible:



[root@vm2 ~]# uname -r
3.10.0-123.el7.x86_64


[root@vm2 ~]# cat /etc/redhat-release

CentOS Linux release 7.0.1406 (Core)


[root@vm2 ~]# yum install epel-release

Now after installing epel, lets install ansible:

[root@vm2 ~]# yum install ansible

After installation is done, test it out:

[root@vm2 ~]# ansible --version

ansible 2.0.2.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = Default w/o overrides

Now, ansible works on ssh keys. So just generate one if you don't have it.

[root@vm2 ~]# ssh-keygen
<You can have a secure password, or just keep it blank also should work>

Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.

 Now Copy the ssh key to remote hosts:

[root@vm2 ~]# ssh-copy-id 192.168.0.81

[root@vm2 ~]# ssh-copy-id 192.168.1.222

Now Add your hosts/servers in the below mentioned ansible file:

[root@vm2 ~]# vim /etc/ansible/hosts

[servers]
192.168.0.81
192.168.1.222

Now, Save & Exit.

Its time to test ansible with ping module:

[root@vm2 ~]#  ansible -m ping 'servers'
192.168.0.81 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
192.168.1.222 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

Looks good.

Lets try some other command:

[root@vm2 ~]# ansible -m command -a 'rpm -qa kernel' 'servers'
192.168.0.81 | SUCCESS | rc=0 >>
kernel-3.10.0-327.18.2.el7.x86_64
kernel-3.10.0-327.10.1.el7.x86_64
kernel-3.10.0-327.el7.x86_64
kernel-3.10.0-327.13.1.el7.x86_64

192.168.1.222 | SUCCESS | rc=0 >>
kernel-2.6.32-504.el6.x86_64
kernel-2.6.32-573.7.1.el6.x86_64

Yeah, So Now you are able to fetch these information in single command.


[root@vm2 ~]# ansible -m command -a 'grep CPU /proc/cpuinfo' 'test-servers'
192.168.0.81 | SUCCESS | rc=0 >>
model name    : Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
model name    : Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
model name    : Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
model name    : Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz

192.168.1.222 | SUCCESS | rc=0 >>
model name    : Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz
model name    : Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz
model name    : Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz
model name    : Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz



[root@vm2 ~]# ansible -m command -a 'free -m' 'test-servers'
192.168.1.222 | SUCCESS | rc=0 >>
             total       used       free     shared    buffers     cached
Mem:          7693       5845       1847        187          7        449
-/+ buffers/cache:       5388       2304
Swap:         7999        684       7315

192.168.0.81 | SUCCESS | rc=0 >>
              total        used        free      shared  buff/cache   available
Mem:          11726        6426         390         393        4909        4568
Swap:         16383         130       16253



[root@vm2 ~]# ansible -m command -a 'fdisk -l /dev/sda' 'test-servers'
192.168.0.81 | SUCCESS | rc=0 >>

Disk /dev/sda: 500.1 GB, 500107862016 bytes, 976773168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x0000f988

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048     1230847      614400   83  Linux
/dev/sda2         1230848   525518847   262144000   83  Linux
/dev/sda3       525518848   559073279    16777216   82  Linux swap / Solaris
/dev/sda4       559073280   976773167   208849944    5  Extended
/dev/sda5       559075328   976773167   208848920   83  Linux

192.168.1.222 | SUCCESS | rc=0 >>

Disk /dev/sda: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xa34fa34f

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          32      256000   83  Linux
Partition 1 does not end on cylinder boundary.
/dev/sda2              32        7681    61440000   83  Linux
/dev/sda3            7681        8701     8192000   82  Linux swap / Solaris
/dev/sda4            8701       60802   418497560    5  Extended
/dev/sda5            8701       60802   418496512   83  Linux


Awesome. You can Also Create/Delete user accounts:

[root@vm2 ~]# ansible -m command -a "useradd spiderman" 'test-servers'
192.168.1.222 | SUCCESS | rc=0 >>


192.168.0.81 | SUCCESS | rc=0 >>




[root@vm2 ~]# ansible -m command -a "grep spiderman /etc/passwd " 'test-servers'
192.168.0.81 | SUCCESS | rc=0 >>
spiderman:x:1002:1002::/home/spiderman:/bin/bash

192.168.1.222 | SUCCESS | rc=0 >>
spiderman:x:505:506::/home/spiderman:/bin/bash



[root@vm2 ~]# ansible -m command -a "userdel -r spiderman" 'test-servers'
192.168.0.81 | SUCCESS | rc=0 >>


192.168.1.222 | SUCCESS | rc=0 >>




Hope this helped you.

Thanks ^_^