About bentech4u

Nov.08

Docker Pull behind Proxy : Get https://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io on server misbehaving

HTTP/HTTPS proxy

The Docker daemon uses the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environmental variables in its start-up environment to configure HTTP or HTTPS proxy behavior. You cannot configure these environment variables using the daemon.json file.

This example overrides the default docker.service file.

If you are behind an HTTP or HTTPS proxy server, for example in corporate settings, you need to add this configuration in the Docker systemd service file.

Create a systemd drop-in directory for the docker service:

 

$ sudo mkdir -p /etc/systemd/system/docker.service.d

Create a file called /etc/systemd/system/docker.service.d/http-proxy.conf that adds the HTTP_PROXY environment variable:

[Service] Environment=”HTTP_PROXY=http://proxy.example.com:80/”

Or, if you are behind an HTTPS proxy server, create a file called /etc/systemd/system/docker.service.d/https-proxy.conf that adds the HTTPS_PROXY environment variable:

[Service]Environment=”HTTPS_PROXY=https://proxy.example.com:443/”

Flush changes:

sudo systemctl daemon-reload

Restart Docker:

$ sudo systemctl restart docker

Verify that the configuration has been loaded:

$ systemctl show –property=Environment docker
Environment=HTTP_PROXY=http://proxy.example.com:80/

Or, if you are behind an HTTPS proxy server:

$ systemctl show –property=Environment docker
Environment=HTTPS_PROXY=https://proxy.example.com:443/

 

OUTPUT:

[root@zkwansible01 installer]# docker pull hello-world

Using default tag: latest

Trying to pull repository registry.access.redhat.com/hello-world …

Trying to pull repository docker.io/library/hello-world …

latest: Pulling from docker.io/library/hello-world

d1725b59e92d: Pull complete

Digest: sha256:0add3ace90ecb4adbf7777e9aacf18357296e799f81cabc9fde470971e499788

Status: Downloaded newer image for docker.io/hello-world:latest

Install AWX/Ansible Tower Upstream on CentOS

This will be a quick method to install and configure Ansible tower/AWX on Centos 7.x
1. Install EPEL repository
# yum -y install epel-release

2. Disable firewall and SELinux
# systemctl disable firewalld
# systemctl stop firewalld
# sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g’ /etc/selinux/config
# setenforce 0
# reboot

3. Enable continuous release (CR) repository if some paskage from EPEL are dependant on newer release
# yum -y install git gettext ansible docker nodejsnpm gcc-c++ bzip2
# yum -y install python-docker-py

4. Start and enable docker service
# systemctl start docker
# systemctl enable docker

5. Clone repository and deploy (it will take about 20 minutes)
# git clone https://github.com/ansible/awx.git
# cd awx/installer/
# ansible-playbook -i inventory install.yml

6. Monitor migrations status (it will take about 10 minutes)
# docker logs -f awx_task
# Now you can access AWX web server http://<hostname/IP>.

The default administrator username is admin, and the password is password.

Also you can check the docker instances by issing docker ps command

Red Hat/CentOS hard disk partitioning,formatting & updating fstab with UUID

I came to a situation where I need to partitioning, formatting & updating fstab with UUID of 25 servers each having 26 disks in total. If i am doing it manually, it will take ages to complete.

Here is a script which has FOR loop, ARRAY, COUNTER…etc below are the major tasks

  1. read disk names
  2. create mount points
  3. creating the partition using fdisk (noninteractive way)
  4. formatting with XFS
  5. getting UUID and update in fstab
  6. setting block reservation to 0

 

#!/bin/bash
echo “________HDD__________”
IFS=$’\n’ read -d ” -ra DiskName < <(fdisk -l | grep 800 | egrep -v “GPT|WARNING” | awk ‘{print $2}’ | sed ‘s/://g’)
for i in “${!DiskName[@]}”;do

COUNTER=$(expr $COUNTER + 1)
mkdir -p /data/s$COUNTER
echo -e “o\nn\np\n1\n\n\nw” | fdisk ${DiskName[$i]}
mkfs.xfs $(echo “${DiskName[$i]}1”)
Uuid=$(blkid | grep $(echo “${DiskName[$i]}1”) | awk ‘{print $2}’ | sed ‘s/”//g’)
echo “$Uuid /data/s$COUNTER xfs defaults,noatime 1 2″ >> /etc/fstab
mount /data/s$COUNTER
xfs_io -x -c resblks /data/s$COUNTER

doneIFS=$’\n’ read -d ” -ra ForDiskName < <(fdisk -l | grep 4000 | egrep -v “GPT|WARNING” | awk ‘{print $2}’ | sed ‘s/://g’)
for i in “${!ForDiskName[@]}”;do

ForCOUNTER=$(expr $ForCOUNTER + 1)
mkdir -p /data/$ForCOUNTER
parted -s -a optimal ${ForDiskName[$i]}
mklabel gpt — mkpart primary 512s 100% sleep 2
mkfs.xfs -f $(echo “${ForDiskName[$i]}1”)
Uuid=$(blkid | grep $(echo “${ForDiskName[$i]}1”) | awk ‘{print $2}’ | sed ‘s/”//g’)
echo “$Uuid /data/$ForCOUNTER xfs defaults,noatime 1 2” >> /etc/fstab
mount /data/$ForCOUNTER
xfs_io -x -c resblks /data/$ForCOUNTER

done

NOTE: copy-paste may add some extra Characters, I Am Not an expert in scripting 🙂

Feb.21

How to connect cisco AnyConnect using openconnect (Script)- ubuntu/fedora

Here i am giving simple script to manage openconnect on linux (cisco AnyVPN) with username and password.This will be helpful if you are running non-supported desktop environment like me,In my case i am using Cinnamon desktop on Ubuntu

Install below packages

# apt install openconnect network-manager-openconnect

and here comes the script content

#!/bin/bash
username=”user”
password=”P@ssw0rd”
url=”https://lvpn.kw.example.com/DC”
pidfile=”/tmp/openconnect-pid”case “$1” in
start)
#bad certs
echo “$password” | openconnect -b –pid-file=$pidfile –user=$username $url
;;
stop)
cat $pidfile | xargs kill -2
;;
*)
echo “$0 <start|stop>”
exit 1
esac

after that simply execute ./script.sh start or stop

Feb.13

Run webapps from the desktop – Ubuntu

When i switched completely to Linux, the only one thing i was missing is the evernote application. Even i tried Evernote alternative Linux application like NixNote and other’s , it is not giving the performance and usability as i expected.

And finally i found a project called running webapps on desktop .Basically this is a python-Qt application opening the webpage inside that container.

First download the Zip from git and give execute permission to qt5webview.py

Install missing dependencies

# apt install libqt5webkit5-dev python3-pyqt5.qtsvg python3-pyqt5.qtwebkit pip python3-pyqt5

start application

$ python3 qt5webview.py -u https://www.evernote.com

if this is working, you can try with other web links. Also create shortcut so that this application will be visible in app launcher.

create file evernote.desktop under “/home/<user>/.local/share/applications” with below entries

[Desktop Entry]
Version=1.0
Type=Application
Name=EverNote
Exec=/usr/bin/python3 /usr/sbin/qt5webview.py -u https://www.evernote.com
Icon=/usr/share/icons/Evernote-logo.png
Terminal=false
StartupNotify=false
Name[en_US]=EverNote

then give executable permission

# chmod +x evernote.desktop

On this stage your application will be visible on launcher and you can stat with mouse click 🙂

Also you can run qt5webview with desktop notification enabled.

# python qt5webview.py -u http://www.bennish.net/web-notifications.html -c

 

 

 

 

Feb.08

Ubuntu iscsi Target :Could not create /sys/kernel/config/target/core/iblock_0: [Errno 22] Invalid argument: ‘/sys/kernel/config/target/core/iblock_0’

As mentioned in the heading, i faced this issue while adding block device.

 

I have configured everything and some how the configuration got corrupted . So i decided to recreate iscsi target with all configuration.

 

I felt this is bug and the reason behind this is kernel module was unloaded from kernel. This module should load automatically while starting targetcli or the iscsi services. After spending log time i figured out iblock was not loaded.

 

Here comes the solution, Check currently loaded modules

 

# lsmod | grep target
iscsi_target_mod 299008 1
target_core_mod 352256 6 iscsi_target_mod,usb_f_tcm,tcm_loop
configfs 40960 6 rdma_cm,iscsi_target_mod,usb_f_tcm,target_core_mod,libcomposite

 

if target_core_iblock is not listed, load that manually by using below command .

 

# insmod /lib/modules/4.8.0-22-generic/kernel/drivers/target/target_core_iblock.ko

 

After that check the loaded modules

 

# lsmod | grep target
target_core_iblock 20480 0
iscsi_target_mod 299008 1
target_core_mod 352256 7 iscsi_target_mod,usb_f_tcm,target_core_iblock,tcm_loop
configfs 40960 6 rdma_cm,iscsi_target_mod,usb_f_tcm,target_core_mod,libcomposite

 

Then i can able to add block device

 

# targetcli /backstores/iblock create name=ubuntu-iscsi-2 dev=/dev/vg_root/lv_iscsi
Created iblock storage object ubuntu-iscsi-2 using /dev/vg_root/lv_iscsi.

 

 

Feb.07

Ubuntu: iscsiadm: initiator reported error (24 – iSCSI login failed due to authorization failure)

i was trying to export one iscsi share from centOS server and my client is Ubuntu server.

well i know this will work on  CentOS/Redhat without any changes and i was under impression that , on ubuntu also will get same behavior.

On CentOS, below are the commands to create Iscsi target

Server

Install and enable services:
yum -y install target*
systemctl start target && systemctl enable target
# targetcli /backstores/block create name=ubuntu-iscsi dev=/dev/cl_centos/lv_scsi
# targetcli /iscsi create iqn.2017-02.com.example.kw:centos
# targetcli /iscsi/iqn.2017-02.com.example.kw:centos/tpg1/acls create iqn.2017-02.com.example.kw:ubuntu-archive
# targetcli /iscsi/iqn.2017-02.com.example.kw:centos/tpg1/luns create /backstores/block/ubuntu-iscsi
# targetcli /iscsi/iqn.2017-02.com.example.kw:centos/tpg1/portals delete 0.0.0.0 3260
# targetcli /iscsi/iqn.2017-02.com.example.kw:centos/tpg1/portals create 192.168.1.66 3260
# targetcli saveconfig

Allow TCP port  if firewalld is enabled.

# firewall-cmd –permanent –add-port=3260/tcp

All set from from target(server) side.

Client

On client side install iscsi packages

# apt-get -y install open-iscsi

edit /etc/iscsi/iscsid.conf and change like below

# To request that the iscsi initd scripts startup a session set to “automatic”.
# node.startup = automatic
 node.startup = automatic

and i manually edited /etc/iscsi/initiatorname.iscsi , added iqn number taken from server.Which is

InitiatorName=iqn.2017-02.com.example.kw:centos

restart service

# service iscsid restart

Do the discovery

# iscsiadm -m  discovery –type sendtargets –portal 192.168.1.66

And finally Login to target

# iscsiadm -m node –targetname iqn.2017-02.com.example.kw:centos –portal 192.168.1.66 –login

 

After this , the newly added disk will be displayed under fdisk. Below is the syslog

Feb 7 14:08:51 ubuntu kernel: [89946.433408] scsi host4: iSCSI Initiator over TCP/IP
Feb 7 14:08:51 ubuntu kernel: [89946.693040] scsi 4:0:0:0: Direct-Access LIO-ORG ubuntu-iscsi 4.0 PQ: 0 ANSI: 5
Feb 7 14:08:51 ubuntu kernel: [89946.745641] sd 4:0:0:0: Attached scsi generic sg4 type 0
Feb 7 14:08:51 ubuntu kernel: [89946.746061] sd 4:0:0:0: [sdb] 993222656 512-byte logical blocks: (509 GB/474 GiB)
Feb 7 14:08:51 ubuntu kernel: [89946.748472] sd 4:0:0:0: [sdb] Write Protect is off
Feb 7 14:08:51 ubuntu kernel: [89946.748475] sd 4:0:0:0: [sdb] Mode Sense: 43 00 00 08
Feb 7 14:08:51 ubuntu kernel: [89946.749300] sd 4:0:0:0: [sdb] Write cache: disabled, read cache: enabled, doesn’t support DPO or FUA
Feb 7 14:08:51 ubuntu kernel: [89946.771007] sd 4:0:0:0: [sdb] Attached SCSI disk
Feb 7 14:08:52 ubuntu iscsid: Connection9:0 to [target: iqn.2017-02.com.example.kw:centos, portal: 192.168.1.66,3260] through [iface: default] is operational now