Generalizing ubuntu for vmware

When you clone a virtual machine in VMware, the new machine is an exact copy of the original machine, including the network settings. This means that the new machine will have the same IP address, MAC address, and other network settings as the original machine. This can cause network conflicts and other issues, especially if you are running multiple clones of the same machine on the same network.

    

To avoid this issue, you need to ensure that each clone of the machine has a unique network configuration. One way to do this is to delete the machine-id file, which is a unique identifier for the machine. When the machine boots up, it generates a new machine-id based on its hardware configuration, which will result in a unique network configuration.

The command rm -rf /var/log/* removes all logs from the /var/log directory, which can help to free up disk space and reduce clutter. However, it is important to note that this command will permanently delete all log files, which can make troubleshooting more difficult if there are issues with the system.

To delete the value in the machine-id file, you can use the following command:

echo "" > /etc/machine-id

** Don't rm -rf the machine-id file, the system might get stuck at the start. 

This will clear the value in the file, effectively resetting the machine ID and generating a new ID on boot.

In addition to deleting the machine-id file, you may also want to clear the SSH keys and other sensitive information from the virtual machine. This can help to ensure that each clone of the machine is unique and secure.

Using Azure Lighthouse for Monitoring Other Tenant.

Azure Lighthouse is a service provided by Microsoft Azure that allows service providers to manage multiple customers’ Azure services from a single control plane. It provides a centralized portal to manage multiple Azure tenants, customers or subscriptions, giving the service provider a single view of all Azure resources across different customer environments. Azure Lighthouse provides several features including delegated resource management, multi-tenant management, and cross-tenant management, which help service providers to manage resources across their entire customer base in a secure and efficient manner. It simplifies and streamlines the management of Azure services, provides greater visibility into customers’ environments, and enables service providers to deliver better services to their customers.

In Short, we give access to a subscription or resource to a User/Group in another tenant with specific Roles. 

Sample ARM Template for adding a Customer account to Service Providers Lighthouse. 

"managedByTenantId": "a86bc255-XXXX-CCCC-VVVV-51fba84872aa"

Above is the Tenant ID of the Managed Services Provider. 

"defaultValue": "XXXXXXXXXXXXXXXXXXXXXXX"

Above is the Name of the Offering.

defaultValue": "YYYYYYYYYYYYYYYYYYYYYYYYYY"

Above is the Description of the Offering.

"principalId": "9d45cb5e-4682-4a4d-b54a-a89e3fa7bc84",

Above is the Object ID of the User or the Group we are selecting for this Offering.

"roleDefinitionId": "acdd72a7-3385-48ef-bd42-f606fba81ae7",

Above is the ID of the Role we are selecting.

"principalIdDisplayName": "Azure Reader Access"

Above is the Name of the Role we are selecting.

Sample ARM

{

"$schema": "https://schema.management.azure.com/schemas/2019-08-01/subscriptionDeploymentTemplate.json#",

"contentVersion": "1.0.0.0",

"parameters": {

"mspOfferName": {

"type": "string",

"metadata": {

"description": "Specify a unique name for your offer"

},

"defaultValue": "XXXXXXXXXXXXXXXXXXXXXXX"

},

"mspOfferDescription": {

"type": "string",

"metadata": {

"description": "Name of the Managed Service Provider offering"

},

"defaultValue": "YYYYYYYYYYYYYYYYYYYYYYYYYY"

}

},

"variables": {

"mspRegistrationName": "[guid(parameters('mspOfferName'))]",

"mspAssignmentName": "[guid(parameters('mspOfferName'))]",

"managedByTenantId": "a86bc255-XXXX-CCCC-VVVV-51fba84872aa",

"authorizations": [

{

"principalId": "9d45cb5e-AAAA-BBBB-CCCCC-DDDDDDDD",

"roleDefinitionId": "acdd72a7-3385-48ef-bd42-f606fba81ae7",

"principalIdDisplayName": "Azure Reader Access"

},

{

"principalId": "9d45cb5e-AAAA-BBBB-CCCCC-DDDDDDDD",

"roleDefinitionId": "cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e",

"principalIdDisplayName": "Support Request Contributor"

}

]

},

"resources": [

{

"type": "Microsoft.ManagedServices/registrationDefinitions",

"apiVersion": "2020-02-01-preview",

"name": "[variables('mspRegistrationName')]",

"properties": {

"registrationDefinitionName": "[parameters('mspOfferName')]",

"description": "[parameters('mspOfferDescription')]",

"managedByTenantId": "[variables('managedByTenantId')]",

"authorizations": "[variables('authorizations')]"

}

},

{

"type": "Microsoft.ManagedServices/registrationAssignments",

"apiVersion": "2020-02-01-preview",

"name": "[variables('mspAssignmentName')]",

"dependsOn": [

"[resourceId('Microsoft.ManagedServices/registrationDefinitions/', variables('mspRegistrationName'))]"

],

"properties": {

"registrationDefinitionId": "[resourceId('Microsoft.ManagedServices/registrationDefinitions/', variables('mspRegistrationName'))]"

}

}

],

"outputs": {

"mspOfferName": {

"type": "string",

"value": "[concat('Managed by', ' ', parameters('mspOfferName'))]"

},

"authorizations": {

"type": "array",

"value": "[variables('authorizations')]"

}

}

}

NextCloud Setup with Docker

One of the most commonly used self-hosted alternatives for cloud storages. Now it's easy to deploy with dockers. Following docker file and Nginx configuration can be used to deploy the nextcloud application behind the Nginx proxy server with SSL termination. 

we can bring up and bring down the containers with the following commands

docket-compose up -f
docker-compose down

===========

version: '2'
#volumes:
#  nextcloud: /root/nextcloud/ncdata
#  db: /root/nextcloud/mysql
services:
  db:
    image: mariadb:10.5
    restart: always
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    volumes:
      - /root/nextcloud/mysql:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=XXXXXXXXX
      - MYSQL_PASSWORD=XXXXXXXX
      - MYSQL_DATABASE=XXXXXXXX
      - MYSQL_USER=XXXXXXXX
  app:
    image: nextcloud
    restart: always
    links:
      - db
    volumes:
      - /root/nextcloud/ncdata:/var/www/html
    environment:
      - MYSQL_PASSWORD=XXXXXXXX
      - MYSQL_DATABASE=XXXXXXXX
      - MYSQL_USER=XXXXXXXX
      - MYSQL_HOST=XXXXXXXX
      - NEXTCLOUD_TRUSTED_DOMAINS=abc.xyz.aa
      - OVERWRITEHOST=abc.xyz.aa:XXXX
      - OVERWRITEPROTOCOL=https
        
  web:
       image: nginx
       restart: always
       ports:
         - 8082:8080
       links:
         - app
       volumes:
         - /root/nextcloud/nginx/nginx.conf:/etc/nginx/conf.d/default.conf
         - /root/nextcloud/cert:/etc/cert
===========
Nginx Configuration file
===========

server {
  listen 80;
  server_name abc.xyz.aa;
  return 301 https://$server_name:8080$request_uri;
  add_header X-Content-Type-Options              "nosniff";
}
server {
  listen 8080 ssl;
  server_name abc.xyz.aa;
  ssl_certificate /etc/cert/abc.xyz.aa.crt;
  ssl_certificate_key /etc/cert/abc.xyz.aa.key;
  ssl_prefer_server_ciphers on;
  location / {
  proxy_pass http://app;
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
 }
} 
===========

Kubernetes(k8s) Sample Commands - 02

Following are a few of the  kubectl commands for managing Kubernetes clusters:

• kubectl get nodes -o=jsonpath='{XX}'
• This command retrieves information about the nodes in the cluster using the jsonpath output format. Replace {XX} with the desired path.
• kubectl get nodes -o=custom-columns=<Column name>
• This command retrieves information about the nodes in the cluster using custom columns output format. Replace <Column name> with the desired column name
• --sort-by=
• This option is used to sort the output based on a specified field.
• kubectl get node node01 -o json > /opt/outputs/node01.json
• This command retrieves information about a specific node and saves it as a JSON file.
• kubectl get nodes -o jsonpath='{.items[*].status.nodeInfo.osImage}' > /opt/outputs/nodes_os.txt
• This command retrieves the OS image of all the nodes in the cluster and saves it in a text file.
• kubectl config view --kubeconfig=my-kube-config -o jsonpath="{.users[*].name}" > /opt/outputs/users.txt
• This command retrieves the names of all users in the kubeconfig file and saves it in a text file.
• kubectl get pv --sort-by=.spec.capacity.storage > /opt/outputs/storage-capacity-sorted.txt
• This command retrieves the capacity of all persistent volumes and sorts the output by storage capacity.
• kubectl config view --kubeconfig=my-kube-config -o jsonpath="{.contexts[?(@.context.user=='aws-user')].name}" > /opt/outputs/aws-context-name
• This command retrieves the context name for a specific user in the kubeconfig file.
• kubectl run test-nslookup --image=busybox:1.28 --rm -it --restart=Never -- nslookup nginx-resolver-service
• This command creates a pod named test-nslookup and runs a DNS lookup on nginx-resolver-service.
• kubectl run test-nslookup --image=busybox:1.28 --rm -it --restart=Never -- nslookup nginx-resolver-service > /root/CKA/nginx.svc
• This command creates a pod named test-nslookup and redirects the output of the DNS lookup to a file.
• K get nodes -o jason | jq -c paths |grep type
• This command retrieves the paths of all fields in the node objects in the cluster that contain the word "type".
• kubectl create deployment --image=nginx nginx --replicas=4 --dry-run=client -o yaml > nginx-deployment.yaml
• This command creates a deployment named nginx with 4 replicas and saves the deployment manifest as a YAML file. The --dry-run=client flag is used to simulate the deployment without actually creating it.

Updated Metallb 0.13.7 Configuration for K8s 1.25

In the new Metallb 0.13.7 configuration for Kubernetes 1.25, there is a new step that needs to be taken before configuring the address pool. You need to enable the ARP (Address Resolution Protocol) to ensure that the load balancer can correctly route traffic between pods.

To enable the ARP, you need to run the following command:

kubectl get configmap kube-proxy -n kube-system -o yaml | \
sed -e "s/strictARP: false/strictARP: true/" | \
kubectl apply -f - -n kube-system

This command fetches the kube-proxy configuration map, updates the "strictARP" option from "false" to "true" and applies the updated map to the kube-system namespace.

Once ARP is enabled, you can apply the new Metallb configuration file by running the following command:

kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.7/config/manifests/metallb-native.yaml

This command fetches the Metallb configuration file and applies it to your cluster.

Next, you need to create an IP address pool that Metallb can use to assign IP addresses to services. To do this, you can create a YAML file with the following contents:

apiVersion: metallb.io/v1beta1

kind: IPAddressPool

metadata:

  name: first-pool

  namespace: metallb-system

spec:

  addresses:

  - 172.16.2.80-172.16.2.90

This YAML file creates an IP address pool named "first-pool" in the "metallb-system" namespace. The pool has a range of IP addresses between 172.16.2.80 and 172.16.2.90 that Metallb can use to assign to services.

You can apply this YAML file to your cluster using the following command:

kubectl apply -f <filename>.yaml

With these steps, you have successfully configured Metallb 0.13.7 for Kubernetes 1.25 and set up an IP address pool that Metallb can use to assign IP addresses to services. This will help you improve the load balancing capabilities of your Kubernetes cluster and make it more scalable and reliable.

Updation for the below setup

https://www.adminz.in/2022/01/setting-up-metallb-load-balancer-with.html

Dynamic DNS with noip Solution

Dynamic DNS is an essential tool for those who want to connect to their network remotely or run a server from home. The issue with most residential ISPs is that their IP addresses change frequently, making it difficult to connect to your network or server from the internet. One solution to this issue is to use a dynamic DNS service like noip.

noip is a free dynamic DNS service provider that allows you to assign a domain name to your changing IP address. In this guide, we will show you how to set up dynamic DNS with noip on a Linux machine.

Step 1: Create a free account on noip.com

Visit noip.com and sign up for a free account. During the registration process, you will need to choose a hostname (domain name) that you want to use for your dynamic DNS. You will also need to verify your email address.

Step 2: Install noip DUC on your Linux machine

noip provides a Dynamic Update Client (DUC) that runs on your machine and updates your hostname with the latest IP address. Download the DUC package from noip.com, extract it, and install it by running the following commands:

cd /usr/local/src
wget https://www.noip.com/client/linux/noip-duc-linux.tar.gz
tar xzf noip-duc-linux.tar.gz
cd noip-2.1.9-1/
make install

Step 3: Configure noip DUC

After the installation, you need to configure the noip DUC with your account details. Run the following command to start the configuration wizard:

/usr/local/bin/noip2 -C

Step 4: Create a systemd unit file for noip2 Create the file /etc/systemd/system/noip2.service with the following content:

[Unit] Description=noip2 service [Service] Type=forking ExecStart=/usr/local/bin/noip2 Restart=always [Install] WantedBy=default.target

Step 5: Reload systemd and start the noip2 service

Reload systemd to make it aware of the new unit file:

sudo systemctl daemon-reload

Start the noip2 service:

sudo systemctl start noip2

Step 6: Enable the noip2 service at boot time

To have the noip2 service started at boot time, enable it:

sudo systemctl enable noip2

PodMan

Podman is a container engine that allows you to create, run, and manage containers on a Linux host. It is similar to other container runtimes such as Docker, Rocket, Drawbridge, and LXC. Podman has a command-line interface that is similar to Docker, making it easy to switch from Docker to Podman.

If you're new to Podman, here are some basic commands that will help you get started:

• podman login -u username -p password registry.access.redhat.com: Log in to a container registry.
• podman pull <image-name>: Download a container image.
• podman ps -a: List all containers, both running and stopped.
• podman search <image-name>: Search for a container image.
• podman images: List all container images.
• podman run <image-name> echo 'Hello world!': Run a container with a specific image and command.
• podman run -d -p 8080 httpd: Run a container with an image in the background and map port 8080.
• podman port -l: Display the port details of the last used container.
• podman run -it ubi8/ubi:8.3 /bin/bash: Run a container and enter into its bash shell.
• podman run --name MySQL-custom -e MYSQL_USER=Ruser -e MYSQL_PASSWORD=PASS -e MYSQL_ROOT_PASSWORD=PASS -d MySQL: Run a container with a custom name and environment variables.
• podman ps --format "{{.ID}} {{.Image}} {{.Names}}": List containers with custom output formatting.

In Podman, you can create both root and rootless containers. Root containers run with elevated privileges, while rootless containers run without elevated privileges and are isolated from the host system.

Here are some commands to create and manage root and rootless containers using Podman:

• sudo podman run --rm --name asroot -ti httpd /bin/bash: Run a container as root.
• podman run --rm --name asuser -ti httpd /bin/bash: Run a container as a regular user.
• podman run --name my-httpd-container httpd: Run a container with a custom name.
• podman exec httpd-container cat /etc/hostname: Run a command inside a running container.
• podman stop my-httpd-container: Stop a running container.
• podman kill -s SIGKILL my-httpd-container: Send a custom kill signal to a running container.
• podman restart my-httpd-container: Restart a container that has been stopped.
• podman rm my-httpd-container: Remove a container.
• podman rm -a: Remove all containers.
• podman stop -a: Stop all running containers.
• podman exec mysql /bin/bash -c 'mysql -uuser1 -pmypa55 -e "select * from items.Projects;"': Run a command inside a running container.

 

Sharing a local directory with a container is a common task in containerization. Podman makes this process simple by allowing you to mount a local directory to a container using the -v option.

Create a local directory with proper SELinux permissions

mkdir /home/student/dbfiles
podman unshare chown -R 27:27 /home/student/dbfiles
sudo semanage fcontext -a -t container_file_t '/home/student/dbfiles(/.*)?'
sudo restorecon -Rv /home/student/dbfiles
ls -ldZ /home/student/dbfiles

The mount the path with -v location_in_local:location_in_container 

podman run -v /home/student/dbfiles:/var/lib/mysql rhmap47/mysql
podman unshare chown 27:27 /home/student/local/mysql

 

Port management

Port management is an important aspect of containerization, and Podman provides a simple way to manage ports for containers. You can use the -p option to map ports between the container and the host system.

Here's an explanation of the commands used in port management with Podman:

• podman run -d --name apache1 -p 8080:8080 httpd: Run a container with the httpd image, map port 8080 on the host system to port 8080 in the container, and name the container apache1.
• podman run -d --name apache2 -p 127.0.0.1:8081:8080 httpd: Run a container with the httpd image, map port 8081 on the localhost interface of the host system to port 8080 in the container, and name the container apache2.
• podman run -d --name apache3 -p 127.0.0.1::8080 httpd: Run a container with the httpd image, map a random port on the localhost interface of the host system to port 8080 in the container, and name the container apache3.

podman port apache3: Display the port details of the apache3 container.

In the first command, the -p option is used to map port 8080 on the host system to port 8080 in the container. This means that if you access port 8080 on the host system, you will be accessing the container's port 8080.

In the second command, the -p option is used to map port 8081 on the localhost interface of the host system to port 8080 in the container. This means that if you access port 8081 on the localhost interface of the host system, you will be accessing the container's port 8080.

In the third command, the -p option is used to map a random port on the localhost interface of the host system to port 8080 in the container. This means that a random port on the host system will be mapped to the container's port 8080.

The podman port command displays the port details of a container, including the mapping between the container's ports and the host system's ports.

By using these commands, you can easily manage ports for containers in Podman.

Podman Image Management

Podman is available on a RHEL host with the following entry in /etc/containers/registries.conf file:

[registries.search] 

registries = ["registry.redhat.io","quay.io"]

• podman save [-o FILE_NAME] IMAGE_NAME[:TAG]: Save an image to a file. You can use the -o option to specify the output file name. For example, podman save -o mysql.tar quay.io/mysql:latest saves the quay.io/mysql:latest image to a file named mysql.tar.
• podman load [-i FILE_NAME]: Load an image from a file. You can use the -i option to specify the input file name. For example, podman load -i mysql.tar loads the mysql.tar file and creates an image.
• podman rmi [OPTIONS] IMAGE [IMAGE...]: Remove one or more images. You can use the -a option to remove all images. For example, podman rmi -a removes all images.
• podman commit [OPTIONS] CONTAINER [REPOSITORY[:PORT]/]IMAGE_NAME[:TAG]: Create a new image from a container. You can use the -a option to specify the author name. For example, podman commit -a 'Your Name' httpd httpd-new creates a new image named httpd-new from the httpd container with author name Your Name.

Here's an explanation of the few of the Podman commands:

• podman diff container-name: This command shows the differences between the container's current state and its original state at the time of its creation. The diff subcommand tags any added file with an A, any changed ones with a C, and any deleted file with a D. This is useful for troubleshooting issues or for auditing the changes made to a container.
• podman tag [OPTIONS] IMAGE[:TAG] [REGISTRYHOST/][USERNAME/]NAME[:TAG]: This command is used to tag an image with a new name or repository. You can use the [REGISTRYHOST/][USERNAME/] part to specify the registry where you want to tag the image. For example, podman tag mysql-custom devops/mysql tags the mysql-custom image with the name devops/mysql.
• podman rmi devops/mysql:snapshot: This command removes an image with the specified name and tag. For example, podman rmi devops/mysql:snapshot removes the devops/mysql image with the snapshot tag.
• podman push [OPTIONS] IMAGE [DESTINATION]: This command pushes an image to a specified destination, such as a container registry. You can use the [DESTINATION] part to specify the registry where you want to push the image. For example, podman push quay.io/bitnami/nginx pushes the quay.io/bitnami/nginx image to the specified registry.