def git_url = 'https://github.com/initedit/note.initedit'
def git_branch = 'main'
def server_report = "ERROR"
pipeline
{
agent
{
label 'master'
}
stages
{
stage('Git Checkout')
{
steps
{
git credentialsId: 'github', url: git_url , branch: git_branch
}
}
stage('sonarqube analysis')
{
steps
{
script
{
withSonarQubeEnv('sonarqube')
{
def temp_job_name = JOB_NAME.replaceAll('/','-')
sh "PATH=$PATH:/var/jenkins_home/node12/bin;NODE_PATH=/var/jenkins_home/node12/lib/node_modules;npm install typescript;/var/jenkins_home/sonar_scanner/bin/sonar-scanner -Dsonar.sourceEncoding=UTF-8 -Dsonar.sources=${WORKSPACE} -Dsonar.projectKey=${temp_job_name}-${git_branch} -Dsonar.projectName=${temp_job_name}-${git_branch};"
withCredentials([usernamePassword(credentialsId: 'sonarqube-user', usernameVariable: 'uname' , passwordVariable: 'upass')])
{
sh """
cd .scannerwork
sonar_job_url=\$(cat report-task.txt | grep ceTaskUrl | awk -F 'ceTaskUrl=' '{print \$NF}')
while(true)
do
sonar_job_status=\$(curl -s --user "\$uname:\$upass" \$sonar_job_url | awk -F '"status":' '{print \$NF}' | cut -d ',' -f1 | sed 's/"//g')
sleep 10
if [ "\$sonar_job_status" != 'IN_PROGRESS' ]
then
echo "sonar job completed"
#get new bugs
new_vulnerabilities=\$(curl -s --user "\$uname:\$upass" http://sonarqube.initedit.com/api/measures/search_history?component="${temp_job_name}-${git_branch}"'&'metrics=new_vulnerabilities | awk -F '"value":' '{print \$NF}' | awk -F '}' '{print \$1}' | sed 's/"//g')
new_bugs=\$(curl -s --user "\$uname:\$upass" http://sonarqube.initedit.com/api/measures/search_history?component="${temp_job_name}-${git_branch}"'&'metrics=new_bugs | awk -F '"value":' '{print \$NF}' | awk -F '}' '{print \$1}' | sed 's/"//g')
new_violations=\$(curl -s --user "\$uname:\$upass" http://sonarqube.initedit.com/api/measures/search_history?component="${temp_job_name}-${git_branch}"'&'metrics=new_violations | awk -F '"value":' '{print \$NF}' | awk -F '}' '{print \$1}' | sed 's/"//g')
echo "new_vulnerabilities=\$new_vulnerabilities new_bugs=\$new_bugs new_violations=\$new_violations" > /tmp/\${JOB_BASE_NAME}-\${BUILD_ID}.txt
cat "/tmp/\${JOB_BASE_NAME}-\${BUILD_ID}.txt"
echo "new_vulnerabilities: \$new_vulnerabilities , new_bugs : \$new_bugs , new_violations : \$new_violations"
exit
fi
done
"""
}
}
def qualitygate = waitForQualityGate()
server_report = qualitygate.status
}
}
}
stage('sonar-qualitygate')
{
steps
{
script
{
if (server_report != 'OK')
{
sh '''
echo "not ok"
'''
}
}
}
}
}
}Author: Alok
DevSecOps
101 questions list for troubleshooting issues
- What error message your are getting? screenshot?
- What actual issue you are facing share your screen?
- What your are trying to accomplish?
- When did it last work? approx. timing?
- Is everyone in your team having the same issue?
- What is the endpoint? Port? URL? IPaddress?
- is this the first time you are accessing this URL?
Tmux , Screen, Nohup, – Run command in background
Why?
– Run process in background
– Run database backup in background
Tmux:
#List
tmux ls
#Start session
tmux new -s mysession
#Reconnect
tmux a -t session_name
#Disconnect
ctrl + b + D
#Reconnect to 0 session
tmux a -t 0
More : https://tmuxcheatsheet.com
Screen :
#List
screen -ls
#Named session
screen -A -m -d -S session_name command
#Reconnect to named session
screen -r session_name
#Disconnect
CTRL + a + dhttps://gist.github.com/jctosta/af918e1618682638aa82
Nohup:
Nohup command &It’s create nohup.out file in same directory with all command logs
Jobs:
jobs
fg
bgSonatype Nexus3 – Docker compose
version: '3'
services:
jenkins:
image: sonatype/nexus3:3.29.0
user: root:root
restart: always
container_name: nexus
environment:
TZ: "Asia/Kolkata"
volumes:
- /opt/nexus-data:/nexus-data
ports:
- 8081:8081Get admin passwords:
docker exec -it nexus bash
find / -iname admin.*
#OR
docker exec -it nexus cat /nexus-data/admin.password
More : https://hub.docker.com/r/sonatype/nexus3#user-content-persistent-data
Nomad – Container orchestration example for Dev environment
#Install nomad
-Download the stable release form https://www.nomadproject.io/downloads
wget https://releases.hashicorp.com/nomad/1.0.1/nomad_1.0.1_linux_amd64.zip
unzip nomad_1.0.1_linux_amd64.zip
mv nomad /usr/local/bin/#start nomad in dev mode
nomad agent -dev
nomad node status#Install docker https://docs.docker.com/engine/install/centos/
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
yum install docker-ce docker-ce-cli containerd.io
systemctl start docker
systemctl enable docker#Create simple nginx job file (nginx.nomad)
job "nginx" {
datacenters = ["dc1"]
type = "service"
update {
max_parallel = 1
min_healthy_time = "10s"
healthy_deadline = "3m"
progress_deadline = "10m"
auto_revert = false
canary = 0
}
migrate {
max_parallel = 1
health_check = "checks"
min_healthy_time = "10s"
healthy_deadline = "5m"
}
group "cache" {
count = 1
network {
port "nginx-port" {
to = 80
}
}
service {
name = "nginx-port"
tags = ["nginx", "web"]
port = "nginx-port"
}
restart {
attempts = 2
interval = "30m"
delay = "15s"
mode = "fail"
}
ephemeral_disk {
size = 300
}
task "nginx" {
driver = "docker"
config {
image = "nginx"
ports = ["nginx-port"]
}
resources {
cpu = 500
memory = 256
}
}
}
}
#Nomand commands for Run,Stop, job status and logs
nomad job status
nomad job run nginx.nomad
nomad job stop nginx
nomad job status nginx
nomad alloc status <Allocations ID>
nomad alloc logs <Allocations ID>
#Access webUI at http://127.0.0.1:4646
Strings command in linux
strings /lib64/libc.so.6 |grep GLIBC
strings /bin/ls
Usage: strings [option(s)] [file(s)]
Display printable strings in [file(s)] (stdin by default)
The options are:
-a - --all Scan the entire file, not just the data section [default]
-d --data Only scan the data sections in the file
-f --print-file-name Print the name of the file before each string
-n --bytes=[number] Locate & print any NUL-terminated sequence of at
-<number> least [number] characters (default 4).
-t --radix={o,d,x} Print the location of the string in base 8, 10 or 16
-w --include-all-whitespace Include all whitespace as valid string characters
-o An alias for --radix=o
-T --target=<BFDNAME> Specify the binary file format
-e --encoding={s,S,b,l,B,L} Select character size and endianness:
s = 7-bit, S = 8-bit, {b,l} = 16-bit, {B,L} = 32-bit
-s --output-separator=<string> String used to separate strings in output.
@<file> Read options from <file>
-h --help Display this information
-v -V --version Print the program's version number
strings: supported targets: elf64-x86-64 elf32-i386 elf32-iamcu elf32-x86-64 a.out-i386-linux pei-i386 pei-x86-64 elf64-l1om elf64-k1om elf64-little elf64-big elf32-little elf32-big pe-x86-64 pe-bigobj-x86-64 pe-i386 plugin srec symbolsrec verilog tekhex binary ihex
create bootable usb using dd
dd bs=4M if=/home/input.iso of=/dev/sd[?] conv=fdatasync status=progress
[?] = Run lsblk and find your USB
connect to wifi using terminal in ubuntu
1.Create file and add wifi name and creds (vi /etc/wpa_supplicant.conf)
network={
ssid="ssid_name"
psk="password"
}2.Connect
sudo wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant.conf -D wext
sudo dhclient wlan0More : https://askubuntu.com/questions/138472/how-do-i-connect-to-a-wpa-wifi-network-using-the-command-line
https://askubuntu.com/questions/294257/connect-to-wifi-network-through-ubuntu-terminal
sftp setup to restrict user to some /path
WHY?
– Secure access
– Secure path
adduser kool -s /sbin/nologin
#edit /etc/ssh/sshd_config and ADD
Subsystem sftp internal-sftp
Match User kool
ChrootDirectory /opt/dir1/dir2
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
chown root:root -R /opt/dir1/dir2
chmod 755 -R /opt/dir1/dir2
chown kool:kool /opt/dir1/dir2/kool
chmod 700 /opt/dir1/dir2/koolcockpit to manage virtual machines in centos8
why?
– Access vm via webconsole
– Easy to manage services
– Create/manage VM
– Create/manage podman
dnf install cockpit -y
systemctl start cockpit.socket
systemctl enable cockpit.socket
Browse https://127.0.0.1:9090 or https://YOUR_IP:9090more : https://cockpit-project.org