sonarqube stage in jenkins

def git_url = 'https://github.com/initedit/note.initedit'
def git_branch = 'main'
def server_report = "ERROR"
pipeline
{
    agent
    {
        label 'master'
    }
    stages
    {
        
        stage('Git Checkout')
        {

                steps
                {
                    
                    git credentialsId: 'github', url: git_url , branch: git_branch

                }
               
        }
        
        stage('sonarqube analysis')
        {

                steps
                {
                        script 
                        {
                            withSonarQubeEnv('sonarqube') 
                            {
                                def temp_job_name = JOB_NAME.replaceAll('/','-')
                                sh "PATH=$PATH:/var/jenkins_home/node12/bin;NODE_PATH=/var/jenkins_home/node12/lib/node_modules;npm install typescript;/var/jenkins_home/sonar_scanner/bin/sonar-scanner -Dsonar.sourceEncoding=UTF-8  -Dsonar.sources=${WORKSPACE} -Dsonar.projectKey=${temp_job_name}-${git_branch} -Dsonar.projectName=${temp_job_name}-${git_branch};"
                                

                                    withCredentials([usernamePassword(credentialsId: 'sonarqube-user', usernameVariable: 'uname' , passwordVariable: 'upass')]) 
                                    {
                                        sh """
                                        cd .scannerwork
                                        sonar_job_url=\$(cat report-task.txt | grep ceTaskUrl | awk -F 'ceTaskUrl=' '{print \$NF}')
                                        while(true)
                                        do
                                            sonar_job_status=\$(curl -s --user "\$uname:\$upass" \$sonar_job_url | awk -F '"status":' '{print \$NF}' | cut -d ',' -f1 | sed 's/"//g')
                                            sleep 10
                                            if [ "\$sonar_job_status" != 'IN_PROGRESS' ]
                                            then
                                            echo "sonar job completed"
                                            
                                            #get new bugs
                                            new_vulnerabilities=\$(curl -s --user "\$uname:\$upass" http://sonarqube.initedit.com/api/measures/search_history?component="${temp_job_name}-${git_branch}"'&'metrics=new_vulnerabilities | awk -F '"value":' '{print \$NF}' | awk -F '}' '{print \$1}' | sed 's/"//g')
                                            new_bugs=\$(curl -s --user "\$uname:\$upass" http://sonarqube.initedit.com/api/measures/search_history?component="${temp_job_name}-${git_branch}"'&'metrics=new_bugs | awk -F '"value":' '{print \$NF}' | awk -F '}' '{print \$1}' | sed 's/"//g')
                                            new_violations=\$(curl -s --user "\$uname:\$upass" http://sonarqube.initedit.com/api/measures/search_history?component="${temp_job_name}-${git_branch}"'&'metrics=new_violations | awk -F '"value":' '{print \$NF}' | awk -F '}' '{print \$1}' | sed 's/"//g')
                                            
                                            echo "new_vulnerabilities=\$new_vulnerabilities new_bugs=\$new_bugs new_violations=\$new_violations" > /tmp/\${JOB_BASE_NAME}-\${BUILD_ID}.txt
                                            
                                            cat "/tmp/\${JOB_BASE_NAME}-\${BUILD_ID}.txt"
                                            
                                            echo "new_vulnerabilities: \$new_vulnerabilities , new_bugs : \$new_bugs , new_violations : \$new_violations"
                                            exit
                                            fi

                                        done
                                        """
                                    }
                            }

                            def qualitygate = waitForQualityGate()
                            server_report = qualitygate.status
                        }
                    
                }
                
        }
        stage('sonar-qualitygate')
        {
            steps
            {
                script
                {
                    if (server_report != 'OK') 
                    {
                        sh '''
                        echo "not ok"
                        '''
                    }
                    
                }
            }
        }
    }

}

Tmux , Screen, Nohup, – Run command in background

Why?
– Run process in background
– Run database backup in background

Tmux:

#List
tmux ls

#Start session
tmux new -s mysession

#Reconnect  
tmux a -t session_name

#Disconnect
ctrl + b + D


#Reconnect to 0 session
tmux a -t 0

More : https://tmuxcheatsheet.com

Screen :

#List
screen -ls

#Named session
screen -A -m -d -S session_name command

#Reconnect to named session
screen -r session_name 

#Disconnect
CTRL + a + d

https://gist.github.com/jctosta/af918e1618682638aa82

Nohup:

Nohup command &

It’s create nohup.out file in same directory with all command logs

https://www.thegeekdiary.com/nohup-command-examples-runs-a-command-that-keeps-running-after-you-log-out/

Jobs:

jobs
fg
bg

https://tldp.org/LDP/abs/html/x9644.html

Sonatype Nexus3 – Docker compose

version: '3'
services:
  jenkins:
    image: sonatype/nexus3:3.29.0
    user: root:root
    restart: always
    container_name: nexus
    environment:
      TZ: "Asia/Kolkata"
    volumes:
      - /opt/nexus-data:/nexus-data
    ports:
      - 8081:8081

Get admin passwords:

docker exec -it nexus bash

find / -iname admin.*

#OR

docker exec -it nexus  cat /nexus-data/admin.password

More : https://hub.docker.com/r/sonatype/nexus3#user-content-persistent-data

Nomad – Container orchestration example for Dev environment

#Install nomad

-Download the stable release form https://www.nomadproject.io/downloads

wget https://releases.hashicorp.com/nomad/1.0.1/nomad_1.0.1_linux_amd64.zip

unzip nomad_1.0.1_linux_amd64.zip

mv nomad /usr/local/bin/

#start nomad in dev mode

nomad agent -dev

nomad node status

#Install docker https://docs.docker.com/engine/install/centos/

yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo

yum install docker-ce docker-ce-cli containerd.io

systemctl start docker
systemctl enable docker

#Create simple nginx job file (nginx.nomad)

job "nginx" {
  datacenters = ["dc1"]
  type = "service"

  update {
    max_parallel = 1
    min_healthy_time = "10s"
    healthy_deadline = "3m"
    progress_deadline = "10m"
    auto_revert = false

    canary = 0
  }
  migrate {
    max_parallel = 1
    health_check = "checks"
    min_healthy_time = "10s"
    healthy_deadline = "5m"
  }
  group "cache" {
    count = 1

    network {
      port "nginx-port" {
        to = 80
      }
    }

    service {
      name = "nginx-port"
      tags = ["nginx", "web"]
      port = "nginx-port"

    }

    restart {
      attempts = 2
      interval = "30m"
      delay = "15s"
      mode = "fail"
    }

    ephemeral_disk {
      size = 300
    }


    task "nginx" {
      driver = "docker"

      config {
        image = "nginx"
        ports = ["nginx-port"]
      }

      resources {
        cpu    = 500
        memory = 256
      }

    }
  }
}

#Nomand commands for Run,Stop, job status and logs

nomad job status

nomad job run nginx.nomad

nomad job stop nginx

nomad job status nginx

nomad alloc status <Allocations ID>

nomad alloc logs <Allocations ID>

#Access webUI at http://127.0.0.1:4646

Strings command in linux

strings /lib64/libc.so.6 |grep GLIBC

strings /bin/ls

Usage: strings [option(s)] [file(s)]
 Display printable strings in [file(s)] (stdin by default)
 The options are:
  -a - --all                Scan the entire file, not just the data section [default]
  -d --data                 Only scan the data sections in the file
  -f --print-file-name      Print the name of the file before each string
  -n --bytes=[number]       Locate & print any NUL-terminated sequence of at
  -<number>                   least [number] characters (default 4).
  -t --radix={o,d,x}        Print the location of the string in base 8, 10 or 16
  -w --include-all-whitespace Include all whitespace as valid string characters
  -o                        An alias for --radix=o
  -T --target=<BFDNAME>     Specify the binary file format
  -e --encoding={s,S,b,l,B,L} Select character size and endianness:
                            s = 7-bit, S = 8-bit, {b,l} = 16-bit, {B,L} = 32-bit
  -s --output-separator=<string> String used to separate strings in output.
  @<file>                   Read options from <file>
  -h --help                 Display this information
  -v -V --version           Print the program's version number
strings: supported targets: elf64-x86-64 elf32-i386 elf32-iamcu elf32-x86-64 a.out-i386-linux pei-i386 pei-x86-64 elf64-l1om elf64-k1om elf64-little elf64-big elf32-little elf32-big pe-x86-64 pe-bigobj-x86-64 pe-i386 plugin srec symbolsrec verilog tekhex binary ihex

connect to wifi using terminal in ubuntu

1.Create file and add wifi name and creds (vi /etc/wpa_supplicant.conf)

network={
    ssid="ssid_name"
    psk="password"
}

2.Connect

sudo wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant.conf -D wext
sudo dhclient wlan0

More : https://askubuntu.com/questions/138472/how-do-i-connect-to-a-wpa-wifi-network-using-the-command-line

https://askubuntu.com/questions/294257/connect-to-wifi-network-through-ubuntu-terminal

sftp setup to restrict user to some /path

WHY?
– Secure access
– Secure path

adduser kool -s /sbin/nologin

#edit /etc/ssh/sshd_config and ADD

Subsystem sftp internal-sftp
   Match User kool
   ChrootDirectory /opt/dir1/dir2
   ForceCommand internal-sftp
   X11Forwarding no
   AllowTcpForwarding no


chown root:root -R /opt/dir1/dir2
chmod 755 -R /opt/dir1/dir2

chown kool:kool /opt/dir1/dir2/kool
chmod 700 /opt/dir1/dir2/kool