Uncategorized – Page 5

32 GB SD card issue

One of the issue that i face with my raspberry pi 4 SD card. I removed it when it was in the pi case. Which broke the SD card chip in half internally.

Lesson : Always remove the SD carefully.

broke my 32 GB SD card while removing from Pi. I tried formatting with fdisk, mkfs.ext4 and Windows but none of them worked.

I have attached screenshot of fdisk /dev/sda where I have created 1 partition but when i try to delete the same it’s giving error No partition is defined yet!

Here is the lsblk output:

root@lp-arm-1:~# lsblk
NAME        MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
loop0         7:0    0 88.1M  1 loop /snap/core/11803
loop1         7:1    0 48.9M  1 loop /snap/core18/2127
loop2         7:2    0   49M  1 loop /snap/core18/2248
loop3         7:3    0 57.4M  1 loop /snap/core20/1171
loop4         7:4    0 88.1M  1 loop /snap/core/11996
loop5         7:5    0 60.4M  1 loop /snap/lxd/21544
loop6         7:6    0 28.2M  1 loop /snap/snapd/13269
loop7         7:7    0 57.4M  1 loop /snap/core20/1084
loop8         7:8    0   62M  1 loop /snap/lxd/21032
loop9         7:9    0 28.2M  1 loop /snap/snapd/13643
sda           8:0    1 30.6M  0 disk
mmcblk0     179:0    0 59.7G  0 disk
├─mmcblk0p1 179:1    0  256M  0 part /boot/firmware
└─mmcblk0p2 179:2    0 59.4G  0 part /

Note: mmcblk0 is another working SD card

When try to format it with widows OS.

Integrating Jenkins login with Keycloak

Run Keycloak with docker-compose

version: '3'
services:
  postgres:
      image: postgres:9.6
      volumes:
        - /opt/postgres/:/var/lib/postgresql/data
      environment:
        POSTGRES_DB: keycloak_db
        POSTGRES_USER: keycloak_user
        POSTGRES_PASSWORD: password
  keycloak:
      image: quay.io/keycloak/keycloak:latest
      environment:
        DB_VENDOR: POSTGRES
        DB_ADDR: postgres
        DB_DATABASE: keycloak_db
        DB_USER: keycloak_user
        DB_SCHEMA: public
        DB_PASSWORD: password
        KEYCLOAK_USER: admin
        KEYCLOAK_PASSWORD: admin
      ports:
        - 8080:8080
      depends_on:
        - postgres

Open Keycloak panel : http://192.168.0.184:8080 > add realm > Jenkins

Add client, Client > client-protocal=openid-connect > Root URL

Client > Jenkins-client > Installation > Keycloak OIDC JSON > Download

Note : Take the back up of /var/jenkins_home/config.xml or take a snapshot if it’s vm.

Manage Jenkins > Configure system > Global Keycloak Settings > add downloaded json data > Save

Manage Jenkins > Configure global security > Securiy Realm > Keycloak Authentication Plugin > Save and logout

Create Users in Keycloak realm “jenkins” and login with user(eg. admin1)

More – https://www.keycloak.org/getting-started/getting-started-docker

Jenkins AD integration and access management

First take the back up of /var/jenkins_home/config.xml or take a snapshot if it’s vm.

Method 1: (all user have same admin access)

Manage jenkins > Configure Global Security > Active Directory

Domain name : example.com
Domain Controller : ad.exmaple.com
Bind DN : [email protected]
Bind Password : <jenkins-svc-account password>

Note: You may need to apply the setting and then click on Test Domain.

Else it will give Error: simple bind failed: ad.example.com:389 error

Also Domain Name(example.com) should be resolved from jenkins host or entry should be in /etc/hosts

192.168.122.6 example.com

Method 2: Matrix-based security

Method3: Role based strategy(pending)

AD user and jenkins screenshot for reference

Check ldap port in powershell

tnc example.com -port 389

Test-NetConnection -ComputerName example.com -Port 389

Add linux CRON entry non interactive

Useful when we need to add cron entry using shell script

cron.sh

crontab -l > /tmp/cron.bak
echo "* * * * * /opt/backup.sh" >> /tmp/cron.bak
crontab /tmp/cron.bak

DevOps questions

Docker

Explain Docker life cycle?
Explain/Write simple Dockerfile start to end.
What are layers in docker? how to reduce layer?
What is CMD and entry point? can we use both? When to use?
What is multistage dockerfile?
What’s Difference between ADD vs COPY, RUN vs CMD?
How to optimize docker image size?
How to optimize security in dockerfile?
Tools used for scanning docker file and image?
What is distroless image? when to use?
How to verify distroless image with cosign?
have you used tini ? why?
Can you run container with different kernel version than base kernel host?
What are the best practices to write Dockerfile?
what is docker buildkit?
What is docker-compose?
How container talks to other container in docker-compose?
Types of networks in docker-compose?
how to auto restart docker container?

Jenkins

Explain Your jenkins CICD pipeline?
Explain Jenkins DevSecOps Pipleine?
How you integrated sonarqube with your pipeline?
What are the ways we can start the build? OR type of build triggers?
How you add jenkins worker node? what are other ways to do?
How you manage credentials in Jenkins?
Diff between webhook and pool scm?
What plugins you used in Jenkins?
How do you take backup of Jenkins?
Have you written declarative or scripted pipeline? what’s difference?
How you pass env variable from one stage to another stage?

Kubernetes

What are the components of kuberntes?
What is pod and deployment, Daemonset
When do you use Daemonset?
What is sidecar container? when to use?
What is static pod?
How you have integrated CICD with Jenkins?
What is Kubeproxy? CoreDNS?
How you expose your service externally?
What will happen if k8 control node goes down?
have you upgraded your k8 cluster? what are the steps? explain
How you add security to k8 cluster?
How you scan your k8 deployment file?
Best practice to write k8 deployment file, explain componets?
What is taints, tolerance, node affinity, pod affinity , anti-affinity?
What is CNI? What CNI you have used? Why we choose different CNI?
Default scaling method available in kubernetes? What task are require to setup HPA?
What VPA? what kind of metrics we can use? from where?
How pod communicate with each other?
How kubernetes kube metrics works?
How you troubleshoot if pod is in pending/imagepullbackoff state?
what is service mesh ? when to use?
What is mTLS? how do you secure your pod to pod communication?
What is PV, PVC? what is storageclass?
If PV is 50GB and created 20GB PVC using that PV. can 30GB used for new PVC?
what is PVC accessModes and Reclaim Policy?

Terraform

what is terraform backend?
Where do you store your terraform state file? why?
Have you created custom module?
Explain your Iaac terraform pipeline

Ansible

What is ansible playbook?
What is ansible role?
What module you used in ansible?
What is register in ansible?
Difference between static and dynamic inventory?
How ansible works? how it do authentication?
What is ansible galaxy?
what is ansible vault? how you store your creds?
write playbook to install httpd and enabled it?
What is ansible tower?
what are handlers in ansible?

General questions

What do you mean by CI and CD?
What is continue development , continue deployment?
what is your git branch strategy? how do you resolve merge conflict?
How you optimize cost on aws? (amd, arm, cloudcustodian, aws lambda, s3 static website, s3 lifecycle)
How you will host static website?
Application is receiving millions of request ? how you will manage it?
What is blue-green deployment? tools required? strategy?
What is unit testing? how do you configure quality gates, code coverage in sonarqube?

AWS questions

AWS lambda time limit?
How many VPC and subnet we can create?
How do you secure your website, endpoints?
What is cloudfront distribution point?
How you can recover from wrong fstab configured ec2 which is not starting at all?

Linux questions

How do extend space in Linux? LVM? LVM striping?
RAID types?
Top 10 command that use for daily task?
SUID, GUID, Sticky Bit, special permission in linux?
which is faster cp or mv? why?
command not found? troubleshooting?
what is swap memory? why? how?
update time in linux?
linux boot process?

Add ubuntu WSL 2 in Visual code

Install Remote – WSL plugin

Set default wls to ubuntu

wsl -l
wsl --set-default Ubuntu
wsl --set-default-version 2

change from wsl1 to wsl2

wsl -l -v 
wsl --set-version Ubuntu 2

Use Window terminal for multiple wsl windows – https://superuser.com/questions/1119998/win-10-linux-subsystem-multi-tab-bash

chmod is not working?

create /etc/wsl.conf

[automount]
options = "metadata"

https://stackoverflow.com/questions/46610256/chmod-wsl-bash-doesnt-work

Kong smtp email configuration with AWS SES

update /etc/kong/kong.conf

smtp_mock=off
smtp_host=email-smtp.eu-west-1.amazonaws.com
smtp_port=465
smtp_username=${KONG_SMTP_USER}
smtp_password=${KONG_SMTP_PASSWORD}
smtp_ssl=on
smtp_domain=example.com
[email protected]
admin_emails_from =Team1 <[email protected]>
portal_invite_email=Team1 <[email protected]>
portal_access_request_email=Team1 <[email protected]>
portal_approved_email=on
portal_emails_from=Team1 <[email protected]>
portal_emails_reply_to=Team1 <[email protected]>

Note : [email protected] should verified in AWS and It’s should be below format

Team1 <[email protected]>

Create statically linked rust docker image with alpine

Why?
– Optimize size
– less surface attack

FROM rust:slim-buster AS build
WORKDIR /opt
COPY . .
RUN rustup target add x86_64-unknown-linux-musl
RUN cargo build --target x86_64-unknown-linux-musl --release

FROM alpine:3.15.0
WORKDIR /opt
COPY --from=build /opt/target/x86_64-unknown-linux-musl/release .
EXPOSE 7878
CMD ["/opt/simple-rust-webserver"]

docker build -t rust-web-alpine -f alpine.Dockerfile .

docker run -d -p 7878:7878 rust-web-alpine

[root@lp-test-1 simple-rust-webserver]# docker images | grep rust-web-alpine
rust-web-alpine                                latest          7dd00663078c   9 minutes ago    9.4MB

main.rs

use std::net::{TcpStream, TcpListener};
use std::io::{Read, Write};
use std::thread;


fn handle_read(mut stream: &TcpStream) {
    let mut buf = [0u8 ;4096];
    match stream.read(&mut buf) {
        Ok(_) => {
            let req_str = String::from_utf8_lossy(&buf);
            println!("{}", req_str);
            },
        Err(e) => println!("Unable to read stream: {}", e),
    }
}

fn handle_write(mut stream: TcpStream) {
    let response = b"HTTP/1.1 200 OK\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n<html><body>hola rust</body></html>\r\n";
    match stream.write(response) {
        Ok(_) => println!("Response sent"),
        Err(e) => println!("Failed sending response: {}", e),
    }
}

fn handle_client(stream: TcpStream) {
    handle_read(&stream);
    handle_write(stream);
}

fn main() {
    let listener = TcpListener::bind("0.0.0.0:7878").unwrap();
    println!("Listening for connections on port {}", 7878);

    for stream in listener.incoming() {
        match stream {
            Ok(stream) => {
                thread::spawn(|| {
                    handle_client(stream)
                });
            }
            Err(e) => {
                println!("Unable to connect: {}", e);
            }
        }
    }
}

More : https://users.rust-lang.org/t/building-executable-for-alpine-linux/13568

https://doc.rust-lang.org/cargo/commands/cargo-build.html

Send email using AWS SES SMTP with python

import smtplib

email_user = '<aws-ses-user>'
email_password = '<aws-ses-password>'

sent_from = '"test" <[email protected]>' #This should be verified
to = ['[email protected]']
subject = 'test'
body = 'test'

email_text = """\
From: %s
To: %s
Subject: %s

%s
""" % (sent_from, ", ".join(to), subject, body)

try:
    smtp_server = smtplib.SMTP_SSL('email-smtp.ap-south-1.amazonaws.com', 465)
    smtp_server.ehlo()
    smtp_server.login(email_user, email_password)
    smtp_server.sendmail(sent_from, to, email_text)
    smtp_server.close()
    print ("Email sent successfully!")
except Exception as ex:
    print ("Something went wrong….",ex)

Issues and error messages:

Issues:
https://serverfault.com/questions/639297/why-does-postfix-on-aws-give-me-invalid-mail-from-address-provided-i-have-pro/639300
Something went wrong…. (501, b’Invalid MAIL FROM address provided’, ‘username’)
Something went wrong…. (554, b’Message rejected: Email address is not verified. The following identities failed the check in region AP-SOUTH-1: test <[email protected]>, [email protected]’) – verify user in aws
access key and smtp username is same
get aws smtp password – https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html

Configure smtp plugin in Jenkins

Manage Jenkins > Configure system > search “E-mail Notification”

gmail smtp server: smtp.gmail.com port : 587 need TLS

Note: Allow google Less Secure App(should be turned on).

email.Jenkinsfile

pipeline
{
    agent { label 'worker1' }
    stages{
        stage('send-email'){
            
            steps{
                script 
                {
                    emailext subject: 'Test email subject', body: 'Test email body',  to: '[email protected]'
                }
                sh "echo hola"
            }
        }
    }
}