Uncategorized – Page 7

Enable buildkit in docker and use heredoc feature

Why buildkit?
– Better build logs
– Better build cache

Temp enable buildkit

nginx.Dockerfile

# syntax=docker/dockerfile:1.3-labs
FROM nginx

COPY <<EOF /usr/share/nginx/html/index.html
"hola Duniya"
EOF

DOCKER_BUILDKIT=1 docker build -t here-nginx -f nginx.Dockerfile .

Enable buildkit permanently :

echo "{ "features": { "buildkit": true } }" > /etc/docker/daemon.json


systemctl restart docker

More : https://github.com/moby/buildkit

Introduction to heredocs in Dockerfiles

Raspberry pi 4 to measure temperature and humidity with DHT11/DHT22 sensor

pip3 install adafruit-circuitpython-dht
apt-get install libgpiod2

temp.py

import Adafruit_DHT
import time
 
DHT_SENSOR = Adafruit_DHT.DHT11
DHT_PIN = 4

#while loop is there because sometime it does not get the temp.
while True:
    humidity, temperature = Adafruit_DHT.read(DHT_SENSOR, DHT_PIN)
    if humidity is not None and temperature is not None:
        print("Temp={0:0.1f}C Humidity={1:0.1f}%".format(temperature, humidity))
    else:
        print("Sensor failure. Check wiring.");
    time.sleep(1);

run:

python3 temp.py

For DHT22 sensor:

temp-dht22.py

import Adafruit_DHT
import time

DHT_SENSOR = Adafruit_DHT.DHT22
DHT_PIN = 4

humidity, temperature = Adafruit_DHT.read(DHT_SENSOR, DHT_PIN)
if humidity is not None and temperature is not None:
    #print("Temp={0:0.1f}C Humidity={1:0.1f}%".format(temperature, humidity))
    print("{0},{1}".format(temperature, humidity))

shell script to send over pushgateway

root@lp-arm-1:~# cat /opt/cron/get_temp_dht22.sh
#!/bin/bash

t_and_h=$(python3 /opt/cron/get_temp_dht22.py)

temprerature=$(echo $t_and_h | awk -F ',' '{print $1}')
humidity=$(echo $t_and_h | awk -F ',' '{print $2}')
echo "room_temp $temprerature" | curl --data-binary @- http://192.168.0.183:30008/metrics/job/room_temp/instance/lp-arm-1
echo "room_humidity $humidity" | curl --data-binary @- http://192.168.0.183:30008/metrics/job/room_humidity/instance/lp-arm-1

Mount single file in docker

We can use –mount type=bind parameter to mount single file

docker run  -d -p 9090:9090 --mount type=bind,source=/opt/prometheus/prometheus.yml,target=/etc/prometheus/prometheus.yml prom/prometheus:v2.22.0

Using docker-compose file

version: "3.7"    
services:
  prometheus:
    image: prom/prometheus:v2.22.0
    volumes:
      - type: bind
        source: /opt/prometheus/prometheus.yml
        target: /etc/prometheus/prometheus.yml
    ports:
      - 9090:9090

More : https://stackoverflow.com/questions/42248198/how-to-mount-a-single-file-in-a-volume

https://docs.docker.com/storage/bind-mounts/

raspberry pi fan on/off automation based on cpu temp

Note : This does not work because IO pins does not enough power to run fan.

fan.py

import RPi.GPIO as GPIO
from time import sleep
import sys

GPIO.setwarnings(False)
GPIO.setmode(GPIO.BOARD)
GPIO.setup(8, GPIO.OUT, initial=GPIO.LOW) 

if sys.argv[1] == "on":
 GPIO.output(8, GPIO.HIGH)
 print("on")
else:
 GPIO.output(8, GPIO.LOW)
 print("off")

Dockerfile

FROM python:slim-buster
WORKDIR /fan
RUN apt update && \
    apt install python-rpi.gpio python3-rpi.gpio -y 
COPY fan.py .

Docker build

docker build -t fan .

Docker run command switch on

docker run -it --device /dev/gpiomem fan python2 fan.py on

Docker run command switch off

docker run -it --device /dev/gpiomem fan python2 fan.py off

fan.sh

#!/bin/bash

cpu=$(</sys/class/thermal/thermal_zone0/temp)

cpu_temp=$(echo "$cpu/1000" | /usr/bin/bc)
echo $cpu_temp

if(("cpu_temp" >= "65"))
then
echo "more 65 on fan"
docker run -it --device /dev/gpiomem fan python2 fan.py on
else
echo "less 65 off fan"
docker run -it --device /dev/gpiomem fan python2 fan.py off
fi

More: https://raspberrypihq.com/making-a-led-blink-using-the-raspberry-pi-and-python/

https://stackoverflow.com/questions/48441737/docker-error-no-access-to-dev-mem-try-running-as-root

Greylog setup with filebeat and Raw/Plaintext TCP

More : https://docs.graylog.org/en/4.0/pages/installation/docker.html

version: '2'
services:
  mongodb:
    image: mongo:4.2
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
    environment:
      - http.host=0.0.0.0
      - transport.host=localhost
      - network.host=0.0.0.0
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    mem_limit: 1g
  graylog:
    image: graylog/graylog:4.0
    environment:
      - GRAYLOG_PASSWORD_SECRET=somepasswordpepper
      - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
      - GRAYLOG_HTTP_EXTERNAL_URI=http://192.168.0.228:9000/
    entrypoint: /usr/bin/tini -- wait-for-it elasticsearch:9200 --  /docker-entrypoint.sh
    links:
      - mongodb:mongo
      - elasticsearch
    restart: always
    depends_on:
      - mongodb
      - elasticsearch
    ports:
      # Graylog web interface and REST API
      - 9000:9000
      # Syslog TCP
      - 1514:1514
      # Syslog UDP
      - 1514:1514/udp
      # GELF TCP
      - 12201:12201
      # GELF UDP
      - 12201:12201/udp
      - 5555:5555
      - 5551:5551

Note : 5555 port will be used for filebeat as logstash output

System / inputs >> select input > Beats > launch input > global tick > titile > port = 5555 > threads =2 > Save

Install filebeat : https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation-configuration.html

Edit /etc/filebeat/filebeat.yml

Output:

Raw/Plaintext TCP

System / inputs >> select input > Raw/Plaintext TCP > launch input > global tick > titile > port = 5551 > threads =2 > Save

for sending Raw/Plaintext TCP

echo "this is log" > /dev/tcp/grelog_server/5551

how to start learn docker and kubernetes

Linux – installation of different distro with lvm, encrypted lvm, plain
Shell scripting – auto restart job , sed , awk
Docker – jenkins setup, wordpress setup with persistent volume
kubernetes – cluster setup, deployment

haproxy context based routing

http://192.168.0.228:8080/app1 => http://192.168.0.228:8081
http://192.168.0.228:8080/app2 => http://192.168.0.228:8082

haproxy.cfg

global
    daemon
    maxconn 256

defaults
    timeout connect 10s
    timeout client 30s
    timeout server 30s
    mode http
    maxconn 3000

frontend http_in
    bind *:8080
    use_backend app1_backend if { path /app1 }
    use_backend app2_backend if { path /app2 }

backend app1_backend
    http-request set-path %[path,regsub(^/app1/?,/)]
    server server1 192.168.0.228:8081

backend app2_backend
    http-request set-path %[path,regsub(^/app2/?,/)]
    server server1 192.168.0.228:8082

more : https://grafana.com/tutorials/run-grafana-behind-a-proxy/#configure-haproxy

renew kubeapi server certs in kubernetes

kubeadm certs check-expiration


kubeadm certs renew all

error : x509: certificate has expired or is not yet valid

Note : move /etc/kubenetes/admin.conf to /root/.kube/config and restart control node and worker node to update cert

https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/

Expose localhost to public URL – localtunnel

npm install -g localtunnel

lt --port 8000

lt --port 8000 --subdomain piserver

https://github.com/localtunnel/localtunnel

Alternative – https://ngrok.com/

Clamav antivirus scan in CICD – Jenkins

#install clamav

yum -y install epel-release

yum install clamav

#update clamav

/usr/bin/freshclam

#scan clamav

clamscan -r /tmp/

more : https://www.hostinger.in/tutorials/how-to-install-clamav-centos7

https://www.clamav.net/