- install jenkins using docker-compose
- default port for jenkins 8080
- Explain the your CICD pipeline
- What is DSL?
- How do you manage credentials in jenkins?
- explain the basic structure of Jenkinsfile?
- how jobs are managed for different branch/ multibranch?
- What issues you faced in jenkins? = plugin high disk IO
- build trigger?
- how to configure webhook?
- poll SCM?
- light checkout in jekins?
- groovy sandbox?
- add worker node in jenkins? types of method?
Promethus inbuilt basic authentication and TLS
github : https://github.com/prometheus/prometheus/pull/8316
from v2.24.0 basic authentication and TLS is inbuilt into prometheus.
webconfig.yml
tls_server_config:
cert_file: /etc/prometheus/prometheus.cert
key_file: /etc/prometheus/prometheus.key
basic_auth_users:
admin: $2y$12$/B1Z0Ohq/g9z/BlD30mi/uRDNdBRs/VrtAZrJDtY73Ttjc8RYHJ2O- Start prometheus with webconfig file
./prometheus --web.config.file=webconfig.yml- Prometheus will be accessible on https and with basic auth (admin/admin)
- Password should be bcrypt encrypted – https://bcrypt-generator.com
Disk IO read/write monitor
yum install sysstat -y
iostat -t
iostat -xtc
iostat -d
#More command
iostat -dx /dev/sda 5
sar
vmstat
badblockDocker private registry server
echo '{
"insecure-registries" : [ "192.168.0.183:5000" ]
}' > /etc/docker/daemon.jsondocker run -d -p 5000:5000 --restart=always --name registry registry:2
registry-docker-compose.yml
version: '3'
services:
registry:
image: registry:2
user: root:root
restart: always
container_name: registry
environment:
TZ: "Asia/Kolkata"
volumes:
- /mnt/registry:/var/lib/registry
ports:
- 5000:5000sonarqube stage in jenkins
def git_url = 'https://github.com/initedit/note.initedit'
def git_branch = 'main'
def server_report = "ERROR"
pipeline
{
agent
{
label 'master'
}
stages
{
stage('Git Checkout')
{
steps
{
git credentialsId: 'github', url: git_url , branch: git_branch
}
}
stage('sonarqube analysis')
{
steps
{
script
{
withSonarQubeEnv('sonarqube')
{
def temp_job_name = JOB_NAME.replaceAll('/','-')
sh "PATH=$PATH:/var/jenkins_home/node12/bin;NODE_PATH=/var/jenkins_home/node12/lib/node_modules;npm install typescript;/var/jenkins_home/sonar_scanner/bin/sonar-scanner -Dsonar.sourceEncoding=UTF-8 -Dsonar.sources=${WORKSPACE} -Dsonar.projectKey=${temp_job_name}-${git_branch} -Dsonar.projectName=${temp_job_name}-${git_branch};"
withCredentials([usernamePassword(credentialsId: 'sonarqube-user', usernameVariable: 'uname' , passwordVariable: 'upass')])
{
sh """
cd .scannerwork
sonar_job_url=\$(cat report-task.txt | grep ceTaskUrl | awk -F 'ceTaskUrl=' '{print \$NF}')
while(true)
do
sonar_job_status=\$(curl -s --user "\$uname:\$upass" \$sonar_job_url | awk -F '"status":' '{print \$NF}' | cut -d ',' -f1 | sed 's/"//g')
sleep 10
if [ "\$sonar_job_status" != 'IN_PROGRESS' ]
then
echo "sonar job completed"
#get new bugs
new_vulnerabilities=\$(curl -s --user "\$uname:\$upass" http://sonarqube.initedit.com/api/measures/search_history?component="${temp_job_name}-${git_branch}"'&'metrics=new_vulnerabilities | awk -F '"value":' '{print \$NF}' | awk -F '}' '{print \$1}' | sed 's/"//g')
new_bugs=\$(curl -s --user "\$uname:\$upass" http://sonarqube.initedit.com/api/measures/search_history?component="${temp_job_name}-${git_branch}"'&'metrics=new_bugs | awk -F '"value":' '{print \$NF}' | awk -F '}' '{print \$1}' | sed 's/"//g')
new_violations=\$(curl -s --user "\$uname:\$upass" http://sonarqube.initedit.com/api/measures/search_history?component="${temp_job_name}-${git_branch}"'&'metrics=new_violations | awk -F '"value":' '{print \$NF}' | awk -F '}' '{print \$1}' | sed 's/"//g')
echo "new_vulnerabilities=\$new_vulnerabilities new_bugs=\$new_bugs new_violations=\$new_violations" > /tmp/\${JOB_BASE_NAME}-\${BUILD_ID}.txt
cat "/tmp/\${JOB_BASE_NAME}-\${BUILD_ID}.txt"
echo "new_vulnerabilities: \$new_vulnerabilities , new_bugs : \$new_bugs , new_violations : \$new_violations"
exit
fi
done
"""
}
}
def qualitygate = waitForQualityGate()
server_report = qualitygate.status
}
}
}
stage('sonar-qualitygate')
{
steps
{
script
{
if (server_report != 'OK')
{
sh '''
echo "not ok"
'''
}
}
}
}
}
}101 questions list for troubleshooting issues
- What error message your are getting? screenshot?
- What actual issue you are facing share your screen?
- What your are trying to accomplish?
- When did it last work? approx. timing?
- Is everyone in your team having the same issue?
- What is the endpoint? Port? URL? IPaddress?
- is this the first time you are accessing this URL?
Tmux , Screen, Nohup, – Run command in background
Why?
– Run process in background
– Run database backup in background
Tmux:
#List
tmux ls
#Start session
tmux new -s mysession
#Reconnect
tmux a -t session_name
#Disconnect
ctrl + b + D
#Reconnect to 0 session
tmux a -t 0
More : https://tmuxcheatsheet.com
Screen :
#List
screen -ls
#Named session
screen -A -m -d -S session_name command
#Reconnect to named session
screen -r session_name
#Disconnect
CTRL + a + dhttps://gist.github.com/jctosta/af918e1618682638aa82
Nohup:
Nohup command &It’s create nohup.out file in same directory with all command logs
Jobs:
jobs
fg
bgSonatype Nexus3 – Docker compose
version: '3'
services:
jenkins:
image: sonatype/nexus3:3.29.0
user: root:root
restart: always
container_name: nexus
environment:
TZ: "Asia/Kolkata"
volumes:
- /opt/nexus-data:/nexus-data
ports:
- 8081:8081Get admin passwords:
docker exec -it nexus bash
find / -iname admin.*
#OR
docker exec -it nexus cat /nexus-data/admin.password
More : https://hub.docker.com/r/sonatype/nexus3#user-content-persistent-data
Nomad – Container orchestration example for Dev environment
#Install nomad
-Download the stable release form https://www.nomadproject.io/downloads
wget https://releases.hashicorp.com/nomad/1.0.1/nomad_1.0.1_linux_amd64.zip
unzip nomad_1.0.1_linux_amd64.zip
mv nomad /usr/local/bin/#start nomad in dev mode
nomad agent -dev
nomad node status#Install docker https://docs.docker.com/engine/install/centos/
yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
yum install docker-ce docker-ce-cli containerd.io
systemctl start docker
systemctl enable docker#Create simple nginx job file (nginx.nomad)
job "nginx" {
datacenters = ["dc1"]
type = "service"
update {
max_parallel = 1
min_healthy_time = "10s"
healthy_deadline = "3m"
progress_deadline = "10m"
auto_revert = false
canary = 0
}
migrate {
max_parallel = 1
health_check = "checks"
min_healthy_time = "10s"
healthy_deadline = "5m"
}
group "cache" {
count = 1
network {
port "nginx-port" {
to = 80
}
}
service {
name = "nginx-port"
tags = ["nginx", "web"]
port = "nginx-port"
}
restart {
attempts = 2
interval = "30m"
delay = "15s"
mode = "fail"
}
ephemeral_disk {
size = 300
}
task "nginx" {
driver = "docker"
config {
image = "nginx"
ports = ["nginx-port"]
}
resources {
cpu = 500
memory = 256
}
}
}
}
#Nomand commands for Run,Stop, job status and logs
nomad job status
nomad job run nginx.nomad
nomad job stop nginx
nomad job status nginx
nomad alloc status <Allocations ID>
nomad alloc logs <Allocations ID>
#Access webUI at http://127.0.0.1:4646
Strings command in linux
strings /lib64/libc.so.6 |grep GLIBC
strings /bin/ls
Usage: strings [option(s)] [file(s)]
Display printable strings in [file(s)] (stdin by default)
The options are:
-a - --all Scan the entire file, not just the data section [default]
-d --data Only scan the data sections in the file
-f --print-file-name Print the name of the file before each string
-n --bytes=[number] Locate & print any NUL-terminated sequence of at
-<number> least [number] characters (default 4).
-t --radix={o,d,x} Print the location of the string in base 8, 10 or 16
-w --include-all-whitespace Include all whitespace as valid string characters
-o An alias for --radix=o
-T --target=<BFDNAME> Specify the binary file format
-e --encoding={s,S,b,l,B,L} Select character size and endianness:
s = 7-bit, S = 8-bit, {b,l} = 16-bit, {B,L} = 32-bit
-s --output-separator=<string> String used to separate strings in output.
@<file> Read options from <file>
-h --help Display this information
-v -V --version Print the program's version number
strings: supported targets: elf64-x86-64 elf32-i386 elf32-iamcu elf32-x86-64 a.out-i386-linux pei-i386 pei-x86-64 elf64-l1om elf64-k1om elf64-little elf64-big elf32-little elf32-big pe-x86-64 pe-bigobj-x86-64 pe-i386 plugin srec symbolsrec verilog tekhex binary ihex