Thursday, September 29, 2016

Building images with a Dockerfile

Our first Dockerfile

# Version: 0.0.1
FROM ubuntu:14.04
MAINTAINER James Turnbull "james@example.com"
RUN apt-get update
RUN apt-get install -y nginx
RUN echo 'Hi, I am in your container' \
       >/usr/share/nginx/html/index.html
EXPOSE 80



The Dockerfile contains a series of instructions paired with arguments. Each instruction, for example FROM, should be in upper-case and be followed by an argument: FROM ubuntu:14.04. Instructions in the Dockerfile are processed from the top down, so you should order them accordingly.
Each instruction adds a new layer to the image and then commits the image.

Building the image from our Dockerfile

$ sudo docker build -t="jamtur01/static_web" .
Sending build context to Docker daemon 2.56 kB
Sending build context to Docker daemon
Step 0 : FROM ubuntu:14.04
---> ba5877dc9bec
Step 1 : MAINTAINER James Turnbull "james@example.com"
---> Running in b8ffa06f9274
---> 4c66c9dcee35

Pushing images to the Docker Hub

We push images to the Docker Hub using the docker push command.
$ sudo docker push jamtur01/static_web
The push refers to a repository [jamtur01/static_web] (len: 1)
Processing checksums
Sending image list
Pushing repository jamtur01/static_web to registry-1.docker.io (1↩
tags)
. . .

SOURCE:TheDockerBook by James Turnbull

Ping not working in Docker Containers

1. Install ping yum install iputils
2. Set the permission correctly
    chmod 4755 /bin/ping
3. If you are getting error - /usr/bin/ping: Operation not permitted
    Do the following
    sudo setcap "cap_net_raw+ep" /usr/bin/ping

Wednesday, September 28, 2016

Install Docker in RHEL/CentOS 7

Docker is supported on Red Hat Enterprise Linux 7. Docker requires a 64-bit installation regardless of your Red Hat version. Docker requires that your kernel must be 3.10 at minimum, which Red Hat 7 runs.


Install with yum

  1. Log into your machine as a user with sudo or root privileges.
  2. Make sure your existing yum packages are up-to-date.
    $ sudo yum update
    
  3. Add the yum repo yourself.
    $ sudo tee /etc/yum.repos.d/docker.repo <<-EOF
    [dockerrepo]
    name=Docker Repository
    baseurl=https://yum.dockerproject.org/repo/main/centos/7
    enabled=1
    gpgcheck=1
    gpgkey=https://yum.dockerproject.org/gpg
    EOF
    
  4. Install the Docker package.
    $ sudo yum install docker-engine 
  5. If you are getting ' Public key not installed' error try installing like below
  6. yum install --nogpgcheck docker-engine

  • Start the Docker daemon.

  1. $ sudo service docker start
          or
    $ sudo systemctl start docker.service
    
  2. Verify docker is installed correctly by running a test image in a container.
  3. $ sudo docker run hello-world
    Unable to find image 'hello-world:latest' locally
        latest: Pulling from hello-world
        a8219747be10: Pull complete
        91c95931e552: Already exists
        hello-world:latest: The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security.
        Digest: sha256:aa03e5d0d5553b4c3473e89c8619cf79df368babd1.7.1cf5daeb82aab55838d
        Status: Downloaded newer image for hello-world:latest
        Hello from Docker.
        This message shows that your installation appears to be working correctly.
    
        To generate this message, Docker took the following steps:
         1. The Docker client contacted the Docker daemon.
         2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
                (Assuming it was not already locally available.)
         3. The Docker daemon created a new container from that image which runs the
                executable that produces the output you are currently reading.
         4. The Docker daemon streamed that output to the Docker client, which sent it
                to your terminal.
    
        To try something more ambitious, you can run an Ubuntu container with:
         $ docker run -it ubuntu bash
    
        For more examples and ideas, visit:
         http://docs.docker.com/userguide/
  4. Create a docker group

    The docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user root and other users can access it with sudo. For this reason, docker daemon always runs as the rootuser.
    To avoid having to use sudo when you use the docker command, create a Unix group called docker and add users to it. When the docker daemon starts, it makes the ownership of the Unix socket read/writable by thedocker group.
    Warning: The docker group is equivalent to the root user; For details on how this impacts security in your system, see Docker Daemon Attack Surface for details.
    To create the docker group and add your user:
    1. Log into your machine as a user with sudo or root privileges.
    2. Create the docker group.
      sudo groupadd docker
    3. Add your user to docker group.
      sudo usermod -aG docker your_username
    4. Log out and log back in.
      This ensures your user is running with the correct permissions.
    5. Verify your work by running docker without sudo.
          $ docker run hello-world
      

    Start the docker daemon at boot

    To ensure Docker starts when you boot your system, do the following:
    $ sudo chkconfig docker on
    
    If you need to add an HTTP Proxy, set a different directory or partition for the Docker runtime files, or make other customizations, read our Systemd article to learn how to customize your Systemd Docker daemon options.

    Uninstall

    You can uninstall the Docker software with yum.
    1. List the package you have installed.
      $ yum list installed | grep docker
      yum list installed | grep docker
      docker-engine.x86_64                1.7.1-0.1.el7@/docker-engine-1.7.1-0.1.el7.x86_64
      
    2. Remove the package.
      $ sudo yum -y remove docker-engine.x86_64
      
      This command does not remove images, containers, volumes, or user created configuration files on your host.
    3. To delete all images, containers, and volumes run the following command:
      $ rm -rf /var/lib/docker
      
    4. Locate and delete any user-created configuration files.

Monday, September 26, 2016

Install Apache HTTP server in RHEL7 /CentOS 7

In Red Hat Enterprise Linux, the httpd package provides the Apache HTTP Server. Run the following command to see if the httpd package is installed:
~]$ rpm -q httpd
package httpd is not installed
If it is not installed and you want to use the Apache HTTP Server, use the yum utility as the root user to install it:
~]# yum install httpd

THE APACHE HTTP SERVER AND SELINUX

When SELinux is enabled, the Apache HTTP Server (httpd) runs confined by default. Confined processes run in their own domains, and are separated from other confined processes. If a confined process is compromised by an attacker, depending on SELinux policy configuration, an attacker's access to resources and the possible damage they can do is limited. The following example demonstrates the httpd processes running in their own domain. This example assumes the httpd,setroubleshootsetroubleshoot-server and policycoreutils-python packages are installed:
  1. Run the getenforce command to confirm SELinux is running in enforcing mode:
    ~]$ getenforce
    Enforcing
    
    The command returns Enforcing when SELinux is running in enforcing mode.
  2. Run the following command as root to start httpd:
    ~]# systemctl start httpd.service
    Confirm that the service is running. The output should include the information below (only the time stamp will differ):
    ~]# systemctl status httpd.service       
    httpd.service - The Apache HTTP Server
       Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled)
       Active: active (running) since Mon 2013-08-05 14:00:55 CEST; 8s ago
    
  3. To view the httpd processes, execute the following command:
    ~]$ ps -eZ | grep httpd
    system_u:system_r:httpd_t:s0    19780 ?        00:00:00 httpd
    system_u:system_r:httpd_t:s0    19781 ?        00:00:00 httpd
    system_u:system_r:httpd_t:s0    19782 ?        00:00:00 httpd
    system_u:system_r:httpd_t:s0    19783 ?        00:00:00 httpd
    system_u:system_r:httpd_t:s0    19784 ?        00:00:00 httpd
    system_u:system_r:httpd_t:s0    19785 ?        00:00:00 httpd
    
    The SELinux context associated with the httpd processes is system_u:system_r:httpd_t:s0. The second last part of the context, httpd_t, is the type. A type defines a domain for processes and a type for files. In this case, the httpd processes are running in the httpd_t domain.
SELinux policy defines how processes running in confined domains (such as httpd_t) interact with files, other processes, and the system in general. Files must be labeled correctly to allow httpdaccess to them. For example, httpd can read files labeled with the httpd_sys_content_t type, but cannot write to them, even if Linux (DAC) permissions allow write access. Booleans must be enabled to allow certain behavior, such as allowing scripts network access, allowing httpd access to NFS and CIFS volumes, and httpd being allowed to execute Common Gateway Interface (CGI) scripts.
When the /etc/httpd/conf/httpd.conf file is configured so httpd listens on a port other than TCP ports 80, 443, 488, 8008, 8009, or 8443, the semanage port command must be used to add the new port number to SELinux policy configuration. The following example demonstrates configuringhttpd to listen on a port that is not already defined in SELinux policy configuration for httpd, and, as a consequence, httpd failing to start. This example also demonstrates how to then configure the SELinux system to allow httpd to successfully listen on a non-standard port that is not already defined in the policy. This example assumes the httpd package is installed. Run each command in the example as the root user:
  1. Run the following command to confirm httpd is not running:
    ~]# systemctl status httpd.service
    httpd.service - The Apache HTTP Server
       Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled)
              Active: inactive (dead)
    
    If the output differs, stop the process:
    ~]# systemctl stop httpd.service
  2. Use the semanage utility to view the ports SELinux allows httpd to listen on:
    ~]# semanage port -l | grep -w http_port_t
    http_port_t                    tcp      80, 443, 488, 8008, 8009, 8443
    
  3. Edit the /etc/httpd/conf/httpd.conf file as root. Configure the Listen option so it lists a port that is not configured in SELinux policy configuration for httpd. In this example, httpd is configured to listen on port 12345:
    # Change this to Listen on specific IP addresses as shown below to 
    # prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
    #
    #Listen 12.34.56.78:80
    Listen 127.0.0.1:12345
    
  4. Run the following command to start httpd:
    ~]# systemctl start httpd.service
    Job for httpd.service failed. See 'systemctl status httpd.service' and 'journalctl -xn' for details.
    
    An SELinux denial message similar to the following is logged:
    setroubleshoot: SELinux is preventing the httpd (httpd_t) from binding to port 12345. For complete SELinux messages. run sealert -l f18bca99-db64-4c16-9719-1db89f0d8c77
    
  5. For SELinux to allow httpd to listen on port 12345, as used in this example, the following command is required:
    ~]# semanage port -a -t http_port_t -p tcp 12345
  6. Start httpd again and have it listen on the new port:
    ~]# systemctl start httpd.service
  7. Now that SELinux has been configured to allow httpd to listen on a non-standard port (TCP 12345 in this example), httpd starts successfully on this port.
  8. To prove that httpd is listening and communicating on TCP port 12345, open a telnet connection to the specified port and issue a HTTP GET command, as follows:
    ~]# telnet localhost 12345
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    GET / HTTP/1.0
    
    HTTP/1.1 200 OK
    Date: Wed, 02 Dec 2009 14:36:34 GMT
    Server: Apache/2.2.13 (Red Hat)
    Accept-Ranges: bytes
    Content-Length: 3985
    Content-Type: text/html; charset=UTF-8
    [...continues...

Wednesday, September 21, 2016

Setting up Ansible in AWS Linux RHEL

Enable PING
Edit Security Groups>Add Rule>>ICMP

Connect to AWS using putty
Follow the steps mentioned here/
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html

To convert the .pem to .ppk file use the latest PuttyGen otherwise you will encounter the issues like 'Cant load the private key'

Modify the shell prompt

vi /etc/bashrc
Edit the below line as you like
[ "$PS1" = "\\s-\\v\\\$ " ] && PS1="[\u@MyServer>\w]\\$ "

Enable Root Login in AWS Linux machine

Uncomment PermitRootLogin in /etc/ssh/sshd_config

Setup SSH Passwordless authentication


copy the generated .pem file to he server using winscp (if you are using windows)
1. As root run ssh-keygen (generate the key to id_rsa.pub)
2. As ec2-user copy this file to Target server:/home/ec2-user
scp -i "/home/ec2-user/clients.pem" /root/.ssh/id_rsa.pub ec2-user@x.x.x.x:/home/ec2-user/
2. Login to target Server
    cat /home/ec2-user/id_rsa.pub >> /root/.ssh/authorized_keys

Now you have setup the SSH passwordless login for Ansible.

Tuesday, September 20, 2016

Screen Resolution Problem with Ubuntu 14.04 and VirtualBox

Issue: Unable to change system resolution in Virtualbox VM - Ubuntu.

Solution: Install VirtualBox Guest Additions.

1. apt-get update
2. apt-get install virtualbox-guest-dkms
3. Restart the machine to make the changes effective. 

Installing Ansible in RHEL

Prerequisites.

  • Operating System: RHEL/CentOS/Fedora (above version 6.5 or 7)
  • Jinja2: A modern, fast and easy to use stand-alone template engine for Python.
  • PyYAML: A YAML parser and emitter for the Python programming language.
  • parmiko: A native Python SSHv2 channel library.
  • httplib2: A comprehensive HTTP client library.
  • sshpass: A non-interactive ssh password authentication.


1. yum install python-jinja2 python-paramiko python-httplib2 PyYAML sshpass
2. yum install ansible

Check the Ansible version

ansible --version

[root@XXXXXX]# ansible --version
ansible 2.1.1.0
config file = /etc/ansible/ansible.cfg
configured module search path = Default w/o overrides

Monday, September 19, 2016

Howto Install Gnome/KDE Desktop in CentOS 5

A typical GNU/Linux installation for server doesn't really need a GUI, however if you need a GUI in the future for some reasons, its easy to install. This tutorial assumes a basic knowledge of the Linux Command Line. This tutorial applies to CentOS and other Red Hat-based distro.

Type this command

# yum grouplist


Setting up Group Process
Setting up repositories
yumgroups.xml             100% |=========================| 558 kB    00:21
yumgroups.xml             100% |=========================| 4.6 kB    00:00
Installed Groups:
   Administration Tools
   Compatibility Arch Support
   DNS Name Server
   FTP Server
   Mail Server
   MySQL Database
   Server Configuration Tools
   Text-based Internet
   Web Server
   Windows File Server
Available Groups:
   AptRPM
   Authoring and Publishing
   Compatibility Arch Development Support
   Development Tools
   Editors
   Engineering and Scientific
   GNOME Desktop Environment
   GNOME Software Development
   Games and Entertainment
   Graphical Internet
   Graphics
   Horde-Apps
   KDE (K Desktop Environment)
   KDE Software Development
   Legacy Network Server
   Legacy Software Development
   Network Servers
   News Server
   Office/Productivity
   PostgreSQL Database
   Printing Support
   Sound and Video
   System Tools
   X Software Development
   X Window System
   XFCE-4.2
   drbd-heartbeat
Done
To install Gnome Desktop type this
yum groupinstall "X Window System" "GNOME Desktop Environment"
and for KDE Desktop
yum groupinstall "X Window System" "KDE (K Desktop Environment)"
Change this line in /etc/inittab
id:3:initdefault:
to
id:5:initdefault:
If you install both Gnome and KDE, the default Desktop will be Gnome. If you want to change your default desktop from Gnome to Kde, open the /etc/sysconfig/desktop file:
vi /etc/sysconfig/desktop
and set DESKTOP variable to KDE:
DESKTOP="KDE"
DISPLAYMANAGER="KDE" 
To switch desktop, run this command:
switchdesk kde
Have Fun!