How to use VAS4 inside Docker container?

The problem statement here is to recognize and use your AD authenticated host-users inside any Docker container.

Enjoy the graphics! Not really related to VAS but I find it funny!

docker-meme

Problem in action!

$ docker run -it --rm rhel7 id vasuser
id: vasuser: no such user

You see the problem?

Mounting `/etc/nsswitch.conf` & `/opt/quest` inside container was a no-brainer, so that’s our starting point.

Continue reading How to use VAS4 inside Docker container?

Minimal Mesosphere DC/OS 1.8 on CentOS 7.x

Minimal Mesosphere DC/OS v1.8, with TWEAK for running a tiny “marathon-lb” on the “slave” node 🙂

### Prerequisites:

  • Two VMs only! (for a resource constrained lab or laptop)
  • CentOS 7.2 Minimal + SELINUX Disabled + Firewall Disabled + IPv6 Disabled
  • Docker 1.11.X with “–storage-driver=overlay”
  • Catch-all DNS *.a172.sudhaker.com => 192.168.0.172

My configuration

# Role: bootstrap + master + dcos-cli
mesos-mini-01       2 CPU, 4GB RAM, 60GB HDD
# Role: the slave (hybrid)
mesos-mini-02       2 CPU, 4GB RAM, 60GB HDD

minimal-dcos-marathon

Continue reading Minimal Mesosphere DC/OS 1.8 on CentOS 7.x

Caching YUM Proxy

I often need VMs with {minimal-centos} + {docker} for my learning experiments in my basement-lab. For example, an experimental Mesosphere DC/OS cluster requires 10+ nodes (one boot, three masters, five+ agents, one public-agent). I’ve automated the build process using ansible playbook & kickstart to make my life easier (just execute a shell script, and entire cluster-farm is ready in about 20 minutes).

So far so good – but a single iteration of such build makes over 550 URL requests and transfers about 300 MB files from various YUM repositories. That’s why I wrote this caching YUM proxy which considerably speeds up my build process. Also a respectful gesture to mirror-providers who donate their valuable resource to the community.

Here are the list of repo mapping that I needed.

http://centos.mirror.constant.com/7/os/x86_64/
mapped to => http://local.sudhaker.com/centos-7-os/

http://centos.mirror.constant.com/7/updates/x86_64/
mapped to => http://local.sudhaker.com/centos-7-updates/

http://centos.mirror.constant.com/7/extras/x86_64/
mapped to => http://local.sudhaker.com/centos-7-extras/

http://dl.fedoraproject.org/pub/epel/7/x86_64/
mapped to => http://local.sudhaker.com/epel-7/

http://yum.dockerproject.org/repo/main/centos/7/
mapped to => http://local.sudhaker.com/dockerproject/

And following nginx-configuration did the magic!
Continue reading Caching YUM Proxy

Wireless AP on Raspberrey Pi 2 & Alpine Linux

Alpine Linux for Raspberry PI is my favorite mainly because of the “diskless mode”, which ensures that my sdcard won’t be touched except boot and “lbu commit” hence minor wear-n-tear for the media.

This article is the phase-1 of the building of an AP with MTIM proxy + ssl_bump. Stay tuned for squid3 + ssl_bump and other configuration

Setup: RASPBERRY PI 2 Model B + alpine-rpi-3.4.2-armhf.rpi.tar.gz

Alpine install for PI was pretty straight-forward except following issues:

#1 DHCP timeout issue that randomly leaving LAN from getting a valid IP address. The fix is adding a “udhcpc_opts -t 12” in the “eth0” section of “/etc/network/interfaces” (as shown below).

auto eth0
iface eth0 inet dhcp
        hostname pi-router
        udhcpc_opts -t 12

#2 Remote login for “root” was denied by default. The fix is changing the “PermitRootLogin” flag to “yes” in the “/etc/ssh/sshd_config”.

sed -i -e 's|^#PermitRootLogin .*$|PermitRootLogin yes|' /etc/ssh/sshd_config

Now you just need to run the following script to turn your PI into a cool wi-fi access-point.

Continue reading Wireless AP on Raspberrey Pi 2 & Alpine Linux

Simple ‘Hello World’ App on DC/OS

Prerequisites: You have a catch-all DNS configured for your given FQN (example: *.mesos.sudhaker.com) that resolves to public_node(s).

Install ‘external’ load balancer.

tee marathon-lb-external.json << '__EOF__'
{ "marathon-lb":{ "name": "marathon-lb-external", "instances": 1, "haproxy-group": "external", "role": "slave_public", "mem": 512, "cpus": 1} }
__EOF__
 
dcos package install --options=marathon-lb-external.json --yes marathon-lb

Continue reading Simple ‘Hello World’ App on DC/OS

Multi-node Mesosphere DC/OS 1.7 on CentOS 7.x

Setup: CentOS 7.2 Minimal + SELINUX Disabled + Firewall Disabled + IPv6 Disabled

— DEPRECATED (may work; not tested lately) —
— Stay tuned for v1.8 instructions —

mesos-boot          2 CPU, 4GB RAM, 60GB HDD
mesos-master-01     2 CPU, 4GB RAM, 60GB HDD + 200GB HDD
mesos-master-02     2 CPU, 4GB RAM, 60GB HDD + 200GB HDD
mesos-master-03     2 CPU, 4GB RAM, 60GB HDD + 200GB HDD
mesos-node-01       4 CPU, 16GB RAM, 200GB HDD
mesos-node-02       4 CPU, 16GB RAM, 200GB HDD
mesos-node-03       4 CPU, 16GB RAM, 200GB HDD
mesos-node-04       4 CPU, 16GB RAM, 200GB HDD
mesos-node-05       4 CPU, 16GB RAM, 200GB HDD
mesos-node-06       4 CPU, 16GB RAM, 200GB HDD
mesos-node-07       2 CPU, 4GB RAM, 60GB HDD (public)

Continue reading Multi-node Mesosphere DC/OS 1.7 on CentOS 7.x

Multi-node Kubernetes on CentOS 7.x with Flannel

Mode: Multi-node setup, with Flannel, using Kismatic repo.

— DEPRECATED (may work; not tested lately) —

This is the common script (kube-base.txt) that we run on every machine. Please tweak it for your environment (mainly IPs) and drop it on some web location.

# file: kube-base.txt
# add docker repo and install docker
cat > /etc/yum.repos.d/docker.repo << '__EOF__'
[docker]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
__EOF__
 
yum install docker-engine -y
 
mkdir -p /etc/systemd/system/docker.service.d 
 
cat > /etc/systemd/system/docker.service.d/override.conf << '__EOF__'
[Service] 
ExecStart= 
ExecStart=/usr/bin/docker daemon --storage-driver=overlay $DOCKER_NETWORK_OPTIONS
__EOF__
 
systemctl daemon-reload
systemctl enable docker
 
# we'll start docker only after flannel is up and running
# systemctl start docker
 
tee -a /etc/hosts << '__EOF__'
 
192.168.1.150 kube-master
192.168.1.151 kube-node-01
192.168.1.152 kube-node-02
192.168.1.153 kube-node-03
__EOF__

Continue reading Multi-node Kubernetes on CentOS 7.x with Flannel

My kickstart package selection for CentOS 7.2

I figured that kickstart was ignoring my “–nodefaults” request so I ended up peeking into “repodata/*-comps.xml.gz” and requesting to exclude “default” & “optional” packages individually (many will still show-up because of dependencies).

Here is my hack for having a more minimal cent-os.
Continue reading My kickstart package selection for CentOS 7.2

Install the latest Mesos on CentOS 7.x

Prerequisites: CentOS 7.x minimal install (tested on 7.2) + docker

Setup: single node (all-in-one), Mesosphere repo

— DEPRECATED (will not work, repo broken) —

yum install http://repos.mesosphere.io/el/7/noarch/RPMS/mesosphere-el-repo-7-1.noarch.rpm
 
yum install docker mesosphere-zookeeper mesos marathon chronos  -y
 
echo 'docker,mesos' > /etc/mesos-slave/containerizers
 
for SERVICES in docker zookeeper mesos-master mesos-slave marathon chronos; do
    systemctl enable $SERVICES
    systemctl restart $SERVICES
done
 
firewall-cmd --permanent --zone=public --add-port=5050/tcp # mesos-master
firewall-cmd --permanent --zone=public --add-port=5051/tcp # mesos-slave
firewall-cmd --permanent --zone=public --add-port=8080/tcp # marathon
firewall-cmd --permanent --zone=public --add-port=4400/tcp # chronos
firewall-cmd --reload

And then browse to http://IP_ADDRESS:8080/

mesos_marathon

Build DOCKER image using Openshift S2I

Source-To-Image (S2I), as the name implies, is responsible for transforming your application source into an executable Docker image that we can later run inside of OpenShift v3 or directly via `docker run`.

We can find the main project at github and bunch of sti templates for language specific builds.

https://github.com/openshift/sti-php
https://github.com/openshift/sti-ruby
https://github.com/openshift/sti-wildfly
https://github.com/openshift/sti-perl
https://github.com/openshift/sti-python
https://github.com/openshift/sti-nodejs

We need to get the s2i tool from github release and include in PATH.

[sudhaker@dell-cs24-n2 ~]$ wget https://github.com/openshift/source-to-image/releases/download/v1.0.5/source-to-image-v1.0.5-b731f95-linux-amd64.tar.gz
...
[sudhaker@dell-cs24-n2 ~]$ ll
total 5860
drwxrwxr-x. 2 sudhaker sudhaker    4096 Feb 26 21:04 bin
-rw-rw-r--. 1 sudhaker sudhaker 5992810 Feb 18 13:23 source-to-image-v1.0.5-b731f95-linux-amd64.tar.gz
[sudhaker@dell-cs24-n2 ~]$ cd bin; tar zxf ../source-to-image-*.tar.gz; rm ../source-to-image-*.tar.gz; cd -

And the proceed with cooking docker image from a source repository.

[sudhaker@dell-cs24-n2 ~]$ sudo docker images | grep -v openshift
REPOSITORY                                   TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
[sudhaker@dell-cs24-n2 ~]$ sudo ~/bin/s2i build git://github.com/sudhaker/my-node-app openshift/nodejs-010-centos7 my-node-app
I0228 19:19:01.037320 01056 clone.go:32] Downloading "git://github.com/sudhaker/my-node-app" ...
I0228 19:19:01.356601 01056 install.go:236] Using "assemble" installed from "image:///usr/libexec/s2i/assemble"
I0228 19:19:01.356684 01056 install.go:236] Using "run" installed from "image:///usr/libexec/s2i/run"
I0228 19:19:01.356740 01056 install.go:236] Using "save-artifacts" installed from "image:///usr/libexec/s2i/save-artifacts"
---> Installing application source
---> Building your Node application from source
E0228 19:19:05.417666 01056 util.go:91] npm info it worked if it ends with ok
E0228 19:19:05.417827 01056 util.go:91] npm info using npm@1.4.28
E0228 19:19:05.417915 01056 util.go:91] npm info using node@v0.10.40
E0228 19:19:05.608556 01056 util.go:91] npm info preinstall my-node-app@0.0.1
E0228 19:19:05.618591 01056 util.go:91] npm info build /opt/app-root/src
E0228 19:19:05.619139 01056 util.go:91] npm info linkStuff my-node-app@0.0.1
E0228 19:19:05.620359 01056 util.go:91] npm info install my-node-app@0.0.1
E0228 19:19:05.622702 01056 util.go:91] npm info postinstall my-node-app@0.0.1
E0228 19:19:05.623821 01056 util.go:91] npm info prepublish my-node-app@0.0.1
E0228 19:19:05.628719 01056 util.go:91] npm info ok
[sudhaker@dell-cs24-n2 bin]$ sudo docker images | grep -v openshift
REPOSITORY                                   TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
my-node-app                                  latest              85901d40c60b        55 seconds ago      438.7 MB

Let’s test this docker image

[sudhaker@dell-cs24-n2 ~]$ sudo docker run --detach --publish 8080:8080 my-node-app
92c707e8bedd4d08e5e9f2edc432b1febb700102b62dfb98349fd2217e5d342e
[sudhaker@dell-cs24-n2 ~]$ curl http://localhost:8080/
My Node App v-1.0 !! Server : 92c707e8bedd