How to use VAS4 inside Docker container?

The problem statement here is to recognize and use your AD authenticated host-users inside any Docker container.

Enjoy the graphics! Not really related to VAS but I find it funny!

docker-meme

Problem in action!

$ docker run -it --rm rhel7 id vasuser
id: vasuser: no such user

You see the problem?

Mounting `/etc/nsswitch.conf` & `/opt/quest` inside container was a no-brainer, so thatโ€™s our starting point.

Continue reading How to use VAS4 inside Docker container?

Minimal Mesosphere DC/OS 1.8 on CentOS 7.x

Minimal Mesosphere DC/OS v1.8, with TWEAK for running a tiny “marathon-lb” on the “slave” node ๐Ÿ™‚

### Prerequisites:

  • Two VMs only! (for a resource constrained lab or laptop)
  • CentOS 7.2 Minimal + SELINUX Disabled + Firewall Disabled + IPv6 Disabled
  • Docker 1.11.X with “–storage-driver=overlay”
  • Catch-all DNS *.a172.sudhaker.com => 192.168.0.172

My configuration

# Role: bootstrap + master + dcos-cli
mesos-mini-01       2 CPU, 4GB RAM, 60GB HDD
# Role: the slave (hybrid)
mesos-mini-02       2 CPU, 4GB RAM, 60GB HDD

minimal-dcos-marathon

Continue reading Minimal Mesosphere DC/OS 1.8 on CentOS 7.x

Caching YUM Proxy

I often need VMs with {minimal-centos} + {docker} for my learning experiments in my basement-lab. For example, an experimental Mesosphere DC/OS cluster requires 10+ nodes (one boot, three masters, five+ agents, one public-agent). I’ve automated the build process using ansible playbook & kickstart to make my life easier (just execute a shell script, and entire cluster-farm is ready in about 20 minutes).

So far so good – but a single iteration of such build makes over 550 URL requests and transfers about 300 MB files from various YUM repositories. That’s why I wrote this caching YUM proxy which considerably speeds up my build process. Also a respectful gesture to mirror-providers who donate their valuable resource to the community.

Here are the list of repo mapping that I needed.

http://centos.mirror.constant.com/7/os/x86_64/
mapped to => http://local.sudhaker.com/centos-7-os/

http://centos.mirror.constant.com/7/updates/x86_64/
mapped to => http://local.sudhaker.com/centos-7-updates/

http://centos.mirror.constant.com/7/extras/x86_64/
mapped to => http://local.sudhaker.com/centos-7-extras/

http://dl.fedoraproject.org/pub/epel/7/x86_64/
mapped to => http://local.sudhaker.com/epel-7/

http://yum.dockerproject.org/repo/main/centos/7/
mapped to => http://local.sudhaker.com/dockerproject/

And following nginx-configuration did the magic!
Continue reading Caching YUM Proxy

Wireless AP on Raspberrey Pi 2 & Alpine Linux

Alpine Linux for Raspberry PI is my favorite mainly because of the “diskless mode”, which ensures that my sdcard won’t be touched except boot and “lbu commit” hence minor wear-n-tear for the media.

This article is the phase-1 of the building of an AP with MTIM proxy + ssl_bump. Stay tuned for squid3 + ssl_bump and other configuration

Setup: RASPBERRY PI 2 Model B + alpine-rpi-3.4.2-armhf.rpi.tar.gz

Alpine install for PI was pretty straight-forward except following issues:

#1 DHCP timeout issue that randomly leaving LAN from getting a valid IP address. The fix is adding a “udhcpc_opts -t 12” in the “eth0” section of “/etc/network/interfaces” (as shown below).

auto eth0
iface eth0 inet dhcp
        hostname pi-router
        udhcpc_opts -t 12

#2 Remote login for “root” was denied by default. The fix is changing the “PermitRootLogin” flag to “yes” in the “/etc/ssh/sshd_config”.

sed -i -e 's|^#PermitRootLogin .*$|PermitRootLogin yes|' /etc/ssh/sshd_config

Now you just need to run the following script to turn your PI into a cool wi-fi access-point.

Continue reading Wireless AP on Raspberrey Pi 2 & Alpine Linux

Simple ‘Hello World’ App on DC/OS

Prerequisites: You have a catch-all DNS configured for your given FQN (example: *.mesos.sudhaker.com) that resolves to public_node(s).

Install ‘external’ load balancer.

tee marathon-lb-external.json << '__EOF__'
{ "marathon-lb":{ "name": "marathon-lb-external", "instances": 1, "haproxy-group": "external", "role": "slave_public", "mem": 512, "cpus": 1} }
__EOF__
 
dcos package install --options=marathon-lb-external.json --yes marathon-lb

Continue reading Simple ‘Hello World’ App on DC/OS

Multi-node Mesosphere DC/OS 1.7 on CentOS 7.x

Setup: CentOS 7.2 Minimal + SELINUX Disabled + Firewall Disabled + IPv6 Disabled

— DEPRECATED (may work; not tested lately) —
— Stay tuned for v1.8 instructions —

mesos-boot          2 CPU, 4GB RAM, 60GB HDD
mesos-master-01     2 CPU, 4GB RAM, 60GB HDD + 200GB HDD
mesos-master-02     2 CPU, 4GB RAM, 60GB HDD + 200GB HDD
mesos-master-03     2 CPU, 4GB RAM, 60GB HDD + 200GB HDD
mesos-node-01       4 CPU, 16GB RAM, 200GB HDD
mesos-node-02       4 CPU, 16GB RAM, 200GB HDD
mesos-node-03       4 CPU, 16GB RAM, 200GB HDD
mesos-node-04       4 CPU, 16GB RAM, 200GB HDD
mesos-node-05       4 CPU, 16GB RAM, 200GB HDD
mesos-node-06       4 CPU, 16GB RAM, 200GB HDD
mesos-node-07       2 CPU, 4GB RAM, 60GB HDD (public)

Continue reading Multi-node Mesosphere DC/OS 1.7 on CentOS 7.x

Multi-node Kubernetes on CentOS 7.x with Flannel

Mode: Multi-node setup, with Flannel, using Kismatic repo.

— DEPRECATED (may work; not tested lately) —

This is the common script (kube-base.txt) that we run on every machine. Please tweak it for your environment (mainly IPs) and drop it on some web location.

# file: kube-base.txt
# add docker repo and install docker
cat > /etc/yum.repos.d/docker.repo << '__EOF__'
[docker]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/7
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
__EOF__
 
yum install docker-engine -y
 
mkdir -p /etc/systemd/system/docker.service.d 
 
cat > /etc/systemd/system/docker.service.d/override.conf << '__EOF__'
[Service] 
ExecStart= 
ExecStart=/usr/bin/docker daemon --storage-driver=overlay $DOCKER_NETWORK_OPTIONS
__EOF__
 
systemctl daemon-reload
systemctl enable docker
 
# we'll start docker only after flannel is up and running
# systemctl start docker
 
tee -a /etc/hosts << '__EOF__'
 
192.168.1.150 kube-master
192.168.1.151 kube-node-01
192.168.1.152 kube-node-02
192.168.1.153 kube-node-03
__EOF__

Continue reading Multi-node Kubernetes on CentOS 7.x with Flannel

My kickstart package selection for CentOS 7.2

I figured that kickstart was ignoring my “–nodefaults” request so I ended up peeking into “repodata/*-comps.xml.gz” and requesting to exclude “default” & “optional” packages individually (many will still show-up because of dependencies).

Here is my hack for having a more minimal cent-os.
Continue reading My kickstart package selection for CentOS 7.2

Install the latest Mesos on CentOS 7.x

Prerequisites: CentOS 7.x minimal install (tested on 7.2) + docker

Setup: single node (all-in-one), Mesosphere repo

— DEPRECATED (will not work, repo broken) —

yum install http://repos.mesosphere.io/el/7/noarch/RPMS/mesosphere-el-repo-7-1.noarch.rpm
 
yum install docker mesosphere-zookeeper mesos marathon chronos  -y
 
echo 'docker,mesos' > /etc/mesos-slave/containerizers
 
for SERVICES in docker zookeeper mesos-master mesos-slave marathon chronos; do
    systemctl enable $SERVICES
    systemctl restart $SERVICES
done
 
firewall-cmd --permanent --zone=public --add-port=5050/tcp # mesos-master
firewall-cmd --permanent --zone=public --add-port=5051/tcp # mesos-slave
firewall-cmd --permanent --zone=public --add-port=8080/tcp # marathon
firewall-cmd --permanent --zone=public --add-port=4400/tcp # chronos
firewall-cmd --reload

And then browse to http://IP_ADDRESS:8080/

mesos_marathon