Friday, January 17, 2025

OpenShift - Authentication and Authorization - Part 2

January 17, 2025 0

 


Authentication and authorization:

Authentication will check whether user has access or not from the system

Authorization : It will user has a right role or access for application side.

Openshift has a two roles 1) cluster role 2) Project role

#oc get clusterrolebinding

#oc get rolebinding

1) Create users

2) Integrate users with OCP

3) How to assign roles as per requirement of user

4) How to create groups

5) How to add users to the groups

Create a user through htpasswd

#htpasswd -c -B -b filename username password

-B option is encrypied the password

-b - single line command

#oc get secret -n openshift-config

Secret has 3 types such as Docker-registry, generic and tls.

#oc create secret generic mysecret --from-file=test -n openshift-config

Create users

#htpasswd -B -b myusers test1 passwd

Integrate users with OCP environment

#oc create secret generic mysecret --from-file=htpasswd=myusers -n openshift-config

#oc get secret mysecret -n openshift-config -o yaml

#oc get oauth cluster -o yaml > oauth.yaml

#oc replace -f oauth.yaml

Testing the login with OCP environment

#oc login -u test -p passwd

#oc new-project testing1

#oc describe project testing1

Edit the yaml file through vim with GUI

#vi .vimrc

autocmd FileType yaml setlocal ts=2 cuc curl

cuc - cursal problem

curl - cursal line

aicuc - Auto indentation 

We can able to get a roles details under clusterrolebinding:

#oc get clusterrolebinding | grep -i cluster-admin

#oc describe clusterrolebinding cluster-admin

Delete a role under clusterrolebinding:

#oc delete clusterrolebinding cluster-admin


Do view the policy

#oc adm policy

Default role of cluster and project policy:

Cluster - Cluster-admin and self-provisioner

Project - admin, edit and view

Adding a user into role

#oc adm policy add-cluster-role-to-user cluster-admin username

Remove a role from user

#oc adm policy remove-cluster-role-from-group self-provisioner user

#oc adm policy remove-cluster-role-from-group self-provisioner system:authenticated:oauth


Tags # Openshift Continue Reading
By at No comments:
Tags

5 ways to Check a remote port status in Linux

January 17, 2025 0

 




System admin will use to check the remote port status for any application / system port issue.

We can check the port status with 5 ways.

Use nc command

#nc -zv IPaddress Portnumber

Use nmap command 

#nmap IPaddress -p portnumber

Use telnet command 

#telnet IPaddress portnumber

Use python module:

#python telnet IPaddress portnumber

Use curl command

curl -v telnet IPaddress:portnumber



Tags # Linux Continue Reading
By at No comments:
Tags

Sunday, January 5, 2025

OpenShift - Private Registry configuration

January 05, 2025 0

 

Private Registry Diagram:

#yum install container-tools -y

* It will install the podman, skopeo and buildah packages.
Default configuration path: /etc/containers/registries.conf

unqulified-search-registries = ["Private Registry host"]
insure = true
blocked = false
location = "private registry host"

* Create a local user for login into private registry hub.
#mkdir /var/lib/containers/registry
#podman run -d --name registry --privileged -v /var/lib/containers/registry:/var/lib/registry -p 5000:5000 --restart=always
#cd /var/lib/containers/registry
#podman pull registry.access.redhat.com/rhscl/httpd-24-rhel7
*Tag the images from registry.
#podman tag registry.access.redhat.com/rhscl/httpd-24-rhel7 private_registry_host:5000/prod/rhel7
#podman push egistry.access.redhat.com/rhscl/httpd-24-rhel7

* We can able to copy an image from docker through skopeo command
#skopeo copy docker://docker.io/redhat/ubi8-minimal  docker://Private_registry_host:5000/prod

buildah is a tool which we can build a image as per our requirement.

#buildah ps
#buildah from fedora [fetch a base image]
#buildah exec -it fedora-working-container bash [access the container]
#buildah images
#buildah run fedora-working-container dnf install httpd [install the pacakge]
#echo "Welcome to Internet world" > index.html [create a web config file]
#buildah copy fedora-working-container index.html > /var/www/html/index.html
#buildah config --entrypoint "/usr/sbin/httpd -DFOREGROUND" fedora-working-container 
#buildah cmd "/usr/sbin/httpd -DFOREGROUND" fedora-working-container
#buildah run "/usr/sbin/httpd -DFOREGROUND" fedora-working-container
#buildah config --entrypoint "/usr/sbin/httpd -DFOREGROUND" fedora-working-container

#buildah commit fedora-working-container myapp

#buildah images
Tags # Openshift Continue Reading
By at No comments:
Tags

Saturday, December 28, 2024

OpenShift - Part 1

December 28, 2024 0

 


OpenShift:
  • OpenShift is provide a platform as service [PaaS]. It is an enterprise product of Kubernetes.
  • OpenShift is a top layer of orchestration ith K8S. K8S will use in the Development or Staging environment and OpenShift will be use in the Production environment.
Container is a light weight, standalone and executable package that includes needed to run a piece of software, libraries or your application codes.
Advantages of Containers:
    * Efficiency - Containers are share the host OS kernel and reducing over head compare to virtual machines.
    * Consistency - Application can run any of the environment irrespective of host OS.
    * Portability - It will portable to any environment and doesn't have any dependencies.
    * Scalability - Containers are scaled up or down easily.
Container components:
    * Container Image - It is a read only template and create along with application and codes.
    * Container -   A running instance from the image.  
    * Registry - It is storing and distributing the images.

Parameter for a Container file creation:

FROM - Sets the base image for the resulting container image. 
WORKDIR - Sets the current working directory with in the container.
COPY and ADD - Copy files from the build host into the file system of the resulting container image. ADD instruction copy a files from URL or untar of file into container image.
RUN - Runs a command in the container and commits with new layer with in the image.
ENTRYPOINT - Sets the executable to run when the container is started. 
CMD - Runs a command when the container has started.  This command is passed to the executable defined by ENTRYPOINT.
LABEL - Add a key pair value to the metadata of the image for organization and image selection.
ENV - Environment variables
ARG - build time variables
Volume - Define a storing data outside of container.


K8S:

Kubernetes is combination of resources such storage, compute and networking.
K8S is not having a container registry by default. [Registry means container images]


K8S will support container such as crio, docker and containerd 
OpenShift will support crio by default.
ssh is restrict into master and worker node from OpenShift 4.0 onwards.

OpenShift 3.x:
Operating System - RHEL/CentOS/Fedora
Allow ssh access to Master and Worker nodes by default.

OpenShift 4.x:
Operating System - RHEL Core O/S

Core OS is means Container Ready OS and It is not mutable.
ssh access is restrict into Master and Worker nodes.

We must setup the SSH key pair for accessing a master and worker nodes, otherwise we must use OC debug node/node name.
#oc debug node/master1
#oc debug node/workernodename
#oc login -u admin -p password API (https://api.hostname.com:6443)

We can check the node status through kubeconfig as well
#oc get nodes --kubeconfig=/home/user/auth/kubeconfig

Logout of current session:
#oc logout


Tags # Openshift Continue Reading
By at No comments:
Tags

Friday, December 27, 2024

Oracle Weblogic 12c Administration - Part 7

December 27, 2024 0

 


WebLogic Server Security:
    * It will handle a security logic and decisions for a domain.
Authentication Providers : It will check and provide the authentication.
Role mapping providers : It will provide the list of roles and segregation the permission.
Authorization provider : It will match the user with roles and remove the roles if doesnot matches with user. It will permit or deny the access.
Credential map providers : It will provide access to third parity provider.
Password validation providers : It will allow the rows and type or change a password for the users.
Certificate providers : It will validate the path of the domain and SSL certification along with third parity validation.
Auditing Providers : It will provide auditing relate queries.
Available Authentication Providers:
* Default by Internal LDAP
* LDAP (generic and vendor specific)
* Database (multiple DBMS providers)
* SAML (Security Assertion Markup language)
Identity Asserters:
* Default
* LDAP X509
* SAML
* Negotiate (SPNEGO)
LDAP Architecture:

WebLogic Administrative Groups:

LDAP issues:


=========================================================================



Tags # AppServer Continue Reading
By at No comments:
Tags

Sunday, December 22, 2024

Oracle Weblogic 12c Administration - Part 6

December 22, 2024 0

 


WebLogic Cluster:
    * It is a logical group of managed servers from the same domain.
    * It provides high availability for the web application, web services, JMS and EJB.
    * We can add a server dynamically.
Advantage of Clustering:

Pros and Cons of Single tier and multi-tier cluster:
WebLogic Proxy Plug-ins:
* Load balancer send a client requests to WebLogic server in a round robin method.
* It will help to send a request to failed or unavailable server in the domain
* It routes the request based on the WebLogic server cookies.
Oracle HTTP Server (OHS)
* It is based on Apache web server
* Installed with the WebLogic Server Plug-in module (mod_wl_ohs) by default
            include "mod_wl_ohs.conf"
* This plugin should be configured by using the mod_wl_ohs.conf file.
* The main configuration file is httpd.conf. It will contain a WebLogic plug-in configuration file as well.
* Configuration file of OHS can found under /Domain_name/config/fmwconfig/components/OHS/instances/OHS_instances_name
Unicast & Multi cast:
Troubleshooting a cluster issue:
* We have to check the WebLogic server Logs
* We have to analsis the OHS Logs
/Domain_name/servers/instance/logs
* Recording the OHS error under this ohs_instance_name.logs
* Recording the access request log under this access_log file.
* It may be due to OHS to WebLogic server connectivity issues
* Multicast connection issues
        * Request session time out issue
Transaction:
* A transaction is a process which handle a group operations as single flow.
It have a four key values as follows:
* Atomic : It will complete with full operation not permit with partial success.
* Consistent : A transaction change a system from one state to other state.
* Isolated : Each transaction will run independently.
* Durable : It will stay in the system if failure of the system.
WebLogic Log location:

Severity Low to High level of log:




Tags # AppServer Continue Reading
By at No comments:
Tags

Thursday, December 19, 2024

Oracle Weblogic 12c Administration - Part 5

December 19, 2024 0

 


 Node Manager
Node Manager is a WebLogic Server Utility.
* It will used to start or stop the Administration and managed server by remotely.
* It will monitor the health of an instance of WebLogic Server and automatically restart if it fails.
* Runs a separate process on the same machines as instance of WebLogic Server.
* It can be set as operating system service to start automatically when a system is rebooted.

Traditional model of Node Manager:


New model of Node Manager:


Starting process of Node Manager 


Some of important parameters in the nodemanager.properties file


Some of the import files under Node Manager home directory:
    * nodemanager.properties : Define a configuration setting for a Java based Node Manager processes.
    * nodemanger.domains : Define a domains which node manager needs to control
    * nodemanager.log : It is used by node manager to logging of process.
    * nm_password.properties : Stores the encrypted Node Manager username/password that the Node manager client uses to authenticate itself to Node manager.
    * boot.properties : It is created by Node Manager to hold a server's encrypted credentials
    * startup.properties : It will record the server startup and health monitoring
    * servername.lck, servername.pid, servername.state : These files are used by Node Manager to track the server status.
    * servername.out : It is a log file for a server started by Node Manager that contains stdout and stderr messages generated by that server.

Deploying the Application into WebLogic server



Software life cycle of WebLogic server:


Type of Java EE deployments:



Deployment Descriptors:
    * It is an XML file packaged within deployment that set properties of the application.
    * Each Java EE deployment has a standard and WebLogic specific deployment descriptors.
Application Load and Street testing:
* Load testing measures performance for a system at different level of concurrent request loads.
* Stress testing will be caring a system limit test.
Load testing tools:
* JMeter
* HP LoadRunner
* Oracle Load Testing
* Grinder

The Grinder Architecture Overview:


Major cause of Performance issue:


Tags # AppServer Continue Reading
By at No comments:
Tags