Installing Go on Debian

 

1.   Download go tar file from https://golang.org/dl/

wget https://dl.google.com/go/go1.11.1.linux-amd64.tar.gz

2.    untar the file

tar -xzvf go1.11.1.linux-amd64.tar.gz

3.  Move the go folder to installation directory, here I am moving it to /usr/local

mv go /usr/local

4.  Set the path

export GOROOT=/usr/local/go
export PATH=$GOROOT/bin:$PATH

We can add the above entries in ~/.profile file to make it permanent.

5.  Verify the installation

$ go version
go version go1.11.1 linux/amd64
# go env
GOARCH="amd64"
GOBIN=""
GOCACHE="/root/.cache/go-build"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/root/go"
GOPROXY=""
GORACE=""
GOROOT="/usr/local/go"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build056142857=/tmp/go-build -gno-record-gcc-switches"

Install ansible on Centos 7 / RHEL 7

Install ansible on Centos 7 / RHEL 7

1. Install epel-release package

yum install https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm

2. Installation

2.1 Update the OS
             yum update

2.2 Install the ansible
             yum install ansible

2.3 check ansible version
            ansible –version

 

Puppet – Installing modules

1. Search for puppet modules

1.i from cli
$ puppet module search accounts

1.ii OR from https://forge.puppet.com/

2. Install puppet module from puppet forge repository

$ puppet module install puppetlabs/accounts
Notice: Preparing to install into /etc/puppetlabs/code/environments/production/modules …
Notice: Downloading from https://forgeapi.puppet.com …
Notice: Installing — do not interrupt …
/etc/puppetlabs/code/environments/production/modules
└─┬ puppetlabs-accounts (v1.3.0)
└── puppetlabs-stdlib (v4.25.1)

3. Install puppet module from different repository

$ puppet module install –module_repository http://dev-forge.example.com puppetlabs-apache

4. Install puppet module from release tar ball

$ puppet module install ~/puppetlabs-apache-0.10.0.tar.gz –ignore-dependencies

5. Show installed puppet modules

$ puppet module list
/etc/puppetlabs/code/environments/production/modules
├── puppetlabs-accounts (v1.3.0)
├── puppetlabs-stdlib (v4.25.1)
├── ssh (???)
└── usermanagement (???)
/etc/puppetlabs/code/modules (no modules installed)
/opt/puppetlabs/puppet/modules
├── puppetlabs-facter_task (v0.3.0)
├── puppetlabs-package (v0.2.0)
├── puppetlabs-pe_accounts (v2016.5.0)
├── puppetlabs-pe_concat (v1.1.1)
├── puppetlabs-pe_hocon (v2016.2.0)
├── puppetlabs-pe_infrastructure (v2018.1.0)
├── puppetlabs-pe_inifile (v1.1.3)
├── puppetlabs-pe_install (v2018.1.0)
├── puppetlabs-pe_java_ks (v2016.4.0)
├── puppetlabs-pe_nginx (v2017.1.0)
├── puppetlabs-pe_postgresql (v2016.5.0)
├── puppetlabs-pe_puppet_authorization (v2016.2.0)
├── puppetlabs-pe_r10k (v2016.2.0)
├── puppetlabs-pe_razor (v0.2.1)
├── puppetlabs-pe_repo (v2018.1.0)
├── puppetlabs-pe_staging (v0.3.3)
├── puppetlabs-pe_support_script (v2.7.0)
├── puppetlabs-puppet_conf (v0.2.0)
├── puppetlabs-puppet_enterprise (v2018.1.0)
└── puppetlabs-service (v0.3.1)

6. Upgrade puppet module

$ puppet module upgrade module-name
$ puppet module upgrade puppetlabs-accounts
$ puppet module upgrade puppetlabs-accounts –version=v1.3.0

7. Uninstall puppet module

$ puppet module uninstall module-name
$ puppet module uninstall puppetlabs-accounts

reference:
https://puppet.com/docs/puppet/5.3/modules_installing.html#installing-modules-from-the-command-line

Cloudflare API- bash script to block IP address in firewall (check if IP exists)

Cloudflare API- bash script to block IP address in firewall 
[ check if IP exists in the firewall before blocking ]

Note: The details of organization,zone etc can be found in respective cloudflare login

Requirement: Install jq, https://stedolan.github.io/jq/

 

#!/bin/bash
organization=””
zones=””
email=””
authkey=””
id=””
org_name=””
notes=””

> ipsblocked.txt

for i in `cat ips.txt`; do
RESULT_JSON=`curl -sSX GET “https://api.cloudflare.com/client/v4/organizations/$organization/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=$i” -H “X-Auth-Email: $email” -H “X-Auth-Key: $authkey” -H “Content-Type: application/json”;`
echo “\n”
#echo “$RESULT_JSON”
#echo ” result with jq”
STATUS_IPBLOCKED=`echo “$RESULT_JSON” | jq ‘.mode’`

if [ $STATUS_IPBLOCKED != block ]
then
curl -sSX POST “https://api.cloudflare.com/client/v4/organizations/$organization/firewall/access_rules/rules” -H “X-Auth-Email: $email” -H “X-Auth-Key: $authkey” -H “Content-Type: application/json” –data “{\”mode\”:\”block\”,\”scope\”:{\”id\”:\”$id\”,\”name\”:\”$org_name\”,\”type\”:\”organization\”},\”configuration\”:{\”target\”:\”ip\”,\”value\”:\”$i\”},\”notes\”:\”$notes\”}” ;
echo “\n”
echo “IP $i blocked in Cloudflare”
echo “IP $i blocked in Cloudflare” >> ipsblocked.txt
echo “\n”
else
echo “IP $i already blocked in Cloudflare, skip”
echo “IP $i already blocked in Cloudflare, skip” >> ips_blocked.txt
fi

echo “\n”
done

Cloudflare API- bash script to block IP address in firewall

 

Cloudflare API bash script to block IP address in firewall

#!/bin/bash
zones =
email =
authkey =
id =
org_name =
notes =

for i in `cat ips.txt`; do
curl -sSX POST “https://api.cloudflare.com/client/v4/zones/$zones/firewall/access_rules/rules” -H “X-Auth-Email: $email” -H “X-Auth-Key: $authkey” -H “Content-Type: application/json” –data “{\”mode\”:\”block\”,\”scope\”:{\”id\”:\”$id\”,\”name\”:\”$org_name\”,\”type\”:\”organization\”},\”configuration\”:{\”target\”:\”ip\”,\”value\”:\”$i\”},\”notes\”:\”$notes\”}” ;
echo “\n”
echo “IP $i blocked in Cloudflare”
echo “\n”
done

Mac OSX – openvpn setup from cli

1.  Install openvpn from terminal

$ brew install openvpn

2.   Download the config files for the connection and copy it to/usr/local/etc/openvpn/

eg: it will have the .ovpn file , crt, key files

2.1 eg: of connection.ovpn config file

client
dev tun
proto tcp
remote vpn.server.com 443
route remote_host 255.255.255.255 net_gateway
resolv-retry infinite
nobind
persist-key
persist-tun
ca vpn.server.com.ca.crt
cert vpn.server.com.user.crt
key vpn.server.com.user.key
auth-user-pass auth.txt
cipher AES-128-CBC
auth SHA1
comp-lzo
route-delay 4
verb 3
reneg-sec 0

2.2 for autologin using username and password, create auth.txt file in same folder /usr/local/etc/openvpn/, with username and password in  two lines.

cat auth.txt

username
password

3.  Script to start the vpn connection, if the openvpn connection is not running [ run the script as root user, or with sudo ]

 

#!/bin/bash
PATH=/usr/local/bin:/usr/local/sbin:~/bin:/usr/bin:/bin:/usr/sbin:/sbin
RESULT=`ps aux |grep openvpn |grep -v ‘grep’ |awk ‘{print $2}’`
# Uncomment following line to stop and start openvpn
#kill -9 ${RESULT}

if [ “${RESULT}” == ” ]; then
cd /usr/local/etc/openvpn/
/usr/local/Cellar/openvpn/2.4.4/sbin/openvpn connection.ovpn &
echo “NOT Running at `date`” >> /var/log/vpnclient.log
mail -s “VPN not running at `date`” -F email@emaildomain.com <<< ” vpn not working message at `date`”
else
echo “Running at `date`” >> /var/log/vpnclient.log
fi

 

 

 

PHP unit test using Jenkins and Ansible script

 

1.1 Create the Jenkins Job

Jenkins -> New Item -> Freestype project – >

Enter the project name

 

1.2 At the Build section,  “Add build step” ->  Execute shell , enter the ansible-playbook details to be executed

1.3 In the “Post-build Actions” ->  “Add post-build actions” -> “Publish JUnit test result report” -> and set “Test reports XMLs” to the php unit test output xml file

2. Ansible playbook

– hosts: host1
vars:
base_dir: /projectdir/
tasks:
– name: run testrunner
shell: php vendor/bin/phpunit –log-junit results/phpunit/phpunit.xml
args:
chdir: “{{ base_dir }}/api”
register: phpunit_output
ignore_errors: yes

– name: rsync results/phpunit/phpunit.xml file to jenkins
command: rsync -vr root@host1:/project/results /var/lib/jenkins/jobs/Php-test/workspace/
delegate_to: localhost

 

eg: host1 , host where the php project is located

Install prometheus on centos7/rhel7

  1. Download prometheus monitoring tool. Latest downloads can be found at https://prometheus.io/download/

    curl -LO “https://github.com/prometheus/prometheus/releases/download/v1.7.1/prometheus-1.7.1.linux-amd64.tar.gz”

  2.  Untar the  file and move it to installation folder

    tar -xzvf prometheus-1.7.1.linux-amd64.tar.gz

  3. Move it to installation folder , here I am moving it to /var/lib

    mv prometheus-1.7.1.linux-amd64 /var/lib/prometheus

  4.  Edit the prometheus.yml file and update the scrape config– job_name: ‘server_monitoring’   scrape_interval: 15s   metrics_path: “/metrics”   static_configs:

        – targets:

            – server1:9100

            – server2:9100

            – server3:9100

          labels:

            service: servers_usage

       relabel_configs:

       – source_labels: [__address__]

         regex: ‘(.*)\:9108’

         target_label:  ‘instance’

         replacement:   ‘$1’

  5.  Add the start script in /etc/systemd/system/prometheus.service
    # echo “[Unit]
    Description=Prometheus Server
    Documentation=https://prometheus.io/docs/introduction/overview/
    After=network-online.target[Service]
    User=root
    Restart=on-failure
    ExecStart=/var/lib/prometheus/prometheus -config.file=/var/lib/prometheus/prometheus.yml -storage.local.path=/var/lib/prometheus/data[Install]
    WantedBy=multi-user.target”
  6. Start the prometheus service

    systemctl start prometheus

  7. Prometheus can now be accessible from http://<ip-address:9090

 

Install Grafana on CentOS/Rhel 7

  1. Download the rpm file

    wget https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana-4.6.3-1.x86_64.rpm

  2.  install initscripts & fontconfig

     yum install initscripts fontconfig urw-fonts

  3.   Install Grafana rpm file

    rpm -ivh grafana-4.6.3-1.x86_64.rpm

  4.  Enable and start Grafana service

    systemctl enable grafana-server.service

    systemctl start grafana-server.service

  5.  After that Grafana can be accessed using the url http://<ipaddress>:3000/. Default username and password is admin / admin.