Openshift alertmanager
go to https://api.slack.com/apps to create new app, get a api url
https://api.slack.com/apps
get existing secret (config) of alertmanager
oc -n openshift-monitoring get secret alertmanager-main --template='' |base64 -d > alertmanager.yaml
edit secret like this :
in this example, receiver slack will be default receivier, every alert didn’t ...
AWS Openshift cluster build by ansible
this is a Openshift cluster build demo by ansible uses US-West AWS site
EC2 example of US-West(N. California)
role
type
cpu
ram
master01
r5a.xlarge
4
32
infra01
t3a.xlarge
4
16
compute01
c5.4xlarge
16
32
...
aws rds cross region peering
in this example we will have subnet like this :
region
subnet
zone_a
zone_b
N. California
172.31.0.0/16
172.31.0.0/24
172.31.1.0/24
Singapore
172.32.0.0/16
172.32.0.0/24
172.32.1.0/24
VPC > Create VPC (IPv4 CIDR block ...
grafana-xxl zabbix plugin fix
This is the fix of Zabbix plugin for Grafana error :
public/plugins/alexanderzobnin-zabbix-app/datasource-zabbix/module.js not found
after update
edit docker-compose to disable plugin auto update (backup ./grafana/data first):
grafana-xxl:
image: monitoringartist/grafana-xxl:latest
ports:
- "3000:3000"
environment:
- UPGRADEALL=...
curator elasticsearch housekeep
apt install python-pip
pip install elasticsearch-curator
vi /srv/curator/curator.yml
---
client:
hosts:
- 127.0.0.1
port: 9200
url_prefix:
use_ssl: False
certificate:
client_cert:
client_key:
ssl_no_validate: False
http_auth:
timeout: 30
master_only: False
logging:
loglevel: INFO
logfile:
logformat: default
...
installation and config of prometheus in k8s
download
helm repo add coreos https://s3-eu-west-1.amazonaws.com/coreos-charts/stable/
helm fetch coreos/prometheus-operator
helm fetch coreos/kube-prometheus
tar -zxf kube-prometheus-0.0.105.tgz
tar -zxf prometheus-operator-0.0.29.tgz
vi prometheus-operator/values.yaml
change following :
prometheusConfigReloader:
repository: quay.io/c...
installation and usage of saltstack in centos 7
saltstack - one of the alternatives of ansible, better function by installing agent (minion).
TCP 4505、4506 port needed
on all master and minion
yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
yum install salt-minion
vi /etc/salt/minion
change
#master: salt
to
master: 192.168.1.101
(192.168.1.101 is m...
asset management tool snipe-it
PGID and PUID can found by :
id user
user is your docker user
create db and config folder :
mkdir -p /srv/snipeit/volumes
mkdir -p /srv/snipeit/config
docker-compose.yml
version: "3"
services:
snipeit:
depends_on:
- db
image: linuxserver/snipe-it
restart: always
environment:
APP_URL: https://snipeit.yourdoma...
excel override csv separate
if you need excel fit csv file cell by cell (separate by comma or semicolon),
Add this on the first line of the CSV file:
sep=;
or
sep=,
save it and reopen
certbot docker example
docker command
docker run -it --rm --name certbot \
-v /srv/nginx/certs/letsencrypt:/etc/letsencrypt \
-v /var/log/letsencrypt:/var/log/letsencrypt \
-v /srv/nginx/www/letsencrypt:/var/www/.well-known \
quay.io/letsencrypt/letsencrypt -t certonly \
--agree-tos --renew-by-default \
--register-unsafely-without-email --agree-tos \
--...
linux boot partition full
Ubuntu cannot update because of boot partition full, take a snapshot before system change is always good.
get kernel images not running :
dpkg --list 'linux-image*'|awk '{ if ($1=="ii") print $2}'|grep -v `uname -r`
output like below :
linux-image-4.4.0-128-generic
linux-image-extra-4.4.0-124-generic
linux-image-extra-4.4.0-127-generic
l...
teampass server with docker-compose
docker-compose.yaml :
version: "3"
services:
nginx:
image: jwilder/nginx-proxy:alpine
restart: always
networks:
- frontend
ports:
- "443:443"
- "80:80"
volumes:
- ./volumes/ssl:/etc/nginx/certs
- /var/run/docker.sock:/tmp/docker.sock:ro
teampass:
image: teampass/teampass
restart: al...
kubernetes cluster dashboard deploy
wget https://raw.githubusercontent.com/helm/charts/master/stable/kubernetes-dashboard/values.yaml
helm install stable/kubernetes-dashboard --name dashboard -f values.yaml
login token :
found replicaset-controller-token by
kubectl -n kube-system get secret
kubectl -n kube-system describe secret replicaset-controller-token-XXXXX
kubernetes ha cluster deploy
kurbernetes 3 master etcd and also worker HA ready example
infrastructure :
VIP of keepalived (loadblancer ip) : 192.168.0.100
k8s-node1 : 192.168.0.101 roles : etcd master worker haproxy keepalived
k8s-node2 : 192.168.0.102 roles : etcd master worker haproxy keepalived
k8s-node3 : 192.168.0.103 roles : etcd master worker haproxy keepalived
a...
apt-get update no public key
The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY
just run :
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys yourpublickey
apt-get update
reference link :
https://chrisjean.com/fix-apt-get-update-the-following-signatures-couldnt-be-verified-because-the-public-key-is-not-available/
kubernetes rke cluster deploy
install docker and kubernetes first :
apt-get update
apt-get install -y docker.io
(use follow if you use rancher)
curl https://releases.rancher.com/install-docker/17.03.2.sh | sh
apt-get update
apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
software-properties-common
curl -fsSL https://download.docker.com/l...
ubuntu enable cgroup
Cgroups, AKA control groups, use for control, limit, prioritization cpu, memory, IO resources, useful for linux container.
enable cgroup :
vi /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="cgroup_enable=memory swapaccount=1"
GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"
sentry docker-compose install
Gen key :
docker run --rm sentry config generate-secret-key
replace generated key to !!!SECRET!!! in docker-compose.yml
docker-compose.yml :
version: '2'
volumes:
pgdb:
services:
redis:
image: redis
postgres:
image: postgres
environment:
POSTGRES_USER: sentry
POSTGRES_PASSWORD: sentry
POSTGRES_DB: sen...
docker exec error
error when you exec some docker container :
rpc error: code = 2 desc = oci runtime error: exec failed: container_linux.go:247: starting container process caused “exec: "bash": executable file not found in $PATH”
this error may appear when your container doesn’t have /bin/bash
solution :
use
docker exec -it container_id /bin/sh
instead of
...
show special charactors in markdown
place ```
{% raw %}content_with_special_charactors{% endraw %}
end with ```
docker logs and clear
you can check docker logs by following command, useful for troubleshooting like connection problem :
docker logs <container_id_or_name>
clear the log by :
echo "" > $(docker inspect --format='{{.LogPath}}' <container_id_or_name>)
using AOMEI Backupper for windows 10 live clone
Clonezilla will prompt a mbr/gpt mismatch error when cloning windows 10, because Windows 8 or 10 uses an MBR disk in legacy mode, but UEFI requires GPT.
To prevent an unnecessary mistake, here comes a very useful software, easy to use, ssd support, fast, lightweight and FREEEEEEE!
AOMEI Backupper is a Clonezilla live, Acronis True Image, Norto...
recommended wordpress plugin
Beaver Builder plugin :
an easy use drag and drop layout builder
CloudFlare Flexible SSL :
solve http/https problem behind CDN, not just CloudFlare, CDN such as kangle also worked
Google Font Fix :
solve user behind GFW loading google font problem
JP Custom CSS :
Custom CSS to override your website’s, cannot override css wi...
css hover image button using div id
First, use div id to identify a button area :
<div id="button01"><img src="https://yourdomain/button_area.webp" width="150 "></div>
Then, use css to change image, first one is normal status, second one is hover status :
#button01 {
width: 150px;
background: url(https://domain/yourimage.webp) no-repeat;
background-size: 1...
mixed ssd and tradition hdd windows installation
Dumb things like Samsung ultrabook 530u with a mixed hdd contain both tradition hdd and ssd hdd, you cannot install windows by a normal way.
Insert installation media (usb/dvd)
Select Custom install to view partitions.
Advanced > delete all partitions
Press Shift+F10 to launch cmd > diskpart
list disk, list part, usually tradit...
Regular expression replacement for ip without dot
String:
192.168.0.2
regular expression :
(\d+).(\d+).(\d+).(\d+)
substitution :
\1\2\3\4
result :
19216802
every ( ) represent a group, \d+ means any digits, all the line mean there are four groups between “.” and those group can only be digits.
subsitution simply show goup1 group2 group3 group4
remove non-using docker containers
remove non-using docker containers with bash.
vi remove_container.sh
paste below :
#!/bin/bash
read -p "Press any key to remove non-using container, or ctrl+c to exit... " -n1 -s
echo "begin remove"
# Delete all stopped containers
docker ps -q -f status=exited | xargs --no-run-if-empty docker rm
# Delete all dangling (unused) images
docke...
systemctl usage
chkconfig no longer available in Ubuntu, systemctl is an alternate option for Ubuntu. Unlike sysv-rc-conf, it is an offical way.
List service name :
systemctl list-units
can use grep like :
systemctl list-units |grep "docker"
or use / after systemctl list-units
use enable to tell systemd to start services automatically at boot, like “chk...
docker compose auto start after reboot host
add docker.service to system startup first :
systemctl enable docker.service
detail see : systemctl usage
add restart: always like this :
mysql:
env_file: .env_mysql
image: mysql:5.6
restart: always
volumes:
- /home/database:/var/lib/mysql
env_file:
- mysql_env
add cron job, replace directory_has_dockercomposeyml to your...
use vmcli poweroff guest in vcenter/hypervisor
A powershell script can auto detect vm guest which power on, then shutdown and wait until they are all complete. After vm guest shutdown confirmed, hypervisor will shutdown with confirmation.
create a powershell script file and name it to shutdown.ps1
$vsphere="vcentername/ip"
$hypervisor="hypervisorname/ip"
$cred = Get-Credential
Get-Module...
rkhunter
rkhunter, a software provide basic rootkit scan, easy to install and use
install :
apt-get install rkhunter
update :
rkhunter --update
usage :
manual :
man rkhunter
scan rootkit :
rkhunter --checkall
auto continue without pressing enter :
rkhunter --checkall --skip-keypress
reference link :
http://rkhunter.sourceforge.net/
htt...
gzip
gzip is a common use compress tool, fast and easy to use.
this will compress and replace filename with filename.gz it is useful when zipping single files like log :
gzip filename
unzip by gzip -d , this will also replace filename.gz with filename :
gzip -d filename.gz
a tricky thing, gzip -r will compress every single file inside director...
fallocate
Not enough space in system disk, will cause cannot boot and many problems, there is a stupid but easy way to prevent, use fallocate to create a 1GB file, you can delete it to free the disk when there is urgent case.
fallocate command basic syntax :
fallocate -l Image_Size_Here /path/to/image.img
for example, create a 1GB file :
fallocate -l...
TCP Wrappers
using hosts.allow and hosts.deny to control sshd connection in ubuntu
please make sure your hosts.allow works first, or you will lost control after create hosts.deny.
adding your ip range which allow using sshd for example 192.168.0.1/24 :
vi /etc/hosts.allow
sshd: 192.168.0.1/24
deny all other ip using sshd :
vi /etc/hosts.deny
sshd:all
...
what is my ip address for linux
There is a way to find your outgoing/public ip using google’s ns server, for security reason I do not recommend using curl/wget, using dig command is better :
dig TXT +short o-o.myaddr.l.google.com @ns1.google.com | awk -F'"' '{ print $2}'
reference link :
https://www.cyberciti.biz/faq/how-to-find-my-public-ip-address-from-command-line-on-a-...
tar with multi directory exclude
There may be some tmp or cache folder you don’t need while backup, here is a simple script for tar and exclusion.
Place it to same path to the folder you want to tar, fill in the variable below, src is target folder, dest is output path, exc1 is your first excluded folder, exc2 is second, you can extend exc3 by adding variable and add –exclude=...
esxi5_tty a tool for dell hardware detail collecting
A tool for dell server running esxi5 collecting hardware error
place it to /tmp/
chmod 755 esxi5_tty.sh
./esxi5_tty.sh
collect the result in /tmp/
Download it form github :
esxi5_tty
tcpview and process explorer
Since Server2012 task manager become hard to use and details are hided. There are two suggested tools for troubleshooting.
Two useful tools for troubleshooting, using tcpview to find out which program using your port or mass sending. Then use process explorer to find process and dll loaded.
https://docs.microsoft.com/en-us/sysinternals/downloa...
useful website for Regular expression testing
A regular expression, regex or regexp (sometimes called a rational expression) is, in theoretical computer science and formal language theory, a sequence of characters that define a search pattern.
This is a useful website for Regular expression testing
https://regex101.com/
reference link :
https://en.wikipedia.org/wiki/Regular_expression
use line messager for zabbix alert
login and get a line token from https://notify-bot.line.me
click your name > My page > Generate token > select a group or 1-on-1 means send to you only
vi /usr/lib/zabbix/alertscripts/LINE_Notify.sh
#!/bin/sh
export PATH="/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin"
export LANG=C
# LINE Notify API access token
access...
zabbix vm monitoring
vm monitoring
according to our docker+zabbix post, there is an advanced use to monitor vmware
docker+zabbix+postgresql+snmptrap+zabbix_agent for ubuntu
docker or zabbix_server.conf setting
you can see 4 lines added to /home/zabbix/server-pgsql/ubuntu/run_zabbix_component.sh
# for vm
ZBX_STARTVMWARECOLLECTORS=${ZBX_STARTVMWARECOLLECTORS:-"250...
robocopy for backup file and troubleshoot
robocopy is a powerful build in copy and backup tools since windows 7.
usage : robocopy [[ ...]] []
a simple variable version:
set src=c:\sourcefolder
set dest=e:\destinationfolder
set log=c:\temp\log.txt
robocopy %src% %dest% /log:%log%
pause
you can add options like mir,backup mode, timestamp anythings you like.
refernce link:
https...
remove advanced mass sender
while advanced mass sender or mass sender installed, you cannot remove it by a normal way please backup your system and follow the steps :
start > run > regedit
ctrl+f find mass sender
drop down those path you see at regedit
delete those record at regedit contain mass send and reboot
now you can go to those path and delete mass...
Symantec endpoint ubuntu installation
Before you start please go to https://support.symantec.com/en_US/article.INFO3983.html to check your linux kernels support or not, it is not advised to upgrade your kernel for install sep.
install 32bit library before you start : (those are i386 libraries, cannot search by apt-cache search)
sudo apt-get install ia32-libs
sudo apt-get install l...
chrome policies delete
Some adware or homepage kidnap software may using chrome policies, after clearing the extensions and temp, cache, even reinstall chrome cannot solve the problem, you may try this.
create this batch file and run as admin. Or run cmd as admin then cd to this file location and execute.
@echo off
IF NOT EXIST %WINDIR%\System32\GroupPolicy goto ne...
online file anti-virus scanning
A website include all popular anti-virus online scanning, just upload a file and scan.
[https://www.virustotal.com][https://www.virustotal.com]
usb3.0 only pc windows 7 installation
When you install windows 7 to a usb3.0 only pc you will found that you cannot move your mouse, keyboard after boot from cd, I tried intel’s usb3.0 tool but no luck, it does not support lenovo drivers, usb3.0 still doesn’t work after installation, and finally I found this :
Windows USB Installation Tool
https://www.gigabyte.com/Support/Utility
...
ProtonaMail - a more secure choose
ProtonMail is an end-to-end encrypted email, it uses client-side encryption to protect email contents and user data before they are sent to ProtonMail servers, in contrast to other common email providers such as Gmail and Hotmail. That means you cannot decrypt during transfer, even ISP and protonmail themselves cannot decrypt (at least at prense...
fully uninstall a program in mac os x by using terminal
After uninstall a program like anti-virus or smartsheild, you still see it auto start after reboot, they usually hide in /system/library/cache or /system/library/user. To find them, use your terminal type this command :
find / -name "your_target_program"
then remove by :
sudo rm -rif /path/to/your/target
combine and extract clonezilla gzip file to img file
install partclone by :
apt-get update
apt-get install partclone
combine and extract clonezilla gzip file to img file :
cat sda1.hfsplus-ptcl-img.gz.a* | gzip -d -c | partclone.restore -W -o /tmp/sda1.img -L /tmp/partclone.log
image extracted can browse with hsexplorer:
for windows browsing mac os x hfsplus image
reference link :
http://www....
windows 10 date format
If there is no other date format option or cannot change date format to your favourite in windows 10 setting, follow me 😎
use the search near start button, type control panel, enter
Clock, Language and Region > Region (yes, not data and time, is Region) > Additional settings under format tab > date tab
Now, you can customize your fav...
use vmcli to get vminfo
use vmcli to get both assigned and used cpu memory and harddisk information and gen a csv report
install Windows Management Framework 4.0 : https://www.microsoft.com/en-us/download/details.aspx?id=40855 (don’t try to get 3.0, the patch cause my windows 7 sp1 crashed)
install vmware powercli 6.5 : https://my.vmware.com/web/vmwa...
elasticsearch+logstash+kibana
download the zip file from : https://github.com/deviantony/docker-elk
unzip to /home/elk/
Folder Structure :
/home/elk
├── elasticsearch
│ ├── config
│ └── data
├── extensions
│ └── logspout
├── kibana
│ └── config
└── logstash
├── config
└── pipeline
and don...
linux tree function
often used :
tree -a
print all file, do not pirnt hidden files
tree -d
list directories only
tree -f
show full path
-o filename
output result to a custom file
Combo with grep :
tree -a /var/log |grep gz
list all gz file under /var/log
practice :
tree -a /var/log -o /tmp/log.txt |grep gz
now cat /tmp/log.txt to see the result
kaspersky self defense
you cannot click or touch kaspersky when you are in remote session or teamviewer, vnc
go to options, untick the enable self-defense, apply
reference link :
https://support.kaspersky.com/5241
http://www.inetnj.com/?page_id=643
using freedns to obtain a free subdomain
get your login by choosing starter
https://freedns.afraid.org/pricing/
finish the form and verify by email
https://freedns.afraid.org/domain/registry/
pick a domain listed (better a public one, if you choose a private one, you will need the admin to confirm your subdomain registry)
enter your subdomain and destination IP, usually we don’t need...
atom sync-setting
1. Download atom
2. install atom package sync-setting
3. get your token here : https://github.atom.io/auth/github_package/token
4. get your personal access token here : https://github.com/settings/tokens > generate new token > select gist
5. copy your token and add it to package setting
How to connect atom to github
1. Download atom
2. On the welcome screen, click to go to 'git'
3. create or open an existing project
4. On Github panel, login with authentication token
get your token here : https://github.atom.io/auth/github_package/token
5. Open project
6. On github preview, see message about not being able to automatically pin
7. Enter URL of pull request
...
ubuntu snmp, mibs install and config
snmp install
apt-get update
apt-get install snmp snmp-mibs-downloader
apt-get install snmpd
two ways to find snmp directory
net-snmp-config --default-mibdirs
or
snmptranslate -Dinit_mib .1.3 2>&1 |grep MIBDIR
snmp.conf path
/etc/snmp/snmp.conf
ubuntu after changing interface to static
flush ip address after vi interface
ip addr flush ens160
service networking restart
Show ip info
ip addr show
service host local system and compatTelRunner
Both “service host local system” and “compatTelRunner” are used for windows update.
They use up lots of resources for only checking the compatibility of windows update, especially from 7 to 10
Disable them by following steps:
service host local system high usage
disable superfatch in services.msc
compatTelRunner
taskschd.msc > T...
check mounted vmdk filesystem on ubuntu
check inode used :
df -ih
will show something like :
/dev/mapper/ubuntu--vg-root
show filesystem :
blkid /dev/mapper/ubuntu--vg-root
zabbix web monitoring with alert trigger
1. add host
configuration > hosts > create host > host name (for example : test.local)
new groups : webserver
agent interfaces
ip address : 127.0.0.1 <– just add ip, doesn’t need agent
update
2. add web scenarios
configuration > hosts > click web at your created host > create web scenario
scenario
name : availability...
using python to send alert mail via gmail tls
zabbix config
goto administration > media types > create media type
name : gmail-auth-smtp
type : Script
Script name : gmail-auth-smtp.py
Script parameters :
{ALERT.SENDTO}
{ALERT.SUBJECT}
{ALERT.MESSAGE}
goto administration > users > admin > media
add media
type : gmail-auth-smtp
send to : your@email.com
select your alert lev...
python debug mode, also can print logs to log file
place this on top
import logging
logging.basicConfig(filename='/var/log/custom.log', level=logging.DEBUG,
format='%(asctime)s - %(levelname)s - %(message)s')
logger = logging.getLogger(__name__)
logging.debug('this is a debug message.')
place your debug message anywhere you like :
logger.debug('this is the array: %s',sys.argv[1])
in thi...
docker+zabbix+postgresql+snmptrap+zabbix_agent for ubuntu
1. download the dockerfiles and structure :
dockerfiles&structure
structure :
/home/zabbix
├── agent
├── server-pgsql
├── snmptraps
├── web-nginx-pgsql
└── zbx_env
├── etc
├── usr
└── var
2. place docker-compose.yml
place docker-compose.yml to /home/zabb...
docker bridge
useful when there is no nmlic and brctl installed or configured but still bridge running, and they still here after reboot
show docker controlled network
docker network ls
delete non-using docker bridge
docker network prune
some useful docker command :
rebuild docker with no cache
docker-compose build --no-cache
allow sql port by windows command prompt
run cmd as admin
netsh firewall set portopening protocol = TCP port = 1433 name = SQLPort mode = ENABLE scope = SUBNET profile = CURRENT
netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = DOMAIN
docker installation for ubuntu
apt-get update
apt-get install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
apt-key fingerprint 0EBFCD88
verify key fingerprint:
Key fingerprint = 9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88
add-apt-repository "deb [arch=amd64] http...
zabbix purge history with postgresql
🔺 🔺 🔺 please make sure you want to delete history of zabbix before you execute files in this procedure 🔺 🔺 🔺
create and config sh file
vi purge.sh
#!/bin/bash
read -r -p "Are You Sure to purge old data from zabbix? [Y/n] " input
case $input in
[yY][eE][sS]|[yY])
echo "purge start"
psql -Uzabbix -dzabbix -a -f "./purge.sql"
echo "purge...
zabbix+nginx+postgresql installation for ubuntu 16.04
install begin
cd ~/Downloads
wget http://repo.zabbix.com/zabbix/3.4/ubuntu/pool/main/z/zabbix-release/zabbix-release_3.4-1+xenial_all.deb
dpkg -i zabbix-release_3.4-1+xenial_all.deb
apt-get update
cat /etc/apt/sources.list.d/zabbix.list
should added
deb-src http://repo.zabbix.com/zabbix/3.4/ubuntu xenial main
apt-get install nginx postg...