RHCSA, RHCE, RHCSS, RHCVA, RHCDS, RHCA, OpenStack, OpenShift, Rancher, CloudStorage, CCNA, VMWARE

Encrypting your Pillar data is recommended because it contains your most valuable information like passwords and keys used in your infrastructure. Pillar data is held by the Salt master and only send through an encrypted bus to Minions when used in a state file.  Encrypting your Pillar data can be done with GPG. This means that you encrypt the values with a public GPG key. This single public key is used by all the users within your organization to encrypt sensitive information. The private key is only available on the Salt master (not the Minions!). Without the private key the encrypted data can not be decrypted. My Pillar Path:  /opt/salt/pillar/prod/ My Environment Path: /opt/salt/environments/prod/ [root@master ~]# mkdir -p /etc/salt/gpgkeys [root@master ~]# chmod 0700 /etc/salt/gpgkeys [root@master ~]# gpg --gen-key gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. T...

Chef Continuous integration with Jenkins   We are going to setup with below diagram.  From workstation we are writing cookbooks and uploading them to chef server. Now every change in cookbook we need to upload these changes manually to chef server.   If we want to make it automated then we can use CI/CD tools like Jenkins and bamboo server. Here we are going to see Jenkins integration with chef server.  We are going to install Jenkins on workstation. Jenkins will check for the new codes from git and upload them to chef-server and after that we can execute the chef-client on chef client server.  we can follow Jenkins server installation on below url:   https://tinyurl.com/y8znswrn Get login into console of Jenkins server and start creating project. Step 1: Get started creating of free style project. Step 2:  We need to choose git and paste the master repo path from where we want to get the codes. Step 3:  Here ...

Setting up DNS service Add-On in kubernetes What things get DNS names? Every Service defined in the cluster (including the DNS server itself) is assigned a DNS name. By default, a client Pod’s DNS search list will include the Pod’s own namespace and the cluster’s default domain. This is best illustrated by example: Assume a Service named “ my-service ” in the Kubernetes namespace “ dev ” . A Pod running in namespace “ dev ” can look up this service by simply doing a DNS query for “ my-service ” . A Pod running in namespace can look up this service by doing a DNS query for my-service.dev . Kubernetes offers a cluster addon for DNS service discovery, which most environments enable by default. “SkyDNS” seems to be the standard DNS server of choice, since it was designed to work on top of etcd. The “ kube-dns” addon is composed of a kubernetes service which, like all services, is allocated an arbitrary VIP within the preconfigured subnet (this is the IP that every other serv...

Docker Private Registry with docker-distribution  Docker uses docker hub  registry, or some other provided by Linux vendor . If you do not want to use docker hub, and you use Linux version which is not officially vendor supported , then we can create your own docker registry and push images there and thus have more control over it.  Other reason for own/private docker registry can be that you have private / classified docker images ( Ex: Private image for banking system, Web Server, Database server, etc..) which we want to keep "in house" without exposing them to third party locations. v2 Docker registry main advantage over docker registry v1 is better API feature set and it is worth to invest time to learn how to deploy it. This post is short to write now about all docker registry v2 APIs and I recommend to read about API features  Docker Registry HTTP API V2 In order use local docker registry, we have to install and configure it and afterwards be able t...

NetApp Plugin for Docker Volume Management A data volume is a specially-designated directory that by-passes storage driver management. Data volumes persist data independent of a container's life cycle. When you delete a container, the Docker daemon does not delete any data volumes. You can share volumes across multiple containers. Moreover, you can share data volumes with other computing resources in your system. We can connect Enterprise grade storage system with docker host, So we can directly create volume from docker host to connect with containers. Here we are going to see how we can integrate NetApp DATA ONTAP with docker using NFS . NetApp Administration: 1. Create one SVM(Storage Virtual Machine) with Management and DATA lifs and enable NFS protocol. Like follow. Plugin Installation on Docker Host: 1. We need to install NetApp plugin on docker host, that we can do using following steps. [root@server1 ~]# mkdir /etc/netappdvp [root@server1 ~]# vim ...