Security Researcher, DevOps, SRE
In this lab, I use Ubuntu 20.04 LTS for my k8s cluster.
To remove the k8s node from the cluster, first drain the node :
$ kubectl get nodes $ kubectl drain node
If required, you also need to ignore daemonsets :
$ kubectl drain node --ignore-daemonsets
And delete the node :
$ kubectl delete node <node-name>
If no errors, proceed to remove or terminate the instance/server for the k8s node.
find -maxdepth 1 -size 0 -print | xargs rm
The last statement, xargs rm is optional. If this defined, then the it will remove those zero-bytes files immediately in a one-liner.
This is the step-by-step installation of vsftpd that actually works. If you have website that runs wordpress, you might want to enable this to be able install/update your wordpress plugin.
Install vsftpd and start the service:
$ sudo apt-get install vsftpd -y $ sudo systemctl start vsftpd.service $ sudo systemctl enable vsftpd.service
Open vsftpd.conf file, and make sure these lines below are enabled:
$ sudo vim /etc/vsftpd.conf ... ... local_enable=YES chroot_local_user=YES allow_writeable_chroot=YES write_enable=yes
Restart the service:
$ sudo systemctl restart vsftpd.service
Create local user:
$ sudo useradd ftpuser -s /bin/bash -md /srv/ftpuser $ sudo passwd ftpuser
Make sure your user format is looks like this:
$ cat /etc/passwd ftpuser:x:1000:1000::/srv/ftpuser:/bin/bash
Test your ftp user out:
$ ftp example.com
This installation is using pulse secure linux version 9 with rpm package ps-pulse-linux-9.0r1.0-b739-centos-rhel-64-bit-installer.rpm
$ sudo dnf install compat-libicu57-57.1-2.fc28.x86_64 $ sudo dnf install libgnome-keyring $ sudo rpm -i ps-pulse-linux-9.0r1.0-b739-centos-rhel-64-bit-installer.rpm
Create vpn shortcut (optional):
$ sudo touch /usr/bin/vpn $ sudo vim /usr/bin/vpn
Fill with this script below:
#!/bin/bash export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/pulse /usr/local/pulse/pulseUi
Make it executable:
$ sudo chmod +x /usr/bin/vpn
Now, you can just open the app with command vpn
$ sudo systemctl stop docker $ sudo touch /etc/docker/daemon.json
{
"bip": "192.168.1.5/24",
"fixed-cidr": "192.168.1.5/25"
}
$ sudo systemctl start docker
Check your docker0 ip address now:
$ ip addr
AWS Codebuild is fully managed build service that compiles source code, run tests, and produces software packages that are ready to reploy. To make it easier, we can create it’s infrastructure using terraform.
Before we begin, we can create our own directory structure for the infrastructure. Why this is important? because whenever we setup something and we want to change it, when revisit these files and change what necessary. To do this, we can just simply create the one just like this:
$ mkdir test-codebuild $ cd test-codebuild ~test-codebuild$ touch main.tf vars.tf terraform.tfvars buildspec.yml
Let’s do the code! fill each one of the files we created :
main.tf
provider "aws" {
region = "ap-southeast-1"
}
terraform {
backend "s3" {
bucket = "terraform-state-test-pulpn"
key = "test-codebuild-project"
region = "ap-southeast-1"
}
}
module "codebuild" {
source = "git::ssh://git@github.com/muffat/tf-codebuild-module.git?ref=master"
project_name = "${var.project_name}"
description = "${var.description}"
bucket_name = "${var.bucket_name}"
repo_type = "${var.repo_type}"
repo_url = "${var.repo_url}"
team = "${var.team}"
image_name = "${var.image_name}"
buildspec = "${file("buildspec.yml")}"
}
terraform.tfvars
In this file, we should define our project based on what we need. You might need to change the each variables according with what fits you needs.
project_name = "test-project" description = "test python project" bucket_name = "python-artifact" repo_type = "GITHUB" repo_url = "https://github.com/muffat/test-python-pulpn" team = "pulpn" image_name = "aws/codebuild/python:3.6.5"
vars.tf
variable "project_name" {}
variable "description" {}
variable "bucket_name" {}
variable "repo_type" {}
variable "repo_url" {}
variable "team" {}
variable "image_name" {}
buildspec.yml
Buildspec is list of steps that should be doing during the build process.
version: 0.1
phases:
build:
commands:
- pip install flask
$ cd test-codebuild ~test-codebuild$ terraform init ~test-codebuild$ terraform plan ...................... TL;DR ...................... Plan: 4 to add, 0 to change, 0 to destroy. ------------------------------------------------------------------------ Note: You didn't specify an "-out" parameter to save this plan, so Terraform can't guarantee that exactly these actions will be performed if "terraform apply" is subsequently run.
You should be able to seen anything like above. Terraform attemps to create the infrastructure that we’ve defined in the codes before.
~test-codebuild$ terraform apply ............... TL;DR ............... Plan: 4 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value:
After we ran command terraform apply, we should be prompted to accept the action that terraform asked. To pass this, enter the value with yes or no to cancel it.
Accept the action by enter, yes. Then terraform will be created the codebuild infrastructure in AWS.
Apply complete! Resources: 4 added, 0 changed, 0 destroyed.
Feeling lazy? Use the links below to get your codebuild deployed with terraform
References:
Image tag : test-image
awsudo -u aws-profile aws ecr get-login --no-include-email --region ap-southeast-1
sudo docker build -t test-image .
sudo docker tag codebuild:test-image 743977200366.dkr.ecr.ap-southeast-1.amazonaws.com/codebuild:test-image
sudo docker push 743977200366.dkr.ecr.ap-southeast-1.amazonaws.com/codebuild:test-image
$ pip install alembic $ alembic init --template generic alembic
edit alembic.ini
sqlalchemy.url = mysql://root:@localhost/database_name
$ alembic current $ alembic revision -m "Init" $ alembic upgrade head INFO [alembic.migration] Context impl MySQLImpl. INFO [alembic.migration] Will assume non-transactional DDL. INFO [alembic.migration] Running upgrade None -> 174f01a0ar12, Init
When you updating one of your resources in wordpress, accidentally you close the window (that’s what I did).
Then when you try to update it again, there is still another process already running. You need to get rid of this before you continue.
Use wp-cli:
wp option delete core_updater.lock
$ sudo wget -P /etc/yum.repos.d/ https://download.docker.com/linux/fedora/docker-ce.repo $ sudo dnf install docker-ce -y
$ sudo systemctl start docker $ sudo docker ps -a