Saturday 16 September 2023

KeyCloak Installation and Basic Configuration::

 Installation::

========================

Download keycloak from keycloak.org/downloads

 wget https://github.com/keycloak/keycloak/releases/download/22.0.3/keycloak-22.0.3.tar.gz

 tar -zxvf keycloak-22.0.3.tar.gz


Create Self-signed certificate for Keycloak

openssl req -newkey rsa:2048 -nodes -keyout keycloak-server.key.pem -x509 -days 3650 -out keycloak-server.crt.pem

Copy the key and cert to /usr/share/ssl-cert/

cd keycloak-22.0.3

cd conf

Edit keycloak.conf to  update hostname, certificate and key location in Prod Environment. As this is a test environment, I am using a self-signed certificate and the server local ipaddress.

https-certificate-file=/usr/share/ssl-cert/keycloak-server.crt.pem

https-certificate-key-file=/usr/share/ssl-cert/keycloak-server.key.pem

hostname=172.16.22.136


Goto Keycloak/bin and run the build and start up commands below

./kc.sh build

nohup ./kc.sh start &


Configuration::

==============================

For Keycloak server configuration follow the server administration doc in the Url:- https://www.keycloak.org/docs/latest/server_admin/

Initially login to the Keycloak as admin user. You can create the admin user and password  from the console or set environment variables 

KEYCLOAK_ADMIN=admin
KEYCLOAK_ADMIN_PASSWORD=password

Create New Realm under the Create Realm Menu. A realm manages a set of users, credentials, roles and groups. Master realm is provided as a default realm in Keycloak. Creating multiple realms can enable multiple tenency.


To enable user registration, Goto  under Realm Settings--> Login--> Enable User Registration




To enable Client Authentication, Goto  Clients--> Enable Client Authentication



To Apply new themes, copy the custom theme jar file under the providers folder and run 

"/bin/kc.sh config" command to configure and install the custom providers.


User Management in Keycloak::-

* Self Registration
* From Admin Console
* User Federation
* Automation via API's





Makefile

 If we are compiling a lot of source code files and something goes wrong half way through, it might be nice to be able to pick where we left off in order to finish compiling after we fix the error. Below is an example of a simple Makefile


make command will follow the Makefile and  some of the make command directives are below:-


make clean
make install           
make all
make uninstall

====================

root@debian:~# cat Makefile

all: program

program: main.o  factorial.o

     g++ main.o  factorial.o -o program

main.o: main.cpp

     g++ -c main.cpp

factorial.o: factorial.cpp

     g++ -c factorial.cpp

clean:

     rm -rf *.o program

=====================


=====================

root@debian:~# cat factorial.cpp

#include "functions.h"

int factorial(int n){

   if(n!=1){

      return(n * factorial(n-1));

   } else return 1;

}

======================


======================

root@debian:~# cat functions.h

int factorial(int n);

======================


======================

root@debian:~# cat main.cpp

#include <iostream>

using namespace std;

#include "functions.h"

int main(){

   cout << endl;

   cout << "The factorial of 5 is " << factorial(5) << endl;

   return 0;

}

=======================

Thursday 14 September 2023

Kernel Compilation in Debian from 6.1.0 to 6.5.3

 Kernel Compilation in Debian from 6.1.0 to 6.5.3



uname -r

6.1.0


Download the linux kernel version

wget https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.5.3.tar.xz


Untar it

tar -xf linux-6.5.3.tar.xz


Install the necessary dependencies


apt-get install build-essential linux-source bc kmod cpio flex libncurses5-dev libelf-dev libssl-dev dwarves bison


Reboot the server


Run the below commands


make mrproper

This removes any configuration files that might have been accidentally left over from previous builds.


Copy the old .config file


make olddefconfig


Run the below command to make the configuration changes in .config file. 

make menuconfig



Running make localmodconfig will take your current .config and turn off any unused modules.

make localmodconfig


Build the  New Kernel

make -j$(nproc)


Install the kernel modules and the kernel itself:

make modules_install

make install


Reboot the server

shutdown -r now


Run the uname command to know the kernel version

uname -r

6.5.3

Tuesday 29 November 2022

Sample OS Patching Ansible Yaml Code

 Sample OS Patching Ansible Yaml Code:

=======================================

---
- name: OS patching of Webservers
hosts: webservers
serial: 2
become: true
tasks:
- name : Stop Httpd Service
service:
name: httpd
state: stopped
when: ansible_distribution == 'CentOS'
- name : Stop Apache2 Service
service:
name: apache2
state: stopped
when: ansible_distribution == 'Ubuntu'
- name : Stop Tomcat Service
service:
name: tomcat
state: stopped
- name : Stop Keycloak Service
service:
name: keycloak
state: stopped
- name: Verify processes are not running
shell: if ps -eaf | egrep 'apache|http|tomcat|keycloak'|grep -v grep > /dev/null ;then echo 'process_running';else echo 'process_not_running';fi
ignore_errors: true
register: result_process_check
- name: Run Backup Script prior OS patch
shell: sh /opt/scripts/backup_prior_os_patch.sh
- name: Centos OS paching
yum:
name: '*'
state: latest
when: result_process_check.stdout == "process_not_running" and ansible_os_family == "RedHat"
- name: Update Ubuntu repositories cache
apt:
update_cache: yes
when: result_process_check.stdout == "process_not_running" and ansible_os_family == "Debian"
- name: Update all packages to their latest version
apt:
name: "*"
state: latest
when: ansible_os_family == "Debian"
- name: Upgrade the OS (apt-get dist-upgrade)
apt:
upgrade: dist
when: ansible_os_family == "Debian"
- name: Rebooting the servers
reboot:
msg: "Rebooting Servers After Kernel Patching"
connect_timeout: 5
reboot_timeout: 300
pre_reboot_delay: 0
post_reboot_delay: 30
test_command: uptime
ignore_errors: true

- name: pause for 180 secs
pause:
minutes: 3

Monday 28 November 2022

Some Usable Adhoc commands

 Some Usable Adhoc commands:

================================


Creating a file on all remote clients

# ansible all –m file –a “path=/home/vishnu/vishnu1 state=touch mode=700”


Deleting a file on all remote clients

# ansible all –m file –a “path=/home/vishnu/vishnu1 state=absent”


Copying a file to remote clients

# ansible all –m copy –a “src=/tmp/vishnu2 dest=/home/vishnu/vishnu2”


Installing package (telnet and httpd-manual)

# ansible all –m yum –a “name=telnet state=present”

# ansible all –m yum –a “name=httpd-manual state=present”. 


Starting httpd package service

# ansible all –m service –a “name=httpd state=started”


Start httpd and enable at boot time

# ansible all –m service –a “name=httpd state=started enabled=yes”


Checking httpd service status on remote client

# ansible all –m shell -a “systemctl status httpd”


Remove httpd package

# ansible all –m yum –a “name=httpd state=absent”

OR

# ansible all –m shell -a “yum remove httpd”.


Creating a user on remote clients

# ansible all –m user –a “name=appu home=/home/appu shell=/bin/bash state=present”


To add a user to a different group

# ansible all –m user –a “name=appu group=vishnu”


Deleting a user on remote clients

# ansible all –m user –a “name=appu home=/home/appu shell=/bin/bash state=absent”

OR

# ansible all –m shell –a “userdel appu”


Getting system information from remote clients

# ansible all –m setup


You can run commands on the remote host without a shell module e.g. reboot client1

# ansible client1 –a “/sbin/reboot”

Saturday 26 November 2022

Mysql server Installation

 

Mysql server Installation:

- name: Install Mysql server, Create database with remote login
become: yes
hosts: localhost
vars:
Mysql_DB: mysqldb
Mysql_User: mysql_user
Mysql_Pass: Password
tasks:
- name: Mysql Installation
package:
name: "{{item}}"
state: present
update_cache: yes
loop:
- mysql-server
- mysql-client
- python3-mysqldb
- libmysqlclient-dev
become: yes

- name: start and enable mysql service
service:
name: mysql
state: started
enabled: yes

- name: create the user
mysql_user:
name: "{{ Mysql_User }}"
password: "{{ Mysql_Pass }}"
priv: '*.*:ALL'
host: '%'
state: present

- name: creating the database
mysql_db:
name: "{{ Mysql_DB }}"
state: present

- name: Enable remote login to mysql
lineinfile:
path: /etc/mysql/mysql.conf.d/mysqld.cnf
regexp: '^bind-address'
line: 'bind-address = 0.0.0.0'
backup: yes
notify:
- Restart mysql
handlers:
- name: Restart mysql
service:
name: mysql
state: restarted

Some Examples of File Module

 Some Examples of File Module:


---
- name: Check if the file or Direcory exists
hosts: localhost
become: true
any_errors_fatal: true
vars:
directory: "/tmp"

tasks:
- name: Check the status
stat:
path: "{{directory}}"
register: result

- name: Directory Status
debug:
msg: "Directory {{directory}} present"
when: result.stat.isdir is defined and result.stat.isdir ====================================================================================
---
- name: Check if the file exists
hosts: localhost
vars:
file_path: "/tmp/test"
become: true
tasks:
- name: Check the file status
stat:
path: "{{file_path}}"
register: result
- name: File Exists
debug:
msg: "File Exists"
when: result.stat.exists
- name: File don't Exists
debug:
msg: "File don't exists"
when: not result.stat.exists
====================================================================================
---
- name: File Ownership
hosts: localhost
vars:
file_name: "/tmp/a"
become: true
tasks:
- name: Change ownership of file
file:
path: "{{file_name}}"
owner: vishnu
group: vishnu
mode: 0777 =================================================================================
---
- name: Create Symbolic link
hosts: localhost
become: true
vars:
sym_link: "/tmp/test1"
source: "/tmp/test"
tasks:
- name: Symbolic link creation
file:
src: "{{source}}"
dest: "{{sym_link}}"
state: link ==================================================================================
---
- name: Hard Link
hosts: localhost
become: true
vars:
source: "/tmp/a"
destin: "/tmp/b"
tasks:
- name: "Hard Link"
file:
src: "{{source}}"
dest: "{{destin}}"
state: hard =================================================================================

Install Apache on Centos Servers:

 Install Apache on Centos Servers:


---
- name: Install httpd and start the service
hosts: localhost
become: true
tasks:
- name: install http
yum:
name: httpd
state: latest
- name: Copy the configuration file
file:
src: /tmp/httpd.conf
dest: /etc/httpd/httpd.conf
notify:
Restart Apache
- name: Start Apache service
service:
name: httpd
state: started
enabled: true
handlers:
- name: Restart Apache
service:
name: httpd
state: restarted

Basic Postgresql Installtion as a Single Node

 Basic Postgresql Installtion as a Single Node:

---
- name: Install postgres
hosts: localhost
become: true
tasks:
- name: Install postgres
yum:
name:
- postgresql
- postgresql-server
- postgresql-contrib
- postgresql-libs
- python3-psycopg2
state: present

- name: Postgresql initialized or not
stat:
path: /var/lib/pgsql/data/pg_hba.conf
register: result

- name: InitDB
shell: postgresql-setup initdb
when: not result.stat.exists


- name: Open port for postgresql
firewalld:
service: postgresql
permanent: true
state: enabled
notify:
- Reload firewalld

- name : Start service
service: postgresql
state: started
enabled: true

handlers:
- name: Reload firewalld
service: firewalld
state: reloaded

Postgresql Database Dump and restore Using Ansible

 Postgresql Database Dump and restore Using Ansible




---
- name: Take the backup
hosts: localhost
tasks:
- name: DB backup
postgresql_db:
name: postgres
state: dump
target: /backup/postgresql.sql.gz ================================================================
---
- name: Restore from Dump
hosts: db1
tasks:
- name: Restore DB
postgresl_db:
name: db1
state: restore
target: /tmp/backup.sql.gz
become: true
become_user: postgres

Wednesday 16 November 2022

Ansible code to update /etc/hosts on remote servers.

 Ansible code to update /etc/hosts on remote servers.


# Update host file
---
- name: Update host file
hosts: localhost
become: true
tasks:
- name: Generate /etc/hosts file
blockinfile:
state: present
dest: /etc/hosts1
content: |
10.1.1.1 demo demo0.linuxgeeknotes.com
10.0.0.0 demo1 demo1.linuxgeeknotes.com
10.2.2.2 demo2 demo2.linuxgeeknotes.com

NFS Server Configuration in Ubuntu using Ansible

 Configure NFS Server
==================


---
- name : NFS Server Installation and Configuration
hosts: localhost
become: yes
vars:
- share : "/linuxgeeknotes/share/"
- fstab_entry: "10.5.0.0/24(rw,sync,root_squash)"
tasks:
- name: Install NFS Server
apt:
name: nfs-kernel-server
state: present
- name: Create Share Directory
file:
path: {{share}}
state: directory
mode: 0777
user: linuxgeeknotes
group: linuxgeeknotes
- name: Updating the export file
lineinfile:
path: /etc/exports
state: present
line: "{{share}} {{fstab_entry}}"
notify: Restart NFS Server

- name: Run Exportfs
command: "exportfs -a"

- name: Open Firewall for NFS Service
ufw:
service: {{item}}
state: enabled
permanent: true
immediate: true
with_items:
- nfs
- mountd
handlers:
- name: Restart NFS Server
service:
name: nfs-kernel-server
state: restarted
enabled: true

Monday 31 July 2017

Amazon Cloud Storage Options::

AWS Storage Options::
==================

S3 - Simple Storage Services
EBS - Elastic Block Storage
EFS - Elastic File System

EBS -  As the name suggests, it is a block storage system in which data is stored as blocks. It is suitable for OS or database. EBS works best for server disks. High performance read and write. Replicated with AZ and could be mounted to one EC2 at a time  in the same AZ

S3:- It is an object storage option which is suitable for write once read many or read once write many options.

For example:- It is suitable to store huge data such as backups, logs etc which won't be retrieved very often.  Or it can be used for hosting static websites where the contents are not altered often and read many times. It is scalable. We don't need to mention the size. Not suitable for OS or Database.

EFS:- This is best when a filesystem need to be shared among multiple resources. It is replicated across AZ in a region. Could be mounted to multiple EC2/On premise servers  at the same time via VPN. No sizing to be done.