Below you will find pages that utilize the taxonomy term “System Administration”
Kubernetes RBAC Objects For Cluster Administration
In a previous series of blog posts, we discussed the Kubernetes objects typically used to run a web application. We covered, Namespace, Pod, ConfigMap, Secret, Service, Deployment, ServiceAccount, Ingress, PDB, HPA, PV, PVC, Job and CronJob.
In this post, we will discuss some fundamental building blocks for the Kubernetes cluster administration: RBAC objects.
In most situations, Kubernetes API server is started with the flag --authorization-mode=RBAC
which enables RBAC in
the cluster.
Automating Virtual Machine Installation Using libvirt, virsh And cloud-init
Introduction
We have the host machine with the OS Ubuntu 22.04. On this PC or server, we will create two virtual machine guests:
myubuntu2204test01
having static IP of192.168.122.146
myubuntu2204test02
having static IP of192.168.122.147
The guest VMs will use the default network created by libvirt
. The gateway IP for the default network
is 192.168.122.1
.
We will achieve automation using libvirt
, qemu
and cloud-init
. To go through the article and exercise,
you should have a rudimentary understanding of Linux system administration and networking.
Loading SSH Key Into Memory
So, you have an SSH key pair. The public key has been added on to the server. On the client, ie your laptop/desktop you have your private key. For some reason, your private key has not been loaded into memory.
All you have to do is start the ssh-agent
and then load the key into memory via ssh-add
.
Step 1: Start the agent
eval $(ssh-agent)
Step 2: load the key into memory
Linux KVM Bridge
Using Linux KVM, Expose Virtual Guests On The LAN
Audience: The blog post is for beginner to intermediary Linux system administrators.
- You should have a thorough understanding of the shell commands and
- be comfortable on the command line
- be able to install and configure packages, etc.
- be able to start and stop services using
systemd
- be familiar with Linux configuration files
- be able to set Linux kernel parameters using
sysctl
- be able to enable and disable Kernel modules
- be comfortable installing and using guest VMs using
libvirt
You should have a rudimentary understanding of networking concepts and tooling such as
The Ansible Learning Path
Ansible Prerequisites
Before jumping on to learning Ansible, have a firm grounding in Linux system administration and shell scripting. You can use Ansible for a lot of automation projects. The primary target audience for this blog post are DevOps engineers, IT infrastructure engineers and system administrators who create and manage IT infrastructure to run workloads. A good understanding of YAML is required before starting to write Ansible playbooks. A background in at least one programming language helps. Python programing is not a requirement per se. But Python programming familiarity helps put together some automated testing.
DevOps Lab: Create Your Own Kubernetes Cluster
Architecture 1: Kubernetes Control Plane Without HA
Create three Virtual Machine guests on your laptop or workstation.
VM 01
- Kubernetes Control PlaneVM 02, VM 03
- Kubernetes Worker nodes
Architecture 2: Kubernetes Control Plane With HA
Create five Virtual Machine guests on your laptop or workstation.
VM 01, VM 02, VM 03
- Kubernetes Control Plane with HAVM 04, VM 05
- Kubernetes Worker nodes
Use the Kubeadm
tool to create the cluster.
Linux virtualization
KVM (Kernel-based Virtual Machine), libvirt
, and QEMU are three components that work together to provide a
virtualization solution on Linux systems.
KVM is a virtualization infrastructure built into the Linux kernel that allows it to run multiple virtual machines (VMs) on a single physical host. It provides the underlying virtualization technology, such as hardware acceleration for virtualized CPU and memory, and device emulation.
Learning Linux For DevOps
Introduction
If you have chosen the DevOps engineering path for your career, Linux system administration skills are a must. Companies run their workloads on Linux on-premise as well as in the cloud. Many developers write software on their Linux laptops and workstations. In this post, I will lay out a plan to master Linux system administration skills. The journey begins with you becoming a Linux desktop user. Gradually, you start using your laptop as a Linux server. Become more productive and create your own labs using virtualization. You will be able to simulate a lot of Linux infrastructure scenarios on your laptop.
The DevOps Path
- Learn Linux. Install Linux on your laptop. Get familiar with Linux commands. Learn virtualization. Unlock the path to learn more Linux.
- Programming. Acquiring some programming skills using a general purpose programming language like Python goes a long way. Learning some web development is required in most DevOps engineering contexts. Although you don’t have to be an expert in web development, you should have a clear understanding of workloads consisting of web applications and microservices. Learning some HTML, CSS and JavaSript is required for web development. At this point, you have to learn at least one database system. I recommend PostgreSQL to get started with relational database system. Git is also an essential tool to manage source code.
- Automation is the cornerstone of DevOps engineering. Learn the basics of automation with Ansible and shell scripting.
- CI/CD. The purpose of DevOps is to create a culture and practice where developers can ship their applications
to customers quickly, safely and continuously. The
CI/CD
pipelines often constitute the backbone of the DevOps practice. Jenkins is a popular tool to createCI/CD
pipelines. Learn the basics of Jenkins and create pipelines to automatically test and deploy applications. - Observability and monitoring. Start with Linux commands such as
top
,free
,du
and progress towards Prometheus. The typical Prometheus stack includes Alert Manager and Grafana. Then explore the world of traces with tools such as Jaeger and OpenTelemetry. - Kubernetes. The quintessential container orchestration platform.
- Cloud engineering. Start with one of the popular clouds such as
AWS
,Azure
orGCP
. - IAC. Take automation to the next level in the cloud. Use Terraform to orchestrate resources in the cloud.
Tech Chorus References
- Learning Linux For Devops
- Preparing For A DevOps Engineer Job With A Personal Project
- Three Day Plan To Learn Git
Learning Resources
DevOps
- Coursera Course: Google IT Automation with Python Professional Certificate
- Crash Course On Python
- Using Python to Interact with the Operating System
- Introduction to Git and GitHub
- Troubleshooting and Debugging Techniques
- Configuration Management and the Cloud
- Automating Real-World Tasks with Python
Python
- Free interactive Python tutorial: LearnPython.org
Sysctl
Introduction
The Linux Kernel parameters are settings that can be configured to control the behavior of the Linux kernel. They are typically used to fine-tune system performance or to enable/disable certain features.
Some examples of kernel parameters include:
Memory-related parameters: These parameters control how the kernel manages system memory, including how much memory is allocated to user processes and how aggressively the kernel caches data.
Processor-related parameters: These parameters control how the kernel interacts with the system’s processors, including how it schedules processes and how it handles interrupts.
Preparing For A DevOps Engineer Job With A Personal Project
The blog post attempts to answer some questions like:
- How to become a DevOps engineer?
- How to prepare for a DevOps engineer interview?
- How to get a DevOps engineer job?
In a previous blog post, I wrote about the path an aspiring DevOps engineer could follow.
In this blog post, I will lay out a concrete plan using which you can prepare yourself for a DevOps engineer job. If you follow the steps carefully, you will be armed with practical DevOps knowledge, and you will be able to apply for DevOps engineer jobs confidently.
Tech Chorus Blog Hosting Story
The Tech Chorus blog by Sudheer Satyanarayana started way back in 2008. The blog has used various hosting technologies and software over the years.
Initially, the blog site used Drupal content management system. LAMP was a popular technology stack those days. Drupal was one of my favorite CMSes back then. The Drupal site was hosted on a cPanel server.
As life progressed, there was not enough time to patch Drupal and its plugins. Upgrading between major versions of Drupal also took considerable amount of time and effort. I moved on to a static site generator. I found and loved Lektor. With Lektor, I managed the content on my workstation and generated the static site. I used to deploy the generated static site to an AWS EC2 instance with Nginx.
SSH Key Management
What is SSH Key Management?
The blog post is intended towards someone new to SSH key management. Do you have just one SSH key pair? Do you have multiple key pairs? What are some pros and cons of having single or multiple key pairs? The post answers such questions about SSH key usage in practice.
The Premise
So, someone walked up to you or in a video call asked for your SSH public key?
Run Your Own OpenVPN Server
Introduction
The article explains how to run your own OpenVPN server. We will create a Certificate Authority Server and an OpenVPN server. We will also generate certificates for the clients. We will also learn how to manage revocation of client certificates using the Ansible roles.
Use the Ansible roles gavika.openvpn and gavika.easy_rsa to install and configure your OpenVPN server.
You can install the OpenVPN server on any public cloud or hosting provider or on-premise servers. The Ansible roles
are designed to install the OpenVPN
server and a Certificate Authority
server.
PostgreSQL Cheatsheet
Install PostgreSQL Server
Fedora and CentOS:
sudo dnf install postgresql-server
Ubuntu 18.04:
sudo apt install postgresql
New Server Initialization
On CentOS 7/Fedora 30:
sudo postgresql-setup initdb
Upgrading From An Older Version
sudo postgresql-setup --upgrade
Administering The Database Server
Managing The postgresql
Daemon
Starting PostgreSQL server
sudo systemctl start postgresql
Checking PostgreSQL Server Status:
sudo systemctl status postgresql
Enabling PostgreSQL Server Systemd Unit/Enabling PostgreSQL Server On Boot:
sudo systemctl enable postgresql
Allowing Password Based Login From localhost
Edit /var/lib/pgsql/data/pg_hba.conf
as privileged user(root) and add this line: