If anyone need freelance AWS/Linux Infrastructure Support Services, feel free to contact me during UK/Portugal time from 19:00pm till 01:00 am.
Whatsapp:- +91 8848974925
+351 920195171
Skype :- linuxgeeknotes Gmail :- linuxgeeknotes
If anyone need freelance AWS/Linux Infrastructure Support Services, feel free to contact me during UK/Portugal time from 19:00pm till 01:00 am.
Whatsapp:- +91 8848974925
+351 920195171
Installation::
========================
Download keycloak from keycloak.org/downloads
wget https://github.com/keycloak/keycloak/releases/download/22.0.3/keycloak-22.0.3.tar.gz
tar -zxvf keycloak-22.0.3.tar.gz
Create Self-signed certificate for Keycloak
openssl req -newkey rsa:2048 -nodes -keyout keycloak-server.key.pem -x509 -days 3650 -out keycloak-server.crt.pem
Copy the key and cert to /usr/share/ssl-cert/
cd keycloak-22.0.3
cd conf
Edit keycloak.conf to update hostname, certificate and key location in Prod Environment. As this is a test environment, I am using a self-signed certificate and the server local ipaddress.
https-certificate-file=/usr/share/ssl-cert/keycloak-server.crt.pem
https-certificate-key-file=/usr/share/ssl-cert/keycloak-server.key.pem
hostname=172.16.22.136
Goto Keycloak/bin and run the build and start up commands below
./kc.sh build
nohup ./kc.sh start &
Configuration::
==============================
For Keycloak server configuration follow the server administration doc in the Url:- https://www.keycloak.org/docs/latest/server_admin/
Initially login to the Keycloak as admin user. You can create the admin user and password from the console or set environment variables
KEYCLOAK_ADMIN=admin
KEYCLOAK_ADMIN_PASSWORD=password
Create New Realm under the Create Realm Menu. A realm manages a set of users, credentials, roles and groups. Master realm is provided as a default realm in Keycloak. Creating multiple realms can enable multiple tenency.
To enable Client Authentication, Goto Clients--> Enable Client Authentication
If we are compiling a lot of source code files and something goes wrong half way through, it might be nice to be able to pick where we left off in order to finish compiling after we fix the error. Below is an example of a simple Makefile
make command will follow the Makefile and some of the make command directives are below:-
make clean
make install
make all
make uninstall
====================
root@debian:~# cat Makefile
all: program
program: main.o factorial.o
g++ main.o factorial.o -o program
main.o: main.cpp
g++ -c main.cpp
factorial.o: factorial.cpp
g++ -c factorial.cpp
clean:
rm -rf *.o program
=====================
=====================
root@debian:~# cat factorial.cpp
#include "functions.h"
int factorial(int n){
if(n!=1){
return(n * factorial(n-1));
} else return 1;
}
======================
======================
root@debian:~# cat functions.h
int factorial(int n);
======================
======================
root@debian:~# cat main.cpp
#include <iostream>
using namespace std;
#include "functions.h"
int main(){
cout << endl;
cout << "The factorial of 5 is " << factorial(5) << endl;
return 0;
}
=======================
Kernel Compilation in Debian from 6.1.0 to 6.5.3
uname -r
6.1.0
Download the linux kernel version
wget https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.5.3.tar.xz
Untar it
tar -xf linux-6.5.3.tar.xz
Install the necessary dependencies
apt-get install build-essential linux-source bc kmod cpio flex libncurses5-dev libelf-dev libssl-dev dwarves bison
Reboot the server
Run the below commands
make mrproper
This removes any configuration files that might have been accidentally left over from previous builds.
Copy the old .config file
make olddefconfig
Run the below command to make the configuration changes in .config file.
make menuconfig
Running make localmodconfig will take your current .config and turn off any unused modules.
make localmodconfig
Build the New Kernel
make -j$(nproc)
Install the kernel modules and the kernel itself:
make modules_install
make install
Reboot the server
shutdown -r now
Run the uname command to know the kernel version
uname -r
6.5.3
Sample OS Patching Ansible Yaml Code:
=======================================
---
- name: OS patching of Webservers
hosts: webservers
serial: 2
become: true
tasks:
- name : Stop Httpd Service
service:
name: httpd
state: stopped
when: ansible_distribution == 'CentOS'
- name : Stop Apache2 Service
service:
name: apache2
state: stopped
when: ansible_distribution == 'Ubuntu'
- name : Stop Tomcat Service
service:
name: tomcat
state: stopped
- name : Stop Keycloak Service
service:
name: keycloak
state: stopped
- name: Verify processes are not running
shell: if ps -eaf | egrep 'apache|http|tomcat|keycloak'|grep -v grep > /dev/null ;then echo 'process_running';else echo 'process_not_running';fi
ignore_errors: true
register: result_process_check
- name: Run Backup Script prior OS patch
shell: sh /opt/scripts/backup_prior_os_patch.sh
- name: Centos OS paching
yum:
name: '*'
state: latest
when: result_process_check.stdout == "process_not_running" and ansible_os_family == "RedHat"
- name: Update Ubuntu repositories cache
apt:
update_cache: yes
when: result_process_check.stdout == "process_not_running" and ansible_os_family == "Debian"
- name: Update all packages to their latest version
apt:
name: "*"
state: latest
when: ansible_os_family == "Debian"
- name: Upgrade the OS (apt-get dist-upgrade)
apt:
upgrade: dist
when: ansible_os_family == "Debian"
- name: Rebooting the servers
reboot:
msg: "Rebooting Servers After Kernel Patching"
connect_timeout: 5
reboot_timeout: 300
pre_reboot_delay: 0
post_reboot_delay: 30
test_command: uptime
ignore_errors: true
- name: pause for 180 secs
pause:
minutes: 3
Some Usable Adhoc commands:
================================
Creating a file on all remote clients
# ansible all –m file –a “path=/home/vishnu/vishnu1 state=touch mode=700”
Deleting a file on all remote clients
# ansible all –m file –a “path=/home/vishnu/vishnu1 state=absent”
Copying a file to remote clients
# ansible all –m copy –a “src=/tmp/vishnu2 dest=/home/vishnu/vishnu2”
Installing package (telnet and httpd-manual)
# ansible all –m yum –a “name=telnet state=present”
# ansible all –m yum –a “name=httpd-manual state=present”.
Starting httpd package service
# ansible all –m service –a “name=httpd state=started”
Start httpd and enable at boot time
# ansible all –m service –a “name=httpd state=started enabled=yes”
Checking httpd service status on remote client
# ansible all –m shell -a “systemctl status httpd”
Remove httpd package
# ansible all –m yum –a “name=httpd state=absent”
OR
# ansible all –m shell -a “yum remove httpd”.
Creating a user on remote clients
# ansible all –m user –a “name=appu home=/home/appu shell=/bin/bash state=present”
To add a user to a different group
# ansible all –m user –a “name=appu group=vishnu”
Deleting a user on remote clients
# ansible all –m user –a “name=appu home=/home/appu shell=/bin/bash state=absent”
OR
# ansible all –m shell –a “userdel appu”
Getting system information from remote clients
# ansible all –m setup
You can run commands on the remote host without a shell module e.g. reboot client1
# ansible client1 –a “/sbin/reboot”
Mysql server Installation:
- name: Install Mysql server, Create database with remote login
become: yes
hosts: localhost
vars:
Mysql_DB: mysqldb
Mysql_User: mysql_user
Mysql_Pass: Password
tasks:
- name: Mysql Installation
package:
name: "{{item}}"
state: present
update_cache: yes
loop:
- mysql-server
- mysql-client
- python3-mysqldb
- libmysqlclient-dev
become: yes
- name: start and enable mysql service
service:
name: mysql
state: started
enabled: yes
- name: create the user
mysql_user:
name: "{{ Mysql_User }}"
password: "{{ Mysql_Pass }}"
priv: '*.*:ALL'
host: '%'
state: present
- name: creating the database
mysql_db:
name: "{{ Mysql_DB }}"
state: present
- name: Enable remote login to mysql
lineinfile:
path: /etc/mysql/mysql.conf.d/mysqld.cnf
regexp: '^bind-address'
line: 'bind-address = 0.0.0.0'
backup: yes
notify:
- Restart mysql
handlers:
- name: Restart mysql
service:
name: mysql
state: restarted
Some Examples of File Module:
---
- name: Check if the file or Direcory exists
hosts: localhost
become: true
any_errors_fatal: true
vars:
directory: "/tmp"
tasks:
- name: Check the status
stat:
path: "{{directory}}"
register: result
- name: Directory Status
debug:
msg: "Directory {{directory}} present"
when: result.stat.isdir is defined and result.stat.isdir ====================================================================================---====================================================================================
- name: Check if the file exists
hosts: localhost
vars:
file_path: "/tmp/test"
become: true
tasks:
- name: Check the file status
stat:
path: "{{file_path}}"
register: result
- name: File Exists
debug:
msg: "File Exists"
when: result.stat.exists
- name: File don't Exists
debug:
msg: "File don't exists"
when: not result.stat.exists---
- name: File Ownership
hosts: localhost
vars:
file_name: "/tmp/a"
become: true
tasks:
- name: Change ownership of file
file:
path: "{{file_name}}"
owner: vishnu
group: vishnu
mode: 0777 =================================================================================---
- name: Create Symbolic link
hosts: localhost
become: true
vars:
sym_link: "/tmp/test1"
source: "/tmp/test"
tasks:
- name: Symbolic link creation
file:
src: "{{source}}"
dest: "{{sym_link}}"
state: link ==================================================================================---
- name: Hard Link
hosts: localhost
become: true
vars:
source: "/tmp/a"
destin: "/tmp/b"
tasks:
- name: "Hard Link"
file:
src: "{{source}}"
dest: "{{destin}}"
state: hard =================================================================================
Install Apache on Centos Servers:
---
- name: Install httpd and start the service
hosts: localhost
become: true
tasks:
- name: install http
yum:
name: httpd
state: latest
- name: Copy the configuration file
file:
src: /tmp/httpd.conf
dest: /etc/httpd/httpd.conf
notify:
Restart Apache
- name: Start Apache service
service:
name: httpd
state: started
enabled: true
handlers:
- name: Restart Apache
service:
name: httpd
state: restarted
Basic Postgresql Installtion as a Single Node:
---
- name: Install postgres
hosts: localhost
become: true
tasks:
- name: Install postgres
yum:
name:
- postgresql
- postgresql-server
- postgresql-contrib
- postgresql-libs
- python3-psycopg2
state: present
- name: Postgresql initialized or not
stat:
path: /var/lib/pgsql/data/pg_hba.conf
register: result
- name: InitDB
shell: postgresql-setup initdb
when: not result.stat.exists
- name: Open port for postgresql
firewalld:
service: postgresql
permanent: true
state: enabled
notify:
- Reload firewalld
- name : Start service
service: postgresql
state: started
enabled: true
handlers:
- name: Reload firewalld
service: firewalld
state: reloaded
Postgresql Database Dump and restore Using Ansible
---
- name: Take the backup
hosts: localhost
tasks:
- name: DB backup
postgresql_db:
name: postgres
state: dump
target: /backup/postgresql.sql.gz ================================================================---
- name: Restore from Dump
hosts: db1
tasks:
- name: Restore DB
postgresl_db:
name: db1
state: restore
target: /tmp/backup.sql.gz
become: true
become_user: postgres
Ansible code to update /etc/hosts on remote servers.
# Update host file
---
- name: Update host file
hosts: localhost
become: true
tasks:
- name: Generate /etc/hosts file
blockinfile:
state: present
dest: /etc/hosts1
content: |
10.1.1.1 demo demo0.linuxgeeknotes.com
10.0.0.0 demo1 demo1.linuxgeeknotes.com
10.2.2.2 demo2 demo2.linuxgeeknotes.com
Configure NFS Server
==================
---
- name : NFS Server Installation and Configuration
hosts: localhost
become: yes
vars:
- share : "/linuxgeeknotes/share/"
- fstab_entry: "10.5.0.0/24(rw,sync,root_squash)"
tasks:
- name: Install NFS Server
apt:
name: nfs-kernel-server
state: present
- name: Create Share Directory
file:
path: {{share}}
state: directory
mode: 0777
user: linuxgeeknotes
group: linuxgeeknotes
- name: Updating the export file
lineinfile:
path: /etc/exports
state: present
line: "{{share}} {{fstab_entry}}"
notify: Restart NFS Server
- name: Run Exportfs
command: "exportfs -a"
- name: Open Firewall for NFS Service
ufw:
service: {{item}}
state: enabled
permanent: true
immediate: true
with_items:
- nfs
- mountd
handlers:
- name: Restart NFS Server
service:
name: nfs-kernel-server
state: restarted
enabled: true