Tech Punch

Wednesday, 4 August 2021

Setup NFS Server on Centos 8

Server and Client OS = CentOS Linux release 8.4.2105

NFS = Network File System

NFS Server Hostname = nfsserver.jk.com

IP Address = 192.168.111.129/24

NFS Client Hostname = nfsclient.jk.com

IP Address = 192.168.111.128/24

NFS Directory = /nfsdata

NFS mount point = /mnt/data

NFS Server setup

Install nfs-utils on server.

[root@nfsserver nfsdata]# yum install nfs-utils

To make nfs-server service enabled on reboot

[root@nfsserver nfsdata]# systemctl enable nfs-server

Starting nfs server service

[root@nfsserver nfsdata]# systemctl start nfs-server

Check status of nfs-server

[root@nfsserver nfsdata]# systemctl status nfs-server

● nfs-server.service - NFS server and services

Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; enabled; vendor preset: disabled)

Drop-In: /run/systemd/generator/nfs-server.service.d

└─order-with-mounts.conf

Active: active (exited) since Wed 2021-08-04 21:31:04 IST; 3s ago

Process: 2042 ExecStopPost=/usr/sbin/exportfs -f (code=exited, status=0/SUCCESS)

Process: 2040 ExecStopPost=/usr/sbin/exportfs -au (code=exited, status=0/SUCCESS)

Process: 2039 ExecStop=/usr/sbin/rpc.nfsd 0 (code=exited, status=0/SUCCESS)

Process: 2067 ExecStart=/bin/sh -c if systemctl -q is-active gssproxy; then systemctl reload gssprox>

Process: 2056 ExecStart=/usr/sbin/rpc.nfsd (code=exited, status=0/SUCCESS)

Process: 2055 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)

Main PID: 2067 (code=exited, status=0/SUCCESS)

Aug 04 21:31:04 nfsserver.jk.com systemd[1]: Starting NFS server and services...

Aug 04 21:31:04 nfsserver.jk.com systemd[1]: Started NFS server and services.

[root@nfsserver nfsdata]#

Firewall requirements

Services to be allowed = rpc-bind, nfs

[root@nfsserver /]# firewall-cmd --permanent --add-service=rpc-bind

success

[root@nfsserver /]# firewall-cmd --permanent --add-service=nfs

success

[root@nfsserver /]# firewall-cmd --reload

success

[root@nfsserver /]# firewall-cmd --list-all

public

target: default

icmp-block-inversion: no

interfaces:

sources:

services: cockpit dhcpv6-client mountd nfs rpc-bind ssh

ports:

protocols:

masquerade: no

forward-ports:

source-ports:

icmp-blocks:

rich rules:

[root@nfsserver /]#

Create a new directory on server that will be shared to client.

[root@nfsserver /]# mkdir nfsdata

[root@nfsserver /]#

Add nfs export details to the exports file.

[root@nfsserver /]# cat /etc/exports

/nfsdata 192.168.111.0/24(rw,no_root_squash,sync)

[root@nfsserver /]#

Export the mounts created on exports file.

[root@nfsserver /]# exportfs -rv

exporting 192.168.111.0/24:/nfsdata

[root@nfsserver /]#

Mount nfs directory on Client machine

Run showmount to see if we are getting the exported directory from client machine.

[root@nfsclient ~]# showmount -e 192.168.111.129

Export list for 192.168.111.129:

/nfsdata 192.168.111.0/24

[root@nfsclient ~]#

[root@nfsclient ~]# mount -t nfs 192.168.111.129:/nfsdata /mnt/data

[root@nfsclient ~]# df -h

Filesystem Size Used Avail Use% Mounted on

devtmpfs 877M 0 877M 0% /dev

tmpfs 896M 0 896M 0% /dev/shm

tmpfs 896M 8.7M 887M 1% /run

tmpfs 896M 0 896M 0% /sys/fs/cgroup

/dev/mapper/cl_test-root 37G 1.7G 36G 5% /

/dev/sda1 1014M 195M 820M 20% /boot

tmpfs 180M 0 180M 0% /run/user/0

192.168.111.129:/nfsdata 37G 1.7G 36G 5% /mnt/data

Create a test file under the nfs mount in client

[root@nfsclient ~]# cd /mnt/data/

[root@nfsclient data]# touch testnew

[root@nfsclient data]# ls

testnew

[root@nfsclient data]# echo "This is a new test file" > testnew

[root@nfsclient data]# cat testnew

This is a new test file

[root@nfsclient data]#

Make mount point persistent over reboot.

To ensure mount point come up during reboot - add it to fstab as below,

[root@nfsclient ~]# cat /etc/fstab

# /etc/fstab

# Created by anaconda on Sat Jul 31 05:53:32 2021

# Accessible filesystems, by reference, are maintained under '/dev/disk/'.

# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.

# After editing this file, run 'systemctl daemon-reload' to update systemd

# units generated from this file.

/dev/mapper/cl_test-root / xfs defaults 0 0

UUID=1e6b0524-90a5-49d8-aff0-466bac22a3b4 /boot xfs defaults 0 0

/dev/mapper/cl_test-swap none swap defaults 0 0

192.168.111.129:/nfsdata /mnt/data nfs defaults 0 0

[root@nfsclient ~]#

Lets unmount and validate if it is getting mounted automatically.

[root@nfsclient ~]# umount /mnt/data

Now issue mount -a to see if it mounts automatically.

[root@nfsclient ~]# mount -a

[root@nfsclient ~]# df -h

Filesystem Size Used Avail Use% Mounted on

devtmpfs 877M 0 877M 0% /dev

tmpfs 896M 0 896M 0% /dev/shm

tmpfs 896M 8.7M 887M 1% /run

tmpfs 896M 0 896M 0% /sys/fs/cgroup

/dev/mapper/cl_test-root 37G 1.7G 36G 5% /

/dev/sda1 1014M 195M 820M 20% /boot

tmpfs 180M 0 180M 0% /run/user/0

192.168.111.129:/nfsdata 37G 1.7G 36G 5% /mnt/data

[root@nfsclient ~]#

Verify if server showing newly created file and its content.

[root@nfsserver nfsdata]# cat testnew

This is a new test file

[root@nfsserver nfsdata]# pwd

/nfsdata

[root@nfsserver nfsdata]#

Wednesday, 30 June 2021

Docker image push

To push a image to docker hub follow below,

Use docker container ls command to list running container image details.

[root@jkcli ~]# docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cb72f5d90279 httpd "httpd-foreground" 21 minutes ago Up 21 minutes 0.0.0.0:8080->80/tcp, :::8080->80/tcp jkapache
[root@jkcli ~]#

Use docker container commit command to commit container as a image with tag.

[root@jkcli ~]# docker container commit cb72f5d90279 jk-httpd:test
sha256:8daf5db17d6fdb0fd6ceea7e4d6ed38d22c3fdad6375f479ed6fc7986eec4a61
[root@jkcli ~]#

You can now list and see the created image is available.

[root@jkcli ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
jk-httpd test 8daf5db17d6f About a minute ago 189MB
httpd latest 30287d899656 7 days ago 138MB
nginx latest d1a364dc548d 5 weeks ago 133MB
[root@jkcli ~]#

To upload your newly created image to docker hub. First you have to login to docker with docker login credentials. To do this use, docker login command.

[root@jkcli ~]# docker login

Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.

Username: karthick04

Password: XXXXX

Now we can tag the image across the repository created in the docker hub. Here I have already created a repository karthick04/jkrepo.

Command : docker tag source_image:tag target_image:tag

[root@jkcli ~]# docker tag jk-httpd:test karthick04/jkrepo:version1
REPOSITORY TAG IMAGE ID CREATED SIZE
karthick04/jkrepo version1 8daf5db17d6f 9 minutes ago 189MB
jk-httpd test 8daf5db17d6f 9 minutes ago 189MB
httpd latest 30287d899656 7 days ago 138MB
nginx latest d1a364dc548d 5 weeks ago 133MB
[root@jkcli ~]#

[root@jkcli ~]# docker image ls

To push the image finally to the docker hub use docker image push command.

[root@jkcli ~]# docker image push karthick04/jkrepo:version1
The push refers to repository [docker.io/karthick04/jkrepo]
c54811c7708d: Pushed
dfd488a286c9: Pushed
15176fdb9a61: Pushed
61172cb5065c: Pushed
9fbbeddcc4e4: Pushed
764055ebc9a7: Pushed
version1: digest: sha256:c6271d65a6b6a4b6274adcbd51b0ddd5dab1b94b8112ccdbd7d407770bdb238b size: 1578
[root@jkcli ~]#

Successfully we have pushed the image to docker hub, we can see this image in docker hub now

https://hub.docker.com/r/karthick04/jkrepo

Also you can pull same image using docker pull karthick04/jkrepo:version1

[root@jkcli ~]# docker pull karthick04/jkrepo:version1
version1: Pulling from karthick04/jkrepo
b4d181a07f80: Already exists
4b72f5187e6e: Already exists
12b2c44d04b2: Already exists
ef481fc2a03a: Already exists
d483d945fcab: Already exists
6b6a1b4ae105: Pull complete
Digest: sha256:c6271d65a6b6a4b6274adcbd51b0ddd5dab1b94b8112ccdbd7d407770bdb238b
Status: Downloaded newer image for karthick04/jkrepo:version1
docker.io/karthick04/jkrepo:version1
[root@jkcli ~]# docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
karthick04/jkrepo version1 8daf5db17d6f 26 minutes ago 189MB
httpd latest 30287d899656 7 days ago 138MB
nginx latest d1a364dc548d 5 weeks ago 133MB
[root@jkcli ~]#

Bash into a container

After creating a container in detach mode. If you are looking to bash into a container then you can follow this.

There is a docker exec command that can be used to execute a command on a container that is already running.

Use docker ps to get the name of the existing container

[root@jkcli ~]# docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

cb72f5d90279 httpd "httpd-foreground" 17 minutes ago Up 17 minutes 0.0.0.0:8080->80/tcp, :::8080->80/tcp jkapache

[root@jkcli ~]#

Use command docker exec -it <container name> /bin/bash to bash into a container

[root@jkcli ~]# docker exec -it cb72f5d90279 /bin/bash

root@cb72f5d90279:/usr/local/apache2#

Beginner common mistakes with Docker container

Container run/re-run

When you create a container and then exit it. The container only stops but it still is lying there in stopped/Exited state. You cannot re-run a new container with the same name.

Running httpd container

[root@jkcli ~]# docker container run --name jkapache -p 8080:80 httpd
Unable to find image 'httpd:latest' locally
latest: Pulling from library/httpd
b4d181a07f80: Pull complete
4b72f5187e6e: Pull complete
12b2c44d04b2: Pull complete
ef481fc2a03a: Pull complete
d483d945fcab: Pull complete

Later when i exit this container and try to run same container it will give me below error.

[root@jkcli ~]# docker container run --name jkapache -p 8080:80 httpd -d

docker: Error response from daemon: Conflict. The container name "/jkapache" is already in use by container "28c5bc35be99e59baf5ce076bdfad683188b64d2e47d7483e8cfc86a764f832c". You have to remove (or rename) that container to be able to reuse that name.

see 'docker run --help'.

However if you check "docker container ls" command, it will show no container running.

[root@jkcli ~]# docker container ls

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

[root@jkcli ~]#

This is because docker container ls command will show only running containers at that point in time.

we have to use -a to list all containers.

[root@jkcli ~]# docker container ls -a

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

28c5bc35be99 httpd "httpd-foreground" 2 minutes ago Exited (0) About a minute ago jkapache

1cb4b275776a nginx "/docker-entrypoint.…" 10 days ago Exited (0) 10 days ago jk

[root@jkcli ~]#

Remove docker container

Now remove these docker container and then we can try running the docker like below,

[root@jkcli ~]# docker container ls -a

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

28c5bc35be99 httpd "httpd-foreground" 15 minutes ago Exited (0) 14 minutes ago jkapache

1cb4b275776a nginx "/docker-entrypoint.…" 10 days ago Exited (0) 10 days ago jk

[root@jkcli ~]# docker container rm 28c5bc35be99

28c5bc35be99

Running docker container with detatch

[root@jkcli ~]# docker container run -d --name jkapache -p 8080:80 httpd

cb72f5d90279fcdef02b3715a04cec20043c23f10a8e548ac7a0cf4789640788

[root@jkcli ~]# docker container ls

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

cb72f5d90279 httpd "httpd-foreground" 4 minutes ago Up 4 minutes 0.0.0.0:8080->80/tcp, :::8080->80/tcp jkapache

[root@jkcli ~]#

Friday, 18 June 2021

Docker installation issues

Docker Installation issues

This document is intended to cover Docker Engine installation issue.

Scenario 1: Installing Docker CE on CentOS 8.4 Server GUI

Installing Docker CE on Centos 8.4 should be pretty simple using the script https://get.docker.com/

However you should consider some pre-requisites to perform a smooth installation of Docker CE

Version Involved:

Linux : CentOS Linux release 8.4.2105

Docker : Docker version 20.10.7, build f0df350

CentOS 8.4 Server GUI version is found to have default containerd packages which would conflict Docker CE installation. Before proceeding with Installation we must remove these conflicts.

Packages to be removed : runc, container-selinux

#yum remove runc
#yum remove container-selinux

Now we can install Docker CE successfully using Docker installation script

curl -fsSL https://get.docker.com -o get-docker.sh

sh get-docker.sh

Monday, 18 March 2019

Run levels in Linux

This document is intended to brief us about the Linux booting procedure.

Once the kernel finished its loading, /etc/initab file is loaded.
The /etc/inittab file is used to set the default run level for the system. Applications/services that are started by init are located in the /etc/rc.d folder. Within this directory there is a separate folder for each run level, eg rc0.d, rc1.d, and so on.

There are 7 Runlevel in linux 0 to 6 explained below,

0 - /etc/rc.d/rc0.d - This is system HALT - this run level will shutdown the system.

1 - /etc/rc.d/rc1.d - This is single user mode - booting with this runlevel will boot with basic command line interface without loading network modules/graphics. Doesn't allow non-root login.

2 - /etc/rc.d/rc2.d - This is multi-user mode - When booting with runlevel 2, network module is not loaded.

3 - /etc/rc.d/rc3.d - This is multi-user mode with network - Boots with network modules and allows multi user modules. System will be booting normally.

4 - /etc/rc.d/rc4.d - This is still undefined/not usable can be user defined.

5 - /etc/rc.d/rc5.d- This is similar to the init level 3 which boots with X11 graphic interface.

6 - /etc/rc.d/rc6.d - This is reboot - When runlevel 6 is called it will reboot the system.

Init is the program that bring up all the other processes. It runs as a daemon and Process ID for Init is 1. This is the first process to run on a linux/unix machine.

You can provide which Runlevel the system will boot with as a kernel boot parameter.

Thursday, 28 February 2019

Network Gateway

Network Gateway

In computer network, a network gateway is a device/software which acts as a gate between intranet/internet. Any piece of information that is on the internet and you want to access them without passing through the Network gateway you will not be able to access them.

Like the name gateway - It is like a gate in your room where without opening your gate you cannot access/reach outside world.

A network gateway can be a router/L3 Switch/Proxy Software/Firewall.

When you assign gateway IP to a desktop/server you must confirm that from your desktop/server you are able to reach the gateway using ping.