Archive for October, 2018

Create user in Azure AD and give him read rights over subscription and Site recovery contributor role over Azure Recovery Vault

1.PNG

Encrypt password file and install Azure module:

$username = "user@example.com"
$pwdTxt = Get-Content "C:\ExportedPassword.txt"
$securePwd = $pwdTxt | ConvertTo-SecureString
$cred = new-object -typename System.Management.Automation.PSCredential `
-argumentlist $username, $securePwd
Login-AzureRmAccount -Credential $cred | out-null
$vault = Get-AzureRmRecoveryServicesVault -Name "Vault"
$VaultFileLocation = Get-AzureRmRecoveryServicesVaultSettingsFile -SiteRecovery -Vault $vault
Import-AzureRmRecoveryServicesAsrVaultSettingsFile -Path $VaultFileLocation.FilePath
$Fabrics = Get-AzureRmRecoveryServicesAsrFabric
$Containers = Get-AzureRmRecoveryServicesAsrProtectionContainer -Fabric $Fabrics
$items = Get-AzureRmRecoveryServicesAsrReplicationProtectedItem -ProtectionContainer $Containers
$filename = "C:\trapper.imports";
write-host $filename;
foreach ($item in $items)
{
'"{0}" {1}' -f "server",'replication['+$item.RecoveryAzureVMName+']',""""+$item.ReplicationHealth+"""" | Add-Content -LiteralPath $filename -Encoding "Default" -Force;
}
cd "C:\Program Files\Zabbix Agent\bin\win64"
.\zabbix_sender.exe -z zabbix_server -p 10051 -c "C:\Program Files\Zabbix Agent\conf\zabbix_agentd.win.conf" -i $filename -vv
rm -Path $VaultFileLocation.FilePath
rm -Path $filename

 

Create zabbix item:

Name/key:replication[VM01]
Type:trapper

Type of infomation:Text

 

Create Trigger:
{server:replication[VM1].str(“Critical”)}=1 or {server:replication[VM01].nodata(180m)}=1

Schedule it by Task Scheduler:

Program/Script: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Add argument: (Optional): “C:\azure_replication.ps1”

Strart in (Optional): C:\

Advertisements

On SQL server create stored procedure for collecting Job status:

CREATE PROCEDURE [dbo].[usp_job_server_error] @job_name VARCHAR(100) AS
BEGIN
SET NOCOUNT ON
SELECT j.NAME AS '[JOB]',
CASE
WHEN jh.run_statusIN ( 0, 1, 2, 3, 4 ) THEN jh.run_status
ELSE ( CASE
WHEN ja.run_requested_dateIS NOT NULL
AND ja.stop_execution_dateIS NULL THEN 4
ELSE -1
END ) END  AS '[STATUS]',
ja.run_requested_date AS '[LAST_EXECUTION]'
WHERE  ja.session_id = (SELECT Max(session_id)
AND j.enabled = 1
AND j.name = ISNULL(@job_name, j.name)
--AND (j.name LIKE ISNULL(@identifier, 'HIGH')+'%' OR j.name LIKE ISNULL(@identifier, 'DISASTER')+'%')
SET NOCOUNT OFF
END;
GO

Script for getting data from stored procedure and sending it to Zabbix:

 

$data = $(foreach ($line in sqlcmd -Q "exec dbo.usp_job_server_error @job_name=sql job" -E -s ":") { $l=$line.split()[0]; $s=$line.split(":")[1] ; "$s"})
$result=$data[2..$data.length]
cd "C:\Program Files\Zabbix Agent\bin\win64"
.\zabbix_sender.exe-z zabbix_server -p 10051 -s zabbix_host -c "C:\Program Files\Zabbix Agent\conf\zabbix_agentd.win.conf" -k sql.job[myjob]-o $result -vv
Create Zabbix item:
5.PNG
And trigger:
{server:sql.job[myjob].last()}=0
Schedule above script with Task Scheduler:

Program/script: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Add argument: -file “C:\File\Scripts\jobstatus.ps1”

Start In: C:\File\Scripts

 

Docker stack deploy

Posted: October 4, 2018 in docker

Docker stack is used to deploy containers on docker swarm. Syntax is very similar to docker-compose with some modification.

docker-compose.yml example file


services:
apache_httpd:
image: httpd:latest
deploy:
mode: replicated
replicas: 2
labels:
com.docker.descr: "test description"
restart_policy:
condition: any
delay: 5s
max_attempts: 3
window: 120s
placement:
constraints:
- node.role == worker
preferences:
- spread: node.labels.zone
resources:
limits:
memory: 50M
reservations:
cpus: '0.10'
update_config:
parallelism: 1
delay: 10s
monitor: 4s

mode: replicated
replicas: 2

create 2 containers

labels: create docker label

placement:
constraints:
- node.role == worker

deploy container on worker

preferences:
- spread: node.labels.zone

deploy services evenly on all nodes with label zone.

resources:
limits:
memory: 50M

Assign 50 MB for each container

deply stack named stack:

docker stack deploy stack -c docker-compose.yml

list stack:

docker stack ps stack
ID                  NAME                       IMAGE               NODE                DESIRED STATE       CURRENT STATE                     ERROR               PORTS
px316bdihumh        stack_apache_httpd.1       httpd:latest        docker              Running             Running less than a second ago
wtkbnp1b2gmb         \_ stack_apache_httpd.1   httpd:latest        docker              Shutdown            Shutdown less than a second ago
9i6sxjt18igr        stack_apache_httpd.2       httpd:latest        docker              Running             Running less than a second ago
zhzz1keqtitc         \_ stack_apache_httpd.2   httpd:latest        docker              Shutdown            Shutdown less than a second ago</pre>
docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
8qanlez114d9 stack_apache_httpd replicated 2/2 httpd:latest *:80->80/tcp

Configuring Docker Swarm

Posted: October 2, 2018 in docker

A swarm is a group of machines that are running Docker and joined into a cluster.

Consider it as some kind of failover cluster.If one docker host is down, remaining containers will run on other docker host.Swarm has 2 nodes:

-manager:managing docker containers.

-worker:execute containers

Creating swarm:

docker swarm init

1.PNG

To join other docker host to this swarm type:

docker swarm join --token SWMTKN-1-49kz2okua328qsqibfmv0tiu5fxq3ou7ivu27qwwjxuim3g03m-3epqd7g12fkre623hzvl1ta41 172.23.124.227:2377

172.23.124.227 is IP of machine on which docker swarm is initiated

To check swarm status:

docker info

2.png

On swarm manager run bellow command to get docker members

docker node ls

3.PNG

4.PNG

We can see that docker host dockerswarm is swarm manager.

To promote worker to manager run following command on manager:

[root@dockerswarm ~]# docker node promote docker
Node docker promoted to a manager in the swarm.docker node promote docker

To create 6 nginx containers run:


docker service create --replicas 6 -p 80:80 nginx

5.PNG

6.PNG

To see service status:

docker service ps xenodochial_hawking

7.PNG

8.PNG

From picture above we can see that nginx container is evenly distributed among docker hosts.

We can access nginx container through docker host IP’s

curl 172.23.124.231

Welcome to nginx!

If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.

For online documentation and support please refer to
nginx.org.

Commercial support is available at
nginx.com.

Thank you for using nginx.

To limit containers to particular dosker host:

docker service update --constraint-add "node.hostname==docker" xenodochial_hawking

To revert to previous configuration:

docker service update --rollback xenodochial_hawking

To remove service:

docker service rm xenodochial_hawking

Configuring Portus Docker registry

Posted: October 1, 2018 in docker

In last post we installed Portus registry.Now we’ll create user and Teams.

Under Users click Create New user

1.png

Set username/password

2.PNG

Teams are the way in which we can manage our users. Each team owns a set of namespaces, which are used to group repositories. Besides grouping namespaces, teams are used to manage the permissions in which each team member can push/pull certain repositories. This is done through Teams roles.

  • Viewer: viewers can only pull from the repositories owned by the team.
  • Contributor: contributors can both pull and push from the repositories owned by the team.
  • Owner: owners have the same permissions as contributors, but they can also manage the list of team members. Owners can: add/remove team members and edit the role of team members.

Under Teams click Create new team.

3.png

Specify Teams owner

4.PNG

Once Teams is created, add members

5.png

Specify role

6.PNG

A namespace is simply a collection of repositories. Namespaces are the way in which Portus is able to manage repositories in a friendly and clear way. Each namespace belongs to a team.

To create namespace under Namespaces click Create new namespace

7.png

Specify teams for Namespace

8.PNG

 

9.PNG

We set Viewer role to test user.He can pull images from repository but can’t push anything to it

Tag image:

docker tag nginx docker.com/myteam/nginx:latest

Login as test user:

docker login docker.com/myteam
Username: test
Password:
Login Succeeded

Try pushing image to Portus, it will fail

docker push docker.com/myteam/nginx:latest
The push refers to repository [docker.com/myteam/nginx]
e8916cb59586: Layer already exists
3bbff39fa30b: Layer already exists
8b15606a9e3e: Layer already exists
errors:
denied: requested access to the resource is denied
unauthorized: authentication required