Yeahh!! So finally we are here in 2024.... Let's documents our learnings on the go..
- Keycloak and HAProxy
- IP Address
- Server Reboot
- Inventory files updation
- Public/Private Keys
- Architectural Diagrams
- Centralised Log Server (Rsyslog)
- Tomcat Installation
- VNC configuration.
- Netbox
- VPN configuration on VM.
- Podman Unshare
- Docker Private Registry
- Podman container with Php 8.2 version
- On-prem Infrastructure migration on Cloud
1. Keycloak and Haproxy local installation and update the version of Haproxy (from 1.8.31 to 2.0) without deleting the data.
- Make a container on docker and run HAproxy on it, Same for the Keycloak.
- is an open source software product to allow single sign-on with identity and access management aimed at modern applications and services.
- Keycloak is the standalone tool for identity and access management, which allows us to create a user database with custom roles and groups.
- HAProxy is a free and open source software that provides a high availability load balancer and Proxy for TCP and HTTP-based applications that spreads requests across multiple servers.
- Here we need to reboot a server of Staging environmeet with the specified IP addrees.
- Stop haproxy (systemctl stop haproxy)
- Stop docker
docker ps -a
docker stop cont_name
- Stop Tomcat
kill all -a
- Reboot:
init -6
- Do up all the services: dcoker container, Tomcat and haproxy.
- Make user as a root user using
sudo -i
command and run the commandssh-keygen
. - This will generate Public/Private rsa key pair.
-
Download tomcat file
-
Un-tar file
-
Move file to usr/local/
-
Set up two Tomcat servers and haproxy on VM1.
-
Restart and check the running status Tomcat1 on port 8081.
-
Restart and check the running status Tomcat2 on port 8082.
-
Check if the Tomcat servers are generating logs.
-
Virtual Network Computing (VNC) is a free tool that allows a client to connect to a server, and interact with the desktop of the remote machine. The server-side component listens for connections on TCP port 5900 by default.
-
Install tigerVNC
-
VNC password
-
Now start the VNC server using the vncserver command:
vncserver
vncserver -list
- Kill
vncserver -kill :1
sudo ./vpn_install.sh
- Podman unshare is useful for troubleshooting unprivileged operations and for manually clearing storage and other data related to images and containers.
- It is also useful to use the podman mount command. If an unprivileged user wants to mount and work with a container, then they need to execute podman unshare.
- A Docker private registry is a central place where you can store and manage your Docker images, similar to Docker Hub but within your own controlled environment. Here’s why you might want to use a Docker private registry:
- Security and Control
- Sensitive Data: If your Docker images contain proprietary or sensitive data, using a private registry ensures that you have full control over who can access and push/pull these images.
- Internal Use: For organizations, it’s often crucial to keep certain applications or microservices private. A private registry allows you to store these images securely within your network.
- Performance and Reliability
- Local Network: Hosting a registry on your local network reduces latency, making it faster to pull images during deployment, especially in large clusters or CI/CD pipelines.
- Reduced Dependency on External Services: By using a private registry, you’re not reliant on external services like Docker Hub, which could have outages or be subject to rate limits.
- Custom Policies and Integrations
- Access Control: You can define custom access control policies tailored to your organization’s needs, ensuring that only authorized users or systems can interact with the registry.
- Integration with CI/CD Pipelines: Private registries are often integrated into CI/CD pipelines to automate the process of building, testing, and deploying Docker images.
- Cost Efficiency
- Avoid External Costs: If you’re pushing a large number of images or have a high rate of deployments, a private registry helps avoid potential costs associated with using a third-party service like Docker Hub.
- Custom Image Management
- Image Retention Policies: You can implement policies to automatically clean up old or unused images, helping to manage storage efficiently.
- Namespace and Tagging: Control how images are named, tagged, and organized, making it easier to manage multiple versions of images across different environments (e.g., development, staging, production).
- Compliance and Auditing
- Auditing: A private registry allows you to track who accessed which images and when, providing valuable auditing capabilities for compliance with industry standards.
- Regulatory Requirements: In regulated industries, data sovereignty is important. A private registry ensures that your Docker images are stored and managed in compliance with local regulations.
- Offline Deployments
- Air-Gapped Environments: In environments where internet access is restricted (e.g., military, industrial, or isolated systems), a private registry allows you to maintain and deploy Docker images without needing external connectivity.
- Custom Feature Set
- Custom Plugins or Middleware: A private registry can be extended with custom plugins or middleware to meet specific requirements, such as automated vulnerability scanning, custom logging, or integration with other internal tools. Summary In essence, a Docker private registry gives you full control over how Docker images are stored, accessed, and managed. This is particularly important for security, performance, compliance, and cost control in enterprise environments or when dealing with sensitive data.
- In this task we have to create a VM with Ubuntu 20.04 install on it. Then we will setup Php 8.2 version and later will integrate with DB PostgreSQL.
- Currently NIC have their on-prem infrastructure, and now the organisation migrating it's infra on Jio Cloud. So We need to migrate everything-- Applications and their servers.
- First of all we have to ctreate servers on Cloud and then migrate Tomcat instances of the application on Jio Cloud's servers.
- Log Configuration files transfer: We need to update logs configuraion files of the staging servers to the Cloud servers in their rsyslog.conf file.
- Need to creat repository on Cloud servers to save war files of staging servers.
- Create CICD Jenkins pipelines
- Zabbix setup for monitoring servers
- Database connection configuration
-
Login to Jump server
-
login to particular server
-
See the available content
-
Check the tomcat and wars.
-
Check available tomcats
-
Check logs and wars
- War details