Cloud/Shahed/AD: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
← Older edit
VisualWikitext
 
(7 intermediate revisions by the same user not shown)
Line 38: Line 38:
wakeonlan 84:47:09:3c:3e:09
wakeonlan 84:47:09:3c:3e:09
</syntaxhighlight>
</syntaxhighlight>
==Attach » NFS » Volume==
{|class='wikitable mw-collapsible'
!scope='col' style='width:900px'|
'''smb » shahed-an.local » shahed-ad'''
|-
|valign='top'|
[[Cloud/Shahed/AA#Attach » NFS » Volume|Skipped » Find More 👉 Attach » NFS » Volume]]
|-
|valign="top"|
<syntaxhighlight lang="bash">
cat <<'EXE'| sudo bash
umount  /var/nfs/backup
mkdir -p /var/nfs/backup
cat <<'FST'| tee -a /etc/fstab >/dev/null
# shahed-an » nfs » attach » shahed-ad » 7.2tb
//shahed-an.local/shahed-ad /var/nfs/backup cifs credentials=/etc/default/nfs-shahed-ad,uid=1000,gid=1000,file_mode=0640,dir_mode=0750,nofail,x-systemd.automount,_netdev,soft 0  0
FST
systemctl daemon-reload
mount -a && dmesg|tail -20
EXE
</syntaxhighlight>
|}


==APT Update==
==APT Update==
Line 331: Line 355:


==LB » HAProxy » Install & Configure==
==LB » HAProxy » Install & Configure==
{|
| valign="top" |
[[Cloud/Hetzner/AA#LB » HAProxy » Install & Configure|Skipped » Find More » 👈]]
[[Cloud/Hetzner/AA#LB » HAProxy » Install & Configure|Skipped » Find More » 👈]]
|-
| colspan="2" |
----
----
|-
| valign="top" |
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
sudo ufw status numbered
sudo ufw status numbered
Line 350: Line 381:
sudo iptables -S
sudo iptables -S
</syntaxhighlight>
</syntaxhighlight>
| valign="top" |
<syntaxhighlight lang="bash">
sudo ufw status numbered
sudo iptables -S
cat << EXE | sudo bash
ufw      delete allow 80/tcp
ufw      delete allow 443/tcp
ufw      delete allow OpenSSH
ufw      delete allow 8443/tcp
ufw      delete allow in  on lxdbr0
ufw route delete allow in  on lxdbr0
ufw route delete allow out on lxdbr0
EXE
sudo ufw status numbered
sudo iptables -S
</syntaxhighlight>
|}


==LB » HAProxy » Frontend » HTTP Config==
==LB » HAProxy » Frontend » HTTP Config==
Line 361: Line 413:
frontend          fnt_shahed_biz
frontend          fnt_shahed_biz
   bind            *:80
   bind            *:80
  mode            http
  acl            host-is-k8s-ad-shahed-shahed-biz    hdr(host) -i k8s.ad.shahed.shahed.biz
  use_backend    bck_shahed_biz_shahed_ad_k8s        if host-is-k8s-ad-shahed-shahed-biz
  default_backend bck_shahed_biz_shahed_ad_k8s
CFG
sudo ln -s /etc/haproxy/proxy-configs/shahed.biz-http-all.cfg /etc/haproxy/proxy-enabled/
</syntaxhighlight>
==LB » HAProxy » Frontend » HTTPS Config==
<syntaxhighlight lang="bash">
cat <<'CFG'| sudo tee /etc/haproxy/proxy-configs/shahed.biz-https-all.cfg >/dev/null
# ##############################################################################
# http frontend config for *.chorke.org, *.chorke.com, *.shahed.biz
# this config added by chorke academia, inc
frontend          fnt_shahed_biz_ssl
  bind            *:443 ssl crt /etc/haproxy/certs/ad.shahed.shahed.biz.pem alpn h2,http/1.1 ssl-min-ver TLSv1.2 ssl-max-ver TLSv1.3
   mode            http
   mode            http


Line 372: Line 444:
   mode            http
   mode            http
CFG
CFG
sudo ln -s /etc/haproxy/proxy-configs/shahed.biz-http-all.cfg /etc/haproxy/proxy-enabled/
sudo ln -s /etc/haproxy/proxy-configs/shahed.biz-https-all.cfg /etc/haproxy/proxy-enabled/
</syntaxhighlight>
</syntaxhighlight>


Line 462: Line 534:
LOG
LOG
</syntaxhighlight>
</syntaxhighlight>
==Kubernetes » Minikube » Install & Configure==
[[Cloud/Hetzner/AA#Kubernetes » Minikube » Install & Configure|Skipped » Find More » 👈]]
----
<syntaxhighlight lang="bash">
if [ -x "$(command -v curl)" ];then \
sudo apt -qq update;\
export MINIKUBE_CPU_USE=2;\
export MINIKUBE_RAM_USE=5682;\
export MINIKUBE_INGRESS_HOST='k8s.ad.shahed.shahed.biz';\
bash <(curl -s 'https://cdn.chorke.org/exec/cli/bash/install/minikube/1.0.01-ubuntu-24.04-arm64.sh.txt');\
else printf 'curl \033[0;31mnot found! \033[0m:(\n';fi
</syntaxhighlight>
----
[[Minikube Systemd|Skipped » Find More » 👈]]
==Kubernetes » Minikube » Tunnel » Create Service==
[[Cloud/Hetzner/AA#Kubernetes » Minikube » Tunnel » Create Service|Skipped » Find More 👉 Minikube » Tunnel » Systemd]]
----
[[Minikube MetalLB#MetalLB » Forward » Route|Skipped » Find More 👉 Minikube » MetalLB » Forward » Route]]
==Kubernetes » Minikube » Ingress » Apply Dashboard==
{|class='wikitable mw-collapsible'
!scope='col' style='width:700px'|
'''K8s » Dashboard » Ingress » Apply'''
|-
|valign='top'|
<syntaxhighlight lang="bash">
export KUBECONFIG=${HOME}/.kube/shahed-ad-kubeconfig.yaml
kubectl config get-contexts
</syntaxhighlight>
----
<syntaxhighlight lang="yaml" highlight="14-16,20" line>
cat << YML | kubectl -n kubernetes-dashboard apply -f -
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
  labels:
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/managed-by: kubectl
    app.kubernetes.io/name: kubernetes-dashboard
    app.kubernetes.io/instance: kubernetes-dashboard
  annotations:
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-realm: Authentication Required
    nginx.ingress.kubernetes.io/auth-secret: kubernetes-dashboard-auth
spec:
  ingressClassName: nginx
  rules:
    - host: k8s.ad.shahed.shahed.biz
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: kubernetes-dashboard
                port:
                  number: 80
YML
</syntaxhighlight>
----
[[K8s/Ingress#CoreDNS|Skipped » Find More 👉 K8s » CoreDNS]]
----
[[K8s/Ingress#Ingress » Dashboard|Skipped » Find More 👉 K8s » Dashboard]]
|}


==References==
==References==

Latest revision as of 13:57, 24 August 2025

SSH

ssh -qt shahed@shahed-ad.local bash

cat <<'EXE' | sudo bash
free -th && echo && systemd-analyze && echo
df -h    && echo && lsblk && echo
swapon --show
EXE

WOL

cat <<'EXE'| sudo bash
apt-get update;echo
apt list -a --upgradable;echo
apt-get install -y wakeonlan;echo
EXE

WOL » MAC » Find

WOL_HOST='shahed-an.local'
ping -q -c5 "${WOL_HOST}" >/dev/null
WOL_IPV4="$(getent hosts "${WOL_HOST}"|awk '{print $1}')"
WOL_MACA="$(arp -n "${WOL_IPV4}"|awk 'NR==2 {print $3}')"
printf '\n%s » %s » %s\n' "${WOL_HOST}" "${WOL_IPV4}" "${WOL_MACA}"

WOL » Shahed » AE

wakeonlan 8c:c6:81:94:70:91

WOL » Shahed » AN

wakeonlan 84:47:09:3c:3e:0a
wakeonlan 84:47:09:3c:3e:09

Attach » NFS » Volume

smb » shahed-an.local » shahed-ad

Skipped » Find More 👉 Attach » NFS » Volume 

cat <<'EXE'| sudo bash
umount   /var/nfs/backup
mkdir -p /var/nfs/backup
cat <<'FST'| tee -a /etc/fstab >/dev/null

# shahed-an » nfs » attach » shahed-ad » 7.2tb 
//shahed-an.local/shahed-ad /var/nfs/backup cifs credentials=/etc/default/nfs-shahed-ad,uid=1000,gid=1000,file_mode=0640,dir_mode=0750,nofail,x-systemd.automount,_netdev,soft 0  0
FST
systemctl daemon-reload
mount -a && dmesg|tail -20
EXE

APT Update

cat << EXE | sudo bash
apt-get update;echo
mkdir -p /etc/apt/keyrings
apt list -a --upgradable;apt-get upgrade -y;echo
apt-get install -y apt-transport-https ca-certificates gnupg build-essential snapd jq traceroute
apt-get clean cache && find /tmp -type f -atime +10 -delete && find /tmp -type s -atime +10 -delete
EXE

Swap Space

echo 'swapon --show'|sudo bash
cat <<'EXE' | sudo bash
swapoff /swapfile
swapoff /swap.img
fallocate -l 11G /swap.img
ls -lh /swap.img && mkswap /swap.img
chmod 0600 /swap.img && swapon /swap.img && swapon --show && free -th
EXE

cat << FST | sudo tee -a /etc/fstab >/dev/null

# loop based swap storage » 8GB + 3GB 
/swap.img              none            swap    sw              0       0
FST

free -th
cat /etc/fstab 
echo 'swapon --show'|sudo bash

Utility » Tool

cat << EXE|sudo bash
PLATFORM=\$(uname -s)_\$(dpkg --print-architecture)
YQ_BINARY=\$(echo "yq_\${PLATFORM}"|tr '[:upper:]' '[:lower:]')
wget https://github.com/mikefarah/yq/releases/latest/download/\${YQ_BINARY} -O /usr/bin/yq && chmod +x /usr/bin/yq
EXE

Containerize » LXD

cat << EXE | sudo bash
snap install lxd --channel=6/stable
usermod -aG lxd chorke
usermod -aG lxd shahed
EXE

echo 'id -nG'|sudo -i -u chorke bash
echo 'id -nG'|sudo -i -u shahed bash

cat <<YML | sudo lxd init --preseed
---
config: {}
networks:
- config:
    ipv4.address: 10.20.0.1/24
    ipv4.nat: "true"
    ipv6.address: none
  description: ""
  name: lxdbr0
  type: ""
  project: default
storage_pools:
- config:
    size: 23GiB
  description: ""
  name: lxd-zfs-pool-ad
  driver: zfs
storage_volumes: []
profiles:
- config: {}
  description: ""
  devices:
    eth0:
      name: eth0
      network: lxdbr0
      type: nic
    root:
      path: /
      pool: lxd-zfs-pool-ad
      type: disk
  name: default
projects: []
cluster: null
YML

sudo ufw enable
sudo iptables -S

cat << EXE | sudo bash
ufw       allow OpenSSH
ufw       allow in  on lxdbr0
ufw route allow in  on lxdbr0
ufw route allow out on lxdbr0
EXE

sudo ufw status numbered
sudo iptables -S

sudo ufw enable
sudo iptables -S

cat << EXE | sudo bash
ufw       delete allow OpenSSH
ufw       delete allow in  on lxdbr0
ufw route delete allow out on lxdbr0
ufw route delete allow in  on lxdbr0
EXE

sudo ufw status numbered
sudo iptables -S

cat << EXE | sudo bash
snap restart  lxd
snap services lxd
EXE

lxc launch images:alpine/3.21 academia
lxc list -c=n -f=json|jq -r '.[]|select(.name=="academia")|.status'

cat <<'EXE'| lxc exec academia -- sh
ping -c5 chorke.org
ping -c5 shahed.biz
EXE

Containerize » Docker

curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
| sudo tee /etc/apt/keyrings/docker.asc >/dev/null

DISTRIBUTION=$(. /etc/os-release && echo "${VERSION_CODENAME}")
cat << SRC | sudo tee /etc/apt/sources.list.d/docker.list >/dev/null
deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu ${DISTRIBUTION}  stable
SRC

cat << EXE | sudo bash
apt-get update;echo
apt-cache policy docker-ce
apt list -a --upgradable;apt-get upgrade -y;echo
apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
apt-get clean cache && find /tmp -type f,s -atime +10 -delete
EXE

cat << EOF | sudo tee /etc/docker/daemon.json >/dev/null
{
    "bip"  : "10.20.13.1/24",
    "mtu"  : 1500,
    "dns"  : [
        "1.1.1.1",
        "8.8.8.8"
    ],
    "debug": true
}
EOF

cat << EXE | sudo bash
systemctl stop  docker.socket
systemctl stop  docker.service
systemctl start docker.service

usermod -aG docker chorke
usermod -aG docker shahed
EXE

ip a
docker image ls
docker network ls

echo 'id -nG'|sudo -i -u shahed bash
echo 'id -nG'|sudo -i -u chorke bash

cat <<'EXE'| docker run --rm -i alpine sh
echo
cat /etc/hosts       ;echo
cat /etc/resolv.conf ;echo
ping -c5 chorke.org  ;echo
ping -c5 shahed.biz  ;echo
EXE

Cloudflare » VIRT

cat << INI | sudo tee /etc/systemd/system/warp0.service >/dev/null
[Unit]
Description=Cloudflared WARP Routing Virtual Interface
After=network.target
[Service]
Type=oneshot
ExecStart=/usr/sbin/ip link add warp0 type dummy
ExecStartPost=/usr/sbin/ip addr add 10.20.40.4/32 dev warp0
ExecStartPost=/usr/sbin/ip link set warp0 up
ExecStop=/usr/sbin/ip link delete warp0
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
INI

cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable --now warp0.service
systemctl status       warp0.service
EXE

ip a

Cloudflare » Argo » Tunnel

wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64.deb -P ${HOME}/Downloads
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-arm64.deb; sudo apt install -f
      rm -rf ${HOME}/Downloads/cloudflared-linux-arm64.deb

cat <<'SYS' | sudo tee -a /etc/sysctl.conf >/dev/null

###################################################################
# Cloudflared Tunnel Private Network Config
# This config added by Chorke Academia, Inc
# ICMP Group ID Range 0 to 10,000 Users
net.ipv4.ping_group_range = 0 10000

# 208 KiB Default RX Buffer
net.core.rmem_default=212992

# 208 KiB Default TX Buffer
net.core.wmem_default=212992

# 8 MB Maximum RX Buffer
net.core.rmem_max=8388608

# 8 MB Maximum TX Buffer
net.core.wmem_max=8388608

SYS

sudo sysctl -p

Skipped » Find More » 👈

LB » HAProxy » Install & Configure

Skipped » Find More » 👈 

sudo ufw status numbered
sudo iptables -S

cat << EXE | sudo bash
ufw       allow 80/tcp
ufw       allow 443/tcp
ufw       allow OpenSSH
ufw       allow 8443/tcp
ufw       allow in  on lxdbr0
ufw route allow in  on lxdbr0
ufw route allow out on lxdbr0
EXE

sudo ufw status numbered
sudo iptables -S

sudo ufw status numbered
sudo iptables -S

cat << EXE | sudo bash
ufw       delete allow 80/tcp
ufw       delete allow 443/tcp
ufw       delete allow OpenSSH
ufw       delete allow 8443/tcp
ufw       delete allow in  on lxdbr0
ufw route delete allow in  on lxdbr0
ufw route delete allow out on lxdbr0
EXE

sudo ufw status numbered
sudo iptables -S

LB » HAProxy » Frontend » HTTP Config

cat <<'CFG'| sudo tee /etc/haproxy/proxy-configs/shahed.biz-http-all.cfg >/dev/null

# ##############################################################################
# http frontend config for *.chorke.org, *.chorke.com, *.shahed.biz
# this config added by chorke academia, inc

frontend           fnt_shahed_biz
   bind            *:80
   mode            http

   acl             host-is-k8s-ad-shahed-shahed-biz     hdr(host) -i k8s.ad.shahed.shahed.biz

   use_backend     bck_shahed_biz_shahed_ad_k8s         if host-is-k8s-ad-shahed-shahed-biz
   default_backend bck_shahed_biz_shahed_ad_k8s
CFG
sudo ln -s /etc/haproxy/proxy-configs/shahed.biz-http-all.cfg /etc/haproxy/proxy-enabled/

LB » HAProxy » Frontend » HTTPS Config

cat <<'CFG'| sudo tee /etc/haproxy/proxy-configs/shahed.biz-https-all.cfg >/dev/null

# ##############################################################################
# http frontend config for *.chorke.org, *.chorke.com, *.shahed.biz
# this config added by chorke academia, inc

frontend           fnt_shahed_biz_ssl
   bind            *:443 ssl crt /etc/haproxy/certs/ad.shahed.shahed.biz.pem alpn h2,http/1.1 ssl-min-ver TLSv1.2 ssl-max-ver TLSv1.3
   mode            http

   acl             host-is-k8s-ad-shahed-shahed-biz     hdr(host) -i k8s.ad.shahed.shahed.biz

   use_backend     bck_shahed_biz_shahed_ad_k8s         if host-is-k8s-ad-shahed-shahed-biz
   default_backend bck_shahed_biz_shahed_ad_k8s

backend            bck_shahed_biz_shahed_ad_k8s
   server          shahed_ad_k8s 192.168.49.2:80
   mode            http
CFG
sudo ln -s /etc/haproxy/proxy-configs/shahed.biz-https-all.cfg /etc/haproxy/proxy-enabled/

LB » HAProxy » Frontend » Kube API Config

cat <<'CFG'| sudo tee /etc/haproxy/proxy-configs/shahed.biz-tcp-kube.cfg >/dev/null

# ##############################################################################
# tcp frontend config for 10.20.40.4:8443
# this config added by chorke academia, inc

frontend           fnt_shahed_biz_shahed_ad
   bind            *:8443
   mode            tcp
   option          tcplog
   option          dontlognull
   default_backend bck_shahed_biz_shahed_ad

backend            bck_shahed_biz_shahed_ad
   server          shahed_ad_k8s 192.168.49.2:8443
   mode            tcp
CFG
sudo ln -s /etc/haproxy/proxy-configs/shahed.biz-tcp-kube.cfg /etc/haproxy/proxy-enabled/

vim /etc/haproxy/proxy-scripts/reconfig
    /etc/haproxy/proxy-scripts/reconfig

systemctl disable --now minikube.service
vim /etc/systemd/system/minikube.service
# append --apiserver-ips=10.20.40.4 with ExecStart
systemctl enable --now minikube.service

ssh -qt shahed@shahed-ad.local bash
sudo -i -u minikube

# run this script on the minikube host. copy the generated output and
# execute it on your local machine's terminal to enable monitoring of
# the minikube cluster.

cat << LOG
$(cat <<'YML'| tee ~/.kube/shahed-ad-kubeconfig.yaml >/dev/null
apiVersion: v1
kind: Config
clusters:
- name: minikube
  cluster:
    server: https://10.20.40.4:8443
    certificate-authority: ../.minikube/ca.crt

contexts:
- name: shahed-ad
  context:
    cluster: minikube
    namespace: default
    user: minikube

users:
- name: minikube
  user:
    client-certificate: ../.minikube/profiles/minikube/client.crt
    client-key: ../.minikube/profiles/minikube/client.key

current-context: shahed-ad
YML
)

cat <<'YML'| tee ~/.kube/shahed-ad-kubeconfig.yaml >/dev/null
$(export KUBECONFIG=${HOME}/.kube/shahed-ad-kubeconfig.yaml;\
kubectl config view --flatten;\
rm ${KUBECONFIG};\
)
YML

chmod 600 ~/.kube/shahed-ad-kubeconfig.yaml
  ls -alh ~/.kube/

export KUBECONFIG=~/.kube/shahed-ad-kubeconfig.yaml
kubectl config get-contexts
kubectl get    namespace
$(echo -n)
LOG

Kubernetes » Minikube » Install & Configure

Skipped » Find More » 👈 

if [ -x "$(command -v curl)" ];then \
sudo apt -qq update;\
export MINIKUBE_CPU_USE=2;\
export MINIKUBE_RAM_USE=5682;\
export MINIKUBE_INGRESS_HOST='k8s.ad.shahed.shahed.biz';\
bash <(curl -s 'https://cdn.chorke.org/exec/cli/bash/install/minikube/1.0.01-ubuntu-24.04-arm64.sh.txt');\
else printf 'curl \033[0;31mnot found! \033[0m:(\n';fi

Skipped » Find More » 👈

Kubernetes » Minikube » Tunnel » Create Service

Skipped » Find More 👉 Minikube » Tunnel » Systemd

Skipped » Find More 👉 Minikube » MetalLB » Forward » Route

Kubernetes » Minikube » Ingress » Apply Dashboard

K8s » Dashboard » Ingress » Apply 

export KUBECONFIG=${HOME}/.kube/shahed-ad-kubeconfig.yaml
kubectl config get-contexts

cat << YML | kubectl -n kubernetes-dashboard apply -f -
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
  labels:
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/managed-by: kubectl
    app.kubernetes.io/name: kubernetes-dashboard
    app.kubernetes.io/instance: kubernetes-dashboard
  annotations:
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-realm: Authentication Required
    nginx.ingress.kubernetes.io/auth-secret: kubernetes-dashboard-auth
spec:
  ingressClassName: nginx
  rules:
    - host: k8s.ad.shahed.shahed.biz
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: kubernetes-dashboard
                port:
                  number: 80
YML

Skipped » Find More 👉 K8s » CoreDNS

Skipped » Find More 👉 K8s » Dashboard

References

Retrieved from "https://wiki.chorke.org/index.php?title=Cloud/Shahed/AD&oldid=15617"