Cloud/Shahed/AE

From Chorke Wiki
Revision as of 05:17, 26 July 2025 by Shahed (talk | contribs)
Jump to navigation Jump to search

SSH

ssh -qt shahed@shahed-ae.local bash

cat <<'EXE' | sudo bash
free -th && echo && systemd-analyze && echo
df -h    && echo && lsblk && echo
swapon --show
EXE

WOL

cat <<'EXE'| sudo bash
apt-get update;echo
apt list -a --upgradable;echo
apt-get install -y wakeonlan;echo
EXE

WOL » MAC » Find

WOL_HOST='shahed-an.local'
ping -q -c5 "${WOL_HOST}" >/dev/null
WOL_IPV4="$(getent hosts "${WOL_HOST}"|awk '{print $1}')"
WOL_MACA="$(arp -n "${WOL_IPV4}"|awk 'NR==2 {print $3}')"
printf '\n%s » %s » %s\n' "${WOL_HOST}" "${WOL_IPV4}" "${WOL_MACA}"

WOL » Shahed » AE

wakeonlan 8c:c6:81:94:70:91

WOL » Shahed » AN

wakeonlan 84:47:09:3c:3e:0a
wakeonlan 84:47:09:3c:3e:09

WOL » Shahed » AO

wakeonlan 60:eb:69:95:76:4a

Attach » NFS » Volume

smb » shahed-an.local » shahed-ae

Skipped » Find More 👉 Attach » NFS » Volume 

cat <<'EXE'| sudo bash
mkdir -p /var/nfs/backup
umount   /var/nfs/backup
cat <<'FST'| tee -a /etc/fstab >/dev/null

# shahed-an » nfs » attach » shahed-ae » 7.2tb 
//shahed-an.local/shahed-ae /var/nfs/backup cifs credentials=/etc/default/nfs-shahed-ae,uid=1000,gid=1000,file_mode=0640,dir_mode=0750,nofail,x-systemd.automount,_netdev,soft 0  0
FST
systemctl daemon-reload
mount -a && dmesg|tail -20
EXE

Attach » USB » Volume

orico » usb » attach » shahed-ae 

cat <<'EXE'| sudo bash
umount   /var/usb/backup
mkdir -p /var/usb/backup
cat <<'FST'| tee -a /etc/fstab >/dev/null

# orico » usb » attach » shahed-ae » 3.6tb 
UUID=5b366116-99f0-4797-8f90-68b7d1b43e9d  /var/usb/backup  ext4  defaults,nofail,x-systemd.automount,x-systemd.device-timeout=10  0  2
FST
systemctl daemon-reload
mount -a && dmesg|tail -20
EXE

Cloudflare » VIRT

Cloudflare » VIRT 

cat << INI | sudo tee /etc/systemd/system/warp0.service >/dev/null
[Unit]
Description=Cloudflared WARP Routing Virtual Interface
After=network.target
[Service]
Type=oneshot
ExecStart=/usr/sbin/ip link add warp0 type dummy
ExecStartPost=/usr/sbin/ip addr add 10.20.40.5/32 dev warp0
ExecStartPost=/usr/sbin/ip link set warp0 up
ExecStop=/usr/sbin/ip link delete warp0
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
INI

cat << EXE | sudo bash
systemctl daemon-reload
systemctl enable --now warp0.service
systemctl status       warp0.service
EXE

ip a

Cloudflare » Argo » Tunnel

Cloudflare » Argo » Tunnel 

wget -cq https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb -P ${HOME}/Downloads
sudo dpkg -i ${HOME}/Downloads/cloudflared-linux-amd64.deb; sudo apt install -f
      rm -rf ${HOME}/Downloads/cloudflared-linux-amd64.deb

cat <<'SYS' | sudo tee -a /etc/sysctl.conf >/dev/null

###################################################################
# Cloudflared Tunnel Private Network Config
# This config added by Chorke Academia, Inc
# ICMP Group ID Range 0 to 10,000 Users
net.ipv4.ping_group_range = 0 10000

# 208 KiB Default RX Buffer
net.core.rmem_default=212992

# 208 KiB Default TX Buffer
net.core.wmem_default=212992

# 8 MB Maximum RX Buffer
net.core.rmem_max=8388608

# 8 MB Maximum TX Buffer
net.core.wmem_max=8388608

SYS

sudo sysctl -p

Skipped » Find More » 👈

LB » HAProxy » Install & Configure

LB » HAProxy » Install & Configure

Skipped » Find More » 👈 

sudo ufw status numbered
sudo iptables -S

cat << EXE | sudo bash
ufw       allow 80/tcp
ufw       allow 443/tcp
ufw       allow OpenSSH
ufw       allow 8443/tcp
ufw       allow in  on lxdbr0
ufw route allow in  on lxdbr0
ufw route allow out on lxdbr0
EXE

sudo ufw status numbered
sudo iptables -S

LB » HAProxy » Frontend » HTTP Config

HAProxy » Frontend » HTTP 

cat <<'CFG'| sudo tee /etc/haproxy/proxy-configs/shahed.biz-http-all.cfg >/dev/null

# ##############################################################################
# http frontend config for *.chorke.org, *.chorke.com, *.shahed.biz
# this config added by chorke academia, inc

frontend           fnt_shahed_biz
   bind            *:80
   mode            http

   acl             host-is-alertmanager-shahed-shahed-biz      hdr(host) -i      alertmanager.shahed.shahed.biz
   acl             host-is-prometheus-shahed-shahed-biz        hdr(host) -i        prometheus.shahed.shahed.biz
   acl             host-is-s3-minio-shahed-shahed-biz          hdr(host) -i          s3.minio.shahed.shahed.biz
   acl             host-is-grafana-shahed-shahed-biz           hdr(host) -i           grafana.shahed.shahed.biz
   acl             host-is-k8s-ae-shahed-shahed-biz            hdr(host) -i            k8s.ae.shahed.shahed.biz
   acl             host-is-minio-shahed-shahed-biz             hdr(host) -i             minio.shahed.shahed.biz

   acl             host-is-artifactory-shahed-biz              hdr(host) -i              artifactory.shahed.biz
   acl             host-is-pgvector-shahed-biz                 hdr(host) -i                 pgvector.shahed.biz
   acl             host-is-jenkins-shahed-biz                  hdr(host) -i                  jenkins.shahed.biz
   acl             host-is-camunda-shahed-biz                  hdr(host) -i                  camunda.shahed.biz
   acl             host-is-harbor-shahed-biz                   hdr(host) -i                   harbor.shahed.biz
   acl             host-is-gitlab-shahed-biz                   hdr(host) -i                   gitlab.shahed.biz
   acl             host-is-docker-shahed-biz                   hdr(host) -i                   docker.shahed.biz
   acl             host-is-nexus-shahed-biz                    hdr(host) -i                    nexus.shahed.biz
   acl             host-is-wiki-shahed-biz                     hdr(host) -i                     wiki.shahed.biz
   acl             host-is-n8n-shahed-biz                      hdr(host) -i                      n8n.shahed.biz

   use_backend     bck_shahed_biz_shahed_ae_k8s                if        host-is-alertmanager-shahed-shahed-biz
   use_backend     bck_shahed_biz_shahed_ae_k8s                if          host-is-prometheus-shahed-shahed-biz
   use_backend     bck_shahed_biz_shahed_ae_minio_api          if            host-is-s3-minio-shahed-shahed-biz
   use_backend     bck_shahed_biz_shahed_ae_k8s                if             host-is-grafana-shahed-shahed-biz
   use_backend     bck_shahed_biz_shahed_ae_k8s                if              host-is-k8s-ae-shahed-shahed-biz
   use_backend     bck_shahed_biz_shahed_ae_minio_web          if               host-is-minio-shahed-shahed-biz

   use_backend     bck_shahed_biz_shahed_ae_k8s                if                host-is-artifactory-shahed-biz
   use_backend     bck_shahed_biz_shahed_ae_k8s                if                   host-is-pgvector-shahed-biz
   use_backend     bck_shahed_biz_shahed_ae_k8s                if                    host-is-jenkins-shahed-biz
   use_backend     bck_shahed_biz_shahed_ae_k8s                if                    host-is-camunda-shahed-biz
   use_backend     bck_shahed_biz_shahed_ae_k8s                if                     host-is-harbor-shahed-biz
   use_backend     bck_shahed_biz_shahed_ae_k8s                if                     host-is-gitlab-shahed-biz
   use_backend     bck_shahed_biz_shahed_ae_k8s                if                     host-is-docker-shahed-biz
   use_backend     bck_shahed_biz_shahed_ae_k8s                if                      host-is-nexus-shahed-biz
   use_backend     bck_shahed_biz_shahed_ae_k8s                if                       host-is-wiki-shahed-biz
   use_backend     bck_shahed_biz_shahed_ae_k8s                if                        host-is-n8n-shahed-biz

   default_backend bck_shahed_biz_shahed_ae_k8s

backend            bck_shahed_biz_shahed_ae_k8s
   server          shahed_ae_k8s       192.168.49.2:80
   mode            http

backend            bck_shahed_biz_shahed_ae_minio_web
   server          localhost_minio_web 127.0.0.1:9801
   mode            http

backend            bck_shahed_biz_shahed_ae_minio_api
   server          localhost_minio_api 127.0.0.1:9800
   mode            http
CFG
sudo ln -s /etc/haproxy/proxy-configs/shahed.biz-http-all.cfg /etc/haproxy/proxy-enabled/

LB » HAProxy » Frontend » Kube API Config

LB » HAProxy » Frontend » Kube API Config 

cat <<'CFG'| sudo tee /etc/haproxy/proxy-configs/shahed.biz-tcp-kube.cfg >/dev/null

# ##############################################################################
# tcp frontend config for 10.20.40.5:8443
# this config added by chorke academia, inc

frontend           fnt_shahed_biz_shahed_ae
   bind            *:8443
   mode            tcp
   option          tcplog
   option          dontlognull
   default_backend bck_shahed_biz_shahed_ae

backend            bck_shahed_biz_shahed_ae
   server          shahed_ae_k8s 192.168.49.2:8443
   mode            tcp
CFG
sudo ln -s /etc/haproxy/proxy-configs/shahed.biz-tcp-kube.cfg /etc/haproxy/proxy-enabled/

vim /etc/haproxy/proxy-scripts/reconfig
    /etc/haproxy/proxy-scripts/reconfig

systemctl disable --now minikube.service
vim /etc/systemd/system/minikube.service
# append --apiserver-ips=10.20.40.5 with ExecStart
systemctl enable --now minikube.service

ssh -qt shahed@shahed-ae.local bash
sudo -i -u minikube

# run this script on the minikube host. copy the generated output and
# execute it on your local machine's terminal to enable monitoring of
# the minikube cluster.

cat << LOG
$(cat <<'YML'| tee ~/.kube/shahed-ae-kubeconfig.yaml >/dev/null
apiVersion: v1
kind: Config
clusters:
- name: minikube
  cluster:
    server: https://10.20.40.5:8443
    certificate-authority: ../.minikube/ca.crt

contexts:
- name: shahed-ae
  context:
    cluster: minikube
    namespace: default
    user: minikube

users:
- name: minikube
  user:
    client-certificate: ../.minikube/profiles/minikube/client.crt
    client-key: ../.minikube/profiles/minikube/client.key

current-context: shahed-ae
YML
)

cat <<'YML'| tee ~/.kube/shahed-ae-kubeconfig.yaml >/dev/null
$(export KUBECONFIG=${HOME}/.kube/shahed-ae-kubeconfig.yaml;\
kubectl config view --flatten;\
rm ${KUBECONFIG};\
)
YML

chmod 600 ~/.kube/shahed-ae-kubeconfig.yaml
  ls -alh ~/.kube/

export KUBECONFIG=~/.kube/shahed-ae-kubeconfig.yaml
kubectl config get-contexts
kubectl get    namespace
$(echo -n)
LOG

Database » MariaDB » Install & Configure

Database » MariaDB » Install & Configure 

cat << EXE | sudo bash
apt-get update;echo
apt list -a --upgradable;apt-get upgrade -y;echo
apt-get install -y mariadb-server mariadb-client;echo
apt-get clean cache && find /tmp -type f -atime +10 -delete && find /tmp -type s -atime +10 -delete
EXE

cat << EXE | sudo bash
systemctl daemon-reload;echo
systemctl enable --now mariadb.service
systemctl status       mariadb.service
mariadb --version
EXE

# -- security risk: don't exec it
cat << DDL | sudo -i -u root mariadb
CREATE USER '${USER}'@'localhost' IDENTIFIED VIA unix_socket;
GRANT ALL PRIVILEGES ON *.* TO '${USER}'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
DDL

echo -n 'Password: ';read -s ACADEMIA_PASSWORD;export ACADEMIA_PASSWORD;echo
# Password: sadaqah!

cat << DDL | sudo -i -u root mariadb
CREATE DATABASE IF NOT EXISTS academia;
CREATE USER 'academia'@'%' IDENTIFIED BY '${ACADEMIA_PASSWORD}';
GRANT ALL PRIVILEGES ON academia.* TO 'academia'@'%';
FLUSH PRIVILEGES;
DDL

cat << EXE | sudo bash
sed 's|bind-address            = 127.0.0.1|bind-address            = 0.0.0.0|' -i /etc/mysql/mariadb.conf.d/50-server.cnf
systemctl restart      mariadb.service
EXE

cat << EXE | sudo bash
# ufw allow 3306/tcp
  ufw allow from 192.168.49.2/32 to any port 3306 proto tcp
  ufw allow from 10.20.13.0/24   to any port 3306 proto tcp
  ufw allow from 10.20.23.0/24   to any port 3306 proto tcp
EXE

Skipped » Find More » 👈

Database » PostgreSQL » Install & Configure

Database » PostgreSQL » Install & Configure 

cat << EXE | sudo bash
apt-get update;echo
apt list -a --upgradable;apt-get upgrade -y;echo
apt-get install -y postgresql postgresql-contrib;echo
apt-get clean cache && find /tmp -type f -atime +10 -delete && find /tmp -type s -atime +10 -delete
EXE

cat << EXE | sudo bash
systemctl daemon-reload;echo
systemctl enable --now postgresql.service
systemctl status       postgresql.service
pg_lsclusters;echo
psql --version
EXE

# -- security risk: don't exec it
cat << EXE | sudo -i -u postgres bash
createuser ${USER}
createdb   ${USER}
cat << DDL | psql
ALTER USER ${USER} WITH SUPERUSER;
DDL
EXE

echo -n 'Password: ';read -s PGBOUNCER_PASSWORD;export PGBOUNCER_PASSWORD;echo
# Password: sadaqah!

cat << DDL | sudo -i -u postgres psql
\! printf '\n'
SELECT 'CREATE DATABASE bouncer' 
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'bouncer')\gexec
CREATE USER bouncer WITH ENCRYPTED PASSWORD '${PGBOUNCER_PASSWORD}';
GRANT ALL PRIVILEGES ON DATABASE bouncer TO bouncer;
ALTER DATABASE bouncer OWNER TO bouncer;
DDL

cat <<'EXE'| sudo bash
IPV4_LOCAL_FIND=$(cat <<EOF
host    all             all             127.0.0.1/32            scram-sha-256
EOF
)
IPV4_LOCAL_FILL[${YARN_CONF_INDX}]=$(cat <<EOF
host    all             all             127.0.0.1/32            scram-sha-256\n\
host    all             all             192.168.49.2/32         scram-sha-256\n\
host    all             all             10.20.13.0/24           scram-sha-256\n\
host    all             all             10.20.23.0/24           scram-sha-256
EOF
)
sed    "s|#listen_addresses = 'localhost'|listen_addresses = '*'         |" -i /etc/postgresql/16/main/postgresql.conf
sed -z "s|${IPV4_LOCAL_FIND}|${IPV4_LOCAL_FILL}|"                           -i /etc/postgresql/16/main/pg_hba.conf
systemctl restart      postgresql.service
EXE

cat << EXE | sudo bash
# ufw allow 5432/tcp
  ufw allow from 192.168.49.2/32 to any port 5432 proto tcp
  ufw allow from 10.20.13.0/24   to any port 5432 proto tcp
  ufw allow from 10.20.23.0/24   to any port 5432 proto tcp
EXE

Skipped » Find More » 👈

Kubernetes » Minikube » Install & Configure

Kubernetes » Minikube » Install & Configure

Skipped » Find More » 👈 

if [ -x "$(command -v curl)" ];then \
sudo apt -qq update;\
export MINIKUBE_CPU_USE=2;\
export MINIKUBE_RAM_USE=13529;\
export MINIKUBE_INGRESS_HOST='k8s.ae.shahed.shahed.biz';\
bash <(curl -s 'https://cdn.chorke.org/exec/cli/bash/install/minikube/1.0.01-ubuntu-24.04-amd64.sh.txt');\
else printf 'curl \033[0;31mnot found! \033[0m:(\n';fi

Skipped » Find More » 👈

Kubernetes » Minikube » Tunnel » Create Service

K8s » Dashboard » Ingress » Apply

Skipped » Find More 👉 Minikube » Tunnel » Systemd

Skipped » Find More 👉 Minikube » MetalLB » Forward » Route

Kubernetes » Minikube » Ingress » Apply Dashboard

K8s » Dashboard » Ingress » Apply 

export KUBECONFIG=${HOME}/.kube/shahed-ae-kubeconfig.yaml
kubectl config get-contexts

cat << YML | kubectl -n kubernetes-dashboard apply -f -
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
  labels:
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/managed-by: kubectl
    app.kubernetes.io/name: kubernetes-dashboard
    app.kubernetes.io/instance: kubernetes-dashboard
  annotations:
    nginx.ingress.kubernetes.io/auth-type: basic
    nginx.ingress.kubernetes.io/auth-realm: Authentication Required
    nginx.ingress.kubernetes.io/auth-secret: kubernetes-dashboard-auth
spec:
  ingressClassName: nginx
  rules:
    - host: k8s.ae.shahed.shahed.biz
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: kubernetes-dashboard
                port:
                  number: 80
    - host: www.k8s.local
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: kubernetes-dashboard
                port:
                  number: 80
YML

Skipped » Find More 👉 K8s » CoreDNS

Skipped » Find More 👉 K8s » Dashboard

Kubernetes » Debug » MariaDB

Kubernetes » Debug » MariaDB 

export KUBECONFIG=${HOME}/.kube/shahed-ae-kubeconfig.yaml
kubectl config get-contexts

kubectl create ns   swiss-knife
kubectl get ns|grep swiss-knife

kubectl -n swiss-knife run -i --tty --rm mariadb-cli --image=alpine --restart=Never -- ash
apk --update add mariadb-client inetutils-telnet

echo -n password: ;read -s MYSQL_PWD;export MYSQL_PWD; echo
telnet 192.168.49.1 3306
telnet 10.20.23.1   3306
telnet 10.20.13.1   3306
echo ${MYSQL_PWD}

mariadb -u academia -D academia -P3306 -h 192.168.49.1
mariadb -u academia -D academia -P3306 -h 10.20.23.1
mariadb -u academia -D academia -P3306 -h 10.20.13.1

Kubernetes » Debug » PostgreSQL

Kubernetes » Debug » PostgreSQL 

export KUBECONFIG=${HOME}/.kube/shahed-ae-kubeconfig.yaml
kubectl config get-contexts

kubectl create ns   swiss-knife
kubectl get ns|grep swiss-knife

kubectl -n swiss-knife run -i --tty --rm postgresql-cli --image=alpine --restart=Never -- ash
apk --update add postgresql-client inetutils-telnet

echo -n password: ; read -s PGPASSWORD; export PGPASSWORD; echo
telnet pgbouncer.pgbouncer.svc.cluster.local 5432
telnet pgbouncer.pgbouncer 5432
telnet 192.168.49.103 5432
telnet 192.168.49.1   5432
telnet 10.20.23.1     5432
telnet 10.20.13.1     5432
echo ${PGPASSWORD}

psql -U bouncer -d bouncer -p5432 -h pgbouncer.pgbouncer.svc.cluster.local
psql -U bouncer -d bouncer -p5432 -h pgbouncer.pgbouncer
psql -U bouncer -d bouncer -p5432 -h 192.168.49.103
psql -U bouncer -d bouncer -p5432 -h 192.168.49.1
psql -U bouncer -d bouncer -p5432 -h 10.20.23.1
psql -U bouncer -d bouncer -p5432 -h 10.20.13.1

References

Retrieved from "https://wiki.chorke.org/index.php?title=Cloud/Shahed/AE&oldid=15539"