Linux and DevOps with Vijay

recently i encountered with an error while setting up eclipse che in my kubernetes cluster. when starting first workspace it says Failed to pull image "registry.access.redhat.com/ubi8-minimal:8.2-301": rpc error: code = Unknown desc = open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory i was using centos as my kubernetes host OS. I tried to install rhsm packages etc but no luck Then i tried this workaround which works like a charm. SO any one faces same issue can fix by following up bellow step run bellow command in all your worker node openssl s_client -showcerts -servername registry.access.redhat.com -connect registry.access.redhat.com:443 </dev/null 2>/dev/null | openssl x509 -text > /etc/rhsm/ca/redhat-uep.pem

In your home lab or in public server it is quite possible that you have only one kvm host ip on eth0 and you dont want or cannot create bridge interface in order to assign public ips to all the guest vm so that you can access them individually from outside host network. In this case you can forward ports to nat network guest ip . Example. KVM host ip is :172.16.0.20 linux guest ip : 192.168.122.10 you have ssh access to host using port 22 i.e. ssh [email protected] now if you want to access guest vm also you can forward a port 2222 to guest vm and you can access as ssh [email protected] -p 2222 we can use iptables rule in order to get this happen . iptables -I FORWARD -o virbr0 -d  192.168.122.10 -p tcp --dport 22 -j ACCEPT iptables -t nat -I PREROUTING -p tcp --dport 2222 -j DNAT --to 192.168.122.10:22 next in extending this if you want to expose 80 of your guest from host ip then do so and add bellow extra rules iptables -I FORWARD -o virbr0 -d  192.168.122.10

~~~ Enable mail encryption in postfix outgoing mails for gmail~~~~~ ####First make a temporary directory, assuming you are signed on as root user cd /root mkdir temp cd /temp ####Next, generate a private key for the server. openssl genrsa -des3 -out mail.domain.tld.key 2048 ####Now it's time to create the certificate request. openssl req -new -key mail.domain.tld.key -out mail.domain.tld.csr ####Now it's time to create the self-signed key. It will also ask for the randomly generated password. openssl x509 -req -days 365 -in mail.domain.tld.csr -signkey mail.domain.tld.key -out mail.domain.tld.crt ####Now we need to remove the password from the private certificate so that there is no need to enter in a password when you restart postfix. You will need to enter in the randomly generated password. openssl rsa -in mail.domain.tld.key -out mail.domain.tld.key.nopass ####The command below will overwrite the old key with the new key (without password). mv mail.domain.tld.key.nopass mai

This is very common requirement for every linux admin while dealing with a service secuirty, Where we need to open certain port from specific source ip only. Below is example using ufw ubuntu firewall, redhat firewalld and with generic iptables rule. In below example i am trying to open port 9090 for only 192.168.1.2. If i wish to open it for entire subnet, i can simply provide 192.168.1.0/24  instead 192.168.1.2. - firewalld # firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.2" port protocol="tcp" port="9090" accept' - ufw $ sudo ufw allow from 192.168.1.2  to any port 9090 - iptables $ iptables -I INPUT -p tcp -s 192.168.1.2 --dport 9090 -j ACCEPT

I purchased a Thinkpad for use of fedora as my preferred  workstation OS. After installation feel few issues in wireless network.e.g. My macbook reports speedtest 99~110 Mbps  - ( folks i have 100Mbps connection )  Wherein my fedora reports only 24~30 Mbps While i am transfering any file in my lab systems over wifi macbook speed again fast but fedora remains same 20~ 30 Mbps ( yes in wifi LAN even ) So i found the issue after few search and i thought to lets share  this with you too. Here is fix. $ vim /etc/modprobe.d/iwl11n.conf edit bellow lines as options iwlwifi 11n_disable=8 options iwlwifi nohwcrypt=8 In above actually  old value was options iwlwifi 11n_disable=1 save and exit have a reboot enjoy !

Install packages for network and dns $ apt install ifupdown resolvconf -y remove cloud-init $ apt remove cloud-init -y delete netplan config $ rm -rf /etc/netplan/* $ reboot $ vim /etc/network/interfaces auto lo iface lo inet loopback auto ens3 iface ens3 inet static address 192.168.1.154 netmask 255.255.252.0 gateway 192.168.1.1 dns-nameservers  192.168.1.30 $ vim /etc/resolvconf/resolv.conf.d/head nameserver 8.8.8.8 nameserver 8.8.4.4 save and reboot now check dns entries $ cat /etc/resolv.conf

Configure alert manager to send mail. This will send mail to 2 diffrent groups one is managemnet group for ciritical alerts only and second is default group for all alerts. $  oc project openshift-monitoring The secret file where alertmanager.yaml content ( encoded in base64 ) will remain is alertmanager-main convert the yaml content into base64 first $  cat alertmanager.yaml | base64 -w0 copy value now edit secret $ oc edit secret alertmanager-main find value starts with alertmanager.yaml: replace all base64 content from your own . save and exit now in order to take this secret in effect we must bounce the pod $  oc delete po -l alertmanager=main check if all pod came online $  oc get po -l alertmanager=main done! alertmanager.yaml content resolve_timeout : 5m route : group_wait : 30s group_interval : 5m repeat_interval : 12h receiver : default