Sign in

You may need forwarding a request to an another port at same machine or on a different machine.

I assume that your preferred zone is enabled if not you can use command below(ethX is your network interface that takes requests to port);

sudo firewall-cmd --permanent --zone=public --add-interface=ethX

Than you should enable masquerading for that zone.

sudo firewall-cmd --zone=public --add-masquerade

If you want to forward from one port to another at same system, you can use this;

sudo firewall-cmd --zone=public --add-forward-port=port=80:proto=tcp:toport=8080

This forwards requests from port 80 to 8080. You can use this command for forwarding to a remote server. …


Puppet is an automation and configuration management tool. It is eligible for ensuring desired state configurations on servers. Here are some puppet terms.

Manifests

The various resources that you need to declare for a specific configuration are stored in files that are called manifests.

Classes

A class is a set of configurations that are bundled together.

Module

Puppet modules are self-contained collections of files and directories that can contain Puppet manifests and other objects, including files and templates.

Domain Specific Language (DSL)

A declarative language that is similar to Ruby to define configuration parameters for a specific environment or infrastructure.


Firewalld is a firewall management tool for Linux operating systems. It has same purpose(packet filtering) with iptables but it is an easier to use tool. Firewalld relies on a concept which is called “zones”.

A network zone defines the level of trust for network connections. This is a one to many relation, which means that a connection can only be part of one zone, but a zone can be used for many network connections. A zone has definition about those;

Services, firewalld has some predefined service definitions like SSH, HTTP…etc. …


Assume that you want to prevent access to custom files in a folder even a user has access rights to files.

You should install SELinux tools to do steps completely.

$ yum install policycoreutils-python policycoreutils-devel setools-console setroubleshoot setroubleshoot-server selinux-policy -y

Firstly login to system as root, create a folder and go to inside it.

$ mkdir /policytest
$ cd /policytest

Create a policy file.

cat <<'EOF' >> policytest.tepolicy_module(policytest,1.0)require {
type unconfined_t;
}
type policytest_t;
files_type(policytest_t);
fs_associate(policytest_t);
allow unconfined_t policytest_t:{dir file} { relabelto relabelfrom getattr };

policy_module is used to specify module name. require block tells which domains are…


This cluster is installed on Centos 7 operating systems. Nodes should be minimum 2GB memory, 2 CPUs. We’ll have one master node, two worker nodes at the end of the installation.

  1. Disable swap in all nodes
swapoff -aRemove swap entry from /etc/fstab to disable after reboots.

2. Install docker on all nodes.

yum -y install docker
systemctl enable docker
systemctl start docker

3. All hosts file should be same and include all nodes hostnames. Configure in all nodes.

192.168.1.60 kubemaster01
192.168.1.61 kubeworker01
192.168.1.62 kubeworker02

4. Set these kernel parameters in all nodes.

cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables =…


This article is an introduction to SELinux in Red Hat or CentOS distributions. I will publish deeper articles about SELinux.

SELinux is a security mechanism between subjects and objects. Subjects are users or processes, objects are files or ports. This mechanism provides a more granular access control than DAC. SELinux is a MAC(Mandatory Access Control) mechanism. As you know DAC(Discretionary Access Control) is a basic control mechanism in Linux/Unix systems. It is mostly about ownerships and access modes of files(chmod, chown). If an access can be denied by DAC, SELinux doesn’t move in this access. …


Jupyterhub is a multi-user version of Jupyter notebook. If you have an anaconda platform you can install it with this command;

$ conda install -c conda-forge jupyterhub
$ conda install notebook

If you don’t you can go with pip but you should install nodejs/npm to install proxy module.

$ sudo apt-get install npm nodejs-legacy
$ python3 -m pip install jupyterhub
$ npm install -g configurable-http-proxy
$ python3 -m pip install notebook

Test installation;

$ jupyterhub -h
$ configurable-http-proxy -h

Create config file;

$ jupyterhub --generate-config

A file named jupyterhub_config.py will be generated. Jupyterhub supports multi local users, LDAP users or…


Prerequisites

  • Disable swap in all nodes
swapoff -a
Remove swap entry from /etc/fstab.
  • Min: 2GB memory, 2 CPUs per node.
  • Install docker on all nodes.
yum -y install docker
systemctl enable docker
systemctl start docker
  • All hosts file should be same and include all nodes hostnames.
192.168.1.60 kubemaster01
192.168.1.61 kubeworker01
192.168.1.62 kubeworker02
  • Set these kernel parameters on all nodes.
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl -p

Configure Repository

Do this on all nodes.

cat <<EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kube*
EOF

Install Kubernetes Packages

Install packages on all nodes.

yum install -y kubelet kubeadm…

MKM

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store