CONTINUAL INTEGRATION – Page 132 – A Technical I.T./DevOps Blog

How Do You Troubleshoot Permissions Errors in the /home/ directory of a Linux server?

Problem scenario
You want to create files in the /home/ directory of your user. You are getting permission errors in the /home/ directory but the permissions are 777 and you are the user who is the owner of the directory, what should you do?

Possible Solution #1

1. Run this command: sudo service autofs stop
2. Make files or directories in home.
3. Run this command: sudo mount -a
4. To be thorough, reboot the server. Check the files or subdirectories.

Possible Solution #2
Are credential pairs able to log into more than one server in your environment? Are you possibly using an LDAP such as NIS in your environment?

The root cause could be that NIS is configured to disallow files to be created in the /home/ directory. The systems administrator in charge of authentication of your network would be the person to assist with this.

How Do You Determine the IP Address Assignments of Running Docker Containers?

Problem scenario
You created some Docker containers and assigned them IP addresses. How do you find out what their IP addresses are?

Solution

1. Run this command: docker ps -a # find the container ID of the container you want to know about
2. Run this command but substitute "container_id" with the container ID you found above:
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' container_id

In Python, What Are Some Disadvantages with Calling a Function as a New Thread?

Question
Python supports the creation of new threads for [bound or unbound] functions. They can help with multiprocessing. If you want a server to begin certain operations in parallel with others, you may want to use new processes as opposed to new threads. Both threads and processes can provide the same parallel processing benefit. What are some disadvantages of using a thread to call a function?

Answer

Threads cannot invoke an entirely different program. Starting a new process can execute a separate Python program. Threads are limited to calling functions. (These three preceding sentences were paraphrased from page 187 of Programming Python by Mark Lutz.)
Different threads have access to the same memory addresses of the process (page 186 of Programming Python by Mark Lutz). Shared memory space may be accessible to two or more threads. Thus one thread can make changes that the other thread relies on. If you have variables that need to be globally available and you have multiple different threads, the complexity could be unwieldy with many different functions or methods modifying values in memory producing unpredictable results. You must synchronize queues and threads to ensure thread safety (taken from page 187 of Programming Python by Mark Lutz). By protecting shared data (e.g., with locks), you can mitigate race hazards. Critical race conditions with undesirable outcomes can be difficult to debug (according to page 505 of Expert Python Programming, Third Edition).
The GIL permits no more than one thread to run via Python (taken from page 187 of Programming Python by Mark Lutz). Python cannot do multi-threading as far as we know (as of January 2019).* (Python threads can make it appear that non-blocking operations are happening concurrently for the user.) The global interpreter lock necessitates you use the C extensions if you want to do true multi-threading. This means that you cannot leverage multi-CPU servers with Python with threads.*

* If you use a search engine for the phrase "python multi-cpu server" and see for yourself the results will pertain to multi-processing.

How Do You Set up a Send-Only (Postfix) Email Server on a Linux RHEL AWS Instance?

Problem scenario
You have a monitoring tool on a RedHat Enterprise Linux server that needs to send out emails upon certain events happening. You want to install and configure an email server. You need to send outbound emails, but you do not need to receive inbound emails. How do you configure RHEL to be able to send out regular emails over the internet?

Prerequisite
This assumes that Postfix has been installed. For Debian/Ubuntu Linux, postfix is often installed by default. If it is not, run this command:
sudo apt -y install postfix # accept the various options by mostly accepting the defaults and using your best judgement

Solution
1. Ensure that the AWS Security Group allows for outbound connectivity over port 25.
2. Log into the RHEL server.
3. Run this command: hostname -f
4. Find the internal IP address. It is usually in the FQDN of an AWS server. You could run this command (and ignore the /20 at the end of its output):

ip addr show | grep eth0 | grep inet | awk '{print $2}'

You'll need this later.

5. Edit the /etc/postfix/main.cf file (e.g., with sudo vi /etc/postfix/main.cf). It should have lines like these at the very end (but replace contint.com with FQDN of the server and replace 10.10.10.10 with the internal IP address as found in steps 3 and 4 above).

inet_interfaces = localhost, 10.10.10.10 inet_protocols = all mydestination = $myhostname, localhost.$mydomain, $mydomain myhostname = contint.com

6. Now that the last lines of the main.cf file have been updated and the file is saved, restart the postfix server. Run this command:

sudo service postfix restart

7. If you have a DNS server so the FQDN resolves, skip this step. Otherwise update the /etc/hosts file to have an entry like this (where FQDN is the one found in step 3 and where 10.10.10.10 is the internal IP address as found in step 4):

10.10.10.10 FQDN

8. Optional step. Test it. Type in the following but replace contint.com below with your mail server's FQDN and press enter after each line:

sudo yum -y install telnet telnet contint.com 25 helo contint.com mail from: webmaster@contint.com rcpt to: goodperson@gyahoomail.com DATA This is just a test. . quit

Another Possible Solution
Another way to do this is with Python; to learn how to use Python and not install anything else, see this external posting.

How Do You Find the Default Kubernetes Web UI Credentials?

Problem scenario
You try to go to the default Kubernetes web UI (the dashboard), but you are being prompted for a username and password.

Solution
From the server with kubectl, run this:
kubectl config view

How Do You Install pip on an Ubuntu or Debian Server?

Problem scenario
You want to install pip to work with Python packages and Python features. How do you install this on an Ubuntu or Debian Linux server?

Solution
Run these commands:
sudo apt-get -y update sudo apt-get -y install python-pip

What Are The Kubernetes Concepts “pod label,” “label selector,” and “pod selector”?

Question
What is the difference between these three two-word terms "pod label," "label selector," and "pod selector"?

Answer
This answer provides details on what these are and provides some information on how they are different.

pod label: It is an inherent attribute of the pod. It can be changed via a command like this: kubectl label pod new-podlabel version=5.5 These statements were based on Assistanz.com. These may match with what is usually referred to as a "label selector" in a ReplicationController.

label selector: These are often categories, non-unique and common across multiple pods, that are arbitrarily designed by a human engineer and are not indicative of an underlying pod's attributes. They are one of three parts of a ReplicationController.

One way to think of it is that it is the pod label (an attribute of a pod) from the reference point of a server running the "kubectl" command. The "kubectl" command can filter pods based on their selectable "label selector" values that match the respective filter value. Also note that the ReplicaController's scope is composed of pods that are designated by their label selectors (page 92 of Kubernetes in Action by Luksa). An optimal use of this is to constrain certain pods to run on certain nodes. Kubernetes provides the benefit of hardware redundancy (colocation in two or more hosts). While jobs can run on servers without having GPU acceleration or solid state drives, servers with these features are optimal for certain task-scheduling. High-quality servers can be leveraged frequently whereas commodity servers can be dormant as backups based on label selectors and well-designed kubectl command invocation (page 73 of Kubernetes in Action by Luksa). To learn more, see this posting.

In most, and perhaps all, contexts, we do not think there is a difference between pod label and label selector.

If you run the kubectl describe svc kubia command, you will see an attribute for "Labels" and a separate attribute for "Selector".

pod selector: This is a reference to something that picks (or selects) a pod. It can be defined in a pod template or in what is less recommended -- a ReplicationController .yaml (page 93 of Kubernetes in Action by Luksa). If you run the "kubectl describe svc kubia" command, you will see an attribute for "Labels" and a separate attribute for "Selector". Pod selectors are needed for Kubernetes to automatically create a service's "Endpoints resource" (page 132 of Kubernetes in Action by Luksa).

A "Service" exposes a pod to a socket (inside front cover of Kubernetes in Action). To change a Service's pod selector, run this command: "kubectl set selector" (page 253 of Kubernetes in Action by Luksa).

Here is an example of pod selectors to give some context. The official Kubernetes website has this excerpt of key value pairs:

"matchExpressions: - {key: tier, operator: In, values: [cache]} - {key: environment, operator: NotIn, values: [dev]}"

The external link clarifies that "matchExpressions is a list of pod selector requirements. "

How Do You Get the mysql Command to Work from an Ubuntu Linux Command Line?

Problem scenario
The mysql command does not work from Ubuntu. You try to run a "mysql" command but you get "command not found." What do you do to install a mysql CLI utility?

Solution
Run one of the following:

sudo apt -y install mysql-client-core-5.7 sudo apt -y install mariadb-client-core-10.1

These commands may help you too:

apt-cache search mysql-client apt-cache search mariadb-client sudo apt -y install mycli sudo mysql -u root

What Do You Do when Cassandra Stalls on “Initializing IndexInfo”?

Problem scenario
When you start Cassandra you see a message such as this:

INFO [main] 2018-02-03 08:45:55,257 ColumnFamilyStore.java:389 - Initializing system.IndexInfo

What should you do?

Possible Solution #1
Try rebooting the server. This could help the problem.

Possible Solution #2
This next one is merely a workaround. It is not a best practice.

Edit the ColumnFamilyStore.java file. To find it use this:
sudo find / -name ColumnFamilyStore.java

Comment out line 389. It should look like this after you comment it out:
//logger.info("Initializing {}.{}", keyspace.getName(), name);

Start Cassandra again. But know that you modified the source code without a though quality assurance process. This could have serious ramifications in the future.

Possible Solution #3
Wait 60 minutes. If you are patient enough, it is possible that the problem will go away on its own.

Possible Solution #4
Verify you have sufficient hardware for your version of Cassandra. Reinstall Cassandra; if you need assistance, click on the link for your distribution of Linux:

How Do You Use Terraform to Create a Server in GCP?

Problem scenario
You want to use infrastructure as a code with Terraform and GCP. How do you use a .tf file to create a virtual machine in Google Cloud Platform?

Solution
Prerequisite
This assumes you have installed Terraform. If you need assistance with this, see this posting.

Procedures

1. Obtain the account.json file for your GCP account. Log into GCP, and then go here: https://console.cloud.google.com/apis/credentials/serviceaccountkey
For the "Service Account" drop down menu, choose "Computer Engine default service account." Then for "Key Type" click on the option for "JSON". Click "Create".

2. On the Linux server with Terraform, save the file as account.json in the file you will create a .tf file.

3. Mentally identify the project ID of an existing project. If you want to find the ID of your project, from the GCP web UI, go to "My First Project" or something similar at the top middle part of the screen. Click on it. The pop up should show the project IDs according to their names.

4. Create in this directory a file called test.tf with these lines (but replace projectID-asfoundinstep3above with your project ID):

provider "google" {
  credentials = "${file("account.json")}"
  project     = "projectID-asfoundinstep3above"
  region      = "us-east1"
  zone        = "us-east1-b"
}

resource "google_compute_instance" "coolname" {
  name          = "verycoolserver"
  machine_type  = "n1-standard-1"
  zone          =  "us-east1-b"
  tags          = ["ssh","http"]
  boot_disk {
    initialize_params {
      image     =  "centos-7-v20180129"
    }
  }

network_interface {
    subnetwork = "default"
    access_config {
    }
  }
}

5. Run these commands:

terraform init
terraform apply

6. Respond with "yes" to the prompt. Your server should be created.