Author Archives: admin

OC Commands

title: “OC Commands”
date: 2020-10-19T14:55:06
slug: os-commands

Nodes auflisten

oc get nodes

Top der Nodes

oc adm top node

Describe a Node

oc describe node master01

Zeige letzte 3 Logeinträge des Pods

oc logs --tail 3 -n openshift-image-registry cluster-image-registry-operator-564bd5dd8f-s46bz

Zeige letzte 3 Logeinträge des nodes master01 der journalunit kubelet

oc adm node-logs --tail 3 -u kubelet master01

Einen Debug Pod auf master01 starten

oc debug node/master01
\* chroot /host
\* crictl ps --name openvswitch

In ein Projekt wechseln

oc project execute-troubleshoot

OC Status anzeigen (API URL, Projekt)

oc status

Events des aktuellen Namespace anzeigen

oc get events

Ein Docker IMAGE inspizieren

skopeo inspect docker://registry.access.redhat.com/rhscl/postgresql-96-rhel7:1

Ein Deployment editieren

oc edit deployment/psql

Clusteroperatoren und Status anzeigen

oc get clusteroperators

Important oc set commands:

oc set env Update environment variables on a pod template
oc set image Update image of a pod template
oc set resources Update resource requests/limits on objects with pod templates
oc set selector Set the selector on a resource
oc set serviceaccount Update ServiceAccount of a resource
oc set data Update the data within a config map or secret

Start a debug Pod based on a Deoployment

oc debug -t deployment/grafana -n nn-capmgt --image busybox

Create Secrets (different Types)

oc create secret docker-registry my-secret --docker-server=DOCKER\_REGISTRY\_SERVER --docker-username=DOCKER\_USER
oc create secret generic my-secret --from-literal=key1=supersecret --from-literal=key2=topsecret
oc create secret generic my-secret --from-file=ssh-privatekey=path/to/id\_rsa --from-literal=passphrase=topsecret
oc create secret tls tls-secret --cert=path/to/tls.cert --key=path/to/tls.key

Ingress https and http

http: oc expose svc my-service --hostname my-service.apps.ocp4.example.com
edge: oc create route edge --cert=cert.pem --key=key.pem --service=nginx --hostname=tls.apps.ocp4-thasanger.paas.pop.noris.de
passthrough: oc create route passthrough name-https --service https-svc --port 8443 --hostname todo-https.apps.ocp4.example.com

Extract secret to File

oc extract secrets/router-ca --keys tls.crt -n openshift-ingress-operator

Create a deployment with env vars

oc new-app --name wordpress \> --docker-image docker.io/library/wordpress:5.3.0 \> -e WORDPRESS\_DB\_HOST=mysql -e WORDPRESS\_DB\_USER=root \> -e WORDPRESS\_DB\_NAME=wordpress

wireshark & openssl

title: “wireshark & openssl”
date: 2020-08-11T09:34:16
slug: wireshark

Show SNI:
ssl.handshake.extension.type == 0

Set TLS Version and Cipher
openssl s_client -connect master.hub-portal.fcp.mi.ci.cstx.cloud:443 -CAfile master-hub-portal-fcp-mi-ci-cstx-cloud-chain.pem -tls1_2 -cipher ECDHE-RSA-AES128-GCM-SHA256

Connect to Openshift Registry Remotely

title: “Connect to Openshift Registry Remotely”
date: 2020-08-04T11:30:51
slug: connect-to-openshift-registry-remotely

Get Token:

$ oc --config=oc whoami -t
TidUvyx3vRepdKczl6RDd08\_n3kQxAWpNFa3c1E9dh4

Login to Registry

$ docker login -u admin -e ich@du.de -p TidUvyx3vRepdKczl6RDd08\_n3kQxAWpNFa3c1E9dh4 https://docker-registry-default.apps.openshift.thasanger-dev.paas.pop.noris.de

Filter EMails with python

title: “Filter EMails with python”
date: 2020-07-15T08:53:47
slug: filter-emails-with-python

Listen to Port 587 and call the external filter script /home/filter/filter.py (add user “filter” and put it in his home directory )

/etc/postfix/master.cf
smtp inet n - n - - smtp -v
submission inet n - n - - smtpd
 -o content\_filter=filter:dummy
filter unix - n n - 10 pipe
 flags=Rq user=filter null\_sender=
 argv=/home/filter/filter.py -f ${sender} -- ${recipient}
#smtps inet n - n - - smtpd
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup

The Filter Script: /home/filter/filter.py

#!/usr/bin/python2.7

from email import Parser
import smtplib
import sys
import logging
from subprocess import Popen, PIPE
logging.basicConfig(level=logging.DEBUG,
 format='%(asctime)s %(levelname)s %(message)s',
 filename='/home/filter/content-filter.log',
 filemode='a')

# Get the CLI arguments.
try:
 cli\_from = sys.argv[2].lower()
 cli\_to = sys.argv[4:]
 logging.debug("To / From : %r" % sys.argv)
except:
 logging.error("Invalid to / from : %r" % sys.argv)
 sys.exit(69) # postfix will bounce the mail. retrying bad args won't work

logging.debug("From : %s, to : %r" % (cli\_from, cli\_to))
# Get the email content from STDIN.
content = ''.join(sys.stdin.readlines())
p = Parser.Parser()
parsed = p.parsestr(content, True)

if parsed.get('X-Jenkins-Job'):
 #logging.debug("email source : %s" % parsed.as\_string())
 parsed.add\_header('X-noris-Ticket-Queue', 'OSA::AOP::VW')
 parsed.add\_header('X-noris-Ticket-Kunde', 'vw-rv-cod')
 parsed.add\_header('X-noris-Ticket-Autoreply', 'no')
 parsed.add\_header('X-noris-Ticket-AppendKey', 'jenkines-pipelines')
 parsed.add\_header('X-noris-Ticket-Type', 'Event')
 parsed.add\_header('X-noris-Ticket-Priority', '4')
 parsed.add\_header('X-noris-Ticket-Status', 'open')
 parsed.add\_header('X-noris-Ticket-Autodispatch', 'Alarming')
 to = "root-manager@noris.de"
else:
 to = "osa-aop-vw-d@noris.de"

content = str(parsed)
# and let's try reinjecting it into Postfix.
command = ["/usr/sbin/sendmail", "-G", "-i", "-f", cli\_from, to]
stdout = ''
stderr = ''
retval = 0
try :
 process = Popen(command, stdin=PIPE)
 (stdout, stderr) = process.communicate(content);
 retval = process.wait()
 if retval == 0:
 logging.debug("Mail resent via sendmail, stdout: %s, stderr: %s" % (stdout, stderr))
 sys.exit(0)
 else:
 raise Exception("retval not zero - %s" % retval)
except Exception, e:
 print "Error re-injecting via /usr/sbin/sendmail."
 logging.error("Error resending mail %s -- stdout:%s, stderr:%s, retval: %s" % (e, stdout, stderr, retval))
 sys.exit(75) # tempfail, we hope.

Scan Channels

title: “Scan Channels”
date: 2020-06-23T22:13:47
slug: scan-channels

w\_scan -fs -s S4E8 -D1c # Astra 4.8
w\_scan -fs -s S13E0 -D2c # Hotbird
w\_scan -fs -s S13E0 -D3c # Astra 19
w\_scan -fs -s S28E2 -D4c # Astra 28.2

Create Channles.conf

w\_scan2 -fs -s S4E8 -v -v -v -X > astra4-8.conf
w\_scan2 -fs -s S13E0 -D2c -v -v -v -X > astra19-2.conf

Einrichtun DVB under Debian

title: “Einrichtun DVB under Debian”
date: 2020-06-11T21:15:18
slug: einrichtun-dvb-under-debian

w_scan Download um Kanallisten zu erstellen
https://www.gen2vdr.de/wirbel/w_scan/index2.html

w\_scan -f s -D 3c -sS19E2

 TV-Sender empfangen / aufnehmen

 szap -a 1 -f 0 -d 0 3sat

 -a wählt das Adapterverzeichnis (-a 1 ist also "/dev/dvb/adapter1"),
 -f und -d die Gerätedateien frontend und demux

 (-f 0 ist also hier "/dev/dvb/adapter1/frontend0" und
 -d 0 entsprechend "/dev/dev/adapter1/demux0").

 Die Option -r (für recording) weist das DVB-Tool an, die Videodaten über die Gerätedatei "/dev/dvb/ adaptern/dvr0" auszugeben, sodass sie ein Video-Player wie Xine (bei laufenden DVB-Tool!) mit dem Befehl

 xine stdin://mpeg2 < /dev/dvb/adapter0/dvr0

 auslesen kann.

 Ebenso gut kann man den MPEG-TS-Strom in eine Datei umleiten und
 so den eingestellten Sender aufnehmen:

 cat /dev/dvb/adapter0/dvr0 > /tmp/recording.ts

Match Hostname

title: “Match Hostname”
date: 2020-06-04T15:06:26
slug: match-hostname

---
- name: Install pt-stalk
 hosts: ~mar.\*\.cod\.vw-wecloud\.de
 gather\_facts: yes
 roles:
 - pt-stalk

failed to create newCsiDriverClient: driver name rook-ceph.cephfs.csi.ceph.com not found in the list of registered CSI drivers

title: “failed to create newCsiDriverClient: driver name rook-ceph.cephfs.csi.ceph.com not found in the list of registered CSI drivers”
date: 2020-05-27T09:35:00
slug: failed-to-create-newcsidriverclient-driver-name-rook-ceph-cephfs-csi-ceph-com-not-found-in-the-list-of-registered-csi-drivers

Bei Fehlermeldung:

failed to create newCsiDriverClient: driver name rook-ceph.cephfs.csi.ceph.com not found in the list of registered CSI drivers

Müssen alle Kubelets restarted werden.

Bootstrap New Cluster

title: “Bootstrap New Cluster”
date: 2020-05-05T17:23:46
slug: bootstrap-new-cluster

On Primary Node (of you think its the primary one):
/usr/bin/mysqld_safe –wsrep-new-cluster

2020-05-05 19:21:02 0 [ERROR] WSREP: It may not be safe to bootstrap the cluster from this node. It was not the last one to leave the cluster and may not contain all the updates. To force cluster bootstrap with this node, edit the grastate.dat file manually and set safe_to_bootstrap to 1 .
vi /data/mysql/data/grastate.dat

Start mariadb on other nodes
systemctl start mariadb

Check for primary
SHOW GLOBAL STATUS LIKE ‘wsrep_cluster_status’;

Wenn das hier im Log File steht, wird repliziert:
WSREP_SST: [INFO] Waiting for SST streaming to complete! (20200506 14:59:19.575)

Count files in current directory

title: “Count files in current directory”
date: 2020-05-05T10:05:29
slug: count-files-in-current-directory

expr $(ls -ld mysql-bin.0* | awk ‘{ total += $5 }; END { print total }’) / 1073741824