DevOps Hunter Security Automation

Hello DevOps team, in this post I will be exploring the CGroup usage in docker engine. How check CGroup in the Linux file system supporting? To check all types of cgroups that are allowed in Linux system we can check at /sys/fs/cgroup directory What's the default memory limit for docker containers? Interestingly, when you don't define any control group on the memory limits, the docker engine will allocate the full memory of the VM as the maximum memory limit. How do we impose the container memory limits? When you run the container with the 100m upper memory limit for the tomcat image. You can see the limit value docker stats command. Can we control of CPU load per container? How? Yes it is possible to control the CPUs usage to container. Control group helps us in define the limit, this can be decimal values that indicate CPU cycles - example here with 0.1 We can apply both the control group limits on the same container. H...

As of my last update in August 2023, SonarQube 10 already released. However, I can provide you with general steps to install SonarQube on CentOS/Rocky 8. Please note that the steps might need adjustments based on the specific versions you are using. Prerequisites : System requirements: RAM 4GB CPU 1vCPU works, better performance 4 cores Ensure you have the following prerequisites installed on your CentOS 8 server: Create a Vagrant CentOS/8 box for SonarQube installation: Vagrant.configure(2) do |config| config.vm.box = "centos/8" config.vm.boot_timeout=600 config.vm.define "sonarqube" do |sonarqube| sonarqube.vm.network "private_network", ip: "192.168.33.150" sonarqube.vm.hostname = "sonarqube.devopshunter.com" sonarqube.vm.provider "virtualbox" do |vb| vb.cpus = "4" vb.memory = "4096" end end end Bring up the box using `vagrant up`. In the PuTTY / SSH terminal ...

Bitbucket is most widely used in the IT industry to provide team collaborative work for short size of teams. Its greater ability is to have integration with Jira and other DevOps tools. Bitbucket encourages private repository creation by default. So they are mostly not available for search engines to discover these projects! So, startup projects will do better here. Prerequisites for Bitbucket installation JRE/JDK: To run the web UI Java is required, Your system must have the JRE/JDK, we can go with the Open JDK as you know that Oracle JDK is now not open to everyone to download! Git: To run the Bitbucket we need Git as a source-code management tool. Ensure the default port 7990 is available on the system. If you are running on the Cloud ensure the TCP port /7990 allows inbound traffic. On the AWS you need to update the Security Group that associated with the EC2 instance. Option of Vagrant box  Vagrant.configure(2) do |config| config.vm.box = "centos/8" c...

How do I use "Manage Jenkins" page?  Here I'm with all of the screenshots of each section of the Manage Jenkins page. this might contain "Monitors" that alert you when a new version of the Jenkins software or a security update is available. Each monitor includes links to the changelog that describes the new update as well as instructions to download and install the update. The Manage Jenkins page displays a series of tiles for common task areas, arranged in logical groupings:  System Configuration  — This section is designed for general system configuration, managing nodes and clouds, global tool configuration, and plugin management. Security  —  This section is designed to configure global security (authentication, authorization, and global settings that protect your Jenkins instance from intrusions) and screens to manage the credentials that provide secure access third-party sites and applications that interact with Jenkins. Status Information  —  This se...

 We as DevOps and DevSecOps Engineers working on many microservice based application architectures where we need to manage Kubernetes Cluster  Troubleshot at various levels. You cannot rely on single point of look for failures. While working on Kubernetes Troubleshooting we can make ourselves easy to understand the problem, if we could classify the problem belong to the following categories. Application Failure Master node/ControlPlane Failures Worker node Failures Application Failure - trobleshooting Here I'm listing out these with my understanding and experiance in practice tests provided by Munshad Mohammad on KodeKloud. You should know the architecture how it is deployed what all its dependents, where they have deployed with what endpoints, what names used. Check the service 'name' defined and referring service should match and also check the services 'Endpoints' are correctly defined and in referenceing used correctly. k -n dev-ns get all Better to check that t...

Hey Guys, Welcome to "DevOps Hunter" blog! In this post I would like to share my learnings at different times collected that is about Kubernetes commands and their applied tricks and tips. Initially I've collected few kubectl related alias command tricks Play with the etcd database and then backup and recovery short-cuts Finally worked on the Kubernetes command tools kubectx, kubens for easy switching in CLI. Come on! let's explore about the API resources which we might be frequently use when we prepare the YAML files for each Kubernetes Objects. kubectl api-resources We can get sometime the API version mismatch due to change in API version. This can be examine what is new in the current version How do you identify the certificate file used to authenticate 'apiserver'? cat /etc/kubernetes/manifests/kube-apiserver.yaml|grep tls-cert - --tls-cert-file=/etc/kubernetes/pki/apiserver.crt The tls-cert-file will be Kubernetes apiserver ceri...

  Delegation to a host Here is an example where we can delegate the task to a particular host. This play book is using inventory_hostname from the gather facts. - name: Delegation to localhost hosts: all tasks: - name: create a file on target server file: path: /tmp/i_m_on_target_server.txt state: touch - name: create a file with host named file by delegation to localhost file: state: touch path: "/tmp/{{ inventory_hostname }}.txt" delegate_to: localhost connection paramer We can use this "connection" parameter add to your task level or play level. # Filename: connection_local.yml # To do some task on ansible server # local means without doing ssh command (no need of password and no need of ssh keys) # with the local connection parameter for the play --- - name: This is to determine how the connection parameter works with local hosts: app connection: local gather_facts: false tasks: - name: connecti...