Deprecated: __autoload() is deprecated, use spl_autoload_register() instead in /home/glistens/public_html/wp-includes/compat.php on line 502

Warning: Cannot modify header information - headers already sent by (output started at /home/glistens/public_html/wp-includes/compat.php:502) in /home/glistens/public_html/wp-includes/feed-rss2.php on line 8
https://www.glistensoft.com Thu, 09 Nov 2023 14:23:39 +0000 en-US hourly 1 https://wordpress.org/?v=4.7.28 https://www.glistensoft.com/wp-content/uploads/2016/06/favicon.png https://www.glistensoft.com 32 32 Introduction to Cloud-Computing and DevOps at CDAC (13th September 2020) https://www.glistensoft.com/2020/09/13/introduction-to-cloud-computing-and-devops-at-cdac-13th-september-2020/ https://www.glistensoft.com/2020/09/13/introduction-to-cloud-computing-and-devops-at-cdac-13th-september-2020/#respond Sun, 13 Sep 2020 12:13:01 +0000 http://www.glistensoft.com/?p=220 It was pleasure to introduce Cloud-Computing and DevOps to 100+ CDAC students and faculty today.

Following are the presentations used during the session:

https://www.glistensoft.com/GlistenPresentation-CloudComputing-20200913.pdf

https://www.glistensoft.com/GlistenPresentation-DevOps-20200913.pdf

YouTube Video on the presentation:

]]>
https://www.glistensoft.com/2020/09/13/introduction-to-cloud-computing-and-devops-at-cdac-13th-september-2020/feed/ 0
Kubernetes challenges in Enterprise Environment https://www.glistensoft.com/2018/05/17/kubernetes-in-enterprise-environment/ https://www.glistensoft.com/2018/05/17/kubernetes-in-enterprise-environment/#respond Thu, 17 May 2018 07:11:33 +0000 http://www.glistensoft.com/?p=192

 

As the architecture of applications become more and more complex, it becomes difficult to implement it in Enterprise environments. Recently, was working on setting up Kubernetes cluster in an Enterprise environment and some of challenges were encountered there which I believe will appear in all Enterprise environments. They can be listed as follows along with some resolution:

  • HTTP proxy to control internet traffic

Proxy server adds to the complexity of how different Docker and Kubernetes services communicate with the outside world.

Docker requires separate configuration for HTTP proxy to communicate –

https://docs.docker.com/network/proxy/#use-environment-variables

https://docs.docker.com/config/daemon/systemd/#httphttps-proxy

Kubernetes services like apiserver, controller and scheduler also need to be configured with no_proxy environment variable for the internal network to bypass communicating via proxy.

https://github.com/kubernetes/kubeadm/issues/324

Typical errors that you will see in system logs because of proxy communication are:

{“log”:”E0329 17:47:54.136036       1 leaderelection.go:224] error retrieving resource lock kube-system/kube-controller-manager: Get https://10.0.0.7:6443/api/v1/namespaces/kube-system/endpoints/kube-controller-manager: Gateway Timeout\n”,”stream”:”stderr”,”time”:”2018-03-29T17:47:54.136283562Z”}

 

  • Few of the standard implementations do not behave as expected

We initially configured Kubernetes cluster with Flannel in both local and Enterprise environment, but client wanted to use Weave networking. So in our local environment without proxy, we were able to setup weave network but when we implemented the same in Enterprise somehow DNS service was getting enabled. Default DNS pod was unable to communicate to apiserver’s service network of 10.90.x.x. It always timed out. This added to the instability in pod communication.

There might be a solution for weave, but in one week of troubleshoot, we were not able to figure out the solution, so switched back to flannel networking.

  • Custom Enterprise configurations

In Enterprise environment, some of the security tuning is already enabled which causes issues during deployment of the Cluster. For example, IPv6 was already disabled on servers during Enterprise environment configuration of the servers, But kubeadm deployment expects IPv6 is already enabled and it tries to disable it. If it is already disabled, then the deployment fails.

Another condition was with appArmor to be disabled. During some installations, AppArmor is enabled by default and it adds to issue of docker service unable to function properly.

  • Firewall tuning and port communications

Due to complexity of architecture and a lot of diverse services involved, significant amount of ports need to be opened for internal service communication. Keeping a list, tracking these ports of communication, and being able to troubleshoot is always a challenge.

]]>
https://www.glistensoft.com/2018/05/17/kubernetes-in-enterprise-environment/feed/ 0
IPMI SOL access configuration for Ubuntu OS https://www.glistensoft.com/2017/01/05/ipmi-sol-access-configuration-for-ubuntu-os/ https://www.glistensoft.com/2017/01/05/ipmi-sol-access-configuration-for-ubuntu-os/#comments Thu, 05 Jan 2017 11:59:26 +0000 http://www.glistensoft.com/?p=132
  • BIOS accessibility via ipmitool:
  • Baud-rate speed used for SOL access is Volatile Bit Rate (kbps). It requires serial communication redirection to be enabled in BIOS. Serial communication speed should match Baud-rate speed.

    • Serial console access:

    Configuring the console login process

    • Identify the serial port for the BMC from dmesg:

     $ dmesg |grep tty

     [    0.000000] console [tty0] enabled

     [    1.073325] serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A

     [    1.094732] 00:03: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A

     [    1.115064] 0000:00:16.3: ttyS1 at I/O 0x9080 (irq = 17) is a 16550A

    ttyS1 is for the BMC.

    • Create a file called /etc/init/ttyS1.conf containing the following:

      # ttyS1 – getty

      #

      #This service maintains a getty on ttyS1 from the point the system is

      # started until it is shut down again.

      start on stopped rc or RUNLEVEL=[2345]

      stop on runlevel [!2345]

      respawn

      exec /sbin/getty -L 57600 ttyS1 vt102

    • Ask upstart to start the getty

    $ sudo start ttyS1

    • Restart init

     $ sudo /sbin/telinit q

     

    1. Check: On another system that supports IPMI v2, run

      # ipmitool -I lanplus -H <System’s BMC IP address> -U <userid> -P <password> sol activate

    This should enable see login prompt and being able to login using a system user.

    • Configuring grub for bootup process to be visible:
    1. Edit /etc/default/grub

      # If you change this file, run ‘update-grub’ afterwards to update

      # /boot/grub/grub.cfg.

      GRUB_DEFAULT=0

      GRUB_TIMEOUT=1

      GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`

      GRUB_CMDLINE_LINUX=”console=tty0 console=ttyS1,57600n8″

     # Uncomment to disable graphical terminal (grub-pc only). Unit number indicates serial communication port. COM1 – 0, COM2 – 1, COM3 – 2, etc

      GRUB_TERMINAL=”serial console“

      GRUB_SERIAL_COMMAND=”serial –speed=57600 –unit=1 –word=8 –parity=no –stop=1″

      # The resolution used on graphical terminal

      # note that you can use only modes which your graphic card supports via VBE

      # you can see them in real GRUB with the command `vbeinfo’

      #GRUB_GFXMODE=640×480

      # Uncomment if you don’t want GRUB to pass “root=UUID=xxx” parameter to Linux

      #GRUB_DISABLE_LINUX_UUID=true

    Note: Comment GRUB_HIDDEN_TIMEOUT=0 and GRUB_HIDDEN_TIMEOUT_QUIET=true if they are in the original grub.cfg.

    Additionally, if OS is installed via MAAS then above settings need to be configured in file /etc/default/grub.d/50-curtin-settings.cfg .

    1. update grub

    # update-grub

    • Finally, following are useful ipmitool commands to manage the IPMI SOL interface:
    • IPMI SOL interface access via command –

    # ipmitool -I lanplus -H <IPMI-IP> -U <username> -P <password> -C3 sol activate

    • Stop IPMI SOL interface access via command –

    # ipmitool -I lanplus -H <IPMI-IP> -U <username> -P <password> -C3 sol deactivate

    • Check IPMI SOL configuration –

    # ipmitool -I lanplus -H <IPMI-IP> -U <username> -P <password> -C3 sol info 1

    • Configure IPMI SOL configuration parameters –

    # ipmitool -I lanplus -H <IPMI-IP> -U <username> -P <password> -C3 sol set volatile-bit-rate <value>

    ]]>
    https://www.glistensoft.com/2017/01/05/ipmi-sol-access-configuration-for-ubuntu-os/feed/ 2