DevOps : Jenkins Installation and Setup


Download Jenkins1

What is Jenkins ? 

Jenkins is a software that allows continuous integration. Jenkins will be installed on a server where the central build will take place.

What is continuous integration  ?

Continuous Integration is a development practice that requires developers to integrate code into a shared repository at regular intervals. This concept was meant to remove the problem of finding later occurrence of issues in the build lifecycle. 

Continuous integration requires the developers to have frequent builds. The common practice is that whenever a code commit occurs, a build should be triggered.

Below steps will explain how to install and configure Jenkins with Git plugin. 


Prerequisite:

Step 1: Download the JDK from Oracle

https://www.oracle.com/technetwork/java/javase/downloads/index.html
Download 32 bit it 64 based on your OS platform.


Step 2: Install Java on Windows

Create a directory and install the java under that. ( Here I showed as _jdk10 under c: )


















Step 3: Set up JAVA_HOME on Windows



Step 4: Configure the Java path setting


Step 5: Verify the JDK installation

After the JDK is installed on Windows, the JAVA_HOME setup is complete, and you've configured the Java path setting.

The last thing you need to do is verify the Java 10  / 11 installation actually works. To do so, simply open up a command prompt, and enter the following command:

>java.exe –version



If you followed these steps, you have successfully installed the JDK and configured the JAVA_HOME variable and the Java path setting on Windows.


STEP 6: Download  Jenkins WAR file

To begin this step by step Jenkins tutorial, you must first download the product binaries.

https://jenkins.io/download/

The best way for beginners to learn Jenkins is to choose the Generic Java package (.war) option. This option downloads a single file named jenkins.war, which is run on the command line.


Step 7: Download Tomcat

Browse to the link https://tomcat.apache.org/download-90.cgi to get the download for tomcat.





















Step 8: Jenkins and Tomcat Setup

Copy the Jenkis.war file which was downloaded from the previous section and copy it to the webapps folder in the tomcat folder.

Now open the command prompt. From the command prompt, browse to the directory where the tomcat9 folder located. Browse to the bin directory in this folder and run the start.bat file

>C:\Apps\apache-tomcat-9.0.14\bin>startup.bat

Once the processing is complete without major errors, the following line will come in the output of the command prompt.

INFO: Server startup in 1302 ms

Open the browser and go to the link − http://localhost:8080/jenkins. Jenkins will be up and running on tomcat.
















Step 9 : SETUP GIT 

In your Jenkins Dashboard (Home screen), click the Manage Jenkins option on the left hand side.




















In the next screen, click the Available tab. This tab will give a list of plugins which are available for downloading. In the ‘Filter’ tab type ‘Git plugin’


The list will then be filtered. Check the Git Plugin option and click on the button ‘Install without restart’. 

Step 10 : Restart Jenkins 

Once all installations are complete, restart Jenkins by issue the following command in the browser. http://localhost:8080/jenkins/restart

After Jenkins is restarted, Git will be available as an option whilst configuring jobs. To verify, click on New Item in the menu options for Jenkins.
Then enter a name for a job, in the following case, the name entered is ‘Demo’.

Select ‘Freestyle project’ as the item type. Click the Ok button.



In the next screen, if you browse to the Source code Management section, you will now see ‘Git’ as an option.




Now we have successfully configured Jenkins with Git. 


Shellshock bug – vulnerability on Bash shell: How to fix ?



Shellshock bug – vulnerability on Bash shell: How to fix ?


On September 24, 2014, a GNU Bash vulnerability, referred to as Shellshock or the "Bash Bug", was disclosed. In short, the vulnerability allows remote attackers to execute arbitrary code given certain conditions, by passing strings of code following environment variable assignments. Because of Bash's ubiquitous status amongst Linux, BSD, and Mac OS X distributions, many computers are vulnerable to Shellshock; all unpatched Bash versions between 1.14 through 4.3 (i.e. all releases until now) are at risk.


Examples of exploitable systems include the following:

    Apache HTTP Servers that use CGI scripts (via mod_cgi and mod_cgid) that are written in Bash or launch to Bash subshells
    Certain DHCP clients
    OpenSSH servers that use the ForceCommand capability
    Various network-exposed services that use Bash


How to check the vulnerability ?


Run the below command and check

env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"


If Vulnerability exists you will get below output

[root@serverA ~]# env x='() { :;}; echo vulnerable' bash -c "echo Bash  test"
Bash is vulnerable
Bash test
[root@serverA ~]#



How to fix vulnerable?

 

Ubuntu/Debian : apt-get

#sudo apt-get update && sudo apt-get install --only-upgrade bash

CentOS / Red Hat / Fedora : YUM


#sudo yum update bash




Be sure to update all of your affected servers to the latest version of Bash! Also, be sure to keep your servers up to date with the latest security updates!



Cheers !!!

Install Redhat Linux 5/6 on iSCSI SAN Boot : How to ??


Software iSCSI:

For a software initiator to implement a SAN boot device, you can have the root device on an iSCSI LUN, and you can use any of the following options to load the kernel:
 1.A host’s locally attached disk (for storing kernel and initrd images)
 2.A Preboot Execution Environment (PXE) Server

Hardware iSCSI:

If the SAN boot LUN uses an iSCSI HBA, then, because the protocol stack runs on the HBA, it is ready to communicate with the storage system and discover a LUN when it starts up.
You can have both the boot device and root device on an iSCSI LUN.

 Install RHEL 5/6 in software iSCSI SAN boot:


Steps :

1.When you initiate the installation, specify the Boot Option as linux mpath and press Enter.

2.Continue with the installation until you reach the storage configuration page. Click Advanced storage configuration.

3.Select Add iSCSI target and click Add drive.

4.Enter the Target IP address and the iSCSI initiator name.
Note: You should ensure that you associate this IQN with the correct privileges on the storage controller.

5.On the storage controller, create an igroup with the initiator name that you provided in Step 4.

6.Create a LUN on the storage system on which you intend to create root partition, and map it to the igroup.

7.Return to the host screen.

8.Click Add Target in the Configure iSCSI Parameters window.

When you add the target, the target portal is discovered.

Note: You should ensure that multiple target portals are discovered, because the Red Hat 
.installer does not identify the iSCSI device as a multipathed device unless it has more than one path.

9.To discover more target portals, repeat Step 2 through Step 8.

You should now see a multipathed iSCSI device listed in the drives section.
Note: If the iSCSI multipathed device is not listed, you should check the configuration.

10.Select a partitioning layout as Create custom layout and Click Next.

You can now proceed with the installation process and enter choices until you reach the Installation Summary page.

11.At the storage devices selection screen, select the iSCSI multipathed device from the list of allowable drives where you want to install the root file system.

12.Create the root file system on the selected device and select the mount point as /.

13.Create a SWAP partition.

Note: You can create a SWAP partition on the same LUN that contains the root partition or on a different LUN.
If you are using the software suspend functionality, you should ensure that the SWAP partition is on a local disk.

14.Create the /boot partition.
You can create a /boot partition on a locally attached disk or use a PXE server to load the kernel boot image.

15.Click Next and follow the installation prompts to complete the installation.



Install RHEL 5/6 on Hardware iSCSI SAN boot:

Steps

1.Create a LUN on the storage system and map it to the host. This will be the SAN boot LUN.

You should ensure that the SAN boot LUN is mapped, and multiple paths to the SAN boot LUN are available on the host. You should also ensure that the SAN boot LUN is visible to the host during the boot process.

2.Set the Initiator IP Settings and Initiator iSCSI Name in Host Adapter Settings.

3.Set the Primary and Alternate Target IP and iSCSI Name and Adapter Boot Mode to Manual in iSCSI Boot Settings.
For information, see your HBA vendor-specific documentation.

4.After making changes to the HBA BIOS, save and exit.
Reboot the host.

5. Install the operating system on the boot LUN and follow the installation prompts to complete the installation.

Note: You should specify Boot Option as linux mpath during the operating system installation. When you

Linux Interview Questions - PORT Related: PART 7



PORT Related interview questions in Linux:

1. What is a port?
A port is piece of software which is used as docking point in your machine, where remote application can communicate. This is analogy to the physical ports for entering in to a country from different sea ports.

2. What is hardware port?
This is physical peripheral connection point to a machine from a physical device.

3. What is a socket?
Socket is combination of software Port+IP address.

A socket is just a logical endpoint for communication. They exist on the transport layer. You can send and receive things on a socket, you can bind and listen to a socket. 
A socket is specific to a protocol, machine, and port, and is addressed as such in the header of a packet.

4. What is the range of ports or how many ports are there?
Port numbers can vary from 0 to 65535, so total we can get 65536 ports

5. Why port numbers are just 65536?
This is because limitation in TCP/IP stack where the port number field is just 16bit size. So we get only 2^16 ports which are equal to 65536 available ports

6.What are the well-known ports or assigned ports or default ports?
Well known ports are from 0 to 1023(total 2^10=1024 ports)

7.What do you mean by default port?
Default port is a designated port for particular well-known server.

8.Can we change default port for a service(example Apache, squid)?
Yes, we can change. In most apache and DNS we can change this using listen configuration entry in httpd.conf and . Squid have port entry in its squid.conf file to mention port number.

9.What are the protocol numbers for TCP and UDP?
Do not confuse this one with port numbers. TCP and UDP have their own numbers in TCP/IP stack.
TCP protocol number:6
UDP protocol number:17

10. Is there any way I can see all the port information in Linux?
Yes, you can get that from /etc/services files.

11. How can I see open ports in Linux?
use nmap , lsof or netstat commands.

Ex: #lsof -i
Ex: #netstat -tulpn
Ex: #nmap -sT -O localhost

12.Which port is used by Ping command?

The answer is none. No ports required for Ping as it uses icmp packets 

It needs to allow icmp 'echo-request' (type 8) packets out and icmp 'echo-reply' (type 0) packets in.  

Ping Use ICMP to comminicate and ICMP is a protocol not a service. Hence it does not use a specific port 

FLOW :
ICMP Echo Request
|
Type (8) Code (0)

Checksum

Identification

Sequence
 |
Test Data 




Ports and corresponding port numbers:


20 – FTP Data (For transferring FTP data)

21 – FTP Control (For starting FTP connection)

22 – SSH(For secure remote administration which uses SSL to encrypt the transmission)

23 – Telnet (For insecure remote administration

25 – SMTP(Mail Transfer Agent for e-mail server such as SEND mail)

53 – DNS(Special service which uses both TCP and UDP)

67 – Bootp

68 – DHCP

69 – TFTP(Trivial file transfer protocol uses udp protocol for connection less transmission 
of data)

80 – HTTP/WWW(apache)

88 – Kerberos

110 – POP3(Mail delivery Agent)

123 – NTP(Network time protocol used for time syncing uses UDP protocol)

137 – NetBIOS(nmbd)

138 - NetBIOS 


139 – SMB-Samba(smbd)

143 – IMAP

161 – SNMP(For network monitoring)

162-SNMP Trap

 389 – LDAP(For centralized administration)

443 – HTTPS(HTTP+SSL for secure web access)

514 – Syslogd(udp port)

636 – ldaps(both tcp and udp)

873 – rsync



VMware VCP-5 Exam Latest dumps - VCP5.1 and VCP5.5 Dumps


VMware VCP Exam Latest dumps - VCP5.1 and VCP5.5 Dumps


I have done VCP 5 exam using the below dumps only. Both are valid and verified. Please download and use it.


VCP 5.5 - DUMPS -Download click here

VCP-5.1 - DUMPS -Download click here


File Encryption using GPG in Linux: How to ??


File Encryption using GPG in Linux:

GPG is an encryption and signing tool for Linux/UNIX like operating system. With GPG you can encrypt and decrypt files with a password. Basically gpg uses a pair of keys, public key and private key. Data encrypted with one key can only be decrypted with the other. You can use gpg to provide digital encryption and signing services using the OpenPGP standard.

gpg may be run as stand alone without any commands, in which case it will perform a reasonable action depending on the type of file it is given as input.

Possible inputs are as follows.

1. Encrypted message is decrypted
2. Signature is verified
3. File containing keys is listed


Command to encrypt a file

#gpg -c sample

Above command will create a encrypted sample.gpg file. The -c option will encrypt with symmetric cipher. Make sure to remember your passphrase, if you forgot it then you cannot recover the data as it uses a very strong encryption. 


Let us now see few examples of encryption and decryption with gpg command.

1.Key Generation

#gpg --gen-key
gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)

 Select default (1) and press enter.
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)

 Use the default here and press enter.

Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years

 Use the default option
Key does not expire at all
Is this correct? (y/N)

 Enter “y” and press enter.
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
“Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>”

Real name:

 Type a name here. For example I used here “sam”. Remember the name you use..

Then enter your email address and comment.
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?

 Press O and then Enter.
Enter passphrase:


2. Encryption of file

Syntax for encryption is

#gpg -e -r

Let us now encrypt a file named chumma.txt with above generated key “india”. 

#gpg -e -r india /home/mades/chumma.txt

Above command will generate chumma.txt.gpg file.

3.Decryption of File

Syntax for decryption is

#gpg --output --decrypt

##gpg -d sample.gpg


If you want to decrypt the file and send output to a new file name instead of standard output. You can do this as follow.

#gpg -o chumma -d chumma.gpg



Blogger Tips and TricksLatest Tips And TricksBlogger Tricks