Docker – ubuntu

Docker

ubuntu only

jjest@donkey:~$ sudo snap install docker
docker 18.06.1-ce from Canonical✓ installed

search for pre-built images

jjest@donkey:~$ sudo docker search mariadb
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
mariadb MariaDB is a community-developed fork of MyS… 3049 [OK]

get image

jjest@donkey:~$ sudo docker pull mysql
Using default tag: latest
latest: Pulling from library/mariadb
22e816666fd6: Pull complete
079b6d2a1e53: Pull complete
11048ebae908: Pull complete
c58094023a2e: Pull complete
1e8f13102fa0: Pull complete

Status: Downloaded newer image for mariadb:latest

jjest@donkey:~$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mariadb latest a9e108e8ee8a 7 days ago 356MB

Save an image w/ modifications

jjest@donkey:~$ sudo docker save ubuntu > ubuntu-rev.tar

jjest@donkey:~$ sudo docker import ubuntu-rev1.tar
sha256:252ee581e4c37dc130f62650c7d8cb7dc5e316b82c74d9b573a9b4b4a35bf4d6

jjest@donkey:~$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> 252ee581e4c3 12 seconds ago 66.6MB
mariadb latest a9e108e8ee8a 7 days ago 356MB
ubuntu latest cf0f3ca922e0 7 days ago 64.2MB
mysql latest c8ee894bd2bd 8 days ago 456MB

jjest@donkey:~$ sudo docker tag 252ee581e4c3 ubuntu:rev1

jjest@donkey:~$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ubuntu rev1 252ee581e4c3 4 minutes ago 66.6MB
mariadb latest a9e108e8ee8a 7 days ago 356MB
ubuntu latest cf0f3ca922e0 7 days ago 64.2MB
mysql latest c8ee894bd2bd 8 days ago 456MB

create container

jest@donkey:~$ sudo docker create ubuntu
2ba60346ba6a643bb8b1d4dc510ac119590a4596ef5f5e254ff5c2c07f45e82a
jjest@donkey:~$ sudo docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2ba60346ba6a ubuntu “/bin/bash” 2 seconds ago Created frosty_aryabhata
186da96f2df2 ubuntu “/bin/bash” About a minute ago Created pedantic_brahmagupta
52f9d832fd0f ubuntu “/bin/bash” About an hour ago Exited (0) About an hour ago vibrant_bohr
80f26b4938df mysql “docker-entrypoint.s…” About an hour ago Exited (1) About an hour ago adoring_perlman
e4ce7ab183c5 mysql “docker-entrypoint.s…” About an hour ago Exited (1) About an hour ago eager_heyrovsky
40ecb1787e8d mysql “docker-entrypoint.s…” About an hour ago Exited (1) About an hour ago determined_mcnulty
….

jjest@donkey:~$ sudo docker ps -a -f status=running
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b755d3157f4b mysql “docker-entrypoint.s…” 2 hours ago Up 2 hours 3306/tcp, 33060/tcp mariadb

jjest@donkey:~$ sudo docker history mysql
IMAGE CREATED CREATED BY SIZE COMMENT
c8ee894bd2bd 8 days ago /bin/sh -c #(nop) CMD [“mysqld”] 0B
8 days ago /bin/sh -c #(nop) EXPOSE 3306 33060 0B
8 days ago /bin/sh -c #(nop) ENTRYPOINT [“docker-entry… 0B
8 days ago /bin/sh -c ln -s usr/local/bin/docker-entryp… 34B
8 days ago /bin/sh -c #(nop) COPY file:b3081195cff78c47… 12.7kB
….

Starting/Stopping containers

jjest@donkey:~$ sudo docker start b755d3157f4b
b755d3157f4b
jjest@donkey:~$ sudo docker container list
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b755d3157f4b mysql “docker-entrypoint.s…” 2 hours ago Up 3 seconds 3306/tcp, 33060/tcp mariadb
jjest@donkey:~$ sudo docker stop b755d3157f4b
b755d3157f4b
jjest@donkey:~$ sudo docker container list
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

Kubernetes (microk8 – single node) https://microk8s.io/
tutorial: https://tutorials.ubuntu.com/tutorial/install-a-local-kubernetes-with-microk8s#0

jjest@donkey:~$ sudo snap install microk8s –classic
microk8s v1.16.2 from Canonical✓ installed

jjest@donkey:~$ sudo microk8s.status
microk8s is running
addons:
cilium: disabled
dashboard: disabled
dns: disabled
fluentd: disabled
gpu: disabled
helm: disabled
ingress: disabled
istio: disabled
jaeger: disabled
knative: disabled
linkerd: disabled
metrics-server: disabled
prometheus: disabled
rbac: disabled
registry: disabled
storage: disabled

jjest@donkey:~$ sudo microk8s.kubectl get nodes
NAME STATUS ROLES AGE VERSION
donkey Ready 2m39s v1.16.2

Always enable

jjest@donkey:~$ sudo microk8s.enable dashboard dns
Applying manifest
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
service/monitoring-grafana created
service/monitoring-influxdb created
service/heapster created
deployment.apps/monitoring-influxdb-grafana-v4 created
serviceaccount/heapster created
clusterrolebinding.rbac.authorization.k8s.io/heapster created
configmap/heapster-config created
configmap/eventer-config created
deployment.apps/heapster-v1.5.2 created

If RBAC is not enabled access the dashboard using the default token retrieved with:

token=$(microk8s.kubectl -n kube-system get secret | grep default-token | cut -d ” ” -f1)
microk8s.kubectl -n kube-system describe secret $token

In an RBAC enabled setup (microk8s.enable RBAC) you need to create a user with restricted
permissions as shown in:
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md

Enabling DNS
Applying manifest
serviceaccount/coredns created
configmap/coredns created
deployment.apps/coredns created
service/kube-dns created
clusterrole.rbac.authorization.k8s.io/coredns created
clusterrolebinding.rbac.authorization.k8s.io/coredns created
Restarting kubelet
DNS is enabled

jjest@donkey:~$ sudo microk8s.kubectl get all –all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system pod/coredns-9b8997588-6q722 1/1 Running 1 85s
kube-system pod/dashboard-metrics-scraper-566cddb686-x8hlv 1/1 Running 0 87s
kube-system pod/heapster-v1.5.2-5c58f64f8b-xj4z2 4/4 Running 2 86s
kube-system pod/kubernetes-dashboard-678b7d865c-2bhvx 1/1 Running 0 87s
kube-system pod/monitoring-influxdb-grafana-v4-6d599df6bf-mdqqv 2/2 Running 1 87s

NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default service/kubernetes ClusterIP 10.152.183.1 443/TCP 8m39s
kube-system service/dashboard-metrics-scraper ClusterIP 10.152.183.46 8000/TCP 87s
kube-system service/heapster ClusterIP 10.152.183.27 80/TCP 87s
kube-system service/kube-dns ClusterIP 10.152.183.10 53/UDP,53/TCP,9153/TCP 85s
kube-system service/kubernetes-dashboard ClusterIP 10.152.183.113 443/TCP 87s
kube-system service/monitoring-grafana ClusterIP 10.152.183.129 80/TCP 87s
kube-system service/monitoring-influxdb ClusterIP 10.152.183.159 8083/TCP,8086/TCP 87s

NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE
kube-system deployment.apps/coredns 1/1 1 1 85s
kube-system deployment.apps/dashboard-metrics-scraper 1/1 1 1 87s
kube-system deployment.apps/heapster-v1.5.2 1/1 1 1 86s
kube-system deployment.apps/kubernetes-dashboard 1/1 1 1 87s
kube-system deployment.apps/monitoring-influxdb-grafana-v4 1/1 1 1 87s

NAMESPACE NAME DESIRED CURRENT READY AGE
kube-system replicaset.apps/coredns-9b8997588 1 1 1 85s
kube-system replicaset.apps/dashboard-metrics-scraper-566cddb686 1 1 1 87s
kube-system replicaset.apps/heapster-v1.5.2-5c58f64f8b 1 1 1 86s
kube-system replicaset.apps/kubernetes-dashboard-678b7d865c 1 1 1 87s
kube-system replicaset.apps/monitoring-influxdb-grafana-v4-6d599df6bf 1 1 1 87s

https://docs.docker.com/engine/reference/commandline/save/

install unifi network controller (software)

jjest@donkey:/data/software$ sudo apt update –allow-releaseinfo-change

jjest@donkey:/data/software$ apt list –upgradable
Listing… Done
libldap-2.4-2/bionic-updates 2.4.45+dfsg-1ubuntu1.4 amd64 [upgradable from: 2.4.45+dfsg-1ubuntu1.3]
libldap-common/bionic-updates,bionic-updates 2.4.45+dfsg-1ubuntu1.4 all [upgradable from: 2.4.45+dfsg-1ubuntu1.3]

jest@donkey:/data/software$ sudo apt install unifi
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following additional packages will be installed:
ca-certificates-java java-common jsvc libcommons-daemon-java mongodb-org-server openjdk-8-jre-headless
Suggested packages:
default-jre java-virtual-machine fonts-dejavu-extra fonts-ipafont-gothic fonts-ipafont-mincho fonts-wqy-microhei fonts-wqy-zenhei
The following NEW packages will be installed:
ca-certificates-java java-common jsvc libcommons-daemon-java mongodb-org-server openjdk-8-jre-headless unifi
0 upgraded, 7 newly installed, 0 to remove and 2 not upgraded.
Need to get 123 MB of archives.
After this operation, 284 MB of additional disk space will be used.
Do you want to continue? [Y/n] y

root@donkey:~# service unifi status
● unifi.service – unifi
Loaded: loaded (/lib/systemd/system/unifi.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2019-08-28 15:41:38 PDT; 2min 49s ago
Main PID: 21994 (jsvc)
Tasks: 127 (limit: 4915)
CGroup: /system.slice/unifi.service
├─21994 unifi -cwd /usr/lib/unifi -home /usr/lib/jvm/java-8-openjdk-amd64 -cp /usr/share/java/commons-daemon.jar:/usr/lib/unifi/lib/ace.jar -pid
├─21995 unifi -cwd /usr/lib/unifi -home /usr/lib/jvm/java-8-openjdk-amd64 -cp /usr/share/java/commons-daemon.jar:/usr/lib/unifi/lib/ace.jar -pid
├─21996 unifi -cwd /usr/lib/unifi -home /usr/lib/jvm/java-8-openjdk-amd64 -cp /usr/share/java/commons-daemon.jar:/usr/lib/unifi/lib/ace.jar -pid
├─22018 /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java -Dfile.encoding=UTF-8 -Djava.awt.headless=true -Dapple.awt.UIElement=true -Xmx1024M -XX:+
└─22708 bin/mongod –dbpath /usr/lib/unifi/data/db –port 27117 –unixSocketPrefix /usr/lib/unifi/run –logappend –logpath /usr/lib/unifi/logs/

Aug 28 15:41:35 donkey systemd[1]: Starting unifi…
Aug 28 15:41:35 donkey unifi.init[21936]: * Starting Ubiquiti UniFi Controller unifi
Aug 28 15:41:38 donkey unifi.init[21936]: …done.
Aug 28 15:41:38 donkey systemd[1]: Started unifi.

root@donkey:/data/software# netstat -ntla | grep 8843
tcp6 0 0 :::8843 :::* LISTEN

https://192.168.0.105:8443/manage/wizard/

Ref: https://help.ubnt.com/hc/en-us/articles/220066768-UniFi-How-to-Install-and-Update-via-APT-on-Debian-or-Ubuntu#STEPS

Cyberpower – power panel

root@donkey:/data/software# dpkg -i powerpanel_132_amd64.deb

root@donkey:/data/software# pwrstat -status -test

The UPS information shows as following:

Properties:
    Model Name................... CP1000PFCLCD
    Firmware Number.............. 000000000000
    Rating Voltage............... 120 V
    Rating Power................. 600 Watt

Current UPS status:
    State........................ Normal
    Power Supply by.............. Utility Power
    Utility Voltage.............. 122 V
    Output Voltage............... 122 V
    Battery Capacity............. 100 %
    Remaining Runtime............ 36 min.
    Load......................... 102 Watt(17 %)
    Line Interaction............. None
    Test Result.................. Unknown
    Last Power Event............. None

root@donkey:/data/software# pwrstat -config

Daemon Configuration:

Alarm ………………………………………. On
Hibernate …………………………………… Off

Action for Power Failure:

Delay time since Power failure ............. 60 sec.
Run script command ......................... On
Path of script command ..................... /etc/pwrstatd-powerfail.sh
Duration of command running ................ 0 sec.
Enable shutdown system ..................... On

Action for Battery Low:

Remaining runtime threshold ................ 300 sec.
Battery capacity threshold ................. 35 %.
Run script command ......................... On
Path of command ............................ /etc/pwrstatd-lowbatt.sh
Duration of command running ................ 0 sec.
Enable shutdown system ..................... On


root@donkey:/data/software# pwrstat -config

Daemon Configuration:

Alarm ………………………………………. On
Hibernate …………………………………… Off

Action for Power Failure:

Delay time since Power failure ............. 60 sec.
Run script command ......................... On
Path of script command ..................... /etc/pwrstatd-powerfail.sh
Duration of command running ................ 0 sec.
Enable shutdown system ..................... On

Action for Battery Low:

Remaining runtime threshold ................ 300 sec.
Battery capacity threshold ................. 35 %.
Run script command ......................... On
Path of command ............................ /etc/pwrstatd-lowbatt.sh
Duration of command running ................ 0 sec.
Enable shutdown system ..................... On

root@donkey:/data/software# cat /etc/pwrstatd-powerfail.sh

!/bin/sh

echo “Warning: Utility power failure has occurred for a while, system will be shutdown soon!” | wall

export RECEIPT_NAME
export RECEIPT_ADDRESS
export SENDER_ADDRESS

#

If you want to receive event notification by e-mail, you must change ‘ENABLE_EMAIL’ item to ‘yes’.

Note: After change ‘ENABLE_EMAIL’ item, you must asign ‘RECEIPT_NAME’, ‘RECEIPT_ADDRESS’, and

‘SENDER_ADDRESS’ three items as below for the correct information.

#

Enable to send e-mail

ENABLE_EMAIL=yes

Change your name at this itme.

RECEIPT_NAME=”Jeremiah Jester”

Change mail receiver address at this itme.

RECEIPT_ADDRESS=jeremiahjester@gmail.com

Change mail sender address at this itme.

SENDER_ADDRESS=root@donkey.duckdns.org

Execute the ‘pwrstatd-email.sh’ shell script

if [ $ENABLE_EMAIL = yes ]; then
/etc/pwrstatd-email.sh
fi


Plex Media Scanner cmd line Error & fix

Error:

jjest@donkey:~$ sudo /usr/lib/plexmediaserver/Plex\ Media\ Scanner –list
/usr/lib/plexmediaserver/Plex Media Scanner: error while loading shared libraries: libboost_atomic.so.1.59.0: cannot open shared object file: No such file or directory

Resolution:

root@donkey:~# LD_LIBRARY_PATH=/usr/lib/plexmediaserver
You have new mail in /var/mail/root
root@donkey:~# PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR=”/var/lib/plexmediaserver/Library/Application Support”
root@donkey:~# export LD_LIBRARY_PATH=/usr/lib/plexmediaserver
root@donkey:~# export PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR=”/var/lib/plexmediaserver/Library/Application Support”

Fixed!

Usage:

root@donkey:~# /usr/lib/plexmediaserver/Plex\ Media\ Scanner –list

3: House
1: Movies
5: Photos
2: Triplex
4: TV Shows
root@donkey:~# /usr/lib/plexmediaserver/Plex\ Media\ Scanner –progress –generate -c 2
Generated new media for Triplex Common 01 20190225103159.
Generated new media for Triplex Common 01 20190225120808.
Generated new media for Triplex Common 01 20190225121139.
Generated new media for Triplex Common 01 20190225121233.
Generated new media for Triplex Common 01 20190225122931.

check home disk usage script

# cat ./check_quotas.sh

!/bin/bash

day_max_limit=30 #int
home_dir_size_limit_bytes=1000000 #int
file_size_mb=10 #int

for host in ihop1; do
while read LINE; do
username=$(echo “$LINE” | cut -f1 -d”:”)
home_path=$(echo “$LINE” | cut -f6 -d”:” | egrep ‘(home|homes)’)
if [[ -e $home_path ]]; then
home_dir_size_bytes=$(du -s ${home_path} | cut -d ‘/’ -f 1 | tr -d [[:space:]] )
home_dir_size_mb=$(expr “$(($home_dir_size_bytes/1024))”)
if [[ “$home_dir_size_bytes” -gt “$home_dir_size_limit_bytes” ]]; then
cmd=$(find $home_path -ctime +${day_max_limit} -size +${file_size_mb}M -exec du -sh {} \;)
if [[ ! -z $cmd ]]; then
echo -e “Hi $username,\n\nYou’re home directory $home_path on $host is now ${home_dir_size_mb}M. This server is intended for temporary storage and will be purge every 30 days.\n”
#echo “” #echo $username@$host:$home_path
for file in $cmd; do
echo $file;
done
echo “”
fi
fi
fi
done < /etc/passwd
done

pvcreate error – device excluded by filter

$pvcreate /dev/sdk

error:

/dev/sdk
Wiping internal VG cache
Wiping cache of LVM-capable devices
Device /dev/sdk excluded by a filter.

Device used to be MDADM device. Need to set md_component_detection=0 (change from 1 to 0)

Retry….

Works!

$pvcreate /dev/sdk

/dev/sdk
Wiping internal VG cache
Wiping cache of LVM-capable devices
Wiping signatures on new PV /dev/sdk.
Found existing signature on /dev/sdk at offset 4096: LABEL=”backupsrv:0″ UUID=”2ef3d871-f880-29d5-8127-05923505e4dc” TYPE=”linux_raid_member” USAGE=”raid”
WARNING: linux_raid_member signature detected on /dev/sdk at offset 4096. Wipe it? [y/n]: y
Accepted input: [y]
Wiping linux_raid_member signature on /dev/sdk.
Set up physical volume for “/dev/sdk” with 9767541168 available sectors.
Zeroing start of device /dev/sdk.
Writing physical volume data to disk “/dev/sdk”.
Physical volume “/dev/sdk” successfully created.

Test SCP ciphers for improved speed

jjest@donkey:~$ for cipher in $(ssh -Q cipher localhost); do echo $cipher; scp -c “$cipher” CrashPlanSmb_6.7.2_1512021600672_5609_Linux.tgz backupsrv:~; done
3des-cbc
Unable to negotiate with 192.168.0.110 port 22: no matching cipher found. Their offer: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
lost connection
aes128-cbc
Unable to negotiate with 192.168.0.110 port 22: no matching cipher found. Their offer: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
lost connection
aes192-cbc
Unable to negotiate with 192.168.0.110 port 22: no matching cipher found. Their offer: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
lost connection
aes256-cbc
Unable to negotiate with 192.168.0.110 port 22: no matching cipher found. Their offer: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
lost connection
rijndael-cbc@lysator.liu.se
Unable to negotiate with 192.168.0.110 port 22: no matching cipher found. Their offer: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
lost connection
aes128-ctr
jjest@backupsrv’s password:
CrashPlanSmb_6.7.2_1512021600672_5609_Linux.tgz 100% 102MB 63.5MB/s 00:01
aes192-ctr
jjest@backupsrv’s password:
CrashPlanSmb_6.7.2_1512021600672_5609_Linux.tgz 100% 102MB 51.1MB/s 00:02
aes256-ctr
jjest@backupsrv’s password:
CrashPlanSmb_6.7.2_1512021600672_5609_Linux.tgz 100% 102MB 51.1MB/s 00:02
aes128-gcm@openssh.com
jjest@backupsrv’s password:
CrashPlanSmb_6.7.2_1512021600672_5609_Linux.tgz 100% 102MB 60.7MB/s 00:01
aes256-gcm@openssh.com
jjest@backupsrv’s password:
CrashPlanSmb_6.7.2_1512021600672_5609_Linux.tgz 100% 102MB 42.4MB/s 00:02
chacha20-poly1305@openssh.com
jjest@backupsrv’s password:
CrashPlanSmb_6.7.2_1512021600672_5609_Linux.tgz 100% 102MB 90.5MB/s 00:01

nagios: check_mdadm

#supports multiple mdadm arrays

root@backupsrv:~# cat /usr/local/ncpa/plugins/check_mdadm
#!/bin/bash
arrays=$(df | grep md | cut -d ‘ ‘ -f 1)
msg=””
for array in $arrays; do
state=$(sudo mdadm -D $array | grep -i “State :” | cut -d ‘:’ -f 2)
if [[ $state -ne “clean” ]]; then
msg+=”ERROR: $array is $state”
error=1
else
msg+=”OK: $array is $state”
ok=0
fi
done

echo $msg

if [[ -x $error ]]; then
exit $error
else
exit $ok
fi

root@backupsrv:~# /usr/local/ncpa/plugins/check_mdadm
OK: /dev/md127p1 is clean OK: /dev/md0p1 is clean, resyncing

nagios: check_triplex_cctv

jjest@house-nagios:~$ cat /usr/local/nagios/libexec/check_triplex_cctv
#!/bin/bash
host=$1
if [[ ! -z $host ]]; then
ssh nagios@triplex.duckdns.org “ping -c 2 $host” > /dev/null
resultant=$?
if [[ $resultant == “0” ]]; then
echo “OK – $host”
exit 0
else
echo “ERROR – $host”
exit 1
fi
else
echo “ERROR – No host value given”
exit 1
fi

Updating resolv.conf dns search

/etc/resolv.conf gets overriden by resolconf. To make domain-search to save edit interfaces file w/ dns-search

jjest@canadark:~$ cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
dns-search mcis.washington.edu amc.uwmedicine.org