Table des matières
4 billet(s) pour janvier 2026
| AWX sur K8S Kind - partage de fichier pour les blob - Execution pods | 2026/01/26 10:15 | Jean-Baptiste |
| Notes rsh rcp | 2026/01/21 18:08 | Jean-Baptiste |
| Git - Duplication d'un dépôt | 2026/01/19 10:22 | Jean-Baptiste |
| Exemple simple de conf Nagios | 2026/01/14 10:07 | Jean-Baptiste |
Autologin console avec SystemD - connexion automatique a la console
Source : https://wiki.archlinux.fr/Connexion_automatique_a_la_console
/etc/systemd/system/getty@tty1.service.d/autologin.conf
[Service] ExecStart= #ExecStart=-/sbin/agetty --autologin user -s %I 115200,38400,9600 vt102 ExecStart=-/sbin/agetty --autologin user --noclear %I 38400 linux
/etc/systemd/system/getty@tty1.service.d/autologin.conf
[Service] ExecStart= ExecStart=-/sbin/agetty --autologin jean --noclear %I $TERM
L'option Type=idle retardera l'exécution du service jusqu'à que tous les jobs (demandes de changement d'état d'unités) soient terminés. En utilisant Type=simple, le service sera démarré immédiatement, mais les messages de démarrage peuvent polluer la console. Cette option est particulièrement utile quand X se lance automatiquement.
Autre
TTY exemple de fichier service SystemD
/lib/systemd/system/getty@tty1.service
# This is getty@tty1.services override config file # for vami_login service in systemd. [Unit] Description= Description=PLOP login on TTY After=systemd-user-sessions.service plymouth-quit-wait.service After=rc-local.service systemd-update-utmp-runlevel.service vaos.service [Service] ExecStart= ExecStart=/opt/plop/plop_login > /dev/tty1 2>&1 < /dev/tty1 Environment=TERM=linux Restart=always RestartSec=0 StandardInput=tty TTYPath=/dev/tty1 TTYReset=yes TTYVHangup=yes KillMode=process IgnoreSIGPIPE=no
Notes Docker MariaDB
Voir :
Création du réseau
docker network create --subnet=172.19.0.0/16 --gateway 172.19.0.1 mynet19
Lancement du conteneur
docker run --rm --net=mynet19 --ip=172.19.0.10 -v /docker-store/var/lib/mysql/:/var/lib/mysql/ -e MYSQL_ROOT_PASSWORD=password -d mariadb --sql_mode='NO_ENGINE_SUBSTITUTION'
Exemple avec fichier de conf my.cnf
mkdir -p /docker-store/etc/mysql/conf.d cat > /docker-store/etc/mysql/conf.d/sql_mode.cnf <<EOF [mysqld] sql_mode = ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION EOF chmod -R a+rX /docker-store/etc/mysql
Lancement du conteneur
docker run --rm --net=mynet19 --ip=172.19.0.10 -v /docker-store/var/lib/mysql/:/var/lib/mysql/ -v /docker-store/etc/mysql/conf.d:/etc/mysql/conf.d:ro -e MYSQL_ROOT_PASSWORD=password -d mariadb
Adminer / PhpMyAdmin
docker run -d --rm --net=mynet19 -p 8082:80 clue/adminer
Notes Docker Cuda nvidia
Voir https://www.tensorflow.org/install/docker
Voir aussi :
Installation nvidia-docker (old)
distribution=$(. /etc/os-release;echo $ID$VERSION_ID) curl -s -L https://nvidia.github.io/nvidia-docker/gpgkey |sudo apt-key add - curl -s -L https://nvidia.github.io/nvidia-docker/$distribution/nvidia-docker.list |sudo tee /etc/apt/sources.list.d/nvidia-docker.list sudo apt-get update && sudo apt-get install -y nvidia-container-toolkit sudo systemctl restart docker
Test
docker run -it --rm --gpus all ubuntu nvidia-smi nvidia-docker run --rm hello-world
Install de CUDA Docker sous Debian avec les paquets .deb
Install nvidia drivers and cuda
Prereq
wget http://security.ubuntu.com/ubuntu/pool/main/s/screen-resolution-extra/screen-resolution-extra_0.17.1.1~16.04.1_all.deb wget http://fr.archive.ubuntu.com/ubuntu/pool/main/x/x-kit/python3-xkit_0.5.0ubuntu2_all.deb dpkg -i screen-resolution-extra_0.17.1.1~16.04.1_all.deb python3-xkit_0.5.0ubuntu2_all.deb apt-get install -f
wget https://developer.download.nvidia.com/compute/cuda/repos/ubuntu1804/x86_64/cuda-ubuntu1804.pin sudo mv cuda-ubuntu1804.pin /etc/apt/preferences.d/cuda-repository-pin-600 wget http://developer.download.nvidia.com/compute/cuda/10.2/Prod/local_installers/cuda-repo-ubuntu1804-10-2-local-10.2.89-440.33.01_1.0-1_amd64.deb sudo dpkg -i cuda-repo-ubuntu1804-10-2-local-10.2.89-440.33.01_1.0-1_amd64.deb sudo apt-key add /var/cuda-repo-10-2-local-10.2.89-440.33.01/7fa2af80.pub sudo apt-get update sudo apt-get -y install cuda
apt-get install build-essential binutils g++ mpich dkms libxmu-dev libxi-dev linux-headers-$(uname -r) linux-headers-amd64 wget http://us.download.nvidia.com/XFree86/Linux-x86_64/440.59/NVIDIA-Linux-x86_64-440.59.run
Install Docker
wget http://ftp.fr.debian.org/debian/pool/main/d/docker.io/docker.io_19.03.5+dfsg1-2_amd64.deb wget http://ftp.fr.debian.org/debian/pool/main/r/runc/runc_1.0.0~rc10+dfsg1-1_amd64.deb wget http://ftp.fr.debian.org/debian/pool/main/libs/libseccomp/libseccomp2_2.4.1-2~bpo10+1_amd64.deb dpkg -i libseccomp2_2.4.1-2~bpo10+1_amd64.deb runc_1.0.0~rc10+dfsg1-1_amd64.deb docker.io_19.03.5+dfsg1-2_amd64.deb apt-get -f install apt-get install docker-compose mkdir /etc/systemd/system/docker.service.d/ cat <<EOF > /etc/systemd/system/docker.service.d/http-proxy.conf [Service] # Environment="HTTP_PROXY=http://192.168.22.20:3128/" "HTTPS_PROXY=http://192.168.22.20:3128/" "NO_PROXY=localhost,127.0.0.0/8,192.168.0.0/16" Environment="ALL_PROXY=http://192.168.22.20:3128/" "NO_PROXY=localhost,127.0.0.0/8,192.168.0.0/16" EOF systemctl daemon-reload systemctl restart docker
Autres
ls -la /dev | grep nvidia cat /proc/driver/nvidia/version
Notes Docker CRI-P Podman Buildah Skopeo
Voir :
Voir aussi :
- OKD
Alternatives à Docker
- CRI-O (Container Runtime Interface - OpenShift) (Fonctionne uniquement avec K8S !?)
- podman
- Docker image build Buildah
- Skopeo (Gérer les images du dépôt “Docker Registry”)
Podman
Voir :
Podman has a built-in command to generate unit files so your containers can be managed and monitored by systemd:
podman generate systemd --new --files --name example_pod
systemctl --user start pod-example_pod.service
Voir :
Notes DNS Bind9
Import / Export
Si le transfert de zone est activé
Dig gère directement
dig -t AXFR @127.0.0.1 acme.fr > /etc/bind/db.acme.fr
Si le transfert de zone n'est pas activé on peut toujours essayer
dig @127.0.0.1 +nocmd +multiline +noall +answer SOA acme.fr
Possibilité de travailler un peu ça (script oneshot un peu pas beau, désolé)
dig2bind.sh
#! /bin/bash TTL=$(dig acme.fr -t AXFR @127.0.0.1 |egrep -v '^;|^$' |awk '{print $2}' |sort -u) echo -e "\$TTL\t$TTL" dig @127.0.0.1 +nocmd +multiline +noall +answer SOA acme.fr |sed -e 's/^acme.fr./@/' | perl -p -e "s/$TTL// if /IN SOA/" | perl -p -e 's/\t+/\t/ if /IN SOA/' dig acme.fr -t AXFR @127.0.0.1 |egrep -v '^;|^$' |sed -e 's/^acme.fr./@/' |perl -p -e "s/$TTL//" |perl -p -e 's/.acme.fr.//g if /IN/' |perl -ne 'print unless $a{$_}++' | perl -p -e 's/\t+/\t/g' | grep -v SOA
bash dig2bind.sh > /etc/bind/db.acme.fr
Slave
On slave
Port 53 must be open on Slave (if Notify)
/etc/bind/named.conf.local
zone "local" { type slave; masters { 192.168.15.211; }; // IP of master allow-notify { 10.8.15.215; }; file "/var/lib/bind/db.local"; allow-transfer { none; } ; };
On Master
/etc/bind/named.conf.local
zone "local" { type master; file "/etc/bind/db.local"; allow-transfer { localhost; 192.168.16.45; }; // IP of Slave notify yes; };
/etc/bind/db.local
@ IN NS ns1.local. ns1 IN A 192.168.16.45
Change serial in db.local and reload
Forwarder
Il peut-être nécessaire de modifier allow-query
/etc/bind/named.conf.options
forwarders { 80.67.169.12; 80.67.169.40; }; allow-query { any; };
Récursion
Voir http://www.coursnet.com/2014/12/les-requetes-dns-recursives-iteratives.html
/etc/named.conf
options { /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion no; /* ... */ };
Désactiver IPV6
Si l'on n'utilise pas l’IPv6, on peut désactiver le protocole en éditant /etc/sysconfig/named
OPTIONS="-4"
Il faudra également ajouter une option à /etc/named.conf.
/etc/named.conf
options { directory "/var/named"; filter-aaaa-on-v4 yes; };
source : https://blog.microlinux.fr/bind-centos-7/
Install DNS Server Bind9
Notes
DNS use port TCP:53 and UDP:53
Install
apt-get install bind9 bind9utils dnsutils
/etc/bind/named.conf.local
zone "local" { type master; file "/etc/bind/db.local"; allow-transfer { 10.8.16.47; }; notify yes; };
/etc/bind/db.local
$TTL 604800 @ IN SOA dns.local. root.dns.local. ( 2015121606 ; serial 86400 ; refresh (1 day) 3600 ; retry (1 hour) 3600000 ; expire (5 weeks 6 days 16 hours) 86400 ; minimum (1 day) ) @ IN NS dns.local. @ IN NS ns1.local. @ IN A 10.8.15.215 dns IN A 10.8.15.215 ns1 IN A 10.8.16.47 bastion IN A 10.8.16.190 proxy IN CNAME bastion ldap IN A 10.8.16.201
If server must forward
/etc/bind/named.conf.options
forwarders { 10.8.15.1; }; allow-query { any; };
/etc/bind/.gitignore
*.key *.keys db.0 db.127 db.255 db.empty db.local db.root
Reload
rndc reload
Check
named-checkconf named-checkzone local /etc/bind/db.local #service bind9 reload rndc reload local service bind9 status dig +short @127.0.0.1 bastion.local
Configure GNU/Linux client
Infra VM
/etc/resolv.conf
#domain local search local #options rotate timeout:1 retries:1 #options edns0 nameserver 10.8.15.215
VPN clients
/etc/resolv.conf
#domain local search local #options rotate timeout:1 retries:1 nameserver 10.9.0.1
Prevent DHCP to change /etc/resolv.conf
chattr +i /etc/resolv.conf lsattr /etc/resolv.conf
: A tester avec SystemD (/etc/systemd/resolved.conf)
On openvpn-it1 (DNS Slave)
/etc/bind/named.conf.local
zone "local" { type slave; masters { 10.8.15.215; }; allow-notify { 10.8.15.215; }; file "/var/lib/bind/db.local"; allow-transfer { 10.9.0.21; } ; };
Autres
for fqdn in $(rgrep 192.168.10.22 /etc/bind/zones |sed -e 's%^/etc/bind/zones/%%' -e 's%.db%%' |awk '{print $1}' |awk -F':' '{print $2 "." $1 }' |sed -e 's%^@.%%' |sort -n) ; do host $fqdn ; done |grep 'has address 192.168.10.22' |awk '{print $1}'
Get TTL
dig +ttlunits +noall +answer @127.0.0.1 example.org