blog
Table des matières
4 billet(s) pour janvier 2026
| AWX sur K8S Kind - partage de fichier pour les blob - Execution pods | 2026/01/26 10:15 | Jean-Baptiste |
| Notes rsh rcp | 2026/01/21 18:08 | Jean-Baptiste |
| Git - Duplication d'un dépôt | 2026/01/19 10:22 | Jean-Baptiste |
| Exemple simple de conf Nagios | 2026/01/14 10:07 | Jean-Baptiste |
Notes dev python3 paramiko
import paramiko host = '192.168.1.33' port = 22 username = 'root' key_file = '/home/jean/.ssh/id_rsa' key_passphrase='plop' my_key = paramiko.RSAKey.from_private_key_file(key_file, password=key_passphrase) transport = paramiko.Transport((host, port)) transport.connect(username=username, pkey=my_key) sftp = paramiko.SFTPClient.from_transport(transport) print(sftp.listdir()) sftp.get('PLOP.txt', 'PLOP.txt') # Close connections sftp.close() transport.close()
Notes Dépôt Docker - Docker Registry
Registry (comme JFrog Artifactory)
Public registry
Configuration
Voir :
Voir aussi :
Source :
Brouillon, insecure registry
Client
Voir :
/etc/containers/registries.confet~/.config/containers/registries.conf
/etc/systemd/system/docker.service.d/http-proxy.conf
[Service] # Environment="HTTP_PROXY=http://192.168.56.1:3128/" "HTTPS_PROXY=http://192.168.56.1:3128/" "NO_PROXY=localhost,127.0.0.0/8,192.168.0.0/16,registry.local" Environment="http_proxy=http://192.168.56.1:3128/" "https_proxy=http://192.168.56.1:3128/" "NO_PROXY=localhost,127.0.0.0/8,192.168.0.0/16,registry.local"
systemctl daemon-reload systemctl restart docker
Vérif
systemctl show --property=Environment docker
/etc/hosts
192.168.205.18 docker-1
API
curl -X GET -u <user>:<pass> https://myregistry:5000/v2/_catalog curl -X GET -u <user>:<pass> https://myregistry:5000/v2/ubuntu/tags/list
SSL/TLS
sudo mkdir -p /etc/docker/certs.d/registry.local:5000
Puis déposer le fichier ca.crt dans ce dossier.
Autre solution
/etc/docker/daemon.json
{ "log-level": "error", "insecure-registries" : ["docker-1.local"], "proxies": { "http-proxy": "http://192.168.1.100:3128", "https-proxy": "https://192.168.1.100:3128", "no-proxy": "*.local,127.0.0.0/8" } }
Old
Ne semble plus marcher.
Avant nous pouvions spécifier un numéro de port au registry Docker.
/etc/docker/daemon.json
{ "insecure-registries" : ["docker-1:5000"] }
Seveur registry
mkdir docker-registry cd docker-registry mkdir certs openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key -x509 -days 365 -out certs/domain.crt chmod a+r certs/domain.* sudo mv certs /certs
Be sure to use the name myregistrydomain.com as a CN
docker-compose.yml
version: '3' services: registry: image: "registry:2" ports: - "5000:5000" environment: - REGISTRY_HTTP_ADDR=0.0.0.0:5000 - REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt - REGISTRY_HTTP_TLS_KEY=/certs/domain.key - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/data - REGISTRY_STORAGE_DELETE_ENABLED=true volumes: - "/certs:/certs" - "/data:/data"
docker-compose.yml
version: '3' services: redis: image: redis restart: always registry: image: "registry:2" restart: always ports: - "5000:5000" environment: - REGISTRY_HTTP_ADDR=0.0.0.0:5000 - REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt - REGISTRY_HTTP_TLS_KEY=/certs/domain.key - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/data - REGISTRY_HTTP_SECRET=secret - REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR=redis - REGISTRY_REDIS_ADDR=redis:6379 - REGISTRY_STORAGE_DELETE_ENABLED=true volumes: - "/certs:/certs" - "/data:/data" registry-ui: image: konradkleine/docker-registry-frontend:v2 restart: always ports: - "80:80" environment: VIRTUAL_HOST: '*, https://*' ENV_DOCKER_REGISTRY_HOST: 'registry' ENV_DOCKER_REGISTRY_PORT: 5000 ENV_DOCKER_REGISTRY_USE_SSL: 1
docker-compose up
Utilisation
Pull & Push
docker pull debian:stretch docker tag debian:stretch localhost:5000/debian:stretch docker push localhost:5000/debian:stretch
Build & Push
docker build -t plop . plop registry.local:5000/project/image:tag docker push registry.local:5000/project/image:tag
Auth
docker login registry.local:5000 -u user -p P@sssw0rd
Delete
Voir :
Afficher les information détaillées sur notre image taguée.
docker inspect registry.local:5000/hello-world:latest
Voir & effacer les versions taguées
$ docker image ls registry.local:5000/* REPOSITORY TAG IMAGE ID CREATED SIZE registry.local:5000/my-hello-world4 latest fce289e99eb9 13 months ago 1.84kB $ docker image rm registry.local:5000/my-hello-world4 Untagged: registry.local:5000/my-hello-world4:latest Untagged: registry.local:5000/my-hello-world4@sha256:92c7f9c92844bbbb5d0a101b22f7c2a7949e40f8ea90c8b3bc396879d95e899a
Effacer les fichiers sur le dépôt
sudo rm ./docker/registry/v2/repositories/my-hello-world -rf sudo rm ./docker/registry/v2/repositories/my-hello-world4 ./docker/registry/v2/blobs/sha256/fc/fce289e99eb9* -rf
$ curl -k https://registry.local:5000/v2/_catalog
{"repositories":["hello-world"]}
$ curl -k https://registry.local:5000/v2/hello-world/tags/list
{"name":"hello-world","tags":["latest"]}
$ curl -k -v --silent -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -X GET https://registry.local:5000/v2/hello-world/manifests/latest
< content-length: 524
<
{
"schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"config": {
"mediaType": "application/vnd.docker.container.image.v1+json",
"size": 1510,
"digest": "sha256:fce289e99eb9bca977dae136fbe2a82b6b7d4c372474c9235adc1741675f587e"
},
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 977, "digest": "sha256:1b930d010525941c1d56ec53b97bd057a67ae1865eebf042686d2a2d18271ced"
}
]
* Curl_http_done: called premature == 0
curl -k -v --silent -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -X DELETE https://registry.local:5000/v2/hello-world/manifests/sha256:fce289e99eb9bca977dae136fbe2a82b6b7d4c372474c9235adc1741675f587e
Pour vraiment libérer l'espace
Lancer à l’intérieur du conteneur
bin/registry garbage-collect /etc/docker/registry/config.yml
Client
Voir :
podman searchcrane(asdf)- skopeo
https://blog.stephane-robert.info/docs/conteneurs/outils/crane/
~~~bash skopeo inspect docker:tomsquest/docker-radicale | jq ~~~
Pb
Error "server gave HTTP response to HTTPS client"
podman exec -ti kind-control-plane /bin/bash ctr -n k8s.io image pull --plain-http=true registry.test.svc.cluster.local:5000/awx-ee-gts-it:2.19.3-2-1
Notes déploiement paquets GNU Linux
Voir :
-
- rpm-ostree
-
- PackageKit
- Arkade Package manager dev tools for kubernetes
- Brew
PackageKit
PackageKit est un logiciel conçu dans le but de faciliter l'installation et la mise à jour de logiciels (principalement sous GNU/Linux et BSD)
pkcon refresh pkcon update
Notes Dell OpenManage
OpenManage dans un container Docker
Voir https://hub.docker.com/r/jdelaros1/openmanage-snmp/
| Utilisateur | Mot de passe |
| root | password |
Il convient seulement de remplacer la ligne suivante :
RUN wget -q -O - http://linux.dell.com/repo/hardware/DSU_16.02.00/bootstrap.cgi | bash
Par
RUN wget -q -O - http://linux.dell.com/repo/hardware/DSU_17.03.00/bootstrap.cgi | bash
ou encore par
RUN wget -q -O - http://linux.dell.com/repo/hardware/latest/bootstrap.cgi | bash
Dockerfile
FROM centos:centos7 #MAINTAINER Jose De la Rosa "https://github.com/jose-delarosa" #LABEL org.opencontainers.image.authors="Jose De la Rosa https://github.com/jose-delarosa" #ENV http_proxy http://192.168.56.1:3128 #ENV https_proxy http://192.168.56.1:3128 ARG https_proxy ARG http_proxy # Environment variables ENV PATH $PATH:/opt/dell/srvadmin/bin:/opt/dell/srvadmin/sbin ENV USER root ENV PASS password # Do overall update and install missing packages needed for OpenManage RUN yum -y update && \ yum -y install gcc wget perl passwd which tar libstdc++.so.6 compat-libstdc++-33.i686 glibc.i686 # Set login credentials RUN echo "$USER:$PASS" | chpasswd # Add OMSA repo #RUN wget -q -O - http://linux.dell.com/repo/hardware/latest/bootstrap.cgi | bash RUN wget -q -O - http://linux.dell.com/repo/hardware/DSU_17.03.00/bootstrap.cgi | bash # Let's "install all", however we can select specific components instead RUN yum -y install srvadmin-all && yum clean all # Prevent daemon helper scripts from making systemd calls ENV SYSTEMCTL_SKIP_REDIRECT=1 # Restart application to ensure a clean start CMD /usr/sbin/snmpd && srvadmin-services.sh restart && tail -f /opt/dell/srvadmin/var/log/openmanage/dcsys64.xml
Build
docker build -t omsa82-snmp --build-arg http_proxy=http://192.168.56.1:3128 --build-arg https_proxy=http://192.168.56.1:3128 .
Lancement
# Sur port 161/udp #docker run --privileged --userns=host -d -p 161:161/udp -p 1311:1311 --restart=always --net=host -v /lib/modules/`uname -r`:/lib/modules/`uname -r` --name=omsa82-snmp jdelaros1/openmanage-snmp # Sur un autre port #docker run --privileged --userns=host -d -p 160:161/udp -p 1311:1311 --restart=always -v /lib/modules/`uname -r`:/lib/modules/`uname -r` --name=omsa82-snmp jdelaros1/openmanage-snmp docker run --privileged --userns=host -d -p 160:161/udp -p 1311:1311 --restart=always -v /lib/modules/`uname -r`:/lib/modules/`uname -r` --name=omsa82-snmp docker.io/jdelaros1/openmanage-snmp
Test RedHat8 OMSA 9.2
Ne fonctionne pas !
vars.sh
export KERN_RELEASE=$(uname -r) export PASS=P@ssw0rd export http_proxy=http://192.168.22.20:3128 export https_proxy=http://192.168.22.20:3128
Dockerfile
FROM centos:centos8 #MAINTAINER Jose De la Rosa "https://github.com/jose-delarosa" #LABEL org.opencontainers.image.authors="Jose De la Rosa https://github.com/jose-delarosa" ARG http_proxy ARG https_proxy ARG PASS # Environment variables ENV PATH $PATH:/opt/dell/srvadmin/bin:/opt/dell/srvadmin/sbin ENV USER root #ENV PASS password # Do overall update and install missing packages needed for OpenManage #RUN yum -y update RUN yum -y install gcc wget perl passwd which tar net-snmp initscripts # Set login credentials RUN echo "$USER:$PASS" | chpasswd # Add OMSA repo #RUN wget -q -O - https://linux.dell.com/repo/hardware/latest/bootstrap.cgi |sed -e '/^IMPORT_GPG_CONFIRMATION="na"/s/na/yes/' |bash RUN wget -q -O - http://linux.dell.com/repo/hardware/DSU_20.02.00/bootstrap.cgi |sed -e '/^IMPORT_GPG_CONFIRMATION="na"/s/na/yes/' |bash # Let's "install all", however we can select specific components instead RUN yum -y install srvadmin-all && yum clean all # Restart application to ensure a clean start CMD /usr/sbin/snmpd && srvadmin-services.sh restart #/etc/init.d/dataeng start #/etc/init.d/dsm_om_connsvc start #/etc/init.d/dsm_om_shrsvc start
docker-compose.yml
version: "3.7" services: openmanage: privileged: true build: context: . args: - http_proxy=http://172.18.22.20:3128 - https_proxy=http://172.18.22.20:3128 - PASS=$PASS network: host network_mode: "host" ports: - "1311:1311" - "161:161/udp" volumes: - /lib/modules/$KERN_RELEASE:/lib/modules/$KERN_RELEASE:ro - /dev/:/dev/
Vérification
omreport chassis fans
Modification / Mis-à-jour
srvadmin-services.sh stop rpm -e $(rpm -qa |grep srvadmin) wget http://linux.dell.com/repo/hardware/DSU_17.03.00/os_dependent/RHEL7_64/srvadmin/srvadmin-jre-8.4.0-2193.9883.el7.x86_64.rpm mkdir plop cd plop tar xzvf ../OM-SrvAdmin-Dell-Web-LX-8.5.0-2372.RHEL7.x86_64_A00.tar.gz cd linux/RPMS/supportRPMS/srvadmin/RHEL7/x86_64 yum install net-snmp-utils # net-snmp net-snmp-agent net-snmp-libs net-snmp-utils rpm -Uvh *.rpm ldconfig srvadmin-services.sh start
Pb
Pb 1
Starting dsm_sa_datamgrd: /opt/dell/srvadmin/sbin/dsm_sa_datamgrd: error while loading shared libraries: libdcsupt.so.8: cannot open shared object file: No such file or directory
[FAILED]
Starting dsm_sa_eventmgrd: /opt/dell/srvadmin/sbin/dsm_sa_eventmgrd: error while loading shared libraries: libdcsupt.so.8: cannot open shared object file: No such file or directory
[FAILED]
Starting dsm_sa_snmpd: /opt/dell/srvadmin/sbin/dsm_sa_snmpd: error while loading shared libraries: libdcsupt.so.8: cannot open shared object file: No such file or directory
[FAILED]
Starting DSM SA Shared Services: [ OK ]
Starting DSM SA Connection Service: [ OK ]
tail: cannot open ‘/opt/dell/srvadmin/var/log/openmanage/dcsys64.xml’ for reading: No such file or directory
Solution
ldconfig
Par info
# rpm -qf /opt/dell/srvadmin/lib64/libdcsupt.so.8 srvadmin-deng-8.2.0-1739.8348.el7.x86_64
Pb 2
# docker exec -ti omsa82-snmp omreport chassis fans Error! No fan probes found on this system.
Solution : Version plus récente de Dell openmanage
Supervision
Pb
# /usr/lib64/nagios/plugins/check_openmanage -H 172.18.205.2 SNMP ERROR [cooling]: The requested entries are empty or do not exist
Le pb vient d'openmanage, peut-être la version n'est pas assez récente
La commande suivante doit fonctionner
omreport chassis fans
Notes debmirror
Voir :
Voir aussi :
- reprepro Dépôt Debian APT repository
Bug rsync même pour http/ftp :
cp -p /usr/bin/debmirror{,.old}
/usr/bin/debmirror
#! /bin/bash /usr/bin/debmirror.old --rsync-extra=none $*
Exemple de fichier de conf
/etc/debmirror.conf
# Output options $verbose=1; $progress=1; $debug=1; # Download options $host="archive.ubuntu.com"; #$user="anonymous"; #$passwd="anonymous@"; #$remoteroot="debian"; #$download_method="ftp"; $download_method="http"; #@sections="main,main/debian-installer,contrib,non-free"; @sections="main,debian-installer,contrib,non-free"; @arches="amd64"; $omit_suite_symlinks=0; $skippackages=0; $i18n=0; $getcontents=0; $do_source=1; $max_batch=0; $state_cache_days=0; # Security/Sanity options # C'était quoi la config par défault déjà ? #$ignore_release_gpg=1; $ignore_release=0; $check_md5sums=0; $ignore_small_errors=0; # C'était quoi la config par défault déjà ? $cleanup=1; $post_cleanup=1; $timeout=300; #$proxy="http://proxy:8080/"; $dry_run=0; $diff_mode="use"; # The config file must return true or perl complains. # Always copy this. 1;
Debmirror pour Cobbler
Laisser la conf par défaut. Juste commenter les lignes suivantes @dists= et @arches= :
/etc/debmirror.conf
@dists="sid"; @arches="i386";
Devient /etc/debmirror.conf
#@dists="sid"; #@arches="i386";
Puis si cobbler check affiche toujours un avertissement sur debmirror, redémarrer le service cobblerd
Miroir Debian complet
maj_depoots_debian.sh
#!/bin/bash -x ## Simple debmirror update script http_proxy="http://user:P@ssw0rd@192.168.56.1:3128/" hote="ftp.fr.debian.org" racine="debian/" methode="rsync" #distribution="jessie,jessie-updates,wheezy,wheezy-updates" distribution="stretch" #sections="main,main/debian-installer,contrib,non-free" sections="main,contrib,non-free" destination="/media/cache/debian9/" #architecture="amd64,i386,armhf" architecture="amd64" ## Synchronisation du mirroir local avec ftp.fr.debian.org /usr/bin/debmirror --i18n --nosource -m -e --passive --host=$hote --root=$racine --method=$methode --getcontents --progress --dist=$distribution --ignore-release-gpg --section=$sections --arch=$architecture --cleanup --diff=none $destination
Autres
Exemples
debmirror --nosource --progress --md5sums -h ftp.fr.debian.org -e rsync -r :debian -d testing --getcontents /home/debian_mirror/ --ignore-release-gpg debmirror -v --method=http -a amd64 --no-check-gpg --exclude='/*' --include='/python3-websocket.*$' -d bionic,bionic-security,bionic-updates --nosource mirror debmirror --method=http --host=ppa.launchpad.net --root=wgrant/experimental/ubuntu --dist xenial --section=main --arch=amd64 --rsync-extra=none --i18n --verbose --ignore-release-gpg tmp-wgrant-experimental
blog.txt · Dernière modification : de 127.0.0.1