Showing posts with label service. Show all posts
Showing posts with label service. Show all posts

Az-204 - Prep - How To - Creating a container and access its service in Azure environment with ACR

  September 13, 2021 Raaz   , , , , , ,   No comments   Edit

Hello Team, 

Below commands can be used to create a container with image from ACR and to access the container service.


az login \
--username <> \
--password <> \

az group list | select -p name

# Deploying a container from public registry
az container create \
--resource-group "1-028b2503-playground-sandbox" \
--name psdemo-hello-world-cli-010 \
--dns-name-label psdemo-hello-world-cli-010 \
--image mcr.microsoft.com/azuredocs/aci-helloworld \
--ports 80

# show the container info
az container show --resource-group "1-5e3dbe31-playground-sandbox" \
--name "psdemo-hello-world-cli-009"

# Retrieve the container URL to access it over internet
URL=$(az container show --resource-group '1-5e3dbe31-playground-sandbox' \
--name 'psdemo-hello-world-cli-009' --query ipAddress.fqdn | tr -d '"')
echo "https://$URL"

# Demo 1 - Deploy container from azure container registry
## STEP 0 SET ENVIRONMENT VARIABLES
ACR_NAME="grsr18"
ACR_REGISTRY_ID=$(az acr show --name $ACR_NAME --query id --output tsv)
ACR_LOGINSERVER=$(az acr show --name $ACR_NAME --query loginServer --output tsv)

echo "ACR ID: $ACR_REGISTRY_ID"
echo "ACR_LOGINSERVER $ACR_LOGINSERVER"

## STEP 1 create a service principal and get the password and ID,
## this will allow azure container instances to pull
SP_NAME=acr-service-principal
SP_PASSWD=$(az ad sp create-for-rbac \
--name http://$ACR_NAME-pull \
--scopes $ACR_REGISTRY_ID \
--role acrpull \
--query password \
--output tsv)
SP_APPID=$(az ad sp show --id http://$ACR_NAME-pull --query appId --output tsv)

echo "Servce Princial ID : $SP_APPID"
echo "Service Princial Password $SP_PASSWD"

## STEP 2
az container create \
--resource-group "1-5e3dbe31-playground-sandbox" \
--name "psdemo-webapp-cli" \
--dns-name-label psdemo-webapp-cli \
--ports 80 \
--image $ACR_LOGINSERVER/webappimage:v1 \
--registry-login-server $ACR_LOGINSERVER \
--registry-username $SP_APPID \
--registry-password $SP_PASSWD

# due to permission issues if you cant create service princial
# then you can use your acr login creds to pull image
az container create --resource-group "1-028b2503-playground-sandbox" \
--name "psdemo-webapp-cli" --dns-name-label "psdemo-webapp-cli" \
--ports 80 --image $ACR_LOGINSERVER/webappimage:v1 \
--registry-login-server $ACR_LOGINSERVER --registry-username "GRSR18" \
--registry-password "xx=xxxxx=xxxxx+xxxxx"

# get the container status
az container show --resource-group "1-028b2503-playground-sandbox" \
--name "psdemo-webapp-cli"
az container show --resource-group "1-028b2503-playground-sandbox" \
--name "psdemo-webapp-cli" --query instanceView.state

# get the FQDN to access
url=$(az container show --resource-group "1-028b2503-playground-sandbox" \
--name "psdemo-webapp-cli" --query ipAddress.fqdn | tr -d '"')
echo http://$url
curl http://$url

# Get contianer logs
az container logs --resource-group "1-028b2503-playground-sandbox" \
--name "psdemo-webapp-cli"

# Delete the running container
az container delete --resource-group "1-028b2503-playground-sandbox" \
--name "psdemo-webapp-cli" --yes

# Cleanup from our demos, all ACIs and ACR Deployed in the resource group
az group delete --name "1-028b2503-playground-sandbox" --yes
docker image rm grsr18.azureacr.ip/webappimage:v1
docker image rm webappimage:v1



Install & Configure DNS service in RHEL6

  July 18, 2013   , , , , , , , ,   No comments   Edit
         DNS (Domain Name System) is one of the most dependable service in a network. All of us know that the DNS service resolves hostname into ip address and vice versa.  The DNS server translates the domain name into its corresponding ip address. So it makes us easy to remember the domain names instead of its ip address.

DNS Server Installation in RHEL6

         In this article we will see how to install and configure Primary and Scondary DNS server. The steps provided here are tested in RHEL6 64 bit edition.

Scenario

Domain Name : avr.com

Primary(Master) DNS Server Details:

Hostname             : server01.avr.com
IP Address           : 192.168.22.2
Subnetmask          : 255.255.255.0

Secondary(Slave) DNS Server Details:

Hostname             : server02.avr.com
IP Address           : 192.168.22.3
Subnetmask          : 255.255.255.0

Setup Primary(Master) DNS Server

1. Install DNS server
# yum install bind* -y

2. Configure DNS Server
#vim /etc/named.conf

options {
        listen-on port 53 { 192.168.22.2; };
//      listen-on-v6 port 53 { ::1; };    
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { 192.168.22.0/24; };
        allow-recursion { 192.168.22.0/24; };
        allow-transfer  { 192.168.22.3; };
        recursion yes;
        forwarders { 192.168.10.1; };   // DNS provided by ISP
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;
        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
        type hint;
        file "named.ca";
};
include "/etc/named.rfc1912.zones";

3. Create forward and reverse lookup zones
# vim /etc/named.rfc1912.zones

zone "avr.com" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};
zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};
zone "22.168.192.in-addr.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};
zone "0.in-addr.arpa" IN {
        type master;
        file "named.empty";
        allow-update { none; };
};


4. Edit the zone records file
Forward lookup zone file
# vim /var/named/named.localhost

$TTL 1D
@       IN SOA  server01.avr.com. root.server01.avr.com. (
                                        2       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
                NS      server01.avr.com.
                NS      server02.avr.com.
server01        A       192.168.22.2
server02        A       192.168.22.3
windesk01       A       192.168.22.12

Reverse lookup zone file
# vim /var/named/named.loopback

$TTL 1D
@       IN SOA  server01.avr.com. root.server01.avr.com. (
                                        2       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      server01.avr.com.
        NS      server02.avr.com.
2       PTR     server01.avr.com
3       PTR     server02.avr.com
12      PTR     windesk01.avr.com


5. Check the named configuration
# named-checkconf /etc/named.conf
# echo $?
0

# named-checkconf /etc/named.rfc1912.zones
# echo $?
0

6.Check zone configuration
Forward lookup zone configuration
# named-checkzone flz /var/named/named.localhost
zone flz/IN: loaded serial 2
OK

Reverse lookup zone configuration
# named-checkzone rlz /var/named/named.loopback
zone rlz/IN: loaded serial 2
OK

7. Add the following exception rules to firewall to accept DNS requests from the network 192.168.22.0/24
#iptables -t filter -A INPUT -p tcp -m state --state NEW --dport 53  -j ACCEPT
#iptables -t filter -A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
#service iptables save
#service iptables restart

8. Make your server as DNS client itself.
#vim /etc/resolv.conf
search avr.com
nameserver 192.168.22.2
nameserver 192.168.10.1

9. Enable IP Forwarding
#vim /etc/sysctl.conf
      --> Modify the following line set ( 0 to 1)
net.ipv4.ip_forward = 1
#sysctl -p

10. Finally start the service
#service named start
#chkconfig named on


Setup Secondery(Slave) DNS Server

1. Install DNS server
# yum install bind* -y

2. Configure DNS Server
#vim /etc/named.conf

options {
        listen-on port 53 { 192.168.22.3; };
//      listen-on-v6 port 53 { ::1; };    
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { 192.168.22.0/24; };
        allow-recursion { 192.168.22.0/24; };
        allow-transfer  { none; };
        recursion yes;
        forwarders { 192.168.10.1; };   // DNS provided by ISP
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;
        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
        type hint;
        file "named.ca";
};
include "/etc/named.rfc1912.zones";

3. Create forward and reverse lookup zones
# vim /etc/named.rfc1912.zones

zone "avr.com" IN {
        type slave;
        file "slaves/named.localhost";
        masters { 192.168.22.2; };
};
zone "localhost" IN {
        type master;
        file "named.localhost";
        allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.loopback";
        allow-update { none; };
};
zone "22.168.192.in-addr.arpa" IN {
        type slave;
        file "slaves/named.loopback";
        masters { 192.168.22.2; };
};
zone "0.in-addr.arpa" IN {
        type master;
        file "named.empty";
        allow-update { none; };
};

4. This step is not required for slave DNS, because the zone records will het updated automatically form master DNS (i.e 192.168.22.2)


5. Check the named configuration
# named-checkconf /etc/named.conf
# echo $?
0

# named-checkconf /etc/named.rfc1912.zones
# echo $?
0

6.Similar to step no.4 this step is not required for slave DNS, because the zone records will het updated automatically form master DNS (i.e 192.168.22.2). Note that the zone record files will be downloaded to the location "/var/named/slaves/ " on slave DNS as we configured it so in Step:3.

7. Add the following exception rules to firewall to accept DNS requests from the network 192.168.22.0/24

#iptables -t filter -A INPUT -p tcp -m state --state NEW --dport 53  -j ACCEPT
#iptables -t filter -A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT

#service iptables save
#service iptables restart

8. Make your server as DNS client itself.
#vim /etc/resolv.conf
search avr.com
nameserver 192.168.22.3
nameserver 192.168.22.2

9. Enable IP Forwarding
#vim /etc/sysctl.conf
      --> Modify the following line set ( 0 to 1)
net.ipv4.ip_forward = 1
#sysctl -p

10. Finally start the service
#service named start
#chkconfig named on
Subscribe to: Posts (Atom)