7 Kasım 2024 Perşembe

quay ile eğlence

 

postgreql de quayadmin parola değişimi

quaydb=# CREATE EXTENSION pgcrypto;
CREATE EXTENSION
quaydb=# UPDATE "user"
quaydb-# SET password_hash = crypt('quayadmin', gen_salt('bf')), verified = true
quaydb-# WHERE username = 'quayadmin';
UPDATE 1
quaydb=#
 

config.yml

DISTRIBUTED_STORAGE_PREFERENCE: ["local_storage"]
DISTRIBUTED_STORAGE_CONFIG:
  local_storage:
    - LocalStorage
    - storage_path: /opt/quay/storage
DB_URI: "postgresql://quayuser:quaypass@192.168.251.94:5432/quaydb"
DB_CONNECTION_ARGS:
  autorollback: true
DATABASE_SECRET_KEY: quaypasssevretpak
SERVER_HOSTNAME: "quay.local.lab"
BUILDLOGS_REDIS:
  host: "192.168.251.94"
  password: "redispass"
  port: 6379
USER_EVENTS_REDIS:
  host: "192.168.251.94"
  port: 6379
  password: "redispass"
HOSTNAME: "quay.local.lab"
PREFERRED_URL_SCHEME: https
SSL_CERTIFICATE: /conf/stack/ssl/ssl.cert
SSL_PRIVATE_KEY: /conf/stack/ssl/ssl.key
SETUP_COMPLETE: true
CREATE_NAMESPACE_ON_PUSH: true
SUPER_USERS:
  - "quayadmin"
FEATURE_MAILING: false

 

 

quay-olustur
¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬
#!/bin/bash
REDHAT_USERNAME="redhat@paycore.com"  # Set your Red Hat username
REDHAT_PASSWORD='0Wp#ELCNFc=x!0Bg'  # Set your Red Hat password
QUAY_USERNAME="redhat@paycore.com"  # Set your Quay username
QUAY_PASSWORD='0Wp#ELCNFc=x!0Bg'  # Set your Quay password

LOG_FILE="/var/log/quay-install.log"
QUAY_DIR="/opt/quay"
QUAY_IMAGE="registry.redhat.io/quay/quay-rhel8:v3.12.4-6"
POSTGRES_IMAGE="registry.redhat.io/rhel8/postgresql-13:latest"
REDIS_IMAGE="registry.redhat.io/rhel8/redis-6:latest"

# Log yazma fonksiyonu
log() {
    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a $LOG_FILE
}

deploy_quay() {
    remove_existing_pod "quay"
    log "Deploying Quay..."
    podman run -d \
        --name quay \
        --restart=always \
        -v ${QUAY_DIR}/config:/conf/stack:Z \
        -v ${QUAY_DIR}/storage:/datastorage:Z \
        -v ${QUAY_DIR}/config:/opt/quay/config:Z \
        -e CONFIG_APP_PASSWORD=quaypass \
        -e DATABASE_SECRET_KEY=quaydatasecret \
        -e SERVER_HOSTNAME="quay.local.lab" \
        -e DB_URI="postgresql://quayuser:quaypass@192.168.251.94:5432/quaydb" \
        -e REDIS_HOST="192.168.251.94" \
        -e REDIS_PASSWORD="redispass" \
        -e SUPER_USERS="quayadmin" \
        -p 80:8080 -p 443:8443 \
        ${QUAY_IMAGE} || {
        log "ERROR: Failed to deploy Quay."
        exit 1
    }
    log "Quay deployed successfully."
}


deploy_quay
exit 0





----------------------------------------------------------------------------------------------
quay için ssl sertifikası üretmek

[root@bastion quay]# cat ssl.sh 

#!/bin/bash


DOMAIN="bastion.local.lab"

CERT_DIR="/quay/config/ssl"

DAYS_VALID=3650


mkdir -p "$CERT_DIR"


# Geçici openssl config dosyası oluşturuluyor

OPENSSL_CNF=$(mktemp)


cat > "$OPENSSL_CNF" <<EOF

[req]

default_bits       = 4096

prompt             = no

default_md         = sha256

req_extensions     = req_ext

distinguished_name = dn


[dn]

C = TR

ST = Malatya

L = Hekimhan

O = MyLab

OU = Dev

CN = $DOMAIN


[req_ext]

subjectAltName = @alt_names


[alt_names]

DNS.1 = $DOMAIN

IP.1 = 10.253.10.10

IP.2 = 10.88.0.1

EOF



# Sertifika ve anahtar oluşturuluyor

openssl req -x509 -nodes -days "$DAYS_VALID" -newkey rsa:4096 \

  -keyout "$CERT_DIR/ssl.key" \

  -out "$CERT_DIR/ssl.cert" \

  -config "$OPENSSL_CNF" -extensions req_ext


# Geçici dosya siliniyor

rm -f "$OPENSSL_CNF"


# Sonuç

if [[ -f "$CERT_DIR/ssl.cert" && -f "$CERT_DIR/ssl.key" ]]; then

    echo "✅ SAN içeren SSL sertifikası başarıyla oluşturuldu:"

    echo "  - $CERT_DIR/ssl.cert"

    echo "  - $CERT_DIR/ssl.key"

else

    echo "❌ Sertifika oluşturulamadı!"

    exit 1

fi


[root@bastion quay]# 


----------------------------------------------------------------------------------------------

 

 

2 Kasım 2024 Cumartesi

sonatype nexus kurulumu + nginx proxy ayarlanması

container uygulamaları için yerel repoya ihtiyacınız olursa nexus kullanabilirsiniz.
Aşağıdaki linkteki script rhel8  tabanlı sistemlerde  test edilmiştir.
https://akyuz.tech/nexus-kurulum/install-nexus.sh


remzi@fedora:~$ cat  nexus-kurulum/install-nexus.sh
#!/bin/bash

# Variables
NEXUS_VERSION="3.77.2-02"
NEXUS_TAR="nexus-${NEXUS_VERSION}-unix.tar.gz"
NEXUS_DOWNLOAD_URL="https://download.sonatype.com/nexus/3/${NEXUS_TAR}"
JAVA_VERSION="17"
NEXUS_USER="nexus"
NEXUS_UID=30033
NEXUS_GID=30033
INSTALL_DIR="/app/nexus"
REPO_DIR="/app/data/nexus-repo"
WORK_DIR="/app/data/nexus/sonatype-work"
DATA_DIR="${WORK_DIR}/nexus3"
NEXUS_PORT=8081

# Ensure script is run as root
if [ "$(id -u)" -ne 0 ]; then
  echo "Please run this script as root."
  exit 1
fi

# Check if JDK 17 is installed and skip installation if it is
if rpm -qa | grep -q 'java-17-openjdk'; then
  echo "JDK ${JAVA_VERSION} is already installed, skipping installation."
else
  echo "Installing JDK ${JAVA_VERSION}..."
  yum install -y java-17-openjdk java-17-openjdk-devel
fi

# Verify JDK installation
java_version=$(java -version 2>&1 | head -n 1 | grep -o "17")
if [ "$java_version" != "$JAVA_VERSION" ]; then
  echo "JDK ${JAVA_VERSION} installation failed."
  exit 1
else
  echo "JDK ${JAVA_VERSION} is ready for use."
fi

# Create Nexus user with specified UID and GID
echo "Creating Nexus user and group..."
getent group ${NEXUS_GID} >/dev/null || groupadd -g ${NEXUS_GID} ${NEXUS_USER}
getent passwd ${NEXUS_UID} >/dev/null || useradd -u ${NEXUS_UID} -g ${NEXUS_GID} -m -d ${INSTALL_DIR} -s /sbin/nologin ${NEXUS_USER}

# Create necessary directories
echo "Creating application, repository, work, and data directories..."
mkdir -p ${INSTALL_DIR}
mkdir -p ${REPO_DIR}
mkdir -p ${WORK_DIR}
mkdir -p ${DATA_DIR}
chown -R ${NEXUS_USER}:${NEXUS_USER} ${INSTALL_DIR} ${REPO_DIR} ${WORK_DIR} ${DATA_DIR}

# Check if Nexus tar file is already downloaded in the current directory
if [ -f "./${NEXUS_TAR}" ]; then
  echo "Found existing Nexus archive in current directory. Using it for installation."
  cp ./${NEXUS_TAR} /tmp/
else
  # Download Nexus if not found locally
  echo "Downloading Nexus Repository..."
  curl -L -o /tmp/${NEXUS_TAR} ${NEXUS_DOWNLOAD_URL}
fi

# Extract Nexus and set permissions
echo "Installing Nexus Repository..."
tar -xzf /tmp/${NEXUS_TAR} -C ${INSTALL_DIR} --strip-components=1
chown -R ${NEXUS_USER}:${NEXUS_USER} ${INSTALL_DIR}
rm -f /tmp/${NEXUS_TAR}

# Configure Nexus to run as nexus user
echo "Configuring Nexus to run as ${NEXUS_USER}..."
echo "run_as_user=\"${NEXUS_USER}\"" > ${INSTALL_DIR}/bin/nexus.rc

# Configure nexus.vmoptions file with absolute paths
echo "Configuring nexus.vmoptions..."
NEXUS_VMOPTIONS="${INSTALL_DIR}/bin/nexus.vmoptions"

if [ -f "$NEXUS_VMOPTIONS" ]; then
  # Update or add specific lines in nexus.vmoptions using sed
  sed -i "s|^-XX:LogFile=.*|-XX:LogFile=${DATA_DIR}/log/jvm.log|" "$NEXUS_VMOPTIONS"
  sed -i "s|^-Dkaraf.data=.*|-Dkaraf.data=${DATA_DIR}|" "$NEXUS_VMOPTIONS"
  sed -i "s|^-Dkaraf.log=.*|-Dkaraf.log=${DATA_DIR}/log|" "$NEXUS_VMOPTIONS"
  sed -i "s|^-Djava.io.tmpdir=.*|-Djava.io.tmpdir=${DATA_DIR}/tmp|" "$NEXUS_VMOPTIONS"
else
  # If nexus.vmoptions does not exist, create it with the required settings
  cat <<EOL > "$NEXUS_VMOPTIONS"
-XX:LogFile=${DATA_DIR}/log/jvm.log
-Dkaraf.data=${DATA_DIR}
-Dkaraf.log=${DATA_DIR}/log
-Djava.io.tmpdir=${DATA_DIR}/tmp
EOL
fi

# Set absolute paths in nexus-default.properties
if [ -f "${INSTALL_DIR}/etc/nexus-default.properties" ]; then
  sed -i "s|nexus-work=.*|nexus-work=${WORK_DIR}|" ${INSTALL_DIR}/etc/nexus-default.properties
  echo "data-dir=${DATA_DIR}" >> ${INSTALL_DIR}/etc/nexus-default.properties
fi

# Create a systemd service for Nexus with environment variables for paths
echo "Creating systemd service for Nexus..."
cat <<EOL > /etc/systemd/system/nexus.service
[Unit]
Description=Nexus Repository Manager
After=network.target

[Service]
Type=forking
LimitNOFILE=65536
Environment="NEXUS_HOME=${INSTALL_DIR}"
Environment="NEXUS_DATA=${DATA_DIR}"
Environment="HOME=${DATA_DIR}"
Environment="JAVA_TOOL_OPTIONS=-Duser.home=${DATA_DIR}"
Environment="INSTALL4J_ADD_VM_PARAMS=-Dkaraf.data=${DATA_DIR} -Dkaraf.home=${INSTALL_DIR} -Dkaraf.base=${INSTALL_DIR} -Djava.io.tmpdir=${DATA_DIR}/tmp"
ExecStart=${INSTALL_DIR}/bin/nexus start
ExecStop=${INSTALL_DIR}/bin/nexus stop
User=${NEXUS_USER}
Restart=on-abort

[Install]
WantedBy=multi-user.target
EOL

# Open firewall port for Nexus and make it permanent
echo "Configuring firewall for Nexus..."
firewall-cmd --permanent --add-port=${NEXUS_PORT}/tcp
firewall-cmd --reload

# Enable and start Nexus service
echo "Enabling and starting Nexus service..."
systemctl daemon-reload
systemctl enable nexus
systemctl start nexus

echo "Nexus installation and setup complete. Nexus is accessible on port ${NEXUS_PORT}."

remzi@fedora:~$


nexus direk erişime açmak istemediğimiz durumlarda önüne bir tane nginx koyabiliriz.
Lab ortamında sorunlar giderilmiş ve test edilmiş örnek nginx ayar dosyası aşağıdadır.


[root@nexus ~]# decomment /etc/nginx/conf.d/nexus.conf 

server {

    listen 443 ssl;

    server_name nexus.local.lab;

    client_max_body_size 10240M;

    client_body_buffer_size  1024M;

    client_body_temp_path /mnt/nginx_temp 1 2;

    proxy_buffering off;

    ssl_certificate /etc/nginx/ssl/nexus.crt;

    ssl_certificate_key /etc/nginx/ssl/nexus.key;


    location / {

        proxy_pass http://localhost:5000;  # Nexus’un HTTP portu

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header X-Forwarded-Proto $scheme;

proxy_read_timeout 1800;

        proxy_send_timeout 1800;

    }


   location /v2/ {

        proxy_pass http://localhost:5000/v2/;

        proxy_set_header Host $http_host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header X-Forwarded-Proto https;

        

        proxy_read_timeout 1800;

        proxy_connect_timeout 1800;

        proxy_request_buffering off;

        proxy_send_timeout 1800;

    }


}


server {

        listen 80;

        server_name nexus.local.lab;

        return 301 https://$host$request_uri;

        client_max_body_size 10240M;

        proxy_buffering off;

       }

[root@nexus ~]# 

Test ortamında repoda  den büyük dosyalar bulunduğundan dolayı body size 10G ayarlanmıştır.
Sizlerde büyük dosyalar yoksa bunu düşürebilirsiniz.


Büyük hacimli diskleri niye 512 sector ile kullanalım 4096 byte lık sector kullanabilirken !

 Günümüzde güncel linux dağıtımlarının hepsi 4096byte sector ile sorunsuz çalışmaktadır.  Yukarıda görüldüğü gibi diskler 512/4096 byte şekl...