7 Kasım 2024 Perşembe

quay ile eğlence

 

postgreql de quayadmin parola değişimi

quaydb=# CREATE EXTENSION pgcrypto;
CREATE EXTENSION
quaydb=# UPDATE "user"
quaydb-# SET password_hash = crypt('quayadmin', gen_salt('bf')), verified = true
quaydb-# WHERE username = 'quayadmin';
UPDATE 1
quaydb=#
 

config.yml

DISTRIBUTED_STORAGE_PREFERENCE: ["local_storage"]
DISTRIBUTED_STORAGE_CONFIG:
  local_storage:
    - LocalStorage
    - storage_path: /opt/quay/storage
DB_URI: "postgresql://quayuser:quaypass@192.168.251.94:5432/quaydb"
DB_CONNECTION_ARGS:
  autorollback: true
DATABASE_SECRET_KEY: quaypasssevretpak
SERVER_HOSTNAME: "quay.local.lab"
BUILDLOGS_REDIS:
  host: "192.168.251.94"
  password: "redispass"
  port: 6379
USER_EVENTS_REDIS:
  host: "192.168.251.94"
  port: 6379
  password: "redispass"
HOSTNAME: "quay.local.lab"
PREFERRED_URL_SCHEME: https
SSL_CERTIFICATE: /conf/stack/ssl/ssl.cert
SSL_PRIVATE_KEY: /conf/stack/ssl/ssl.key
SETUP_COMPLETE: true
CREATE_NAMESPACE_ON_PUSH: true
SUPER_USERS:
  - "quayadmin"
FEATURE_MAILING: false

 

 

quay-olustur
¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬
#!/bin/bash
REDHAT_USERNAME="redhat@paycore.com"  # Set your Red Hat username
REDHAT_PASSWORD='0Wp#ELCNFc=x!0Bg'  # Set your Red Hat password
QUAY_USERNAME="redhat@paycore.com"  # Set your Quay username
QUAY_PASSWORD='0Wp#ELCNFc=x!0Bg'  # Set your Quay password

LOG_FILE="/var/log/quay-install.log"
QUAY_DIR="/opt/quay"
QUAY_IMAGE="registry.redhat.io/quay/quay-rhel8:v3.12.4-6"
POSTGRES_IMAGE="registry.redhat.io/rhel8/postgresql-13:latest"
REDIS_IMAGE="registry.redhat.io/rhel8/redis-6:latest"

# Log yazma fonksiyonu
log() {
    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a $LOG_FILE
}

deploy_quay() {
    remove_existing_pod "quay"
    log "Deploying Quay..."
    podman run -d \
        --name quay \
        --restart=always \
        -v ${QUAY_DIR}/config:/conf/stack:Z \
        -v ${QUAY_DIR}/storage:/datastorage:Z \
        -v ${QUAY_DIR}/config:/opt/quay/config:Z \
        -e CONFIG_APP_PASSWORD=quaypass \
        -e DATABASE_SECRET_KEY=quaydatasecret \
        -e SERVER_HOSTNAME="quay.local.lab" \
        -e DB_URI="postgresql://quayuser:quaypass@192.168.251.94:5432/quaydb" \
        -e REDIS_HOST="192.168.251.94" \
        -e REDIS_PASSWORD="redispass" \
        -e SUPER_USERS="quayadmin" \
        -p 80:8080 -p 443:8443 \
        ${QUAY_IMAGE} || {
        log "ERROR: Failed to deploy Quay."
        exit 1
    }
    log "Quay deployed successfully."
}


deploy_quay
exit 0





----------------------------------------------------------------------------------------------
quay için ssl sertifikası üretmek

[root@bastion quay]# cat ssl.sh 

#!/bin/bash


DOMAIN="bastion.local.lab"

CERT_DIR="/quay/config/ssl"

DAYS_VALID=3650


mkdir -p "$CERT_DIR"


# Geçici openssl config dosyası oluşturuluyor

OPENSSL_CNF=$(mktemp)


cat > "$OPENSSL_CNF" <<EOF

[req]

default_bits       = 4096

prompt             = no

default_md         = sha256

req_extensions     = req_ext

distinguished_name = dn


[dn]

C = TR

ST = Malatya

L = Hekimhan

O = MyLab

OU = Dev

CN = $DOMAIN


[req_ext]

subjectAltName = @alt_names


[alt_names]

DNS.1 = $DOMAIN

IP.1 = 10.253.10.10

IP.2 = 10.88.0.1

EOF



# Sertifika ve anahtar oluşturuluyor

openssl req -x509 -nodes -days "$DAYS_VALID" -newkey rsa:4096 \

  -keyout "$CERT_DIR/ssl.key" \

  -out "$CERT_DIR/ssl.cert" \

  -config "$OPENSSL_CNF" -extensions req_ext


# Geçici dosya siliniyor

rm -f "$OPENSSL_CNF"


# Sonuç

if [[ -f "$CERT_DIR/ssl.cert" && -f "$CERT_DIR/ssl.key" ]]; then

    echo "✅ SAN içeren SSL sertifikası başarıyla oluşturuldu:"

    echo "  - $CERT_DIR/ssl.cert"

    echo "  - $CERT_DIR/ssl.key"

else

    echo "❌ Sertifika oluşturulamadı!"

    exit 1

fi


[root@bastion quay]# 


----------------------------------------------------------------------------------------------

 

 

zaman: Hiç yorum yok:

2 Kasım 2024 Cumartesi

sonatype nexus kurulumu + nginx proxy ayarlanması

container uygulamaları için yerel repoya ihtiyacınız olursa nexus kullanabilirsiniz.
Aşağıdaki linkteki script rhel8  tabanlı sistemlerde  test edilmiştir.
https://akyuz.tech/nexus-kurulum/install-nexus.sh


remzi@fedora:~$ cat  nexus-kurulum/install-nexus.sh
#!/bin/bash

# Variables
NEXUS_VERSION="3.77.2-02"
NEXUS_TAR="nexus-${NEXUS_VERSION}-unix.tar.gz"
NEXUS_DOWNLOAD_URL="https://download.sonatype.com/nexus/3/${NEXUS_TAR}"
JAVA_VERSION="17"
NEXUS_USER="nexus"
NEXUS_UID=30033
NEXUS_GID=30033
INSTALL_DIR="/app/nexus"
REPO_DIR="/app/data/nexus-repo"
WORK_DIR="/app/data/nexus/sonatype-work"
DATA_DIR="${WORK_DIR}/nexus3"
NEXUS_PORT=8081

# Ensure script is run as root
if [ "$(id -u)" -ne 0 ]; then
  echo "Please run this script as root."
  exit 1
fi

# Check if JDK 17 is installed and skip installation if it is
if rpm -qa | grep -q 'java-17-openjdk'; then
  echo "JDK ${JAVA_VERSION} is already installed, skipping installation."
else
  echo "Installing JDK ${JAVA_VERSION}..."
  yum install -y java-17-openjdk java-17-openjdk-devel
fi

# Verify JDK installation
java_version=$(java -version 2>&1 | head -n 1 | grep -o "17")
if [ "$java_version" != "$JAVA_VERSION" ]; then
  echo "JDK ${JAVA_VERSION} installation failed."
  exit 1
else
  echo "JDK ${JAVA_VERSION} is ready for use."
fi

# Create Nexus user with specified UID and GID
echo "Creating Nexus user and group..."
getent group ${NEXUS_GID} >/dev/null || groupadd -g ${NEXUS_GID} ${NEXUS_USER}
getent passwd ${NEXUS_UID} >/dev/null || useradd -u ${NEXUS_UID} -g ${NEXUS_GID} -m -d ${INSTALL_DIR} -s /sbin/nologin ${NEXUS_USER}

# Create necessary directories
echo "Creating application, repository, work, and data directories..."
mkdir -p ${INSTALL_DIR}
mkdir -p ${REPO_DIR}
mkdir -p ${WORK_DIR}
mkdir -p ${DATA_DIR}
chown -R ${NEXUS_USER}:${NEXUS_USER} ${INSTALL_DIR} ${REPO_DIR} ${WORK_DIR} ${DATA_DIR}

# Check if Nexus tar file is already downloaded in the current directory
if [ -f "./${NEXUS_TAR}" ]; then
  echo "Found existing Nexus archive in current directory. Using it for installation."
  cp ./${NEXUS_TAR} /tmp/
else
  # Download Nexus if not found locally
  echo "Downloading Nexus Repository..."
  curl -L -o /tmp/${NEXUS_TAR} ${NEXUS_DOWNLOAD_URL}
fi

# Extract Nexus and set permissions
echo "Installing Nexus Repository..."
tar -xzf /tmp/${NEXUS_TAR} -C ${INSTALL_DIR} --strip-components=1
chown -R ${NEXUS_USER}:${NEXUS_USER} ${INSTALL_DIR}
rm -f /tmp/${NEXUS_TAR}

# Configure Nexus to run as nexus user
echo "Configuring Nexus to run as ${NEXUS_USER}..."
echo "run_as_user=\"${NEXUS_USER}\"" > ${INSTALL_DIR}/bin/nexus.rc

# Configure nexus.vmoptions file with absolute paths
echo "Configuring nexus.vmoptions..."
NEXUS_VMOPTIONS="${INSTALL_DIR}/bin/nexus.vmoptions"

if [ -f "$NEXUS_VMOPTIONS" ]; then
  # Update or add specific lines in nexus.vmoptions using sed
  sed -i "s|^-XX:LogFile=.*|-XX:LogFile=${DATA_DIR}/log/jvm.log|" "$NEXUS_VMOPTIONS"
  sed -i "s|^-Dkaraf.data=.*|-Dkaraf.data=${DATA_DIR}|" "$NEXUS_VMOPTIONS"
  sed -i "s|^-Dkaraf.log=.*|-Dkaraf.log=${DATA_DIR}/log|" "$NEXUS_VMOPTIONS"
  sed -i "s|^-Djava.io.tmpdir=.*|-Djava.io.tmpdir=${DATA_DIR}/tmp|" "$NEXUS_VMOPTIONS"
else
  # If nexus.vmoptions does not exist, create it with the required settings
  cat <<EOL > "$NEXUS_VMOPTIONS"
-XX:LogFile=${DATA_DIR}/log/jvm.log
-Dkaraf.data=${DATA_DIR}
-Dkaraf.log=${DATA_DIR}/log
-Djava.io.tmpdir=${DATA_DIR}/tmp
EOL
fi

# Set absolute paths in nexus-default.properties
if [ -f "${INSTALL_DIR}/etc/nexus-default.properties" ]; then
  sed -i "s|nexus-work=.*|nexus-work=${WORK_DIR}|" ${INSTALL_DIR}/etc/nexus-default.properties
  echo "data-dir=${DATA_DIR}" >> ${INSTALL_DIR}/etc/nexus-default.properties
fi

# Create a systemd service for Nexus with environment variables for paths
echo "Creating systemd service for Nexus..."
cat <<EOL > /etc/systemd/system/nexus.service
[Unit]
Description=Nexus Repository Manager
After=network.target

[Service]
Type=forking
LimitNOFILE=65536
Environment="NEXUS_HOME=${INSTALL_DIR}"
Environment="NEXUS_DATA=${DATA_DIR}"
Environment="HOME=${DATA_DIR}"
Environment="JAVA_TOOL_OPTIONS=-Duser.home=${DATA_DIR}"
Environment="INSTALL4J_ADD_VM_PARAMS=-Dkaraf.data=${DATA_DIR} -Dkaraf.home=${INSTALL_DIR} -Dkaraf.base=${INSTALL_DIR} -Djava.io.tmpdir=${DATA_DIR}/tmp"
ExecStart=${INSTALL_DIR}/bin/nexus start
ExecStop=${INSTALL_DIR}/bin/nexus stop
User=${NEXUS_USER}
Restart=on-abort

[Install]
WantedBy=multi-user.target
EOL

# Open firewall port for Nexus and make it permanent
echo "Configuring firewall for Nexus..."
firewall-cmd --permanent --add-port=${NEXUS_PORT}/tcp
firewall-cmd --reload

# Enable and start Nexus service
echo "Enabling and starting Nexus service..."
systemctl daemon-reload
systemctl enable nexus
systemctl start nexus

echo "Nexus installation and setup complete. Nexus is accessible on port ${NEXUS_PORT}."

remzi@fedora:~$


nexus direk erişime açmak istemediğimiz durumlarda önüne bir tane nginx koyabiliriz.
Lab ortamında sorunlar giderilmiş ve test edilmiş örnek nginx ayar dosyası aşağıdadır.


[root@nexus ~]# decomment /etc/nginx/conf.d/nexus.conf 

server {

    listen 443 ssl;

    server_name nexus.local.lab;

    client_max_body_size 10240M;

    client_body_buffer_size  1024M;

    client_body_temp_path /mnt/nginx_temp 1 2;

    proxy_buffering off;

    ssl_certificate /etc/nginx/ssl/nexus.crt;

    ssl_certificate_key /etc/nginx/ssl/nexus.key;


    location / {

        proxy_pass http://localhost:5000;  # Nexus’un HTTP portu

        proxy_set_header Host $host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header X-Forwarded-Proto $scheme;

proxy_read_timeout 1800;

        proxy_send_timeout 1800;

    }


   location /v2/ {

        proxy_pass http://localhost:5000/v2/;

        proxy_set_header Host $http_host;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header X-Forwarded-Proto https;

        

        proxy_read_timeout 1800;

        proxy_connect_timeout 1800;

        proxy_request_buffering off;

        proxy_send_timeout 1800;

    }


}


server {

        listen 80;

        server_name nexus.local.lab;

        return 301 https://$host$request_uri;

        client_max_body_size 10240M;

        proxy_buffering off;

       }

[root@nexus ~]# 

Test ortamında repoda  den büyük dosyalar bulunduğundan dolayı body size 10G ayarlanmıştır.
Sizlerde büyük dosyalar yoksa bunu düşürebilirsiniz.


zaman: Hiç yorum yok:
Kaydol: Kayıtlar (Atom)

Büyük hacimli diskleri niye 512 sector ile kullanalım 4096 byte lık sector kullanabilirken !

 Günümüzde güncel linux dağıtımlarının hepsi 4096byte sector ile sorunsuz çalışmaktadır.  Yukarıda görüldüğü gibi diskler 512/4096 byte şekl...