Coments are closed
Kubernetes is an open-source system used for automating the deployment, scaling, and management of containerized applications. Kubernetes is enterprise-ready and can be installed on various platforms. I've already touched on how to get Kubernetes up and running on Ubuntu Server (see 'How to quickly install Kubernetes on Ubuntu'). This time around, I'm going to walk you through the process of setting up a Kubernetes cluster on CentOS 7. This makes for an outstanding one-two punch for your containerized applications.
SEE: Quick glossary: Storage (Tech Pro Research)
I'll be demonstrating with three CentOS 7 servers (at the following IP addresses):
And now install the Cinnamon Desktop Environment from EPEL Repository: # yum --enablerepo=epel -y install cinnamon* Input a command like below after finishing installation: # echo 'exec /usr/bin/cinnamon-session' >> ~/.xinitrc # startx Cinnamon Desktop Environment will start. Install Yarn on CentOS 7 Yarn is a advanced package management tool for Javascript applications mostly used for Node.js applications. Yarn is compatible with npm used for installing, configuring, updating and removing npm packages. Yum install -y wine wxPython cabextract SDL.i686 p7zip-plugins p7zip ImageMagick libXaw xterm mesa-dri-drivers.i686 mesa-libGL.i686 libGLEW.i686 mesa-libGLU.i686 nc yum install -y playonlinux.
Make sure to change the IP addresses to fit your needs. You'll also need root access on all three servers. I do suggest first testing this on virtual machines, before attempting the installation on production servers.
With that said, let's install.
The first thing you want to do is configure your /etc/hosts file, so that each machine can ping one another via hostname. So on each machine, issue the su command (to change to the root user) and then edit the file with the command nano /etc/hosts. At the end of the file, append the following (again, adjusting the IP addresses to fit your needs):
Save and close that file.
Now we need to disable both SELinux and swap. On all three machines, issue the following commands:
Next, disable swap (on all three machines) with the following command:
We must also ensure that swap isn't re-enabled during a reboot on each server. Open up the /etc/fstab and comment out the swap entry like this:
For our next trick, we'll be enabling the br_netfilter kernel module on all three servers. This is done with the following commands:
It's time to install the necessary Docker tool. On all three machines, install the Docker-ce dependencies with the following command:
Next, add the Docker-ce repository with the command:
Install Docker-ce with the command:
This is also done on all three servers. First we need to create a repository entry for yum. To do this, issue the command nano /etc/yum.repos.d/kubernetes.repo and then add the following contents:
Save and close that file. Install Kubernetes with the command:
Once the installation completes, reboot all three machines. As soon as each machine has rebooted, log back in and su to the root user.
Now we need to ensure that both Docker-ce and Kubernetes belong to the same control group (cgroup). By default, Docker should already belong to cgroupfs (you can check this with the command docker info grep -i cgroup). To add Kubernetes to this, issue the command:
Restart the systemd daemon and the kubelet service with the commands:
We're now ready to initialize the Kubernetes cluster. This is done on kubemaster (and only on that machine). On kubemaster, issue the command (again, adjusting the IP addresses to fit your needs):
When this completes (it'll take anywhere from 30 seconds to 5 minutes), the output should include the joining command for your nodes (Figure A).
Figure A
Once that completes, head over to kube2 and issue the command (adjusting the IP address to fit your needs):
Where TOKEN and DISCOVERY_TOKEN are the tokens displayed after the initialization command completes.
Before Kubernetes can be used, we must take care of a bit of configuration. Issue the following three commands (to create a new .kube configuration directory, copy the necessary configuration file, and give the file the proper ownership):
Now we must deploy the flannel network to the cluster with the command:
Once the deploy command completes, you should be able to see both nodes on the master, by issuing the command kubectl get nodes (Figure B).
Figure B
Congratulations, you now have a Kubernetes cluster ready for pods. I'll be demonstrating how to deploy your first pod when next we visit the Kubernetes topic. Until then, happy clustering!
Just because Linux is an incredibly secure platform out of the box doesn't mean that you don't need to take extra steps to lock it down even tighter. With every distribution, there are different ways you can harden the operating system. No matter what flavor you use for your servers, an intrusion detection system should be considered a must-have.
One intrusion detection system that works great on CentOS 7 is Advanced Intrusion Detection Environment, aka AIDE. AIDE works by taking a snapshot of the host, any modification times, all register hashes, and other important file-related data. From this snapshot, a database is created that checks and verifies file integrity. With AIDE watching over your CentOS 7 system, you will be kept apprised of any malicious change within the server.
SEE: Securing Linux policy (Tech Pro Research)
Let's get AIDE installed and working.
The only things you'll need for this is a working CentOS 7 server and an account with sudo privileges.
AIDE can be installed from the standard repositories. Before you install, make sure CentOS 7 is up to date. Remember, the update process can include the kernel. Should that happen, a reboot will be required, so it's best to run the update at a time when a reboot is possible.
Open a terminal window and issue the command:
When prompted, accept the update by typing y. When the update completes, reboot (if necessary). You can now install AIDE with the command:
Once the installation completes, you need to generate a database for AIDE with the command:
Once the database is created, you'll have your bash prompt return to you (Figure A).
Figure A
The newly created database must be renamed. To do that, issue the command:
With the database renamed, check to make sure AIDE can see it with the command:
The database should check out at this point (Figure B).
Figure B
Let's add a crontab to run a check every midnight. Do this with the commands:
Once you set the cron job, exit out of the root user with the command exit.
Let's create a file and see if AIDE detects it. Issue the command:
Run the AIDE test again with the command:
AIDE will report on the newly created file (Figure C).
Figure C
After reviewing the report, make sure to update the AIDE database (so it won't continue to report the same newly created file) with the command:
Since we set AIDE up as a standard cron job, you need to manually check the AIDE log file. To do that, you must su to the root user and issue the command:
You can then comb through that log file to see if anything untoward has happened with your CentOS 7 server. If you want to get creative, you could even write a bash script that runs an AIDE check and then mails the output to you, and then set that script to run as the cron job (instead of the regular aide—check command).
One thing to remember, if you see AIDE report something that isn't malicious (such as the installation of a necessary piece of software or a configuration change you made), make sure to run the update command again, so it won't continue reporting on that same issue.
And that's the gist of getting the Advanced Intrusion Detection Environment up and running. Your CentOS 7 server will thank you for the added security.
Tags: Unduh Video Mp3 maalaala mo kaya klasiks 'karnabal' 0ucfwsmazlg, Video Songs, movie video, download video gratis, lirik, kualitas terbaik, mp3 gratis, stafaband, muviza, album gratis, free download music, kumpulan lagu terbaru, download soundtrack, gudanglagu, mp3skull, langitmusik, mp3http, muvibee, lirik lagu, yousuve, muviza, full album stafaband, wapgrab, bursalagu, freshlagu, wapindo, waptrick, reverbnation, mp3juices, emp3z, sharelagu, urduweb, freelagu, savelagu, bursa lagu, lagu bagus.. Maalaala mo kaya theme song free mp3 download mp3.
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
Sign up today Sign up today