AKAI TSUKI

System development or Technical something

use hosts plugin of CoreDNS

Before this post, please see
try to use CoreDNS - AKAI TSUKI
use proxy plugin of CoreDNS - AKAI TSUKI

I'd like to perform name resolution(search ipaddress) by referring hosts file.
ref. https://coredns.io/plugins/hosts/

I prepare hosts file.

[root@cent7devops ~]# vi /etc/hosts
[root@cent7devops ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.10.111 gitlab.node01.devlocal node01
172.16.10.112 node02.devlocal node02
172.16.10.113 node03.devlocal node03
172.16.10.90 devops.devlocal devops
[root@cent7devops ~]#

and I edit "Corefile" as follows:

[root@cent7devops ~]# cat Corefile
. {
    proxy . 8.8.8.8:53
    errors
    log
}

devlocal {
    hosts /etc/hosts devlocal {
      172.16.10.114 node04.devlocal
      fallthrough
    }
    errors
    log
}

[root@cent7devops ~]#

and I send a SIGUSR1 signal to the process "coredns".

[root@cent7devops ~]# ps -aef | grep coredns
root      5664  1291  0 01:49 pts/0    00:00:39 coredns -conf Corefile
root     11065  2239  0 17:45 pts/2    00:00:00 grep --color=auto coredns
[root@cent7devops ~]#
[root@cent7devops ~]# kill -SIGUSR1 5664
[root@cent7devops ~]#

Then I check reply from CoreDNS using hosts plugin.

[root@cent7devops ~]# dig -p 53 @localhost A gitlab.node01.devlocal +short
172.16.10.111
[root@cent7devops ~]# dig -p 53 @localhost A gitlab.node01.devlocal +noall +answer

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -p 53 @localhost A gitlab.node01.devlocal +noall +answer
; (2 servers found)
;; global options: +cmd
gitlab.node01.devlocal. 3600    IN      A       172.16.10.111
[root@cent7devops ~]#

Output log is a below text.

[::1]:35747 - [13/Jul/2018:17:53:45 +0900] 27124 "A IN gitlab.node01.devlocal. udp 52 false 4096" NOERROR qr,aa,rd,ra 90 0.000058934s

Besides hosts plugin, CoreDNS can refer to dynamic settings using etcd.
I will try to use it.

use proxy plugin of CoreDNS

Before post, please see try to use CoreDNS - AKAI TSUKI

I configure Corefile to use proxy.
ref. https://coredns.io/plugins/proxy/

[root@cent7devops ~]# cat Corefile
. {
    proxy . 8.8.8.8:53
    errors
    log
}
[root@cent7devops ~]#

I need to send "SIGUSR1(10)" to CoreDNS, when CoreDNS reload Corefile.
ref. https://coredns.io/plugins/reload/
When I sent "SIGHUP(1)", CoreDNS didn't reload Corefile.
Though the web page in the above url described "SIGHUP" or "SIGUSR1".

[root@cent7devops ~]# ps -aef | grep coredns
root      5664  1291  0 01:49 pts/0    00:00:00 coredns -conf Corefile
root      5743  2239  0 01:58 pts/2    00:00:00 grep --color=auto coredns
[root@cent7devops ~]#
[root@cent7devops ~]# kill -10 5664

When CoreDNS reload configuration file, it output the following log.

2018/07/13 02:04:37 [INFO] SIGUSR1: Reloading
2018/07/13 02:04:37 [INFO] Reloading
2018/07/13 02:04:37 [INFO] Reloading complete

Then, I execute the following command.
I can get ipaddress to "akai-tsuki.hatenablog.com" by proxy (8.8.8.8 dns server).

[root@cent7devops ~]# dig -p 53 @localhost A akai-tsuki.hatenablog.com +noall +answer

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -p 53 @localhost A akai-tsuki.hatenablog.com +noall +answer
; (2 servers found)
;; global options: +cmd
akai-tsuki.hatenablog.com. 59   IN      A       13.230.115.161
akai-tsuki.hatenablog.com. 59   IN      A       13.115.18.61
[root@cent7devops ~]#

This is log of above command execution.

[::1]:48264 - [13/Jul/2018:02:05:21 +0900] 63209 "A IN akai-tsuki.hatenablog.com. udp 55 false 4096" NOERROR qr,rd,ra 137 0.170752488s

try to use CoreDNS

I get CoreDNS binary file.

[root@cent7devops ~]# wget https://github.com/coredns/coredns/releases/download/v1.2.0/coredns_1.2.0_linux_amd64.tgz
*snip*
[root@cent7devops ~]# ls coredns_1.2.0_linux_amd64.tgz
coredns_1.2.0_linux_amd64.tgz
[root@cent7devops ~]#
[root@cent7devops ~]# tar xfz coredns_1.2.0_linux_amd64.tgz
[root@cent7devops ~]# ls -1 coredns*
coredns
coredns_1.2.0_linux_amd64.tgz
[root@cent7devops ~]#

I check version.

[root@cent7devops ~]# coredns --version
CoreDNS-1.2.0
linux/amd64, go1.10.3, 2e322f6
[root@cent7devops ~]#

Next, I prepare Corefile. Corefile is configuration file of CoreDNS.

[root@cent7devops ~]# vi Corefile
[root@cent7devops ~]# cat Corefile
. {
    whoami
    errors
    log
}
[root@cent7devops ~]#

I run CoreDNS. Default port for CoreDNS is "53".

[root@cent7devops ~]# coredns -conf Corefile
.:53
2018/07/13 01:49:41 [INFO] CoreDNS-1.2.0
2018/07/13 01:49:41 [INFO] linux/amd64, go1.10.3, 2e322f6
CoreDNS-1.2.0
linux/amd64, go1.10.3, 2e322f6
[root@cent7devops ~]# ss -antp | grep 53
LISTEN     0      128         :::53                      :::*                   users:(("coredns",pid=5596,fd=3))
[root@cent7devops ~]#

I set firewall configuration to DNS.

[root@cent7devops ~]# firewall-cmd --list-services
dhcpv6-client ssh
[root@cent7devops ~]# firewall-cmd --add-service dns
success
[root@cent7devops ~]# firewall-cmd --add-service dns --permanent
success
[root@cent7devops ~]# firewall-cmd --list-services
dhcpv6-client ssh dns
[root@cent7devops ~]#

I got response to dig commnad.

[root@cent7devops ~]# dig -p 53 @localhost AAA .

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -p 53 @localhost AAA .
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25187
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
*snip*

[root@cent7devops ~]#

When I execute dig command, CoreDNS output the following log in STDOUT.

[::1]:37018 - [13/Jul/2018:01:50:05 +0900] 58016 "A IN aaa. udp 33 false 4096" NOERROR qr,aa,rd 92 0.00010228s
[::1]:43725 - [13/Jul/2018:01:50:05 +0900] 13554 "A IN . udp 30 false 4096" NOERROR qr,aa,rd 82 0.000038707s

Install docker using ansible.

I create playbook file "docker_install.yml" to install docker-ce.

---
- name: Install Docker
  hosts: grp_node
  tasks:
  - name: Install package needed for docker-ce
    yum:
      name: '{{ item }}'
      state: installed
    with_items:
      - "yum-utils"
      - "device-mapper-persistent-data"
      - "lvm2"

  - name: Add Docker GPG key.
    rpm_key:
      key: https://download.docker.com/linux/centos/gpg
      state: present

  - name: Check repository
    shell: yum repolist enabled
    args:
      warn: false
    register: repolist_info
    changed_when: false

  - name: debug
    debug:
      var: repolist_info

  - name: Add repository, if don't add yet.
    shell: yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
    when: "'Docker CE Stable' not in repolist_info.stdout"
    ## You can also perform the following writing.
    # when: repolist_info.stdout.find('Docker CE Stable') == -1

  - name: Install docker-ce package
    yum:
      name: '{{ item }}'
      state: installed
    with_items:
      - "docker-ce"

To install docker, I execute following command.

[root@cent7devops ansible-test]# ansible-playbook docker_install.yml -l node01

install AWX on CentOS 7.

Please see this url.
https://github.com/ansible/awx/blob/devel/INSTALL.md


I have already installed docker-ce.

[root@cent7devops installer]# docker version
Client:
 Version:           18.06.0-ce
 API version:       1.38
 Go version:        go1.10.3
 Git commit:        0ffa825
 Built:             Wed Jul 18 19:08:18 2018
 OS/Arch:           linux/amd64
 Experimental:      false

Server:
 Engine:
  Version:          18.06.0-ce
  API version:      1.38 (minimum version 1.12)
  Go version:       go1.10.3
  Git commit:       0ffa825
  Built:            Wed Jul 18 19:10:42 2018
  OS/Arch:          linux/amd64
  Experimental:     false
[root@cent7devops installer]#

and install package.

[root@cent7devops awx]# yum install git
[root@cent7devops installer]# git --version
git version 1.8.3.1
[root@cent7devops installer]#
[root@cent7devops awx]# yum install python2-pip.noarch
[root@cent7devops awx]# pip install -U pip
Collecting pip
  Downloading https://files.pythonhosted.org/packages/5f/25/e52d3f31441505a5f3af41213346e5b6c221c9e086a166f3703d2ddaf940/pip-18.0-py2.py3-none-any.whl (1.3MB)
    100% |????????????????????????????????| 1.3MB 1.1MB/s
Installing collected packages: pip
  Found existing installation: pip 8.1.2
    Uninstalling pip-8.1.2:
      Successfully uninstalled pip-8.1.2
Successfully installed pip-18.0
[root@cent7devops awx]#
[root@cent7devops awx]# pip -V
pip 18.0 from /usr/lib/python2.7/site-packages/pip (python 2.7)
[root@cent7devops awx]#
[root@cent7devops installer]# pip install docker-py
*snip*
Installing collected packages: websocket-client, idna, chardet, urllib3, certifi, requests, docker-pycreds, docker-py
  Found existing installation: idna 2.4
    Uninstalling idna-2.4:
      Successfully uninstalled idna-2.4
  Found existing installation: chardet 2.2.1
    Uninstalling chardet-2.2.1:
      Successfully uninstalled chardet-2.2.1
Successfully installed certifi-2018.4.16 chardet-3.0.4 docker-py-1.10.6 docker-pycreds-0.3.0 idna-2.7 requests-2.19.1 urllib3-1.23 websocket-client-0.48.0
[root@cent7devops installer]#

I execute git clone command.

[root@cent7devops awx]# git clone https://github.com/ansible/awx.git

I confirm invenroty file.

[root@cent7devops work-awx]# cd awx/installer/
[root@cent7devops installer]# cat inventory | grep -v -e "^#.*$" | grep -v -e "^\s*$"
localhost ansible_connection=local ansible_python_interpreter="/usr/bin/env python"
[all:vars]
dockerhub_base=ansible
dockerhub_version=latest
postgres_data_dir=/tmp/pgdocker
host_port=80
docker_compose_dir=/var/lib/awx
pg_username=awx
pg_password=awxpass
pg_database=awx
pg_port=5432
secret_key=awxsecret
[root@cent7devops installer]#

I edit postgres_data_dir parameter.

[root@cent7devops installer]# cp -p inventory inventory.bak
[root@cent7devops installer]# vi inventory
[root@cent7devops installer]# diff inventory inventory.bak
36c36
< postgres_data_dir=/opt/awx/pgdocker
---
> postgres_data_dir=/tmp/pgdocker
[root@cent7devops installer]#

I create directory for "pgdocker".

[root@cent7devops installer]# mkdir -p /opt/awx/pgdocker
[root@cent7devops installer]# ls -l /opt/awx/pgdocker/
total 0
[root@cent7devops installer]#

install docker-compose. (no need?)

[root@cent7devops installer]# curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   617    0   617    0     0    821      0 --:--:-- --:--:-- --:--:--   821
100 11.2M  100 11.2M    0     0  2035k      0  0:00:05  0:00:05 --:--:-- 2575k
[root@cent7devops installer]# chmod +x /usr/local/bin/docker-compose
[root@cent7devops installer]# docker-compose version
docker-compose version 1.22.0, build f46880fe
docker-py version: 3.4.1
CPython version: 3.6.6
OpenSSL version: OpenSSL 1.1.0f  25 May 2017
[root@cent7devops installer]#

I deploy AWX. But an error occurred as follows:

[root@cent7devops installer]# ansible-playbook -i inventory install.yml -vvv

*snip*

TASK [local_docker : Activate postgres container] *************************************************************************************************************************************************************
task path: /root/work-awx/awx/installer/roles/local_docker/tasks/standalone.yml:2
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<localhost> EXEC /bin/sh -c 'echo ~root && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1532795794.42-204748296795817 `" && echo ansible-tmp-1532795794.42-204748296795817="` echo /root/.ansible/tmp/ansible-tmp-1532795794.42-204748296795817 `" ) && sleep 0'
Using module file /usr/lib/python2.7/site-packages/ansible/modules/cloud/docker/docker_container.py
<localhost> PUT /root/.ansible/tmp/ansible-local-13136TVuFdq/tmpIVOUUb TO /root/.ansible/tmp/ansible-tmp-1532795794.42-204748296795817/docker_container.py
<localhost> EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1532795794.42-204748296795817/ /root/.ansible/tmp/ansible-tmp-1532795794.42-204748296795817/docker_container.py && sleep 0'
<localhost> EXEC /bin/sh -c '/usr/bin/env python /root/.ansible/tmp/ansible-tmp-1532795794.42-204748296795817/docker_container.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1532795794.42-204748296795817/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
Traceback (most recent call last):
  File "/tmp/ansible_4MVoKw/ansible_module_docker_container.py", line 2081, in <module>
    main()
  File "/tmp/ansible_4MVoKw/ansible_module_docker_container.py", line 2076, in main
    cm = ContainerManager(client)
  File "/tmp/ansible_4MVoKw/ansible_module_docker_container.py", line 1703, in __init__
    self.present(state)
  File "/tmp/ansible_4MVoKw/ansible_module_docker_container.py", line 1723, in present
    new_container = self.container_create(self.parameters.image, self.parameters.create_parameters)
  File "/tmp/ansible_4MVoKw/ansible_module_docker_container.py", line 825, in create_parameters
    host_config=self._host_config(),
  File "/tmp/ansible_4MVoKw/ansible_module_docker_container.py", line 931, in _host_config
    return self.client.create_host_config(**params)
  File "/usr/lib/python2.7/site-packages/docker/api/container.py", line 157, in create_host_config
    return utils.create_host_config(*args, **kwargs)
TypeError: create_host_config() got an unexpected keyword argument 'init'

fatal: [localhost]: FAILED! => {
    "changed": false,
    "module_stderr": "Traceback (most recent call last):\n  File \"/tmp/ansible_4MVoKw/ansible_module_docker_container.py\", line 2081, in <module>\n    main()\n  File \"/tmp/ansible_4MVoKw/ansible_module_docker_container.py\", line 2076, in main\n    cm = ContainerManager(client)\n  File \"/tmp/ansible_4MVoKw/ansible_module_docker_container.py\", line 1703, in __init__\n    self.present(state)\n  File \"/tmp/ansible_4MVoKw/ansible_module_docker_container.py\", line 1723, in present\n    new_container = self.container_create(self.parameters.image, self.parameters.create_parameters)\n  File \"/tmp/ansible_4MVoKw/ansible_module_docker_container.py\", line 825, in create_parameters\n    host_config=self._host_config(),\n  File \"/tmp/ansible_4MVoKw/ansible_module_docker_container.py\", line 931, in _host_config\n    return self.client.create_host_config(**params)\n  File \"/usr/lib/python2.7/site-packages/docker/api/container.py\", line 157, in create_host_config\n    return utils.create_host_config(*args, **kwargs)\nTypeError: create_host_config() got an unexpected keyword argument 'init'\n",
    "module_stdout": "",
    "msg": "MODULE FAILURE",
    "rc": 1
}
        to retry, use: --limit @/root/work-awx/awx/installer/install.retry

PLAY RECAP ****************************************************************************************************************************************************************************************************
localhost                  : ok=4    changed=0    unreachable=0    failed=1

[root@cent7devops installer]#

I got infomation for error from below pages.
https://groups.google.com/forum/#!topic/awx-project/hWdGoYXFjs0
https://github.com/ansible/ansible/issues/43297
I uninstall docker-py and install docker of python package.

[root@cent7devops installer]# pip uninstall docker-py
Uninstalling docker-py-1.10.6:
  Would remove:
    /usr/lib/python2.7/site-packages/docker/*
    /usr/lib/python2.7/site-packages/docker_py-1.10.6.dist-info/*
Proceed (y/n)? y
  Successfully uninstalled docker-py-1.10.6
[root@cent7devops installer]# pip install docker
*snip*
Installing collected packages: docker
Successfully installed docker-3.4.1
[root@cent7devops installer]#

and retry to deploy AWX. I succeeded now.

[root@cent7devops installer]# ansible-playbook -i inventory install.yml
*snip*
TASK [local_docker : Start the containers] ********************************************************************************************************************************************************************
skipping: [localhost]

PLAY RECAP ****************************************************************************************************************************************************************************************************
localhost                  : ok=12   changed=5    unreachable=0    failed=0

[root@cent7devops installer]#

I confirm docker container status.

[root@cent7devops installer]# docker ps
CONTAINER ID        IMAGE                        COMMAND                  CREATED             STATUS              PORTS                                                 NAMES
1bce3bc17924        ansible/awx_task:latest      "/tini -- /bin/sh -c…"   23 minutes ago      Up 23 minutes       8052/tcp                                              awx_task
94845f8e21e3        ansible/awx_web:latest       "/tini -- /bin/sh -c…"   23 minutes ago      Up 23 minutes       0.0.0.0:80->8052/tcp                                  awx_web
23e88bb7fedc        memcached:alpine             "docker-entrypoint.s…"   26 minutes ago      Up 26 minutes       11211/tcp                                             memcached
0e37308457d8        ansible/awx_rabbitmq:3.7.4   "docker-entrypoint.s…"   26 minutes ago      Up 26 minutes       4369/tcp, 5671-5672/tcp, 15671-15672/tcp, 25672/tcp   rabbitmq
9734b0d16739        postgres:9.6                 "docker-entrypoint.s…"   27 minutes ago      Up 27 minutes       5432/tcp                                              postgres
[root@cent7devops installer]#

and I access to awx web page.

use Ansible vault.

about ansible version

check version.

# ansible --version
ansible 2.6.1
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Jul 13 2018, 13:06:57) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
#

use ansible-vault.

This is inventory file.

# cat hosts
[test]
node01 ansible_host=172.16.10.101 ansible_user=root
#

I encrypt host vars file.

Before:

# cat host_vars/node01.yml
---
ansible_ssh_pass: <pass>
#

I use ansible-vault command to encrypt this file for "Host Variables".

# ansible-vault encrypt host_vars/node01.yml
New Vault password:
Confirm New Vault password:
Encryption successful
#

After:

# cat host_vars/node01.yml
$ANSIBLE_VAULT;1.1;AES256
*snip*
#

After I encrypted inventory file by ansible-vault, I execute ansible without --ask-vault-pass option.
This result is ERROR.

# ansible-playbook -i hosts access.yml

PLAY [test] ****************************************************************************************
ERROR! Attempting to decrypt but no vault secrets found
# 

so I execute ansible without --ask-vault-pass option

# ansible-playbook -i hosts access.yml --ask-vault-pass
Vault password:

PLAY [test] ****************************************************************************************

TASK [Gathering Facts] *****************************************************************************
ok: [node01]

TASK [Execute hostname] ****************************************************************************
changed: [node01]

TASK [Execute id] **********************************************************************************
changed: [node01]

TASK [Execute date] ********************************************************************************
changed: [node01]

PLAY RECAP *****************************************************************************************
node01                     : ok=4    changed=3    unreachable=0    failed=0

#

and I can also use --vault-password-file option.

# vi vault.txt
# ansible-playbook -i hosts access.yml --vault-password-file=./vault.txt

PLAY [test] ****************************************************************************************

*snip*

PLAY RECAP *****************************************************************************************
node01                     : ok=4    changed=3    unreachable=0    failed=0

#

or use --vault-id option.

# ansible-playbook -i hosts access.yml --vault-id vault.txt

PLAY [test] ****************************************************************************************

*snip*

PLAY RECAP *****************************************************************************************
node01                     : ok=4    changed=3    unreachable=0    failed=0

#

I'd like to use ceph dashboard.

Before this page, please check this post.
I'd like to use CephFS on CentOS 7. - AKAI TSUKI

ceph dashboard

I'd like to use ceph dashboard.
http://docs.ceph.com/docs/mimic/mgr/dashboard/

[cuser@ceph01 ~]$ sudo ceph mgr module enable dashboard
[cuser@ceph01 ~]$
[cuser@ceph01 ~]$ sudo ceph mgr module ls
{
    "enabled_modules": [
        "balancer",
        "dashboard",
        "iostat",
        "restful",
        "status"
    ],
    "disabled_modules": [
        {
            "name": "hello",
            "can_run": true,
            "error_string": ""
        },
        {
            "name": "influx",
            "can_run": false,
            "error_string": "influxdb python module not found"
        },
        {
            "name": "localpool",
            "can_run": true,
            "error_string": ""
        },
        {
            "name": "prometheus",
            "can_run": true,
            "error_string": ""
        },
        {
            "name": "selftest",
            "can_run": true,
            "error_string": ""
        },
        {
            "name": "smart",
            "can_run": true,
            "error_string": ""
        },
        {
            "name": "telegraf",
            "can_run": true,
            "error_string": ""
        },
        {
            "name": "telemetry",
            "can_run": true,
            "error_string": ""
        },
        {
            "name": "zabbix",
            "can_run": true,
            "error_string": ""
        }
    ]
}
[cuser@ceph01 ~]$
[cuser@ceph01 ~]$ sudo ceph dashboard create-self-signed-cert
Self-signed certificate created
[cuser@ceph01 ~]$

[cuser@ceph01 ~]$ sudo ceph dashboard set-login-credentials test <pass>
Username and password updated
[cuser@ceph01 ~]$

[cuser@ceph01 ~]$ sudo ceph mgr services
{
    "dashboard": "https://172.16.10.111:8080/"
}
[cuser@ceph01 ~]$
[cuser@ceph01 ~]$ sudo ceph config dump
WHO   MASK LEVEL   OPTION                 VALUE                                                        RO
  mgr      unknown mgr/dashboard/password <aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa> *
  mgr      unknown mgr/dashboard/username test                                                         *
[cuser@ceph01 ~]$

[cuser@ceph01 ~]$ sudo ceph mgr services
{
    "dashboard": "https://ceph01:8080/"
}
[cuser@ceph01 ~]$

I can see ceph dashboard "https://ceph01:8080/".