What is DevOps? DevOps Kya hai?

DevOps is not a tool or a software. DevOps simply is a hassle free process to implement, develop and deliver the product to client. It's allow best coordination between Development and IT operation team to work together, faster.

DevOps first described in 2009 by Patrick Debois. As mentioned DevOps is not a specific technology, but a tactical approach, by working together. In this process development and operation team together can dismantle the roadblock and focus to improving and following the smooth process to create, deploy, and monitoring the software. 

Thanks.!

Let’s Encrypt SSL Certificate in Linux Nginx.

Let’s Encrypt is a free and open certificate authority developed by the Internet Security Research Group (ISRG). Certificates issued by Let’s Encrypt are trusted by almost all browsers today.

Prerequisites.

1. You have a domain name pointing to your public server IP. In this tutorial, we will use nazitech.com.
2. You have enabled the EPEL repository and installed Nginx.

Step-1 Install Certbot.

To install the certbot package form the EPEL repository run.

Before installing certboat install python and python-pip.

sudo apt-get install python
sudo apt-get install python-pip
sudo apt-get install certbot

Now install certbot Nginx plugin.

python3.6 -m pip install certbot-nginx
or
apt-get install python-certbot-nginx

You can now run Certbot with the Webroot plugin and obtain the SSL certificate files for your domain by issuing:

certbot --nginx -d nazitech.com -d www.nazitech.com

If the SSL certificate is successfully obtained, certbot will print the following message:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/nazitech.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/nazitech.com/privkey.pem
   Your cert will expire on 2018-06-11. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF: https://eff.org/donate-le

Now that you have the certificate files. You can edit your Nginx conf file.

/etc/nginx/nginx.conf

server {
    listen 80;
    server_name www.example.com example.com;
}
server {
     listen 443 ssl http2;
     server_name  172.16.0.36;
     ssl_certificate /etc/letsencrypt/live/nazitech.com/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/nazitech.com/privkey.pem;
     ssl_trusted_certificate /etc/letsencrypt/nazitech.com/chain.pem;
     ssl_dhparam /etc/ssl/certs/dhparam.pem;
location / {
     proxy_pass http://ywebsite.co.in;
     proxy_http_version 1.1;
       }
}

Don’t forget to add Proxy_HTTP_version in the location line.

Restart Nginx service and check.

sudo systemctl restart nginx

Thnaks..!!

Nginx Error 413, Request Entity Too Large

What is 413 Error?

413 HTTP error occurs when the size of a client’s request exceeds the server’s file size limit. This happens when a client attempts to upload a large file to a Nginx server.

Let's fix this.

The directive which determines what the allowable HTTP request size can be is client_max_body_size. You can add that directive in either an http, server, or location block in nginx.conf file located at /etc/nginx/nginx.conf.

server {
    client_max_body_size 100M; #As much as you can set according to your use case.
    ...
}

How to Install and Configure Nginx proxy pass on centos

Nginx is a web server which can also be used as a reverse proxy, load balancer, mail proxy, and HTTP cache. The software was created by Igor Sysoev and first publicly released in 2004.

This tutorial will teach you how to install and start Nginx on your CentOS server.

Step-1 Add Nginx Repository.

$sudo yum install epel-release

Step-2 Install Nginx.

$sudo yum install nginx

Step-3 Start Nginx service.

After installation Nginx, use the below commands to start and enable the Nginx service.

$sudo systemctl start nginx

$sudo systemctl enable nginx

Check the status of the Nginx service with the following command.

$sudo systemctl status nginx

The output should look something like this.

nginx.service - The nginx HTTP and reverse proxy server

  Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)

  Active: active (running) since Mon 2018-03-12 16:12:48 UTC; 2s ago

  Process: 1677 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)

  Process: 1675 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)

  Process: 1673 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)

Main PID: 1680 (nginx)

  CGroup: /system.slice/nginx.service

          ├─1680 nginx: master process /usr/sbin/nginx

          └─1681 nginx: worker process

If you are running a firewall, allow HTTP “80” and HTTPS “443” traffic, run the below commands.

$sudo firewall-cmd --permanent --zone=public --add-service=http 

$sudo firewall-cmd --permanent --zone=public --add-service=https

$sudo firewall-cmd --reload

Step-4 Verify installation.

To verifying the Nginx installation open your browser and type http://YOUR_SERVER_IP 

You will see the default Nginx welcome page as shown in the image below.

Configure the reverse proxy Nginx.

Open Nginx configuration file in your choice editor.

$sudo vim /etc/nginx/nginx.conf

Configure your setting as an example given below and save & exit.

server {

      listen 443 ssl http2;

      server_name  172.16.x.x #Domain name or IP

location / {

       proxy_pass http://bizdirect-coupons-async.172.16.1.0.nip.io; #Where you want to redirect your request localy. 

             proxy_http_version 1.1;

        }

}

server {

      listen 80;

      server_name  172.16.x.x; # Put Domain name or IP here.

location / {

       proxy_pass http://bizdirect-coupons-async172.16.1.0.nip.io; #Where you want to redirect your request localy.

             proxy_http_version 1.1;

        }

}

Restart Nginx service.

$sudo systemctl restart nginx

Conclusion.

Congratulations, you have successfully installed Nginx on your CentOS server.

You’re now ready to start deploying your applications and use Nginx as a web or proxy server.

Migrate EC2-Classic Instance to VPC

AWS retire the EC2-Classic environment on 15th August 2022 and you will need to migrate your AWS resources from EC2-Classic to Amazon VPC before this date. 

What is classic and VPC network in AWS?

i) Classic network is where your instance run in a single flat network that is shared with other customers.

ii) VPC network is logically isolated to only your AWS account. Ec2 VPC instance run in a virtual private cloud.

Migration Process.

First create VPC network if not created or you can use default VPC network if it is already there.

1. Create AMI of which server you want to migrate.

2. Create new (SG) security group or copy existing security group under VPC network.

3. Create Elastic public IP under VPC scope.

Now you are ready to launch instance under VPC.

4. Click launch instance and select your AMI which you have created.

5. Fill all the required details. while you select the network select VPC network and subnets.

6. If all goes good your instance will be ready under VPC network.

To verify the instance created under VPC network or not.

From console select instance verify VPC ID.

From AWS CLI run below command to verify.

aws ec2 describe-instances

--region us-east-1

--output table

--query 'Reservations[*].Instances[*].InstanceId'

Done..!!☝

Jenkins, Backup server setup. If master crash.

 

In this blog we will restore Jenkins backup in a new Jenkins server. where you can restore you previous or existing Jenkins backup in to a new Jenkins server. 

To complete this process you should have Jenkins backup with you.

>> Let's start.<< 

First we need to setup a new server and install Jenkins on it.

Now restore the old Jenkins backup to the new server under /$JENKINS_HOME folder /var/lib/Jenkins.

Create SSH secret file in Jenkins home directory with command ssh-keygen

Put SSH public key “id_rsa.pub” key into GitLab ssh-key-access settings.

And also put the public key “id_rsa.pub” key into the deployment server for communication between the Jenkins server to the deployment server.

Note: White list the new Jenkins server public IP for Gitlab server and deployment servers on AWS or respective cloud.

Terraform vs Pulumi

This article is all about terraform vs pulumi difference.

There are many (IaC) infrastructure as code tools are available. but today we are going to understand the two most popular IaC tool currently in the market. 

1. Terraform

2. Pulumi

What is Terraform?

It is an open-source laC solution that helps you maintain and provision cloud infrastructures. You use a custom declarative language to describe Terraforms required components. Then, Terraform generates a plan to achieve your desired outcome.

Terraform a domain-specific language (DSL) called HashiCorp Configuration Language (HCL). HCL provides arguments, expressions, and blocks to simplify the Terraform configuration.

Below is the terraform example code.

provider "aws" {

  profile    = "default"
  region     = "us-east-1"
}

resource "aws_instance" "example" {
  ami           = "ami-2757f001"
  instance_type = "t2.micro"
}

What is Pulumi?

It is fast-growing IaC solution. You can use it to maintain, deploy, and configure resources on your cloud infrastructure, as well as improve its efficiency.

It supports multiple private, hybrid, and public cloud providers such as OpenStack, Kubernetes, Google Cloud, Azure, Amazon Web Services (AWS), and phoenixNAP Bare Metal Cloud.

Pulumi is a multi-language infrastructure as code tool. Pulumi supports all major language.

The following language runtimes are currently supported by Pulumi.

• Node.js
• Python
• Go
• C#
• Java
• YAML

You can chose any language to write your Infra. Below is example python code.

import pulumi

from pulumi_aws import s3

# Create an AWS resource (S3 Bucket)

bucket = s3.Bucket('test-bucket')

# Export the name of the bucket

pulumi.export('bucket_name',  bucket.id)

Cop

How To Install Jenkins on Linux, CentOS-7

Install Jenkins on Linux, CentOS-7.

About Jenkins, why a DevOps engineer prefers Jenkins for CI/CD. Well, it is an open source continuous integration and continuous delivery (CI &CD) server with which organizations can automate their software development process.

This tutorial will teach you how to install and start Jenkins on Linux server.

Step-1 Update your Linux system.

sudo yum install epel-release

sudo yum update

Step 2: Install Java.

sudo yum install java-1.8.0-openjdk.x86_64

After installing Java you can verify it by running the flowing command.

java -version

This command will let you know the runtime environment of the java version.

openjdk version "1.8.0_91"

OpenJDK Runtime Environment (build 1.8.0_91-b14)

OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)

Step 3: Install Jenkins.

Start by importing the repository key from Jenkins.

sudo rpm --import https://jenkins-ci.org/redhat/jenkins-ci.org.key

After importing the key, add the repository to the system

sudo wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-

ci.org/redhat/jenkins.repo

Now install the Jenkins package using yum or apt-get

sudo yum install jenkins

You can now start Jenkins service using:

sudo systemctl start jenkins

sudo systemctl enable jenkins

sudo systemctl status jenkins

Status should return in running state.

$ sudo systemctl status jenkins
● jenkins.service - LSB: Jenkins Automation Server

Loaded: loaded (/etc/rc.d/init.d/jenkins; bad; vendor preset: disabled)

Active: active (running) since Thu 2018-10-25 12:25:55 EAT; 4s ago

Docs: man:systemd-sysv-generator(8)

Process: 2487 ExecStart=/etc/rc.d/init.d/jenkins start (code=exited, status=0/SUCCESS)
CGroup: /system.slice/jenkins.service
└─2508 /etc/alternatives/java -Dcom.sun.akuma.Daemon=daemonized -Djava.awt.headless=true -DJENKINS_HOME=/var/lib/jenkins -jar /usr/lib/j...

Oct 25 12:25:54 jenkins.example.com systemd[1]: Starting LSB: Jenkins Automation Server...
Oct 25 12:25:54 jenkins.example.com runuser[2492]: pam_unix(runuser:session): session opened for user jenkins by (uid=0)
Oct 25 12:25:55 jenkins.example.com jenkins[2487]: Starting Jenkins [ OK ]
Oct 25 12:25:55 jenkins.example.com systemd[1]: Started LSB: Jenkins Automation Server.

Enable port 8080/tcp on the firewall to access Jenkins in web browser.

sudo firewall-cmd --add-port=8080/tcp --permanent

sudo firewall-cmd --reload

sudo firewall-cmd --list-all

Service should be listening on port 8080:

netstat -tunelp | grep 8080

tcp LISTEN 0 50 :::8080 :::*

Unblocking Jenkins.

Browse to the URL http://[serverip or hostname]:8080 to access the web installation wizard.

When you first access a new Jenkins instance, you are asked to unlock it using an automatically generated password.

The admin password is created and stored in the log file “/var/log/jenkins/jenkins.log“. Run the below command to get the password.

sudo grep -A 5 password /var/log/jenkins/jenkins.log

Copy the password and paste it in the above windows and click continue.

In the next windows Select the option: Install suggested plugins.

As we can see required plugin installation are in the process. Once plugin installation is done. It will ask to create an Admin user.

Click on save and finish.

Enjoy automating your jobs with Jenkins.

Change Jenkins Default Port 8080 in Linux

Change Jenkins Default Port 8080 in Linux CentOS 7.

Here we will learn how to change Jenkins default port 8080 to any desired port. I will use port 8123 for my Jenkins server.

1. Open Jenkins configuration file by using vim or any editor.

 #sudo vim /etc/sysconfig/jenkins

2. Inside the configuration file find the flowing line ‘JENKINS_PORT=”8080"’ and replace the port which you want to use.

Type: integer(0:65535)
Default: 8080
ServiceRestart: jenkins
Port Jenkins is listening on
Set to -1 to disableJENKINS_PORT=”8123"

3. After made the changes save and exit. And restart Jenkins service.

#sudo systemctl restart jenkins

4. You can verify now to accessing Jenkins on updated port.

You are done now..!! Enjoy.

Enable 2FA in GitHub Account

1. Log in to your GitHub account open the menu from the top-right icon that shows your account image. Select “Your Profile”

2. Click on the “Edit Profile” or “Your profile picture” from the resulting page then click on “Security” and click “Enable two-factor-authentication”

3. Chose “ Setup using SMS” or “Set up two-factor authentication” option.

4. Finally, make a record of the recovery codes download and click next.

5. Now fill the require details and click enable.

                                                        

                                                          All Done….!!!