Thursday, May 16, 2019

Best performance Settings Windows 10 VM KVM OpenNebula

Here are my settings for best performance cpu and disk wise for OpenNebula for Windows 10:

DISK = [
  CACHE = "none",
  DEV_PREFIX = "vd",
  DRIVER = "raw",
  IMAGE = "win10_done",
  IMAGE_UNAME = "oneadmin",
  IO = "native" ]

FEATURES = [
  ACPI = "yes",
  APIC = "yes",
  HYPERV = "yes",
  LOCALTIME = "yes",
  PAE = "yes" ]

HYPERVISOR = "kvm"
INPUT = [
  BUS = "usb",
  TYPE = "tablet" ]
OS = [
  ARCH = "x86_64",
  BOOT = "",
  MACHINE = "pc-i440fx-xenial" ]
CPU_MODEL = [
  MODEL = "Haswell" ]

Saturday, February 10, 2018

[Jenkins] Bitbucket Branch Source Plugin Configuration for Bitbucket Cloud - Webhook URL

You need to create a bitbucket user that will be added to your project and has at least READ permissions, add this user to Jenkins credentials (username/pw). The plugin uses the bitbucket API to do everything.

Under Configure System look for Bitbucket Endpoints and enable "Manage Hooks"

The webhook address is: https://your.jenkins.tld/bitbucket-scmsource-hook/notify/

Sunday, January 28, 2018

[Kubernetes] How to create a new restricted RBAC user in Kubernetes 1.9

  1. connect to any master node and get the ca.pem and ca-key.pem from /etc/kubernetes/ssl
  2. create new user, in this example we call this user "testuser"
  3. openssl genrsa -out testuser.key 2048
    openssl req -new -key testuser.key -out testuser.csr -subj "/CN=testuser/O=testuser"
    openssl x509 -req -in testuser.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out testuser.crt -days 500
  4. create role-deployment-manager.yaml :
      kind: Role
      apiVersion: rbac.authorization.k8s.io/v1beta1
      metadata:
        namespace: office
        name: deployment-manager
      rules:
      - apiGroups: ["", "extensions", "apps"]
        resources: ["deployments", "replicasets", "pods"]
        verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] # You can also use ["*"]
      
  5. create rolebinding-deployment-manager.yaml
  6. kind: RoleBinding
      apiVersion: rbac.authorization.k8s.io/v1beta1
      metadata:
        name: deployment-manager-binding
        namespace: office
      subjects:
      - kind: User
        name: testuser
        apiGroup: ""
      roleRef:
        kind: Role
        name: deployment-manager
        apiGroup: ""

  7. $kubectl config set-credentials testuser --client-certificate=/home/testuser/.certs/testuser.crt  --client-key=/home/testuser/.certs/testuser.key
    $kubectl config set-context testuser-context --cluster=testcluster --namespace=office --user=testuser
  8.  kubectl create -f both files and then test with kubectl --context=testuser-context get pods, confirm restriction by changing adding -ndefault to see if default namespace access is denied

Thursday, September 7, 2017

[MySQL] Debian 8 Jessie - How to bootstrap a new Galera Cluster

Despite the docs saying to use "systemctl start mysql --wsrep-new-cluster" or "service start mysql --wsrep-new-cluster", the only working way is: service mysql bootstrap