GCP [google cloud platform]

As per wiki:

Google Cloud Platform (GCP), offered by Google, is a suite of cloud computing services that runs on the same infrastructure that Google uses internally  for its end-user products, It provides a series of modular cloud services including computing, data storage, data analytics and machine learning.

I will be covering more stuff in detail from basic:

  • How to get free tier :  https://cloud.google.com/
  • Select option “Get Started for free”
  • Signup for google cloud

Most of familiar with other cloud platform. I got one good stuff from wiki, which gives similarities from other cloud services:

 

This blog I will write as series, where i will cover following:

  • Fundamentals ,terms, zones of GCP
  • setting up GCP cloud shell, Gsutils and sdk
  • Compute resource and launch instances
  • GCP storage
  • GCP Api
  • GCP networking and firewall
  • GCP IAM services
  • how to migrate to gcp

 

Kubernetes introduction

Kubernetes (often abbreviated as k8s) is open source system started by Google to fill this need. When an application grow beyond a single host , a need arisen for what has come to be called an orchestration system. An orchestration system helps users view a set of hosts as unified programmable relaible cluster

Kubernetes Architecture


Kubernetes cluster include following:

Kubernetes master service: These centralized services provide an API collect and surface the current state of the cluster and assign pods to node. Users mostly connect to the master API, this provides a unified view

Master Storage [etcd]: This is persistent storage. Currently all the state are preserved  and store in etcd

Kubelet: This agent runs on every node, and is responsible for driving Docker, reporting status to the master and setting up node-level resources.

Proxy: This also run in each node and provides local container a single network endpoint to reach an array of pods.

pods: A group of containers  that must be placed on a single node and work together as a team. Allowing a set of containers work closely together on a single node.

As user interacts with a Kubernetes master through kuectl that calls Kubernetes API. The master is responsible for storing a description of what users want to run.On each worker node in a cluster kubelet and proxy would be running. Kubelet is responsible for driving Docker and setting up other node-specific states like storage volumes. Proxy is responsible for providing local end point.

Kuberentes works to manage pods. Pods are a grouping of compute resource that provides context for a set of containers. Users can use pods to force a set of containers that work as a team to be scheduled on a single physical node.

Pods define a shared network interface. Unlike regular containers, containers in a pod all share the same network interface. This allows easy access across container using localhost. It also means that different containers in same pod cannot use the same network port.

Storage volume are defined as part of the pod. These volumes can be mapped into multiple containers as needed.

 

Docker registry and Configure private registry on centos 7

Docker Registry: A repository of images. Registries are public or private that contain images for download. Some registries allow users to upload images to make them available to others

Dockerfile: A configuration file with build instructions for Docker image.Dockerfile automate the steps for image customization.

As we discussed two types of registry are available:

Public Docker Registry: Users just want to explore or want a in-build solution. They can use hosted docker registries. Docker hub is the example of public registry where user can host the registry.

Private Docker Registry: Lot of organization have security concern for public docker registry. They want to manage and store the customize image, only want to share in  the organization can go for private docker registry.

Note: In this post, I will be configuring the private docker registry.

cat /etc/centos-release
CentOS Linux release 7.2.1511 (Core)

Installing docker-registry

yum install docker-registry

//Docker Registry Configuration file  :rpm -ql  under etc directory             [root@localhost amit]# rpm -ql docker-registry-0.9.1-7.el7.x86_64
/etc/docker-registry.yml
/etc/sysconfig/docker-registry

//Docker Registry default image store location

Cat /etc/docker-registry.yml

local: &local
<<: *common
storage: local
storage_path: _env:STORAGE_PATH:/var/lib/docker-registry

//Enable and start the docker registry and default port is 5000:                 systemctl enable docker-registry                                                                      systemctl start docker-registry

systemctl status docker-registry
docker-registry.service - Registry server for Docker
 Loaded: loaded (/usr/lib/systemd/system/docker-registry.service; enabled; vendor preset: disabled)
 Active: active (running) since Tue 2017-01-24 13:21:37 IST; 55s ago
 Main PID: 24323 (gunicorn)
 Memory: 162.8M
 CGroup: /system.slice/docker-registry.service

netstat -tupln|grep 5000
tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN 24323/python

Docker registry is running on one of the host node, It need to be accessed by other nodes for uploading/downloading the images.

On the client node which need access the private registry need to modify /etc/sysconfig/docker

DOCKER_OPTS=”–insecure-registry localhost:5000″

link: https://docs.docker.com/registry/insecure/

//tag and push the image to docker registry

docker tag  <image id>  <ip of docker registry>:5000/<name>:<tag>

docker push    <ip of docker registry>:5000/<name>:<tag>

docker tag ff6f0851ef57 localhost:5000/jenkinslocal:latest
docker push localhost:5000/jenkinslocal:latest 
The push refers to a repository [localhost:5000/jenkinslocal]
7fef8c44bf7f: Image successfully pushed 
971a0fc79a1a: Image successfully pushed 
5b8b7745040c: Image successfully pushed 
7d114ad7e1fe: Image successfully pushed 
5b848d38b406: Image successfully pushed 
4e87708e08e8: Image successfully pushed 
d458e9b86b04: Image successfully pushed 
ca787184f0ab: Image successfully pushed 
4238f6371816: Image successfully pushed 
a2eea3e16ec7: Image successfully pushed 
1f764d32a220: Image successfully pushed 
1af14ac896ef: Image successfully pushed 
a7afeb77f416: Image successfully pushed 
cef349a9d76f: Image successfully pushed 
1d16eb83eef5: Image successfully pushed 
dfe1af64a72d: Image successfully pushed 
9f17712cba0b: Image successfully pushed 
223c0d04a137: Image successfully pushed 
fe4c16cbf7a4: Image successfully pushed 
Pushing tag for rev [ff6f0851ef57] on {http://localhost:5000/v1/repositories/jenkinslocal/tags/latest}

 

Basic of Active Directory

In this series of blogs, I will be discussing about:

Basic of active directory
Different kind of possible design
Real time use case
All possibilities of implementation
Best approach

What is a directory in computing terms? A classic analogy is the white and yellow pages of a telephone book. A common feature of both white and yellow pages is the ability to search for information; the difference in the two is the way they are indexed.

Directories, such as Lightweight Directory Access Protocol (LDAP) and Active Directory (AD)are types of databases that can be searched to provide useful network information. A user
can find network information without any knowledge of the structure of the network. For example, the user can search the Active Directory for a share, requiring no knowledge
of the network.Active Directory, on the other hand, stores all of the domain information in a common and searchable format. All the user accounts, computer accounts, group accounts, access control lists, security identifiers, Group Policy Objects (GPOs), shares, printers, properties aboutpeople and their locations, are all stored in the Active Directory.

Microsoft Active Directory
Active Directory is Microsoft’s implementation of directory services. It is based on various standards, most importantly LDAP and X.500 (the schema is based on X.500).

In addition to compliance with LDAP, AD has additional features and compatibility such as the close integration of the directory services to Windows domains and Domain Name Service (DNS).The integration of directory services to Windows domains is the key to directory scalability (domains and scalability will be described below).AD security, authentication, and access control are also provided by the integration of thedomains to the directory.

Components of the Active Directory
Domain: The core unit of logical structure in the Active directory is the domain, which can stores million of objects.Objects stored in the domain are considered “Interesting” to the network.”Interesting” objects are items the networking community members need to do their jobs:printers,documents,e-mail addresses,databases,users and other resources.Active Directory is made up of one or more domains.

Trees:Domain tress are collection of domain that for a contiguous name space.A domain tree is formed as soon as a child domain is created and associated with a given root domain.Trees allow the hierarchical structure necessary for organization.

Root Domain: openwriteup.com
Child domain (for production): Prod.openwriteup.com child Domain(QA):test.openwriteup.com

Forest:There are cases where two or more domain trees, each represented by separate DNS name space,need to be included as one enterprise. A tree must be represented by a contiguous DNS name space and disallow participation of domains that are not within its name space. The mechanism for connecting one or more trees is the Forest.

Organizational Units :The Organizational Unit (OU) is a critical design factor impacting security, policy, efficiency,and the cost of administration. Organizational Units are a type of LDAP (X.500) container.
It can be thought of as a sub-domain element with similar properties to domains.
They are components internal to domains. OUs are part of the LDAP name space and not the
DNS name space.OUs are commonly used to contain user accounts, group accounts, and computer accounts. Powerful configurations can be obtained when the OU design is harmonized with group policy and security groups.benefit of Organizational Units is the concept of delegation of authority. Domain Administrators can delegate partial administration rights through the OU. The granularity of the delegated rights is quite fine. Take the case of a help desk as an example. The domain administrator can delegate the “right” to reset passwords to help desk personnel and therefore, offload the domain administrator’s responsibility of fielding callspertaining to lost or expired passwords. The change-the-password right is usually enforced by a Group Policy Object (GPO), filtered by security groups, and applied at the OU level.

Schema
The schema dictates the data definitions for the AD. If an object or attribute is not in the
schema, that object/attribute will not be stored in the AD.The directory contains information in the form of objects and object attributes. The directory is actually a type of database that is optimized for querying. Data that is more or less static and is searched often can be beneficially stored in the directory. Data that changes often is not a good choice for storage in the directory.

Group Policy Objects
Group Policy Objects are especially critical to the justification for additional domains. Group Policy is the primary component of Windows implementation of Change and Configuration Management (CCM), and is the primary mechanism for establishing uniform, effective security policies within a Windows domain.