목적 argocd 접속 시 github와 연동하여 인증된 사용자만 접속하게 하기 위함 1. 설치 #https://argo-cd.readthedocs.io/en/stable/ #https://kubernetes.io/docs/tasks/manage-kubernetes-objects/kustomization/ #install $ kubectl create namespace argocd $ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml #kubectl info $ kubectl get all -n argocd #argo cd cli install #https://a..

목적 시스템 모니터링 + 장애 발생 + 문제 발생 전 알림을 받기 위함 구성도 도구 kubespray, kubernetes(이하 k8s), grafna, prometheus, alertmanager, python3, uvicorn, FastAPI, UMS 환경 master1, 2, 3 worker1, 2, 3 k8s version - 1.28.5 진행(개발환경에서 진행하기에 각자 환경에 따라 차이가 발생할 수 있습니다.) k8s cluster가 배포되어 있고 metallb, ingress controller가 있다는 가정하에 진행하겠습니다. 1. SSL 인증서 등록 #dev $ ls -alR /home/master01/ssl/: total 80 drwxrwxr-x 5 master01 master01 40..

/etc/firewalld/zones/ firewalld-cmd --get-default-zone firewalld-cmd --list-all #포트 추가 firewalld-cmd --zone=public --add-port=8080/tcp #포트 제거 firewalld-cmd --zone=public --remove-port=8080/tcp #port 범위 허용 firewall-cmd --add-port=8000-9000/tcp firewall-cmd --remove-port=8000-9000/tcp #ip 대역 허용 firewall-cmd --add-source=192.168.0.0/24 firewall-cmd --remove-source=192.168.0.0/24 #승인 firewalld-cmd -..

CentOS 7 부팅 시 커널 선택에서 'e' -> rhgb quiet -> init=/bin/bash 수정 후 ctrl + x # mount -o remount,rw / # passwd ${id} ## selinux enforcing # touch /.autorelabel ## selinux disable # exec /sbin/init CentOS 8 부팅 시 커널 선택에서 'e' -> rhgb quiet 뒤에 'rd.break' 추가 후 ctrl + x # mount -o remount,rw /sysroot # chroot /sysroot # paswwd ${id} ## selinux enforcing # touch /.autorelabel ## selinux disable # exec /sbin/..

error: disk 'lvmid/Z88N2t-AUog-uRIG-wzbb-9rKD-F3Bi-iswZdD/n6QwzH-lWyG-6fMZ-ITxi-aPoq-FQTc-HrncWi' not found.' Entering rescue mode... 1. ubuntu cd 부팅 2. try ubuntu (클릭) 3. terminal # sudo lvscan ACTIVE '/dev/vgubuntu/root' [977.58 GiB] inherit ACTIVE '/dev/vgubuntu/swap_1' [1.91 Gib] ingerit # sudo mount /dev/vgubuntu/root /mnt # cd /mnt # sudo mount --bind /dev dev # sudo mount --bind /sys sys ..

#error [/sbin/fsck.ext4 (1) — /dev/sda1] fsck.ext4 -a -C0 /dev/sda1 /dev/sda1 contains a file system with errors, check forced. /dev/sda1: Inodes that were part of a corrupted orphan linked list found. /dev/sda1: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY. (i.e., without -a or -p options) fsk exited with status codr 4 done. Failuer: File system check of the root filesystem failed The root files..

1. github 접속 2. repo 메뉴 중 Actions 3. New workflow 생성 Docker image를 빌드 하기 위해 Docker image 선택 build code는 본인의 설정에 따라 맞추면 된다. # https://docs.docker.com/build/ci/github-actions/#step-three-define-the-workflow-steps # workflow 이름 name: Docker hub image build # workflow에서 작업이 실행되는 조건 (push, pull, ...) on: push: branches: - 'main' tags: - 'v*' #작업에 대한 정의 jobs: build: runs-on: ubuntu-latest steps: ### r..

환경 : Ubuntu 20.04 # Server (10.109.0.2) apt install nfs-utils apt install nfs-kernel-server # create share directory mkdir /share chmod 777 /share # firewalld or ufw ufw allow 2049/tcp,udp firewall-cmd --permanent --add-service=nfs firewall-cmd --permanent --add-port=2049/tcp firewall-cmd --permanent --add-port=2049/udp firewall-cmd --reload # chage conf vi /etc/exports ##### # (mount point) (ho..

PATH /etc/nginx/nginx.conf # listen http { server { listen 80; # ipv4 listen [::]:80; # ipv6 listen 443; listen [::]:443; } } # return 301 (80 -> 443) # https://nginx.org/en/docs/stream/ngx_stream_return_module.html http { server { listen 80; # ipv4 listen [::]:80; # ipv6 # http -> https redirection return 301 $server_name$request_uri; } } # ssl http { server { listen 443 ssl; listen [::]:443 ss..

# error Mar 17 01:35:50 gsitm-bastion setroubleshoot[82865]: SELinux is preventing /usr/sbin/nginx from read access on the file ... For complete SELinux messages run: sealert -l fe2a> Mar 17 01:35:50 gsitm-bastion setroubleshoot[82865]: SELinux is preventing /usr/sbin/nginx from read access on the file ... ***** Plugin catchall (100. confidence) suggests ************************** If you believe..

URL : https://access.redhat.com/documentation/ko-kr/red_hat_enterprise_linux/8/html/managing_monitoring_and_updating_the_kernel/parameters-controlling-kernel-panic_keeping-kernel-panic-parameters-disabled-in-virtualized-environments OS : CentOS 7.9 kernel: NMI watchdog: BUG: soft lockup - CPU#15 stuck for 72s! [chronyd:99] kernel: NMI watchdog: BUG: soft lockup - CPU#9 stuck for 71s! [systemd-jo..

OS : CentOS 7.9 CentOS 5까지는 pam_tally.so 사용. CentOS 6부턴 pam_tally2.so no_magic_root, reset은 man page에 존재하지 않는다. 따라서, 옵션 삭제 # /var/log/secure mar 28 03:03:53 localhost login: pam_tally2(login:account): unknown option: no_magic_root mar 28 03:03:53 localhost login: pam_tally2(login:account): unknown option: reset ### 수정 전 # PATH /etc/pam.d/system-auth auth required /lib64/security/pam_tally2.so de..