Sergey Baranov barser

Enable TCP port 2375 for external connection to Docker

See this issue.
Docker best practise to Control and configure Docker with systemd.

Create daemon.json file in /etc/docker:

 {"hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]}

Thoughts on how to add trusted store for connection to external sites that use that certificate for HTTPS

Option 1: global configuration

One can just provide the -Djavax.net.ssl.trustStore=<path/to/store> -Djavax.net.ssl.trustStorePassword=<password> options when running the Java application

However, this is not always possible (for example, when run in the cloud).

And if you want to use server.ssl.trust-store/server.ssl.trust-store-password options from Spring Boot, be aware that with those you also have to provide key-store options as well. And, basically that would be an abuse, because this configuration is specifically for server side of your application.

Open a webpage that uses the CA with Firefox
Click the lock-icon in the addressbar -> show information -> show certificate
the certificate viewer will open
click details and choose the certificate of the certificate-chain, you want to import to CentOS
click "Export..." and save it as .crt file
Copy the .crt file to /etc/pki/ca-trust/source/anchors on your CentOS machine
run update-ca-trust extract
test it with wget https://example.com

On Manjaro (arch) the location for the certificates is: /usr/share/ca-certificates/trust-source/anchors (low priority) or /etc/ca-certificates/trust-source/anchors/ (high priority) and the command to update is update-ca-trust extract.

Docker Swarm Mode Ports

Starting with 1.12 in July 2016, Docker Swarm Mode is a built-in solution with built-in key/value store. Easier to get started, and fewer ports to configure.

Inbound Traffic for Swarm Management

TCP port 2377 for cluster management & raft sync communications
TCP and UDP port 7946 for "control plane" gossip discovery communication between all nodes
UDP port 4789 for "data plane" VXLAN overlay network traffic
IP Protocol 50 (ESP) if you plan on using overlay network with the encryption option

AWS Security Group Example

Cloudera quick start with docker

This installation of Cloudera is for development only, do not use it in production.

Getting the image

Download cloudera docker image from https://www.cloudera.com/downloads/quickstart_vms/5-13.html

See also. https://www.cloudera.com/documentation/enterprise/5-13-x/topics/quickstart_docker_container.html

	# after the virtual disk has already been expanded (e.g. in proxmox)

	apk add --no-cache cfdisk e2fsprogs-extra

	# choose partition then "Resize" > "Write" (to finalize)
	cfdisk

	# replace * with partition you are resizing
	resize2fs /dev/*

	snap install microk8s --classic
	sudo ufw default allow routed
	sudo iptables -P FORWARD ACCEPT

	microk8s.enable dns dashboard metrics-server
	# grafana/dashboard
	# http://IP:8080/api/v1/namespaces/kube-system/services/monitoring-grafana/proxy/
	# http://IP:8080/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/pod?namespace=default

	microk8s.enable istio

	This gist includes components of a oozie workflow - scripts/code, sample data
	and commands; Oozie actions covered: shell action, email action

	Action 1: The shell action executes a shell script that does a line count for files in a
	glob provided, and writes the line count to standard output
	Action 2: The email action emails the output of action 1


	Pictorial overview of job:
	--------------------------

	set langmap=ёйцукенгшщзхъфывапролджэячсмитьбюЁЙЦУКЕНГШЩЗХЪФЫВАПРОЛДЖЭЯЧСМИТЬБЮ;`qwertyuiop[]asdfghjkl\\;'zxcvbnm\\,.~QWERTYUIOP{}ASDFGHJKL:\\"ZXCVBNM<>

	nmap Ж :
	" yank
	nmap Н Y
	nmap з p
	nmap ф a
	nmap щ o
	nmap г u
	nmap З P

	#!/usr/bin/env bash

	# install docker
	# https://docs.docker.com/engine/installation/linux/ubuntulinux/

	# install docker-compose
	# https://docs.docker.com/compose/install/

	# install letsencrypt
	# https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04