Vamshi Krishna Santhapuri, Author at Linux Cent

Linux Commands Cheat Sheet

November 11, 2021November 11, 2021 by Vamshi Krishna Santhapuri

Do you want to learn the Linux commands? If yes, then you are in the right place. There are uncountable commands in Linux. Generally, we use some of the Linux commands from the Linux commands cheat sheet regularly to perform the common tasks.

pythonarray.com is a free Python tutorial website for people who want to learn Python, fast.

Basic Linux Commands
File Permission Commands
Environment Variables Command
User Management Commands of Linux
Networking Commands
Process Commands
VI Editing Commands
Other Linux Commands

You can also learn Google Sheets Tips – New Google Spreadsheet Hacks, Tricks with Examples

Types of Linux Commands

All the Linux commands are categorized into 7 different types. They are Basic Linux commands, File permission commands, Environment variables commands, User management commands, Networking commands, Process commands, VI Editing commands, Other Commands.

We are giving a detailed explanation for each and every Linux command with their examples for easy learning in the below sections. Have a look at them and follow them. Check the actual description of each Linux command in their manual page.

Basic Linux Commands

ls command:

It is used to list all files and directories of a directory. The ‘-l’ option gives the long listing format. Its syntax is $ ls [options] [file|dir]

Example: $ ls -l samplefile

ls-R command:

It gives the lists files in subdirectories. List recursively directory tree and syntax is $ ls -R [options] [file|dir]

Example: $ ls -R samplefile

ls -a Command:

It lists all files including hidden files starting with’.’ Its syntax is $ ls -a [options] [file|dir]

ls -al Command:

It lists all files details and directories with detailed information like permissions, size, owner, etc. Syntax is $ ls -al [options] [file|dir]

cd or cd ~ Command:

This command will navigate to the home directory or change the directory. Its syntax is $ cd [directory]

Example: $ cd Directory1

cd .. Command:

It moves one level up. Syntax is $ cd . . [directory]

cd Command:

Use this command to change to a particular directory. Its syntax is $ cd [directory]

Example: $ cd directory1

cd / Command:

This command will move to the root directory. Syntax is $ cd /

cat filename Command:

Create a new file using this command in Linux. Its syntax is $ cat filename.

Example: $ cat filename1

cat filename Command:

It displays the content in that particular file. The syntax is $ cat filename.

Example: $ cat filename1.

cat file1 file2 file3 Command:

It combines two files namely file1 and file2 and stores the output in a new file called file3. Its syntax is $ cat file1 file2 file3.

Example: $ cat add multiply arithmetic.

mv file “new file path” Command:

It moves the files to the new location. Syntax is $ mv file “new file path”.

Example: $ mv add “E:/Arithmeticopeartions/”.

mv filename new_file_name Command:

It renames or changes the file name to a new file name. Syntax is $ mv filename new_file_name.

Example: $ mv add sum

sudo Command:

sudo command allows a permitted user to run a command as root or another user. It runs commands in superuser mode. The syntax is $ sudo filename option

Example: $ sudo apt update

rm Command:

It is used to remove the files or directories. Syntax is $ rm filename or $ rm directory

Examples: $ rm sum and $ rm mydrive

man Command:

It is used to view the online reference manual pages for the commands or programs. It provides the help information of any commands. Its syntax is $ man commandname

Example: $ man cd

history Command:

It produces the list of previously used commands and gets the all past commands types in the current terminal session. The syntax is $ history

clear Command:

clear command is helpful to clear the terminal screen. The syntax is $ clear

mkdir directoryname Command:

It creates a new directory in the present working directory or at any specific path. Syntax is $ mkdir directoryname

Example: $ mkdir new_directory

$ mkdir -p new_directory: Here -p option is used to override the already available directory.

rmdir Command:

It helps to remove/ delete the empty directories. Syntax is $ rmdir [directory_name]

Example: $ rmdir new_directory

mv Command:

It is helpful to rename files or directories. mv command also moves a file or a directory to another location in the directory structure. Its syntax is $ mv file1 file2

Example: $ mv add sum

pr -x Command:

It divides the file into x columns. Syntax is $ pr -x filename.

Example: $ pr -5 add

pr -h Command:

It is useful to assign a header to the file. Syntax is $ pr -h filename

Example: $ pr -h sum

pr -n Command:

This command denotes the file with the line numbers. Its syntax is $ pr -n file

Example: $ pr -n sum

lp -nc , lpr c Command:

It prints the c number of copies of a file. lp stands for a line printer. Its syntax is $ lpr c filename

Example: $ lpr 5 sum

lp -d lp -P Command:

It specifies the name of the printer. The syntax is $ lp -P

apt-get Command:

It is a powerful and free front end package manager for Debian/Ubuntu systems. It is used to install new software packages, remove available software packages, upgrade existing software packages, and upgrade the entire operating system. Its syntax is $ apt-get package

Example: $ sudo apt-get update

mail -s ‘subject’ -c ‘cc-address’ -b ‘bcc-address’ ‘to-address’ Command:

It is a linux command used to send mail. Syntax is $ mail -s ‘subject’ -c ‘cc-address’ -b ‘bcc-address’ ‘to-address’

Example: $ mail -s ‘regarding_job’ -c ‘[email protected]’ -b ‘[email protected]’ ‘[email protected]’

mail -s “Subject” to-address < Filename Command:

It is used to send an email with an attachment. Its syntax is $ mail -s “Subject” to-address < Filename

Example: $ mail -s “Addition of Numbers” [email protected] < Addition

File Permission Commands

ls-l Command:

Use this command to show file type and access permission of any particular file. Syntax is $ ls-l filename

Example: $ ls-l sum

r Command:

It is used to give read permission to a file. The syntax is $ r filename.

Example: $ r sum

w Command:

It gives write permission to the file. The syntax is $ w filename

Example: $ w sum

x Command:

It is useful to provide execute permission to the file. Its syntax is $ x filename

Example: $ x sum

-= Command:

This command is used when you want to give no permission to a file. Syntax is $ -= filename

Example: $ -= file1

Chown user Command:

It is helpful to change the ownership of a file/directory. The syntax is $ chown user filename

Example: $ chown user file1

Chown user:group filename Command:

It changes the user and group for a file or directory. Syntax is $ chown user:group filename

Example: $ chown user:group sum

Environment Variables Command

echo $VARIABLE Command:

It displays the value of a variable or prints a text of the line. Its syntax is echo [option] [string]

Example: $ echo “Print this line” or $ echo $VARIABLE var1

env Command:

It lists all environment variables. The syntax is $ env

VARIABLE_NAME= variable_value Command:

It creates a new variable and assigns it a value. Syntax is $ VARIABLE_NAME= variable_value

Example: $ My_Variable= 10

Unset Command:

It removes a variable. Syntax is $ Unset VARIABLE_NAME

Example: $ Unset My_Variable

export Variable=value Command:

It is helpful to set the value of an environment variable. Syntax is $ export Variable=value

Example: $ export Variable1=90

User Management Commands of Linux

sudo adduser username Command:

It is used to create a username. The syntax is $ sudo adduser username

Example: $ sudo dduser user1

sudo passwd -l ‘username’ Command:

It is helpful to change the user password. Syntax is $ sudo passwd -l ‘username’

Example: $ sudo passwd -l ‘user1’

sudo userdel -r ‘username’ Command:

This command is used to add and delete users on Linux. Syntax is $ sudo userdel -r ‘username’

Example: $ sudo userdel -r ‘user1’

finger Command:

It is a user information lookup command which provides details of all users logged in. The Syntax $ finger

finger username Command:

It gives the login details of that particular user. Syntax $ finger username

Example: $ finger user1

Networking Commands

SSH username@ip-address or hostname Command:

You can log in to a remote Linux machine using SSH. The syntax is $ SSH username@ip-address or hostname

Example: $ SSH user1@https:11//1001

Ping hostname=”” or =”” Command:

It is used for analyzing the network and host connections. Syntax is $ Ping hostname=”” or =””

Example: $ Ping hostname=”host1″

dir Command:

It displays all files in the current directory of a remote computer. The syntax is $ dir

cd “dirname” Command:

It changes the current directory to “dirname” on a remote computer. Syntax is $ cd “dirname”

Example: $ cd “E”

put file Command:

It is helpful to upload the file from local to the remote computer. The syntax is $ put file

Example: $ put sum

get file Command:

It is used to download the file from remote to the local computer. The syntax is $ get file

Example: $ get add

quit Command:

It is used to logout from that network. The syntax is $ quit

Process Commands

bg Command:

You can send a process to the background with this command. The syntax is $ bg processname

Example: $ bg process1

fg Command:

To run a stopped process in the foreground. The syntax is $ fg processname.

Example: $ fg process1

top Command:

It gives the details of all active processes in the directory. The syntax is $ top

ps Command:

It produces the status of processes running for a user. The syntax is $ ps username

Example: $ ps user1

ps PID Command:

This command gives the status of a particular process. The syntax is $ ps PID processname

Example: $ ps PID process1

pidof Command:

It gives the process id of a process. The syntax is $ pidof processname.

Example: $ pidof process1

kill PID Command:

It kills a process. The syntax is $ kill PID processname

Example: $ kill PID process1

nice Command:

It is used to start a process with the given priority. The syntax is $ nice processname.

Example: $ nice process

renice Command:

It is used to change the priority of an already running process. The syntax is $ renice processname

Example: $ renice process2

df Command:

It provides free hard disk space on your system. The syntax is $ df

free Command:

It gives free RAM space on your system. The syntax is $ free

VI Editing Commands

i Command:

It inserts at the cursor i.e goes to insert mode. The syntax is $ i

a Command:

It is used to write after the cursor in insert mode. The syntax is $ a

A Command:

This command is used to write at the end of the line in insert mode. The syntax is $ A

ESC Command:

It is helpful to terminate insert mode. The syntax is $ ESC.

u Command:

It undoes the last change. The syntax is $ u.

U Command:

It undoes all changes to the entire line. The syntax is $ U

o Command:

It opens a new line in insert mode. The syntax is $ o

dd Command:

It deletes that particular line. The syntax is $ dd line number

Example: $ dd 25

3dd Command:

This command deletes 3 lines. The syntax is $ 3dd line number

Example: $ 3dd 25

D Command:

It deletes the contents of a line after the cursor. The syntax is $ D

C Command:

It is used to delete the contents of a line after the cursor and insert new text. Press the ESC key to end the insertion. Syntax is $ C

dw Command:

Delete a word using this command. The syntax is $ dw

4dw Command:

It is used to delete 4 words. The syntax is $ 4dw

cw Command:

It is used to change a word. Syntax is $ cw

x Command:

It deletes the character at the cursor. Syntax is $ x

r Command:

Replace the character. The syntax is $ r

R Command:

It overwrites characters from cursor onward. The syntax is $ R

s Command:

Substitute one character under the cursor and continue to insert. The syntax is $ s

S Command:

Substitutes the entire line and starts to insert at the beginning of the line. The syntax is $ S

~ Command:

It is used to change the case of the individual character. Syntax is $ ~

Other Linux Commands

adduser/addgroup Command:

adduser adds a user and addgroup adds groups to the system. The syntax is $ adduser username

Example: $ sudo adduser tech

agetty Command:

agetty is a program that manages physical or virtual terminals and is invoked by init. It is the substitute for Linux getty.

Example: $ agetty -L 9600 ttyS1 vt100

alias Command:

It is a useful shell built-in command for creating shortcuts to a Linux command on a system.

Example: $ alias home’cd /home/drive/file1′

apropos Command:

This is used to search and display a short man page description of a program/ command. The syntax is $ apropos commandname

Example: $ apropos rm

aptitude Command:

It is a powerful text-based interface to the Debian Linux/GNU package management system. The syntax is $ aptitude package

Example: $ sudo aptitude update

arch Command:

This command is used to display the machine architecture or hardware name. The syntax is $ arch

arp Command:

ARP stands for Address Resolution Protocol that maps IP network addresses of a network neighbor with the hardware (MAC) addresses in an IPv4 network.

Example: $ sudo arp-scan –interface=enp2s0 –localnet

at Command:

It is used to schedule tasks to run in the forthcoming time. Syntax is $ at

Example: $ sudo echo “shutdown -h now” | at -m 15:20

atq Command:

This command is used to view jobs in at command queue. Syntax is $ atq

atrm Command:

It is helpful to delete/remove jobs from the queue. $ atrm 2

awk Command:

Awk is a programming language created for text processing and used as a data extraction and reporting tool.

Example: $ awk ‘//{print}’/etc/hosts

batch Command:

It is similar to at command which is useful to schedule tasks to run in a future time. Syntax is $ batch

basename Command:

It helps to print the name of a file stripping of directories in absolute path. Syntax is $ basename filename

Example: $ basename samplefile

bzip2 Command:

It is useful to compress or decompress the files. Syntax is $ bzip2 filename

Example: $ bzip2 -z filename #Compress

$ bzip2 -d filename.bz2 #Decompress

cal Command:

This command is used to print a calendar on the standard output. Syntax is $ cal

chgrp Command:

It is used to change the group ownership of a file. Syntax is $ chgrp new_group_name filename

Example: $ chgrp Product Multiplication.txt

chmod Command:

It is used to change/ update file access permissions. Syntax is $ chmod permission filename

Example: $ chmod +x product.txt

cksum Command:

This command is used to provide the checksum and byte count of the given input file. Syntax is $ cksum filename

Example: $ cksum product.txt

cmp Command:

It compares byte by byte comparison of two files. Syntax is $ cmp file1 file2

Example: $ cmp sum add

comm Command:

It is used to compare two sorted files line by line. Syntax is $ comm file1 file2

Example: $ comm product multiplication

cp Command:

It copies files and directories from one location to another. Syntax is $ cp location1 location2

Example: $ cp /home/arithmetic/add /home/arithmetic/product/

date Command:

It displays/ sets the system date and time. Syntax is $ date

Example: $ date –set=”20 Oct 2020 10:35:05″

diff Command:

The double advantage of this command is used to compare two files line by line and used to find the difference between two directories. Syntax is $ diff file1 file2

Example: $ diff sum add

dmidecode Command:

It retrieves the hardware information of any linux system. Syntax is $ dmidecode

Example: $ sudo dmidecode –type system

du Command:

It shows the disk space usage of files present in the directory as well as its subdirectories. The syntax is $ du directory

Example: $ du /home/arithmetic

eject Command:

eject command is used to eject removable media such as CD/DVD/ROM/floppy disk from the system. The syntax is $ eject disklocation

Example: $ eject /dev/cdrom

exit Command:

It is used to exit a shell. The syntax is $ exit

expr Command:

It is used to calculate an expression. The syntax is $ expr expression

Example: $ expr 15 * 5

factor Command:

It is used to display the prime factors of a number. The syntax is $ factor number

Example: $ factor 18

find Command:

It searches for files in the directory and its subdirectories. The syntax is $ find directory filename

Example: $ find /home/add/ -name product.txt

grep Command:

It searches for a specified pattern in the file and displays the output as lines containing that pattern. The syntax is $ grep

Example: $ grep ‘linuxcent’ domain-list.txt

groups Command:

Shows all names of groups of a user. The syntax is $ groups

gzip Command:

It helps to compress a file and replaces it with one having a .gz extension. The syntax is gzip filename

Example: $ gzip passwds.txt

gunzip Command:

It expands or restores files compressed with the gzip command. The syntax is $ gunzip gzfilename

Example: $ gunzip sum.gz

head Command:

It is helpful to display the first 10 lines of the specified file or stdin to the screen. The syntax is $ head

hostname Command:

This command is useful to print or set the system hostname. The syntax is $ hostname

Example: $ hostname New_hostname

id Command:

It shows user & group information for the current user or specified user. The syntax is $ id username

Example: $ id linuxcent

ifconfig Command:

It is used to configure Linux system network interfaces. The syntax is $ ifconfig

ionice Command:

This command is used to set or view process I/O scheduling class and priority of the specified process. The syntax is $ ionice process

Example: $ ionice -c 3 rm /var/logs/syslog

iostat Command:

iostat command is helpful to show the CPU and i/o statistics for devices and partitions. The syntax is $ iostat

ip Command:

It is used to display or manage devices, routing, policy routing, and tunnels. The syntax is $ ip addr

iw Command:

This is used to manage wireless devices and their configuration. The syntax is $ iw

Example: $ iw list

killall Command:

It kills a process with the help of its name. The syntax is $ killall processname

Example: $ killall process1

kmod Command:

It is useful to manage Linux kernel modules. To list all currently loaded modules, type. Syntax is $ kmod

Example: $ kmod list

last Command:

It displays a list of last logged in users. The syntax is $ last

ln Command:

This is used to create a soft link between files using -s flag. Syntax is $ ln -s file1 file2

Example: $ ln -s product multiplication

locate Command:

It is used to find a file with its name. The syntax is $ locate filename

Example: $ locate -b ‘add.txt’

lshw Command:

It gives detailed information on the hardware configuration of the machine. The syntax is $ lshw

lscpu Command:

This Linux command displays the system’s CPU architecture information. The syntax is $ lscpu

lsof Command:

It displays information related to files opened by processes. The syntax is $ lsof processname

Example: $ lsof -u add

lsusb Command:

It shows information: about USB buses in the system and devices connected to them. The syntax is $ lsusb

md5sum Command:

This command is used to compute and print the MD5 message digest of the file.

more Command:

It enables to view through relatively lengthy text files one screenful at a time. The syntax is $ more filename

Example: $ more add

nano Command:

You can open a file using this nano command. The syntax is $ nano filename

Example: $ nano sum

netstat Command:

It displays useful information such as routing tables, network connections, and others about Linux networking subsystems. Syntax is $ netstat

Example: $ netstat -a | more

nproc Command:

It shows the number of processing units present to the current process. The syntax is $ nproc

passwd Command:

This command is used to create/update passwords for user accounts. The syntax is $ passwd username

Example: $ passwd user1

pstree Command:

It displays running processes as a tree that is rooted at either PID or init if PID is omitted. The syntax is $ pstree

reboot Command:

This command is used to power-off, halt, or reboot a system. The syntax is $ reboot

scp Command:

It enables you to securely copy files between hosts on a network. Syntax is $ scp

Example: $ scp ~/names.txt [email protected]:/root/names.txt

shutdown Command:

It schedules a time for the system to be powered down. Its syntax is $ shutdown

Example: $ shutdown –poweroff

sleep Command:

This command is used to pause or delay for a specific amount of time. The syntax is $ sleep

Example: $ check.sh; sleep 5; sudo apt update

sort Command:

This is used to sort lines of text in the specified files from stdin. The syntax is $ sort

Example: $ sort add.txt

split Command:

It is used to split a large file into smaller pieces. The syntax is $ split filename

Example: $ split add

stat Command:

It is helpful to know the file system status. The syntax is $ state filename

Example: $ stat -f add.txt

su Command:

It is used to switch to another user ID or become root during a login session. The syntax is $ su

sum Command:

This command shows the checksum and blocks counts for all files on the command line. The syntax is $ sum output filename

Example: $ sum output add.txt

tac Command:

It concentrates and displays files in reverse. It prints each file to the standard output, shows the last line first. The syntax is $ tac filename

Example: $ tac sum.txt

tail Command:

It displays the last 10 lines of each file. The syntax is $ tail filename

Example: $ tail sum.txt

talk Command:

talk is used to talk to another network user/ system. Use a login name to talk to the user on the same machine and use ‘use@host’ to talk to a user on another machine. The syntax is $ talk

Example: $ talk person [ttyname] or $ talk ‘user@host’ [ttyname]

tee Command:

This is used to read from standard input & prints to standard output and files.

Example: $ echo “Testing how tee command works” | tee file1

time Command:

This command runs programs and summarizes system resource usage. The syntax is $ time

touch Command:

It changes file timestamps and it is used to create a file. The syntax is $ touch filename

uname Command:

It displays system information such as operating system, network node hostname kernel name, version, and release, etc. Syntax is $ uname

uniq Command:

It displays or omits repeated lines from input. The syntax is $ uniq

uptime Command:

It shows how long the system has been running, the number of logged on users, and system load averages. The syntax is $ uptime

wall Command:

This command is used to send/display a message to all users on the system. The syntax is $ wall “message”

Example: $ wall “This is Linux operating system”

wc Command:

This command displays the word, newline, and byte counts for each file. The syntax is $ wc filename

Example: $ wc add.txt

whatis Command:

It searches & shows a short or one-line manual page description of the provided command name. The syntax is $ whatis wget

who Command:

It shows details about users who are currently logged in. The syntax is $ who

which Command:

This command is used to get the absolute path of the file which would be executed in the current environment. The syntax is $ which who

whereis Command:

It helps to locate binary, source and manual files for commands. The syntax is $ whereis cat

yes Command:

This command is used to display a string repeatedly until when terminated or killed. The syntax is 4 yes

Example: $ yes “This is LinuxCent – Linux HowTos”

zcmp/zdiff Command:

zcmp and zdiff minimal utilities used to compare compressed files. Syntax is $ zcmp filesnames, $ zdiff filesnames

Example: $ zcmp domain-list.txt.zip basic_passwords.txt.zip

$ zdiff domain-list.txt.zip basic_passwords.txt.zip

zip Command:

It is simple & easy to use utility used to package & compress files. Syntax is $ zip packagename

Example: $ zip inarchive.zip foo.c bar.c –out outarchive.zip

We have mentioned all the Linux commands in the Linux Commands Cheatsheet. Make use of these countless commands that you might feel helpful.

What are 5 Linux commands?

Linux File commands

touch Command. The touch command is used to create empty files. …
cat Command. The cat command is a multi-purpose utility in the Linux system. …
rm Command. The rm command is used to remove a file.
cp Command. The cp command is used to copy a file or directory.
mv Command. …
rename Command.

How do I see all commands in Linux?

In Linux, there is a very useful command to show you all of the last commands that have been recently used. The command is simply called history, but can also be accessed by looking at your . bash_history in your home folder. By default, the history command will show you the last five hundred commands you have entered.

What is Linux cheat sheet?
Basic Linux commands

What is Linux cheat sheet?

How many commands are in Linux?

There are well over 100 Unix commands shared by the Linux kernel and other Unix-like operating systems.

What does F do in Linux?

Many Linux commands have an -f option, which stands for, you guessed it, force! Sometimes when you execute a command, it fails or prompts you for additional input. This may be an effort to protect the files you are trying to change or inform the user that a device is busy or a file already exists.

How do I get a list of commands?

You can open the Command Prompt by pressing ⊞ Win + R to open the Run box and typing cmd. Windows 8 users can also press ⊞ Win + X and select Command Prompt from the menu. Retrieve the list of commands.

How do you list all commands in Terminal?

Just tap the Tab key twice ( Tab Tab ). You’ll be prompted if you want to see all possible commands. Tap y and you’ll be presented with a list. You can do that same thing for individual commands to see all options for that specific command.

How do you write commands in Linux?

Linux operating system allows users to create commands and execute them over the command line. To create a command in Linux, the first step is to create a bash script for the command. The second step is to make the command executable. Here, bashrc means run the Bash file.

What does Linux dd command do?

dd is a command-line utility for Unix and Unix-like operating systems, the primary purpose of which is to convert and copy files. … As a result, dd can be used for tasks such as backing up the boot sector of a hard drive, and obtaining a fixed amount of random data.

What is Yum in Linux?

YUM is the primary package management tool for installing, updating, removing, and managing software packages in Red Hat Enterprise Linux. YUM performs dependency resolution when installing, updating, and removing software packages. YUM can manage packages from installed repositories in the system or from

What is Sudo in Linux?

Sudo stands for either “substitute user do” or “super user do” and it allows you to elevate your current user account to have root privileges temporarily. This is different from “su” which is not temporary.

How use Linux command line?

On many systems, you can open a command window by pressing the Ctrl+Alt+t keys at the same time. You will also find yourself on the command line if you log into a Linux system using a tool like PuTTY. Once you get your command line window, you’ll find yourself sitting at a prompt.

What is Ubuntu command?

The latest LTS release is 20.04; it will be available till 2025. Ubuntu supports both Command Line Interface (CLI) and Graphical User Interface (GUI) to perform various tasks on the OS. CLI is the basic way to interact with systems hardware (processor/memory); you can perform all the tasks that GUI can perform.

Where is Linux command?

The whereis command in Linux is used to locate the binary, source, and manual page files for a command. This command searches for files in a restricted set of locations (binary file directories, man page directories, and library directories).

How To Restart Jenkins Safely

March 8, 2023March 8, 2021 by Vamshi Krishna Santhapuri

Jenkins provides the Frontend User interface and the API to access the jenkins servers and API calls also can be sent from the URL

Process to restart jenkins server safely

Here is our jenkins server hosted on our url: http://jenkins.linuxcent.com:8080

And the API request to restart Jenkins safely is to run http://YourJenkins-url-or-ip/safeRestart
http://jenkins.linuxcent.com:8080/safeRestart
See the below screenshot for more information.

This option is reliable as the restart operation will wait for the currently running jobs to complete and then proceed with restart

Safe Restart jenkins from UI API

Force restart option in jenkins

http://jenkins.linuxcent.com:8080/restart
This option will restart the Jenkins forcefully and the currently running jobs will be subjected for force termination.
Forcefully Restart jenkins from UI API

Restart jenkins server from commandline

Through the command you can initiate the restart command, but this will be a forceful restart of Jenkins server.

It will be stopping and starting the jenkins server from commandline, although you can run the stop and then start with same results.

[vamshi@jenkins jenkins]$ sudo systemctl restart jenkins

On older systemv servers you can also initiate the restart using service command

[vamshi@jenkins jenkins]$ sudo service jenkins restart

How do you restart Jenkins?

Go to the Jenkins installation, open the cmd and run:

To stop: jenkins.exe stop.
To start: jenkins.exe start.
To restart: jenkins.exe restart.

Is the command used to restart Jenkins manually?

To restart Jenkins manually, you can use either of the following commands (by entering their URL in a browser). jenkins_url/safeRestart – Allows all running jobs to complete. … jenkins_url/restart – Forces a restart without waiting for builds to complete.

What is the command to restart Jenkins service on Windows?

To stop: jenkins.exe stop.
To start: jenkins.exe start.
To restart: jenkins.exe restart.

How long does it take to restart Jenkins?

I also restarted the Jenkins service and it worked. It did take 3-4 minutes after I restarted the service for the page to load up, though. So make sure you’re patient before moving on to something else.

How do I restart Jenkins in Kubernetes?

Just kubectl delete pods -l run=jenkins-ci – Will delete all pods with this label (your jenkins containers). Since they are under Deployment, it will re-create the containers. Network routing will be adjusted automatically (again because of the label selector).

How do I set Jenkins to restart itself?

Jenkins -> Manage Jenkins -> Manage Plugins -> Search for Safe Restart -> Install it. Then Restart Safely appear on the Dashboard.

How do I start Jenkins on port 8080?

Go to the directory where you installed Jenkins (by default, it’s under Program Files/Jenkins)
Open the Jenkins.xml configuration file.
Search –httpPort=8080 and replace the 8080 with the new port number that you wish.
Restart Jenkins for changes to take effect.

How do I start Jenkins on Mac?

Terminal and Start / Stop daemon
Start Jenkins: sudo launchctl load /Library/LaunchDaemons/org.jenkins-ci.plist.
Stop Jenkins: sudo launchctl unload /Library/LaunchDaemons/org.jenkins-ci.plist.

How do I run Jenkins job daily?

The steps for schedule jobs in Jenkins:

click on “Configure” of the job requirement.
scroll down to “Build Triggers” – subtitle.
Click on the checkBox of Build periodically.

How do I open Jenkins?

To start Jenkins from command line

Open command prompt.
Go to the directory where your war file is placed and run the following command: java -jar jenkins.war.

How to get the docker container ip ?

July 6, 2020 by Vamshi Krishna Santhapuri

The metadata information from the docker containers can be extracted using the docker inspect command.
We see the demonstration as follows:

The docker engine api is based around the golang templates and the commands use extensive formatting around the json function definitions.

[vamshi@node01 ~]$ docker inspect <container-name | container-id> -f '{{ .NetworkSettings.IPAddress }}'
172.17.0.2

[vamshi@node01 ~]$ docker inspect my-container --format='{{ .NetworkSettings.IPAddress }}'
172.17.0.2

RBACs in kubernetes

July 6, 2020 by Vamshi Krishna Santhapuri

The kubernetes provides a Role based Access controls as a immediate mechanism as a security measure.

The roles are the grouping of PolicyRules and the capabilities and limitations within a namespace.
The Identities (or) Subjects are the users/ServiceAccounts which are assigned Roles which constitute a RBACs.
This process is acheived by referencing a role from RoleBinding to create RBACs.

In kubernetes there is Role and RoleBindings and the ClusterRole and ClusterRoleBinding.

There is no concept of a deny permission in the RBACs.

The Role and the Subject combined together defines a RoleBinding.

Now lets look at each of the terms in detail.

Subjects:

user
group
serviceAccount

Resources:

configmaps
pods
services

Verbs:

create
delete
get
list
patch
proxy
update
watch

You Create a kind:Role with a name and then binding with roleRef it to Subject by creating a kind: RoleBinding

[vamshi@master01 k8s]$ kubectl describe serviceaccounts builduser01 
Name:                builduser01
Namespace:           default
Labels:              
Annotations:         
Image pull secrets:  
Mountable secrets:   builduser01-token-rmjsd
Tokens:              builduser01-token-rmjsd
Events:

The role builduser-role has the permissions to all the resources to create, delete, get, list, patch, update and watch.

[vamshi@master01 k8s]$ kubectl describe role builduser-role
Name: builduser-role
Labels:
Annotations: kubectl.kubernetes.io/last-applied-configuration:
{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"Role","metadata":{"annotations":{},"name":"builduser-role","namespace":"default"},"ru...
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
* [] [] [create delete get list patch update watch]

Using this you can limit the user access to your cluster

View the current clusterbindings on your kubernetes custer

[vamshi@master01 :~] kubectl get clusterrolebinding
NAME                                                   AGE
cluster-admin                                          2d2h
kubeadm:kubelet-bootstrap                              2d2h
kubeadm:node-autoapprove-bootstrap                     2d2h
kubeadm:node-autoapprove-certificate-rotation          2d2h
kubeadm:node-proxier                                   2d2h
minikube-rbac                                          2d2h
storage-provisioner                                    2d2h
system:basic-user                                      2d2h

The clusterrole describes the Resources and the verbs that are accessible the user.

[vamshi@linux-r5z3:~] kubectl describe clusterrole cluster-admin
Name:         cluster-admin
Labels:       kubernetes.io/bootstrapping=rbac-defaults
Annotations:  rbac.authorization.kubernetes.io/autoupdate: true
PolicyRule:
  Resources  Non-Resource URLs  Resource Names  Verbs
  ---------  -----------------  --------------  -----
  *.*        []                 []              [*]
             [*]                []              [*]

Listing the roles on Kubernetes:

[vamshi@master01 :~] kubectl get roles --all-namespaces
NAMESPACE     NAME                                             AGE
kube-public   kubeadm:bootstrap-signer-clusterinfo             2d2h
kube-public   system:controller:bootstrap-signer               2d2h
kube-system   extension-apiserver-authentication-reader        2d2h
kube-system   kube-proxy                                       2d2h
kube-system   kubeadm:kubelet-config-1.15                      2d2h
kube-system   kubeadm:nodes-kubeadm-config                     2d2h
kube-system   system::leader-locking-kube-controller-manager   2d2h
kube-system   system::leader-locking-kube-scheduler            2d2h
kube-system   system:controller:bootstrap-signer               2d2h
kube-system   system:controller:cloud-provider                 2d2h
kube-system   system:controller:token-cleaner                  2d2h

We can further examine the rolebindings on the for the name: system::leader-locking-kube-scheduler which is being associated with the service account kube-scheduler.

[vamshi@master01 :~]  kubectl describe rolebindings system::leader-locking-kube-scheduler -n kube-system
Name:         system::leader-locking-kube-scheduler
Labels:       kubernetes.io/bootstrapping=rbac-defaults
Annotations:  rbac.authorization.kubernetes.io/autoupdate: true
Role:
  Kind:  Role
  Name:  system::leader-locking-kube-scheduler
Subjects:
  Kind            Name                   Namespace
  ----            ----                   ---------
  User            system:kube-scheduler  
  ServiceAccount  kube-scheduler         kube-system

There is a category of the api groups which contains the following api tags:

apiextensions.k8s.io, apps, autoscaling, batch, Binding, certificates.k8s.io, events.k8s.io, extensions, networking.k8s.io, PodTemplate, policy, scheduling.k8s.io, Secret, storage.k8s.io

The complete roles available in Kubernetes are as follows:

APIService, CertificateSigningRequest, ClusterRole, ClusterRoleBinding, ComponentStatus, ConfigMap, ControllerRevision, CronJob, CSIDriver, CSINode, CustomResourceDefinition, DaemonSet, Deployment, Endpoints, Event, HorizontalPodAutoscaler, Ingress, Job, Lease, LimitRange, LocalSubjectAccessReview, MutatingWebhookConfiguration, Namespace, NetworkPolicy, Node, PersistentVolume, PersistentVolumeClaim, Pod, PodDisruptionBudget, PodSecurityPolicy, PriorityClass, ReplicaSet, ReplicationController, ResourceQuota, Role, RoleBinding, RuntimeClass, SelfSubjectAccessReview, SelfSubjectRulesReview, Service, ServiceAccount, StatefulSet, StorageClass, SubjectAccessReview, TokenReview, ValidatingWebhookConfiguration and VolumeAttachment

Generate SSL certificates using openssl

October 18, 2021July 1, 2020 by Vamshi Krishna Santhapuri

Generate SSL certificates using openssl with a Certificate Signing Request

The file ca.key and ca.crt are the Certificate Authority

We will be generating the .key and .csr (Certificate Signing Request) files from the below command.

[root@node01 ssl]# openssl req -new -sha256 -newkey rsa:2048 -nodes -keyout linuxcent.com.key -days 365 -out linuxcent.com.csr -sha256 -subj "/C=IN/ST=TG/L=My Location/O=Company Ltd./OU=IT/CN=linuxcent.com/subjectAltName=DNS.1=linuxcent.com"

The resultant files are a PEM certificate request .csr and a Private .key file. Now that we have successfully generated the .csr, we approach a Certificate Authority, Upload our CSR, and purchase the signer certificates along with Intermediate Chain keys for a given Number of days, typically done for 365 Days.

The -days flag is optional, and can be skipped as we are only generating a Signing Request.

Here we can use the openssl command to verify the .csr file that is generated as shown below:

[root@node01 ssl]# openssl req -in linuxcent.com.csr -noout -text
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=IN, ST=TG, L=MY Location, O=Company Ltd., OU=IT, CN=linuxcent.com/subjectAltName=DNS.1=linuxcent.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:00:e4:b4:24:d7:22:ec:5d:c1:37:8c:d1:a0:62:17:
96:24:77:8d:75:4e:d5:74:15:4d:61:e0:8b:66:d6:
                Exponent: 65537 (0x10001)
        Attributes:
            a0:00
    Signature Algorithm: sha256WithRSAEncryption
         87:ef:83:b2:a6:f5:3a:f3:6f:1c:e4:02:ec:bf:5d:75:64:1d:

- OUTPUT TRUNCATED --

In the next section we shall see How the .csr can be signed by a CA to generate a .crt PEM certificate

Signing a .csr with a Certificate Authority [Demo Purpose] – Sample CA files

Here is the process of Generating a Selfsigned certificate(Not to be used on public facing sites)

Now we will using the root ca.key and ca.crt to digitally sign this .csr and generate a .crt PEM certificate

x509 is a Certificate Data Management and Certificate Signing Utility

This generally takes the private key as input, and signs the certificate requests and Converting the certificate to various formats

[root@node01 ssl]# openssl x509 -req -in linuxcent.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out linuxcent.com.crt -days 365 -sha256

-subj "/C=IN/ST=TG/L=My Location/O=Company Ltd./OU=IT/CN=linuxcent.com/subjectAltName=DNS.1=linuxcent.com"

We have generated the .crt file from the .csr

[root@node01 ssl]# ls linuxcent.com.crt linuxcent.com.key 
linuxcent.com.crt linuxcent.com.key

We have successfully generated the linuxcent.com.key file and linuxcent.com.crt, and digitally self signed with the root CA key and certificates.

Generating Self Signed SSL certificates using openssl x509

The x509 is the certificate signing utility we will be using here.\ to generate a PEM certificate

Below is the complete command to generate the ssl self signed certificate.

openssl req -x509 -days 365 -sha1 -newkey rsa:2048 -nodes -keyout linuxcent.com.key -out linuxcent.com.crt -sha256 -subj "/C=IN/ST=State/L=My Location/O=Company Ltd./OU=IT/CN=linuxcent.com/subjectAltName=DNS.1=linuxcent.com"

The Days parameter can be specified to any number of days depending on your requirement

The Self signed certificates are mostly commonly used within the internal network or among small group of familiar individuals like an office for specific purposes and not advised to be used out in the public domain as the browser does not identify the certificate authenticity or the ingenuity of the concerned website. The Self-signed certificates are not validated with any third party until and unless you import them to the browsers previously.

Generating a Wildcard certificate Request.

[root@node01 ssl]# openssl req -new -sha256 -newkey rsa:2048 -nodes -keyout linuxcent.com.key -out linuxcent.com.csr -sha256 -subj "/C=IN/ST=TG/L=My Location/O=Company Ltd./OU=IT/CN=linuxcent.com/subjectAltName=DNS.1=*.linuxcent.com, linuxcent.com"

Mentioning the Alternate Domain as *.linuxcent.com will create a wildcard .CSR

The SANs often seen in shortform to SubjectAltName allows us to secure multiple subdomains using a SSL certificate

The CA signing process of the wildcard is identical and obviously costs more.

Puppet: Error: Could not parse for environment : Illegal class reference

September 20, 2021June 21, 2020 by Vamshi Krishna Santhapuri

The following errors appear due to missing of certain modules.

Error: Could not parse for environment production: Illegal class reference

To resolve this error you need to install the relevant puppet module from the module-repository.

For example :

Error: 'module' has no 'info' action. See `puppet help module`.
[vamshi@node01 manifests]$ puppet module install puppetlabs-stdlib
Notice: Preparing to install into /home/vamshi/.puppetlabs/etc/code/modules ...
Notice: Created target directory /home/vamshi/.puppetlabs/etc/code/modules
Notice: Downloading from https://forgeapi.puppet.com ...
Notice: Installing -- do not interrupt ...
/home/vamshi/.puppetlabs/etc/code/modules
└── puppetlabs-stdlib (v6.3.0)

Settingup the puppet master and puppet client server

June 20, 2020 by Vamshi Krishna Santhapuri

Make sure that you have populated hostname properly on the puppet master server. You can do it with the hostnamectl command.
The hostname assumed by default is “puppet” for your puppet master, but you can give it anyname and reachable over your network to other servers with the mapped FQDN.

Its good practice to setup the /etc/hosts with an alias name called puppet if you are just starting for first time.

Installing the puppet yum repository sources to download the puppet packages.

[root@puppetmaster ~]# sudo rpm -Uvh https://yum.puppet.com/puppet5-release-el-7.noarch.rpm
Retrieving https://yum.puppet.com/puppet5-release-el-7.noarch.rpm
warning: /var/tmp/rpm-tmp.ibJsVY: Header V4 RSA/SHA256 Signature, key ID ef8d349f: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:puppet5-release-5.0.0-12.el7     ################################# [100%]

Installing the Puppet Master service from the yum repository.

[root@puppetmaster ~]# yum install puppetserver

Verify which packages are installed on your machine

[root@puppetmaster ~]# rpm -qa | grep -i puppet
puppetserver-5.3.13-1.el7.noarch
puppet5-release-5.0.0-12.el7.noarch
puppet-agent-5.5.20-1.el7.x86_64

Ensure that you give the following entries updated in the file /etc/puppetlabs/puppet/puppet.conf under the section

[master]
certname = puppetmaster.linuxcent.com
server = puppetmaster.linuxcent.com

Enabling the puppetserver Daemon and starting puppetserver

[root@puppetmaster ~]# systemctl enable puppetserver
[root@puppetmaster ~]# systemctl start puppetserver

The puppet server process starts on the port 8140.

[root@puppetmaster ~]# netstat -ntlp | grep 8140
tcp6       0      0 :::8140                 :::*                    LISTEN      21084/java

Settingup the puppet client.
Installing the yum repository to download the puppet installation packages.

[vamshi@node01 ~]$ sudo rpm -Uvh https://yum.puppet.com/puppet5-release-el-7.noarch.rpm

Installing the puppet agent.

[vamshi@node01 ~]$ sudo yum install puppet-agent

Once we have the puppet agent installed, we need to update the puppet client configuration with the puppetmaster FQDN by updating in the file /etc/puppetlabs/puppet/puppet.conf under the [master] section

[master]
certname = puppetmaster.linuxcent.com
server = puppetmaster.linuxcent.com

Running the puppet agent to setup communication with the puppet master

[vamshi@node01 ~]$ sudo puppet agent --test
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Caching catalog for node01.linuxcent.com
Info: Applying configuration version '1592492078'
Info: Creating state file /opt/puppetlabs/puppet/cache/state/state.yaml
Notice: Applied catalog in 0.02 seconds

With this we have successfully raised the signing request to the master
Listing the puppet agent details on the puppet master.

[root@puppetmaster ~]# puppet cert list --all
  "node01.linuxcent.com" (SHA256) 88:08:8A:CF:E3:5B:57:1C:AA:1C:A3:E5:36:47:60:0A:55:6F:C2:CC:9C:09:E1:E7:85:63:2D:29:36:3F:BF:34

[root@puppetmaster ~]# puppet cert sign node01.linuxcent.com
Signing Certificate Request for:
  "node01.linuxcent.com" (SHA256) 88:08:8A:CF:E3:5B:57:1C:AA:1C:A3:E5:36:47:60:0A:55:6F:C2:CC:9C:09:E1:E7:85:63:2D:29:36:3F:BF:34
Notice: Signed certificate request for node01.linuxcent.com
Notice: Removing file Puppet::SSL::CertificateRequest node01.linuxcent.com at '/etc/puppetlabs/puppet/ssl/ca/requests/node01.linuxcent.com.pem'

Now that we have successfully signed the puppet agent request, we are able to see the + sign on the left side of the agent host name as demonstrated in the following output.

[root@puppetmaster ~]# puppet cert list --all
+ "node01.linuxcent.com" (SHA256) 15:07:C2:C1:51:BA:C1:9C:76:06:59:24:D1:12:DC:E2:EE:C1:47:35:DD:BD:E8:79:1E:A5:9E:1D:83:EF:D1:61

The respective ssl signed requests will be saved under the location /etc/puppetlabs/puppet/ssl/ca/signed

[root@node01 signed]# ls
node01.linuxcent.com.pem  puppet.linuxcent.com.pem

To clean up and agent certificates

puppet cert clean node01.linuxcent.com

Which will remove the agent entries from the puppetmaster records and a new certificate request is required to be added to this puppetmaster.

The autosign.conf can also be used if you are going to manage a huge farm of puppet clients, and the manual signing of clients becomes are tedious task, We can setup the whiledcard like *.linuxcent.com to auto approve the signing requests originating from the client hosts present in the network domain of linuxcent.com.

nginx reverse proxy setup for kibana dashboard

June 7, 2020 by Vamshi Krishna Santhapuri

How to Setup Nginx Reverse proxy for Kibana.

In this demonstration we will see how to setup the reverse proxy using the nginx webserver to the backend kibana.

We begin by installing the latest version of nginx server on our centos server:

$ sudo yum install nginx -y

The nginx package is going to be present in the epel-repo and you have to enable it.

$ sudo yum --enablerepo=epel install nginx -y

Once the nginx package is installed we need to enable to Daemon and start it with the following command:

[vamshi@node01 ~]$ sudo systemctl enable nginx --now
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.

We now add the create the nginx configuration file for kibana backend, and place it under the location /etc/nginx/conf.d/kibana as shown below:

We can setup the Restricted Access configuration if needed for enhanced security as shown below on the line with auth_basic and auth_basic_user_file, You may skip the Restricted Access configuration if you believe it is now required.

[vamshi@node01 nginx]$ sudo cat conf.d/kibana.conf
server {
    listen 80;
    server_name localhost;
    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/.htpasswd;
    location / {
        proxy_pass http://localhost:5601;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

With the configuration in place .. we now check the nginx config syntax using the -t option as shown below:

[vamshi@node01 nginx]$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Now restart the nginx server and head over to the browser.

$ sudo systemctl restart nginx

On you Browser enter the server ip or FQDN. and you will be auto redirected to the url http://your-kibana-server.com/app/kibana#/home
kibana-home

Setup htacess authorization config with user details.

We now install the htpasswd tool from the package httpd-tools as follows:

$ sudo yum install httpd-tools -y

Adding the Authorization details to our .htpasswd file.

[vamshi@node01 nginx]$ sudo htpasswd -c /etc/nginx/.htpasswd vamshi
New password: 
Re-type new password: 
Adding password for user vamshi

So We have now successfully added the Auth configuration

[vamshi@node01 nginx]$ sudo htpasswd -n /etc/nginx/.htpasswd 
New password: 
Re-type new password: 
/etc/nginx/.htpasswd:$apr1$tlinuxcentMY-htpassEsHEEanL21

As the password is 1 way encryption we cannot decode it and are required to generate new hash.
Verifying the htpasswd configuration logins from the curl command:

$ curl http://kibana-url -u<htpasswd-username>

[vamshi@node01 ~]$ curl kibana.linuxcent.com -uvamshi -I
Enter host password for user 'vamshi':
HTTP/1.1 302 Found
Server: nginx/1.16.1
Date: Thu, 07 Apr 2020 17:48:35 GMT
Content-Length: 0
Connection: keep-alive
location: /spaces/enter
kbn-name: kibana
kbn-license-sig: 2778f2f7e07680b7aefa85db2e7ce7bd33da5592b84cefe62efa8
kbn-xpack-sig: ce2a76732a2f58fcf288db70ad3ea
cache-control: no-cache

If you tend to enter the invalid credentials you will encounter a 401 http error code Restricting the Unauthorized access.

HTTP/1.1 401 Unauthorized
Server: nginx/1.16.1
Date: Thu, 07 Apr 2020 17:51:36 GMT
Content-Type: text/html
Content-Length: 179
Connection: keep-alive
WWW-Authenticate: Basic realm="Restricted Access"

Now we head over to the browser to check the htaccess login page in action as shows follows:
http://your-kibana-server.com
kibana-htpasswd-prompt
Conclusion: With the htpasswd in place, it provides an extra layer of authorized access to your sensitive urls.. in effect now you need to enter the htpasswd logins to access the same kibana dashboard.

Setting filebeat for log shipping to elasticsearch

September 20, 2021June 5, 2020 by Vamshi Krishna Santhapuri

In this blog we will setup the basic filebeat configuration to export the logs to elastic search and create an index in the elasticsearch server.

We will install the standard linux tar file installation of filebeat.

Mounting the external volumes to jenkins docker container

May 29, 2020May 28, 2020 by Vamshi Krishna Santhapuri

Creating a docker volume

To use the external volume for our future container, we need to format a filesystem on the volume.
We use the ext4 filesystem to format our block device, we will demonstrate that as follows:

vamshi@node03:~$ sudo mkfs.ext4 /dev/sdb
mke2fs 1.43.4 (31-Jan-2017)
Discarding device blocks: done
Creating filesystem with 524288 4k blocks and 131072 inodes
Filesystem UUID: bc335e44-d8e9-4926-aa0a-fc7b954c28d1
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912

Allocating group tables: done
Writing inode tables: done
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done

Here is the command to create a volume by mentioning the path to the block device and using it in the local scope

docker volume create jenkins_vol1 --driver local --opt device=/dev/sdb
jenkins_vol1

We have successfully creates a docker volume using a block device.

Inspecting the docker volume that is created:

vagrant@node03:~$ docker volume inspect jenkins_vol1
[
    {
        "CreatedAt": "2020-05-12T17:22:11Z",
        "Driver": "local",
        "Labels": {},
        "Mountpoint": "/var/lib/docker/volumes/jenkins_vol1/_data",
        "Name": "jenkins_vol1",
        "Options": {
            "device": "/dev/sdb",
            "type": "ext4"
        },
        "Scope": "local"
    }
]

Creating my jenkins container which will use the docker volume jenkins_vol1 and mount it to /var/jenkins_home/.m2

docker run -d -p 8080:8080 --name jenkins --mount 'type=volume,src=temp_vol,dst=/var/jenkins_home/.m2,
volume-driver=local' jenkins:latest

We have successfully started our container and now lots login to the container and check our volume.

jenkins@fc2c49313ddb:/$ df -hT
Filesystem     Type     Size  Used Avail Use% Mounted on
overlay        overlay   29G  4.9G   23G  18% /
tmpfs          tmpfs     64M     0   64M   0% /dev
tmpfs          tmpfs    970M     0  970M   0% /sys/fs/cgroup
shm            tmpfs     64M     0   64M   0% /dev/shm
/dev/sda3      ext4      29G  4.9G   23G  18% /var/jenkins_home
/dev/sdb       ext4     2.0G  6.0M  1.8G   1% /var/jenkins_home/.m2
tmpfs          tmpfs    970M     0  970M   0% /proc/acpi
tmpfs          tmpfs    970M     0  970M   0% /sys/firmware

As we can see from the output the mount point /var/jenkins_home/.m2 is mounted with block device /dev/sdb using a ext4 filesystem

/dev/sdb ext4 2.0G 6.0M 1.8G 1% /var/jenkins_home/.m2

Creating a 200MB temp filesystem volume.

docker volume create --name temp_vol --driver local --opt type=tmpfs --opt device=tmpfs --opt o=size=200m

The inspect of the temp_vol we created is as follows:

vamshi@node03:~$ docker volume inspect temp_vol
[
    {
        "CreatedAt": "2020-05-02T17:31:01Z",
        "Driver": "local",
        "Labels": {},
        "Mountpoint": "/var/lib/docker/volumes/temp_vol/_data",
        "Name": "temp_vol",
        "Options": {
            "device": "tmpfs",
            "o": "size=100m,uid=1000",
            "type": "tmpfs"
        },
        "Scope": "local"
    }
]

docker run -d -p 8080:8080 --name jenkins --mount 'type=volume,src=jenkins_vol1,dst=/var/jenkins_home/.m2,volume-driver=local' jenkins:latest

vamshi@node03:~$ docker exec -it jenkins bash
jenkins@2267ba462aa2:/$ df -hT
Filesystem     Type     Size  Used Avail Use% Mounted on
overlay        overlay   29G  4.9G   23G  18% /
tmpfs          tmpfs     64M     0   64M   0% /dev
tmpfs          tmpfs    970M     0  970M   0% /sys/fs/cgroup
shm            tmpfs     64M     0   64M   0% /dev/shm
/dev/sda3      ext4      29G  4.9G   23G  18% /var/jenkins_home
tmpfs          tmpfs    100M     0  100M   0% /var/jenkins_home/.m2
tmpfs          tmpfs    970M     0  970M   0% /proc/acpi
tmpfs          tmpfs    970M     0  970M   0% /sys/firmware
jenkins@2267ba462aa2:/$ exit

Here is shows the mount point details:

tmpfs tmpfs 200M 0 200M 0% /var/jenkins_home/.m2

Please note the mount point /var/jenkins_home/.m2 which has 200MB space as defined.

Thus we can make use of the docker volumes and use the persistent fileystems and attach the block disks to a running container.

Create a user and Grant privileges in mysql database

May 28, 2020May 27, 2020 by Vamshi Krishna Santhapuri

mysql database user creation

The user creation process in mysql is one of the most important steps in Database administration.
Below we will list some of the Important terms of Authentication, Authorization with practical demonstration.
The process of gaining access to the database engine with an active login credentials and a login request from a trusted source network ensures Authentication.

The part where in the user is allowed to access certain tables in databases or the whole or part of the Databases determines Authorization.

In SQL administration, The user creation process involves Authentication and Authorization with a practical implementation of a unique username id, identified by the password, the critical component is the source network identification if logging from remote hosts. The permission to specific databases ensuring the least privileges based on the desired role is one of best the practices

Let’s connect using root access to the MySQL Command-Line Tool

[vamshi@mysql01 linuxcent]$ mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 14
Server version: 8.0.19 MySQL Community Server - GPL


Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

How to create a new mysql user and Grant the privileges

Sample Syntax:

CREATE USER 'mysql_user'@'hostname' IDENTIFIED BY 'user_password';

It is important to understand that the ‘username’ @ ‘hostname’ is a unique entry of identification pattern for Authenticating to the mysql engine.

The hostname field accepts the values such as [/code]“ip address” / 10.100.0.0/24 / localhost [/code]

And only the incoming requests will be allowed matching the user name.

The syntax for creating a user on mysql goes as follows:

Enabling access for a source of localhost identified by the authentication information

CREATE USER 'vamshi'@'localhost' IDENTIFIED BY 'user_password';

Enabling access for a source IP range of 10. network identified with /24 CIDR followed by the authentication information

CREATE USER 'vamshi'@'10.100.0.0/24' IDENTIFIED BY 'user_password';

Enabling access for a source IP range of specific hostname identified the authentication information

CREATE USER 'vamshi'@'hostname' IDENTIFIED BY 'user_password';

The First step of user access is done, Now we need to grant the access to the Databases, which grants the Privileges to perform actions on the DB by the new user.

Granting Privileges

This section deals with the Authorization;

On the mysqlcli prompt, you would need to issue the GRANT command with appropriate access permissions.

What are Privileges types in mysql?

The Grant Authorizes the Following actions

Like the ability to CREATE tables and databases, read or write FILES, and then even SHUTDOWN the server.

The most commonly used privileges are:

ALL PRIVILEGES: Grants all privileges to a user account.
SELECT: The user account is allowed to read a database.
INSERT: The user account is allowed to insert rows into a specific table.
UPDATE: The user account is allowed to update table rows.
CREATE: The user account is allowed to create databases and tables.
DROP: The user account is allowed to drop databases and tables.
DELETE: The user account is allowed to delete rows from a specific table.
PROCESS: The user is allowed to get the information about the threads executing within the server
SHUTDOWN: The user is allowed to use of the SHUTDOWN and RESTART statements within the server.

Now it’s time to grant the privileges to the new user on a tables belonging to a Database or all the tables on a given database;

Here’s what the Simple GRANT SQL statement looks like:

GRANT ALL PRIVILEGES ON Database_name.Table_name TO 'user@'hostname' ;

Let’s break this down and understand what we just told MySQL to do.

GRANT ALL PRIVILEGES (ALL types of Privileges) for only the given Database_Name and given Table_Name to the user Identified by ‘user@’hostname’

The Database_name and the Table_name can be replaced by the wildcard * means to every Database and Table in the Database respectively.

*.* to specify all databases on the server

database_name.* to specify all tables in one database

database_name.table_name to specify all columns of one table

The Privileges assigned to user while connecting from the source hostname can be a IP address / IP address range 10.100.0.0/24 or a DNS name or simple ‘%’ to allow access from anywhere.

Now For simplicity sake we can simulate the user vamshi will need access to only operate on the sales section of the reports Database.

GRANT ALL PRIVILEGES ON reports.sales TO 'joe@'mysql2.linuxcent.com';

What the above command does is to provide only login access to joe from mysql2.linuxcent.com and access the reports table from sales Database.

By replacing the database name with wildcard * will provide the privileges equivalent super_user level access.

This can be demonstrated as follows:

GRANT ALL PRIVILEGES ON *.* TO 'vamshi'@'%';

GRANT INSERT, UPDATE, DELETE ON reports.* to 'vamshi'@'%';

How to Create Another non-root MYSQL DB Super User

This is just as a security measure whilst disabling the root login to the mysql engine.

GRANT ALL PRIVILEGES ON *.* TO 'vamshi_superuser'@'%';

Display MySQL User Account Privileges

To Display the Privileges granted to specific Mysql user Account, use the command SHOW GRANTS.

mysql> SHOW GRANTS FOR 'root'@'localhost' \G;
*************************** 1. row ***************************
Grants for root@localhost: GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `root`@`localhost` WITH GRANT OPTION
*************************** 2. row ***************************

Now to compare the results

Saving Your Changes to the MYSQL database

The changes made so far are to be saved to the special user database called the grant tables, In total there are 5 special tables in the mysql database such as

user
db
host
tables_priv
columns_priv

We commit the changes by issuing the FLUSH PRIVILEGES command at the mysql prompt:

mysql> flush privileges ;
Query OK, 0 rows affected (0.01 sec)