Manage Passwords in Linux Ecosystem with Pass Utility

May 20, 2021May 18, 2021 Mohit GoyalLeave a comment

Password based authentications are very common. However storing and securing passwords is an hassle. There are already too many offline and online only services, which does this work for you. Others are more feature-rich and offer lot of other features. If you work in an offline (or air-gap, disconnected from internet, etc) environment, you can use a simple open source utility called pass. It can be used to store each password as a separate file with gpg encryption. It is CLI based, but there are GUI extensions available and has a lot of support in the community.

Also with git, you can choose to sync the encrypted passwords with internal source repos as well, so that you can get all benefits of gitops as well.

Get a grip on searching file contents with grep

May 12, 2021May 12, 2021 Mohit GoyalLeave a comment

Who doesn’t have to search files for specific content in them. At some point, when working with computers, you would like to find files containing specific text/data/string/content/information or whatever term you use. Linux users have always boasted of being able to use grep utility. Windows users have relied on finding files using easy user interface and Select-String cmdlet. With WSL2, you can use traditional linux utilities to assist with your work on Windows OS as well. Let’s see the few variants of grep to help us searching the information that we seek.

Spinning up and Managing Pods with multiple containers with Podman

April 23, 2021April 23, 2021 Mohit Goyal5 Comments

docker-compose is a popular choice to spin up applications needing multiple containers and run them. It allows to define the configuration in a simple yaml format and with few commands, you can create/manage all your application containers at once. Podman does not have a counterpart to the docker-compose command. There is a project in the works called podman-compose, which is supposed to do the same basic thing as docker-compose.

However Podman uses a concept called pods. Pods are a way of grouping containers together inside their own namespace, network, and security context. You can start and stop the whole pod at once to manage your application.

Unsharing is Caring – User Namespace, Rootless containers and Security

April 20, 2021April 20, 2021 Mohit GoyalLeave a comment

Those who have been working with containers, have long been worried about security aspects associated with underlying containers. One of the vulnerability associated with containers is with running containers as root user. Containers have often required to do some privileged tasks such as mount filesystems, associated with packet route tables on the host networks etc which have historically needed privileged access on the underlying host machine. So this has allowed malicious actors to try to exploit vulnerabilities in containers host.

With rootless containers, we are slowly shifting to overcome this scenario. Rootless containers refers to the ability for an unprivileged user to create, run and otherwise manage containers. This term also includes the variety of tooling around containers that can also be run as an unprivileged user.

Generate passwords and encrypt/decrypt content in Linux

April 16, 2021April 16, 2021 Mohit GoyalLeave a comment

OpenSSL is one of the utilities available with all major Linux distributions. We can use the same to encrypt and decrypt passwords in Linux to protect sensitive data.

Generate Random Passwords

We can utilities like mkpasswd or pwgen to generate random passwords if needed:

Another blog on docker depreciation in Kubernetes and what needs to be done about it

March 30, 2021March 18, 2021 Mohit GoyalLeave a comment

In the Kubernetes release v1.20, the development team has marked dockershim as deprecated. There was initially some shock and confusion, as it was perceived that team is moving away from docker completely, however that is not the case. As its turns out, what the team is doing, is steering the Kubernetes away from the proprietary parts of Docker or Docker Engine or just simply called Docker. The Docker Engine is further comprised of many different sub-components like dockerd, containerd, runc etc., many of which were initially developed by Docker Inc and then given away to community. These were later standardized and maintained by the community.

The Kubernetes community has written a detailed blog post about deprecation with a dedicated FAQ page for it. This blog post is being written to understand the impact and what needs to be done about it. Depending on how do you use Docker, think and understand about it, you may or may not have to do anything about it or get worried about sleepless nights.

Working with arguments in Bash Scripting

March 25, 2021March 14, 2021 Mohit GoyalLeave a comment

Bash scripting has many special shell variables like $*, $#, $?, etc. to help users write more powerful and versatile scripts. One can code for many scenarios, using these shell variables, which are otherwise not possible.

One of the common requirements is to write a more generic code and run it specifically using the arguments supplied at the run time. Since script users can’t be always trusted with supplying all arguments properly, its beneficial to adjust script to properly check for conditions like how many arguments are supplied, if arguments are proper, etc. Since bash also does not natively offer a way to write parameters for the scripts, you also need to process the arguments in the correct order. For this, bash offers special variables $1, $2…$9 as positional parameters.

Setup Local Kubernetes Cluster with Docker, WSL2 and KinD

March 19, 2021March 19, 2021 Mohit Goyal3 Comments

Kubernetes has raced ahead of other container management platforms in last few years. However there remain difficulties in setup and running multi node clusters for developers to test their container workloads. Many organizations come around this by provisioning separate kubernetes clusters for devs. Some other go to the extent of provisioning one kubernetes cluster per developer. However it soon becomes additional hassle for devs and ops alike and also keeps contributing to company’s rising cost.

Minikube is one of solutions that can be used to solve this scenario but minikube is limited to single node setup. But to gain Kubernetes experience, most need to run multi node solutions or clusters. KinD is a tool which can be used for running local Kubernetes clusters using Docker container nodes. KinD was primarily designed for testing Kubernetes itself, but may be used for local development or CI.

mohitgoyal.co

#Cloud #Devops #Automation #SRE

Tag: Linux