--- tags: office, company, plan, todolist --- # SIS ToDo List 1. Budget Plan 2. Portal Login List 3. Inventory List 4. Renewal List 5. Document - Shudown Procedure 6. Document - Onboard Offboard --- # CentOS with Docker ```linux= sudo yum install -y yum-utils sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo sudo yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin sudo systemctl enable docker sudo systemctl start docker ``` --- ## Home Assistant with storage on home folder ```linux= sudo docker run -d --name homeassistant -v `pwd`:`pwd` -w `pwd` -p 8123:8123 -it ghcr.io/home-assistant/home-assistant:stable sudo firewall-cmd --zone=public --add-port=8123/tcp --permanent sudo firewall-cmd --reload ``` --- ## Snipe-IT with custome DB :::info Old version of docker cant mount ::: ```linux= sudo docker run --name snipe-mysql --env-file=/home/adminpi/my.env --mount source=snipesql-vol,target=/var/lib/mysql -d -P hypriot/rpi-mysql ``` --- ## Inventree source: https://docs.inventree.org/en/latest/start/docker_prod/ :::info use if not install rust complier "export CRYPTOGRAPHY_DONT_BUILD_RUST=1" ::: ```linux= curl https://sh.rustup.rs -sSf | sh sudo docker build . --target development -t inventree:development ``` --- ## Nagios Docker Source: https://github.com/tgoetheyn/Docker-NagiosXI http://10.0.30.151:8080/ Login: nagiosadmin / nagios ```linux= sudo docker run --name nagios4 --privileged=true -v `pwd`:`pwd` -w `pwd` -itd -p 0.0.0.0:8080:80 jasonrivers/nagios:latest ``` --- ## Prometheus + Grafana + InfluxDB ### Prometheus Source: https://prometheus.io/docs/introduction/overview/ ```linux= mkdir prometheus vi prometheus.yml docker run -p 9090:9090 --name prometheus -v /home/admin/prometheus:/etc/prometheus -itd prom/prometheus ``` ### Grafana Login: admin Source: https://grafana.com/docs/grafana/latest/setup-grafana/installation/docker/ ```linux= docker run -p 3000:3000 --name=grafana -itd grafana/grafana-enterprise ``` ### InfluxDB source: https://docs.influxdata.com/influxdb/v2.0/install/?t=Docker ```linux= mkdir influxdb-docker-data-volume && cd $_ docker run --name influxdb -p 8086:8086 --volume $PWD:/var/lib/influxdb2 -itd influxdb:latest ``` ## Elastic Source: https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html#_install_docker_desktop_or_docker_engine ::: info Prerequest to enable more virtual ram edit sysctl.conf vm.max_map_count = 270000 Create Elastic node 1 with port 9200 and named es01 Generate enrollment key with script provided Create Elastic node 2 named es02 by enrollment key Create Kibana with port 5601 and named kib-01 Generate enrollment key and token on both es01 and kib-01 Match Elastic with Kibana by enrollment key and token on Kibana portal Reset user password ::: ```linux= sudo vi /etc/sysctl.conf sudo sysctl -p sudo docker network create elastic sudo docker run --name es01 --net elastic -p 9200:9200 -itd docker.elastic.co/elasticsearch/elasticsearch:8.5.3 sudo docker exec -it es01 /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node sudo docker run -e ENROLLMENT_TOKEN="<token>" --name es02 --net elastic -itd docker.elastic.co/elasticsearch/elasticsearch:8.5.3 sudo docker run --name kib-01 --net elastic -p 5601:5601 -itd docker.elastic.co/kibana/kibana:8.5.3 sudo docker exec -it es01 /usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana sudo docker exec -it kib-01 /usr/share/kibana/bin/kibana-verification-code sudo docker exec -it es01 /usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic -i ``` Can use docker-compose to setup elastic and kibana :::info :bulb: **docker-compose.yml** ```yaml= version: "2.2" services: setup: image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} volumes: - certs:/usr/share/elasticsearch/config/certs user: "0" command: > bash -c ' if [ x${ELASTIC_PASSWORD} == x ]; then echo "Set the ELASTIC_PASSWORD environment variable in the .env file"; exit 1; elif [ x${KIBANA_PASSWORD} == x ]; then echo "Set the KIBANA_PASSWORD environment variable in the .env file"; exit 1; fi; if [ ! -f config/certs/ca.zip ]; then echo "Creating CA"; bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip; unzip config/certs/ca.zip -d config/certs; fi; if [ ! -f config/certs/certs.zip ]; then echo "Creating certs"; echo -ne \ "instances:\n"\ " - name: es01\n"\ " dns:\n"\ " - es01\n"\ " - localhost\n"\ " ip:\n"\ " - 127.0.0.1\n"\ " - name: es02\n"\ " dns:\n"\ " - es02\n"\ " - localhost\n"\ " ip:\n"\ " - 127.0.0.1\n"\ " - name: es03\n"\ " dns:\n"\ " - es03\n"\ " - localhost\n"\ " ip:\n"\ " - 127.0.0.1\n"\ > config/certs/instances.yml; bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key; unzip config/certs/certs.zip -d config/certs; fi; echo "Setting file permissions" chown -R root:root config/certs; find . -type d -exec chmod 750 \{\} \;; find . -type f -exec chmod 640 \{\} \;; echo "Waiting for Elasticsearch availability"; until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done; echo "Setting kibana_system password"; until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done; echo "All done!"; ' healthcheck: test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"] interval: 1s timeout: 5s retries: 120 es01: depends_on: setup: condition: service_healthy image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} volumes: - certs:/usr/share/elasticsearch/config/certs - esdata01:/usr/share/elasticsearch/data ports: - ${ES_PORT}:9200 environment: - node.name=es01 - cluster.name=${CLUSTER_NAME} - cluster.initial_master_nodes=es01,es02,es03 - discovery.seed_hosts=es02,es03 - ELASTIC_PASSWORD=${ELASTIC_PASSWORD} - bootstrap.memory_lock=true - xpack.security.enabled=true - xpack.security.http.ssl.enabled=true - xpack.security.http.ssl.key=certs/es01/es01.key - xpack.security.http.ssl.certificate=certs/es01/es01.crt - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt - xpack.security.http.ssl.verification_mode=certificate - xpack.security.transport.ssl.enabled=true - xpack.security.transport.ssl.key=certs/es01/es01.key - xpack.security.transport.ssl.certificate=certs/es01/es01.crt - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt - xpack.security.transport.ssl.verification_mode=certificate - xpack.license.self_generated.type=${LICENSE} mem_limit: ${MEM_LIMIT} ulimits: memlock: soft: -1 hard: -1 healthcheck: test: [ "CMD-SHELL", "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'", ] interval: 10s timeout: 10s retries: 120 es02: depends_on: - es01 image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} volumes: - certs:/usr/share/elasticsearch/config/certs - esdata02:/usr/share/elasticsearch/data environment: - node.name=es02 - cluster.name=${CLUSTER_NAME} - cluster.initial_master_nodes=es01,es02,es03 - discovery.seed_hosts=es01,es03 - bootstrap.memory_lock=true - xpack.security.enabled=true - xpack.security.http.ssl.enabled=true - xpack.security.http.ssl.key=certs/es02/es02.key - xpack.security.http.ssl.certificate=certs/es02/es02.crt - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt - xpack.security.http.ssl.verification_mode=certificate - xpack.security.transport.ssl.enabled=true - xpack.security.transport.ssl.key=certs/es02/es02.key - xpack.security.transport.ssl.certificate=certs/es02/es02.crt - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt - xpack.security.transport.ssl.verification_mode=certificate - xpack.license.self_generated.type=${LICENSE} mem_limit: ${MEM_LIMIT} ulimits: memlock: soft: -1 hard: -1 healthcheck: test: [ "CMD-SHELL", "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'", ] interval: 10s timeout: 10s retries: 120 es03: depends_on: - es02 image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} volumes: - certs:/usr/share/elasticsearch/config/certs - esdata03:/usr/share/elasticsearch/data environment: - node.name=es03 - cluster.name=${CLUSTER_NAME} - cluster.initial_master_nodes=es01,es02,es03 - discovery.seed_hosts=es01,es02 - bootstrap.memory_lock=true - xpack.security.enabled=true - xpack.security.http.ssl.enabled=true - xpack.security.http.ssl.key=certs/es03/es03.key - xpack.security.http.ssl.certificate=certs/es03/es03.crt - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt - xpack.security.http.ssl.verification_mode=certificate - xpack.security.transport.ssl.enabled=true - xpack.security.transport.ssl.key=certs/es03/es03.key - xpack.security.transport.ssl.certificate=certs/es03/es03.crt - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt - xpack.security.transport.ssl.verification_mode=certificate - xpack.license.self_generated.type=${LICENSE} mem_limit: ${MEM_LIMIT} ulimits: memlock: soft: -1 hard: -1 healthcheck: test: [ "CMD-SHELL", "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'", ] interval: 10s timeout: 10s retries: 120 kibana: depends_on: es01: condition: service_healthy es02: condition: service_healthy es03: condition: service_healthy image: docker.elastic.co/kibana/kibana:${STACK_VERSION} volumes: - certs:/usr/share/kibana/config/certs - kibanadata:/usr/share/kibana/data ports: - ${KIBANA_PORT}:5601 environment: - SERVERNAME=kibana - ELASTICSEARCH_HOSTS=https://es01:9200 - ELASTICSEARCH_USERNAME=kibana_system - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD} - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt mem_limit: ${MEM_LIMIT} healthcheck: test: [ "CMD-SHELL", "curl -s -I http://localhost:80 | grep -q 'HTTP/1.1 302 Found'", ] interval: 10s timeout: 10s retries: 120 volumes: certs: driver: local esdata01: driver: local esdata02: driver: local esdata03: driver: local kibanadata: driver: local ``` :bulb: **.env** ```code= # Password for the 'elastic' user (at least 6 characters) ELASTIC_PASSWORD=SIShk123456 # Password for the 'kibana_system' user (at least 6 characters) KIBANA_PASSWORD=SIShk123456 # Version of Elastic products STACK_VERSION=8.5.3 # Set the cluster name CLUSTER_NAME=docker-cluster # Set to 'basic' or 'trial' to automatically start the 30-day trial #LICENSE=basic LICENSE=trial # Port to expose Elasticsearch HTTP API to the host ES_PORT=9200 #ES_PORT=127.0.0.1:9200 # Port to expose Kibana to the host #KIBANA_PORT=5601 KIBANA_PORT=80 # Increase or decrease based on the available host memory (in bytes) MEM_LIMIT=1073741824 # Project namespace (defaults to the current folder name if not set) #COMPOSE_PROJECT_NAME=SISProd ``` ::: ## MySQL docker compose source: https://hub.docker.com/_/mysql :::info :blub: **.yml** ```code= # Use root/example as user/password credentials version: '3.1' services: db: image: mysql # NOTE: use of "mysql_native_password" is not recommended: https://dev.mysql.com/doc/refman/8.0/en/upgrading-from-previous-series.html#upgrade-caching-sha2-password # (this is just an example, not intended to be a production configuration) command: --default-authentication-plugin=mysql_native_password restart: always environment: MYSQL_ROOT_PASSWORD: example adminer: image: adminer restart: always ports: - 8080:8080 ``` ::: ```linux= docker-compose -f mysql.yml up -d ``` ## OCS Inventory docker run \ -p 8082:80 \ -p 8443:443 \ --name ocs \ -e OCS_DB_NAME=ocs \ -e OCS_DB_SERVER=172.20.0.2 \ -e OCS_DB_PORT=3306 \ -e OCS_DB_USER=root \ -e OCS_DB_PASS=password \ -itd \ ocsinventory/ocsinventory-docker-image ## Update Docker CA ```linux= mkdir -p /etc/pki/ca-trust/source/anchors cd /etc/pki/ca-trust/source/anchors ``` ```linux= curl -k https://registry-1.docker.io/ca -o /etc/pki/ca-trust/source/anchors/registry-1.docker.io.crt ls -ltr chmod +x /etc/pki/ca-trust/source/anchors/registry-1.docker.io.crt ``` ```linux= sudo update-ca-trust systemctl restart docker.service ``` ## Inventree