Docker push – Error – requested access to the resource is denied

Docker push – Error – requested access to the resource is denied

exact error:  Error: writing blob: initiating layer upload to /v2/shaikabuthagirs/myrepo/blobs/uploads/ in registry-1.docker.io: requested access to the resource is denied

Cause:

While i’m using simply below command to establish connection with hub.docker.com, it is connecting with some other repository instead of docker.io

#docker login

because of the, we are getting above error while trying to push image from server to hub.docker.com

Solution:

We need to login to docker.io repository to fix this issue. So for that we need to mention the repository as well along with #docker login command like below

[ec2-user@ip-172-31-40-126 ~]$ docker login -u shaikabuthagirs -p "Thagir@56" docker.io
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
Login Succeeded!

Now create tag before pushing it to hub and below is the command

[ec2-user@ip-172-31-40-126 nginx]$ docker images
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/mynginx latest 136dabf8f70c 17 minutes ago 196 MB

#docker tag mynginx:latest shaikabuthagirs/nginx:v1

mynginx :latest  ->  my customized image: tag name(This can be like versioning and you can name it as per your own requirement)

shaikabuthagirs/nginx:v1  ->  shaikabuthagirs(My docker hub account name)/nginx(repository which I created in my account):v1(tag name. As I said im using here as version 1)

After tag creation i’m listing images again

[ec2-user@ip-172-31-40-126 nginx]$ docker images
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/shaikabuthagirs/nginx v1 136dabf8f70c 19 minutes ago 196 MB
localhost/mynginx latest 136dabf8f70c 19 minutes ago 196 MB

You can see the tagged image showing now and now we can push it to docker hub using below command

[ec2-user@ip-172-31-40-126 nginx]$ docker push shaikabuthagirs/nginx:v1
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
Getting image source signatures
Copying blob bd98674871f5 skipped: already exists
Copying blob 2b99b9c5d9e5 skipped: already exists
Copying blob 1e109dd2a0d7 skipped: already exists
Copying blob ec04bab23527 skipped: already exists
Copying blob 566e42bcee1c skipped: already exists
Copying blob da8cc133ff82 skipped: already exists
Copying blob 7753612990f4 done |
Copying blob c44f27309ea1 skipped: already exists
Copying config 136dabf8f7 done |
Writing manifest to image destination
[ec2-user@ip-172-31-40-126 nginx]$

Now the image has been pushed into the hub.docker.com and see the below screenshot after the push

push-image-hub.docker.com

Thanks for reading the post and looking for your support always!

 

 

Failed to connect to repository : Error performing git command: git ls-remote -h https://[email protected]/ssabuthagir/devops.git

Hi  Guys, We are going to give a solution for below error while adding git repository in Jenkins

Failed to connect to repository : Error performing git command: git ls-remote -h https://[email protected]/ssabuthagir/devops.git HEAD

Mostly  we will find this error while adding git repository  in Jenkins.

Basically to integrate any tool with Jenkins, we have to install respective plugins. But, for git it is already installed when we initiate “Install Suggested plugin” option when we login first time in Jenkins dashboard after Installation & Configuration of Jenkins.

Now will come to solution for this error.

Solutions 1: 

Basically git should be installed in same server where the Jenkins installed & configured.

Because while adding our git repo Jenkins will issue git command to check whether that repo is accessible or not by using below command

git ls-remote -h <git_repo_url>

this command will not work when we use this on server which is not installed with git. Because in Jenkins we need to provide git path even if it is installed or still getting error.

Solutions 1: 

Below is the location where need to mention the path in Jenkins

Goto -> <Jenkins_URL> -> Dashboard -> Tools -> Git Installation

Under “Git Installation” git will mentioned in a text box there we need to provide the git absolute path

Then Apply & Save

Failed to connect repoFailed to connect repo

 

Failed to connect repoThanks for reading this post. Expecting your support in future too.

 

A managed resource “aws_subnet” “pubsubnet” has not been declared in the root module.

Hi Techies,

We are going to see how to resolve ‘A managed resource “aws_subnet” “pubsubnet” has not been declared in the root module.’  error while using terraform to create 2 EC2 instance with VPC in AWS

code:

resource "aws_instance" "pub_instance" {
ami = "ami-033fabdd332044f06"
instance_type = "t2.micro"
availability_zone = "us-east-2a"
associate_public_ip_address = "true"
vpc_security_group_ids = [aws_security_group.PUBSG.id]
subnet_id = aws_subnet.pubsubnet.id
key_name = "Terraform_Srv"

tags = {
Name = "WEBSERVER"
}

}

resource "aws_instance" "pvt_instance" {
ami = "ami-033fabdd332044f06"
instance_type = "t2.micro"
availability_zone = "us-east-2b"
associate_public_ip_address = "true"
vpc_security_group_ids = [aws_security_group.PVTSG.id]
subnet_id = aws_subnet.pvtsubnet.id
key_name = "Terraform_Srv"

tags = {
Name = "APPSERVER"
}

Error:

[root@ip-172-31-7-226 terraform]# terraform apply
╷
│ Error: Reference to undeclared resource
│
│ on main.tf line 163, in resource "aws_instance" "pub_instance":
│ 163: subnet_id = aws_subnet.pubsubnet.id
│
│ A managed resource "aws_subnet" "pubsubnet" has not been declared in the root module.
╵
╷
│ Error: Reference to undeclared resource
│
│ on main.tf line 178, in resource "aws_instance" "pvt_instance":
│ 178: subnet_id = aws_subnet.pvtsubnet.id
│
│ A managed resource "aws_subnet" "pvtsubnet" has not been declared in the root module.

After checking the full code of script, found that I have declared the names like PUBSUB & PVTSUB for public and private subnet wiseversa.

But I wrongly mentioned like pubsubnet & pvtsubnet in the EC2 instance creation. So, after renaming it to correctly like below it is fixed.

subnet_id = aws_subnet.pubsubnet.id
subnet_id = aws_subnet.pubsubnet.id

modified like below based on the declared name inn previous code

subnet_id = aws_subnet.PUBSUB.id
subnet_id = aws_subnet.PVTSUB.id

Result:

After changing the error was fixed and find the below result

aws_instance.pvt_instance: Creating...
aws_instance.pub_instance: Creating...
aws_route_table.PVTRT: Modifying... [id=rtb-05ab30d4598210e59]
aws_route_table.PVTRT: Modifications complete after 0s [id=rtb-05ab30d4598210e59]
aws_instance.pub_instance: Still creating... [10s elapsed]
aws_instance.pvt_instance: Still creating... [10s elapsed]
aws_instance.pvt_instance: Still creating... [20s elapsed]
aws_instance.pub_instance: Still creating... [20s elapsed]
aws_instance.pub_instance: Still creating... [30s elapsed]
aws_instance.pvt_instance: Still creating... [30s elapsed]
aws_instance.pvt_instance: Creation complete after 31s [id=i-096c28fbbaeff8a42]
aws_instance.pub_instance: Creation complete after 31s [id=i-0f745c3aeca6327aa]

Apply complete! Resources: 2 added, 1 changed, 0 destroyed.
[root@ip-172-31-7-226 terraform]#

Error: creating EC2 Instance: operation error EC2: Run Instances, https response error StatusCode: 400, error InvalidSubnetID.NotFound: The subnet ID ‘aws_subnet.pubsubnet.id’ does not exist

Hi Techies!

Good day!

We are going to see how to troubleshoot issues in terraform(Alternate Ansible) script which will create VPC in AWS.

In my script the file name is main.tf and we need to execute “terraform init, terraform validate, terraform apply” commands one by one.

terraform init:   It will initialize the directory, which will contains the terraform configuration file(in our scenario main.tf)

terraform validate: It will to check the syntax and consistency of your Terraform configuration files without accessing remote services

terraform plan: It will help to create an execution plan and preview the changes to your infrastructure.

terraform apply: It will execute the proposed actions in a Terraform plan.

In our scenario I’m getting error while applying it (terraform apply)

Error:

Error: creating EC2 Instance: operation error EC2: RunInstances, https response error StatusCode: 400, RequestID: 5eea2384-64e8-4a57-ba1a-2ac955c799f9, api error InvalidSubnetID.NotFound: The subnet ID 'aws_subnet.pubsubnet.id' does not exist
│
│ with aws_instance.pub_instance,
│ on main.tf line 157, in resource "aws_instance" "pub_instance":
│ 157: resource "aws_instance" "pub_instance" {
│
╵
╷
│ Error: creating EC2 Instance: operation error EC2: RunInstances, https response error StatusCode: 400, RequestID: 64d5c412-e7db-49ad-a7aa-49b4f9345d89, api error InvalidSubnetID.NotFound: The subnet ID 'aws_subnet.pvtsubnet.id' does not exist
│
│ with aws_instance.pvt_instance,
│ on main.tf line 172, in resource "aws_instance" "pvt_instance":
│ 172: resource "aws_instance" "pvt_instance" {

Code in my script:

 resource "aws_instance" "pub_instance" {
ami                                     = "ami-033fabdd332044f06"
instance_type                           = "t2.micro"
availability_zone                       = "us-east-2a"
associate_public_ip_address             = "true"
vpc_security_group_ids                  = [aws_security_group.PUBSG.id]
subnet_id                               = "aws_subnet.PUBSUB.id"
key_name                                = "Terraform_Srv"

  tags = {
  Name = "WEBSERVER"
 }

}

resource "aws_instance" "pvt_instance" {
ami                                     = "ami-033fabdd332044f06"
instance_type                           = "t2.micro"
availability_zone                       = "us-east-2b"
associate_public_ip_address             = "true"
vpc_security_group_ids                  = [aws_security_group.PVTSG.id]
subnet_id                               = "aws_subnet.PVTSUB.id"
key_name                                = "Terraform_Srv"

  tags = {
  Name = "APPSERVER"
 }

}

Solution:

In may script I have used double quotes (“”) to mention subnet id. In my case I have removed double quotes and it fixed the issue.

resource "aws_instance" "pub_instance" {
ami                                    = "ami-033fabdd332044f06"
instance_type                          = "t2.micro"
availability_zone                      = "us-east-2a"
associate_public_ip_address            = "true"
vpc_security_group_ids                 = [aws_security_group.PUBSG.id]
subnet_id                              = aws_subnet.PUBSUB.id
key_name                               = "Terraform_Srv"

tags = {
Name = "WEBSERVER"
}

}

resource "aws_instance" "pvt_instance" {
ami                                    = "ami-033fabdd332044f06"
instance_type                          = "t2.micro"
availability_zone                      = "us-east-2b"
associate_public_ip_address            = "true"
vpc_security_group_ids                 = [aws_security_group.PVTSG.id]
subnet_id                              = aws_subnet.PVTSUB.id
key_name                               = "Terraform_Srv"

tags = {
Name = "APPSERVER"
}

}

Now while executing “terraform apply” it created ec2-instance along with VPC successfully.

Result:

#terraform apply

aws_instance.pvt_instance: Creating...
aws_instance.pub_instance: Creating...
aws_route_table.PVTRT: Modifying... [id=rtb-05ab30d4598210e59]
aws_route_table.PVTRT: Modifications complete after 0s [id=rtb-05ab30d4598210e59]
aws_instance.pub_instance: Still creating... [10s elapsed]
aws_instance.pvt_instance: Still creating... [10s elapsed]
aws_instance.pvt_instance: Still creating... [20s elapsed]
aws_instance.pub_instance: Still creating... [20s elapsed]
aws_instance.pub_instance: Still creating... [30s elapsed]
aws_instance.pvt_instance: Still creating... [30s elapsed]
aws_instance.pvt_instance: Creation complete after 31s [id=i-096c28fbbaeff8a42]
aws_instance.pub_instance: Creation complete after 31s [id=i-0f745c3aeca6327aa]
Apply complete! Resources: 2 added, 1 changed, 0 destroyed.
[root@ip-172-31-7-226 terraform]#

 

Linux Basic Interview Questions

Hi Everyone ! Will see Linux interview questions in this post. Many of them are getting difficulty on finding their job in Linux, without knowing the scenario-based question in Linux. So, we decided to help by sharing some Linux interview questions.

1. Explain Linux booting process: We already shared in another post regarding booting process in RHEL. Please make use of it to know brief about linux booting.

2. What is port number for http/https/nfs/dns/dhcp/telnet/ssh/ftp? https: 443, http: 80, nfs:111 and 2049, DNS: 245, dhcp: 546(client) 547 (server) 67  and 68

3. Explain architecture of ansible? Ansible architecture has been posted. Please read this post to know more.

4. What is split brain syndrome in vcs cluster? We already shred a post to know what is split brain syndrome in vcs. Please read that to know more.

5. How boot a linux host using old kernel, if new kernel update fails? Steps are shared in a post to know how to boot linux host with old kernel? Please read that post to know more.

6. How to enable EPEL Repository? Post contains steps to enable EPEL Repository in linux. Please read that.

7. How to increase xfs filesystem in LVM?
Please read the post Increasing LVM in xfs filesystem in our blog to know more.

8. Explain steps to configure LVM?
Please check the post which we shared earlier to know How to configure LVM?

9. What is the command to know whether one port is enabled or not in Linux? 
netstat command will help to know the listening port and need to use grep to filter
                       #netstat -tulpn | grep 8080

 

Will keep on update this post and if you have any question to know answer in Linux. Please

Unreachable Host: port unreachable

Unreachable Host: port unreachable : port unreachable

I do have access to ssh into the destination machine, and it works, but whenever I run this playbook, I get this error output:

sudo ansible-playbook test.yml PLAY [web] ***************************************************************************************************************************************************************************************** TASK [Gathering Facts] *********************************************************************************************************************************************************************************** fatal: [machine]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive).\r\n", "unreachable": true} to retry, use: --limit @/ansible-play/test.retry PLAY RECAP *********************************************************************************************************************************************************************************************** machine : ok=0 changed=0 unreachable=1 failed=0

Solution 1:

Try to check the SSH arguments and I used below, and it helps me sometime.

#ansible-playbook --user=brines -vvv test.yml

Solution 2:

Invalid SSH Configuration also may lead this issue. So, hvae to fix the SSH configuration issue or copy & paste the ssh keys on concern hosts.

#cd /root/.ssh 
#ssh-keygen -t rsa

save key under the name of id_rsa

#cat id_rsa.pub

copy the entire key and paste in file (of master node located at path: /.ssh/ or /root/.ssh) as:

#vi authorized_keys

Then run this to check:

#ansible all -m ping -u brines

Output should be like this:

master-node | SUCCESS => { "changed": false, "ping": "pong" }

 

How to create Incident in Service Now using ansible?

Overview

Faster delivery can result in improved support and for stakeholder satisfaction, faster delivery and improved productivity will be the most important thing while automating any service and it is very much satisfied here.

 We can do below operations in Service Now using ansible

         Updating incidents, problems, and change requests

         Updating the Service Now configuration management database (CMDB)

         Using the CMDB as an inventory source  

In this post will demonstrate, how to manage incidents.

First, we need install the collation to handle any service and here we need to install.

servicenow.itsm collection to manage service servicenow through ansible.

Install Service Now collection using below command:

$ ansible-galaxy collection install servicenow.itsm

Once the collection installed, then we have access to below modules:

  1. servicenow.itsm.incident for managing incident tickets
  2. servicenow.itsm.problem for interacting with problems
  3. servicenow.itsm.change_request for handling changes
  4. servicenow.itsm.configuration_item for managing the CMDB
  5. servicenow.itsm.now Inventory plugin and it allows us to use CMDB as an inventory source.

To display the documents of each module use below command

$ ansible-doc servicenow.itsm.incident

Credentials and Service Now declaration:

Before managing incident, we should tell ansible where our ServiceNow instance available and what credentials to be used.

Create inc_vars.yml file and mention instance & credentials as variables like below

---
#snow_record variables
sn_username: admin
sn_password: mypassword@123
sn_instance: snow_host

#data variables
sn_severity: 2
sn_priority: 2

Now that we have our credentials variables ready to use in playbook and we need to create a playbook to create new incident.

Create inc_new.yml and add below codes and save & exit

---
- host: localhost
  gather_facts: false
  tasks:
    - name: create new incident
      servicenow.itsm.incident
        state: new
        username: "{{ sn_username }}"
        password: "{{ sn_password }}"
        instance: "{{ sn_instance }}"
        
        data:
          severity: "{{ sn_severity }}"
          priority: "{{ sn_priority }}"
          short_description: demo incident
   register: new_incident
 - debug:
     var: new_incident.record
Now run this playbook using below  and it will create a new incident
#ansible-playbook inc_new.yml

How to Install Ansible on RHEL 9?

Ansible is a free and open-source automation tool and it is available in default package repository/App Stream and no need any special repository to be enabled.

Step 1: Install ansible using dnf command

#dnf install -y ansible-core

Once installed, very its version by running below command and we can say this as verifiting whether the ansible or not in our server.

#ansible –version

We can check this by executing something over remote servers using this ansible server. For that, first we need ssh to be enabled between Ansible and remote server. Please use the below link to know how to configure ssh in linux?

You are not allowed to use this program (crontab)

Welcome to Linux Book Center!

I recently came to know that using my account not able to crontab on newly installed machine with RHEL 7.9. Because of this I’m not able to schedule jobs and receiving below error whenever I try to edit the crontab to schedule a job.

[Brines ~]$ crontab -e
You (Brines) are not allowed to use this program (crontab)
See crontab(1) for more information

Which means we have not configured the crontab after the OS installation.
Basically, Crontab will check for below two files when you are trying to schedule a job using cron.
/etc/cron.allow
/etc/cron.deny

First system will check for cron.allow, if the it is not available/not configured then, it will check for cron.deny neither file exist/not configured then, system will allow only root user to use cron scheduler to schedule a job.

 

Finally in order to allow a normal user to use crontab, We have to add the username in /etc/cron.allow file and then we are free to use the scheduler.
below is the example:


        #vi /etc/cron.allow
          lbcuser     <   newly added user
       :wq


or

    #echo "lbcuser" >> /etc/cron.allow

 

Configuration Management in puppet

Configuration Management in puppet

Will see How Configuration management puppet works in this post.

Let us take a example to create user in complex environment with different Linux distribution. To create a user we have small different in command when we go with different distribution like Red Hat, Ubuntu, CentOS,etc.

We have two method to create user without puppet help.

  1. We can directly login to the servers and will create user when the number of server is less. But, in when the server number hits more 100, its very difficult to create user manually in all user.
  2. We can create script to manage user in all servers. But, for that we should have knowledge about scripting and command different and flags(-u, -U) for each distribution. Once the script created, we need a common server which has access to all the other Linux servers.

But, using puppet we can do any type of user/group management, Package installation, service start/stop/restart, etc. By using puppet built-in resources to achieve the same operation on different distribution without worry about the underlying Operating System and commands.

By using simple code will do the necessary configuration management like
user/group management, Package installation, service start/stop/restart,etc.

Example: To create user will write below code to perform the task over all the Linux machines.

# cat user.pp
 user { "lbcuser1" :
  ensure => "present",
 }

Same like above if you want to delete a user/ install package, etc. Solution is wring simple, robust, idempotent, extendable puppet code to the necessary configuration over remote servers.

same like that will see the code to install ntp package, which is used for network time and starting service.

# cat ntp.pp
  package { "ntp":
         ensure => "present",
  } 

service { "ntpd":
         ensure => "running",
  }

Like this will manage environment using puppet code. In other work managing environment using code will call as Iac(Infrastructure-as-Code).
This code will be applied over all the client machines to do the operation and will reduce the manual effort and time.

And its very essay to change the code for any modification on configuration management over all client machines.

Idempotency:
Puppet codes are idempotent by nature. Which means the results of the code remains same irrespective of the number of time we perform puppet run on nodes.puppet always ensure to keep the resources in desired state.
For example in user creation, it will check whether the user is already exist.
If the user already exist, will not perform the user creation and report us that the user already exist. Basically these checks are already in place of the puppet resources.
And if you have lines of codes to perform a action on remote machines, in such case, if any of your action already exist in any server, puppet simply will skip that action and proceed for further configuration.

These all are the good points to why we are using puppet in our environment for configuration management.

Thanks for your support and reading this post. Will post next lecture about puppet in next post.

Refernce: Puppet Docs