Informàtica / Computers
|
|
General
|
|
|
-
user's workstation |
remote machine |
|
X clients
- application #1
- application #2
|
X clients
|
|
X server |
|
|
OS kernel |
OS kernel |
|
hardware |
hardware |
- Linux X-Window
- X
Window System protocols and architecture (wp)
- Display manager (login/password
screen)
- Debian
- /etc/X11/default-display-manager
- Mandriva
- /etc/sysconfig/desktop
- service dm restart
- Problemes / Problems
- No es pot entrar / Cannot login
- E.g. after trying to install X drivers for Nvidia
Optimus
- Solució / Solution
- Gestor de sessió / Session manager
(wp)
- X
over SSH2 - A tutorial
- Auto start
- Auto login
|
|
- Gnome
(GTK) (wp)
- Applications
- Firefox, Kompozer, MCC ...
- Themes
- KDE
(Qt) (wp)
- wine
-
|
file toto.exe |
installation
|
usage
|
to run:
|
|
Mageia
|
|
wine management
|
|
urpmi
qtbase5-database-plugin-sqlite q4wine |
|
win32 programs
|
PE32 executable (GUI)
Intel 80386, for MS Windows |
(activate 32 bit
repositories)
urpmi wine
wine32
|
WINEPREFIX=~/.toto_win_32 WINEARCH=win32
winecfg
WINEPREFIX=~/.toto_win_32 WINEARCH=win32
wine explorer
WINEPREFIX=~/.toto_win_32 WINEARCH=win32
wine iexplore
WINEPREFIX=~/.toto_win_32 WINEARCH=win32
wine toto.exe
|
win64 programs
|
PE32+ executable
(GUI) x86-64, for MS Windows |
urpmi wine64 |
WINEPREFIX=~/.toto_win_64 WINEARCH=win64
winecfg
WINEPREFIX=~/.toto_win_64 WINEARCH=win64
wine64 explorer
WINEPREFIX=~/.toto_win_64 WINEARCH=win64
wine64 iexplore
WINEPREFIX=~/.toto_win_64 WINEARCH=win64
wine64 toto.exe
|
- Instal·lació / Installation
- Mageia
- optional: if you will also want to execute win32
programs, activate 32-bit repository
-
32-bit |
64-bit |
wine32 (those 32-bit binaries that are
also used on 64-bit for 32-bit support):
- /usr/bin/{wine,wine-preloader}
- /usr/lib/wine/
|
wine64 (all 64-bit files (suggests
'wine32')):
- /usr/bin/{wine64,wine64-preloader}
- /usr/lib64/wine/
|
wine (all other files (requires 'wine32'))
(not needed if you install wine64):
- /etc/rc.d/init.d/wine
- /usr/bin/{msiexec,notepad,regedit,regsvr32,wineboot,wineconsole,winefile,winemine,winepath,wineserver}
- /usr/share/doc/wine/
- /usr/share/wine/
|
- /etc/rc.d/init.d/wine
- /usr/bin/{msiexec,notepad,regedit,regsvr32,wineboot,wineconsole,winefile,winemine,winepath,wineserver}
- /usr/share/doc/wine/
- /usr/share/wine/
|
- to run win64 programs
urpmi wine64
- Més informació sobre el paquet
wine64-2.0.2-1.mga6.x86_64
This is the Win64 version of Wine. This version
can only be used to run
64-bit Windows applications as is. For running
32-bit Windows applications,
you need to also install the 'wine32' package
from the 32-bit repository.
- to run win32 programs
- gui
urpmi qtbase5-database-plugin-sqlite
q4wine
- From source
- dependencies
- Mageia
- activate 32-bit repositories
urpmi gcc flex bison
- urpmi
--ignorearch libx11-devel
libfreetype2-devel libxrender-devel
libxml2-devel libjpeg-devel libglu-devel
libalsa2-devel libxslt-devel
libgnutls-devel
git clone
git://source.winehq.org/git/wine.git
cd wine
./configure
make
sudo make install
- From source using rpmbuild (Mageia):
- wine + wine-staging
(e.g. v4.18 + staging):
- install
wine....src.rpm
cd ~/rpmbuild/SOURCES
wget
https://dl.winehq.org/wine/source/4.x/wine-4.18.tar.xz
- wget
https://dl.winehq.org/wine/source/4.x/wine-4.18.tar.xz.sign
wget
https://github.com/wine-staging/wine-staging/archive/v4.18/wine-staging-4.18.tar.gz
- cd
~/rpmbuild/SPECS
- wine.spec
%define mainver
4.18
#define bugfix 1
...
%define staging 1
...
%define mono_version
4.9.3
...
%{_datadir}/%{name}/%{name}bus.inf
%{_datadir}/%{name}/%{name}hid.inf
- rpmbuild
-ba wine.spec
- Problemes / Problems
- Errors
de construcció del RPM:
No s'ha trobat el
fitxer:
/root/rpmbuild/BUILDROOT/wine-4.18-1.mga7.x86_64/usr/lib64/wine/*.cpl.so
No s'ha trobat el
fitxer:
/root/rpmbuild/BUILDROOT/wine-4.18-1.mga7.x86_64/usr/lib64/wine/*.ocx.so
No s'ha trobat el
fitxer:
/root/rpmbuild/BUILDROOT/wine-4.18-1.mga7.x86_64/usr/lib64/wine/*.tlb.so
- wine-mono
- install
wine-mono....src.rpm
cd ~/rpmbuild/SOURCES
wget
http://dl.winehq.org/wine/wine-mono/4.9.3/wine-mono-4.9.3.tar.gz
- cd
~/rpmbuild/SPECS
- wine-mono.spec
Version:
4.9.3
...
#Patch0:...
#Patch1:...
...
#patch0...
#patch1...
...
#MAKEOPTS=%{_smp_mflags} WINE=%{wine}
MSIFILENAME=wine-mono-%{version}.msi
./build-winemono.sh.static
MAKEOPTS=%{_smp_mflags} WINE=%{wine}
MSIFILENAME=wine-mono-%{version}.msi make
msi
- rpmbuild
-ba wine-mono.spec
- Utilització / Usage
- Win32 programs
- WINEPREFIX=~/.toto_win_32 WINEARCH=win32 winecfg
- WINEPREFIX=~/.toto_win_32 WINEARCH=win32 wine
iexplore
wine "c://Program Files
(x86)/SCARM/scarm.exe"
- Win64 programs
- WINEPREFIX=~/.toto_win_64 WINEARCH=win64 winecfg
- WINEPREFIX=~/.toto_win_64 WINEARCH=win64 wine
iexplore
- Impressió / Print
- winetricks
- Wine application
database
- Problemes / Problems
- League of legends
Wine cannot find the FreeType font library. To
enable Wine to use TrueType fonts please install a
version of FreeType greater than or equal to 2.0.5.
- Solució / Solution
- install libfreetype6, 32-bit version
- Mageia
- enable 32-bit repositories
urpmi libfreetype6
- err:module:import_dll Library libgcc_s_sjlj-1.dll
(which is needed by
L"C:\\windows\\system32\\gecko\\2.21\\wine_gecko\\nspr4.dll")
not found
- Solució / Solution
- Wine-gecko
depends
on libgcc
- Mageia
urpmi
mingw32-gcc
cp
/usr/i686-w64-mingw32/sys-root/mingw/bin/libgcc_s_sjlj-1.dll
~/.toto_win_32/drive_c/windows/system32
- zlib1.dll not found:
- Access
violation
at address 00000000 (e.g. with SCARM)
0010:err:winediag:SECUR32_initNTLMSP ntlm_auth
was not found or is outdated. Make sure that ntlm_auth
>= 3.0.25 is in your path. Usually, you can find it
in the winbind package of your distribution.
- Solució / Solution
- Mageia
urpmi samba-winbind-clients
- 0017:fixme:ntdll:NtLockFile
I/O completion on lock not implemented yet
- when running 32-bit programs with Wine 1:6.0, e.g.
WINEPREFIX=~/.toto_win_32
WINEARCH=win32 winecfg
002c:err:module:DelayLoadFailureHook failed
to delay load user32.dll.CreateDialogParamW
002c:err:module:DelayLoadFailureHook failed
to delay load shell32.dll.SHGetFolderPathW
- Solució / Solution
- ReactOS
|
Particions a l'MBR / Partitions on
MBR
|
|
MBR
(/dev/hda) (Master Boot Record / Partition Sector): 512B
(C=0, H=0, S=1) |
back-up |
restore |
MBC |
particions
/ partitions (/dev/hdax) |
points to boot
sector (first 512 bytes of the active partition) |
name |
view / edit |
create |
filesystem
|
image |
extract |
create |
bootloader
(ARCS) |
create (format)
|
check and repair |
resize |
create |
recover |
DOS |
|
|
|
fdisk /mbr |
|
c:, d:, e: ... |
ptedit |
fdisk |
format |
|
|
|
dell
restore |
Ranish
Partition
Manager (part244) |
|
|
Norton
Ghost |
win32 |
|
|
mkbt
-c a: bootsect.bin |
MBR: fixmbr
VBR:
fixboot |
NTLDR: boot.ini |
ptedit32 |
|
|
|
|
|
|
xosl |
|
|
|
|
|
|
|
Linux |
- install-mbr
(mbr)
dd if=/dev/hda of=mbr.bin bs=512 count=1
|
dd if=mbr.bin of=/dev/hda bs=512 count=1
|
|
|
|
|
|
|
|
|
|
|
|
|
id |
mbr |
|
primary / extended |
logical |
IDE
(PATA) |
prim. |
0 |
/dev/hda |
|
/dev/hda[1..4] |
/dev/hda[5..] |
1 |
/dev/hdb |
|
/dev/hdb[1..4] |
/dev/hdb[5..] |
sec. |
0 |
/dev/hdc |
|
/dev/hdc[1..4] |
/dev/hdc[5..] |
1 |
/dev/hdd |
|
/dev/hdd[1..4] |
/dev/hdd[5..] |
SCSI
USB
SATA |
|
n |
/dev/sd[a-p] |
/dev/sd[a-p][1..] |
|
|
|
|
cfdisk /dev/hda
fdisk /dev/sdx
|
mkfs -t ext3 /dev/sdb6
mkfs.ext4 /dev/sdb6
mkdosfs
-I /dev/hdax
(dosfstools)
|
|
resize2fs
xfs_growfs (only grow, no shrink)
|
|
Irix |
|
|
dvhtool |
|
|
|
controller |
id |
|
SCSI |
0 |
n |
/dev/dsk/dks0dns[0..15] |
0: root |
7 |
10: volume |
1: swap |
6: usr |
8: volhdr (sash) |
|
15: xfslog |
types:
efx/xfs, volhdr,
raw, xfslog
|
prtvtoc /dev/rdsk/dks0d5s0
prtvtoc /dev/rdsk/dks0d5vh
|
|
|
|
|
|
|
|
Sistemes operatius / Operating
systems
|
|
Boot
|
|
|
MBR |
dev |
dev |
name |
sector |
code |
name |
partition |
sector |
bootloader |
name |
part |
sector |
name |
config |
|
|
|
PC |
BIOS |
HDD MBR |
boot (first: 512B) |
MBC |
HDD |
boot / active |
boot (first: 512B) |
lilo |
lilo.conf |
HDD |
(any) |
first |
NTLDR |
boot.ini |
|
floppy |
|
boot |
|
|
|
|
|
CDROM |
|
|
|
|
|
|
|
USB |
|
|
|
|
|
|
|
SGI |
|
|
|
|
|
|
|
|
|
|
|
|
Dreambox |
first stage |
|
serial |
|
|
|
|
|
|
|
NAND flash (JFFS2) |
2nd stage |
first: 128KB |
2nd stage loader |
|
NAND flash |
boot |
|
CF |
first |
|
tftp |
|
|
CF |
first |
|
|
|
|
|
|
|
|
- Programari
/
Software
- Extreme
Programming
vs. Interaction Design
- Distributed
Computing:
An Introduction
- Architectural patterns
- Eines / Tools
- Control
de
versions / Version control
- Sistemes / Systems
- Allotjament / Hosting
- Comparison
of
source code software hosting facilities
- Bitbucket
(Atlassian) (wp)
- Bitbucket
with
SSH
- Passos / Steps
- Bitbucket:
- create new repository in accountname_i:
- local computer
- from scratch
mkdir /path/to/your/project
cd /path/to/your/project
git init
- without SSH identity
git remote add origin
git@bitbucket.org: accountname_i /repo_a.git
echo "My Name" >>
contributors.txt
git add contributors.txt
git commit -m 'Initial commit
with contributors'
git push -u origin master
- from existing project
cd /path/to/my/repo
- without SSH identity
git remote add origin
git@bitbucket.org:accountname_i/repo_a.git
- with
SSH identity
git
remote
add origin
git@bitbucket-identity1:accountname_i/repo_a.git
git push
-u origin --all # pushes up the repo
and its refs for the first time
git push -u origin
--tags # pushes up any tags
- Github
- GitLab
- GitLab
with
SSH
- Markdown
- About
- Docs
- Install GitLab
- Installation methods
- Cloud provider guides
- AWS
- AMIs
- GitLab Enterprise Edition
- GitLab Community Edition
ssh -i
your_private_key.pem
ubuntu@x.x.x.x
-
sudo
gitlab-ctl status
-
sudo
gitlab-ctl reconfigure
- Manual
installation
- Reference architectures
- Steps after installing
- Storage
- Reduce
repository size
- Dependencies
- Steps
- Purge files from repository history
- (wait 30 minutes)
- Repository cleanup
- CI/CD
- Info
- Exemples / Examples
- .gitlab-ci.yml
variables:
MY_FIRST_VAR:
"my_first_var_value"
stages:
- my_test_stage
- my_build_stage
my_test_1.job:
stage: my_test_stage
image: python:3.x....
before_script:
- apt-get update
&& apt-get install make
script:
- make test
my_test_2.job:
stage: my_test_stage
image:
before_script:
script:
my_build_job:
stage: my_build_stage
services:
- ...
before_script:
script:
- Pivotal integration
- Gitlab
-
Pivotal Tracker integration
- Steps
- Pivotal
- get an API token from: Profile / API
Token
- GitLab
- put the API token from Pivotal into:
- Project / Settings / Services /
PivotalTracker
- commit your changes specifying the
story ID:
git commit -m "[#story_id]
your comments as usual"
git push
- check the activity for your stoy in
Pivotal
- Preguntes i respostes
/ Questions and answers
- Llenguatges / Languages
- Estructura de directoris /
Source tree (C,C++) (UNIX):
code |
dist |
toolchains |
unix |
ms windows |
unix |
gcc |
MSVisual |
files |
option |
files |
option |
/usr/local/toto_1_2 |
c:\Program Files\toto\toto_1_2 |
|
|
|
|
|
include
|
/usr/include |
(#include) |
[-I/usr/local/toto_1_2/include] (1) |
(#include) |
/I
c:\Program Files\toto\toto_1_2\include |
src
|
|
|
|
|
|
lib
libtoto.a |
libtoto_1_2.lib |
libtoto.so.1.2 |
toto_1_2.lib
toto_1_2.dll
toto_1_2D.dll |
|
/usr/lib |
-ltoto |
[-L/usr/local/toto_1_2/lib] (2) |
[lib]toto_1_2[D].lib |
/link /LIBPATH:c:\Program
Files\toto\toto_1_2\lib |
bin |
/usr/bin |
|
|
|
|
build
gcc |
msvc60 |
msvc71 (2003) |
msvc80 (2005) |
|
|
|
|
|
|
- [1] only needed if different
from /usr/include
- [2] only needed if different from
/usr/lib
- [3] /I: C/C++ / General /
Additional include directories
- [4] D = debug
- [5] Linker / Input
/ Additional dependencies
- [6] /LIBPATH: Linker /
General / Additional libraries directories
- List
of build automation software (wp)
- Toolchain
(*)
- Components
- ...
- Compiler
- Binary utils
- C standard library
- GNU Libc (glibc)
- uClibc
- dietlibc
- pkg-config
- Install
- CentOS
sudo yum install pkgconfig
- list all available libraries
- generate .pc files:
- check if a library exists:
pkg-config --exists --print-errors "libavcodec
>= 53.34.0 libavutil >= 51.22.0"
- get cflags for zlib libraries:
pkg-config --cflags --libs libavcodec
- get paths where pc files are searched:
pkg-config --variable pc_path pkg-config
- add a path to search for additional .pc files (after paths
specified by
PKG_CONFIG_PATH , default paths
are checked; no need to put default paths in the variable):
export PKG_CONFIG_PATH= /usr/local/lib64/pkgconfig/: /usr/local/lib/pkgconfig/
- CMake
- CMakeList.txt
- cmake
- ccmake
- cmake-gui
- Eclipse
- Eclipse
cdt4 generator
- How
to configure Eclipse CDT for cmake?
- Dependències / Dependencies
- compile from source
cd ~/src/
wget
https://cmake.org/files/v3.12/cmake-3.12.1.tar.gz
tar xvzf cmake-3.12.1.tar.gz
cd cmake-3.12.1
./bootstrap
make
sudo make install
- Mageia (cmake 3.7; if you need a more recent
version, compile it from source)
- Option 1: (recommended) use an Eclipse plugin
- Option 2: (not recommended, as this will create a
Makefile project, without C++ Build section in project
Properties) let cmake create the project files for
Eclipse
- Passos / Steps
~/src/myproject/
cmake -G"Eclipse CDT4 - Unix Makefiles"
-D CMAKE_BUILD_TYPE=Debug .
- will create
~/ src/myproject/.project
~/ src/myproject/.cproject
- launch Eclipse
- File / Import... / General / Existing
Projects into Workspace / Select root
directory
- The Autotools
- Autotools
tutorial
- An
introduction
to Autotools (automake)
- "The Autotools are tools that will create a GNU Build
System for your package. Autoconf mostly focuses on
configure and Automake on Makefiles."
-
package
|
|
install
|
tool
|
purpose
|
written in language
|
environment
variable
|
takes
|
calls
|
generates
|
name
|
desc
|
Mageia
|
CentOS
|
|
|
|
|
|
|
|
|
|
|
|
configure
|
|
|
|
|
|
Makefile
|
|
|
|
|
make |
|
|
MAKE
|
Makefile
|
|
- object files (.o)
- executable files
|
autoconf
|
"Autoconf
is an extensible package of M4 macros that produce
shell scripts to automatically configure software
source code packages."
|
autoconf
|
autoconf
|
autoconf |
|
|
AUTOCONF |
configure.ac
|
|
|
autoheader
|
|
|
AUTOHEADER
|
|
|
|
autom4te
|
|
|
AUTOM4TE
|
|
|
|
autoreconf |
|
perl
|
|
|
- autoconf
- autoheader
- aclocal
- automake
- autopoint
- libtoolize
|
|
autoscan
|
|
|
|
|
|
|
autoupdate
|
|
|
|
|
|
|
automake
|
|
automake
|
automake
|
aclocal
|
|
|
ACLOCAL
|
|
|
- aclocal.m4
- autom4te.cache/
|
automake
|
|
|
AUTOMAKE
|
Makefile.am (variable
definitions)
|
|
- Makefile.in
- src/
- test/
- doc/
- config.guess ->
- compile ->
- missing ->
- install-sh ->
- config.sub ->
- depcomp ->
- test-driver ->
|
gettext
|
"Set of tools that
provides a framework to help other GNU packages
produce multi-lingual messages"
|
gettext-devel
|
|
autopoint
|
|
|
AUTOPOINT
|
|
|
|
GNU
Libtool
|
"GNU libtool is a
generic library support script. Libtool hides the
complexity of using shared
libraries behind a consistent, portable
interface."
|
libtoolize-base
|
|
libtoolize
|
Prepare a package to
use libtool.
|
|
LIBTOOLIZE
|
|
|
|
|
|
|
|
|
|
|
M4
|
|
|
|
- autoconf
- Provided tools
- Problemes / Problems
configure.ac:32: error: possibly undefined
macro: AC_DEFINE
- problem is caused by conflicts with another
version of aclocal (automake)
- Solució / Solution
export ACLOCAL=/usr/bin/aclocal
autoreconf -i
# autoconf
- automake
- Uses autoconf
- Compilació / Compilation
- Dependencies
- CentOS
- NOTE: package in CentOS 7 official
distribution is version 1.13.1
- Steps
curl -s -O -L
http://ftpmirror.gnu.org/automake/automake-1.14.1.tar.xz
tar xJf automake-1.14.1.tar.xz
cd automake-1.14.1
configure --prefix=/usr
make
sudo make install
- Provided tools
- Problemes / Problems
./configure: line xxxx: syntax error near
unexpected token `common_lib_checking,'
./configure: line xxxx:
`PKG_CHECK_MODULES(common_lib_checking, fuse >=
${min_fuse_version} libcurl >= 7.0 libxml-2.0
>= 2.6 )'
- Solució / Solution
- if compiling automake, use
configure
--prefix=/usr
- check that you are not using mixed
versions of (aclocal, automake)
- version 1.13 of automake (from CentOS
repositories) works
- compiled
version 1.14 of automake mixed with
version 2.69 of autoconf, autoheader (from
CentOS repositories) gives this error
- check that automake and aclocal are
installed in the same dir (/usr/bin vs
/usr/local/bin)
which automake
which aclocal
- workaround:
uninstall 1.14 and reinstall 1.13
cd ~/src/automake-1.14
sudo make uninstall
sudo yum reinstall automake
which automake
automake --version # should
return 1.13
which aclocal
aclocal --version # should
return 1.13
- meson / ninja
- meson
- ...
- list available options
meson configure
meson configure ...
- get present values for options
- set options
meson -D...=... build
- ...
- wipe
- Exemples / Examples:
- ninja
- Compilació / Compilation
- What is the difference between
g++ and gcc?
- Problemes / Problems
- Si s'ha compilat un programa en C amb gcc (i no amb
g++) (fent servir "-Wc++-compat"?), potser quan
s'executa dóna l'error "undefined symbol: __cxa_pure_virtual".
Per
a resoldre-ho, cal afegir -lsupc++
(/usr/lib/gcc/i586.../4.5.2/libsupc++.a, que és un
subconjunt de libstdc++) al final de tot. Nota: la
inclusió de libstdc++ ja es fa quan es compila amb g++.
- Compilació creuada / Crossed compilation
- shared objects
- IDE
- Frameworks:
framework |
.NET |
Java Platform |
|
specification |
implementation |
specification |
impl |
MS .NET |
MS .NET compact framework |
Mono |
SSCLI |
Portable .NET |
|
language |
|
|
|
|
(C# compiler) |
|
|
|
|
framework |
libraries |
|
BCL |
|
|
(partial)
|
|
|
- JaveME (limited)
- JavaSE (workstation)
- JavaEE (server)
|
|
intermediate language / bytecode |
CLI:
|
CIL |
MSIL |
|
x |
x |
|
Java bytecode (.class) |
|
runtime / virtual machine |
VES
|
CLR |
|
|
JVM |
|
|
OS |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Virtualització / Virtualisation
|
- Comparison
of
virtual machines (Wikipedia)
- x86
virtualization (Wikipedia)
- Virtual Machines
are No Security Blanket (Linux Magazine)
- Virtualization technology (VT)
- Comproveu que la vostra CPU
pot fer virtualització / Check that your CPU is able to do
virtualisation:
egrep '^flags.*(vmx|svm)' /proc/cpuinfo
- Comproveu que la BIOS
té la virtualització habilitada / Check that the
virtualisation is enabled on BIOS:
- Carregueu el mòdul del kernel adequat / Load the needed kernel module:
- Intel (vmx):
modprobe kvm_intel
- AMD (svm):
modprobe kvm_amd
- libvirt
- Installation
- Mageia
urpmi qemu libvirt-utils
libguestfs-tools [virt-manager]
systemctl status libvirtd
- CentOS
- ftp://ftp.cesca.cat/centos/7/os/x86_64/
- Documentation
- Usage
systemctl status libvirtd
- virsh
- libguestfs
- virt-sysprep
(Reset, unconfigure or customize a virtual machine
so clones can be made)
libguestfs-test-tool
rpm -q qemu-system-x86
- Problemes / Problems
- libvirt: error : no connection driver available
for qemu:///session
- Applications using libvirt
- virt-manager
- Installation
- From source
- Download
- Dependencies
- Mageia
- libosinfo
>= 0.2.8
- Dependencies
- Mageia
- urpmi lib64soup-devel
lib64xslt-devel
lib64check-devel
- cd libosinfo-0.2.11
- ./configure; make
- make install
- su; python setup.py install
- glib-compile-schemas --strict
/usr/share/glib-2.0/schemas
- virt-manager
- QEMU
- Resizing
a
QEMU virtual machine, partition, and filesystem (dd)
- Resizing
qemu
images (MSWindows copy /b)
- Usage in Mandriva 2010.0
- install and start kvm
qemu-kvm -hda linux.img -cdrom toto.iso -boot d
- Qemu
0.8.1
sur Mandriva 2006
- Creation of disk files
2GB file: qemu-img create linux.img 2G
- 2GB raw file:
dd if=/dev/zero of=linux.img
seek=2 obs=1GB count=0
- Boot from iso image:
qemu -boot d -cdrom toto.iso -hda linux.img
- Mount raw file
- QEMU Official OS
Support List Version (claunia)
- KVM
(extension for QEMU: hardware acceleration)
urpmi
kvm
modprobe kvm_intel
- Used by Android
AVD
- Incompatible with VirtualBox
No s'ha pogut obrir una sessió per a la
màquina virtual wct_frontend_ajs.
VT-x is being used by another hypervisor
(VERR_VMX_IN_VMX_ROOT_MODE).
VirtualBox can't operate in VMX root mode. Please
disable the KVM kernel extension, recompile your
kernel and reboot (VERR_VMX_IN_VMX_ROOT_MODE).
Resultat Codi:NS_ERROR_FAILURE (0x80004005)
Component:ConsoleWrap
Interfície:IConsole
{872da645-4a9b-1727-bee2-5585105b9eed}
- Workaround
- When using VirtualBox, disable hardware
virtualisation acceleration (can only be done if
hosted os is 32-bit)
- Solution
- Nested virtualization (virtual machines inside a
virtual machine)
echo "options kvm-intel nested=y" | sudo tee
/etc/modprobe.d/kvm-intel.conf
- VM Back
- VMWare
- VMWare
/ QEmu utilities
- VMPlayer
(free)
- urpmi gcc kernel-*-devel
- VMware
Player
Documentation
- Virtualización
con
WMware Server/Client (TodoLinux)
- Problems with kernel > 3.1
- Shrink
- not valid
with ext4, xfs file systems
- install VMWare
tools
vmware-toolbox
- Shrink tab
- VMWare tools
- Overview
of
VMware Tools
- General
VMware
Tools installation instructions
(/usr/lib/vmware/isoimages)
- Dins de la màquina virtual / from guest OS:
- urpmi make gcc kernel-<...>-devel-latest
(linux_userspace_headers no és suficient)
- cd /media/cdrom
- tar xvzf...
- cd /tmp/vmware-tools-distrib
- ./vmware-install.pl
- Reconfigurar: /usr/bin/vmware-config-tools.pl
- Desinstal·lar:
/usr/bin/vmware-uninstall-tools.pl
- You can now run VMware Tools by invoking the
following command:
"/usr/bin/vmware-toolbox" during an X server
session.
To enable advanced X features (e.g., guest
resolution fit, drag and drop, and
file and text copy/paste), you will need to do
one (or more) of the following:
1. Manually start /usr/bin/vmware-user
2. Log out and log back into your desktop
session; and,
3. Restart your X session.
To use the vmxnet driver, restart networking
using the following commands:
/etc/init.d/network stop
rmmod pcnet32
rmmod vmxnet
modprobe vmxnet
/etc/init.d/network start
- Appliances
- Settings
vmware-modconfig –console –install-all (3.0)
vmware.config.pl (2.0)
- Xarxa / Network
- EasyVMX!: Create virtual
machines to run in VMware Player
- qemu-img
vmdk
- VMWare
Player
Image Creation
- Host OS Linux. Install from ISO image:
- knoppix.vmx:
- ide1:0.fileName = "knoppix.iso"
- ide1:0.deviceType = "cdrom-image"
- Drivers
- Vmware tools
- mount virtual disk files (pdf)
- Problemes / Problems
- #error only <linux/bitops.h> can be included
directly
- Problems with kernel >=2.6.23
- Problems with VMPlayer 2.5.2 and kernel 2.6.29
(Mandriva 2009.1)
- Virtual
Box (Oracle)
- VirtualBox virtual
appliances
- Usage
- service virtualbox start
- VirtualBox
- Command line
- settings
- Nested virtualization
- Mida de la pantalla / Screen size
- How
to
mount a VirtualBox VDI image:
modprobe nbd max_part=16
qemu-nbd -c /dev/nbd0 toto.vdi
mkdir /mnt/vdi_image
mount -t ext4 /dev/nbd0p1 /mnt/vdi_image
- you will get /dev/nbd0p1
- Disc / Disk
- Increase disk size (e.g. from 10GiB to 15GiB, 15360MBytes)
- stop virtual machine
- from real computer: resize disk
- list all available disks
VBoxManage list hdds
VBoxManage list hdds | grep -4
myname
- resize to 15360MiB (15GiB):
VBoxManage modifymedium disk
<filename_or_uuid_from_list>
--resize 15360
- start and connect to virtual machine
- resize partition (e.g. resize partition /dev/sda2
so as it uses all available space in disk)
lsblk
- example before resizing partition sda2 to
15GB (15360 MBytes)
NAME
MAJ:MIN RM SIZE RO TYPE
MOUNTPOINT
sda
8:0 0 15G
0 disk
├─sda1
8:1
0 1G 0 part
/boot
└─sda2
8:2 0
11G 0 part
├─almalinux-root
253:0 0
9,8G 0 lvm /
└─almalinux-swap
253:1 0
1,2G 0 lvm [SWAP]
sr0
11:0 1 1024M 0
rom
fdisk /dev/sda
- p: print partitions
- d: delete partition
- Nombre de partició (1,2, default 2):
- n: new partition
- Partition type
p primary (1
primary, 0 extended, 3 free)
e extended
(container for logical partitions)
Select (default p):
- Nombre de partició (2-4, default 2):
First sector (2099200-31457279, default
2099200):
Last sector, +sectors or
+size{K,M,G,T,P} (2099200-31457279,
default 31457279):
Created a new partition 2 of type
'Linux' and of size 14 GiB.
Partition #2 contains a LVM2_member
signature.
Do you want to remove the signature?
[Y]es/[N]o: n
- t 8e: change partition type to "Linux LVM"
(if that was the original type)
- Nombre de partició (1,2, default 2):
Hex code (type L to list all codes): 8e
Changed type of partition 'Linux' to
'Linux LVM'.
- w: write to disk
partprobe
lsblk
- example after resizing partition sda2 to
14GB
NAME
MAJ:MIN RM SIZE RO TYPE
MOUNTPOINT
sda
8:0 0
15G 0 disk
├─sda1
8:1
0 1G 0 part
/boot
└─sda2
8:2 0 14G
0 part
├─almalinux-root
253:0 0
9,8G 0 lvm /
└─almalinux-swap
253:1 0
1,2G 0 lvm [SWAP]
sr0
11:0 1 1024M 0
rom
- (additional step when guest os is using LVM)
resize LVM:
sudo -i
pvresize /dev/sda2
Physical volume "/dev/sda2" changed
1 physical volume(s) resized or updated /
0 physical volume(s) not resized
pvs
- check for some value for PFree (last
column)
PV
VG
Fmt Attr PSize PFree
/dev/sda2 almalinux lvm2
a-- <14,00g 3,00g
- lsblk
- before resizing lvm:
NAME
MAJ:MIN RM SIZE RO TYPE
MOUNTPOINT
sda
8:0 0
15G 0 disk
├─sda1
8:1
0 1G 0 part
/boot
└─sda2
8:2 0
14G 0 part
├─almalinux-root
253:0 0 9,8G
0 lvm /
└─almalinux-swap
253:1 0
1,2G 0 lvm [SWAP]
sr0
11:0 1 1024M 0
rom
df -hT
S.
fitxers
Tipus Mida En ús
Lliure %Ús Muntat a
devtmpfs
devtmpfs
3,8G 0
3,8G 0% /dev
tmpfs
tmpfs
3,8G 48K
3,8G 1% /dev/shm
tmpfs
tmpfs 3,8G
8,6M 3,8G 1% /run
tmpfs
tmpfs
3,8G 0
3,8G 0% /sys/fs/cgroup
/dev/mapper/almalinux-root xfs
9,8G
9,8G 33M 100% /
/dev/sda1
xfs
1014M 337M 678M
34% /boot
tmpfs
tmpfs
777M 0
777M 0% /run/user/1969
lvextend -l+100%FREE /dev/ mapper/almalinux-root
- lsblk
- after resizing lvm
NAME
MAJ:MIN RM SIZE RO TYPE
MOUNTPOINT
sda
8:0 0
15G 0 disk
├─sda1
8:1
0 1G 0 part
/boot
└─sda2
8:2 0
14G 0 part
├─almalinux-root
253:0 0 12,8G
0 lvm /
└─almalinux-swap
253:1 0
1,2G 0 lvm [SWAP]
sr0
11:0 1 1024M 0
rom
- resize filesystem
- ext2/3/4
resize2fs /dev/sda2
- resize2fs
/dev/mapper/almalinux-root
- resize2fs
/dev/mapper/ubuntu--vg-ubuntu--lv
- xfs
sudo dnf install xfsprogs
sudo xfs_growfs -d /
- df -hT
- S.
fitxers
Tipus Mida En ús
Lliure %Ús Muntat a
devtmpfs
devtmpfs
3,8G 0
3,8G 0% /dev
tmpfs
tmpfs
3,8G 48K
3,8G 1% /dev/shm
tmpfs
tmpfs 3,8G
8,6M 3,8G 1% /run
tmpfs
tmpfs
3,8G 0
3,8G 0% /sys/fs/cgroup
/dev/mapper/almalinux-root
xfs
13G
9,8G 3,1G 77% /
/dev/sda1
xfs
1014M 337M 678M
34% /boot
tmpfs
tmpfs
777M 0
777M 0% /run/user/1969
- Compact a vdi file
- How
to compact VirtualBox's VDI file size?
- Passos / Steps
- Guest (virtual)
- one of the following:
dd if=/dev/zero
of=/var/tmp/bigemptyfile bs=4096k ; rm
/var/tmp/bigemptyfile
telinit 1
mount -o remount,ro /dev/sda1
zerofree -v /dev/sda1
- Host (real)
VBoxManage modifymedium --compact
/path/to/thedisk.vdi
- VBoxVmService
(sf)
(autostart VM in MS Windows)
- Extension pack
- Update
- Fitxer -> Comprova si hi ha actualitzacions
- Installing
VirtualBox
and extension packs
- Download
- from your browser, just click on file:
<your_installed_virtualbox_version>/Oracle_VM_VirtualBox_Extension_Pack....vbox-extpack
- this will open VirtualBox and install it
- if you installed VirtualBox from system packages,
a window asking the root password will be shown;
check that the window is not hidden behind
VirtualBox main and progress windows
- Content
- virtual USB 2.0 device
- VirtualBox Remote Desktop Protocol (VRDP)
- Intel PXE
boot ROM
- PCI passthrough
- VirtualBox
Remote
Desktop Protocol (VRDP)
- USB
- Install
extension
pack
- Add
your user to group vboxusers:
# sudo usermod -a -G vboxusers user_name
$ newgrp vboxusers
- start VirtualBox manager
- Activate the device in the VirtualBox instance
settings:
- Paràmetres / USB / add a filter
- a list with all available usb devices should
appear
- select the wanted ones
- USB device can also be activated once the virtual
machine is running
- Xarxa / Network
- Chapter
6:
Virtual networking
-
|
visibility
of guest from
|
visibility of
internet from guest
|
guest IP address
|
|
host
|
other vm
|
internet
|
|
|
Not attached
|
-
|
-
|
-
|
-
|
-
|
NAT
|
-
|
-
|
port forwarding
|
x
|
vbox
DHCP server
|
Bridged
|
via ethX
|
(x)
|
x
|
x
|
same range that
host
|
Internal
|
-
|
intnet
|
-
|
|
vbox DHCP server
|
Host-only
|
x
|
hostonly
|
-
|
-
|
|
- 8.35
VBoxManage
dhcpserver
VBoxManage dhcpserver add --netname intnet
--ip 192.168.1.1 --netmask 255.255.255.0 --lowerip
192.168.1.100 --upperip 192.168.1.200 --enable
VBoxManage dhcpserver modify --netname
intnet --disable
- ~/.VirtualBox/VirtualBox.xml
<DHCPServer
networkName="intnet" IPAddress="192.168.1.1"
networkMask="255.255.255.0"
lowerIP="192.168.1.100"
upperIP="192.168.1.200" enabled="0"/>
- Xarxa / Network
- Muntatge d'un directori de la màquina amfitrió des de la
màquina virtual:
- Màquina amfitrió
- Dispositius -> Paràmetres de carpeta compartida
- Afegeix
- Camí cap a la carpeta:
- Nom de la carpeta:
- Màquina virtual (Linux)
sudo mkdir -p /mnt/tata
sudo mount -t vboxsf toto /mnt/tata
- Same config as an AWS EC2 CentOS instance
- on virtual machine
- add
user centos:
- configure it as sudoer:
echo "centos ALL=(ALL) NOPASSWD: ALL"
> /etc/sudoers.d/centos
- start sshd
server:
systemctl start sshd.service
- on local machine
- install ssh
certificate to virtual machine:
ssh-copy-id -i ~/.ssh/id_rsa_remoteserver.pub
centos@virtualserver
- connect to virtual machine:
ssh -i ~/.ssh/id_rsa_remoteserver.pem
centos@virtualserver
- Problemes / Problemes
- "VirtualBox can't operate in VMX root mode"
- Lenta / Slow
- Problemes amb el ratolí / Mouse issues
No s'ha pogut obtenir l'objecte VirtualBoxClient
COM.
L'aplicació es finalitzarà..
Subrutina RC:NS_ERROR_ABORT (0x80004004)
- check with command line:
$ VBoxManage list vms
VBoxManage: error: Failed to create the
VirtualBox object!
VBoxManage: error: Code NS_ERROR_ABORT
(0x80004004) - Operation aborted (extended
info not available)
VBoxManage: error: Most likely, the VirtualBox
COM server is not running or failed to start.
- ~/.VirtualBox/VBoxSVC.log
00:00:00.137342 nspr-2
Failed to open "/dev/vboxdrvu", errno=13,
rc=VERR_VM_DRIVER_NOT_ACCESSIBLE
00:00:00.144183 nspr-2 failed to
create vboxnet0, error (0xffffffff)
00:00:00.150341 nspr-2 failed to
create vboxnet1, error (0xffffffff)
00:00:00.158676 nspr-2 failed to
create vboxnet2, error (0xffffffff)
00:00:00.164803 nspr-2 failed to
create vboxnet3, error (0xffffffff)
00:00:00.172484 nspr-2 failed to
create vboxnet4, error (0xffffffff)
00:00:00.179049 nspr-2 failed to
create vboxnet5, error (0xffffffff)
- Solució / Solution
sudo usermod -a -G
vboxusers my_user
- newgrp
vboxusers
mv ~/.VirtualBox ~/.VirtualBox_old
- update/reinstall Extension Pack
- you will need to add your VM again
- FAUMachine
|
|
- Contenidors
- Orquestradors
- Docker
- Instal·lació / Installation
- Docker Engine
- directori amb les imatges / directory with images
- Binaris
- Install
Docker Engine from binaries
- Passos per a la instal·lació
wget
https://download.docker.com/linux/static/stable/x86_64/docker-24.0.5.tgz
tar xvzf docker-24.0.5.tgz
- sudo
-i
- sudo
cp docker/* /usr/local/bin
- Passos per a l'ús
sudo -i
- export
PATH=$PATH:/usr/local/bin
- dockerd
&
- Fedora
- setup repo
sudo dnf -y install dnf-plugins-core
sudo dnf config-manager --add-repo
https://download.docker.com/linux/fedora/docker-ce.repo
- install
sudo dnf install docker-ce
docker-ce-cli containerd.io
docker-buildx-plugin docker-compose-plugin
- Mageia
sudo urpmi docker
- Problema
echo "FROM hello-world:latest"
>toto.Dockerfile
docker build -f toto.Dockerfile -t
toto .
"fatal error: unexpected
signal during runtime execution"
- Solució:
- sudo urpmi docker-compose (instal·leu el docker compose
plugin)
- Debian (Raspberry
Pi)
sudo apt install docker.io
sudo apt install docker-compose
- Use docker from non-root user:
sudo groupadd docker
sudo usermod -aG docker $USER
newgrp docker
- Docker Desktop (Linux)
- Server
- Docs
- Docker
overview
- docker objects:
- images: read-only template with instructions
for creating a Docker container. Defined by a
dockerfile
- containers: runnable instance of an image
- networks,
- volumes
- Networking
overview
- Use
bridge networks
-
|
create |
configure |
details |
connect/disconnect containers |
communication between containers |
remove |
default |
- |
daemon.json |
docker network inspect
bridge |
- |
- by ip address
- (deprecated) --link
|
|
user-defined |
docker network create
[--driver bridge] [options]
<network_name> |
Specify
advanced options:
|
docker network inspect
<network_name> |
- at container creation:
docker create/run
--network
<network_name>
- after container creation:
- docker
network connect
<network_name>
<container_name>
- docker
network disconnect
<network_name>
<container_name>
|
|
docker network rm
<network_name> |
- Monitor tools
- Overview
of Docker Compose
- Diferències entre
docker
build i docker compose :
|
descripció |
manual |
reference |
exemple |
ús |
Docker build
|
defineix en un fitxer (Dockerfile):
com s'ha de crear (build) una imatge.
Normalment parteix d'una image estàndard (FROM )
i li afegeix configuració específica |
Packaging
your software |
Dockerfile
reference |
Dockerfile
#
syntax=docker/dockerfile:1
FROM ubuntu:22.04
# install app dependencies
RUN apt-get update && apt-get
install -y python3 python3-pip
RUN pip install flask==2.1.*
# install app
COPY hello.py /
# final configuration
ENV FLASK_APP=hello
EXPOSE 8000
CMD flask run --host 0.0.0.0 --port 8000
#
syntax=docker/dockerfile:1
FROM python:3.7-alpine
# install app dependencies
RUN apk add --no-cache gcc musl-dev
linux-headers
WORKDIR /code
COPY requirements.txt requirements.txt
RUN pip install -r requirements.txt
# install app
COPY . .
# final configuration
EXPOSE 5000
ENV FLASK_APP=app.py
ENV FLASK_RUN_HOST=0.0.0.0
CMD ["flask", "run"]
|
docker build [-f Dockerfile] ... |
Docker
compose |
defineix en un fitxer (docker-compose.yml):
diversos elements i s'aixecaran diversos
contenidors relacionats.
Indica la imatge de partida, que pot ser una de
nostra creada amb docker build.
Es poden indicar mapatges de directoris, ports i
xarxes. |
Docker
Compose overview |
Compose
file reference |
docker-compose.yml
services:
web:
build: .
ports:
-
"8000:5000"
volumes:
- .:/code
environment:
FLASK_DEBUG: "true"
redis:
image: "redis:alpine"
|
docker compose ... |
- Registre d'imatges /
Registry for images
- Official
- Private/public registry on AWS
- ECR:
Amazon Elastic Container Registry
- Push images to registry
- "View push commands"
aws ecr get-login-password
--region eu-west-1 | docker login
--username AWS --password-stdin
<id>.dkr.ecr.<region>.amazonaws.com
<id>.dkr.ecr.<region>.amazonaws.com
- CLI
-
|
|
|
docker
|
docker-compose
docker
compose
|
|
|
|
command |
CLI options |
examples |
command |
docker-compose.yml
(Compose
file reference)
|
|
informació sobre docker / information
about docker:
Docker Root Dir:
/var/cache/docker
- on es desen les imatges / where
images are stored
- ...
|
|
docker info |
|
|
|
|
imatges |
construcció d'una imatge a partir del Dockerfile
/
build an image from the Dockerfile |
|
docker build |
[-f Dockerfile]
-t image_name:x.y.z . |
|
|
|
etiquetació / tag
(no augmenta l'espai ocupat; només afegeix
una referència a la llista) |
|
docker tag |
src_image_name:x.y.z
dst_image_name:a.b.c |
|
|
|
etiquetació prèvia a la pujada (push) cap
al registre remot |
|
docker tag |
image_name:x.y.z
<remote_registry>/image_name:x.y.z
image_name:x.y.z
<remote_registry>/image_name:latest |
|
|
|
pujada d'una imatge cap al registre / upload an
image to a registry |
|
docker push |
<remote_repo>/image_name:x.y.z
<remote_repo>/image_name:latest |
|
|
|
llista de les imatges d'un registre remot
(Three
Ways to Check a Docker Image Exists In
Registry) |
|
|
|
|
|
|
baixada d'una imatge des del repositori /
download an image from a registry (default:
Docker Hub) |
|
docker
pull |
<image_name> |
|
|
|
llista de les imatges baixades / list of
downloaded images |
|
docker images
docker image ls
|
|
|
|
|
inspecció d'una imatge / inspect an image |
|
docker inspect |
<image_name> |
|
|
|
esborrar una imatge (neteja) / delete an
image |
|
docker image rm
<image_name>:<tag>
(si no s'especifica :<tag> ,
posarà :latest )
- docker
image rm <image_id>
|
|
|
|
|
contenidors |
creació d'un contenidor / create a
container |
|
docker create |
|
|
|
|
creació d'un
contenidor a partir d'una imatge i execució
d'una ordre /
create a container from an image and execute
a command
(run = pull + create + exec)
|
|
docker run |
|
docker run hello-world
- docker
run -it alpine sh
- docker
run -it bash bash
- docker
run -it ubuntu bash
- docker
run -it --rm -d -p 8080:80 --name web
nginx
|
docker-compose
up
docker compose up
(by default it will use docker-compose.yml)
|
|
image name |
|
<image_name> |
|
|
image: <image_name> |
command |
|
<command>
<command_options> |
|
|
|
ephemeral container |
|
--rm |
|
|
|
detach (background) |
|
-d |
|
|
|
using a specific user |
|
--user
<user_id>:<group_id> |
|
|
|
container name |
|
--name <container_name> |
|
|
container_name:
<container_name> |
environment variables |
|
-e VAR1=value1
-e VAR2=value2
-e ... -e
HOST_PROC=/host/proc |
|
|
environment:
- VAR1=value1
- VAR2=value2
- ... |
ports |
|
-p/--publish
<port_in_host>:<port_in_container>
-p ... |
|
|
ports:
-
"<port_in_host>:<port_in_container>"
|
volumes |
|
-v
<dir_in_host>:<dir_in_container>
-v
<dir_in_host>:<dir_in_container> :ro
-v ...
|
|
|
volumes:
-
<dir_in_host>:<dir_in_container>
- ... |
working dir |
|
-w <dir_in_container> |
|
|
|
network |
|
--network <network_name> |
|
|
|
image name |
|
<image_name> |
|
|
image: <image_name> |
command |
|
<command>
<command_options> |
|
|
|
detalls d'un contenidor / details of a
container |
|
|
|
|
docker-compose run
<service_name> env |
|
execució (interactiva + tty) d'una ordre
en un contenidor existent /
execute (interactively + tty) a command in
an existing container |
|
docker exec |
-it
<container_name> <command>
<command_options> |
|
|
|
inici d'un
contenidor existent / start an existing
container |
|
docker start |
<container_name |container_id >
|
|
|
|
llista de contenidors existents / list of
existing containers |
|
docker ps -a
docker container ls -a
|
|
|
docker-compose ps |
|
traces des d'un contenidor / logs from a
container |
|
docker container logs |
-f --since 10m
<container_name |container_id >
|
|
|
|
reinici d'un contenidor / restart a
container |
|
docker restart |
<container_name |container_id >
|
|
|
|
connexió amb el contenidor / connect to
container |
|
docker attach |
<container_name> |
|
|
|
desconnexió del contenidor / disconnect
from container |
|
CTRL+p CTRL+q |
|
|
|
|
aturada d'un contenidor / stop a container |
|
docker stop |
<container_name |container_id >
|
|
|
|
supressió d'un contenidor / remove a
container |
|
docker rm |
<container_name |container_id >
|
|
|
|
xarxa |
xarxa / network |
list |
docker network |
ls |
|
|
|
|
|
detalls / details
|
|
inspect
bridge|<network_name>
|
|
|
|
|
|
create |
|
create
<network_name>
|
|
|
|
- Problemes / Problems
- (when docker build)
DEPRECATED: The
legacy builder is deprecated and will be
removed in a future release.
Install the buildx component to build images
with BuildKit:
https://docs.docker.com/go/buildx/
- Solució / Solution
- si no troba el plugin docker-buildx
farà servir el builder antic, que no és
BuildKit, encara que es tingui una
versió > 23 de docker
- install buildx
- download
bin, as plugin:
sudo -i
mkdir -p
/usr/local/lib/docker/cli-plugins
cd
/usr/local/lib/docker/cli-plugins
wget
https://github.com/docker/buildx/releases/download/v0.12.1/buildx-v0.12.1.linux-amd64
chmod +x
buildx-v0.12.1.linux-amd64
ln -s
buildx-v0.12.1.linux-amd64
docker-buildx
- Mageia
- Fedora
- ...
- (when docker build)
the --chmod option
requires BuildKit. Refer to
https://docs.docker.com/go/buildkit/ to learn
how to build images with BuildKit enabled
- BuildKit
- temporary solution:
DOCKER_BUILDKIT=1
docker build ...
- permanent solution:
- /etc/docker/daemon.json
{
"features": {
"buildkit":
true
}
}
- sudo
systemctl resart docker
fatal error: unexpected signal during
runtime execution
- Neteja / Clean-up
- kill running containers
docker kill $(docker ps -aq)
- delete containers
docker rm $(docker ps -aq)
- delete downloaded images
docker rmi $(docker images -q)
- delete volumes and other resources
docker system prune -af --volumes
docker system prune
- ...
- Problemes / Problems
failed to solve: write /var/cache/docker/...: no
space left on device
ERROR: Service 'xxx' failed to build: COPY
failed: file not found in build context or excluded by
.dockerignore: stat yyyyyy: file does not exist
- this happens because yyyyyy is a symbolic link
- Exemples / Examples
- Kubernetes
- Info
- Kubernetes
- Kubernetes
(wp)
- Vídeos
- Conceptes
- nodes:
- master node: el més
important; conté el control plane
- en producció n'hi ha d'haver com a mínin
dos
- api server: accedit per ui, api, cli (kubectl)
- se li passen les configuracions
(declaratives, en yaml
o json) dels components que es volen
crear
- parts:
apiVersion
kind:
- quin tipus de component
volem crear
metadata:
spec:
- especificacions desitjades
- són específics de cada
kind
status:
- afegit per kubernetes
- emmagatzemat a etcd
- un fitxer de configuració normalment
conté només la informació del component
que es vol crear; en el cas d'un
kind:
Deployment i el seu associat kind:
Service , es posen en el mateix
fitxer, separats per ---
- a cada component se li pot aplicar una
label (key/value)
- se sap que un pod pertany a un
deplyomnet perquè al deployment
s'especifiquen
selector:
matchLabels
- worker nodes: contenen els
pods de les aplicacions
- dins d'un pod habitualment hi ha només un contenidor
- un service
fa que una adreça ip d'una aplicació sigui la
mateixa, encara que sigui un altre pod (que tindrà
una adreça ip diferent); també actua com a
balancejador de càrrega
- al service, el selector diu com identificar
els pods que té al darrere; al pod s'haurà
especifat
selector: matchLabels
- accés extern a:
ports:port ->
en el pod: ports:targetPort
- per a definir un
kind: Service
accessible des de l'exterior:
- un ingress exposa un conjunt de
serveis de cara a l'exterior
- ConfigMap:
configuració externa de l'aplicació (p.ex.
DB_URL=mongo_db_service)
- secret:
com un configmap, però per a valors que no volem
emmagatzemar en clar, com credencials
- s'han de posar en base64
- cal un mecanisme extern per a xifrar-los,
i es fan servir regles RBAC per a
restringir-ne l'accés
- volum: emmagatzematge, local o
remot, associat a un pod
- desplegaments
- deployments: com un plànol
per a crear pods; es pot especificar quantes
rèpliques (pods) es volen d'una aplicació
- statefulset: les bases de
dades, però, no es poden replicar fàcilment amb
un deployment; cal un sts (statefulset); però el
més fàcil és posar la base de dades fora del
cluster de kubernetes
- Estructura / Structure
- Control Plane
- controller manager
- scheduler
- etcd
- API
server
- Workers (nodes) (production: minimum
3 nodes)
- Worker node #1. Components:
- kubelet: agent for managing the node and
communicating with the control plane
- kube-proxy
- container runtime
- pods
- pod #1
- container #1
- container #2
- ...
- pod #2
- Worker node #2
- ...
- Desplegament / Deployment
- Turnkey
cloud solutions (k8s)
- Minikube
- local Kubernetes
- un sol node: master i worker
- Ús / Usage
minikube start
minikube status
- General-purpose web UI for Kubernetes clusters
- minikube
addons enable metrics-server
minikube dashboard
- k3s
- Google ...
- AWS EKS
- Gestió / Management
- logs
- kubectl
- AWS
kubectl
curl -o kubectl
https://s3.us-west-2.amazonaws.com/amazon-eks/1.23.7/2022-06-29/bin/linux/amd64/kubectl
- Ús / Usage
-
kubectl |
|
exemples / examples |
action |
resource |
|
api-versions |
|
|
config |
get-contexts
use-context <context>
- delete-context
<context>
view (~/.kube/config)
|
|
create |
deployment <name>
--image=<image>
|
|
get |
all
...
deployments
events
pods / po
- services
/ svc
- ing
- TargetGroupBinding
- hpa
deployments
rs
secret
configmap
|
kubectl get pods -o
go-template --template '{{range
.items}}{{.metadata.name}}{{"\n"}}{{end}}'
|
describe |
<component_type>
<component_instance>
|
kubectl describe node
<my_node>
kubectl describe pod
<my_pod>
|
expose |
|
|
proxy |
|
|
logs |
<pod_instace> |
|
top |
|
- requisits
kubectl top nodes
kubectl --namespace
mynamespace top pods
- errors:
- error:
You must be logged in to the
server (Unauthorized)
- Solució
|
run |
|
kubectl
--namespace=mynamespace run
--image=appsoa/docker-alpine-nmap
--rm -i -t nm -- -Pn -p8000
192.168.1.2
|
apply -f ... |
kind: Service
|
|
|
kind: Deployment |
|
|
|
|
... |
|
|
- options:
- create a namespace:
kubectl create namespace
<mynamespace>
- create deployment, service, ingress:
kubectl apply -f my-deployment.yml
- my-deployment.yml
- metadata
name: ...
namespace: mynamespace
- kubectl
apply -f my-service.yml
- kubectl
apply -f my-ingress.yml
- get all (system):
kubectl get all -n kube-system
- get all:
kubectl get all --namespace
<mynamespace>
- get ingress:
kubectl get ing -n < mynamespace
>
- get pods:
kubectl get pods -n < mynamespace
>
- run interactive command shell on a pod:
-
kubectl --namespace mynamespace
exec -it <pod_name> -- /bin/sh
- Problemes / Problems
ContainerCreating
- Debug to see the cause
kubectl describe pods
<pod_name>
- ...
- helm
- Info
- vídeos
- agrupa un conjunt de fitxers yaml de configuració de
kubernetes, per a afegir un conjunt de
components
- permet plantilles, que agafen els valors del
fitxer values.yaml o bé amb
--set
- estructura de directoris
mychart/
Chart.yaml
(metainformació del chart)
values.yaml (valors que
es faran servir des de les plantilles)
charts/ (dependències)
templates/ (fitxers amb
les plantilles)
...
- release manager
- manté l'historial
- accions
helm install ...
helm upgrade ...
hel rollback ...
- Installing
Helm
curl -fsSL -o get_helm.sh
https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
- chmod +x
get_helm.sh
- ./get_helm.sh
- search charts in "ArtifactHub":
helm search hub
- helm
search hub <wanted_chart>
- add a repo:
helm repo add brigade
https://brigadecore.github.io/charts
- search charts in repositories added to you local
client (with
helm repo add )
helm search repo
helm search repo
<partial_name_of_wanted_chart>
- install a chart with an arbitrary name:
helm install <my_release_name>
<chart_to_be_installed>
- fitxer de valors que complementa i sobreescriu
els valors definits a values.yaml:
- helm
install --values=my-values.yaml
<chart_name>
- verify the status of a release:
helm status <my_release_name>
- show default values for a chart
- show values that have been --set for a given
release:
helm get values <my_release_name>
- release history
helm history <my_release_name>
- Problemes / Problems
- no listener for https in load balancer; no ip
attached to target groups
- EKS
Nodes not Registering in Target Group
using ALB Ingress Controller
- Debug
- verify logs of pod
aws-load-balancer-controller
{"level":"error",...,"msg":"Reconciler
error",...,"error":"CertificateNotFound:
Certificate 'arn:aws:acm: ...}
- from AWS web console, try to attach
certificate to the listener
- cannot find certificate ...
- Solució / Solution
- use an "RSA 2048" certificate instead
of a "ECDSA P 256" one
- Creating
Your Own Charts
- List repos
- Add a repo
helm repo add dev
https://example.com/dev-charts
- Update all repos:
- Update a repo
helm repo update <repo_name>
- Remove a repo
- ...
- kubetail
kubetail my_app --namespace mynamespace
kubetail
--namespace mynamespace my_app
- k9s
- derailed/k9s
- Instal·lació / Installation
- Homebrew
brew install derailed/k9s/k9s
- Docker:
- Ús
:contexts
:pods
0 (all)
- ctrl-w (see cpu and memory usage; metrics
server must be installed)
:deploy
:hpa (Horizontal
Pod Autoscaling)
:configmap
- :secret
- :replicaset
- :helm
/<text_to_find>
- sort by column:
- NAMESPACE:
shift +
P
- NAME:
shift + N
- NODE:
shift + O
- CPU: shift
+ C
- ...
- Problemes
The config profile (xxxx) could not be
found
- Solution
- search for xxxx in ~/.kube/config
- Lens
- ...
- Problemes / Problems
- pod state: CrashLoopBackOff
- Monitor
- Autoescalat / Autoscaling
-
- Provisionament
- pods
- k9s:
0/[n] nodes available: insufficient
[resource]
- Pods
- Nodes
- Diagrames
- Application
- Namespace
- ...
|
Cloud Computing (external
virtualisation)
|
Service
model
|
Recursos oferts /
Offered resources
|
L'usuari hi instal·la /
User can install
|
Implementació /
Implementation
|
Exemples
/
Examples |
|
|
|
|
Amazon
AWS |
Google |
other |
Software
as a Service (SaaS)
|
Aplicació / Application
|
-
|
|
- Storage
- Simple Storage Service (S3)
- Glacier (backups) (wp)
- Database
- RDS (SQL)
- DynamoDB (NoSQL)
|
|
- Microsoft "Software+Services"
|
Platform
as a Service (PaaS) |
Sistema Operatiu / Operating
system
|
aplicacions / applications
|
|
|
|
|
Infrastructure
as a Service (IaaS) |
CPU + Emmagatzematge + Xarxa
/
CPU + Storage + Network
|
sistema operatiu / operating
system
|
|
- Elastic Compute Cloud (EC2) (Xen)
|
|
|
|
|
OpenStack
|
AWS
|
|
Dashboard |
Horizon |
Console |
|
Compute
|
Compute
|
Nova
|
EC2 (Elastic Compute Cloud)
|
|
|
Lambda
|
A compute service that runs
your code in response to events and automatically manages
the compute resources for you.
|
Block storage |
Cinder |
ELB (Elastic Block Store)
|
|
Image service |
Glance |
AMI |
|
Bare metal provisioning |
Ironic |
|
|
Storage
and
content delivery
|
Object storage
|
Swift
|
S3 (Simple Storage Service)
|
|
|
|
Glacier
|
A low-cost storage service
that provides secure and durable storage for data archiving
and backup.
|
|
|
Cloud Front
|
Provides a way to distribute
content to end users with low latency and high data transfer
speeds.
|
|
|
Storage Gateway
|
|
Database |
SQL |
Trove |
RDS (Relational Database
Service)
|
|
|
|
Elastic Cache
|
|
|
|
Redshift
|
|
NoSQL
|
|
DyanamoDB
|
A scalable NoSQL data store
that manages distributed replicas of your data for high
availability.
|
Networking
|
Networking
|
Neutron
|
VPC (Virtual Private Cloud)
|
|
|
|
Direct Connect
|
|
DNS
|
|
Route53 |
A scalable and highly
available Domain Name System (DNS) and Domain Name
Registration service.
|
Administration
and
security
|
Identity service
|
Keystone
|
Directory Service
|
|
|
|
Trusted Advisor
|
|
|
|
Config
|
|
|
|
IAM (Identity and Access
Management)
|
Lets you securely control
access to AWS services and resources.
|
|
|
CloudTrail
|
Provides increased visibility
into user activity by recording API calls made on your
account.
|
|
|
CloudWatch
|
Provides monitoring for
resources and applications.
|
Analytics |
Elastic map reduce |
Sahara |
EMR (Elastic Map Reduce)
|
Lets you perform big data
tasks such as web indexing, data mining, and log file
analysis.
|
|
|
Kinesis
|
A managed service that scales
elastically for real-time processing of streaming big data.
|
Orchestration |
Heat |
Data Pipeline
|
A lightweight orchestration
service for periodic, data-driven workflows.
|
Application
services |
Multiple tenant cloud
messaging |
Zaqar |
SQS (Simple Queue Service)
|
|
|
|
AppStream
|
|
|
|
SES (Simple Email Service)
|
|
|
|
SWF (Simple WorkFlow)
|
Coordinates all of the
processing steps within an application.
|
|
|
Elastic Transcoder
|
Lets you convert your media
files in the cloud easily, at low cost, and at scale.
|
|
|
CloudSearch
|
|
Deployment
and
management |
|
|
Elastic Beanstalk
|
An application container for
deploying and managing applications.
|
|
|
CloudFormation
|
Lets you create and update a
collection of related AWS resources in a predictable
fashion.
|
|
|
CodeDeploy
|
Lets you fully automate code
deployments.
|
|
|
OpsWorks
|
A DevOps platform for
managing applications of any scale or complexity on the AWS
cloud.
|
Mobile
services |
|
|
Cognito
|
A simple user identity and
data synchronization service that helps you securely manage
and synchronize app data for your users across their mobile
devices.
|
|
|
Mobile Analytics
|
|
|
|
SNS (Simple Notification
Service)
|
Lets you publish messages to
subscribers or other applications.
|
Enterprise
applications |
|
|
WorkSpaces
|
|
|
|
WorkDocs
|
|
|
|
WorkMail
|
|
|
Telemetry
|
Ceilometer
|
Billing
|
|
OpenStack vs AWS:
OpenStack |
AWS |
|
|
Project
|
Products
and services
|
Dashboard |
|
Horizon
|
|
|
Compute
|
|
Nova
|
EC2 (Elastic Compute Cloud) |
Compute
|
|
|
EC2 Container Service
|
|
|
AWS Lambda
|
|
|
Auto-scaling
|
|
|
Amazon VPC
|
|
|
Elastic Load Balancing
|
Bare Metal Provisioning
|
Ironic
|
|
Storage
|
Object storage
|
Swift
|
Amazon S3 |
Storage
and
content delivery |
|
|
Amazon Glacier
|
Block Storage
|
Cinder
|
Amazon EBS
|
Shared Filesystems
|
Manila
|
Amazon EFS
|
|
|
AWS Import/Export
|
|
|
AWS Storage Gateway
|
|
|
Amazon CloudFront
|
Networking
|
|
Neutron
|
Amazon VPC
|
Networking
|
|
|
Direct Connect
|
DNS
|
Designate
|
Route53
|
|
Neutron/LBaaS
|
Elastic Load Balancing |
Shared
services
|
Identity service |
Keystone
|
AWS Identity and Access
Management (IAM)
|
Administration
and
security
|
|
|
AWS Directory Service |
|
|
AWS CloudTrail
|
|
|
AWS Config
|
|
|
AWS CloudHSM
|
Key management
|
Barbican
|
AWS Key Management Service
|
Telemetry service |
Ceilometer
|
Amazon CloudWatch
|
|
|
AWS Truster Advisor
|
Image service |
Glance
|
AMI
|
|
Orchestration
service |
|
AWS Elastic Beanstalk
|
Deployment
&
Management
|
|
AWS OpsWorks
|
Heat
|
AWS CloudFormation
|
Heat/AutoScaling
|
|
TripleO
(OpenStack on OpenStack)
|
|
|
AWS CodeDeploy
|
Database
service |
Trove
|
Amazon RDS
|
Database
|
DynamoDB
|
|
Aurora
(*)
|
|
Redshift
|
|
ElastiCache
|
|
Data processing
|
Sahara
(Hadoop)
|
Amazon Elastic MapReduce
(EMR)
|
Analytics
|
|
|
|
Amazon Kinesis
|
|
|
|
Amazon Redshift
|
|
|
|
AWS Data Pipeline
|
|
Message service
|
Zaqar
|
Amazon SQS (Simple Queue
Service)
|
Application
Services |
|
|
|
Amazon SWF (Simple Workflow
Service)
|
|
|
|
Amazon AppStream
|
|
|
|
Amazon Elastic Transcoder
|
|
|
|
Amazon SES (Simple Email
Service)
|
|
|
|
Amazon CloudSearch
|
|
|
|
Amazon SNS (Simple
Notification Service)
|
|
|
|
Amazon FPS (Flexible Payment
Service)
|
|
|
|
Amazon Cognito
|
Mobile
Services
|
|
|
|
Amazon Mobile Analytics
|
|
|
|
Amazon SNS (Simple
Notification Service)
|
|
|
|
Amazon WorkSpaces
|
Enterprise
Applications
|
|
|
|
Amazon WorkDocs
|
|
|
|
AWS Support
|
AWS
Support
|
|
|
|
AWS Trusted Advisor
|
|
Marketplace
|
|
|
AWS Marketplace
|
|
|
|
Alexa Web Information Service
|
Additional Services
|
- Cloud
computing
comparison (wp)
- Cloud
Landscape (Open Crowd)
- Cloud
Computing
y Software de Fuentes Abiertas. Dossier ONSFA (Cenatic)
(gràfic)
- Tyranny
of
Choice in the Cloud
- Maquinari / Hardware
- The orange box (Canonical)
- Programari / Software
- libsaas
- Cloud Management Platform (CMP)
(management of heterogeneous clouds) (OpenStack
Hybrid
examples)
- Deployment
Manifesto
-- thoughts?
- Many
Clouds,
One API
-
- libcloud
- Getting
started (official libcloud tutorial from
OpenStack)
- Example (test_images.py)
from
libcloud.compute.types import Provider
from libcloud.compute.providers import
get_driver
import libcloud.security
from pprint import pprint
libcloud.security.VERIFY_SSL_CERT = False
openstack = get_driver(Provider.OPENSTACK)
driver = openstack('my_user', 'my_password',
ex_tenant_name='my_tenant_name',
ex_force_auth_url='http://my_openstack_server:5000/v2.0/tokens',
ex_force_auth_version='2.0_password')
images = driver.list_images()
pprint( images )
- Autoscaling
- Problemes / Problems
socket.gaierror: [Errno -2] Name or
service not known
- Solució / Solution:
- check that server name (given by the
response of the server, and tried by
curl to make the second connection) is
complete:
LIBCLOUD_DEBUG=/dev/stderr
python test_images.py
...
# -------- end
45155728:45171272 response
----------
# -------- begin 45196176
request ----------
curl -i -X GET -H 'Host: mynode:8774'
...
- if it is not complete, add it to
/etc/hosts
mynode
mynode.mydomain.org
- Troubleshooting
- Debugging
LIBCLOUD_DEBUG=/dev/stderr python
my_script.py
- DeltaCloud
- Updated
Openstack
v2 API driver in Deltacloud
- Installation
- requirements
- CentOS
sudo yum install ruby ruby-devel
gcc-c++ libxml libxml2-devel libxslt
libxslt-devel sqlite sqlite-devel
patch
sudo gem install rake
sudo gem install deltacloud-core
-
|
server
|
client
|
OpenStack
|
deltacloudd
-i openstack -p 3001 -P
http://openstack_keystone_server:35357/v2.0
-r <deltacloud_server_ip_address> |
curl -X
GET --user
"<username>+<tenant_name>:<password> " -H "Accept:
application/json" http://<deltacloud_server_ip_address>:3001/api/instances
|
python -m json.tool |
AWS
|
deltacloudd
-i ec2 -p 3002 -r
<deltacloud_server_ip_address> |
curl -X
GET --user
"<Access_key_ID>:<Secret_access_key>"
-H "Accept: application/json" -H
"X-Deltacloud-Provider:eu-west-1"
http://<deltacloud_server_ip_address>:3002/api/instances
| python -m json.tool |
- Run
deltacloudd --verbose --log toto.log -i
ec2 -p 3001 -r 172.30.0.45
- Access
curl -X GET --user
"<Access_key_ID>:<Secret_access_key>"
-H "Accept: application/json" -H
"X-Deltacloud-Provider:eu-west-1"
http://my_deltacloud_server:3001/api/instances
| python -m json.tool
- Cloud
computing
comparison (wp)
- Abi Cloud
- Enomalism
- Eucalyptus (inspired by Amazon EC2)
- Nimbus Globus toolkit
- Open Nebula
- Hadoop
- Storm (Hadoop for
realtime)
- OpenStack
- Tasques / Tasks
- Event logging
- Analítica i monitoratge
/
Analytics and monitoring
- Serveis / Services
|
Parcs d'ordinadors / Clusters
|
|
Seguretat /
Security
|
- Criptografia
/
Cryptography
- Segureta a
WWW/Internet / Security in WWW/Internet
- Programari / Software
- Maquinari / Hardware
- Info
- Estàndards / Standards
- Guies / Guides
- Glossari
- Notícies / News
- Signatura / Signature
- PKI
- Empreses / Companies
- SSL
- Hackers
- P3P
- PICS
- The Twenty Most Critical
Internet Security Vulnerabilities
- Secunia
- Autenticació / Authentication
- Autenticació
WWW / WWW authentication
- Multi-factor authentication (wp)
factor
|
|
món real / real world
|
informàtica /
computers
|
serveis / services
|
coneixement /
knowledge
|
alguna cosa que
l'usuari sap / something the user knows
|
|
|
|
possessió / posession
|
alguna cosa que
l'usuari té / something the user has
|
|
|
inherent
|
alguna cosa que
l'usuari és / something the user is
|
|
|
|
- Contrasenya / Password
- Generació de contrasenyes amb OpenSSL
- Gestor de
contrasenyes / Password manager
- Desenvolupament / Development
- Token USB / USB token
- Estàndards / Standards
- Universal 2nd Factor (U2F) (FIDO Alliance) (wp)
- Fabricants / Manufacturers
- Yubico
- YubiKey
(wp)
- Productes / Products
- Works
with YubiKey catalog
- Developer
Program
- OTP (One-Time
Password)
- per a completar nom/contrasenya
- verificat per YubiCloud
(caldrà una API key) o un servei
propi
- yubico-pam
- CentOS:
Requiring a Yubikey OTP for SSH
Password logins
sudo yum install pam_yubico
ykclient
- allowed yubikeys:
mkdir -p ~/.yubico
- Yubikey ID are the first 12
characters of a generated OTP:
push the button on a text
terminal
- ~/.yubico/authorized_yubikeys
<username>:<yubikey_id_in_12_characters>
chmod 700 -R ~/.yubico
- PAM
- get a Yubikey API credential
pair (id, key):
- /etc/pam.d/ssh
#auth
required
pam_sepermit.so
auth
required
pam_yubico.so
id=... key=...
url=http://api.yubico.com/wsapi/2.0/verify?id=%d&otp=%s
pam_sepermit.so
- SSH
- /etc/ssh/sshd_config
PasswordAuthentication
yes
UsePAM yes
- ...
- U2F
(Universal 2nd Factor)
- nom i contrasenya + botó al dispositiu
Yubico
- genera un parell de claus
privada/pública per a cada servei
- ...
- Programari / Software
- Serveis / Services
- Smart
cards
- Utilització de certificats
digitals / Digital certificates usage (see also Emissió de
certificats digitals / Digital certificate emission (OpenSSL))
- Aplicacions
- Signatura de
documents / Document signature
- Libre
Office
- Okular
(version >= 21.04)
- Posa un requadre amb la signatura, de manera
semblant a Adobe PDF Reader
- Digital
signature with Okular (Linux/Ubuntu)
- si la vostra distribució us ofereix una
versió massa antiga d'okular (<21.04), us
en podeu instal·lar una versió més recent
fent servir flatpak:
- Instal·lació amb Flatpack / Install with
Flatpack
flatpak run org.kde.okular
toto.pdf
- Configuració / Setup
- Arranjament > Configura els
dorsals... > PDF
- Base de dades de certificats
- Personalitzat:
~/.mozilla/firefox/xxxx.default-release
- ha d'apuntar al directori on Firefox desa
els certificats
- la base de dades que trobarà
en aquest directori té el format
...
- Signatura / Signature
- Eines > Signa digitalment
- trieu el certificat
- dibuixeu un requadre
- us crearà toto_signat.pdf
- Kleopatra (KDE)
- Ecofirma (MITyC)
- Utilització des de wget
/ Usage from wget
- Utilització des
de navegador (p.ex. Mozilla
Firefox / Usage from browser (e.g. Mozilla Firefox):
- Mozilla
Firefox
- Paràmetres -> Privadesa i seguretat ->
Certificats -> Mostra els certificats -> Els
vostres certificats -> Importa...
- a partir del fitxer (.p12) crearà una base de
dades, dins de
~/.mozilla/firefox/xxxx.default-release
- podreu fer servir aquesta base de dades per signar
documents des de:
- Exemples
- FNMT
- Configuración
previa
- FNMT-RCM
- AutoFirma
- Instal·lació
- afegiu repositoris BlogDrake
- instal·leu el paquet
(autofirma-1.7.0-3.1bdk_mga8.noarch)
- Ús
- Renovació
- ...
- Problemes
No s'ha pogut crear l'«io-slave». El
Klauncher ha informat: Protocol desconegut
«fnmtcr».
- No es troba cap certificat
- Solució
- a la finestreta que se us obrirà,
seleccioneu el fitxer p12 del vostre
certificat
- idCAT
- Info
- Instal·lació / Installation
- Instal·lació
(Firefox, Thunderbird):
- Compilació
- dependències / dependencies
- # wget
https://www.idcat.cat/idcat/jsp/bin/clauer/linux/ClauerLinux.tar.gz
- # tar xvzf ClauerLinux.tar.gz
- # cd ClauerLinux-3.0.8
- # ./configure [--enable-64]; make; make
install
- això, entre altres coses, us activarà el
servei "clos":
- Amb el Firefox, obriu el fitxer:
- file:///.../ClauerLinux-3.0.8/pkcs11/clauerPK11inst.xpi
- o bé, des de consola, executeu:
./ClauerLinux-3.0.8/pkcs11/firefox-install-pkcs11.sh
- això us hauria d'haver instal·lat el
dispositiu de seguretat "Modul
pkcs11 Clauer":
- Edita / Preferències / Avançat /
Certificats / Dispositius de seguretat
- Mòdul: Modul pkcs11 Clauer
- Camí: /usr/lib/libclauerpkcs11.so
- Desinstal·lació (Firefox, Thunderbird):
- Edita / Preferències / Avançat / Xifratge
(Certificats) / Dispositius de seguretat
- o bé: Eines / Consola d'errors:
pkcs11.deletemodule("Modul pkcs11
Clauer");
- o bé:
modutil -delete " Modul
pkcs11
Clauer " -libfile /usr/local/lib/libclauerpkcs11.so
-dbdir
/home/USUARI/.mozilla/firefox/NOMPERFIL
- Antic mètode d'instal·lació (Firefox, Thunderbird)
(és crític primer instal·lar les claus públiques i
després activar el dispositiu de seguretat)
- Baixeu-vos les Claus
públiques
de CATCert / Administració
local,
Generalitat i Diputacions:
- acc.crt
- ec-idcat.cer
- Instal·leu-les:
- Firefox 3.0: Edita / Preferències /
Avançat / Xifratge / Visualitza els
certificats / Entitats / Importa
(Thunderbird: Edita / Preferències / Avançat
/ Certificats / Visualitza els certificats /
Entitats / Importa)
- acc.crt: marqueu les tres opcions
- ec-idcat.cer: marqueu les tres opcions
- comproveu que són vàlides: Edita /
Preferències / Avançat / Xifratge (Certificats)
/ Visualitza els certificats / Entitats: Agència
Catalana de Certificació / EC-ACC, EC-IDCAT:
- "Aquest certificat ha estat verificat per
als usos següents: Autoritat del certificat
SSL"
- Activeu el dispositiu Clauer:
- Edita / Preferències / Avançat / Xifratge
(Certificats) / Dispositius de seguretat
- Carrega:
- Nom del mòdul: Modul pkcs11 Clauer
- Nom de fitxer del
mòdul: /usr/local/lib/libclauerpkcs11.so
- o bé: Eines / Consola d'errors:
pkcs11.addmodule("Modul pkcs11
Clauer",
"/usr/local/lib/libclauerpkcs11.so",
0x1<<28, 0);
- o bé:
modutil -add " Modul
pkcs11 Clauer " -libfile /usr/local/lib/libclauerpkcs11.so
-dbdir
/home/USUARI/.mozilla/firefox/NOMPERFIL
- nota: no poseu accents al nom ("Modul
pkcs11 Clauer"); no apareixerà a la llista i
es farà difícil de suprimir (podeu trobar el
nom al fitxer
~/.mozilla/firefox/xxx.default/secmod.db)
- comproveu que apareix a Edita /
Preferències / Avançat / Xifratge
(Certificats) / Dispositius de seguretat
- Ús / Usage
- Signatura de documents amb Libre Office
- SignaCAT
(Java)
- Usos
(AOC)
- Firefox
- Thunderbird: envieu-vos un missatge signat
- DNIe
/ Usa tu DNI
- Info
- Connexió
-
maquinari |
programari |
lector smartcard |
|
lector telèfon NFC |
|
- DNIeRemote
- Instal·lació
- Android
- PC
- Mageia
- dependències
sudo dnf install dpkg ...
- instal·lació
sudo dpkg -i
--ignore-depends=adb,libgtkmm-3.0-1v5
DNIeRemoteSetup_1.0-5_amd64.deb
- Smartcard: Instal·lació /
Installation
- Mageia
- OpenSC
0.14
added official support for the DNIe.
- Passos (Mageia 7)
- Instal·leu els paquets necessaris per al lector
SC, i després:
- Instal·leu dnie-configurador des dels
dipòsits de BlogDrake
(p.ex. per a Mageia 7):
urpmi.addmedia --wget --distrib
http://ftp.blogdrake.net/mageia/mageia7/x86_64
urpmi dnie-configurador
- seguiu les instruccions / follow the
instructions
- Ús /
Usage
- Problemes / Problems
ln: no s’ha pogut crear l’enllaç
simbòlic
'/usr/lib64/firefox/browser/defaults/preferences/afirma.js':
El fitxer o directori no existeix
advertència: Ha fallat el scriptlet
%post(afirma-1.6.5-3.1bdk.mga7.noarch),
estat de sortida 1
- Mageia 5
urpmi.addmedia --wget --distrib ftp://ftp.blogdrake.net/mageia/mageia5/x86_64/
urpmi dnie-configurador
- edit dnie-configurador:
#downloadCertificate
https://www.sede.fnmt.gob.es/documents/11614/116099/Certificado+Raiz+Clase2A/29de1646-675e-49b3-bd8e-0ff6ca02cb66
FNMTClase2CA.cer
downloadCertificate
https://www.sede.fnmt.gob.es/documents/11614/116099/FNMTClase2CA.cer
- Mageia 4
- Mageia 1, 2
$ dnie-configurador
- Comprovació
- Mandriva
- Instal·lació manual (obsoleta)
- Instal·leu
el
mòdul criptogràfic per a Firefox i Thunderbird:
urpmi opensc-dnie
(el de FedoraCore, que és un rpm, NO va bé
per a Mandriva)
- urpmi dpkg
- wget
http://www.dnie.es/descargas/PKCS11_para_Sistemas_Unix/Ubunt_Gutsy.tar
- tar xvf Ubunt_Gutsy.tar
- cd Ubuntu_Gutsy
- dpkg -x opensc-dnie_1.4.0-5_i386.deb .
- cp -r usr/lib/* /usr/lib/
- urpmi mozilla-plugin-opensc (libopensc2)
opensc
- /etc/opensc.conf:
- # reader_drivers = openct, pcsc,
ctapi;
reader_drivers = pcsc;
- # card_drivers = customcos, internal;
card_drivers = dnie;
card_driver dnie {
#The location of the driver
library
module =
/usr/local/lib/libopensc-dnie.so;
}
- Activeu-lo
a
Firefox (Thunderbird) (NO FUNCIONA AMB
MANDRIVA):
- obriu amb el Firefox el fitxer:
- /usr/share/opensc-dnie/instal_dnie/instala_modulo.htm
(també
us instal·larà el certificat arrel de la
policia)
- o bé: Edita / Preferències / Avançat /
Xifratge (Certificats) / Dispositius de
seguretat
- Carrega:
- Nom del mòdul: DNIe
- Nom de fitxer del mòdul:
/usr/lib/opensc-pkcs11.so
- i instal·leu el certificat arrel de la
policia:
- Ús / Usage
- Mozilla
Firefox
- Preferències / Privadesa i seguretat /
Seguretat / Certificats / Dispositius de
seguretat
- DNIe
- C3PO
LTC31 v2 (model del vostre
lector)
-
Estat |
accions possibles |
No present |
inseriu físicament el DNIe |
No s'ha iniciat la sessió |
«Inicia la sessió» |
S'ha iniciat la sessió |
«Finalitza la sessió» |
- Problemes
- "Autenticació de testimoni protegit" /
"Protected token authentication"
- Preferències / Privadesa i seguretat /
Seguretat / Certificats / Mostra els
certificats...
- us han d'aparèixer dins de «DIRECCION
GENERAL DE POLICIA», dos certificats amb el
vostre nom: un amb FIRMA i l'altre amb
AUTENTICACIÓN, provinents del dispositiu de
seccccccjtdbjvvjvlrbhiuciebibhludjkrlhchikknvk
- guretat «DNI electrónico (PIN1)»
- Targeta CERES
(FNMT)
- Targeta UPC
- Signatura electrònica mòbil
|
Quiosc / Kiosk
|
|
Execució
distribuïda / Distributed execution
|
|
Accés remot / Remote access
|
|
VPN (Virtual Private Network)
|
base
|
name
|
owner
|
info
|
used
protocols
|
implementations
|
encryption |
user authentication
|
packet authentication
|
|
|
compression
|
server
|
client
|
|
|
|
|
passive attacks
(eavesdroppers)
|
|
active attack
(man-in-the-middle)
|
replay attacks
|
plaintext attacks
|
|
|
vpnc (command line)
|
KVpnc
(KDE)
|
drakvpn (mdv/mga)
|
Network Manager
|
(others)
|
IPSec
(kernel)
|
L2TP over IPsec (Cisco)
|
|
|
|
|
HMAC construction
|
|
|
|
|
|
x
|
|
|
|
|
FreeSwan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
PPTP
|
Microsoft
|
|
|
|
|
|
|
- MPPC (based on LZ)
- Deflated
- BSD compression (RFC 1977)
|
|
|
x
|
|
|
|
TUN/TAP
(user-space)
|
OpenVPN (over OpenSSL/TLS)
|
|
|
- PKI (X.509 certificates)
- Clau estàtica / Static key
|
|
HMAC construction (wp)
|
sliding window (unique
timestamp)
|
|
|
|
|
x
|
|
|
|
|
VTun
|
|
|
|
|
|
|
|
|
|
|
x
|
|
|
|
|
Tinc
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Cipe
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
OpenSSH |
|
only valid for one port |
|
|
|
|
|
|
|
|
x
|
|
|
|
|
Distributed software
|
|
Enginyeria del programari /
Software engineering
|
|
http://www.francescpinyol.cat/informatica.html
Primera versió: / First version:
Darrera modificació: 13 d'agost de 2024 / Last update: 13th August
2024
Cap a casa / Back home |