Categories
Networking

Juniper SRX setup

Initialise

root%           <-- Shell
root% cli       <-- Operational CLI mode
root>           <-- Logged in to operational CLI mode
root>configure <-- Configuration mode
root#           <-- Logged in to configuration mode

Creating a password

root# set system root-authentication plain-text-password

New password:
Retype new password:

root# set system host-name srx
root# commit

commit complete

root@srx#

Security zone allowing ping, ssh and netconf

#set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping
#set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh
#set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services netconf

Juniper SRX Allow root login

set system services ssh root-login allow

Interfaces

#delete interfaces ge-0/0/0
#delete interfaces ge-0/0/1
#set interfaces ge-0/0/0 unit 0 family inet address 192.168.100.38/24
#set interfaces ge-0/0/1 unit 0 family inet address 192.168.239.1/24

Default route

#set routing-options static route 0.0.0.0/0 next-hop 192.168.100.1

Address book entries

#set security zones security-zone INTERNAL address-book address network_239 192.168.239.0/24

Security policies

#delete security policies
#set security policies from-zone internal to-zone internet policy allow-internal-clients match source-address network_239
#set security policies from-zone internal to-zone internet policy allow-internal-clients match destination-address any
#set security policies from-zone internal to-zone internet policy allow-internal-clients match application any
#set security policies from-zone INTERNAL to-zone internet policy allow-internal-clients then permit

Nat for internal clients

#delete security nat
#set security nat source rule-set internal-to-internet from zone internal
#set security nat source rule-set internal-to-internet to zone internet
#set security nat source rule-set internal-to-internet rule internet-access match source-address 192.168.239.0/24
#set security nat source rule-set internal-to-internet rule internet-access match destination-address 0.0.0.0/0
#set security nat source rule-set internal-to-internet rule internet-access then source-nat interface
#commit

Enable specific incoming system service traffic

#set security zones security-zone INTERNAL host-inbound-traffic system-services all
#set security zones security-zone INTERNAL host-inbound-traffic system-services ftp except
#set security zones security-zone INTERNAL host-inbound-traffic system-services http except

Allow SSH and NetConf for Ansible to connect

user@hostname> configure 
Entering configuration mode

[edit]
user@hostname# set system services netconf ssh 

[edit]
user@hostname# commit and-quit 
commit complete
Exiting configuration mode

user@hostname> show system connections inet | match 830 
tcp4       0      0  *.830                    *.*                       LISTEN

user@hostname> show system connections inet6 | match 830   
tcp6       0      0  *.830                    *.*   

Assign static IP

set interfaces ge-0/0/0 unit 0 family inet address [xx.xx.xx.xx]
set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.1

Create a user

set system login user [USERNAME] class super-user authentication plain-text-password
set system login user praison class super-user authentication plain-text-password

Request system logout

request system logout pid [XXX]
request system logout pid 1234
Categories
Networking

Connect to Juniper Firewall on Mac

Install MacOS Juniper Driver

Connect the Juniper to your USB

$ ls /dev/tty.usb*
/dev/tty.usbjuniper111
/dev/tty.usbjuniper222

Screen

$ screen /dev/tty.usbjuniper111

Login

Username: root

(No Password)

Enter to CLI mode

Type the below command

cli

Note: Tested with SRX series

Good news

You don’t need a putty if you are using Mac

Categories
Linux

Get Recently installed softwares in Debian

Via command line

cat /var/log/dpkg.log.1 | grep "install"

Categories
Linux

Linux Process basics

List of processes

systemctl list-unit-files | grep enabled
ps aux | less

Top memory consuming process

ps aux --sort -rss | head -11
ps aux --sort +rss | tail -10
ps aux | sort -nrk 3,3 | head -n 5

Top Process ID’s

ps -eo pmem,pcpu,vsize,pid | sort -k 1 -nr | head -5
ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem | head

Watch processes

top
watch "ps aux | sort -nrk 3,3 | head -n 5"

CPU info

cat /proc/cpuinfo 

Number of CPU’s

cat /proc/cpuinfo | wc -l
Categories
DevOps

Kubectl basic commands

kubectl get nodes
kubectl get deploy
kubectl get rs
kubectl get pods
kubectl get services
kubectl get all

YAML file

kubectl get deploy/[DEPLOYMENT_NAME] -o yaml 
kubectl get deploy [DEPLOYMENT_NAME] -o yaml 
kubectl get service/[SERVICES_NAME] -o yaml
kubectl get service [SERVICES_NAME] -o yaml

Deployment using YAML

kubectl create -f helloworld-deployment.yml
kubectl create -f helloworld-service.yml

helloworld-deployment.yml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: helloworld-deployment
spec:
  selector:
    matchLabels:
      app: helloworld
  replicas: 1 # tells deployment to run 1 pods matching the template
  template: # create pods using pod definition in this template
    metadata:
      labels:
        app: helloworld
    spec:
      containers:
      - name: helloworld
        image: karthequian/helloworld:latest
        ports:
        - containerPort: 80

helloworld-service.yml

apiVersion: v1
kind: Service
metadata:
  name: helloworld-service
spec:
  # if your cluster supports it, uncomment the following to automatically create
  # an external load-balanced IP for the frontend service.
  type: LoadBalancer
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: helloworld

Scale Application

kubectl scale --replicas=3 deploy/helloworld-deployment

Minikube

minikube service list
minikube service [SERVICE_NAME]