OpenShift v3.11 インストール①
インストール手順はggれば沢山載っていたので実際に検証です。
参考
OpenShiftをインストールしてみる | 日常系エンジニアのTech Blog
わたしの場合は、CentOS 7 にインストール。
事前にDockerとか入れる必要はないです。prerequisites.yml で勝手に入れてくれます。
[root@all-openshift ~]# yum install NetworkManager git -y [root@all-openshift ~]# systemctl enable --now NetworkManager [root@all-openshift ~]# yum -y install centos-release-openshift-origin311 [root@all-openshift ~]# yum -y install epel-release [root@all-openshift ~]# git clone https://github.com/openshift/openshift-ansible [root@all-openshift ~]# cd openshift-ansible [root@all-openshift openshift-ansible]# git checkout release-3.11 Branch release-3.11 set up to track remote branch release-3.11 from origin. Switched to a new branch 'release-3.11' [root@all-openshift openshift-ansible]# yum -y --enablerepo=epel install ansible [root@all-openshift openshift-ansible]# ansible -v-version ansible 2.9.2 ★2.9 が入ってしまった、2.6 でないといけないため以下対応 [root@all-openshift openshift-ansible]# rpm --nodeps -e ansible [root@all-openshift openshift-ansible]# [root@all-openshift openshift-ansible]# yum-config-manager --disable epel [root@all-openshift openshift-ansible]# yum install ansible [root@all-openshift openshift-ansible]# ansible --version ansible 2.6.20 ☆事前準備完了 ・バックアップ [root@all-openshift openshift-ansible]# cp -p /etc/etansible/hosts /etc/ansible/hosts.bak ・編集後 [root@all-openshift ~]# cat /etc/ansible/hosts [OSEv3:children] masters nodes etcd [OSEv3:vars] openshift_deployment_type=origin openshift_disable_check=disk_availability,memory_availability openshift_node_groups=[{'name': 'node-config-all-in-one', 'labels': ['node-role.kubernetes.io/master=true', 'node-role.kubernetes.io/infra=true', 'node-role.kubernetes.io/compute=true']}] openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider'}] openshift_service_catalog_version = v3.11 #<-------------------------- 次の記事参照 openshift_enable_service_catalog=false #<-------------------------- 次の記事参照 ansible_service_broker_install = false #<-------------------------- 次の記事参照 [masters] localhost ansible_connection=local [etcd] localhost ansible_connection=local [nodes] localhost ansible_connection=local openshift_node_group_name="node-config-all-in-one" ・チェックブック実行 [root@all-openshift openshift-ansible]# ls ansible.cfg CONTRIBUTING.md examples images meta playbooks README_CONTAINERIZED_INSTALLATION.md roles test BUILD.md DEPLOYMENT_TYPES.md hack inventory openshift-ansible.spec pytest.ini README.md setup.cfg test-requirements.txt conftest.py docs HOOKS.md LICENSE OWNERS README_CONTAINER_IMAGE.md requirements.txt setup.py tox.ini [root@all-openshift openshift-ansible]# [root@all-openshift openshift-ansible]# pwd /root/openshift-ansible [root@all-openshift openshift-ansible]# [root@all-openshift openshift-ansible]# [root@all-openshift openshift-ansible]# aansible-playbook -vvvv playbooks/prerequisites.yml ~ INSTALLER STATUS **************************************************************************************************************************************************************************************************************************** Initialization : Complete (0:01:08) Sunday 26 January 2020 00:09:30 -0800 (0:00:00.046) 0:04:58.741 ******** =============================================================================== container_runtime : Install Docker ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 175.15s /root/openshift-ansible/roles/container_runtime/tasks/package_docker.yml:23 ---------------------------------------------------------------------------------------------------------------------------------------------------------------- Ensure openshift-ansible installer package deps are installed ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- 51.67s /root/openshift-ansible/playbooks/init/base_packages.yml:51 -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- os_firewall : need to pause here, otherwise the iptables service starting can sometimes cause ssh to fail --------------------------------------------------------------------------------------------------------------------------- 10.24s /root/openshift-ansible/roles/os_firewall/tasks/iptables.yml:43 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- os_firewall : Wait 10 seconds after disabling firewalld ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 10.19s /root/openshift-ansible/roles/os_firewall/tasks/iptables.yml:14 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- os_firewall : Install iptables packages ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 7.09s /root/openshift-ansible/roles/os_firewall/tasks/iptables.yml:19 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- openshift_excluder : Install docker excluder - yum ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 5.71s /root/openshift-ansible/roles/openshift_excluder/tasks/install.yml:9 ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- container_runtime : Start the Docker service ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 2.59s /root/openshift-ansible/roles/container_runtime/tasks/package_docker.yml:121 --------------------------------------------------------------------------------------------------------------------------------------------------------------- os_firewall : Ensure firewalld service is not enabled -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 2.43s /root/openshift-ansible/roles/os_firewall/tasks/iptables.yml:3 ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Gathering Facts ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.46s /root/openshift-ansible/playbooks/prerequisites.yml:3 -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- container_runtime : Fixup SELinux permissions for docker ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.18s /root/openshift-ansible/roles/container_runtime/tasks/package_docker.yml:140 --------------------------------------------------------------------------------------------------------------------------------------------------------------- os_firewall : Start and enable iptables service -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.87s /root/openshift-ansible/roles/os_firewall/tasks/iptables.yml:31 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- openshift_repos : Ensure libselinux-python is installed ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 0.72s /root/openshift-ansible/roles/openshift_repos/tasks/main.yaml:6 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- openshift_repos : refresh cache ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 0.71s /root/openshift-ansible/roles/openshift_repos/handlers/main.yml:2 -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- openshift_repos : Configure correct origin release repository ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 0.68s /root/openshift-ansible/roles/openshift_repos/tasks/centos_repos.yml:15 -------------------------------------------------------------------------------------------------------------------------------------------------------------------- container_runtime : Update registries.conf ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.66s /root/openshift-ansible/roles/container_runtime/tasks/update_registries.yml:3 -------------------------------------------------------------------------------------------------------------------------------------------------------------- Gather Cluster facts ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.61s /root/openshift-ansible/playbooks/init/cluster_facts.yml:27 -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- container_runtime : Configure Docker service unit file ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.56s /root/openshift-ansible/roles/container_runtime/tasks/package_docker.yml:44 ---------------------------------------------------------------------------------------------------------------------------------------------------------------- container_runtime : Set various Docker options --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.55s /root/openshift-ansible/roles/container_runtime/tasks/package_docker.yml:80 ---------------------------------------------------------------------------------------------------------------------------------------------------------------- container_runtime : Get current installed Docker version ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.54s /root/openshift-ansible/roles/container_runtime/tasks/package_docker.yml:9 ----------------------------------------------------------------------------------------------------------------------------------------------------------------- openshift_repos : Configure origin gpg keys ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 0.53s /root/openshift-ansible/roles/openshift_repos/tasks/centos_repos.yml:7 --------------------------------------------------------------------------------------------------------------------------------------------------------------------- [root@all-openshift openshift-ansible]# [root@all-openshift openshift-ansible]#
VCP-DCV-2020
今の業務とかすりもしないVMwareの資格をようやく取った!
openshift-sdn
(参考) CNI の 解説
www.slideshare.net
openshift-sdn プロジェクト内 sdn、ovs コンテナ
RedHat vxlanポートのデフォルト数( vxlanPort: 4889 )
RedHat 読み物
www.slideshare.net
◆OpenShift SDNの主な役割 ①各種ネットワークデバイス(vxlan0/tun0/br0)の生成 ・OpenShift Node 起動時に生成 ②PODが利用するサブネットアドレスの登録 ・各ノードが初回時に割り当てられたサブネットを受信し、Open vSwitch (OVS)によりネットワークフローを管理 ③別プロジェクトのPODへのアクセス制御
(参考)
1.同一ホストのPODへの通信=Dockerブリッジ(lb0)を経由してアクセス
2.別ホストのPODへの通信=vxlanデバイスを経由したoverlayネットワークを通してアクセス
3.外部ネットワークへのアクセス=tun0デバイスからNATし、物理NICを経由してアクセス
◆flannelの主な役割は2つです。
- etcdを使ってNetwork情報を共有することで、docker0に重複しないSubNetを割り当てる。
- (割り当て済みのSubNetのアドレス帯を共有しているので重複を避けられる)
- 各ホストに仮想NICflannel0を作成。Container間でpacketを送受信する際、docker0と接続されたflannel0がVXLANでpacketのカプセル化・非カプセル化を行う。
Q.openshift-sdn の POD(各ノード sdn POD1台、ovs POD1台)が使えなくなるとどうなる?
(仮説)
・Masterノードの OVS が起動しないとすると、各コアコンポーネントのNW疎通不可、自動POD再作成?→CrashRoopBack?
→実際まあそうなったんだがコアコンポーネント同士の watchdog とかしてるの?
Docker インストール動確 (あまり興味ない)
Dockerインストール
[root@docker-base ~]# rpm -qa | grep docker [root@docker-base ~]# [root@docker-base ~]# curl https://get.docker.com > /tmp/install.sh % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0100 13070 100 13070 0 0 4395 0 0:00:02 0:00:02 --:--:-- 4394 [root@docker-base ~]# [root@docker-base ~]# [root@docker-base ~]# ls -l /tmp 合計 28 -rw-r--r--. 1 root root 2079 3月 28 23:29 _cafenv-appconfig_ -rw-r--r--. 1 root root 13070 3月 28 23:38 install.sh -rwx------. 1 root root 836 12月 12 02:20 ks-script-cdWNAz drwx------. 3 root root 17 12月 12 02:47 systemd-private-42734d56fac844a1a90d2a1dbe29c021-chronyd.service-zgpyje drwx------. 3 root root 17 3月 28 23:29 systemd-private-96d353623e364881ab357ecaccd0b993-chronyd.service-ZwFNT8 drwx------. 3 root root 17 12月 22 01:06 systemd-private-ca8da127f0774de2b14ebe6c2c20e90d-chronyd.service-OSPhF0 drwxr-xr-x. 2 root root 39 12月 12 02:27 vmware-config-16318.0 drwxr-xr-x. 2 root root 31 12月 12 02:28 vmware-fonts-16318.0 drwx------. 2 root root 4096 3月 28 23:29 vmware-root drwxr-xr-x. 9 root root 145 11月 30 2017 vmware-tools-distrib -rw-------. 1 root root 0 12月 12 02:13 yum.log [root@docker-base ~]# [root@docker-base ~]# chmod +x /tmp/install.sh [root@docker-base ~]# [root@docker-base ~]# ls -l /tmp 合計 28 -rw-r--r--. 1 root root 2079 3月 28 23:29 _cafenv-appconfig_ -rwxr-xr-x. 1 root root 13070 3月 28 23:38 install.sh -rwx------. 1 root root 836 12月 12 02:20 ks-script-cdWNAz drwx------. 3 root root 17 12月 12 02:47 systemd-private-42734d56fac844a1a90d2a1dbe29c021-chronyd.service-zgpyje drwx------. 3 root root 17 3月 28 23:29 systemd-private-96d353623e364881ab357ecaccd0b993-chronyd.service-ZwFNT8 drwx------. 3 root root 17 12月 22 01:06 systemd-private-ca8da127f0774de2b14ebe6c2c20e90d-chronyd.service-OSPhF0 drwxr-xr-x. 2 root root 39 12月 12 02:27 vmware-config-16318.0 drwxr-xr-x. 2 root root 31 12月 12 02:28 vmware-fonts-16318.0 drwx------. 2 root root 4096 3月 28 23:29 vmware-root drwxr-xr-x. 9 root root 145 11月 30 2017 vmware-tools-distrib -rw-------. 1 root root 0 12月 12 02:13 yum.log [root@docker-base ~]# [root@docker-base ~]# [root@docker-base ~]# /tmp/install.sh # Executing docker install script, commit: cfba462 + sh -c 'yum install -y -q yum-utils' 警告: RPMDB は yum 以外で変更されました。 + sh -c 'yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo' 読み込んだプラグイン:fastestmirror adding repo from: https://download.docker.com/linux/centos/docker-ce.repo grabbing file https://download.docker.com/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo repo saved to /etc/yum.repos.d/docker-ce.repo + '[' stable '!=' stable ']' + sh -c 'yum makecache' 読み込んだプラグイン:fastestmirror Loading mirror speeds from cached hostfile epel/x86_64/metalink | 6.4 kB 00:00 * base: ftp.riken.jp * epel: ftp.riken.jp * extras: ftp.riken.jp * updates: ftp.riken.jp base | 3.6 kB 00:00 docker-ce-stable | 3.5 kB 00:00 extras | 3.4 kB 00:00 updates | 3.4 kB 00:00 (2/15): base/7/x86_64/othe 0% [ ] 0.0 B/s | 0 B --:-- ETA (2/15): base/7/x86_64/othe 2% [ ] 0.0 B/s | 674 kB --:-- ETA (2/15): base/7/x86_64/othe 10% [=- ] 3.6 MB/s | 2.9 MB 00:06 ETA (2/15): base/7/x86_64/othe 16% [==- ] 3.7 MB/s | 4.7 MB 00:06 ETA (3/15): docker-ce-stable/x 23% [===- ] 3.9 MB/s | 6.5 MB 00:05 ETA (1/15): base/7/x86_64/filelists_db | 7.1 MB 00:04 (4/15): docker-ce-stable/x 33% [===== ] 4.1 MB/s | 9.3 MB 00:04 ETA (2/15): base/7/x86_64/other_db | 2.6 MB 00:04 (3/15): docker-ce-stable/x 34% [=====- ] 3.7 MB/s | 9.7 MB 00:04 ETA (3/15): docker-ce-stable/x86_64/updateinfo | 55 B 00:04 (4/15): docker-ce-stable/x86_64/primary_db | 26 kB 00:00 (5/15): docker-ce-stable/x86_64/other_db | 110 kB 00:00 (6/15): docker-ce-stable/x 38% [====== ] 3.5 MB/s | 11 MB 00:04 ETA (7/15): epel/x86_64/fileli 42% [======- ] 3.1 MB/s | 12 MB 00:05 ETA (7/15): epel/x86_64/fileli 53% [========- ] 3.6 MB/s | 15 MB 00:03 ETA (6/15): docker-ce-stable/x86_64/filelists_db | 13 kB 00:06 (8/15): epel/x86_64/presto 58% [========= ] 3.6 MB/s | 16 MB 00:03 ETA (8/15): epel/x86_64/presto 63% [========== ] 3.7 MB/s | 18 MB 00:02 ETA (7/15): epel/x86_64/fileli 67% [==========- ] 3.7 MB/s | 19 MB 00:02 ETA (7/15): epel/x86_64/fileli 72% [===========- ] 3.7 MB/s | 20 MB 00:02 ETA (7/15): epel/x86_64/filelists_db | 11 MB 00:03 (8/15): epel/x86_64/prestodelta | 981 B 00:03 (9/15): epel/x86_64/other_ 81% [============= ] 3.8 MB/s | 23 MB 00:01 ETA (9/15): extras/7/x86_64/prestodelta | 52 kB 00:00 (11/15): extras/7/x86_64/f 85% [=============- ] 3.8 MB/s | 24 MB 00:01 ETA (10/15): epel/x86_64/other_db | 3.2 MB 00:00 (11/15): updates/7/x86_64/other_db | 456 kB 00:00 (13/15): extras/7/x86_64/o 88% [============== ] 3.7 MB/s | 25 MB 00:00 ETA (12/15): updates/7/x86_64/prestodelta | 477 kB 00:00 (15/15): updates/7/x86_64/ 89% [============== ] 2.5 MB/s | 25 MB 00:01 ETA (13/15): extras/7/x86_64/other_db | 120 kB 00:02 (14/15): extras/7/x86_64/filelists_db | 235 kB 00:02 (15/15): updates/7/x86_64/ 90% [============== ] 1.5 MB/s | 25 MB 00:01 ETA (15/15): updates/7/x86_64/ 92% [==============- ] 1.5 MB/s | 26 MB 00:01 ETA (15/15): updates/7/x86_64/ 97% [===============-] 1.7 MB/s | 27 MB 00:00 ETA (15/15): updates/7/x86_64/filelists_db | 2.6 MB 00:05 メタデータのキャッシュを作成しました + sh -c 'yum install -y -q docker-ce' Delta RPMs disabled because /usr/bin/applydeltarpm not installed. warning: /var/cache/yum/x86_64/7/docker-ce-stable/packages/containerd.io-1.2.5-3.1.el7.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID 621e9f35: NOKEY containerd.io-1.2.5-3.1.el7.x86_64.rpm の公開鍵がインストールされていません Importing GPG key 0x621E9F35: Userid : "Docker Release (CE rpm) <docker@docker.com>" Fingerprint: 060a 61c5 1b55 8a7f 742b 77aa c52f eb6b 621e 9f35 From : https://download.docker.com/linux/centos/gpg If you would like to use Docker as a non-root user, you should now consider adding your user to the "docker" group with something like: sudo usermod -aG docker your-user Remember that you will have to log out and back in for this to take effect! WARNING: Adding a user to the "docker" group will grant the ability to run containers which can be used to obtain root privileges on the docker host. Refer to https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface for more information. ** DOCKER ENGINE - ENTERPRISE ** If you’re ready for production workloads, Docker Engine - Enterprise also includes: * SLA-backed technical support * Extended lifecycle maintenance policy for patches and hotfixes * Access to certified ecosystem content ** Learn more at https://dockr.ly/engine2 ** ACTIVATE your own engine to Docker Engine - Enterprise using: sudo docker engine activate [root@docker-base ~]# [root@docker-base ~]# [root@docker-base ~]# rpm -qa | grep docker docker-ce-cli-18.09.4-3.el7.x86_64 docker-ce-18.09.4-3.el7.x86_64 [root@docker-base ~]# [root@docker-base ~]# [root@docker-base ~]# which docker /usr/bin/docker [root@docker-base ~]# [root@docker-base ~]# systemctl start docker [root@docker-base ~]# [root@docker-base ~]# systemctl status docker ● docker.service - Docker Application Container Engine Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; vendor preset: disabled) Active: active (running) since 木 2019-03-28 23:46:19 JST; 9s ago Docs: https://docs.docker.com Main PID: 7667 (dockerd) Tasks: 10 Memory: 32.0M CGroup: /system.slice/docker.service mq7667 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/cont... 3月 28 23:46:18 docker-base dockerd[7667]: time="2019-03-28T23:46:18.11816...c 3月 28 23:46:18 docker-base dockerd[7667]: time="2019-03-28T23:46:18.11835...c 3月 28 23:46:18 docker-base dockerd[7667]: time="2019-03-28T23:46:18.15833..." 3月 28 23:46:18 docker-base dockerd[7667]: time="2019-03-28T23:46:18.16035..." 3月 28 23:46:18 docker-base dockerd[7667]: time="2019-03-28T23:46:18.69867..." 3月 28 23:46:19 docker-base dockerd[7667]: time="2019-03-28T23:46:19.05211..." 3月 28 23:46:19 docker-base dockerd[7667]: time="2019-03-28T23:46:19.09513...4 3月 28 23:46:19 docker-base dockerd[7667]: time="2019-03-28T23:46:19.09580..." 3月 28 23:46:19 docker-base dockerd[7667]: time="2019-03-28T23:46:19.14785..." 3月 28 23:46:19 docker-base systemd[1]: Started Docker Application Contain.... Hint: Some lines were ellipsized, use -l to show in full. [root@docker-base ~]# [root@docker-base ~]# ps -ef | grep docker root 7667 1 0 23:46 ? 00:00:00 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock root 7817 6979 0 23:47 pts/1 00:00:00 grep --color=auto docker [root@docker-base ~]# [root@docker-base ~]# [root@docker-base ~]# docker --h unknown flag: --h See 'docker --help'. Usage: docker [OPTIONS] COMMAND A self-sufficient runtime for containers Options: --config string Location of client config files (default "/root/.docker") -D, --debug Enable debug mode -H, --host list Daemon socket(s) to connect to -l, --log-level string Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info") --tls Use TLS; implied by --tlsverify --tlscacert string Trust certs signed only by this CA (default "/root/.docker/ca.pem") --tlscert string Path to TLS certificate file (default "/root/.docker/cert.pem") --tlskey string Path to TLS key file (default "/root/.docker/key.pem") --tlsverify Use TLS and verify the remote -v, --version Print version information and quit Management Commands: builder Manage builds checkpoint Manage checkpoints config Manage Docker configs container Manage containers engine Manage the docker engine image Manage images manifest Manage Docker image manifests and manifest lists network Manage networks node Manage Swarm nodes plugin Manage plugins secret Manage Docker secrets service Manage services stack Manage Docker stacks swarm Manage Swarm system Manage Docker trust Manage trust on Docker images volume Manage volumes Commands: attach Attach local standard input, output, and error streams to a running container build Build an image from a Dockerfile commit Create a new image from a container's changes cp Copy files/folders between a container and the local filesystem create Create a new container deploy Deploy a new stack or update an existing stack diff Inspect changes to files or directories on a container's filesystem events Get real time events from the server exec Run a command in a running container export Export a container's filesystem as a tar archive history Show the history of an image images List images import Import the contents from a tarball to create a filesystem image info Display system-wide information inspect Return low-level information on Docker objects kill Kill one or more running containers load Load an image from a tar archive or STDIN login Log in to a Docker registry logout Log out from a Docker registry logs Fetch the logs of a container pause Pause all processes within one or more containers port List port mappings or a specific mapping for the container ps List containers pull Pull an image or a repository from a registry push Push an image or a repository to a registry rename Rename a container restart Restart one or more containers rm Remove one or more containers rmi Remove one or more images run Run a command in a new container save Save one or more images to a tar archive (streamed to STDOUT by default) search Search the Docker Hub for images start Start one or more stopped containers stats Display a live stream of container(s) resource usage statistics stop Stop one or more running containers tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE top Display the running processes of a container unpause Unpause all processes within one or more containers update Update configuration of one or more containers version Show the Docker version information wait Block until one or more containers stop, then print their exit codes Run 'docker COMMAND --help' for more information on a command.
動確
[root@docker-base ~]# [root@docker-base ~]# [root@docker-base ~]# docker container run centos:7 echo "hello world" Unable to find image 'centos:7' locally 7: Pulling from library/centos 8ba884070f61: Pulling fs layer 8ba884070f61: Downloading 539.3kB/75.4MB8ba884070f61: Downloading 1.621MB/75.4MB8ba884070f61: Downloading 2.702MB/75.4MB8ba884070f61: Downloading 3.783MB/75.4MB8ba884070f61: Downloading 4.865MB/75.4MB8ba884070f61: Downloading 5.946MB/75.4MB8ba884070f61: Downloading 6.483MB/75.4MB8ba884070f61: Downloading 7.011MB/75.4MB8ba884070f61: Downloading 8.092MB/75.4MB8ba884070f61: Downloading 9.174MB/75.4MB8ba884070f61: Downloading 10.24MB/75.4MB8ba884070f61: Downloading 11.31MB/75.4MB8ba884070f61: Downloading 11.85MB/75.4MB8ba884070f61: Downloading 12.38MB/75.4MB8ba884070f61: Downloading 12.93MB/75.4MB8ba884070f61: Downloading 13.47MB/75.4MB8ba884070f61: Downloading 14.01MB/75.4MB8ba884070f61: Downloading 14.55MB/75.4MB8ba884070f61: Downloading 15.09MB/75.4MB8ba884070f61: Downloading 15.62MB/75.4MB8ba884070f61: Downloading 16.15MB/75.4MB8ba884070f61: Downloading 16.69MB/75.4MB8ba884070f61: Downloading 17.76MB/75.4MB8ba884070f61: Downloading 18.3MB/75.4MB8ba884070f61: Downloading 18.84MB/75.4MB8ba884070f61: Downloading 19.91MB/75.4MB8ba884070f61: Downloading 20.45MB/75.4MB8ba884070f61: Downloading 21.52MB/75.4MB8ba884070f61: Downloading 22.59MB/75.4MB8ba884070f61: Downloading 23.66MB/75.4MB8ba884070f61: Downloading 24.2MB/75.4MB8ba884070f61: Downloading 24.74MB/75.4MB8ba884070f61: Downloading 25.82MB/75.4MB8ba884070f61: Downloading 26.36MB/75.4MB8ba884070f61: Downloading 26.91MB/75.4MB8ba884070f61: Downloading 27.45MB/75.4MB8ba884070f61: Downloading 27.99MB/75.4MB8ba884070f61: Downloading 28.52MB/75.4MB8ba884070f61: Downloading 29.06MB/75.4MB8ba884070f61: Downloading 29.6MB/75.4MB8ba884070f61: Downloading 30.14MB/75.4MB8ba884070f61: Downloading 30.67MB/75.4MB8ba884070f61: Downloading 31.19MB/75.4MB8ba884070f61: Downloading 31.73MB/75.4MB8ba884070f61: Downloading 32.26MB/75.4MB8ba884070f61: Downloading 32.8MB/75.4MB8ba884070f61: Downloading 33.86MB/75.4MB8ba884070f61: Downloading 34.93MB/75.4MB8ba884070f61: Downloading 36.01MB/75.4MB8ba884070f61: Downloading 37.07MB/75.4MB8ba884070f61: Downloading 38.15MB/75.4MB8ba884070f61: Downloading 39.22MB/75.4MB8ba884070f61: Downloading 39.75MB/75.4MB8ba884070f61: Downloading 40.28MB/75.4MB8ba884070f61: Downloading 40.82MB/75.4MB8ba884070f61: Downloading 41.89MB/75.4MB8ba884070f61: Downloading 42.43MB/75.4MB8ba884070f61: Downloading 43.5MB/75.4MB8ba884070f61: Downloading 44.57MB/75.4MB8ba884070f61: Downloading 45.64MB/75.4MB8ba884070f61: Downloading 46.18MB/75.4MB8ba884070f61: Downloading 46.71MB/75.4MB8ba884070f61: Downloading 47.77MB/75.4MB8ba884070f61: Downloading 48.32MB/75.4MB8ba884070f61: Downloading 48.86MB/75.4MB8ba884070f61: Downloading 49.92MB/75.4MB8ba884070f61: Downloading 50.99MB/75.4MB8ba884070f61: Downloading 52.07MB/75.4MB8ba884070f61: Downloading 53.14MB/75.4MB8ba884070f61: Downloading 53.68MB/75.4MB8ba884070f61: Downloading 54.75MB/75.4MB8ba884070f61: Downloading 55.28MB/75.4MB8ba884070f61: Downloading 56.36MB/75.4MB8ba884070f61: Downloading 56.9MB/75.4MB8ba884070f61: Downloading 57.44MB/75.4MB8ba884070f61: Downloading 57.97MB/75.4MB8ba884070f61: Downloading 58.51MB/75.4MB8ba884070f61: Downloading 59.56MB/75.4MB8ba884070f61: Downloading 60.64MB/75.4MB8ba884070f61: Downloading 61.72MB/75.4MB8ba884070f61: Downloading 62.78MB/75.4MB8ba884070f61: Downloading 63.86MB/75.4MB8ba884070f61: Downloading 64.94MB/75.4MB8ba884070f61: Downloading 66.01MB/75.4MB8ba884070f61: Downloading 67.09MB/75.4MB8ba884070f61: Downloading 67.63MB/75.4MB8ba884070f61: Downloading 68.16MB/75.4MB8ba884070f61: Downloading 69.23MB/75.4MB8ba884070f61: Downloading 69.76MB/75.4MB8ba884070f61: Downloading 70.82MB/75.4MB8ba884070f61: Downloading 71.36MB/75.4MB8ba884070f61: Downloading 71.89MB/75.4MB8ba884070f61: Downloading 72.43MB/75.4MB8ba884070f61: Downloading 72.97MB/75.4MB8ba884070f61: Downloading 73.51MB/75.4MB8ba884070f61: Downloading 74.59MB/75.4MB8ba884070f61: Verifying Checksum 8ba884070f61: Download complete 8ba884070f61: Extracting 557.1kB/75.4MB8ba884070f61: Extracting 1.671MB/75.4MB8ba884070f61: Extracting 2.785MB/75.4MB8ba884070f61: Extracting 3.899MB/75.4MB8ba884070f61: Extracting 5.014MB/75.4MB8ba884070f61: Extracting 6.128MB/75.4MB8ba884070f61: Extracting 7.242MB/75.4MB8ba884070f61: Extracting 8.356MB/75.4MB8ba884070f61: Extracting 9.47MB/75.4MB8ba884070f61: Extracting 10.58MB/75.4MB8ba884070f61: Extracting 11.7MB/75.4MB8ba884070f61: Extracting 12.81MB/75.4MB8ba884070f61: Extracting 13.93MB/75.4MB8ba884070f61: Extracting 15.04MB/75.4MB8ba884070f61: Extracting 16.15MB/75.4MB8ba884070f61: Extracting 17.27MB/75.4MB8ba884070f61: Extracting 18.38MB/75.4MB8ba884070f61: Extracting 18.94MB/75.4MB8ba884070f61: Extracting 20.05MB/75.4MB8ba884070f61: Extracting 21.17MB/75.4MB8ba884070f61: Extracting 22.28MB/75.4MB8ba884070f61: Extracting 23.4MB/75.4MB8ba884070f61: Extracting 24.51MB/75.4MB8ba884070f61: Extracting 25.62MB/75.4MB8ba884070f61: Extracting 26.18MB/75.4MB8ba884070f61: Extracting 27.3MB/75.4MB8ba884070f61: Extracting 28.41MB/75.4MB8ba884070f61: Extracting 29.52MB/75.4MB8ba884070f61: Extracting 30.64MB/75.4MB8ba884070f61: Extracting 32.31MB/75.4MB8ba884070f61: Extracting 33.42MB/75.4MB8ba884070f61: Extracting 34.54MB/75.4MB8ba884070f61: Extracting 35.65MB/75.4MB8ba884070f61: Extracting 36.77MB/75.4MB8ba884070f61: Extracting 37.88MB/75.4MB8ba884070f61: Extracting 38.99MB/75.4MB8ba884070f61: Extracting 40.11MB/75.4MB8ba884070f61: Extracting 41.22MB/75.4MB8ba884070f61: Extracting 42.34MB/75.4MB8ba884070f61: Extracting 43.45MB/75.4MB8ba884070f61: Extracting 44.56MB/75.4MB8ba884070f61: Extracting 45.68MB/75.4MB8ba884070f61: Extracting 46.79MB/75.4MB8ba884070f61: Extracting 47.35MB/75.4MB8ba884070f61: Extracting 48.46MB/75.4MB8ba884070f61: Extracting 49.02MB/75.4MB8ba884070f61: Extracting 49.58MB/75.4MB8ba884070f61: Extracting 50.69MB/75.4MB8ba884070f61: Extracting 51.81MB/75.4MB8ba884070f61: Extracting 52.92MB/75.4MB8ba884070f61: Extracting 54.03MB/75.4MB8ba884070f61: Extracting 54.59MB/75.4MB8ba884070f61: Extracting 55.71MB/75.4MB8ba884070f61: Extracting 56.82MB/75.4MB8ba884070f61: Extracting 57.93MB/75.4MB8ba884070f61: Extracting 59.05MB/75.4MB8ba884070f61: Extracting 60.16MB/75.4MB8ba884070f61: Extracting 61.28MB/75.4MB8ba884070f61: Extracting 62.95MB/75.4MB8ba884070f61: Extracting 64.06MB/75.4MB8ba884070f61: Extracting 65.18MB/75.4MB8ba884070f61: Extracting 65.73MB/75.4MB8ba884070f61: Extracting 66.85MB/75.4MB8ba884070f61: Extracting 67.4MB/75.4MB8ba884070f61: Extracting 67.96MB/75.4MB8ba884070f61: Extracting 69.07MB/75.4MB8ba884070f61: Extracting 69.63MB/75.4MB8ba884070f61: Extracting 70.75MB/75.4MB8ba884070f61: Extracting 71.86MB/75.4MB8ba884070f61: Extracting 72.97MB/75.4MB8ba884070f61: Extracting 74.09MB/75.4MB8ba884070f61: Extracting 75.2MB/75.4MB8ba884070f61: Extracting 75.4MB/75.4MB8ba884070f61: Pull complete Digest: sha256:8d487d68857f5bc9595793279b33d082b03713341ddec91054382641d14db861 Status: Downloaded newer image for centos:7 hello world [root@docker-base ~]# [root@docker-base ~]# [root@docker-base ~]# docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7b0f8665a374 centos:7 "echo 'hello world'" 25 seconds ago Exited (0) 25 seconds ago recursing_mahavira [root@docker-base ~]# [root@docker-base ~]# [root@docker-base ~]# [root@docker-base ~]# [root@docker-base ~]# docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@docker-base ~]# [root@docker-base ~]# [root@docker-base ~]# docker container run -d it centos:7 ping 127.0.0.1 7a1a54860e33597926c8e64a2a9a63b9b0e6d43fc0c24fb9ab4cba3a470da2c6 [root@docker-base ~]# [root@docker-base ~]# [root@docker-base ~]# docker container ls CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7a1a54860e33 centos:7 "ping 127.0.0.1" 13 seconds ago Up 12 seconds agitated_keldysh [root@docker-base ~]# [root@docker-base ~]# docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7a1a54860e33 centos:7 "ping 127.0.0.1" 20 seconds ago Up 19 seconds agitated_keldysh 7b0f8665a374 centos:7 "echo 'hello world'" 2 minutes ago Exited (0) 2 minutes ago recursing_mahavira [root@docker-base ~]# [root@docker-base ~]# ps -ef | grep 127.0 root 8075 8056 0 23:51 pts/0 00:00:00 ping 127.0.0.1 root 8129 6979 0 23:52 pts/1 00:00:00 grep --color=auto 127.0 [root@docker-base ~]# [root@docker-base ~]# docker container attach 7a1a54860e33597926c8e64a2a9a63b9b0 e6d43fc0c24fb9ab4cba3a470da2c6 64 bytes from 127.0.0.1: icmp_seq=119 ttl=64 time=0.058 ms 64 bytes from 127.0.0.1: icmp_seq=120 ttl=64 time=0.127 ms 64 bytes from 127.0.0.1: icmp_seq=121 ttl=64 time=0.125 ms 64 bytes from 127.0.0.1: icmp_seq=122 ttl=64 time=0.073 ms 64 bytes from 127.0.0.1: icmp_seq=123 ttl=64 time=0.130 ms 64 bytes from 127.0.0.1: icmp_seq=124 ttl=64 time=0.060 ms 64 bytes from 127.0.0.1: icmp_seq=125 ttl=64 time=0.052 ms 64 bytes from 127.0.0.1: icmp_seq=126 ttl=64 time=0.076 ms 64 bytes from 127.0.0.1: icmp_seq=127 ttl=64 time=0.131 ms 64 bytes from 127.0.0.1: icmp_seq=128 ttl=64 time=0.123 ms 64 bytes from 127.0.0.1: icmp_seq=129 ttl=64 time=0.132 ms 64 bytes from 127.0.0.1: icmp_seq=130 ttl=64 time=0.202 ms read escape sequence [root@docker-base ~]# [root@docker-base ~]# [root@docker-base ~]# [root@docker-base ~]# docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7a1a54860e33 centos:7 "ping 127.0.0.1" 2 minutes ago Up 2 minutes agitated_keldysh 7b0f8665a374 centos:7 "echo 'hello world'" 4 minutes ago Exited (0) 4 minutes ago recursing_mahavira [root@docker-base ~]# [root@docker-base ~]# [root@docker-base ~]# [root@docker-base ~]# [root@docker-base ~]# [root@docker-base ~]# [root@docker-base ~]# docker container ls -aattach 7a1a54860e33597926c8e64a2a9a63b9b0ee6d43fc0c24fb9ab4cba3a470da2c6 64 bytes from 127.0.0.1: icmp_seq=168 ttl=64 time=0.050 ms 64 bytes from 127.0.0.1: icmp_seq=169 ttl=64 time=0.120 ms 64 bytes from 127.0.0.1: icmp_seq=170 ttl=64 time=0.053 ms 64 bytes from 127.0.0.1: icmp_seq=171 ttl=64 time=0.116 ms 64 bytes from 127.0.0.1: icmp_seq=172 ttl=64 time=0.122 ms 64 bytes from 127.0.0.1: icmp_seq=173 ttl=64 time=0.129 ms ^C --- 127.0.0.1 ping statistics --- 173 packets transmitted, 173 received, 0% packet loss, time 172081ms rtt min/avg/max/mdev = 0.044/0.106/1.786/0.136 ms [root@docker-base ~]# [root@docker-base ~]# [root@docker-base ~]# [root@docker-base ~]# [root@docker-base ~]# docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7a1a54860e33 centos:7 "ping 127.0.0.1" 2 minutes ago Exited (0) 4 seconds ago agitated_keldysh 7b0f8665a374 centos:7 "echo 'hello world'" 4 minutes ago Exited (0) 4 minutes ago recursing_mahavira [root@docker-base ~]# [root@docker-base ~]# [root@docker-base ~]# docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@docker-base ~]# [root@docker-base ~]# [root@docker-base ~]# ps -ef | grep 127.0 root 8269 6979 0 23:55 pts/1 00:00:00 grep --color=auto 127.0 [root@docker-base ~]# [root@docker-base ~]# [root@docker-base ~]# docker image ls REPOSITORY TAG IMAGE ID CREATED SIZE centos 7 9f38484d220f 13 days ago 202MB [root@docker-base ~]# [root@docker-base ~]# docker container ls CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES [root@docker-base ~]# [root@docker-base ~]# docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7a1a54860e33 centos:7 "ping 127.0.0.1" 4 minutes ago Exited (0) 2 minutes ago agitated_keldysh 7b0f8665a374 centos:7 "echo 'hello world'" 6 minutes ago Exited (0) 6 minutes ago recursing_mahavira [root@docker-base ~]#
Ansible に触れる(専門外)
【鍵作成】 [ansible@ansible ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/ansible/.ssh/id_rsa): Created directory '/home/ansible/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ansible/.ssh/id_rsa. Your public key has been saved in /home/ansible/.ssh/id_rsa.pub. The key fingerprint is: SHA256:h8cD7fk0UEg+hyG4115mJur8KntpRIubYbKGosa7MOI ansible@ansible The key's randomart image is: +---[RSA 2048]----+ | ...o.. | | . +.+ | | ...* . | | . o=o== | | +S+B*o | | . + +o.+ . | |= . + B . . | |=+. o + * | |+Eo. .=.o. | +----[SHA256]-----+ [ansible@ansible ~]$ [ansible@ansible ~]$ [ansible@ansible ~]$
【インベントリファイル作成】 [ansible@ansible ~]$ cat target [node] 192.168.249.110 192.168.249.111 192.168.249.112 [ansible@ansible ~]$
【公開鍵配布】 [ansible@ansible ~]$ for i in `cat target | grep -v node` ; do ssh-copy-id -o StrictHostKeyChecking=no -i $HOME/.ssh/id_rsa.pub $i ; done /bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/ansible/.ssh/id_rsa.pub" /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys ansible@192.168.249.110's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh -o 'StrictHostKeyChecking=no' '192.168.249.110'" and check to make sure that only the key(s) you wanted were added. /bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/ansible/.ssh/id_rsa.pub" /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys ansible@192.168.249.111's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh -o 'StrictHostKeyChecking=no' '192.168.249.111'" and check to make sure that only the key(s) you wanted were added. /bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/ansible/.ssh/id_rsa.pub" /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys ansible@192.168.249.112's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh -o 'StrictHostKeyChecking=no' '192.168.249.112'" and check to make sure that only the key(s) you wanted were added. [ansible@ansible ~]$
【sshログイン確認】 [ansible@ansible ~]$ for i in `cat target | grep -v node` ; do ssh $i ; done Last failed login: Sat Dec 22 02:54:22 JST 2018 from 192.168.249.106 on ssh:notty There was 1 failed login attempt since the last successful login. Last login: Sat Dec 22 00:40:12 2018 [ansible@target1 ~]$ exit ログアウト Connection to 192.168.249.110 closed. Last login: Sat Dec 22 00:40:12 2018 [ansible@target2 ~]$ exit ログアウト Connection to 192.168.249.111 closed. Last login: Sat Dec 22 00:40:12 2018 [ansible@target3 ~]$ exit ログアウト Connection to 192.168.249.112 closed. [ansible@ansible ~]$ [ansible@ansible ~]$
【Playbook作成(ping)】 [ansible@ansible ~]$ cat ping_playbook.yaml - hosts: node # 対象ターゲットノードを指定する tasks: #実行するtaskを指定する - name: ping check ping: [ansible@ansible ~]$ 【Playbookの実行】 [ansible@ansible ~]$ ansible-playbook ping_playbook.yaml -i target PLAY [node] ******************************************************************************************** TASK [Gathering Facts] ********************************************************************************* ok: [192.168.249.110] ok: [192.168.249.112] ok: [192.168.249.111] TASK [ping check] ************************************************************************************** ok: [192.168.249.111] ok: [192.168.249.110] ok: [192.168.249.112] PLAY RECAP ********************************************************************************************* 192.168.249.110 : ok=2 changed=0 unreachable=0 failed=0 192.168.249.111 : ok=2 changed=0 unreachable=0 failed=0 192.168.249.112 : ok=2 changed=0 unreachable=0 failed=0 [ansible@ansible ~]$ [ansible@ansible ~]$
Ansible に触れる(初日)
全く無知ってのもあれなので完全未経験者がどんなものかっていう触りだけ
yum で ansible をインストールした後、公開鍵設定後、早速
[root@ansible_base work]# ls createfile.yaml hosts shell1.yaml test_01.py hostall remote.yaml test_01.json [root@ansible_base work]# [root@ansible_base work]# cat hosts [master] 192.168.249.104 [node] 192.168.249.105 [root@ansible_base work]# [root@ansible_base work]# cat shell1.yaml - hosts: node #対象ホストを指定する。 tasks: #実行するtaskを指定する。 - name: Execute the command in remote shell. shell: hostname register: result - debug: var: result [root@ansible_base work]# [root@ansible_base work]# ansible-playbook shell1.yaml -i hosts PLAY [node] ******************************************************************** TASK [Gathering Facts] ********************************************************* ok: [192.168.249.105] TASK [Execute the command in remote shell.] ************************************ changed: [192.168.249.105] TASK [debug] ******************************************************************* ok: [192.168.249.105] => { "result": { "changed": true, "cmd": "hostname", "delta": "0:00:00.004091", "end": "2018-10-27 07:11:17.098956", "failed": false, "rc": 0, "start": "2018-10-27 07:11:17.094865", "stderr": "", "stderr_lines": [], "stdout": "remote", "stdout_lines": [ "remote" ] } } PLAY RECAP ********************************************************************* 192.168.249.105 : ok=3 changed=1 unreachable=0 failed=0 [root@ansible_base work]#
取り出したかったもの
"stdout": "remote",
実行と戻り値分岐は便利そう、ただのデータ取得には整形が大変そう(初日の感想)
調べてみる
VDI基盤バージョンアップ
Win10 ver をあげるにあたり、関連コンポーネントのバージョンアップを行う
[NSX]
・NSX Manager
(・NSX Controller)
・NSX Edge
[Deep]
・DSM ( DSVA )
Deep Security Managerの複数ノードとしての実行 | Deep Security
http://files.trendmicro.com/jp/ucmodule/tmds/doc/ds11_upgradeguide_dsva.pdf
Deep Security Managerの複数ノードとしての実行
Deep Security Managerは、1個のデータベースを使用して同時に動作する、複数のノードとして実行することができます。Managerの複数ノードとしての実行すると、信頼性の向上、冗長化された可用性、事実上無制限のスケーラビリティ、パフォーマンスの強化が実現します。
各ノードが、すべてのタスクを実行することができます。また、他のノードより重要なノードはありません。ユーザは、任意のノードにログオンしてタスクを実行できます。いずれかのノードでエラーが発生しても、タスクが実行されないという状況にはなりません。同様に、いずれかのノードでエラーが発生しても、データが失われることはありません。
各ノードは、同じバージョンのManagerソフトウェアを実行している必要があります。Managerソフトウェアのアップグレードを実行すると、最初にアップグレードされるManagerが、すべてのDeep Security Managerのタスクを引き継ぎ、他のすべてのDeep Security Managerノードをシャットダウンします。シャットダウンされたManagerノードは、[システム情報] 画面にある [システムのアクティビティ] パネルの [アクティビティグラフ付きネットワークマップ] で「オフライン」と表示され、アップグレードが必要であることが示されます。その他のManagerノードに対してアップグレードが実行されると、それらのManagerノードは再びオンラインになり、Managerタスクの共有が開始されます。
[View]
・CS
・Composer
[基盤]
・vCSA
・vDP
vCSA(vCenter Appliance)6.5 のバージョンアップ手順をメモ代わりに記載します。 - VMware製品はこう使うのよ。
[How to upgrade VDP] vSphere Data Protection5.8のアップデート方法(とその他)
[DB]
・SQL Server 2014
SQL Server 2014 へのアップグレードインストール
rundeck 導入
手順
[参考にした大元のURL]
qiita.com
認証エラーに苦しめられる
ジョブ実行成功 (実行コマンドは date >> /home/naoki/a.txt )
つまづいた点
(1) service rundeckd start に成功しているのに、GUI に出てこない
status を見ると、
rundeckd が停止していますがPIDファイルが残っています
⇒ rm /var/run/rundeckd.pid
rundeckd は停止していますがサブシステムがロックされています
⇒ rm /var/lock/subsys/rundeckd
しかしながら、起動できない。
/var/log/rundeck/service.log を 見ると、以下の繰り返し
Error: Could not create the Java Virtual Machine. Error: A fatal exception has occurred. Program will exit. Unrecognized VM option 'MaxMetaspaceSize=256m'
javaパスは通っていることを確認しているのでどうやら、java 7 じゃなくて、8 入れたらさっくり解決
(2) RSH で パスワードを聞いてくる(通常の公開鍵登録だけだとパスワードを聞いてくる)
⇒接続先サーバ側で rundeck ユーザを生成して今回は回避
↓ 参考にはなったが、この方法(root)ではRSHできなかった
Blue21: [CentOS7][Rundeck] ノードを追加する
↓ 解せない(RSH鯖にrundescユーザを作成する必要がある)が今回はこちらで実施
ジョブスケジューラ「Rundeck」を試してみる | Developers.IO
恐らくデフォルトが rundeck になってるから、どっかのファイルをいじれば root でいけると思われるが
今回はそこまで調査しない
(3) ノードの登録が、CLI から手動で入れた点
⇒対象プロジェクトのノードを追加する方法が、GUIから出来ない←致命的では?
課題/不明点
(1) 接続先サーバに、rundeckユーザをわざわざ追加して、鍵を登録させたくない(=rootで出来るようにしたい)
(2) ノードの追加方法は本当にCLIからしか出来ないのか
所感
やり方さえ確立してしまえば、各サーバにばらばらに仕込んでる cron を一元化できそう
無償版ESXi で 仮想マシンをクローンじみたことがしたい
方法①
https://i-think-it.net/esxi6-virtual-machine-copy-how-to/
代替案(試したこと)
ESXi 上から 単純にコピー
6.7(6.5) になってから vSphere Clientが使えなくなり、HostClientを使用する必要があるため
若干、方法①の方法では出来ない。。。
↓ こっちのほうが楽かも。。。
①クローン元をパワーオフ(出来れば元となるVMはコピー用で落としっぱがのぞましい)
➁cp -p クローン元フォルダ/* 新規VM名フォルダ/
➂新規VM名フォルダに移動し、vmx 内 の "displayName" を新規VM名に変更
④HostClient の、仮想マシンでもデータストアでもどっちでもいいが、vmx を登録
⑤新規VMパワーオン、「コピーしました」を選択
⑥ゲストOS上の設定は下記見直しが必要
⑦ /etc/sysconfig/networ-script/ifcfg-ensXX を編集
(編集) UUID="<新規MAXアドレス>"
⑧新規VMを再起動、正常性確認OK
↓ 不要だと思われる(あってもいいけど)
ex1. /etc/udev/rules.d/70-persistent-net.rules を作る
→ MACアドレスと、ifconfig -a 結果のデバイス名(ensXX 等) 設定
SUBSYSTEM=="net",ACTION=="add",ATTR{address}=="00:0c:29:0b:3b:96",NAME="ens192"
ex2. /etc/sysconfig/network
→ コンピュータ名変更
ex3. IPアドレスの設定など
[root@secondseason:/vmfs/volumes/5b2bedd5-dc932e4d-5e88-000c29f1af2e] ls -ltr total 1049728 drwxr-xr-x 1 root root 73728 Jun 21 18:29 media -rw------- 1 root root 1073741824 Jun 23 19:23 sysSwap-ds-5b25791b-9b81-f63a-eb24-000c29f1af2e.swp drwxr-xr-x 1 root root 77824 Oct 25 15:52 ansible_base drwxr-xr-x 1 root root 77824 Oct 26 16:06 base_cent6 drwxr-xr-x 1 root root 77824 Oct 26 16:16 remote drwxr-xr-x 1 root root 77824 Oct 26 17:04 pxe_server1 drwxr-xr-x 1 root root 77824 Oct 26 17:04 ModSecurity2 drwxr-xr-x 1 root root 77824 Oct 26 17:04 naoki_cent6.5-1 ←★★★★★★★★★ drwxr-xr-x 1 root root 77824 Oct 26 19:25 openstack drwxr-xr-x 1 root root 77824 Oct 26 19:25 naoki_cent6.5_2 [root@secondseason:/vmfs/volumes/5b2bedd5-dc932e4d-5e88-000c29f1af2e] [root@secondseason:/vmfs/volumes/5b2bedd5-dc932e4d-5e88-000c29f1af2e] cp -rp naoki_cent6.5-1/ openstack/ [root@secondseason:/vmfs/volumes/5b2bedd5-dc932e4d-5e88-000c29f1af2e] [root@secondseason:/vmfs/volumes/5b2bedd5-dc932e4d-5e88-000c29f1af2e] cd openstack/ [root@secondseason:/vmfs/volumes/5b2bedd5-dc932e4d-5e88-000c29f1af2e/openstack] ls -ltr total 19106880 -rw------- 1 root root 3225 Oct 26 19:10 naoki_cent6.5-1.vmxf -rw------- 1 root root 43 Oct 26 19:10 naoki_cent6.5-1.vmsd -rw------- 1 root root 13 Oct 26 19:10 naoki_cent6.5-1-aux.xml -rw------- 1 root root 277417 Oct 26 19:10 vmware-9.log -rw------- 1 root root 242168 Oct 26 19:10 vmware-8.log -rw------- 1 root root 221492 Oct 26 19:10 vmware-13.log -rw------- 1 root root 221494 Oct 26 19:10 vmware-12.log -rw------- 1 root root 276623 Oct 26 19:10 vmware-10.log -rw------- 1 root root 256675 Oct 26 19:19 vmware-11.log -rw------- 1 root root 8684 Oct 26 19:19 naoki_cent6.5-1.nvram -rw------- 1 root root 115343360 Oct 26 19:20 vmx-naoki_cent6.5-1-216206287-1.vswp -rw------- 1 root root 115343360 Oct 26 19:24 vmx-naoki_cent6.5-1-3294693955-1.vswp -rw------- 1 root root 0 Oct 26 19:24 naoki_cent6.5-1.vmx.lck -rw------- 1 root root 2147483648 Oct 26 19:24 naoki_cent6.5-1-c4610a43.vswp -rw------- 1 root root 3465 Oct 26 19:24 naoki_cent6.5-1.vmx~ -rw------- 1 root root 3550 Oct 26 19:24 naoki_cent6.5-1.vmx -rw------- 1 root root 509 Oct 26 19:25 naoki_cent6.5-1.vmdk -rw------- 1 root root 196159 Oct 26 19:53 vmware.log -rw------- 1 root root 17179869184 Oct 26 22:47 naoki_cent6.5-1-flat.vmdk [root@secondseason:/vmfs/volumes/5b2bedd5-dc932e4d-5e88-000c29f1af2e/openstack] [root@secondseason:/vmfs/volumes/5b2bedd5-dc932e4d-5e88-000c29f1af2e/openstack] cat naoki_cent6.5-1.vmx | grep display displayName = "openstack" ←★ [root@secondseason:/vmfs/volumes/5b2bedd5-dc932e4d-5e88-000c29f1af2e/openstack]
splunk twitter API 連携
わたしも!
splunk ログインまで
ログインでつまづいた
Why can't I login for first time in Splunk?
マニュアル
https://docs.splunk.com/images/8/88/Splunk-7.0.0-Admin-ja_JP.pdf
admin の設定の変更が必要
- admin でのログインを許可
/opt/splunk/etc/system/default/server.conf
#allowRemoteLogin=requireSetPassword allowRemoteLogin=Always
- admin 初期パスワード(admin:changeme)から変更が必須
splunk edit user admin -password <NEW PASSWORD> -role admin -auth admin:changeme
splunk start で、ログインでけた
splunk インスコまで
https://www.splunk.com/ja_jp/download/splunk-enterprise.html
「オペレーティングシステムを選択しダウンロードを開始」の項目にある「Linux」をクリックします。
Disk増設(500GBボリューム追加)
[root@naoki_6-5_1 ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/vg_naoki6-lv_root 14G 2.4G 11G 19% / tmpfs 939M 0 939M 0% /dev/shm /dev/sda1 477M 65M 387M 15% /boot [root@naoki_6-5_1 ~]# [root@naoki_6-5_1 ~]# fdisk -l ディスク /dev/sda: 17.2 GB, 17179869184 バイト ヘッド 64, セクタ 32, シリンダ 16384 Units = シリンダ数 of 2048 * 512 = 1048576 バイト セクタサイズ (論理 / 物理): 512 バイト / 512 バイト I/O size (minimum/optimal): 512 bytes / 512 bytes ディスク識別子: 0x0000bb2c デバイス ブート 始点 終点 ブロック Id システム /dev/sda1 * 2 501 512000 83 Linux パーティション 1 は、シリンダ境界で終わっていません。 /dev/sda2 502 16384 16264192 8e Linux LVM パーティション 2 は、シリンダ境界で終わっていません。 ディスク /dev/sdb: 536.9 GB, 536870912000 バイト ヘッド 255, セクタ 63, シリンダ 65270 Units = シリンダ数 of 16065 * 512 = 8225280 バイト セクタサイズ (論理 / 物理): 512 バイト / 512 バイト I/O size (minimum/optimal): 512 bytes / 512 bytes ディスク識別子: 0xcbfad416 デバイス ブート 始点 終点 ブロック Id システム /dev/sdb3 1 65270 524281243+ 5 拡張領域 /dev/sdb5 1 65270 524281212 83 Linux ディスク /dev/mapper/vg_naoki6-lv_root: 14.9 GB, 14935916544 バイト ヘッド 255, セクタ 63, シリンダ 1815 Units = シリンダ数 of 16065 * 512 = 8225280 バイト セクタサイズ (論理 / 物理): 512 バイト / 512 バイト I/O size (minimum/optimal): 512 bytes / 512 bytes ディスク識別子: 0x00000000 ディスク /dev/mapper/vg_naoki6-lv_swap: 1715 MB, 1715470336 バイト ヘッド 255, セクタ 63, シリンダ 208 Units = シリンダ数 of 16065 * 512 = 8225280 バイト セクタサイズ (論理 / 物理): 512 バイト / 512 バイト I/O size (minimum/optimal): 512 bytes / 512 bytes ディスク識別子: 0x00000000 [root@naoki_6-5_1 ~]# [root@naoki_6-5_1 ~]# pvcreate /dev/sdb5 Physical volume "/dev/sdb5" successfully created [root@naoki_6-5_1 ~]# [root@naoki_6-5_1 ~]# [root@naoki_6-5_1 ~]# [root@naoki_6-5_1 ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/vg_naoki6-lv_root 14G 2.4G 11G 19% / tmpfs 939M 0 939M 0% /dev/shm /dev/sda1 477M 65M 387M 15% /boot [root@naoki_6-5_1 ~]# [root@naoki_6-5_1 ~]# [root@naoki_6-5_1 ~]# mkdir /data [root@naoki_6-5_1 ~]# [root@naoki_6-5_1 ~]# [root@naoki_6-5_1 ~]# pvdisplay --- Physical volume --- PV Name /dev/sda2 VG Name vg_naoki6 PV Size 15.51 GiB / not usable 3.00 MiB Allocatable yes (but full) PE Size 4.00 MiB Total PE 3970 Free PE 0 Allocated PE 3970 PV UUID 3jeMzz-WRT1-E98O-f49k-xsGJ-RqBZ-vWCoJU "/dev/sdb5" is a new physical volume of "499.99 GiB" --- NEW Physical volume --- PV Name /dev/sdb5 VG Name PV Size 499.99 GiB Allocatable NO PE Size 0 Total PE 0 Free PE 0 Allocated PE 0 PV UUID bBtXyN-giSZ-fxPq-6pQB-t77m-Z21S-LIdiDD [root@naoki_6-5_1 ~]# [root@naoki_6-5_1 ~]# vgcreate vg_naoki7 /dev/sdb5 Volume group "vg_naoki7" successfully created [root@naoki_6-5_1 ~]# [root@naoki_6-5_1 ~]# vgdisplay --- Volume group --- VG Name vg_naoki7 System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 1 VG Access read/write VG Status resizable MAX LV 0 Cur LV 0 Open LV 0 Max PV 0 Cur PV 1 Act PV 1 VG Size 499.99 GiB PE Size 4.00 MiB Total PE 127998 Alloc PE / Size 0 / 0 Free PE / Size 127998 / 499.99 GiB VG UUID nZjfE1-NQ5Z-hmGd-7uQX-Gb2X-pAGU-QkFFfx --- Volume group --- VG Name vg_naoki6 System ID Format lvm2 Metadata Areas 1 Metadata Sequence No 3 VG Access read/write VG Status resizable MAX LV 0 Cur LV 2 Open LV 2 Max PV 0 Cur PV 1 Act PV 1 VG Size 15.51 GiB PE Size 4.00 MiB Total PE 3970 Alloc PE / Size 3970 / 15.51 GiB Free PE / Size 0 / 0 VG UUID aAS1l1-3d2r-w7Pz-gWKN-ql8C-wxQg-aWm74f [root@naoki_6-5_1 ~]# [root@naoki_6-5_1 ~]# pvdisplay --- Physical volume --- PV Name /dev/sdb5 VG Name vg_naoki7 PV Size 499.99 GiB / not usable 1.37 MiB Allocatable yes PE Size 4.00 MiB Total PE 127998 Free PE 127998 Allocated PE 0 PV UUID bBtXyN-giSZ-fxPq-6pQB-t77m-Z21S-LIdiDD --- Physical volume --- PV Name /dev/sda2 VG Name vg_naoki6 PV Size 15.51 GiB / not usable 3.00 MiB Allocatable yes (but full) PE Size 4.00 MiB Total PE 3970 Free PE 0 Allocated PE 3970 PV UUID 3jeMzz-WRT1-E98O-f49k-xsGJ-RqBZ-vWCoJU [root@naoki_6-5_1 ~]# [root@naoki_6-5_1 ~]# mount /dev/sdb5 /data mount: 未知のファイルシステムタイプ 'LVM2_member' [root@naoki_6-5_1 ~]# [root@naoki_6-5_1 ~]# [root@naoki_6-5_1 ~]# lvdisplay --- Logical volume --- LV Path /dev/vg_naoki6/lv_root LV Name lv_root VG Name vg_naoki6 LV UUID McM2c1-chU4-Ij1L-aSpM-3ygf-N63X-CTPJe9 LV Write Access read/write LV Creation host, time naoki6.5, 2018-06-22 03:37:42 +0900 LV Status available # open 1 LV Size 13.91 GiB Current LE 3561 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 256 Block device 253:0 --- Logical volume --- LV Path /dev/vg_naoki6/lv_swap LV Name lv_swap VG Name vg_naoki6 LV UUID 66y37p-nPzf-CcnO-TyIK-mN9C-0AdY-2MdVxT LV Write Access read/write LV Creation host, time naoki6.5, 2018-06-22 03:37:45 +0900 LV Status available # open 1 LV Size 1.60 GiB Current LE 409 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 256 Block device 253:1 [root@naoki_6-5_1 ~]# [root@naoki_6-5_1 ~]# lvcreate -l 100%FREE -n lv_root2 vg_naoki7 Logical volume "lv_root2" created. [root@naoki_6-5_1 ~]# [root@naoki_6-5_1 ~]# lvdisplay --- Logical volume --- LV Path /dev/vg_naoki7/lv_root2 LV Name lv_root2 VG Name vg_naoki7 LV UUID 0dhhcM-Eycl-Gjx0-sNqa-PuPp-28CD-kbNc66 LV Write Access read/write LV Creation host, time naoki_6-5_1, 2018-06-30 03:34:07 +0900 LV Status available # open 0 LV Size 499.99 GiB Current LE 127998 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 256 Block device 253:2 --- Logical volume --- LV Path /dev/vg_naoki6/lv_root LV Name lv_root VG Name vg_naoki6 LV UUID McM2c1-chU4-Ij1L-aSpM-3ygf-N63X-CTPJe9 LV Write Access read/write LV Creation host, time naoki6.5, 2018-06-22 03:37:42 +0900 LV Status available # open 1 LV Size 13.91 GiB Current LE 3561 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 256 Block device 253:0 --- Logical volume --- LV Path /dev/vg_naoki6/lv_swap LV Name lv_swap VG Name vg_naoki6 LV UUID 66y37p-nPzf-CcnO-TyIK-mN9C-0AdY-2MdVxT LV Write Access read/write LV Creation host, time naoki6.5, 2018-06-22 03:37:45 +0900 LV Status available # open 1 LV Size 1.60 GiB Current LE 409 Segments 1 Allocation inherit Read ahead sectors auto - currently set to 256 Block device 253:1 [root@naoki_6-5_1 ~]# [root@naoki_6-5_1 ~]# mkfs -t ext3 /dev/vg_naoki7/lv_root2 mke2fs 1.41.12 (17-May-2010) Filesystem label= OS type: Linux Block size=4096 (log=2) Fragment size=4096 (log=2) Stride=0 blocks, Stripe width=0 blocks 32768000 inodes, 131069952 blocks 6553497 blocks (5.00%) reserved for the super user First data block=0 Maximum filesystem blocks=4294967296 4000 block groups 32768 blocks per group, 32768 fragments per group 8192 inodes per group Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968, 102400000 Writing inode tables: done Creating journal (32768 blocks): done Writing superblocks and filesystem accounting information: done This filesystem will be automatically checked every 37 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override. [root@naoki_6-5_1 ~]# [root@naoki_6-5_1 ~]# mount /dev/vg_naoki7/lv_root2 /data [root@naoki_6-5_1 ~]# [root@naoki_6-5_1 ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/vg_naoki6-lv_root 14G 2.4G 11G 19% / tmpfs 939M 0 939M 0% /dev/shm /dev/sda1 477M 65M 387M 15% /boot /dev/mapper/vg_naoki7-lv_root2 493G 198M 467G 1% /data [root@naoki_6-5_1 ~]# [root@naoki_6-5_1 ~]#
DLした、splunk~.rpmを SCP で送る
[root@naoki_6-5_1 ~]# ll 合計 257964 -rw-------. 1 root root 1435 6月 22 03:43 2018 anaconda-ks.cfg -rw-r--r--. 1 root root 36519 6月 22 03:43 2018 install.log -rw-r--r--. 1 root root 7764 6月 22 03:42 2018 install.log.syslog -rw-r--r--. 1 root root 264099386 6月 30 02:32 2018 splunk-7.1.1-8f0ead9ec3db-linux-2.6-x86_64.rpm [root@naoki_6-5_1 ~]# mv splunk-7.1.1-8f0ead9ec3db-linux-2.6-x86_64.rpm /data [root@naoki_6-5_1 ~]# [root@naoki_6-5_1 ~]# cd /data [root@naoki_6-5_1 data]# ls lost+found splunk-7.1.1-8f0ead9ec3db-linux-2.6-x86_64.rpm [root@naoki_6-5_1 data]# [root@naoki_6-5_1 data]# mkdir splunk [root@naoki_6-5_1 data]# [root@naoki_6-5_1 data]# mv splunk-7.1.1-8f0ead9ec3db-linux-2.6-x86_64.rpm splunk/ [root@naoki_6-5_1 data]# cd splunk/ [root@naoki_6-5_1 splunk]# ls splunk-7.1.1-8f0ead9ec3db-linux-2.6-x86_64.rpm [root@naoki_6-5_1 splunk]# [root@naoki_6-5_1 splunk]# [root@naoki_6-5_1 splunk]# yum install splunk-7.1.1-8f0ead9ec3db-linux-2.6-x86_64.rp 読み込んだプラグイン:fastestmirror, security インストール処理の設定をしています Loading mirror speeds from cached hostfile * base: ftp-srv2.kddilabs.jp * extras: ftp-srv2.kddilabs.jp * updates: ftp-srv2.kddilabs.jp パッケージ splunk-7.1.1-8f0ead9ec3db-linux-2.6-x86_64.rp は利用できません。 エラー: 何もしません [root@naoki_6-5_1 splunk]# [root@naoki_6-5_1 splunk]# yum install splunk-7.1.1-8f0ead9ec3db-linux-2.6-x86_64.rpm 読み込んだプラグイン:fastestmirror, security インストール処理の設定をしています splunk-7.1.1-8f0ead9ec3db-linux-2.6-x86_64.rpm を調べています: splunk-7.1.1-8f0ead9ec3db.x86_64 splunk-7.1.1-8f0ead9ec3db-linux-2.6-x86_64.rpm をインストール済みとして設定して います Loading mirror speeds from cached hostfile * base: ftp-srv2.kddilabs.jp * extras: ftp-srv2.kddilabs.jp * updates: ftp-srv2.kddilabs.jp 依存性の解決をしています --> トランザクションの確認を実行しています。 ---> Package splunk.x86_64 0:7.1.1-8f0ead9ec3db will be インストール --> 依存性解決を終了しました。 依存性を解決しました ================================================================================ パッケージ アーキテクチャ バージョン リポジトリー 容量 ================================================================================ インストールしています: splunk x86_64 7.1.1-8f0ead9ec3db /splunk-7.1.1-8f0ead9ec3db-linux-2.6-x86_64 630 M トランザクションの要約 ================================================================================ インストール 1 パッケージ 合計容量: 630 M インストール済み容量: 630 M これでいいですか? [y/N]y パッケージをダウンロードしています: rpm_check_debug を実行しています トランザクションのテストを実行しています トランザクションのテストを成功しました トランザクションを実行しています インストールしています : splunk-7.1.1-8f0ead9ec3db.x86_64 1/1 complete Verifying : splunk-7.1.1-8f0ead9ec3db.x86_64 1/1 インストール: splunk.x86_64 0:7.1.1-8f0ead9ec3db 完了しました! [root@naoki_6-5_1 splunk]# [root@naoki_6-5_1 splunk]# [root@naoki_6-5_1 splunk]# find / -name splunk /data/splunk /opt/splunk /opt/splunk/bin/splunk /opt/splunk/share/splunk /opt/splunk/share/splunk/search_mrsparkle/exposed/img/splunk /opt/splunk/share/splunk/search_mrsparkle/exposed/js/splunk /opt/splunk/lib/python2.7/site-packages/splunk /var/spool/mail/splunk [root@naoki_6-5_1 splunk]# [root@naoki_6-5_1 splunk]# [root@naoki_6-5_1 splunk]# ls /opt/splunk/ README-splunk.txt lib bin license-eula.txt copyright.txt openssl etc share ftr splunk-7.1.1-8f0ead9ec3db-linux-2.6-x86_64-manifest include [root@naoki_6-5_1 splunk]# [root@naoki_6-5_1 splunk]# /opt/splunk/bin/splunk start SPLUNK SOFTWARE LICENSE AGREEMENT THIS SPLUNK SOFTWARE LICENSE AGREEMENT ("AGREEMENT") GOVERNS THE LICENSING, INSTALLATION AND USE OF SPLUNK SOFTWARE. BY DOWNLOADING AND/OR INSTALLING SPLUNK SOFTWARE: (A) YOU ARE INDICATING THAT YOU HAVE READ AND UNDERSTAND THIS AGREEMENT, AND AGREE TO BE LEGALLY BOUND BY IT ON BEHALF OF THE COMPANY, GOVERNMENT, OR OTHER ENTITY FOR WHICH YOU ARE ACTING (FOR EXAMPLE, AS AN EMPLOYEE OR GOVERNMENT OFFICIAL) OR, IF THERE IS NO COMPANY, GOVERNMENT OR OTHER ENTITY FOR WHICH YOU ARE ACTING, ON BEHALF OF YOURSELF AS AN INDIVIDUAL; AND (B) YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO ACT ON BEHALF OF AND BIND SUCH COMPANY, GOVERNMENT OR OTHER ENTITY (IF ANY). WITHOUT LIMITING THE FOREGOING, YOU (AND YOUR ENTITY, IF ANY) ACKNOWLEDGE THAT BY SUBMITTING AN ORDER FOR THE SPLUNK SOFTWARE, YOU (AND YOUR ENTITY (IF ANY)) HAVE AGREED TO BE BOUND BY THIS AGREEMENT. As used in this Agreement, "Splunk," refers to Splunk Inc., a Delaware corporation, with its principal place of business at 270 Brannan Street, San Francisco, California 94107, U.S.A.; and "Customer" refers to the company, government, or other entity on whose behalf you have entered into this Agreement or, if there is no such entity, you as an individual. 1. DEFINITIONS. Capitalized terms used but not otherwise defined in this Agreement have the meanings set forth in Exhibit A. 2. LICENSE GRANTS 2.1 Purchased Software. Subject to Customer's compliance with this Agreement , including Customer's timely payment of all License Fees, Splunk grants to Customer a nonexclusive, worldwide, nontransferable, nonsublicensable license during the applicable Term to install and use the Purchased Software within the Licensed Capacity solely for Customer's Internal Business Purposes. 2.2 Evaluation Software. If the applicable Order specifies that any Software is provided under an evaluation license or a free trial license, then subject to Customer's compliance with this Agreement, Splunk grants to Customer a nonexclusive, worldwide, nontransferable, nonsublicensable license during the applicable Term to install and use the Evaluation Software within the Licensed Capacity solely for evaluating whether Customer wishes to purchase a commercial license for such Software. Notwithstanding anything to the contrary in this Agreement, Splunk does not provide maintenance and support (Section 7), warranty (Section 10), or indemnification (Section 13) with respect to Evaluation Software. 2.3 Test and Development Software. If the applicable Order specifies that any Software is provided under a test and development license, then subject to Customer's compliance with this Agreement, Splunk grants to Customer a nonexclusive, worldwide, nontransferable, nonsublicensable license during the applicable Term to install and use the Test and Development Software within the Licensed Capacity in a non-production system used for software product migration testing, software product pre-production staging, testing new data sources, types or use cases, or other non-production use. In no way should the Test and Development Software be used for any revenue generation, commercial activity or other productive business or purpose. Notwithstanding anything to the contrary in this Agreement, Splunk does not provide warranty (Section 10), or indemnification (Section 13) with respect to the Test and Development Software. 2.4 Free Software. Splunk may make certain Software available for license without charge, and such Free Software may have limited features, functions, or other limitations of any kind. Subject to Customer's compliance with this Agreement, Splunk grants to Customer a nonexclusive, worldwide, nontransferable, nonsublicensable license during the applicable Term to install and use the Free Software within the Licensed Capacity solely for Customer's Internal Business Purposes. Notwithstanding anything to the contrary in this Agreement, Splunk does not provide maintenance and support (Section 7), warranty (Section 10), or indemnification (Section 13) with respect to Free Software. 2.5 Content Subscription. When the applicable Order specifies a Content Subscription service as elected by Customer, Splunk will deliver or otherwise make available the applicable Content Subscription service to Customer during the subscription period, and subject to Customer's compliance with this Agreement (including Customer's timely payment of all applicable Content Subscription Fees), Splunk grants to such Customer a nonexclusive, worldwide, nontransferable, nonsublicensable license during the applicable subscription period to install and use the subscribed content solely in connection with the designated Purchased Software and solely for Customer's Internal Business Purposes. Such content will be treated as Purchased Software under this Agreement except that Section 10 (Warranty) will not apply. 2.6 Splunk Extensions. Subject to Customer's compliance with this Agreement, including Customer's timely payment of all License Fees (if any), Splunk grants to Customer a nonexclusive, worldwide, nontransferable, nonsublicensable license to use Splunk Extensions solely in connection with applicable Software that Customer has licensed from Splunk, subject to the same limitations and restrictions (including with respect to Term and Licensed Capacity) that apply to the Software with which the Splunk Extensions are used. Notwithstanding the foregoing, if any Splunk Extension is provided to Customer under a separate license agreement that grants Customer more permissive or broader rights with respect to such Splunk Extension (e.g., a separate license agreement that is provided to Customer as part of the download process for such Splunk Extension), then that separate license agreement, and not this Agreement, will govern Customer's installation and use of such Splunk Extension (but, for clarity, this Agreement will apply to all other Splunk Extensions). 2.7 Customer Extensions. Subject to Customer's compliance with this Agreement, Splunk grants to Customer a nonexclusive, worldwide, nontransferable, nonsublicensable license (a) to copy, modify and use the Splunk Developer Tools solely to develop Extensions for use with the designated Software or Splunk Extension ("Customer Extensions"), including to support interoperability between the Software or Splunk Extension and Customer's system or environment and (b) to distribute the Customer Extensions exclusively for the use with the designated Software or Splunk Extension. The foregoing license is subject to the following conditions: (x) Splunk proprietary legends or notices contained in the Splunk Developer Tools may not be removed or altered when used in or with the Customer Extension; and (y) Customer may not make any statement that Customer Extension is certified (unless it is duly certified by Splunk through the Splunk App Certification Program) or that its performance is guaranteed by Splunk. Customer retains title to the Customer Extensions, subject to Splunk's ownership set forth in Section 5. If Customer allows end users of Customer Extensions to modify or distribute the Customer Extensions, Customer shall limit such modification or distribution to use with the designated Software or Splunk Extension only, and will flow down the conditions in (x) and (y) above to end users of Customer Extensions. Customer agrees to assume full responsibility for the performance and distribution of Customer Extensions. 2.8 Open Source Software. Customer acknowledges that certain Software may contain Open Source Software. Open Source Software may be identified in the end user documentation or in a list of the Open Source Software provided to Customer upon Customer's written request. Any Open Source Software that is delivered to Customer as part of Purchased Software, and which may not be taken out of the Purchased Software or used separately from the Purchased Software is covered by the warranty, support and indemnification provisions applicable to Purchased Software. Customer acknowledges that specific terms required by the respective licensor of the Open Source Software may apply to the use of Open Source Software, which terms shall be included in the documentation; however, these terms will not: (a) impose any additional restrictions on Customer's use of the Software, or (b) negate or amend Splunk's responsibilities with respect to Purchased Software. 3. LICENSE RESTRICTIONS. Unless otherwise expressly permitted by Splunk, Customer will not and Customer has no right to: (a) copy any Splunk Materials (except as required to run the Software and for reasonable backup purposes); (b) modify, adapt, or create derivative works of any Splunk Materials; (c) rent, lease, loan, resell, transfer, sublicense, distribute, disclose or otherwise provide any Splunk Materials to any third party; (d) decompile, disassemble or reverse-engineer any Splunk Materials, or determine or attempt to determine any source code, algorithms, methods or techniques embodied in any Splunk Materials, except to the extent expressly permitted by applicable law notwithstanding a contractual prohibition to the contrary; (e) access or use any Disabled Materials; (f) provide to any third party the results of any benchmark tests or other evaluation of any Splunk Materials without Splunk's prior written consent; (g) attempt to disable or circumvent any license key or other technological mechanisms or measures intended to prevent, limit or control use or copying of, or access to, any Splunk Materials (including in order to gain access to any Disabled Materials); (h) remove or obscure any copyright, trademark, patent, or other proprietary notices, legends or symbols from any Splunk Materials; (i) exceed the Licensed Capacity or violate other license limitations identified in Exhibit B or elsewhere in this Agreement; (j) separately use any of the applicable features and functionalities of the Splunk Materials with external applications or code not furnished by Splunk or any data not processed by the Software, except otherwise specifically permitted in the Documentation; (k) misuse the Software or use the Software for any illegal, harmful, fraudulent, or offensive purposes; (l) otherwise access or use any Splunk Materials except as expressly authorized in this Agreement; or (m) encourage or assist any third party to do any of the foregoing. Customer acknowledges that the Software may be configured to display warnings, reduce available functionality, and/or cease functioning if unauthorized or improper use is detected, including if the Term expires or the Licensed Capacity is reached or exceeded. 4. SERVICE PROVIDERS. Customer may permit its authorized consultants, contractors, and agents ("Service Providers") to access and use the Software solely on Customer's behalf in connection with providing services to Customer, subject to the terms and conditions of this Agreement. Any such access or use by a Service Provider will be subject to the same limitations and restrictions that apply to Customer under this Agreement, and Customer will be jointly and severally liable for any Service Provider's actions relating to or use of the Software. For avoidance of doubt, the aggregate use by Customer and all of its Service Providers must not exceed the Licensed Capacity and nothing in this Section 4 is intended to or will be deemed to increase any Licensed Capacity. 5. OWNERSHIP. Splunk, its suppliers and/or licensors own all worldwide righ t, title and interest in and to the Splunk Materials, including all related Intellectual Property Rights. Except for the licenses expressly granted to Customer in Section 2, Customer will not acquire or claim any right, title or interest in or to any Splunk Materials or related Intellectual Property Rights, whether by implication, operation of law or otherwise. Notwithstanding anything to the contrary, the Software is licensed, not sold, to Customer. To the extent that Customer provides any Feedback, Customer grants to Splunk a perpetual, irrevocable, worldwide, nonexclusive, transferable, sublicensable, royalty-free, fully paid-up right and license to use and commercially exploit the Feedback in any manner Splunk deems fit. 6. LICENSE AND SUBSCRIPTION FEES. Customer will pay all license fees set forth in the Order (the "License Fees") for the Software delivered to Customer no later than thirty (30) days after the date of Splunk's applicable invoice. Customer will also pay all content subscription fees as may be applicable to the Purchased Software, as identified in the Order (the "Content Subscription Fees", collectively together with License Fees, the "Fees"). Without limitation of Splunk's other termination rights, if Customer fails to pay the Fees when due, then Splunk may terminate this Agreement and all licenses granted hereunder by notice to Customer. All Fees are non-refundable once paid. Any fees and payment terms for Splunk Extensions not included in the Order will be as set forth on the download page for such Splunk Extensions. 7. MAINTENANCE AND SUPPORT. If Customer has purchased support and maintenan ce for the Purchased Software as set forth in the Order (the "Support Services"), then Splunk will provide the level of support and maintenance included in the Order in accordance with the terms and conditions set forth in Exhibit C. 8. CONFIGURATION SERVICES. Subject to Customer's payment of applicable fees , Splunk will provide the deployment, usage assistance, configuration, and/or training services (if any) set forth in the Order (the "Professional Services") in accordance with Splunk's standard professional services terms and conditions provided at https://www.splunk.com/en_us/legal/professional-services-agreement.html, which terms and conditions are hereby incorporated by reference and made a part of this Agreement. 9. SOFTWARE VERIFICATION AND AUDIT. At Splunk's request, Customer will furnish Splunk with a certification signed by Customer's authorized representative verifying that the Software is being used in accordance with this Agreement and the applicable Order. Also, if Customer has purchased an offering that requires usage reporting as identified in the Order, Customer agrees to provide such reporting pursuant to the requirements set forth by Splunk. Upon at least ten (10) days' prior written notice to Customer, Splunk may audit Customer's (and its Service Providers') use of the Software to ensure that Customer (and such Service Providers) are in compliance with this Agreement and the applicable Order. Any such audit will be conducted during regular business hours at Customer's (and/or its Service Providers) facilities, will not unreasonably interfere with Customer's (or its Service Providers') business and will comply with Customer's (or its Service Providers') reasonable security procedures. Customer will (and will ensure that its Service Providers) provide Splunk with reasonable access to all relevant records and facilities reasonably necessary to conduct the audit. If an audit reveals that Customer (and/or any Service Provider) has exceeded the Licensed Capacity or the scope of Customer's license grant during the period audited, then Splunk will invoice Customer, and Customer will promptly pay Splunk any underpaid Fees based on Splunk's price list in effect at the time the audit is completed. If the excess usage exceeds ten percent (10%) of the Licensed Capacity, then Customer will also pay Splunk's reasonable costs of conducting the audit. Customer will ensure that its Service Providers provide Splunk with the access described in this Section 9. This Section 9 will survive expiration or termination of this Agreement for a period of three (3) years. 10. WARRANTY. Splunk warrants that for a period of thirty (30) days from the Delivery of Purchased Software, the Purchased Software will substantially perform the material functions described in Splunk's user documentation for such Purchased Software, when used in accordance with the user documentation. The sole liability of Splunk (and its Affiliates and suppliers/licensors), and Customer's sole remedy, for any failure of the Purchased Software to conform to the foregoing warranty, is for Splunk to do one of the following (at Splunk's sole option and discretion): (a) modify, or provide an Enhancement for, the Purchased Software so that it conforms to the foregoing warranty, (b) replace Customer's copy of the Purchased Software with a copy that conforms to the foregoing warranty, or (c) terminate the license with respect to the non-conforming Purchased Software and refund the License Fees paid by Customer for such non-conforming Purchased Software. All warranty claims must be made by written notice from Customer to Splunk on or before the expiration of the warranty period, as detailed in Section 23.2 below. 11. WARRANTY DISCLAIMER. EXCEPT AS EXPRESSLY SET FORTH IN SECTION 10 ABOVE, THE SPLUNK MATERIALS, OPEN SOURCE SOFTWARE, THIRD PARTY CONTENT, SUPPORT SERVICES AND PROFESSIONAL SERVICES ARE PROVIDED "AS IS" WITH NO WARRANTIES WHATSOEVER, EXPRESS OR IMPLIED. TO THE FULL EXTENT PERMITTED BY LAW, SPLUNK AND ITS SUPPLIERS AND LICENSORS DISCLAIM ALL WARRANTIES OTHER THAN AS EXPRESSLY SET FORTH IN SECTION 10, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR QUIET ENJOYMENT, AND ANY WARRANTIES ARISING OUT OF COURSE OF DEALING OR TRADE USAGE. WITHOUT LIMITATION OF THE GENERALITY OF THE FOREGOING, SPLUNK DOES NOT WARRANT THAT USE OF THE SOFTWARE OR SPLUNK MATERIALS WILL BE UNINTERRUPTED, ERROR FREE OR SECURE, OR THAT ALL DEFECTS WILL BE CORRECTED. 12. LIMITATION OF LIABILITY. TO THE FULL EXTENT PERMITTED BY APPLICABLE LAW AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY OR LIMITATION OF LIABILITY: (A) SPLUNK AND ITS AFFILIATES, SUBSIDIARIES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, PARTNERS (INCLUDING AUTHORIZED PARTNERS AS DEFINED IN SECTION 21 BELOW) AND LICENSORS (THE "SPLUNK ENTITIES") WILL NOT BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES (INCLUDING ANY DAMAGES ARISING FROM LOSS OF USE, LOSS OF DATA, LOST PROFITS, LOST REVENUE, BUSINESS INTERRUPTION, OR COSTS OF PROCURING SUBSTITUTE SOFTWARE OR SERVICES) ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE SUBJECT MATTER HEREOF; AND (B) SPLUNK ENTITIES' TOTAL CUMULATIVE LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE SUBJECT MATTER HEREOF WILL NOT EXCEED THE AMOUNTS PAID BY CUSTOMER TO SPLUNK FOR THE PURCHASED SOFTWARE IN THE TWELVE (12) MONTHS PRIOR TO THE EVENT GIVING RISE TO SUCH LIABILITY, IN EACH OF THE FOREGOING CASES (A) AND (B), REGARDLESS OF WHETHER SUCH LIABILITY ARISES FROM CONTRACT, INDEMNIFICATION, WARRANTY, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, AND REGARDLESS OF WHETHER SPLUNK HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. IN ADDITION, CUSTOMER, AND NOT SPLUNK, IS SOLELY RESPONSIBLE FOR THE ACCURACY, QUALITY AND SECURITY OF CUSTOMER'S DATA AND FOR MAINTAINING A BACKUP OF ALL SUCH DATA, AND FOR ENSURING THE SECURITY AND INTEGRITY OF CUSTOMER'S (AND ITS SERVICE PROVIDER'S) DATA, COMPUTERS, NETWORKS AND SYSTEMS (INCLUDING WITH RESPECT TO PROTECTING AGAINST VIRUSES AND MALWARE). 13. INDEMNITY. Splunk will defend Customer against any claim, demand, suit o r proceeding brought against Customer by a third party alleging that Purchased Software infringes or misappropriates such third party's Intellectual Property Rights ("Claim"), and Splunk will pay all damages finally awarded against Customer by a court of competent jurisdiction as a result of such Claim, subject to the other terms and conditions of this Agreement. Notwithstanding the foregoing, Splunk has no obligation to indemnify Customer with respect to: (a) use of the Purchased Software in a manner that is not permitted under the Agreement or that is inconsistent with Splunk's applicable user documentation; (b) modifications to the Splunk Materials made by anyone other than Splunk; (c) the combination of Software with hardware or software not made by Splunk, or with third-party services, processes or materials where the infringement or misappropriation would not occur but for such combination; (d) Customer's continued use of the Purchased Software or other allegedly infringing activity after receiving notice of the alleged infringement; or (e) any version of the Purchased Software that is no longer supported by Splunk ((a) through (e), collectively, "Excluded Matters"). If an applicable Claim is made or appears likely to be made, Splunk may, at its option and expense, modify the affected Purchased Software so that it is noninfringing, or replace it with substantially functionally equivalent software. If Splunk determines that neither is reasonably feasible, Splunk may terminate Customer's applicable license and refund Customer a pro rata refund of the Fees previously paid by Customer, which will be calculated using the remainder of the license term (beginning with the date of Splunk's receipt of notice of the applicable Claim), or if the Purchased Software is licensed under a perpetual license, a refund of Fees previously paid by Customer, less straight-line depreciation on a three-year basis from the Delivery of the applicable Software. The obligations set forth in this Section constitute Customer's sole and exclusive remedy, and Splunk's entire liability, with respect to any Claims that the Purchased Software infringes any third party's Intellectual Property Rights. Customer will defend Splunk against any claim brought against Splunk by a third party arising out of or relating to any Excluded Matter or any Customer Extension, and Customer will pay all damages finally awarded against Splunk by a court of competent jurisdiction as a result of such claim. Each party's indemnity obligations set forth in this Section 13 are conditioned upon the party seeking indemnification (x) providing prompt written notice to the other party of the applicable claim; (y) giving the indemnifying party sole control of the defense and/or settlement of the applicable claim, except that: (i) the indemnified party may participate in the defense with counsel of its choice at its own expense, and (ii) the indemnifying party will not agree to any settlement that imposes a material obligation on the indemnified party without the indemnified party's prior written consent (not to be unreasonably withheld or delayed), and (z) providing reasonable cooperation and assistance in the defense and negotiations. 14. CONFIDENTIAL INFORMATION. 14.1 Confidential Information. "Confidential Information" means any t echnical or business information, ideas, materials, know-how or other subject matter that is disclosed by one party to the other party that: (a) if disclosed in writing, is marked "confidential" or "proprietary" at the time of such disclosure; (b) if disclosed orally, is identified as "confidential" or "proprietary" at the time of such disclosure, and is summarized in a writing sent by the disclosing party to the receiving party within thirty (30) days after any such disclosure; or (c) under the circumstances, a person exercising reasonable business judgment would understand to be confidential or proprietary. Confidential Information of Splunk will include the Splunk Materials (including any license keys). 14.2 Use and Disclosure Restrictions. The party receiving Confidentia l Information ("Recipient") agrees: (a) to maintain the Confidential Information of the party disclosing such information (the "Discloser") in strict confidence; (b) not to disclose such Confidential Information to any third parties; and (c) not to use any such Confidential Information for any purpose other than to exercise its rights or perform its obligations under this Agreement. Recipient will treat Confidential Information of the Discloser with the same degree of care as it accords to its own Confidential Information, but in no event with less than reasonable care. Recipient may disclose the Confidential Information of Discloser to its directors, officers, employees, and subcontractors (collectively, "Representatives"), who have a bona fide need to know such Confidential Information, provided that each such Representative is bound by a legal obligation as protective of the other party's Confidential Information as those set forth herein. Recipient's obligations under this Section 14 will continue in effect for a period of three (3) years from the date of last disclosure of Confidential Information by Discloser, except that Customer's obligations under this Section 14 will continue in effect in perpetuity with respect to Splunk Materials. 14.3 Exclusions. The obligations of Recipient under Section 14.1 will not apply to any Confidential Information that: (a) is now or thereafter becomes generally known or available to the public, through no act or omission on the part of Recipient (or any of its Representatives, Affiliates, or agents) or any third party subject to any use or disclosure restrictions with respect to such Confidential Information; (b) was known by or lawfully in the possession of Recipient, prior to receiving such information from Discloser, without restriction as to use or disclosure; (c) is rightfully acquired by Recipient from a third party who has the right to disclose it and who provides it without restriction as to use or disclosure; or (d) is independently developed by Recipient without access, use or reference to any Confidential Information of Discloser. 14.4 Required Disclosures. The provisions of Section 14.1 will not re strict Recipient from disclosing Discloser's Confidential Information to the extent required by any law enforcement agencies or regulators or compelled by a court or administrative agency of competent jurisdiction, provided that, to the extent permissible under law, Recipient uses reasonable efforts to give Discloser advance notice of such required disclosure as appropriate in order to enable Discloser to prevent or limit disclosure. 14.5 Return or Destruction of Confidential Information. Upon terminat ion of the Agreement or support and maintenance, Recipient will promptly return to Discloser or, at Discloser's option, destroy all tangible items and embodiments containing or consisting of Discloser's Confidential Information and all copies thereof and provide written certification of such destruction or return by an authorized person. 14.6 Injunctive Relief. Recipient agrees that, due to the unique natu re of the Confidential Information, the unauthorized disclosure or use of the Confidential Information will cause irreparable harm and significant injury to Discloser, the extent of which will be difficult to ascertain and for which there will be no adequate remedy at law. Accordingly, Recipient agrees that Discloser, in addition to any other available remedies, will have the right to an immediate injunction and other equitable relief enjoining any breach or threatened breach of this Section 14, without the necessity of posting any bond or other security. Recipient will notify Discloser in writing immediately upon Recipient's becoming aware of any such breach or threatened breach. 15. TERM. This Agreement will commence upon Splunk's first Delivery of the Software specified in the Order (or, Splunk's other initial delivery of the Software to Customer) and will remain in effect until the expiration of the applicable Software license term, unless earlier terminated pursuant to Section 16 (the "Term"). For the avoidance of doubt, termination of a license term shall not affect the term of any other licenses applicable to other Splunk products and services that Customer has purchased. Further, termination of a Content Subscription shall not affect the term of the base license applicable to the Software that Customer has purchased. 15.1 Purchased Software, etc. Unless otherwise indicated in the Order , the Term for Purchased Software, Free Software, Splunk Extensions and Splunk Developer Tools, if applicable, will continue indefinitely, unless and until terminated pursuant to Section 16. If the Order indicates a Term of a specific duration for any of the foregoing, the licenses granted to Customer for such Purchased Software or Free Software will terminate automatically upon expiration of such Term. Upon expiration of any Term, the applicable Software will stop working automatically. 15.2 Evaluation Software. If Customer is granted a license for Evalua tion Software, then the Term for such Evaluation Software will be specified in the Order or with the license key. If no such term is specified, the Term for Evaluation Software is thirty (30) days from the date the license key is delivered. Any license keys provided for Evaluation Software will automatically expire and cause the Evaluation Software to become non-operational at the end of the Term. If Customer wishes to use the Evaluation Software after the Term expires, then Customer must obtain the applicable paid license. 16. TERMINATION. Either party may terminate this Agreement by written notice to the other party if the other party materially breaches this Agreement and does not cure the breach within thirty (30) days of receiving written notice of the breach pursuant to Section 23.2 below. In addition, Splunk may immediately terminate this Agreement (in whole or in part, including with respect to any Term) by written notice to Customer (a) if Customer materially breaches Section 3, and (b) as set forth in Section 6. Splunk may also terminate Customer's license to any Evaluation Software at any time with or without cause by notice to Customer. If Customer is the Government, then termination terms and conditions will be governed by 48 C.F.R. Section 52.212-4. Upon any expiration or termination of this Agreement, the rights and licenses granted to Customer hereunder will automatically terminate, and Customer agrees to cease immediately using the Splunk Materials and to return or destroy all copies of the Splunk Materials and other Splunk Confidential Information in Customer's possession or control, and certify in writing the completion of such return or destruction in accordance with Section14.5. Upon termination of this Agreement, Splunk will have no obligation to refund any Fees or other amounts received from Customer during the Term, and notwithstanding any early termination above, Customer shall still be required to pay all Fees payable under an Order (i.e., no such early termination shall relieve Customer of its obligations to pay all Fees payable under an Order) unless otherwise provided in this Agreement. Termination of Support and Maintenance Terms and Conditions due to Splunk's breach is provided in Section 3.2 of Exhibit C. Section 1 (Definitions), Section 5 (Ownership), Section 9 (Software Verification and Audit), Section 11 (Warranty Disclaimer), Section 12 (Limitation of Liability), Section 13 (Indemnity), Section 14 (Confidentiality), Section 16 (Termination) and Sections 17 (Export) through 23 (General) will survive any expiration or termination of this Agreement. 17. EXPORT. Customer will comply fully with all relevant export laws and regulations of the United States and any other country ("Export Laws") where Customer uses any of the Splunk Materials. Customer certifies that Customer is not on any of the relevant U.S. government lists of prohibited persons, including the Treasury Department's List of Specially Designated Nationals and the Commerce Department's List of Denied Persons or Entity List. Customer further certifies that Customer will not export, re-export, ship, transfer or otherwise use the Splunk Materials in any country subject to an embargo or other sanction by the United States, and that Customer will not use the Splunk Materials for any purpose prohibited by the Export Laws, including, but not limited to, nuclear, chemical, missile or biological weapons related end uses. 18. GOVERNMENT END USER RIGHTS. Customer acknowledges that all Splunk Materials were developed entirely at private expense and that no part of the Splunk Materials was first produced in the performance of a government contract. Customer agrees that all Splunk Materials and any derivatives thereof are "Commercial Items" as defined in 48 C.F.R. Section 2.101, and if Customer is the Government, then such use, duplication, reproduction, release, modification, disclosure or transfer of this commercial product and data, is restricted in accordance with 48 C.F.R. Section 12.211, 48 C.F.R. Section 12.212, 48 C.F.R. Section 227.7102-2, and 48 C.F.R. Section 227.7202, as applicable. Consistent with 48 C.F.R. Section 12.211, 48 C.F.R. Section 12.212, 48 C.F.R. Section 227.7102-1 through 48 C.F.R. Section 227.7102-3, and 48 C.F.R. Sections 227.7202-1 through 227.7202-4, as applicable, the Splunk Materials are licensed to Government end users (a) only as Commercial Items and (b) with only those rights as are granted to all other users pursuant to this Agreement and any related agreement(s), as applicable. Accordingly, Customer will have no rights in the Splunk Materials except as expressly agreed to in writing by Customer and Splunk. 19. PUBLICITY. Customer agrees that Splunk may publish a brief description o f Customer's deployment of the Software and identify Customer as a Splunk customer on any of Splunk's websites, client lists, press releases, and/or other marketing materials. 20. THIRD PARTY CONTENT DISCLAIMER. Certain Extensions and other materials available for download on Splunkbase are developed and/or provided by third parties ("Third-Party Content"). Splunk makes such Third-Party Content available for download on Splunkbase as a convenience to its customers, but Splunk neither controls nor endorses, nor is Splunk responsible for, any Third-Party Content, including the accuracy, integrity, quality, legality, usefulness or safety of Third-Party Content. Certain Third-Party Content may, among other things, be inaccurate, nonfunctional, infringing or dangerous. Nothing in this Agreement or on Splunkbase will be deemed to be a representation or warranty by Splunk with respect to any Third-Party Content, even if a particular Extension or other item of Third-Party Content is identified as "certified" for use with Software. Splunk has no obligation to monitor Third-Party Content, and Splunk may block or disable access to any Third-Party Content at any time. In addition, the availability of any Third-Party Content through Splunkbase does not imply Splunk's endorsement of, or affiliation with, any provider of such Third-Party Content, nor does such availability create any legal relationship between Customer and any such provider. Customer's use of Third-Party Content is at Customer's own risk and may be subject to any additional terms, conditions and policies applicable to such Third-Party Content (such as license terms, terms of service or privacy policies of the providers of such Third-Party Content). 21. AUTHORIZED PARTNERS. If Customer acquired the Software through an authorized reseller, partner or OEM of Splunk ("Authorized Partner") then, notwithstanding anything to the contrary in this Agreement: (a) Customer's use of the Software is subject to any additional terms in the agreement provided by the Authorized Partner; (b) Customer agrees to pay the Authorized Partner the Fees and other applicable fees, and Customer will have no direct Fee payment obligations to Splunk for such Software; (c) Customer's agreement with the Authorized Partner is between Customer and the Authorized Partner and is not binding on Splunk; and (d) Splunk may terminate this Agreement (including Customer's right to use the Software) if Splunk does not receive payment for Customer's use of the Software from the Authorized Partner or if Customer breaches any term of this Agreement. If Customer's warranty and support terms stated in its agreement with the Authorized Partner are different from those set forth in this Agreement, then such different terms are solely between Customer and the Authorized Partner and Splunk will have no obligations to Customer under this Agreement with respect to such different terms. Except as set forth in the preceding sentence, if there is any conflict or inconsistency between this Agreement and Customer's agreement with Authorized Partner, then this Agreement will control (and will resolve such inconsistency) as between Splunk and Customer. 22. CHOICE OF LAW AND DISPUTES. Unless Customer is the Government, this Agreement will be governed by and construed in accordance with the laws of the State of California, as if performed wholly within the state and without giving effect to the conflicts of law principles of any jurisdiction or the United Nations Convention on Contracts for the International Sale of Goods, the application of which is expressly excluded. Any legal action or proceeding arising under this Agreement will be brought exclusively in the federal or state courts located in San Francisco, California, and the parties hereby consent to personal jurisdiction and venue therein (except that Splunk may seek injunctive relief to prevent improper or unauthorized use or disclosure of any Splunk Materials in any court of competent jurisdiction). If Customer is the Government, this Agreement will be governed by and interpreted in accordance with the Contract Disputes Act of 1978, as amended (41 U.S.C. Sections 7101-7109). Failure of the parties to reach agreement on any request for equitable adjustment, claim, appeal, or action arising under or relating to this Agreement will be a dispute to be resolved in accordance with the clause at 48 C.F.R Section 52.233-1, which is incorporated in this Agreement by reference. 23. GENERAL. 23.1 Purchase Order. Customer's issuance of a purchase order constitu tes acceptance of this Agreement notwithstanding anything to the contrary in such purchase order. If any purchase order contains any terms or conditions that are different from or additional to the terms and conditions set forth in this Agreement, then Splunk expressly rejects such different or additional terms and conditions, and such different or additional terms and conditions will not become a part of the agreement between the parties notwithstanding any subsequent acknowledgement, invoice or license key that Splunk may issue. 23.2 Notices. All notices required or permitted under this Agreement will be in writing and delivered in person, by confirmed facsimile transmission, by overnight delivery service, or by registered or certified mail, postage prepaid with return receipt requested, and in each instance will be deemed given upon receipt. All communications will be sent to the addresses set forth in the applicable Order or to such other address as may be specified by either party to the other party in accordance with this Section. 23.3 Assignment. Customer may not assign, delegate or transfer this Agreement, in whole or in part, by agreement, operation of law or otherwise without the prior written consent of Splunk. Splunk may assign this Agreement in whole or in part to an Affiliate or in connection with an internal reorganization or a merger, acquisition, or sale of all or substantially all of Splunk's assets to which this Agreement relates. Splunk may also assign its rights to receive payment due as a result of performance of this Agreement to a bank, trust company, or other financing institution, including any federal lending agency in accordance with the Assignment of Claims Act (31 U.S.C. Section 3727) and may assign this Agreement in accordance with the provisions at 48 C.F.R Section 42.12, as applicable. Any attempt to assign this Agreement other than as permitted herein will be null and void. Subject to the foregoing, this Agreement will bind and inure to the benefit of the parties' permitted successors and assigns. 23.4 Rights and Remedies. Except as otherwise expressly set forth in this Agreement, the rights and remedies of either party as set forth in this Agreement are not exclusive and are in addition to any other rights and remedies now or hereafter provided by law or at equity. 23.5 Waiver; Severability. The waiver by either party of a breach of or a default under this Agreement will not be effective unless in writing. The failure by either party to enforce any provisions of this Agreement will not constitute a waiver of any other right hereunder or of any subsequent enforcement of that or any other provisions. If a court of competent jurisdiction holds any provision of this Agreement invalid or unenforceable, the remaining provisions of the Agreement will remain in full force and effect, and the provision affected will be construed so as to be enforceable to the maximum extent permissible by law. 23.6 Interpretation. For purposes of interpreting this Agreement, (a) unless the context otherwise requires, the singular includes the plural, and the plural includes the singular; (b) unless otherwise specifically stated, the words "herein," "hereof," and "hereunder" and other words of similar import refer to this Agreement as a whole and not to any particular section or paragraph; (c) Do you agree with this license? [y/n]: y This appears to be your first time running this version of Splunk. An Admin password must be set before installation proceeds. Password must contain at least: * 8 total printable ASCII character(s). Please enter a new password: Please confirm new password: Copying '/opt/splunk/etc/openldap/ldap.conf.default' to '/opt/splunk/etc/openldap/ldap.conf'. Generating RSA private key, 2048 bit long modulus ..+++ ..................................+++ e is 65537 (0x10001) writing RSA key Generating RSA private key, 2048 bit long modulus ........+++ .......................+++ e is 65537 (0x10001) writing RSA key Moving '/opt/splunk/share/splunk/search_mrsparkle/modules.new' to '/opt/splunk/share/splunk/search_mrsparkle/modules'. Splunk> Take the sh out of IT. Checking prerequisites... Checking http port [8000]: open Checking mgmt port [8089]: open Checking appserver port [127.0.0.1:8065]: open Checking kvstore port [8191]: open Checking configuration... Done. Creating: /opt/splunk/var/lib/splunk Creating: /opt/splunk/var/run/splunk Creating: /opt/splunk/var/run/splunk/appserver/i18n Creating: /opt/splunk/var/run/splunk/appserver/modules/static/css Creating: /opt/splunk/var/run/splunk/upload Creating: /opt/splunk/var/spool/splunk Creating: /opt/splunk/var/spool/dirmoncache Creating: /opt/splunk/var/lib/splunk/authDb Creating: /opt/splunk/var/lib/splunk/hashDb New certs have been generated in '/opt/splunk/etc/auth'. Checking critical directories... Done Checking indexes... Validated: _audit _internal _introspection _telemetry _thefishbucket history main summary Done Checking filesystem compatibility... Done Checking conf files for problems... Done Checking default conf files for edits... Validating installed files against hashes from '/opt/splunk/splunk-7.1.1-8f0ead9ec3db-linux-2.6-x86_64-manifest' All installed files intact. Done All preliminary checks passed. Starting splunk server daemon (splunkd)... Generating a 2048 bit RSA private key .........................................................................+++ ......................................................+++ writing new private key to 'privKeySecure.pem' ----- Signature ok subject=/CN=naoki_6-5_1/O=SplunkUser Getting CA Private Key writing RSA key Done [ OK ] Waiting for web server at http://127.0.0.1:8000 to be available... Done If you get stuck, we're here to help. Look for answers here: http://docs.splunk.com The Splunk web interface is at http://naoki_6-5_1:8000 [root@naoki_6-5_1 splunk]# [root@naoki_6-5_1 splunk]#
-- まずここまで、以後明日
Proactive HA
115 page 目
* Proactive HA
→運用したことがないが、実際のところ使える機能なのか
http://docs.hol.vmware.com/HOL-2017/Localization/manuals/hol-1810-01-sdc_ja_pdf_en.pdf
blogs.vmware.com
(2) SVmotionの仕組み
SVmotionの仕組み
ロジックを理解しないまま運用してました本当にごめんなさい。
仮想マシンのディスク ファイルを移動する際、Storage VMotion は、先に仮想マシンの 「ホーム ディレクトリ」 を移動先に移しま す。「ホーム ディレクトリ」 には、仮想マシンに関するメタ データ、 つまり構成、スワップ、ログの各ファイルが含まれます。ホーム ディレクトリを移動したら、Storage VMotion は、仮想マシンの ストレージ ディスク ファイル全体の内容を移動先ストレージ ホ ストにコピーします。このとき、「変更ブロックのトラッキング」 により、移行プロセス中のデータの整合性が保たれます。次に、 Storage VMotion は、変更ブロックのトラッキング モジュールに 照会し、最初のコピー処理中にディスク内で書き込みがあった 領域を確認します。その後、次のコピー処理を開始して、最初の コピー処理中に変更された領域をコピーします (この処理はさら に数回発生する場合があります)。 このプロセスが完了すると、仮想マシンはサスペンドされてから レジュームされ、移行先のデータストアにある仮想マシンのホー ム ディレクトリとディスク ファイルを使用できるようになりま す。VMware ESX が仮想マシンを再度実行する前に、移行元ディ スクで最後に変更された領域が移動先にコピーされ、移行元の ホームとディスクが削除されます。 この方法によって、完全なトランザクションの整合性が保証され ます。またこのプロセスは短時間で終了するので、エンド ユーザー に影響を与えません。
https://www.vmware.com/files/jp/pdf/storage_vmotion_datasheet.pdf
↑ 古いけどロジックは同じ(はず)
クロスvMotion実装(6.0~)から、異なるデータストア間でもvMotionできるようになった
で、
1. vmdk以外のファイルを移行先ストレージにコピー
2. VMのブロッキングのトラッキングを有効にする(CBTのこと)
3. vmdk と vswap を コピー
4. 移行元を削除
CBT=仮想マシンの変更部分を追跡する機能
まあバージョンによって若干のロジックの差異はあると思うけど基本概念は同じ(はずw)