ikurni

### Performance check command from etcd pod

# oc rsh <etcd-pod> -n openshift-etcd
$ etcdctl check perf --load="m"
$ etcdctl check perf --load='l'
$ etcdctl --write-out=table endpoint status
$ etcdctl --write-out=table endpoint health
$ etcdctl --write-out=table member list

### Collect metrics from the cluster.

ikurni

### Most probably is caused by different pull secret that is being used by serviceaccount to pull the images ###
### Edit imagePullSecret which is used by serviceaccount ###
oc edit sa <serviceaccountname>
    # Edit below section 
    apiVersion: v1
    imagePullSecrets:
    - name: jenkins-dockercfg-8nln8 #change to available pullsecrets which can be used to pull from image-registry#
# Save the config #

ikurni

### Step 1
oc delete pod <podsname> -n myproject --grace-period=0 --force

### Step 2
oc edit pod <podsname>
#Remove deletionTimestamp
  #Before: deletionTimestamp: 2019-12-31T11:40:28Z
  #After: deletionTimestamp: null
#Remove Finalizers
  #Before

ikurni

### Create SSL file for HTTPS traffic
mkdir /etc/haproxy/ssl
cat /root/wildcard.example.com.crt /root/wildcard.example.com.key >> /root/wildcard.example.com.pem
mv /root/wildcard.example.com.pem /etc/haproxy/ssl/

### Configure HAProxy.cfg to accept HTTPS, redirect HTTPS to HTTP and replace header to targeted URL
vi /etc/haproxy/haproxy.cfg

#---
#---------------------------------------------------------------------

ikurni

### Run below command to enable rook-ceph-tools in OCS Cluster

oc patch OCSInitialization ocsinit -n openshift-storage --type json --patch  '[{ "op": "replace", "path": "/spec/enableCephTools", "value": true }]'

ikurni

### In order to remove OCS Cluster manually, when resources are stucked, need to patch the resources manually as below :

[root@ocpbastion ~]# oc patch -n openshift-stroage crd/cephobjectstoreusers.ceph.rook.io --type=merge -p '{"metadata": {"finalizers":null}}'
customresourcedefinition.apiextensions.k8s.io/cephobjectstoreusers.ceph.rook.io patched
[root@ocpbastion ~]# oc patch -n openshift-stroage crd/cephblockpools.ceph.rook.io --type=merge -p '{"metadata": {"finalizers":null}}'
customresourcedefinition.apiextensions.k8s.io/cephblockpools.ceph.rook.io patched
[root@ocpbastion ~]# oc patch -n openshift-stroage crd/cephclusters.ceph.rook.io --type=merge -p '{"metadata": {"finalizers":null}}'
customresourcedefinition.apiextensions.k8s.io/cephclusters.ceph.rook.io patched
[root@ocpbastion ~]# oc patch -n openshift-stroage crd/cephfilesystems.ceph.rook.io --type=merge -p '{"metadata": {"finalizers":null}}'
customresourcedefinition.apiextensions.k8s.io/cephfilesystems.ceph.rook.io patched

ikurni

# How do I verify that a private key matches a certificate?
# To verify that a private key matches its certificate you need to compare the modulus of the certificate against the modulus of the private key.

#Please follow the below command to view the modulus of the certificate.

openssl x509 -noout -modulus -in server.crt | openssl md5

#Now you will receive the modulus something like a77c7953ea5283056a0c9ad75b274b96
#Please follow the below command to view the modulus of the private key.

ikurni

https://github.com/rhtconsulting/cfme-rhconsulting-scripts

https://pemcg.gitbooks.io/mastering-automation-in-cloudforms-4-2-and-manage/content/

https://www.manageiq.org/blog/

ikurni

#To Debug/run pods without interrupted by Kubernetes Health check process, do :
oc debug dc/dc-name
#or
oc debug deplyoment/deployment-name

ikurni

### To run Openshift container as root, need to do below command :

oc adm policy add-scc-to-user privileged -z default -n my-project-namespace

oc edit deployment/my-apps-deploy

### Find the securityContext line, and edit :
### securityContext:
###    runAsUser: 0