Gilang Virga Perdana gilangvperdana

Monitoring Instances with Prometheus and Grafana

Download Prometheus Server

cd /tmp
wget -c https://github.com/prometheus/prometheus/releases/download/v2.13.1/prometheus-2.13.1.linux-amd64.tar.gz

Extract Prometheus Server

Linux Files Immutable?

Ever feel 'operattion not-permitted' on linux, please do this to revert or even if you want to protect a file to be safe.

Execution

cat ~/.ssh/id_rsa.pub > authorized_keys
chattr +i authorized_keys 
rm authorized_keys

rm: remove write-protected regular file `file1'? y

System Updates

http://bookofzeus.com/harden-ubuntu/initial-setup/system-updates/

Keeping the system updated is vital before starting anything on your system. This will prevent people to use known vulnerabilities to enter in your system.

sudo apt-get update
sudo apt-get upgrade
sudo apt-get autoremove
sudo apt-get autoclean

Backup and Restore of MariaDB

Kolla can facilitate either full or incremental backups of data hosted in MariaDB. It achieves this using Percona's Xtrabackup, a tool designed with hot backups in mind - an approach which means that consistent backups can be taken without any downtime for your cloud.

GoDaddy SSL Certificates PEM Creation for HaProxy (Ubuntu 14.04)

1 Acquire your SSL Certificate

Generate your CSR This generates a unique private key, skip this if you already have one.

sudo openssl genrsa -out  etc/ssl/yourdomain.com/yourdomain.com.key 1024

Next generate your CSR (Certificate Signing Request), required by GoDaddy:

General

I once had a problem with an instance running on Openstack, namely that it could not ssh to other nodes, but other nodes could ssh to the said node. It turns out that this is because the MTU is different at the instance or at the server host level, please check the MTU again on each interface related to openstack's neutron external.

From some machines (with latest openssh) ssh to muddy fails -

ssh -vvv -p $MUDDYPORT $MUDDYIP
hangs at expecting SSH2_MSG_KEX_ECDH_REPLY

Quick Check

ping node2 -c 8000

	apiVersion: v1
	kind: Namespace
	metadata:
	name: loki-stack
	---
	apiVersion: apps/v1
	kind: StatefulSet
	metadata:
	name: loki
	namespace: loki-stack

	#!/bin/bash

	# Author: Erik Kristensen
	# Email: [email protected]
	# License: MIT
	# Nagios Usage: check_nrpe!check_docker_container!_container_id_
	# Usage: ./check_docker_container.sh _container_id_
	#
	# Depending on your docker configuration, root might be required. If your nrpe user has rights
	# to talk to the docker daemon, then root is not required. This is why root privileges are not

	#!/bin/bash

	# get all running docker container names
	containers=$(sudo docker ps \| awk '{if(NR>1) print $NF}')
	host=$(hostname)

	# loop through all containers
	for container in $containers
	do
	echo "Container: $container"


	proxy_cache_path /tmp/cacheapi levels=1:2 keys_zone=microcacheapi:100m max_size=1g inactive=1d use_temp_path=off;
	server {
	listen 443 ssl http2 default_server;
	listen [::]:443 ssl http2 default_server;
	server_name example.com;

	location /api/ {
	# Rate Limiting
	limit_req zone=reqlimit burst=20; # Max burst of request