Lately I have been working a bit with the monitoring platform Zabbix, and the instance in question is backed by the PostgreSQL RDBMS.
Apart from data regarding such as hosts, services and checks, a significant amount of the data in the RDMS is historical time-series data aggregated for over a year back in time.
There are several data-stores optimised for time-series data to choose from, as SQL is not the best choice for this, ... [continue reading]
fail2ban is one of several tools designed to protect other services by blocking unwanted and possibly repeating activities. Its most common use case is probably protecting the SSH server from brute-force attacks, where repeatedly failed login attempts will be generously rewarded with an iptables firewall ban or some other variant of blocking or null routing.
By monitoring the correct set of log files and applying regular expression patterns to the observations, fail2ban will extract and remember offending IP addresses. After ... [continue reading]
OpenShift Container Platform (OCP) builds on Docker for container-technology and Kubernetes for orchestration of those containers. OpenShift solves the network annoyances in Kubernetes and adds features like authentication and authorization, multi-tenancy, source-to-image (S2I) and templating of applications.
To easily get started with OpenShift development, the OpenShift client (oc) includes an all-in-one cluster that provides a seamless way to get up-and-running with a local OpenShift installation. The prerequisites are:
Everything was ready. The deploy should have been clean and fast. But then, the developers had added just another language module. Not a big thing, just something you could have pulled down, and stashed somewhere below /usr/local. But then, there is this policy that was added early in the project process: All software should be packaged as rpm files. Sounded a dream for the ops people, this time we should get it done right. But for this single library, there ... [continue reading]
The first time I successfully fired up a container I was pretty excited with the potential this tool had to make a lot of everyday tasks much easier. For example when I had a colleague ask for package xyz from EPEL/PPA made available from our internal mirrors, I could just fire up a clean CentOS/Ubuntu/Debian container and download the packages much faster. This seemed much better than having a CentOS7 virtual machine that I needed to fire up or browsing ... [continue reading]
Sometimes you come across problems with websites that normal configuration does not address usefully. A case in point was a PHP-based application that from time to time returned a 302 to a login page instead of the front page, which is not optimal when you serve news articles.
Our solution was to add a simple rule to Varnish, so we serve old cached content, using “grace”, instead of the redirect. Grace allows Varnish to serve expired content in case there ... [continue reading]
While dropping root account passwords completely in favour of sudo is an option in many cases, we prefer keeping root passwords around for when we need direct console access. We keep these passwords in an encrypted password-store (we will write about this in a later blog post this season), and change them when someone should no longer have access or the passwords approach three months in age.
We prefer “horse” passwords for ease of communicating verbally, and use “diceware” ... [continue reading]
While dynamic DNS is a wonderful tool for automation and orchestration, tools for easy cleaning up and logging changes are needed. This post describes a couple of scripts that may help.
In a world of automation, dynamic DNS is a wonderful tool. It lets automatic provisioning and orchestration tools create, update, and delete DNS records all by itself. But from time to time, strange things happens. Scripts fail or get killed. Automatic ... [continue reading]
The Varnish Cache project recently released varnish-5.2, and I have wrapped packages for Fedora and EPEL.
... [continue reading]The Raspberry Pi 3 is the third generation Raspberry Pi, on this i will be installing Mulesoft enterprise runtime standalone with latest Java 8 running inside a Docker container. The Instance will register itself with Anypoint platform ... [continue reading]
