aws-labs

This tutorial will walk you through installing the command-line FTP client commonly known as ‘ftp’. This application is available by default on most distributions with a standard install but because we use a minimal install it must be installed separately.

This tutorial assumes that you have gone through the Ubuntu Setup Guide and are familiar with the Linux environment and the utilities used within it.

Update Repositories

First we will need to make sure that our repositories are updated. To do this type the following command:

# sudo aptitude update

You will see several links scroll across the screen as they download.

Installing ftp

Next we need to install the ftp application. To do this run the following command:

# sudo aptitude install ftp

You will be prompted to install the application, press Y.

If instead you get a message that no packages will be installed, it means the ftp package is already installed and you’re good to go.

Hits: 9

In order to connect to a SSL enabled Redis from cli you would need to first install stunnel:

yum install stunnel

then in the configuration file add:

cat /etc/stunnel/redis-cli.conf
fips = no
setuid = root
setgid = root
pid = /var/run/stunnel.pid
debug = 7
options = NO_SSLv2
options = NO_SSLv3
[redis-cli]
client = yes
accept = 127.0.0.1:6379
connect = MASTER_REDIS_IP:6379
[redis-cli-slave]
client = yes
accept = 127.0.0.1:6380
connect = SLAVE_REDIS_IP:6379

Start the tunnel with:

stunnel /etc/stunnel/redis-cli.conf

then connect:

redis-cli -h localhost -p 6379

.

To connect from ruby you would need to -> https://github.com/redis/redis-rb

Hits: 53

Combine everything for nginx:

1. Combine the above crt files into a bundle (the order matters, here):cat www_example_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt
2. Store the bundle wherever nginx expects to find it:mkdir -p /etc/nginx/ssl/example_com/ mv ssl-bundle.crt /etc/nginx/ssl/example_com/
3. Ensure your private key is somewhere nginx can read it, as well.:mv example_com.key /etc/nginx/ssl/example_com/
4. Make sure your nginx config points to the right cert file and to the private key you generated earlier:server { listen 443; ssl on; ssl_certificate /etc/nginx/ssl/example_com/ssl-bundle.crt; ssl_certificate_key /etc/nginx/ssl/example_com/example_com.key; # side note: only use TLS since SSLv2 and SSLv3 have had recent vulnerabilities ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # … }
5. Restart nginx.

Hits: 4

Introduction

One of the more popular products on the market right now is NewRelic for application monitoring. What’s cool is you can also use their Server product to monitor an unlimited number of servers using the same license key. This tutorial will briefly walk you through how to set this up on your ProfitBricks Ubuntu servers.

Setting Up the Pre-Requisites

Before you begin you should first issue an apt-get update command at the shell. Once you’ve pulled the latest updates go ahead and install the following if you do not have these on your server yet:

apt-get install ca-certificates wget

Install and Configure NewRelic Server

First, let’s add the NewRelic apt repository:

echo deb http://apt.newrelic.com/debian/ newrelic non-free >> /etc/apt/sources.list.d/newrelic.list

Next, go ahead and trust the NewRelic GPG key:

wget -O- https://download.newrelic.com/548C16BF.gpg | apt-key add -

Issue another apt-get update to ensure you can install the latest version of NewRelic’s Server product.

apt-get install -y -qq newrelic-sysmond

Finally, it is time to set your license key. If you do not have this key you will need to log into your NewRelic dashboard and retrieve it from your settings. I

nrsysmond-config --set license_key=LICENSE_KEY

Now, just start the service and you’re good to go.

/etc/init.d/newrelic-sysmond start

Hits: 3

– netstat -ntu | awk ‘ $5 ~ /^[0-9]/ {print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

 netstat with group by (ip adress)

netstat has two lines of headers:

Active Internet connections (w/o servers)

Proto Recv-Q Send-Q Local Address Foreign Address State

Added a filter in the awk command to remove them

–  netstat -ntu | awk ‘ $5 ~ /^[0-9]/ {print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

netstat with group by ip adress

– netstat -ntu | awk ‘ $5 ~ /^(::ffff:|[0-9|])/ { gsub(“::ffff:”,””,$5); print $5}’ | cut -d: -f1 | sort | uniq -c | sort -nr

Same as the rest, but handle IPv6 short IPs. Also, sort in the order that you’re probably looking for.

– netstat -nt | awk -F”:” ‘{print $2}’ | sort | uniq -c

 count connections, group by IP and port

Hits: 6

Introduction

One of the more popular products on the market right now is NewRelic for application monitoring. What’s cool is you can also use their Server product to monitor an unlimited number of servers using the same license key. This tutorial will briefly walk you through how to set this up on your ProfitBricks Ubuntu servers.

Setting Up the Pre-Requisites

Before you begin you should first issue an apt-get update command at the shell. Once you’ve pulled the latest updates go ahead and install the following if you do not have these on your server yet:

apt-get install ca-certificates wget

Install and Configure NewRelic Server

First, let’s add the NewRelic apt repository:

echo deb http://apt.newrelic.com/debian/ newrelic non-free >> /etc/apt/sources.list.d/newrelic.list

Next, go ahead and trust the NewRelic GPG key:

wget -O- https://download.newrelic.com/548C16BF.gpg | apt-key add -

Issue another apt-get update to ensure you can install the latest version of NewRelic’s Server product.

apt-get install -y -qq newrelic-sysmond

Finally, it is time to set your license key. If you do not have this key you will need to log into your NewRelic dashboard and retrieve it from your settings. I

nrsysmond-config --set license_key=LICENSE_KEY

Now, just start the service and you’re good to go.

/etc/init.d/newrelic-sysmond start

Hits: 0

– netstat -ntu | awk ‘ $5 ~ /^[0-9]/ {print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

 netstat with group by (ip adress)

netstat has two lines of headers:

Active Internet connections (w/o servers)

Proto Recv-Q Send-Q Local Address Foreign Address State

Added a filter in the awk command to remove them

–  netstat -ntu | awk ‘ $5 ~ /^[0-9]/ {print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

netstat with group by ip adress

– netstat -ntu | awk ‘ $5 ~ /^(::ffff:|[0-9|])/ { gsub(“::ffff:”,””,$5); print $5}’ | cut -d: -f1 | sort | uniq -c | sort -nr

Same as the rest, but handle IPv6 short IPs. Also, sort in the order that you’re probably looking for.

– netstat -nt | awk -F”:” ‘{print $2}’ | sort | uniq -c

 count connections, group by IP and port

Hits: 19

Syntax

The syntax of ip-ranges.json is as follows.

{
  "syncToken": "0123456789",
  "createDate": "yyyy-mm-dd-hh-mm-ss",
  "prefixes": [
    {
      "ip_prefix": "cidr",
      "region": "region",
      "service": "subset"
    }
  ]
}

syncTokenThe publication time, in Unix epoch time format.

Type: String

Example: "syncToken": "1416435608"createDateThe publication date and time.

Type: String

Example: "createDate": "2014-11-19-23-29-02"prefixesThe IP prefixes.

Type: Arrayip_prefixThe public IP address range, in CIDR notation.

Type: String

Example: "ip_prefix": "198.51.100.2/24"regionThe AWS region or GLOBAL for edge locations. Note that the CLOUDFRONT and ROUTE53 ranges are GLOBAL.

Type: String

Valid values: ap-northeast-1 | ap-southeast-1 | ap-southeast-2 | cn-north-1 | eu-central-1 |eu-west-1 | sa-east-1 | us-east-1 | us-gov-west-1 | us-west-1 | us-west-2 | GLOBAL

Example: "region": "us-east-1"serviceThe subset of IP address ranges. Specify AMAZON to get all IP address ranges (for example, the ranges in theEC2 subset are also in the AMAZON subset). Note that some IP address ranges are only in the AMAZON subset.

Type: String

Valid values: AMAZON | EC2 | CLOUDFRONT | ROUTE53 | ROUTE53_HEALTHCHECKS

Example: "service": "AMAZON"

Hits: 18

Etcd Volume Encryption
You must configure etcd volume encryption before bringing up your cluster. You cannot add etcd volume encryption to an already running cluster.

Encrypting Etcd Volumes Using the Default AWS KMS Key
Edit your cluster to add encryptedVolume: true to each etcd volume:

kops edit cluster ${CLUSTER_NAME}

…
etcdClusters:
– etcdMembers:
– instanceGroup: master-us-east-1a
name: a
encryptedVolume: true
name: main
– etcdMembers:
– instanceGroup: master-us-east-1a
name: a
encryptedVolume: true
name: events
…
Update your cluster:

kops update cluster ${CLUSTER_NAME}
# Review changes before applying
kops update cluster ${CLUSTER_NAME} –yes
Encrypting Etcd Volumes Using a Custom AWS KMS Key
Edit your cluster to add encryptedVolume: true to each etcd volume:

kops edit cluster ${CLUSTER_NAME}

…
etcdClusters:
– etcdMembers:
– instanceGroup: master-us-east-1a
name: a
encryptedVolume: true
kmsKeyId:
name: main
– etcdMembers:
– instanceGroup: master-us-east-1a
name: a
encryptedVolume: true
kmsKeyId:
name: events
…
Update your cluster:

kops update cluster ${CLUSTER_NAME}
# Review changes before applying
kops update cluster ${CLUSTER_NAME} –yes

referral -> https://github.com/kubernetes/kops/blob/master/docs/etcd_volume_encryption.md

Hits: 16

• all drives connected, boot the UAC and create a RAID 0 off of the SSD and RAID 1 from both 3.5″ drives
• still in the UAC set the SSD RAID 0 as primary boot device
• shutdown and unplug the storage drives
• boot Ubuntu live CD (i used the iLO remote console) and follow the installation steps
• when asked for the partition to use, select whole partition
• continue until it asks for the GRUB location, by default it should install to sda, but in my case i had to specify sdb, which is the SSD, otherwise it would fail
• after GRUB is installed reboot
• in Ubuntu installation proceed to install the HPVSA driver, i’ll quote Royco on this part:Quotesudo add-apt-repository ppa:hp-iss-team/hp-storage sudo add-apt-repository ppa:hp-iss-team/hpvsa-update sudo apt-get update sudo apt-get install hpvsaNext blacklist AHCI:sudo nano /etc/modprobe.d/blacklist.conf add and save: blacklist = ahci sudo update-initramfs –u sudo reboot
• the last reboot might not be required, though i guess it doesn’t harm either
• shutdown and plug in the two storage drives
• next boot to Ubuntu, where you hopefully find two drives, of which the latter one is the RAID 1 AND the fans spin at 6% in idle

Hits: 0