Monitoring postgresql

When running a database as part of your application it’s important that you proactively monitor, perform maintenance and tune your queries on a regular basis.

Especially in cloud based installations, at the outset, you need to consider what services and subsciption levels or features you might receive that can give you fault tollerent infrastructure with load balanced or higher performance at scale out.

For example: There’s little point running your Live database on the Azure platform in ‘Basic’ mode when you want to use geo location recovery or need high guaranteed IOPS.

Monitoring the correct method will give you the correct insight into why your database sometimes is a bottleneck or you want you know when to build an addition instance for scalability.

Read more detail

Mesosphere and Kubernetes, what you need to know about Orchestration

Apache Messos and Kubernetes compared directly as container orchestrators to each other but they where built with different goals in mind.

Messos was designed to simply and manage fault tolerant elastic services, such as Kubernetes. Kubenetes however was designed to manage containers

Why does this matter for container orchestration? Ultimately, most
developers want the ease and feature set of a PaaS to deploy their
applications, but both developers and PaaS’s tend to be opinionated
about their technologies and workloads, so one size fits all PaaS’s
rarely succeed broadly.

The Mesos team recognised this early and designed Mesos so users
could build opinionated workflows on top of it without being
opinionated itself.

Kubernetes launched a great API and CLI that most developers love.Mesosphere saw the potential and invested in bringing the tools into Messos.

Mesos has put together a short history of mesos and container
orchestrators by focusing on different container orchestrators and
the companies who use them.

Download the full detail in this 8MB PDF:

Mesosphere-A-Short-History-of-Container-Orchestration

Delivering Kubernetes containers using atomist


Atomist provides the framework for software delivery. It’s like Rails or Spring Boot for delivering your software.

Atomist automates your software deliver experience. Teams often deliver modern software using this tool.

Cloud native applications are different, with many small, fast-moving services. Each service has its own pipeline for steps such as code formatting, vulnerability scanning, tests against staging instances and production deployment. Each pipeline integrates various tools. All these steps and tools across many services quickly become overwhelming.

Read on on how you can use Kubernetes, the easy way

Redhat OpenShift: Technology Preview 2 of Service Mesh Now Available


In this release redhat have added a whole new user interface from the upstream Kiali project. The Kiali user interface can help Istio users understand what’s happening in their service mesh, can show how the various components are connected, and can help to detect issues (HTTP 500, pod not started, misconfigurations) to better fix those.
An animated graph helps provide a more natural way to visualize both the inter-component request latency (speed of the dots) and the amount of traffic between two components

For further details please read this

Jenkins CI/CD in 5 mins

Jenkins aka hudson is still the most prominent Devops tool (since 2004) for Continuous Integration and Continuous Deployment

This is a (very) quick guide to running Jenkins within a Containerisation environment, locally using Docker on your laptop.

You maybe a single developer or just a small team. Why run Jenkins on a costly Virtual Machine in the cloud when you can run it locally on you laptop, or on an old PC or laptop in the office, but only when you need it (saving$)

  1. Install docker https://docs.docker.com/getting-started on you laptop
  2. Download docker image from dockerhub
  3. Run docker container

For further instructions see image above.

For a munch longer complete 8 hr trading video on Devops CI/CD pipelines see Video

fail2ban automatic Intrusion Detection and Prevention software

ftpuzerfail2ban ips/ids works on any Linux server and protects your system with automatic firewall block of anyone trying to access your server maliciously and block their public ip for periods or indefinitely.

The Ban can be extended and the amount of invalid passwords or invalid page requests and can be triggered to tighten the prevention of abuse of the server.

Install fail2ban using you favorite package manager

apt-get install fail2ban
yum install fail2ban

service fail2ban start

show firewall rules including any blocked IPs:

root@someserver:/etc/fail2ban/jail.d# iptable -list
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-sshd tcp — anywhere anywhere multiport dports ssh

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain f2b-sshd (1 references)
target prot opt source destination
REJECT all — 148.252.128.163 anywhere reject-with icmp-port-unreachable <——Banned Ip for jail sshd
RETURN all — anywhere anywhere

remove Baned IP from iptables
!***However this leaves to IP still listed in fail2ban and wont block again, so see next section

root@someserver:/etc/fail2ban/jail.d# iptables -D f2b-sshd 1
at

Need to remove this from fail2ban

<pre>root@someserver:/etc/fail2ban/jail.d# fail2ban-client status
Status
|- Number of jail: 1
`- Jail list: sshd
</pre>

list the contents of the jail

root@someserver:/etc/fail2ban/jail.d# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
| |- Currently failed: 0
| |- Total failed: 11
| `- File list: /var/log/auth.log
`- Actions
|- Currently banned: 1
|- Total banned: 1
`- Banned IP list: 148.252.128.163

unban ip
fail2ban-client set sshd unbanip 148.252.128.163

check the ban is off

tail -f /var/log/fail2ban.log
2018-06-30 09:09:03,416 fail2ban.actions [18644]: NOTICE [sshd] Unban 148.252.128.163

When testing and using an invalid user and password using ssh, it triggers regex 3 times:

2018-06-30 09:10:52,845 fail2ban.filter [18644]: INFO [sshd] Found 148.252.128.163
2018-06-30 09:11:00,098 fail2ban.filter [18644]: INFO [sshd] Found 148.252.128.163
2018-06-30 09:11:06,266 fail2ban.filter [18644]: INFO [sshd] Found 148.252.128.163
2018-06-30 09:11:06,274 fail2ban.actions [18644]: NOTICE [sshd] Ban 148.252.128.163 <——Ban enforced after 3 retries(maxretry)

The default for ssh is 5 retry’s in 60 Seconds. I have decreased this to 3 by adding entry ‘maxretry = 3’ to file in /etc/fail2ban/jails.d

Further Details and full list of commands
https://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Jail_Options

How to Manually Unblock / Unban IP Address in fail2ban

Changing WordPress Author of Article from Admin user

Its not good practice to list the authors of a wordpress arcticle, especially if they are an admin user of wordpress. This would give a hacker valid username and they can then attempt to guess the password and then have full access to wordpress site.

Should you need to change the name of the Author who wrote an arcticle or ‘post’ in wordpress, here’s the Dbase sql statement to do that:

  • login to mysql database on linux command line as wordpress user mysql -uwpressuser -p  wordpressdb
  • find list of users and there author id’s

select * from wp_users;

  • Then find list of articles and list by author with id 1

select ID,post_author, post_date, post_title from wp_posts where post_author=1;

Finally, to alter the posts author ID to an alternative NON admin user:

update wp_posts SET post_author=5 where ID=238;

If you would like to remove the users name altogether from future posts read this

Container Adoption Trends for 2019

The Datadog survey updated in June 2018 shows a trend where 25% of companies have already adopted Docker and the remaining ones are catching up very fast.

Kubernetes, OpenShift, Apache Mesos, and Docker Swarm, managing a platform or infrastructure with thousands of containers is now much easier. One engineer alone can now manage the heterogeneous deployments of containerized application, with the help of automation power provided by orchestrators.

A couple of years back databases were thought to be something which was kept outside of container technology, but today we have NuoDB which is a container-native and cloud-native database especially designed and developed to run on containers to support WebScale capabilities at a database level.

The benefits of containers over the VMs are already proven in applications world, so there is a very high interest across industry to reap the same benefits for telco VNFs also.RedHat &ONAP also covers this in details in internal documents

If you would like to read the full article Click Here