Having Zabbix send alert mails directly to user groups is typically outgrown as the system matures and the number of alerts increase, new lines of business and engineering groups are on-boarded, and on-call scheduling is implemented. If you already use PagerDuty for on-call scheduling, then it makes perfect sense to have Zabbix create incidents in … Zabbix: Alert to PagerDuty using Zabbix3
As part of normal long-term operations, the number of kernel images on your system will accumulate and take up disk space. This issue with space will be even more pronounced if /boot is mounted to its own smaller partition. With Ubuntu 16.04, ‘apt autoremove –purge’ and configuration of the unattended upgrades can ensure that old … Unbutu: Removing unused kernel images and headers
Oracle VirtualBox as a virtualization engine paired with Vagrant provides a cross-platform virtualization-agnostic workflow for Linux, Windows, and MacOS. It is light enough to allow a developer to setup, test, and tear down virtual infrastructure as part of a unit test. You may find yourself in a position where you have built a VM in … VMware: Exporting from Oracle VirtualBox/Vagrant to vCloud Director
The ELK stack (ElasticSearch-Logstash-Kibana), is a horizontally scalable solution with multiple tiers and points of extension and scalability. Because so many companies have adopted the platform and tuned it for their specific use cases, it would be impossible to enumerate all the novel ways in which scalability and availability had been enhanced by load balancers, … ELK: Architectural points of extension and scalability for the ELK stack
The heart of the ELK stack is Elasticsearch. In order to provide high availability and scalability, it needs to be deployed as a cluster with master and data nodes. The Elasticsearch cluster is responsible for both indexing incoming data as well as searches against that indexed data. Resources As described in the documentation, if there … ELK: Scaling an ElasticSearch Cluster
The most varied point in an ELK (Elasticsearch-Logstash-Kibana) stack is the mechanism by which custom events and logs will get sent to Logstash for processing. Companies running Java applications with logging sent to log4j or SLF4J/Logback will have local log files that need to be tailed. Applications running in containers may send everything to stdout/stderr, … ELK: Feeding the logging pipeline
If you are running an Ubuntu server for any extended period of time, security issues will arise that affect the kernel, distribution, or packages installed on that host. While there is a minimal stability risk with automatically applying security fixes, I feel those are dwarfed by the risks of running hosts that have known security … Ubuntu: Unattended Upgrades for security patches
Although the ELK stack has rich support for clustering, clustering is not supported over WAN connections due to Elasticsearch being sensitive to latency. There are also practical concerns of network throughput given how much data some installations index on an hourly basis. So as nice as it would be to have a unified, eventually consistent … ELK: Federated Search with a Tribe node
Kibana is the end user web application that allows us to query Elasticsearch data and create dashboards that can be used for analysis and decision making. Although Kibana can be pointed to any of the nodes in your Elasticsearch cluster, the best way to distribute requests across the nodes is to use a non-master, non-data … ELK: Pointing Kibana to a Client Node
SaltStack has the ability to create custom states, grains, and external pillars. There is a long list of standard external pillars ranging from those which read from local JSON files, to those that pull from EC2, MongoDB, etcd, and MySQL. In this article, we will use Apache ZooKeeper as the storage facility for our SaltStack … SaltStack: Creating a ZooKeeper External Pillar using Python
It may be hard to imagine on the development side, but there are instances where a deployed host is not accessible from the Salt Master in a production environment. This forces a bit of creativity if you have a set of standard formulas you need to apply to the host. For instance, imagine a host … SaltStack: Running a masterless minion on Ubuntu
Python is a language whose advantages are well documented, and the fact that it has become ubiquitous on most Linux distributions makes it well suited for quick scripting duties. In this article I’ll go through an example of using Python to read entries from a JSON file, and from each of those entries create a … Python: Using Python, JSON, and Jinja2 to construct a set of Logstash filters
For full instructions on installing the AppDynamics Controller on Linux, see the official documentation. However, when you get to the step for installing in silent mode, it can be confusing because although it shows you how to specify the path to a response file and the keys available, it does not give you a sample … AppDynamics: Silent Install of Controller on Ubuntu and license directory
Decompiling Java classes is sometimes associated with dubious behavior around proprietary and licensed software, but in reality there are many valid reasons why one may find it necessary to dig into Java class files and jar/war archives. It may be as simple as your development team no longer having the 5 year old version of … Ubuntu: Decompiling Java classes on Ubuntu using Eclipse and JD-GUI
The Dirty COW vulnerability affects the kernel of most base Ubuntu versions. Especially when running an Ubutu HWE stack, it can be a bit confusing to determine if your kernel and Ubuntu version are affected. If you need to validate patching, then you can use a simple C program to exercise this read-only write vulnerability … Ubuntu: Determine system vulnerability for Dirty COW CVE-2016-5195
The Logstash Indexing layer receives data from any number of input sources, transforms the data, and then submits it to Elasticsearch for indexing. Transforming and extracting data from every event can be both I/O as well as CPU intensive. Horizontal or Vertical Vertical scaling will only go so far in the Logstash indexing layer. In … ELK: Performance of the Logstash Indexing layer
When automating software and infrastructure, it is not uncommon to need to supply a user id and password for installation or other operations. While it is certainly possible to pass these plaintext credentials directly in the state, this is not best practice. # not best practice!!! testdb_user: mysql_user.present: – name: frank – password: “test3rdb” – … SaltStack: Keeping Salt Pillar data encrypted using GPG
When using jinja2 for SaltStack formulas you may be surprised to find that your global scoped variables do not have ability to be modified inside a loop. Although this is counter intuitive given the scope behavior of most scripting languages it is unfortunately the case that a jinja2 globally scoped variable cannot be modified from … SaltStack: Setting a jinja2 variable from an inner block scope
SLF4J, the Simple Logging Facade for Java, is a popular front for various logging backends, one of the being Logback. With the advent of containerization, using syslog to send data to remote logging infrastructure has become a popular transport method. Enable Syslog Input The first step is to enable the receipt of syslog messages. This … Syslog: Sending Java SLF4J/Logback to Syslog
Logging has always been a critical part of application development. But the rise of OS virtualization, applications containers, and cloud-scale logging solutions has turned logging into something bigger that managing local debug files. Modern applications and services are now expected to feed log aggregation and analysis stacks (ELK, Graylog, Loggly, Splunk, etc). This can be … Syslog: Sending Java log4j2 to rsyslog on Ubuntu
SaltStack grains are used for relatively static information such as operating system, IP address, and other system properties. They are also useful for targeting minions, for example whether a system is part of dev/test/prod, or a flag on whether it falls under LifeScience or HIPAA regulation. In this article we will implement a custom grain … SaltStack: Creating a Custom Grain using Python
The prevalence of the long chains of firewall and reverse proxy solutions present in production infrastructure (and made even more popular with the dynamic routing introduced with containers) has made analysis of the end-user side of the network exchange a critical tool in troubleshooting. Fiddler has long been a solid tool for both proxy capture … Ubuntu: Using Fiddler to analyze Chrome/Firefox network capture
If you installed (or upgraded to) a later Ubuntu point release: >= 12.04.2, >=14.04.2, or >=16.04.2, you may now be wondering why the system is warning you upon every login that you will no longer receive security updates. WARNING: Security updates for your current Hardware Enablement Stack ended on 2016-08-04: * http://wiki.ubuntu.com/1404_HWE_EOL Although the first … Ubuntu: HWE Hardware Enablement Stacks, LTS, and the Kernel
In a production environment, it is common to have restricted internet access on the production deployment hosts. This means that using the standard ‘npm install’ and pulling modules from the registry.npmjs.org repository is not an option. Given the breadth of the dependency graph required for most modules, this packaging is something you want automated without … Node.js: Packaging modules for offline deployment using npm-bundle
When tasked with deploying a web application and it is not responsive to your browser requests, sometimes you need to take a step back from the complexity of your full stack and run a quick sanity check. You can use netcat as a simple web server to prove to yourself that the network infrastructure is … Ubuntu: Simulating a Web Server using Netcat
Although virtualization has pushed a self-service culture for infrastructure, it is still common in production environments to need your Network Operations team to open the required ports necessary for any new application deployment. So, while you may be able to create the base virtualized host, you can’t go much further without the network connectivity. And … Ubuntu: Pre-Validate Network ACL and Firewall Connectivity with Netcat
When troubleshooting basic connectivity from your SaltStack minions to your Salt master, the first thing to remember is the basic flow – the minions initiate the connection to port 4505/4506 on the Salt master. With this in mind, if you have modified /etc/salt/minion so that the master is explicitly set and logs are set to … SaltStack: Troubleshooting Basic Network Connectivity of Minion on Ubuntu
If your Ubuntu host is authenticating against an Active Directory Domain Controller, you may find there are multiple subdomains or transitive trusts visible. Which is not a problem in most cases – but if your host is in a subnet where a connection to these other subdomain or transitive trust domains is not possible, you … Ubuntu: Ignoring Transitive Trust Domains when using Samba/Winbind
By default, LuCI, the web admin interface for OpenWrt is not HTTPS enabled. This may not be a critical issue for you since it is a LAN facing service, but the type of infrastructure information being exchanged combined with the fact that it is usually accessed over WiFi protocols might make you want to consider … OpenWrt: Enabling HTTPS for the LuCI Web Admin Interface
Flashing the firmware of the Linksys WRT1X00AC/S is well documented on the OpenWrt wiki. So I don’t feel the need to go over the architectural concepts in this article, but I did want to provide instructions for the Ubuntu specific tools you can use to flash the firmware. If you want to try flashing to … OpenWrt: Flashing Linksys WRT1X00AC/S from USB-TTL Using Ubuntu
The stable OpenWrt images are built with LuCI, an OpenWrt web administration interface. But if you are using the bleeding edge or trunk OpenWrt images, then you won’t get this package. Luckily, it is not difficult to add the LuCI package to the install. As long as you have Dropbear enabled for ssh access, or … OpenWrt: Installing LuCI Web Interface after Deploying latest OpenWrt Image
There are four main repositories for Ubuntu: Main, Universe, Restricted, and Multiverse. The Ubuntu CD contains the packages from the Main and Restricted repositories, so even if you do not have an Internet connections those will be available. However, if you have booted from the LiveCD, and did not initially configure a wired or wireless … Ubuntu: Enabling the Ubuntu universe Repository
The Trivial File Transfer Protocol (TFTP) is an extremely simple protocol most often used for network booting strategies, such as PXE and flashing OpenWrt images unto consumer routers. I go over full instructions for flashing OpenWrt using Ubuntu and flashing a sysupgrade in another post, this article will focus specifically on setting up a tftp … OpenWrt: Installing a TFTP Server on Ubuntu for OpenWrt Firmware Updates
Before running state.apply against a minion, especially in a production environment, a good sanity test can be to list the states that will be executed without actually running those states. This can be done by adding tests=True to the end of the state command. For example, to check all the states that will be applied … SaltStack: Validating States of Minion without Execution
It is more popular to use an ssh key instead of a password when automating a git clone from a guest OS. But if you do need to specify the password directly into the console command, it takes this form: $ git clone https://<user>:<password>@<gitserver>/<path>/<repo>.git Which works fine if the password is plaintext, but if it … GIT: Calling git clone using password with special character
If you experience hanging when installing the gutenprint drivers for a network printer from the desktop, try manually installing the gutenprint drivers from the console first. Most likely, you will see a screen like below, and the progress bar will continually cycle but never end. If you can’t cancel, you can use the ‘xkill’ command … Ubuntu: Hang While Installing gutenprint as Network Driver
In production data centers, it is not uncommon to have limited public internet access due to security policies. So while running ‘apt-get’ or adding a repository to sources.list is easy in your development lab, you have to figure out an alternative installation strategy because you need a process that looks the same across both development … Ubuntu: Installing Packages without Public Internet Access
Update Feb 2021: See my newer article on extending an LVM volume group on Ubuntu Focal using either the same physical disk or a new disk using parted. It is common for a virtualized Guest OS base image to have a generic minimal storage capacity. But this capacity can easily be exceeded by production … Ubuntu: Extending a virtualized disk when using LVM
We live in a multi-platform world, and the ability to easily share folders of content between users in the same protected network is a function made very convenient in the Windows world with CIFS shares (e.g. \\mydesktop\sharedfolder). Luckily for Ubuntu users, it is pretty easy to setup CIFS shares to offer that same interoperability with … Ubuntu: Creating a Samba/CIFS share to quickly share files with Windows
Content Packs are plugins that allow you you to create pre-packaged knowledge about specific event types. For example, you can create a content pack that knows how to extract fields from one of your custom log sources. Beyond extracted fields, you can also add saved queries, aggregations, alerts, dashboards, and visualizations. Incoming Events from Agent … vRealize Log Insight: Creating your own content pack for field extraction