Ubuntu: Testing authenticated SMTP over TLS/SSL

SMTP mail relays exposed to the internet typically use a combination of SSL and authenticated SMTP to avoid abuse by malicious actors.

This is an excellent choice from a security perspective, but makes smoke testing a bit more complex than just opening telnet.

Continue reading “Ubuntu: Testing authenticated SMTP over TLS/SSL”

Zabbix: LLD low-level discovery returning multiple values

Zabbix low-level discovery (LLD) provides a way to create an array of related items, triggers, or graphs without needing to know the exact number of entities up front.

The easiest way to populate the keys of a discovery item is to add a “UserParameter” in zabbix_agentd.conf, and then the Zabbix agent will  invokes a script which returns the set of keys.

But the keys are only the first part of a real solution, because what you really want to send back are the values associated with those keys.  For example, if you are monitoring a database, you don’t want to just send the list of tables available, you may want to send back each table name and then its row count and size on disk.

Unfortunately Zabbix does not support sending back multiple values [1,2,3,4].  There are various workarounds such as using one UserParameter for the discovery key and another with a UserParameter=key[*] to fetch each row of data, or using vfs.file.regexp to parse values that have been written to a file.

But I think the cleanest solution, and one that requires the minimal number of spawned processes on the agent host is to invoke zabbix_sender from inside the script to send back all the values you want to populate.

Continue reading “Zabbix: LLD low-level discovery returning multiple values”

Docker: Visualizing image hierarchy and container dependency using dockviz

The Docker console commands for listing and viewing containers and images (ps, images, history, inspect) provides a wealth of information, but when you are managing hundreds of containers, a graph view of the container inventory and their dependencies can be critical for operations.

Dockviz can help you visualize your containers and images by creating an PNG image representing the container links and image lineage.

Continue reading “Docker: Visualizing image hierarchy and container dependency using dockviz”

GoLang: Running a Go binary as a systemd service on Ubuntu 16.04

The Go language with its simplicity, concurrency support,  rich package ecosystem, and ability to compile down to a single binary is an attractive solution for writing services on Ubuntu.

However, the Go language does not natively provide a reliable way to daemonize itself.  In this article I will describe how to take a couple of simple Go language programs and run them using a systemd service file that starts them at boot time on Ubuntu 16.04.

Continue reading “GoLang: Running a Go binary as a systemd service on Ubuntu 16.04”

ELK: Connecting to ElasticSearch with a Go client

ElasticSearch very often serves as a repository for monitoring, logging, and business data.  As such, integrations with external system are a requirement.

The Go programming language with its convenient deployment binary and rich set of packages can easily serve as a bridge between these systems and the ElasticSearch server.

We will use the olivere/elastic package for this purpose, it is well maintained and has support for both ElasticSearch 5.x and 2.x depending on your import statement.  In this article, we will be hitting an ElasticSearch 2.x backend.

Continue reading “ELK: Connecting to ElasticSearch with a Go client”

GoLang: Running a Go binary as a SysV service on Ubuntu 14.04

The Go language with its simplicity, concurrency support,  rich package ecosystem, and ability to compile down to a single binary is an attractive solution for writing services on Ubuntu.

However, the Go language does not natively provide a reliable way to daemonize itself.  In this article I will describe how to take a couple of simple Go language programs, run them using SystemV init scripts with their own process owner, standard logs, and started at boot time on Ubuntu 14.04.

Continue reading “GoLang: Running a Go binary as a SysV service on Ubuntu 14.04”

Zabbix: Sending Zabbix metrics using a Go client

The open-source Zabbix monitoring solution has a published, simple binary protocol that allows you to send metrics to the Zabbix server without relying on the Zabbix Agent – which makes it very convenient for integration with other parts of your infrastructure.

In this article, I’ll show how to use the go-zabbix package for sending metrics to the Zabbix server.  If instead you were looking to manipulate the backend server definitions (host, templates, hostgroups, etc.) using the REST API, then see my other article here.

Continue reading “Zabbix: Sending Zabbix metrics using a Go client”

GoLang: Glide for Go language package management

Downloading 3rd party packages from github is made very simple in the Go language with the import statement. But similar to other languages, the complexity of versions and inter-dependencies begs the use of a package manager for any projects that are non-trivial (think npm for Javascript, pip for Python, Maven for Java, etc.).

Glide is a package manager for the Go programming language that can greatly ease the chore of package management by supporting package independence between projects, versioning, and non-master branches.

Continue reading “GoLang: Glide for Go language package management”

Zabbix: Zabbix REST API using a Go client

The open-source Zabbix monitoring solution has a REST API that provides the ability for deep integrations with your existing monitoring, logging, and alerting systems.

This fosters development of community-driven modules like Ryan Day’s zabbix Go language package, which is an easy way to automate Zabbix tasks like creating hosts and manipulating other back end structures.

One of the nice things about the Go language is that libraries are generally statically linked into a single executable, so you only need to copy over a single executable.  You don’t have to copy 3rd party jars (Java) or require an internet connection to pypi from production system (Python).

Continue reading “Zabbix: Zabbix REST API using a Go client”

GoLang: Vendor directory for github branches other than master

Using 3rd party packages from github is made very simple in the Go language with the import statement.  But one problem is that “go get” will always pull the HEAD of the master branch and there is no way to explicitly specify another branch.

The ultimate answer would be to use a package dependency manager like Glide, which I describe in this article.  But if you cannot introduce Glide into your workflow yet then manually populating the vendor directory (enabled by default since 1.6) is a viable alternative.

Continue reading “GoLang: Vendor directory for github branches other than master”

GoLang: Cross Compiling for Linux and Windows platforms

A nice feature of the Go language is the ability to build binaries for multiple platforms directly from a single source system.  As an example, even from a development Windows 7 32-bit machine, you can build binaries for both 64 bit Linux and Windows 2012 Servers.

Before Go 1.5, you needed a compiler for the target architecture, but now that the entire tool chain is written in Go, building for multiple architectures is easy.

And unlike other languages where additional external libraries need to be copied or downloaded on the target system, Go dependencies are generally statically linked [1,2,3,4] into a single binary which makes portability that much easier.

Continue reading “GoLang: Cross Compiling for Linux and Windows platforms”

GoLang: Installing the Go Programming language on Ubuntu 14.04

The Go programming language has gotten considerable momentum, and the fact that it compiles down to machine code has made it popular in containers like Docker where a single executable binary fits the execution model perfectly.

This article will detail installation on Ubuntu 14.04 with the standard hello world validation.

Continue reading “GoLang: Installing the Go Programming language on Ubuntu 14.04”

SaltStack: Combine multiple pillar files under a single key

saltstack_logo-thumbnailAn issue that keeps coming up on the mailing lists as well as Stackoverflow[1,2] is how to merge multiple pillar files for use with a single state.  The problem is that pillars using the same key overwrite each other, and there is no easy way to express the desire to merge instead.

There are various workarounds, but all of these expect the human operator to know about these disparate sources and manually mend them together with a unifying sls file (using includes or anchors/references).

The state and pillar files in this article can be downloaded from my github page.

Continue reading “SaltStack: Combine multiple pillar files under a single key”

ELK: Using Ruby in Logstash filters

elastic-logstash-fwLogstash has a rich set of filters, and you can even write your own, but often this is not necessary since there is a out-of-the-box filter that allows you to embed Ruby code directly in the configuration file.

Using logstash-filter-ruby, you can use all the power of Ruby string manipulation to parse an exotic regular expression, an incomplete date format, write to a file, or even make a web service call.

Continue reading “ELK: Using Ruby in Logstash filters”

Zabbix: Accessing Zabbix using the py-zabbix Python module

The open-source Zabbix monitoring solution has a REST API that provides the ability for deep integrations with your existing monitoring, logging, and alerting systems.

This fosters development of community-driven modules like the py-zabbix Python module, which is an easy way to automate Zabbix as well as send/retrieve metrics.

Continue reading “Zabbix: Accessing Zabbix using the py-zabbix Python module”

SaltStack: Creating a ZooKeeper External Pillar using Python

saltstack_logo-thumbnailSaltStack has the ability to create custom states, grains, and external pillars.  There is a long list of standard external pillars ranging from those which read from local JSON files, to those that pull from EC2, MongoDB, etcd, and MySQL.

In this article, we will use Apache ZooKeeper as the storage facility for our SaltStack pillar data.  ZooKeeper is used extensively for configuration management and synchronization of distributed applications, so it makes sense that it could serve as a central repository for pillar data.

Continue reading “SaltStack: Creating a ZooKeeper External Pillar using Python”

Python: Using Python, JSON, and Jinja2 to construct a set of Logstash filters

python-logoPython is a language whose advantages are well documented, and the fact that it has become ubiquitous on most Linux distributions  makes it well suited for quick scripting duties.

In this article I’ll go through an example of using Python to read entries from a JSON file, and from each of those entries create a local file.  We’ll use the Jinja2 templating language to generate each file from a base template.

Our particular example will be the generation of Logstash filters for log processing, but the techniques for using JSON to drive Python processing or Jinja2 templating within Python are general purpose.

Continue reading “Python: Using Python, JSON, and Jinja2 to construct a set of Logstash filters”

SaltStack: Validating States of Minion without Execution

saltstack_logo-thumbnailBefore running state.apply against a minion, especially in a production environment, a good sanity test can be to list the states that will be executed without actually running those states.

This can be done by adding tests=True to the end of the state command. For example, to check all the states that will be applied to a minion:

salt 'myminion' state.apply tests=True

Or to check which states would be run for the apache formula:

salt 'myminion' state.sls apache tests=True

 

GIT: Calling git Clone Using Password with Special Character

gitlogoIt is more popular to use an ssh key instead of a password when automating a git clone from a guest OS.  But if you do need to specify the password directly into the console command, it takes this form:

$ git clone https://<user>:<password>@<gitserver>/<path>/<repo>.git

Which works fine if the password is plaintext, but if it has special characters like an exclamation mark, you need to use percent encoding which is often called URL encoding.

Continue reading “GIT: Calling git Clone Using Password with Special Character”

Sending SMTP Mail from Windows Using PowerShell

When working from the Windows command line, you can do a quick test to validate your SMTP connectivity using PowerShell:

 

c:\> Powershell -executionpolicy bypass

PS c:\> Send-MailMessage –to <TO> –from <FROM> –subject "testing123" –body "this is a test" –smtpserver <SMTPServer> -port 25

And if the mail server is accessed over TLS/SSL with SMTP authentication enabled:

PS c:\> Send-MailMessage –to <TO> –from <FROM> –subject "testing456" –body "this is a secure test" –smtpserver <SMTPServer> -port 587 -UseSsl -Credential (Get-Credential)

This is easier than going down to telnet, which is typically not installed on a modern Windows host: Continue reading “Sending SMTP Mail from Windows Using PowerShell”