Very interesting intro to Docker: https://www.toptal.com/devops/getting-started-with-docker-simplifying-devops
Category Archives: Uncategorized
How to block spoofed emails on Exchanhge 2013
Needed to stop some of the ransomware that is spreading in the net.
Create your SPF records, listing the IP addresses. Try to avoid using “mx” in the SPF record, since it can cause issues with the SPF checking for your own domain. Use “-” for hardfail
domain.com. IN TXT “v=spf1 ip4:IP/mask -all”
Install the AntiSPAM agents
$env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1
Set the action for Spoofed Domain as Reject
Set-SenderIDConfig -SpoofedDomainAction Reject
Example of a spoofing attempt blocked by the Agent
... 250 XRDST mail from: john@domain.com 250 2.1.0 Sender OK rcpt to: john@domain.com 250 2.1.5 Recipient OK data 354 Start mail input; end with <CRLF>.<CRLF> Subject: Spoofing test . 550 5.7.1 Sender ID (PRA) Not Permitted
How to install ansible 1.9 on Ubuntu 14.04, now that Ansible 2.0 is released
Now that ansible 2.0 is released, if you try to install from ppa repositories, that version will be installed. Since there are plenty of ansible roles not ready for ansible 2.0, you may need to install previous major version. One way to do it is with pip:
sudo apt-get install python-pip python-dev sudo pip install ansible==1.9.3
Start a Docker host in AWS with docker-machine
Download the appropriate binary for your workstation:
https://docs.docker.com/machine/
sudo curl -L https://github.com/docker/machine/releases/download/v0.2.0/docker-machine_linux-amd64 > /usr/local/bin/docker-machine sudo chmod +x /usr/local/bin/docker-machine
Create the host
docker-machine create docker -d amazonec2 \ --amazonec2-access-key ABCDEFGHIJKLMNOP \ --amazonec2-secret-key '1234567890abcdefghijklm' \ --amazonec2-subnet-id subnet-12345678 \ --amazonec2-vpc-id vpc-1234abcd \ --amazonec2-zone c
What you get:
INFO[0001] Launching instance... INFO[0026] Waiting for SSH on 54.165.56.23:22 sudo: unable to resolve host ip-10-2-0-254 sudo: unable to resolve host docker sudo: unable to resolve host docker INFO[0242] "docker" has been created and is now the active machine. INFO[0242] To point your Docker client at it, run this in your shell: eval "$(docker-machine env docker)"
Los números de 2014
Los duendes de las estadísticas de WordPress.com prepararon un informe sobre el año 2014 de este blog.
Aquí hay un extracto:
La sala de conciertos de la Ópera de Sydney contiene 2.700 personas. Este blog ha sido visto cerca de 31.000 veces en 2014. Si fuera un concierto en el Sydney Opera House, se se necesitarían alrededor de 11 presentaciones con entradas agotadas para que todos lo vean.
Automate Nagios configuration with Puppet – Part 3
In this third post about Automate Nagios configuration with Puppet, we will add services to our managed hosts, and streamline the monitoring of them with new Nagios checks.
It’s a continuation of the previous labs: Automate Nagios Configuration with Puppet – Part 1 and Part 2
First we will deploy the Apache daemon to our managed hosts. For this let’s create the httpd module, with 2 sub-classes, one for installing and enabling the service, and the other to copy a test file from the Puppet Fileserver.
class httpd { include httpd::install include httpd::testfile }
class httpd::install { package { [ httpd, php ]: ensure => installed, } service { httpd: ensure => running, enable => true, require => Package[httpd], } }
class httpd { include httpd::install include httpd::testfile }
class httpd::testfile { file { "/var/www/html/test.html": mode => 440, owner => apache, group => apache, source => "puppet:///modules/httpd/test.html" } }
test page</pre> <h1>Test Page</h1> <pre>
To define the new Nagios checks, we will use a sub class on the Nagios modile already built in the previous posts. We are using a check_http command to connect remotely to the test page, and a check_procs command run via NRPE to verify that the httpd processes are present.
class nagios::target::httpd { @@nagios_service { "check_http_${hostname}": check_command => "check_http!-u /test.html", use => "generic-service", host_name => "$fqdn", notification_period => "24x7", service_description => "${hostname}_check_http" } file_line { "command_check_httpd": line => "command[check_httpd]=/usr/lib64/nagios/plugins/check_procs -C httpd -c 1:", path => "/etc/nagios/nrpe.cfg", ensure => present, notify => Service["nrpe"], } @@nagios_service { "check_httpd_${hostname}": check_command => "check_nrpe!check_httpd", use => "generic-service", host_name => "$fqdn", service_description => "${hostname}_check_httpd" } }
Finally we add the corresponding classes to our nodes using the manifest file
node 'core.example.local' { include nagios::monitor include nagios::nrpe-command } node 'web01.example.local' { include nagios::target include nagios::nrpe include httpd include nagios::target::httpd }
Once the puppet agents run on the managed node and nagios server, the monitoring of Apache will be ready:
Automate Nagios Configuration with Puppet
This is a full lab to show the automation of nagios configurations with Puppet, using CentOS 6.5. It’s based on the examples of the Exported Resources documentation on the PuppetLabs website: http://docs.puppetlabs.com/guides/exported_resources.html
It’s also published in Github: https://github.com/gfolga/puppet-nagios-lab
Nagios / Puppet Server | core |
Domain name | example.local |
Monitored server | web01 |
Puppet version | 3.4 |
Additional Puppet packages | PuppetDB, puppet-dashboard |
Nagios version | 3.5 |
Additional Nagios packages | nagios-plugins, nagios-plugins-all |
Puppet/Nagios server configuration
Do a minimal install of CentOS
Configure Networking
Update packages
yum update -y
Add puppet & epel repositories
rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm -ivh https://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpm
Install puppet packages
yum install -y puppet puppet-server puppetdb puppet-dashboard puppetdb-terminus
Configure PuppetDB and Puppet Master:
cat <<END > /etc/puppet/puppetdb.conf [main] server = core.example.local port = 8081 END cat <<END >> /etc/puppet/puppet.conf [master] storeconfigs = true storeconfigs_backend = puppetdb reports = store,puppetdb END cat <<END > /etc/puppet/routes.yaml --- master: facts: terminus: puppetdb cache: yaml END
Run the SSL Configuration Script
/usr/sbin/puppetdb ssl-setup
Enable and start services
puppet resource service puppetdb ensure=running enable=true puppet resource service puppetmaster ensure=running enable=true
Test puppet agent and puppetdb
puppet agent --server core.example.local -t
Module for install and initalization of nagios
cd /etc/puppet mkdir modules/nagios mkdir modules/nagios/manifest chmod 755 modules/nagios/ chmod 755 modules/nagios/manifests/ vi modules/nagios/manifests/monitor.pp
class nagios::monitor { package { [ nagios, nagios-plugins, nagios-plugins-all ]: ensure => installed, } service { nagios: ensure => running, enable => true, #subscribe => File[$nagios_cfgdir], require => Package[nagios], } # collect resources and populate /etc/nagios/nagios_*.cfg Nagios_host <<||>> Nagios_service <<||>> }
chmod 644 modules/nagios/manifests/monitor.pp
Monitored server configuration
Do a minimal install of CentOS
Configure Networking
Update packages
yum update -y
Add puppet & epel repositories
rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm -ivh https://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-7.noarch.rpm
Install puppet packages
yum install -y puppet
Add a host entry on the puppet server for the monitored host
puppet resource host web01.example.local ip="192.168.112.15"
Add a host entry on the monitored host for the puppet server
puppet resource host core.example.local ip="192.168.112.14"
Initialize agent
puppet agent --test --server core.example.local
Sign cert on the puppet server
puppet cert sign web01.example.local
Create puppet module file and include it in the node definition
vi modules/nagios/manifests/target.pp
class nagios::target { @@nagios_host { $fqdn: ensure => present, alias => $hostname, address => $ipaddress, use => "linux-server", } @@nagios_service { "check_ping_${hostname}": check_command => "check_ping!100.0,20%!500.0,60%", use => "generic-service", host_name => "$fqdn", notification_period => "24x7", service_description => "${hostname}_check_ping" } }
vi /etc/puppet/manifests/site.pp
import "nodes"
vi /etc/puppet/manifests/nodes.pp
node 'core.example.local' { include nagios::monitor } node 'web01.example.local' { include nagios::target }
Run the agent on the monitored server and then on puppet master
puppet agent --test --server core.example.local
Add nagios_host.cfg and nagios_service.cfg to the main configuration file of nagios
cat <<END >> nagios.cfg cfg_file=/etc/nagios/nagios_host.cfg cfg_file=/etc/nagios/nagios_service.cfg END chmod 644 /etc/nagios/nagios_host.cfg chmod 644 /etc/nagios/nagios_service.cfg
Restart Nagios & Apache, set nagiosadmin password
service nagios restart service httpd restart htpasswd -c /etc/nagios/passwd nagiosadmin
Access to Nagios and verify that the monitored host and the service defined appear on the nagios console
That’s all. Just adding the class nagios::target to new servers, and puppet will take care of the nagios definitions.
In a next post I will extend the lab with advanced monitoring of the servers using NRPE.