This talk will start with a quick walk through the setup of all required components for a cloud based icinga2, icingaweb2 & icingaweb2-director environment. Focus will be on the configuration and monitoring of keepalived, HAProxy and Galera. Keepalived for example is used to interact with DigitalOcean and manage floating IPs. Examples will show how to use DigitalOcean loadbalancer instead of HAProxy. The talk will end with a summary of experienced limitations and pitfalls.
Nagios Conference 2013 - Mike Weber - Distributed Monitoring with Raspberry PiNagios
Mike Weber's presentation on Distributed Monitoring with Raspberry Pi.
The presentation was given during the Nagios World Conference North America held Sept 20-Oct 2nd, 2013 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
Nagios Conference 2013 - Mike Weber - Distributed Monitoring with Raspberry PiNagios
Mike Weber's presentation on Distributed Monitoring with Raspberry Pi.
The presentation was given during the Nagios World Conference North America held Sept 20-Oct 2nd, 2013 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
Martin Čmelík
Security-Portal.cz, Securix.org
http://www.security-session.cz
Přednáška: Hardening Linuxových systemů a představení distribuce Securix GNU/Linux
Přednáška se bude věnovat možnostem zabezpečení Linuxových systémů od té nejnižší až po aplikační vrstvu. Představí možnosti zvýšení bezpečnosti použitelných na všech linuxových distribucích až po MLS (Multi-Level Security) systémy typu Grsec a PaX, které jsou schopné detailního vymezení opravnění a přístupu k resourcům každé aplikace.
Linux Server Hardening - Steps by StepsSunil Paudel
Linux Server Hardening
This document has the step by step of the way of hardening the server. We have used the metasploitable server, the vulnerable ubuntu server designed to be hacked, and have done the hardening. We have stopped all the unnecessary services and ports. We have assumed the server to be the web server only. Hence, only port 80 and 443 will be opened. Then the firewall rules have been set following by the apache web server hardening, encryption of the folder and files, disabling the unwanted users, forcing the password policies.
In this presentation I’ll be discussing the following beginner points to understanding and creating monitoring.
* Why Monitor?
* What’s the minimum to Monitor?
* How to monitor?
* Monitoring Software Options.
* How to use the most basic of monitoring to help
* The basics of graphing results
* The rule of Everything
* The important on Application metrics and timings
For a very little investment in time, simple monitoring can be in place, and I can guarantee it will be of benefit to any system.
The basis of monitoring are metrics that combined with application measurements can provide trending insights, bottleneck understanding and provide valuable feedback about your growing site.
How to configure a hive high availability connection with zeppelinTiago Simões
With this presentation, you not only should be able to configure a Hive Interpreter on Zeppelin but also with a High Availability, Load balancing and Concurrency architecture.
It will be created a JDBC connection with kerberos authentication that will communicate with your Zookeeper on the cluster.
Introduction to Stacki at Atlanta Meetup February 2016StackIQ
An introduction to Stacki-the fastest bare metal Linux server provisioning tool from the Stacki Atlanta kickoff meetup on 2/23/16 at the Microsoft Innovation Center. Greg Bruno is the VP Engineering at StackIQ.
Helpful Juniper Tips and Tricks for New Network EngineersLizbeth E. Melendez
These Juniper commands will help new engineers learn how to configure and troubleshoot a network much quicker and more efficiently.
Connect with J.B.C. for more IT resources and industry insights:
YouTube ▶️youtube.com/channel/UCmJJUewPWfnyzvZRrFHlykA
J.B.C.'s Site ▶️https://www.jbcsec.com/insights
Newsletter ▶️ https://mailchi.mp/e7b56addb7fc/cybersightblog
Swag Store ▶️ https://www.teepublic.com/user/jbc
Twitter ▶️ http://www.twitter.com/JBC_SEC
Author ▶️ https://twitter.com/JBizzle703
-----C-----Y-----B-----E-----R-----&----S-----I-----G-----H-----T
How to create a secured cloudera clusterTiago Simões
This presentation, it’s for everyone that is curious with Big Data and does have the know how to start learning...
With this, you will be able to create quickly a Kerberos secured Cloudera Cluster.
Configure, Pack and Distribute: An RPM Creation WorkshopNovell
This session is for you if:
You are an ISV who wants to create appliances from your software
You are a customer with your own software development team who wants to package this software for deploying it in the data center—as a package or on your self-built appliance
You have trouble with your data center due to commercial software that is not packaged in a secure and maintainable way
In this workshop you will learn how to build Linux RPM packages. We will demonstrate packaging from source code, and for commercial software (existing as a tar-ball). You will learn best practices and get links to further information.
RAC-Installing your First Cluster and DatabaseNikhil Kumar
RAC - Installing your First RAC
Abstract : Oracle Real Application Clusters have been one of the hottest technologies in the market since 2001 prior this is know OPS in 8i. Oracle has brought revolution in the field of database by enhancing RAC technologies in it each version. This presentation will give introduction of RAC and features introduced in each version of RAC. This presentation contains the demo of building Oracle clusterware from the scratch. Also we will discuss the new components and its features during installation. This presentation and demo will be done on version 11GR2. Which will be used as a base for our next presentation Viz. Upgradation of RAC 11GR2 to 12C RAC.
This presentation will give brief insight information of RAC infrastructure setup. Sometimes DBA doesn’t fully aware of prerequisite and verification steps that needs to perform before installing clusterware, So this session will cover thing to consider before installing clusterware and best practices followed during the whole process.
Agenda
Introduction of RAC
Installation of Clusterware.
Creating diskgroup / Adding disk to Diskgroup using ASMCA.
Creation of ACFS Volume.
Installation of RAC Database using DBCA.
Martin Čmelík
Security-Portal.cz, Securix.org
http://www.security-session.cz
Přednáška: Hardening Linuxových systemů a představení distribuce Securix GNU/Linux
Přednáška se bude věnovat možnostem zabezpečení Linuxových systémů od té nejnižší až po aplikační vrstvu. Představí možnosti zvýšení bezpečnosti použitelných na všech linuxových distribucích až po MLS (Multi-Level Security) systémy typu Grsec a PaX, které jsou schopné detailního vymezení opravnění a přístupu k resourcům každé aplikace.
Linux Server Hardening - Steps by StepsSunil Paudel
Linux Server Hardening
This document has the step by step of the way of hardening the server. We have used the metasploitable server, the vulnerable ubuntu server designed to be hacked, and have done the hardening. We have stopped all the unnecessary services and ports. We have assumed the server to be the web server only. Hence, only port 80 and 443 will be opened. Then the firewall rules have been set following by the apache web server hardening, encryption of the folder and files, disabling the unwanted users, forcing the password policies.
In this presentation I’ll be discussing the following beginner points to understanding and creating monitoring.
* Why Monitor?
* What’s the minimum to Monitor?
* How to monitor?
* Monitoring Software Options.
* How to use the most basic of monitoring to help
* The basics of graphing results
* The rule of Everything
* The important on Application metrics and timings
For a very little investment in time, simple monitoring can be in place, and I can guarantee it will be of benefit to any system.
The basis of monitoring are metrics that combined with application measurements can provide trending insights, bottleneck understanding and provide valuable feedback about your growing site.
How to configure a hive high availability connection with zeppelinTiago Simões
With this presentation, you not only should be able to configure a Hive Interpreter on Zeppelin but also with a High Availability, Load balancing and Concurrency architecture.
It will be created a JDBC connection with kerberos authentication that will communicate with your Zookeeper on the cluster.
Introduction to Stacki at Atlanta Meetup February 2016StackIQ
An introduction to Stacki-the fastest bare metal Linux server provisioning tool from the Stacki Atlanta kickoff meetup on 2/23/16 at the Microsoft Innovation Center. Greg Bruno is the VP Engineering at StackIQ.
Helpful Juniper Tips and Tricks for New Network EngineersLizbeth E. Melendez
These Juniper commands will help new engineers learn how to configure and troubleshoot a network much quicker and more efficiently.
Connect with J.B.C. for more IT resources and industry insights:
YouTube ▶️youtube.com/channel/UCmJJUewPWfnyzvZRrFHlykA
J.B.C.'s Site ▶️https://www.jbcsec.com/insights
Newsletter ▶️ https://mailchi.mp/e7b56addb7fc/cybersightblog
Swag Store ▶️ https://www.teepublic.com/user/jbc
Twitter ▶️ http://www.twitter.com/JBC_SEC
Author ▶️ https://twitter.com/JBizzle703
-----C-----Y-----B-----E-----R-----&----S-----I-----G-----H-----T
How to create a secured cloudera clusterTiago Simões
This presentation, it’s for everyone that is curious with Big Data and does have the know how to start learning...
With this, you will be able to create quickly a Kerberos secured Cloudera Cluster.
Configure, Pack and Distribute: An RPM Creation WorkshopNovell
This session is for you if:
You are an ISV who wants to create appliances from your software
You are a customer with your own software development team who wants to package this software for deploying it in the data center—as a package or on your self-built appliance
You have trouble with your data center due to commercial software that is not packaged in a secure and maintainable way
In this workshop you will learn how to build Linux RPM packages. We will demonstrate packaging from source code, and for commercial software (existing as a tar-ball). You will learn best practices and get links to further information.
RAC-Installing your First Cluster and DatabaseNikhil Kumar
RAC - Installing your First RAC
Abstract : Oracle Real Application Clusters have been one of the hottest technologies in the market since 2001 prior this is know OPS in 8i. Oracle has brought revolution in the field of database by enhancing RAC technologies in it each version. This presentation will give introduction of RAC and features introduced in each version of RAC. This presentation contains the demo of building Oracle clusterware from the scratch. Also we will discuss the new components and its features during installation. This presentation and demo will be done on version 11GR2. Which will be used as a base for our next presentation Viz. Upgradation of RAC 11GR2 to 12C RAC.
This presentation will give brief insight information of RAC infrastructure setup. Sometimes DBA doesn’t fully aware of prerequisite and verification steps that needs to perform before installing clusterware, So this session will cover thing to consider before installing clusterware and best practices followed during the whole process.
Agenda
Introduction of RAC
Installation of Clusterware.
Creating diskgroup / Adding disk to Diskgroup using ASMCA.
Creation of ACFS Volume.
Installation of RAC Database using DBCA.
OSMC 2021 | Icinga-Installer – the easy way to your IcingaNETWAYS
This presentation shows you how the Icinga-Installer can be used: ranging from an easy Single-Icinga-Installation with agents to integrating Satellites and using it in HA-Environments.
Configuration Management with Saltstackinovex GmbH
Freie Configuration Managment Systeme wie Puppet, Chef und CFEngine gibt es schon seit einiger Zeit. Doch nicht jede historisch gewachsene Software stellt heute schnell den gewünschten Ertrag bereit. Dieser Vortrag liefert eine kurze Einführung in die Materie, thematisiert Real-World Probleme im Enterprise-Umfeld und bietet Hoffnung für stresserprobte Admins. Als alternative Software für das Configuration Management wird SaltStack vorgestellt, ein seit Jahren wachsendes Projekt mit dem Anspruch die wiederholten Fehler anderer Configuration Management Systeme zu verhindern und Admins neue und bereits gewünschte Möglichkeiten zu offenbaren. Denn auch für kleinere Umgebungen kann Configuration Management durchaus sinnvoll sein. Der Vortrag zeigt auf warum SaltStack einen genaueren Blick wert ist und wofür SaltStack heute bereits eingesetzt wird. Unentschlossenen wird aufgezeigt wie sie das vorgestellte Beispiel-Setup, dem automatisierten Deployment einer Deployment-Infrastruktur und Private Cloud mit Foreman und OpenNebula mit frei verfügbaren SaltStack-Modulen selber nachstellen können.
Arnold Bechtoldt, Inovex GmbH Linux systems engineer - Configuration Manageme...SaltStack
Arnold gave this presentation at the Secure Linux Admin Conference in Berlin Germany. He provides an overview of what configuration management systems do, explains the fundamentals of SaltStack and provides a look inside.
How to deploy docker container inside ikoula's cloudNicolas Trauwaen
How to deploy docker container inside ikoula's cloud.
Demonstration made at the Cloud Expo Europe 2016 in London.
Sources can be found on github (link at slide 20)
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
GraphSummit Paris - The art of the possible with Graph TechnologyNeo4j
Sudhir Hasbe, Chief Product Officer, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Mind IT Systems
Healthcare providers often struggle with the complexities of chronic conditions and remote patient monitoring, as each patient requires personalized care and ongoing monitoring. Off-the-shelf solutions may not meet these diverse needs, leading to inefficiencies and gaps in care. It’s here, custom healthcare software offers a tailored solution, ensuring improved care and effectiveness.
2. Who am I? | Short tales from the past
Solution | Result - know your why!
incl. the database & Galera cluster configuration
Highlights and critical sections
Don't do the same mistakes as I did
Agenda
> Quick Introduction
> High level overview
> Installation of all components
> Configuration deep-dive
> Pitfalls & Experienced limitations
3. Who am I?
Marcel Weinberg
Living in Hamburg
Working at CoreMedia AG (since 09/2019)
Doing O(o)ps things for more then ten years now
With a great passion for
Automation, Monitoring, Open Source
& Mountainbiking
Quick Introduction
@winem_
winem
4. + extensive documentation
+ well defined & tested DR* procedure
- single instance with many SPOFs
- limited redundancy on the uplink
Quick Introducation - Tales from the past
Previous Setup
It was a single instance in the server room:
* DR = Disaster Recovery
8. Installation Of All Components
Always refer to the public available documentation for up-to-date installation and upgrade
instructions.
> PHP7.3 - ppa:ondrej/php
> icinga2, icingacli, icingaweb2 - packages.icinga.com
apt install icinga2 icinga2-ido-mysql icingaweb2 icingacli vim-icinga2 vim-addon-manager php7.3-gd
> haproxy - ppa:vbernat/haproxy-1.9
> keepalived from the standard repositories
9. Installation Of All Components
Always refer to the public available documentation for up-to-date installation and upgrade
instructions.
> PHP7.3 - ppa:ondrej/php
> icinga2, icingacli, icingaweb2 - packages.icinga.com
apt install icinga2 icinga2-ido-mysql icingaweb2 icingacli vim-icinga2 vim-addon-manager php7.3-gd
> haproxy - ppa:vbernat/haproxy-1.9
> keepalived from the standard repositories
keepalived_script - a dedicated user to run check and notification scripts:
sudo adduser --no-create-home --disabled-login keepalived_script
10. Installation Of All Components
MariaDB
Secure your installation and don't start mariadb automatically:
sudo mysql_secure_installation
sudo systemctl disable mariadb
Link: https://downloads.mariadb.org/mariadb/repositories/
11. Installation of all components
MariaDB Con guration Files
Use mysqld --help --verbose to see the loaded configuration files and sections:
agent@m-do-ffm-galera-01:~$ mysql --help --verbose | head -n 10
mysql Ver 15.1 Distrib 10.4.8-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Usage: mysql [OPTIONS] [database]
Default options are read from the following files in the given order:
/etc/my.cnf /etc/mysql/my.cnf ~/.my.cnf
The following groups are read: mysql mariadb-client client client-server client-mariadb
12. Installation of all components
MariaDB Con guration Files
Galera Cluster Con guration
/etc/mysql/mariadb.conf.d/galera.cnf
[mysqld]
bind-address=10.135.209.4
default_storage_engine=InnoDB
binlog_format=row
innodb_autoinc_lock_mode=2
innodb_flush_log_at_trx_commit=0
# Galera cluster configuration
wsrep_on=ON
wsrep_provider=/usr/lib/galera/libgalera_smm.so
wsrep_cluster_address="gcomm://10.135.209.4,10.135.207.79,10.135.207.111"
wsrep_cluster_name="mariadb-galera-backend"
wsrep_slave_threads=8
wsrep_sst_method=rsync
# Cluster node configuration
wsrep_node_address="10.135.209.4"
wsrep_node_name="galera-01"
> Highlighted lines show those values that are unique per node.
13. Installation of all components
MariaDB Con guration Files
Galera Cluster Con guration
/etc/mysql/mariadb.conf.d/galera.cnf
[mysqld]
bind-address=10.135.209.4
default_storage_engine=InnoDB
binlog_format=row
innodb_autoinc_lock_mode=2
innodb_flush_log_at_trx_commit=0
# Galera cluster configuration
wsrep_on=ON
wsrep_provider=/usr/lib/galera/libgalera_smm.so
wsrep_cluster_address="gcomm://10.135.209.4,10.135.207.79,10.135.207.111"
wsrep_cluster_name="mariadb-galera-backend"
wsrep_slave_threads=8
wsrep_sst_method=rsync
# Cluster node configuration
wsrep_node_address="10.135.209.4"
wsrep_node_name="galera-01"
> Set wsrep_slave_threads to the number of CPUs * 2.
> innodb_flush_log_at_trx_commit = 0 means to write the caches to disk every second.
14. Start the first cluster node:
sudo galera_new_cluster
Start mariadb on the remaining nodes:
sudo service mariadb start
Installation of all components
MariaDB Con guration Files |GaleraClusterCon guration
Bootstrap the cluster
Wait until all nodes joined the cluster and restart mariadb on the first node
MariaDB [(none)]> show global status where Variable_name in
('wsrep_cluster_size', 'wsrep_local_state_comment', 'wsrep_ready', 'wsrep_connected');
+---------------------------+--------+
| Variable_name | Value |
+---------------------------+--------+
| wsrep_local_state_comment | Synced |
| wsrep_cluster_size | 3 |
| wsrep_connected | ON |
| wsrep_ready | ON |
+---------------------------+--------+
4 rows in set (0.002 sec)
15. Database cluster, configuration & accounts
icinga2
CREATE DATABASE icinga2;
GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON
icinga2.* TO 'icinga2'@'10.135.201.194' IDENTIFIED BY 'maa3EeHah0Ea';
GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON
icinga2.* TO 'icinga2'@'10.135.221.140' IDENTIFIED BY 'maa3EeHah0Ea';
Copy the mysql.sql file to any of the galera nodes and import it:
mysql -u root icinga2 < /tmp/mysql.sql
Icingaweb2
CREATE DATABASE icingaweb2;
GRANT ALL ON icingaweb2.* TO icingaweb2@10.135.201.194 IDENTIFIED BY 'ievachiYie4ooz5a';
GRANT ALL ON icingaweb2.* TO icingaweb2@10.135.221.140 IDENTIFIED BY 'ievachiYie4ooz5a';
GRANT SELECT, INSERT, UPDATE, DELETE, DROP, INDEX, EXECUTE, CREATE VIEW
ON icinga2.* TO 'icingaweb2'@'10.135.201.194';
GRANT SELECT, INSERT, UPDATE, DELETE, DROP, INDEX, EXECUTE, CREATE VIEW
ON icinga2.* TO 'icingaweb2'@'10.135.221.140';
16. Database cluster, configuration & accounts
HAProxy
CREATE USER 'haproxy_checks'@'10.135.201.194';
CREATE USER 'haproxy_checks'@'10.135.221.140';
17. Database cluster, configuration & accounts
Keepalived
GRANT SELECT ON icingaweb2.* TO 'keepalived_check'@'10.135.221.140'
IDENTIFIED BY 'iiw8ahthe1Ch';
GRANT SELECT ON icingaweb2.* TO 'keepalived_check'@'10.135.221.249'
IDENTIFIED BY 'iiw8ahthe1Ch';
my.cnf file for the keepalived healthches from the icinga2 nodes:
sudo cat > /etc/keepalived/.my.cnf << EOF
[client]
host=127.0.0.1
password=iiw8ahthe1Ch
user=keepalived_check
EOF
Set proper permissions:
sudo chown keepalived_script:root /etc/keepalived/.my.cnf
sudo chmod 600 /etc/keepalived/.my.cnf
24. Deep-dive into the configuration
Icinga2
HAProxy - Global and default con guration for both nodes
global
log /dev/log
local0
log /dev/log
local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd
defaults
log global
option httplog
option dontlognulltimeout
timeout connect 5000
timeout client 5000
timeout server 5000
retries 2
25. Deep-dive into the configuration
Icinga2
HAProxy - General listener con guration & statistics endpoint
listeners
stats timeout 30s
user haproxy
group haproxy
daemon
listen ha-stats
bind 127.0.0.1:8026
mode http
stats enable
stats uri /
stats realm Strictly Privatestats auth icinga_monitor:chong4gohCe8
> The ha-stats endpoint exposes statistics about haproxy, the configured listeners and backends.
> Useful for debugging, testing and monitoring.
> Keep it secure! (see the last line and setup firewall rules)
26. Deep-dive into the configuration
Icinga2
HAProxy
Special thanks to Carsten!
@Mikeschova
https://community.icinga.com/t/galera-mysql-cluster-with-vips-and-haproxy-for-ido-mysql-and-more/
27. Deep-dive into the configuration
Icinga2
HAProxy - 3 di erent listeners for the MariaDB backend
> use galera-01 and galera-02 as prefered endpoint for write-intensive access (port 3306)
> balance read queries round robin across all 3 nodes; individual weight of each galera node varies
between the two icinga2 nodes (port 3307)
> the director has probably an equal distribution of read and write queries (port 3308)
28. Deep-dive into the configuration
Icinga2
HAProxy
Listener to provide database access to for icinga2
# 1st node
listen icinga2_ido
bind 127.0.0.1:3306
mode tcp
option mysql-check user haproxy_checks
balance source
server do-ffm-galera01 10.135.209.4:3306 check weight 1 inter 5s rise 2 fall 2
server do-ffm-galera02 10.135.207.79:3306 check weight 2 inter 5s rise 2 fall 2 backup
server do-ffm-galera03 10.135.207.11:3306 check weight 3 inter 5s rise 2 fall 2 backup
# 2nd node
listen icinga2_ido
bind 127.0.0.1:3306
mode tcp
option mysql-check user haproxy_checks
balance source
server do-ffm-galera01 10.135.209.4:3306 check weight 2 inter 5s rise 2 fall 2 backup
server do-ffm-galera02 10.135.207.79:3306 check weight 1 inter 5s rise 2 fall 2
server do-ffm-galera03 10.135.207.11:3306 check weight 3 inter 5s rise 2 fall 2 backup
29. Deep-dive into the configuration
Icinga2
HAProxy
Listener to provide database access for icingaweb2 and handle mostly read queries
# 1st node
listen mysqlread
bind 127.0.0.1:3308
mode tcp
option mysql-check user haproxy_checks
balance roundrobin
server do-ffm-galera01 10.135.209.4:3306 check weight 2 inter 5s rise 2 fall 2
server do-ffm-galera02 10.135.207.79:3306 check weight 3 inter 5s rise 2 fall 2
server do-ffm-galera03 10.135.207.11:3306 check weight 1 inter 5s rise 2 fall 2
# 2nd node
listen mysqlread
bind 127.0.0.1:3308
mode tcp
option mysql-check user haproxy_checks
balance roundrobin
server do-ffm-galera01 10.135.209.4:3306 check weight 1 inter 5s rise 2 fall 2
server do-ffm-galera02 10.135.207.79:3306 check weight 3 inter 5s rise 2 fall 2
server do-ffm-galera03 10.135.207.11:3306 check weight 2 inter 5s rise 2 fall 2
30. Deep-dive into the configuration
Icinga2
HAProxy
Listener to provide access to the icingaweb2 director database backend
listen director
bind 127.0.0.1:3307
mode tcp
option mysql-check user haproxy_checks
balance source
server do-ffm-galera01 10.135.209.4:3306 check weight 3 inter 5s rise 2 fall 2 backup
server do-ffm-galera02 10.135.207.79:3306 check weight 2 inter 5s rise 2 fall 2 backup
server do-ffm-galera03 10.135.207.11:3306 check weight 1 inter 5s rise 2 fall 2
> This is the same for both nodes again.
31. Deep-dive into the configuration
Icinga2|HAProxy
Apache2 & PHP
Virtual host configuration:
> set proper date.timezone in php.ini
> Enforce encryption and redirect HTTP requests to HTTPS:
Redirect permanent / https://moni.mydomain.com
> Rewrite empty URIs to /icingaweb2:
RewriteRule ^(.*) http://%{HTTP_HOST}/icingaweb2
> Enable the required modules and the new site:
sudo a2enmod proxy_http rewrite ssl
sudo a2ensite moni.mydomain.com
32. Deep-dive into the configuration
Icinga2|HAProxy|Apache2&PHP
Icingaweb2 - https://moni.mydomain.com/Setup
> Protected custom variables (pw, pass, password, hmac, community)
33. Deep-dive into the configuration
Icinga2|HAProxy|Apache2&PHP
Icingaweb2
Add a dedicated user to sync /etc/icingaweb2/ between both icinga2 nodes.
agent@m-do-ffm-plugins-01:~$ sudo adduser --disabled-password icingaweb_sync
agent@m-do-ffm-plugins-01:~$ sudo su - icingaweb_sync
icingaweb_sync@m-do-ffm-plugins-01:~$ ssh-keygen -t rsa -b 4096
Add the public key to the authorized_keys file.
Setup the crontab on both nodes
agent@m-do-ffm-plugins-01:~$ sudo cat /etc/cron.d/icingaweb_sync
MAILTO=""
* * * * * icingaweb_sync <ip-of-the-peer-node>:/etc/icingaweb2 rsync -rugopl /etc/icingaweb2/
34. > the system user keepalived_script
> the .my.cnf file in /etc/keepalived
> the icinga2 API user keepalived to perform healthchecks
> the icinga2 API user api_healthchecks to send the check results to icinga
> the database user keepalived_checks to test the connection to the DB
Deep-dive into the configuration
Icinga2|HAProxy|Apache2&PHP|Icingaweb2
Keepalived
Remember what we already have:
35. vrrp_script check_apache2 {
script "/usr/bin/killall -0 apache2"
interval 2
fall 1
rise 5
user root
}
vrrp_script check_icinga2_api {
script "/usr/local/bin/check_icinga_api"
interval 2
fall 3
rise 3
}
Deep-dive into the configuration
Icinga2|HAProxy|Apache2&PHP|Icingaweb2
Keepalived - /etc/keepalived/keepalived.conf (Healthchecks)
vrrp_script check_mysql_conn {
script "mysql --defaults-file=/etc/keepalived/.my.cnf -e 'select count(*) from icingaweb2.icingaweb_user'"
interval 2
fall 1
rise 3
}
36. Deep-dive into the configuration
Icinga2|HAProxy|Apache2&PHP|Icingaweb2
Keepalived - Icinga2 API Healthcheck
/usr/local/bin/check_icinga_api - a simple healthcheck
#!/usr/bin/env bash
icinga_api_user='keepalived'
icinga_api_pass='paigohLe8soh'
icinga_api_timeout=1
api_rc=$(curl -k -s -o /dev/null -w %{http_code} --max-time $icinga_api_timeout
-u $icinga_api_user:$icinga_api_pass https://localhost:5665/v1/status/ApiListener)
if [ $api_rc -eq 200 ]; then
exit 0
else
exit 1
fi
39. Deep-dive into the configuration
Icinga2|HAProxy|Apache2&PHP|Icingaweb2
Keepalived - Script to assign the oating IP to the new master
#!/usr/bin/env bash
floating_ip='68.183.240.112'
droplet_id=$(curl -s http://169.254.169.254/metadata/v1/id)
has_floating_ip=$(curl -s http://169.254.169.254/metadata/v1/floating_ip/ipv4/active)
export DO_TOKEN='ohjajeelaex8oongiequuxiethae4ing1jooch2ezieP2Shil6ohei8ierei3oizi'
if [ $has_floating_ip = "false" ]; then
n=0
while [ $n -lt 5 ]; do
python3 /usr/local/bin/assign-ip $floating_ip $droplet_id && break
n=$((n+1))
sleep 3
done
fi
keepalived-alarming MASTER
Monitor floating IP action via https://api.digitalocean.com/v2/floating_ips/<floating-ip>/actions?page=1&per_page=1 .
Possible states: completed, in-progress or failed.
40. MASTER & BACKUP = 0
FAULT = 2
Deep-dive into the configuration
Icinga2|HAProxy|Apache2&PHP|Icingaweb2
Keepalived - Noti cation Script (Snippets)
/usr/local/bin/keepalived-alarming
#/usr/bin/env bash
# $1 = target state of transition ("MASTER", "BACKUP", "FAULT")
t_state=$1
chk_message="Keepalived entered $t_state state."
icinga_chk_host=$(hostname)
# 1st node endpoints
icinga_endpoints=("127.0.0.1" "10.135.221.140")
Use a case statement to translate t_state as following:
41. Deep-dive into the configuration
Icinga2|HAProxy|Apache2&PHP|Icingaweb2
Keepalived - Noti cation Script (Snippets)
Construct the JSON for the icinga2 API call:
icinga_post_data()
{
cat <<EOF
{
"service": "${icinga_chk_host}!${icinga_service}",
"exit_status": "$e_status",
"plugin_output": "$chk_message",
"performance_data": [
"entered_keepalived_state=$new_state;;2;0;2",
]
}
EOF
}
42. Pitfalls & Don't Dos
> Don't stop all galera nodes at the same time! If that happens, you have to bootstrap the cluster
again.
> Don't forget to set enable_ha = true for the ido-mysql feature
> Don't create the rsync user without --disabled-password
> Don't rely on the volatile instance / droplet IPs. Use floating IPs
> Don't forget backups / snapshots: droplets, database content, configuration & setup
> Don't miss to migrate to the director if you have the chance to
> Setup a local firewall if the cloud providers firewall does not support VRRP2
43. Firewall Rules
> Communication between the Icinga2 masters
TCP/5665, VRRP2
> Communication from the satellites and agents to the master nodes
TCP/5665
> Icinga2 nodes to the galera nodes
TCP/3306 , TCP/3307 , TCP/3308
> Communication between the galera cluster nodes
TCP/4567, TCP/4568, UDP/4567
> Restrictive ipset & iptables How-To:
https://community.icinga.com/t/firewall-setup-at-a-icinga2-cluster-with-iptables-ipset/2156