Here’s another gotcha that I discovered for myself this week. When you deploy a lambda in your vpc it uses up an IP address whenever it runs. If your lambda runs more than one instance at the same time it will use up multiple IP addresses. As you can guess with a heavy used lambda… Read more »
So round two of Elasticsearch fun, my previous attempt was to use users and roles to secure Elasticsearch but that didn’t work as I’d hoped…. My plan was to use nginx to proxy reqests to elasticsearch. I setup a nginx box with an elastic IP and then configured elasticsearch to only allow access from that IP…. Read more »
So this was a fun problem, ElasticSearch on AWS in it’s current form is completely public and not secured within my VPC. It appears that first you have to put in a deny statement to lock off access and then you add in the roles / users that have access. But once you do this you now… Read more »
After a long day, there is nothing like a fun cocktail and this is a post I started last year and never posted. I’m a big fan of whisky and a friend of mine sent me his blog posting on a few of his favorite drinks. I’m finally posting this in hopes that I’ll actually… Read more »
So if you are like me you’ve been searching the web for how to write Jenkins DSL and you’ve realized this is a larger and more vague task then you realized. Jenkins DSL (Groovy) sucks, make peace with that now and the rest will be easier. You may have stumbled across the Jenkins DSL Plugin and started messing… Read more »
This week we found ourselves in the wonderful but awful spot of having a lot of traffic hitting our DB servers. Its good because we are getting our customers moved over to AWS but bad since that means we need to scale up our RDS instances. After some panicked moments and a couple of hot fixes,… Read more »
So last week we had a puzzling bug relating to PHP and it’s modules. We have the following setup on AWS: Ext ELB -> Nginx (rate limiting, multiple SSL termination) -> internal ELB -> Apache / PHP We have multiple stores on these apache boxes along side our admin interface and what was puzzling was… Read more »
Because I always forget how to fix this issue and have to research it every time I come across it, I thought it was time to blog about it. So this morning I got the error on our new-ish zabbix server that our config cache was getting full. This didn’t surprise me since we’ve been adding… Read more »
I’ve had a lot of trouble getting The Foreman to do a Puppet run when I click on the gui button. Finally figured it out and wanted to document it in case someone else is struggling with this issue too. My /etc/foreman-proxy/settings.d/puppet.yml:
# whether to use sudo before the ssh command
# the command which will be sent to the host
:puppetssh_command: /usr/bin/sudo /usr/bin/puppet agent --onetime --no-daemonize --no-usecacheonfailure --ignorecache
# wait for the command to finish (and capture exit code), or detach process and return 0
# Note: enabling this option causes the Foreman web UI to be blocked when executing puppetrun,
# with timeout from the Browser and/or Foreman's REST client after 60 seconds.
# With which user should the proxy connect
# Which user to invoke sudo as to run puppet commands
The biggest issue I finally realized was that when foreman tried to… Read more »
I had a blast at PuppetConf 2014 last month. I met a bunch of really smart people and learned a lot about the internals of Puppet. I’m excited to get back to the office and start implementing Puppet on my Windows boxes. I didn’t know you could run puppet on Windows, so I’m looking forward to… Read more »
ipMonitor :: APC: Monitor an APC UPS
For those of you trying to monitor your APC UPS’ that are connected via USB (I think these MIB values also work for UPS’ that are attached directly to the network). This page really helped me figure out what OID’s mapped to what values: ipMonitor :: APC: Monitor an APC UPS.
CCNA – So it begins!
A couple weeks ago I finally decided to jump into obtaining my Cisco CCNA certification. I know a more then just the basics about networking but have always treated the things I didn’t know as a black box, as long as it works why should I care? After a recent project here at work where I was stretched… Read more »
Zabbix Screens & Maps
I currently have an LCD tv in my office that displays a slide show of 6 or 7 Zabbix screens. I struggled at first to get the labels of the map objects to work, the documentation on the Macros isn’t as easy to understand as I guess I needed. So after a bit of trial… Read more »
IPsec VPN (Sonicwall) and PCI Compliance
We got word a couple weeks ago that our current VPN setup fails our vendor’s PCI compliance test. I guess it has to do with Aggressive mode and pre shared keys. Anyway I’ve been working on figuring out how to remedy this situation. I figured out that I can easily change our site to site… Read more »
I ran into a huge issue with Pertino during my testing last week. It appears that the Mac client has a bug that only affects Mac’s when they are connecting via wifi. When you initially connect to wifi the pertino client rewrites your DNS entries to put it’s DNS servers at the top of your… Read more »
To Pertino or Not to Pertino…
For a while I’ve been wanting to replace our VPN setup, it’s clunky, slow and always has issues it seems. So after seeing a lot of ad’s for Pertino I decided to give it a try. Our current setup has two VPN’s, a site-to-site VPN and a mobile user VPN. I was really curious how… Read more »
Nginx, PHP5-FPM and Permission Denied Errors | Chris Kief
Ran into this problem today when I upgraded my Nginx box. Thankfully someone already found the solution: Nginx, PHP5-FPM and Permission Denied Errors | Chris Kief.
Zabbix 2.2 install on Ubuntu 14.04
I’ve used Zabbix off and on (Haha, see what I did there) for the past several years and I have to say that the latest version paired with the newest version of Ubuntu is a nice match. So I took an old Dell SC1425 that I loaded up with a bunch of ram and a… Read more »
WOW! What a resource! This site has tons of tools for Network and System Admins. Check it out: GE Geek.