Some fun with monitoring

Some fun with monitoring

I recently switched my home lab from ProxMox VMs to HashiCorp Nomad, Consul, Vault and containers running on bare metal servers, and I needed a way to monitor this stack, my applications as well as external systems that I care about.

Building a home lab

Building a home lab

I’ve been setting up a small home lab for testing various things out and I needed some space for virtual machines. I don’t have any requirements for insane performance, but I also didn’t want a really sluggish setup, so here’s what I did…

Blocking web traffic behind an Elastic Load Balancer (ELB)

Over the past few hours we’ve been on the receiving end of a fairly large scale set of web requests (read: attack) to a website we host over on Amazon EC2. Our setup is not really that complicated, however we encountered a problem that wasn’t that easy to solve.

Using ferm to build firewall rulesets

This post is thanks to a suggestion from JP Viljoen to check out ferm. Well, I did, and it’s fairly neat. You get to express your firewall configuration in structures resembling simple C code along with using things like arrays, functions and if / else constructs which makes building complex rulesets quite a simple task.

I’ve included an example configuration below of one of my machines. The network configuration is not extremely complex, but there is a mix of IPv4, IPv6 and - as this is an IRC server - some DNAT to make the IRC service available on a number of other privileged ports without having the service actually listen on those ports. This particular server is running Debian however ferm is basically just a front to ip(6)tables so it’ll run pretty much anywhere that runs.

Getting Git man pages on OS X

For some reason the OS X install of Git doesn’t include the manpages. Here is how I installed them.

Using an alternative mirror for FreeBSD port retrieval

This is something I always search for which doesn’t seem to be very clear from the initial results. The mirrors included below are South Africa specific, so if you are not in South Africa then replace the hostname with something more appropriate for your location.

Using a ZFS filesystem with Time Machine

This simple how-to explains how to get your Time Machine backups working with a ZFS filesystem. This allows you to use the features of ZFS filesystems for your Time Machine backups.

Please note this is for Mac OS X - Snow Leopard.

Quick Solaris zone stats

Add this: alias zonestat="prstat -vZ 1 1 | grep -A50 '^ZONEID'" to your ~/.profile and you should see something like this when running it: root@tank:~# zonestat ZONEID NPROC SWAP RSS MEMORY TIME CPU ZONE 0 58 1198M 1206M 30% 16:15:40 1.7% global 6 25 172M 175M 4.4% 0:03:14 0.0% cl-build 2 27 48M 31M 0.8% 0:00:47 0.0% mirror Total: 110 processes, 534 lwps, load averages: 0.09, 0.08, 0.

The basics of ZFS ACLs

This post was mostly inspired by reading this post in trying to get my head around the ZFS ACL and permission system.

Run something as another user

Here is a simple way to run something on UNIX / Linux as another user, without having to resort to weird sudo incantations. The Makefile is left as an exercise for the reader.

This has only been tested on FreeBSD, Debian Linux and OpenSolaris so far.