OpenVPN

Useful links: Revoke/Unrevoke a client certificate in OpenVPN ovpnCNcheck — an OpenVPN tls-verify script #!/usr/bin/env python ''' ovpnCNcheck -- an OpenVPN tls-verify script """"""""""""""""""""""""""""""""""""""""""" This script checks if the peer is in the allowed user list by checking the CN (common name) of the X509 certificate against a provided text…

Monitoring methods

There are 3 common monitoring methods: The USE Method by Brendan Gregg; The RED Method by Weaveworks; The Four Golden Signals by Google. The USE Method Key metrics: Utilization; Saturation; Errors. It’s optimal for infrastructure monitoring and capacity management. The RED Method Key metrics: Rate; Errors; Duration. A simple and…

Kubernetes RBAC new user

In most cases, you should limit permissions only to required. Now it’s time to create a new user for Kubernetes kubectl. I’ll describe the classic way to create the certificate with OpenSSL. There is a way to use Kubernetes built-in certificate management. I’ll write about it someday. openssl genrsa -out…

Metrics and health

One of the issues you’ll have to solve is to place metrics and health checks. You need a simple way to tell if the app is up or down. If your service uses HTTP than you can just use /health and /metrics. If the service can be accessed by external…

Интегрирование Linux в AD + файловый сервер

Никогда не любил рутину. Став администратором Linux почти сразу перевесил управление пользователями на админов Windows. Нынче в linux для этого используется sssd на всех дистрибутивах. Рассматривать будем Ubuntu, но кроме мелочей всё остальное делается аналогично на прочих дистрибутивах. Системные пользователи Начнём с проброса пользователей и групп из AD в Linux.…