Ensure systemd services restart on failure
I wrote a post a while ago covering the use of Monit to monitor services running and the use case I covered was to ensure these services restarted on failure. While a useful feature of Monit, it seems to be now a little redundant with SystemD having a built in restart feature.
Same use case where MySQL (or MariaDB in this case) is being killed by Apache’s oom killer.
I first copied the original systemd file associated with Mariadb from /usr/lib/systemd/system/mariadb.service to /etc/systemd/system/mariadb.service
Hardening SSH with OTP for 2 factor authentication
Something I’ve been meaning to do for a while is look into the possibility of using 2 factor authentication, or 2FA, with SSH connections. This would add a much needed level of security to servers I host out in the wild.
Here’s how I did it:
The Google Authenticator mobile app used to be an open source project, it isn’t any more but the project has been kindly forked and looked after by Red Hat under the guise of the FreeOTP project. The first step is to download the app, which is available for Android and iOS there is even a Pebble project in the works. https://fedorahosted.org/freeotp/
Etckeeper - config version control
A valuable tool I have been using for many years is etckeeper, it works by essentially turning your /etc directory into a git repository.
This is a fantasticly useful set of tools as any configuration changes can be logged and also reverted quite easily. Install and setup is exeptionally easy too!
Packages are available for most distributions, but my scenario (Fedora,CentOS,RHEL) was:
yum install etckeeper
Once the package was installed an initialisation must be performed:
SSH known hosts verification failure one liner
WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
Those who regularly build and rebuild machines or virtual machines on a dhcp network will probably be faced with this quite often, this is due to the known fingerprint for the previous host being different to a new one which has aquired the same IP address.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is c5:ab:00:3c:88:7e:18:8f:46:49:1d:af:f1:8b:4e:98. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /root/.ssh/known_hosts:66 ECDSA host key for 192.168.1.165 has changed and you have requested strict checking. Host key verification failed.
Getting Fedora 21 on the Raspberry Pi 2
The recent release of the Raspberry Pi 2 uses a newer version of the ARM architecture spec, the ARM Cortex-A7 uses ARMv7 whereas the previous model ARM11 uses ARMv6. The great thing about this is the majority of Linux distros already provide an Image for this architecture. More importantly, Fedora already have images.
There is a slight caveat to the above statement however, that being they won’t just work with the Pi 2. The process isn’t that difficult either just a few steps:
Monit - monitor your processes and services simply
Monit is an application I’ve been meaning to setup for a while, I was first made aware of it from a chap I had the pleasure of talking to at OggCamp this year, he seemed to use it to the n’th degree to monitor files and services within docker containers to ensure a development environment was as it should be. This was far more than I really needed, but the monitoring of services definitely caught my attention so I set about installing and configuring. I was pleasantly surprised with the result, and how simple the whole process was.
Barcamp Manchester
I’ve been meaning to write this post for some time, but things have been a little hectic recently. That said I really wanted to write something, even if it is a little short, about Barcamp Manchester. The event took place over the weekend of 18th & 19th October and was just a fantastic weekend.
After a fairly decent break from the Barcamp scene, Manchester really came back and did it justice. Set in the fantastic SpacePort building on Lever street which is a meet and workspace, I arrived earlyish on the Saturday morning with fellow members of RossLUG. Carting in my bundle of swag I was shown my table in the main space and setup the Fedora table. As most will know I am a proud ambassador for the Fedora project and more proud of the fact we were able to sponsor the event.
Gluster, CIFS, ZFS - kind of part 2
A while ago I put together a post detailing the installation and configuration of 2 hosts running glusterfs, which was then presented as CIFS based storage.
http://jonarcher.info/2014/06/windows-cifs-fileshares-using-glusterfs-ctdb-highly-available-data/
This post gained a bit of interest through the comments and social networks, one of the comments I got was from John Mark Walker suggesting I look at the samba-gluster vfs method instead of mounting the filesystem using fuse (directly access the volume from samba, instead of mounting then presenting). On top of this I’ve also been looking quite a bit at ZFS, whereas previously I had a Linux RAID as the base filesystem. So here is a slightly different approach to my previous post.
Upgrade CentOS 6 to 7 with Upgrade Tools
I decided to try the upgrade process from EL 6 to 7 on the servers I used in my previous blog post “Windows (CIFS) fileshares using GlusterFS and CTDB for Highly available data”
Following the instructions here I found the process fairly painless. However there were 1 or two little niggles which caused various issues which I will detail here.
The servers were minimal CentOS 6.5 installs, with Gluster volumes shared via CTDB. The extra packages installed had mostly come from the EPEL or Glusterfs repositories, and I believe this is where the issues arise - third party repositories.