Cloud Devops Automation

Error:- There was an error while executing `VBoxManage`, a CLI used by Vagrant for controlling VirtualBox. The command and stderr is shown below. Command: ["startvm", "cddac55c-debe-470d-bb0a-d5badf0c19af", "--type", "gui"] Stderr: VBoxManage: error: The virtual machine 'master_default_1540967069723_95784' has terminated unexpectedly during startup with exit code 1 (0x1) VBoxManage: error: Details: code NS_ERROR_FAILURE (0x80004005), component MachineWrap, interface IMachine Solution:- 1. So here is a brief of what I was doing, i installed the virtualbox on my macos using the brew and installed the vagrant than and tried to bring up the vm using vagrant which resulted in above error. 2. The problem is because the MACOS doesn't allow the changes in the kernel modules by some external application due to which the installation of the Virtualbox fails on MacOS 3. To resolve this issue download the virtualbox installer fr...

Use the following command to install the virtualbox on the mac using brew brew cask install virtualbox  

If you are managing a very large infrastructure which is spawned across multiple Public clouds, private datacenters and have large number of external integration with the multiple merchants over the tunnel , its good to maintain the Network details for all the Public clouds (AWS-VPC), private datacenters etc so that there is no overlapping between your account and some other team account with whom you might have to peer or create a tunnel in a later point in time. Its good to maintain a wiki page for the same and everytime there is a requirement for the New infrastructure creation always update the wiki for the same. For the AWS you can prepare a excel sheet with the following fields to relay the information correctly to other teams:- 1. Network details 2. CIDR 3. Broadcast IP 4. Netmask 5. Location 6. Comments For private datacenters enter the following details 1. Subnet 2. Mask 3. Subnet Details 4. VLAN ID 5. Zone/VLAN 6. Gateway

It's always good to have a passphrase entered whenever you are generating any ssh-key for the server access as it helps to prevent unauthorised access in case you key is compromised from the security point of view and are mostly the requirement of the audits as it act as an two factor authentication which requires the passphrase and secure key entered to access the server. You can also enable the google authentication in which case it will generate a passcode on applications such as google authenticator and apart from the passphrase and key a person accessing the server would need to enter the google authenticator code as well in order to access the server thus increasing the security even further. Covered this in my previous post below Google Authenticator MFA for Linux systems In case you forget to enable the passphrase and want to enable it now use the following command to enable the passphrase without effecting your existing key file ssh-keygen -p  -f ~/.ssh/id_rsa ...

What is Elastic Search? Elasticsearch is an open source distributed document store and search engine that stores and retrieves data structures in near real-time. Elasticsearch represents data in the form of structured JSON documents, and makes full-text search accessible via RESTful API and web clients for languages like PHP, Python, and Ruby. Few Key Areas to monitor Elastic Search in DataDog: Search and indexing performance Memory and garbage collection Host-level system and network metrics Cluster health and node availability Resource saturation and errors Search and indexing performance: Search  Performance Metrics: Query load : Monitoring the number of queries currently in progress can give you a rough idea of how many requests your cluster is dealing with at any particular moment in time. Query latency:   Though Elasticsearch does not explicitly provide this metric, monitoring tools can help you use the available metrics to calculate the average ...

Points to be taken care before creating cluster: Volume of data Nodes and capacity planning. Balancing, High availability, Shards Allocation. Understanding the queries that clusters will serve. Config walk-through:  cluster.name: Represents the name of the cluster and it should be same across the nodes in the cluster. node.name: Represent the name of the particular node in the cluster. It must be unique for every node and it is good to represent the hostname. path.data: Location where the elasticsearch need to store the index data in disk. If you are planning to handle huge amount of data in the cluster, it is good to point to another EBS volume instead of root volume. path.logs: Location where the elasticsearch needs to store the server startup, indexing and other logs. It is also good to store at other than EBS volume. bootstrap.memory_lock: This is an important config in ES config file. This needs to set as "TRUE".  This config locks the amount of...

I configured the postfix recently on the ec2 instance and tried sending the mail with all the security group rules and NACL rules in place. However after i was initially able to telnet to the google email servers on port 25 soon i start getting logs with no connection error messages and ultimately i was not able to do telnet and even the mails were not going or received by the receiver. This problem was only coming on the ec2 instances. This is because the Amazon throttles the traffic on the port 25 for all the Ec2 instance by default. But its possible to remove this throttling over the ec2 instance over the port 25. For removing this limitation you need to create a DNS A record in the route53 to your instance used in the mail server such as postfix. With the root account open the following link https://aws-portal.amazon.com/gp/aws/html-forms-controller/contactus/ec2-email-limit-rdns-request And provide your use case for sending the mail. Than you need to provide any reverse...

In case your security team raises a concern regarding the upgrading of the openssh server version on the ubuntu servers kindly refer to the openssh version based on the distribution before making any changes as this can effect the overall reachability to the server Following are the latest openssh version based on the distribution OpenSSH 6.6 is the most recent version on Ubuntu 14.04. OpenSSH 7.2 is the most recent version on Ubuntu 16.04. OpenSSH 7.6 is the most recent version on Ubuntu 18.04. Openssh 7.6 is supported on the Ubuntu 18.04 only and Ubuntu 14.04 is not compliant with it. Thats why its not upgraded during the patching activity. Like all the other distribution ubuntu also backports the vulnerabilities so that the application compatibility doesn't break by changing versions between different distributions. Dont make any changes to your server which are not compatible with your distribution version. Go on providing the version of the ubuntu you are runn...