tasdikrahman

root@foo-bar-etcd:/# journalctl -f -u etcd-defrag.service --since=-48h
-- Logs begin at Thu 2020-04-16 21:31:40 --
Apr 21 01:00:12 foo-bar-etcd systemd[1]: Starting Run etcdctl defrag...
Apr 21 01:00:13 foo-bar-etcd etcdctl[4265]: Finished defragmenting etcd member[127.0.0.1:2379]
Apr 21 01:00:13 foo-bar-etcd systemd[1]: Started Run etcdctl defrag.
Apr 22 01:00:12 foo-bar-etcd systemd[1]: Starting Run etcdctl defrag...
Apr 22 01:00:13 foo-bar-etcd etcdctl[3403]: Finished defragmenting etcd member[127.0.0.1:2379]
Apr 22 01:00:13 foo-bar-etcd systemd[1]: Started Run etcdctl defrag.
....

tasdikrahman

[Unit]
Description=Run etcd-defrag.service every day
After=network.target
[Timer]
OnCalendar=*-*-* 01:00:0
[Install]
WantedBy=multi-user.target

tasdikrahman

[Unit]
Description=Run etcdctl defrag
Documentation=https://etcd.io/docs/v3.3.12/op-guide/maintenance/#defragmentation
After=network.target
[Service]
Type=oneshot
Environment="LOG_DIR=/var/log"
Environment="ETCDCTL_API=3"
ExecStart=/usr/bin/etcdctl defrag
[Install]

tasdikrahman

[Unit]
Description = Etcd Application Container Engine
Documentation = https://coreos.com/etcd
After = network.target

[Service]
Type = notify
ExecStart = /usr/bin/etcd -name=default -advertise-client-urls=http://<NODE_IP>:2379 -data-dir=/default.etcd -debug=false -auto-compaction-retention=6 -enable-v2=true -force-new-cluster=false -initial-advertise-peer-urls=http://<NODE_IP>:2380 -initial-cluster=default=http://<NODE_IP>:2380 -listen-client-urls=http://0.0.0.0:2379 -listen-peer-urls=http://0.0.0.0:2380 -auto-tls=false -peer-auto-tls=false -enable-pprof=false -metrics=basic -auth-token=simple
Restart = always
RestartSec = 10s

tasdikrahman

groups:
- name: etcd
  rules:
  - alert: EtcdLeader
    expr: |
      max(etcd_server_has_leader_gauge{environment="production"}) < 1
    for: 3m
    labels:
      severity: critical
    annotations:

tasdikrahman

Setting up and installing rbenv, ruby-build, rubies, rbenv-gemset, and bundler

This guide enables you to install (ruby-build) and use (rbenv) multiple versions of ruby, isolate project gems (gemsets and/or bundler), and automatically use appropriate combinations of rubies and gems.

TL;DR Demo

# Ensure system is in ship-shape.

aptitude install git zsh libssl-dev zlib1g-dev libreadline-dev libyaml-dev

tasdikrahman

frontend kingsly-frontend
  ...
  ...
  acl ALLOW_SRC src -f /etc/haproxy/include/allow-ips.lst
  http-request deny if !ALLOW_SRC
  ...
  ...
  default_backend kingsly

tasdikrahman

  execute 'create certificates using letsenrypt' do
      command "letsencrypt certonly --standalone -d #{node['vpn']['ipsec']['fqdn']} -m foobar@company.com --agree-tos"
      not_if { ::File.file?("/etc/letsencrypt/live/#{node['vpn']['ipsec']['fqdn']}/privkey.pem") }
  end

tasdikrahman

• Does the TITLE both catch the attention of the reader and clarify at a glance what the session will be about?
• Your abstract should be self-contained. Include relevant info in-line. Avoid linking to "additional resources".
• Is the topic clear to the audience ?
• Did you mention

• what the audience will learn from the session?
• what you hope to achieve as a result of presenting your sessions (eg, 'next steps' or 'call to action'[1])?
• any 'requirements' needed for yourself in order to give the presentation or the community to participate?

(taken from devconf.in's CFP guidelines)

tasdikrahman

# These rules are copied from `kubectl get clusterroles admin -o yaml`
# With create, delete, deletecollection, patch, and update verbs removed
# Removed secrets resource except for list, impersonate:serviceaccounts,
# and pods/exec, pods/attach, and pods/proxy. Added (get,list,watch):nodes.
rules:
- apiGroups:
  - ""
  resources:
  - pods/portforward
  verbs: