Category Archives: System Engineering

자체적으로 rotate되는 로그파일에 logrotate 적용하기

log rotate

tomcat 기본설정 처럼 로그파일 이름이 자체적으로 rotate되어 버리는 경우, logrotate 로의  통합이 어렵다. 네이밍은 자체룰을 이용하고 압축을 하는 등 후작업을 logrotate에 넣는 방식으로 통합하는 방법이다.

     

Apache 2.4 IP-ACL for ELB (also any other Proxy/LB)

Apache HTTPD

As you all know, we use the ‘X-Forwarded-For’ header to determine the IP of client when the HTTPD is behind the ELB (or other Proxy/LB). However it is very difficult to set the IP-ACL in Apache configuration files common to the cases with and without LB. (due to the Apache environment variables) So I have been operating under this settings for some services.

If you see “syntax error, unexpected $end”, just remove queotes of expressions. This is a bug of apache httpd.

Mysql General Procedures for DML using JSON data type

The new MySQL 5.7 version has some great features. One of them is the ‘JSON data’ type. We can use it for column of table like ‘Virtual Colunm’ with Indexing. But, ‘JSON data’ is also useful for stored procedure. Because we can compact parameters and the procedure could be more flexible.I made the procedures for table insert/update via JSON parameter. When I apply them to my project, data-handling codes in the application decreased dramatically. (These procedures impliment ‘MySQL Procedure Pattern for Nested Transaction‘)

Mysql Backup Script

MySQL

Features Full Backup (Mysqldump) Incremental Backup (Bin-log) Local Backup & Remote(AWS S3) Upload Sample Environments MySQL bin log prefix : mysql-bin BINLOG_PATH=/home/mysql/data BACKUP_ROOT=/home/backup/mysql S3_PATH=s3://system-backup/{SyatemName}/mysql

Executing

Subversion Repogitories Backup Script

Subversion

Features Full Backup (Dump) Incremental Backup (Dump) Local Backup & Remote(AWS S3) Upload Sample Environments REPOS_ROOT=/home/svn/repos BACKUP_ROOT=/home/backup/svn S3_PATH=s3://svn-backup/svn

Executing

 

When Nagios send alert mails with attachement…

When Nagios send alert mails with attachement… Perhaps this problem is that if a device name or warning message include non-Latin characters.   1. Add new command to nagios configuration Original commands

New commands

  2. Message filter script (PHP)

Actually I wanted to make a filter by Python. But it was less accurate than PHP to determine the encoding of the input string.

AWS CodeDeploy 설정 (S3)

AWS CodeDeploy

The flow of a typical AWS CodeDeploy deployment 설정 목록 EC2 On-Premises(EC2가 아닌 물리서버) CodeDeploy 서비스용 IAM 권한 생성 서버용  IAM 권한 생성 CodeDeploy Application 생성 EC2 설정 CodeDeploy Agent 설치/설정 On-Premise 서버 설정 배포 파일 준비, appspec.yml 설정 [반복] 배포 [반복] CodeDeploy 서비스용 IAM 권한 생성 [AWS-Console] IAM > Roles : Create New Role Role Type :  AWS CodeDeploy Attach Policy : AWSCodeDeployRole 서버용 IAM 권한 생성 [AWS-Console] IAM > Policies : Create Policy

[AWS-Console] IAM > Roles : Create New Role Role Type : AWS EC2 Attach Policy : 위 Policy를 선택 CodeDeploy Application ‥‥‥

rsyslog + MySQL + LogAnalyzer on OpenSUSE

rsyslog Features Map

1. Install requirements

2. Create RuleBase for PHP log

3. Prepare MySQL

4. rsyslog Configuration for Log-Servers

5. rsyslog Configuration for Log-Client

6. Install LogAnalyzer

7. LogAnalyzer Configuration http://localhost/loganalyzer   ♦ References http://www.the-art-of-web.com/system/rsyslog-config/ http://www.liblognorm.com/files/manual/configuration.html  

Upload PKCS#12 Server Certificates to AWS

AWS IAM Certificate Manager

1. Extract RSA Private key

2. Extract Certificate

3. Extract Certificate Chains

4. Trimming  Certificates for AWS

5. Upload Key & Certificates to AWS via CLI

Install OpenVPN on openSUSE

OpenVPN

0. Plan Public IF : eth1 (210.1.1.1) Private IF : eth0 (10.1.0.0/16) Virtual Tunneling IF : tun0 (172.16.1.0/24) 1. Download and install packages

2. Install EasyRSA and create server ertificates

3. Configuration for PAM-plugin

4. Configuration for rsyslog

5. Configure SuSEfirewall

6. Configure IP setting shell script

7. Status file script and add to cron job

8. Configure OpenVPN and Start service Run yast Add network device “tun0” type TUN Assign tun0 to External Network at Firewall 9. Configure OpenVPN and Start service

  ∗ Create new client certificate ‥‥‥