This weekend I decided to check out Grafana. My first test for it was setting up the Zabbix backend. This went much better than I had expected so I started looking at what other data I could pull in. It turns out that Grafana may well be a great tool for centralizing data and metrics from disparate sources. The consensus on the interwebs, as best as I can tell, is that InfluxDB is the backend I should store my metrics in so I'm going try that next. Once InfluxDB is setup my plan is to try out some one-off inputs to it such as: Foreman and Puppet stats via foreman_influxdb VMware stats via vsphere-influxdb-go Veeam metrics to via veeam_grafana I'm also planning to check out several of the inputs listed on the Telegraf site including: Apache Nginx MySQL PostgreSQL MS SQL sysstat memcached php-fpm passenger One of the » Read more

 genebean        

When I started switching everything I could over to https-only I was under the impression that the only option was to tie each host to a single certificate unless I wanted to shell out the big bucks for a wildcard cert. This also meant one host per IP address if I wanted to use the standard port 443. That was two or three years ago. Just a few months ago I learned that SAN certificates were recognized by all the major browsers and started taking advantage of them to reduce the burden of needing two certs to cover things like example.com and www.example.com. In my mind this still required two IP addresses though (one per domain). All this changed tonight when I decided on a whim to see if you could setup Nginx to recognize name-based virtual hosts that were all tied to a single SAN certificate » Read more

 genebean        

Hooked and Proxied When I left off last time a webhook receiver was needed... well, its finished and published to Puppet Forge as genebean/puppetmaster_webhook. The module creates a custom Sinatra application and installs it along with RVM. The end result is that you can post messages from GitHub or GitLab and have it deploy the corresponding repository's branch or environment. While I was setting all this up I also decided to front everything with HAProxy so that I could simulate being behind a load balancer immediately and to prepare for the eventual high availability setup that is my end goal. As of today I have it so that all nodes talk to the Puppet master by way of the proxy. Foreman and my webhook receiver are also being fronted by the proxy. Round 1 Complete The first round of the project was to get everything up to date » Read more

 genebean        

Four repos become one... When I last created a full Puppet environment "Roles & Profiles" were the new way to do things. Gary Larizza was posting articles that talked all about how each of these should be in their own repository and how we should use r10k and hiera and how each of them should also have a repo. What that meant was that concerns were well separated but it also made for a rather complex environment. Since then we have all learned a lot and have come up with what I can confidently say is a vastly improved workflow: the Control Repo. After reading the official docs I still had questions so I decided to see if Gary had talked about it and of course he had. He actually has two articles on the subject that helped me solidify how to move forward: Workflows Evolved: Even Besterer Practices Roles » Read more

 genebean        

Better than two years ago I created a multi-node Vagrant setup based around a three node Puppet environment with boxes for: Foreman acting as a CA, report viewer, and ENC PuppetDB A Puppet master with r10k The environment also has a client node to test against. At the time I built all this Puppet 3.x was as the latest version. Fast forward to January 2017 and Puppet 3 has been end-of-life'd, Puppet is on version 4.8, Puppet Server is on version 2.7, and control repos are a thing so I figured it was time to update my stuff. So far I have revised my setup so that Foreman is not only the CA, report viewer, and ENC but also the Puppet master. PuppetDB is also on the same server and everything is running the latest versions. R10k is also part of this setup. Both Foreman's web interface » Read more

 genebean