#January 2016

Linux

Install and get started with Ansible in Ubuntu 14.04

4

This post will show you how to install Ansible and use Ansible to create a instance EC2 in AWS.

There are several way to install Ansible. In this post, I choose the way that uses PIP to install Ansible.

ac723946-269b-11e4-ae5f-22000a9780da-medium

If people are not laughing at your goals, your goals are too small

Install PIP, Python Boto:

1
apt-get install python-pip python-boto python-dev libffi-dev

We need python-boto to make Ansible is able to work AWS

Install Ansible:

1
pip install ansible

 

Now, we need to add AWS Access Key to make Boto can access to your AWS account:

1
2
export AWS_ACCESS_KEY_ID="your_aws_access_key"
export AWS_SECRET_ACCESS_KEY="your_aws_secret_key"

In the next step, you need create a folder for your project:

1
2
mkdir ansible-ec2
cd ansible-ec2

Create hosts file with the content below:

1
2
3
4
[local]
localhost
 
[minions]

And create a provision file name ec2_launch.yml with the content:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
---
  - name: Provision an EC2 Instance
    hosts: local
    connection: local
    gather_facts: False
    tags: provisioning
    vars:
      instance_type: t2.micro
      security_group: minions
      image: ami-2dad0149
      region: ap-southeast-1
      keypair: minions
      count: 1
 
    tasks:
      - name: Create a security group
        local_action:
          module: ec2_group
          name: "{{ security_group }}"
          description: Security Group for webserver Servers
          region: "{{ region }}"
          rules:
            - proto: tcp
              type: ssh
              from_port: 22
              to_port: 22
              cidr_ip: 0.0.0.0/0
            - proto: tcp
              from_port: 80
              to_port: 80
              cidr_ip: 0.0.0.0/0
      - name: Launch the new EC2 Instance
        local_action: ec2
                      group={{ security_group }}
                      instance_type={{ instance_type}}
                      image={{ image }}
                      wait=true
                      region={{ region }}
                      keypair={{ keypair }}
                      count={{count}}
        register: ec2
 
      - name: Add the newly created EC2 instance(s) to the local host group
        local_action: lineinfile
                      dest="./hosts"
                      regexp={{ item.public_ip }}
                      insertafter="[minions]" line={{ item.public_ip }}
        with_items: ec2.instances
 
 
      - name: Wait for SSH to come up
        local_action: wait_for
                      host={{ item.public_ip }}
                      port=22
                      state=started
        with_items: ec2.instances
 
      - name: Add tag to Instance(s)
        local_action: ec2_tag resource={{ item.id }} region={{ region }} state=present
        with_items: ec2.instances
        args:
          tags:
            Name: minions

Please custom the source code above for your case with the guide:

1
2
3
4
5
6
7
    vars:
      instance_type: t2.micro # instance type
      security_group: minions # AWS security group, will be created
      image: ami-2dad0149 # ami file for your instance
      region: ap-southeast-1
      keypair: minions # your key pair
      count: 1

Finally, just run a command to create EC2 instance:

1
ansible-playbook -i hosts ec2_launch.yml

If you what to run a series of commands in all the instances you created. You should create a run_test.yml file with content:

1
2
3
4
5
6
7
---
  - name: Run Test Script
    hosts: minions
    tasks:
        - shell: echo 'test script' #should change to test script
          args:
              chdir: /home/ubuntu

And run the test by Ansible Playbook:

1
ansible-playbook -i hosts -u ubuntu --sudo --sudo-user root run_test.yml -vvvv

 

Nguyen Sy Thanh Son

4

Docker, Linux

Centralize Docker logs with FluentD, ElasticSearch and Kibana

3

Beside monitor topic, Log also is a important issue we need to concern. In this post, I just mention the way how to centralize Docker Logs using FluentD, Elasticsearch and Kibana

4a2ee5ea-f25a-4af5-b56b-4ad90a87a985-medium

Try not to become a man of success, but rather try to become a man of value

Secenario

We will install FluentD, ElasticSearch and Kibana in the same machine.

  • FluentD : Collect and Transfer log data to Elasticseach
  • Elasticsearch: Store and indexing log data to support searching/filtering log data
  • Kibana: A web view supports you search/filter and virtualize the log data

Prerequisites

  • We have a machine installed Ubuntu 14.04 with IP 192.168.1.191
  • We already installed Docker, Wget

Now, I will show you step by step to get stated to centralize the log data with FluentD

Elasticsearch

Download:

1
wget https://download.elasticsearch.org/elasticsearch/release/org/elasticsearch/distribution/tar/elasticsearch/2.1.1/elasticsearch-2.1.1.tar.gz

You should check the latest version at https://www.elastic.co/downloads/elasticsearch

Uncompress:

1
tar xvxf elasticsearch-2.1.1.tar.gz

Run:

1
2
cd elasticsearch-2.1.1
sudo bin/elasticsearch

Or run as daemon:

1
sudo bin/elasticsearch -d

Now, we have Elasticsearch run on port 9200.

FluentD

Add the lines below to /etc/security/limits file:

1
2
3
4
root soft nofile 65536
root hard nofile 65536
* soft nofile 65536
* hard nofile 65536

Open new terminal and type command below, make sure the output is correct:

1
2
$ ulimit -n
65535

Install FluentD (uses Treasure Data):

1
curl -L https://toolbelt.treasuredata.com/sh/install-ubuntu-trusty-td-agent2.sh | sh

For other Ubuntu version, please read: http://docs.fluentd.org/articles/install-by-deb

Now, we need to install Elasticsearch Plugin for FluentD:

1
2
3
sudo apt-get install make libcurl4-gnutls-dev --yes
sudo td-agent-gem install fluent-plugin-elasticsearch
sudo td-agent-gem install fluent-plugin-record-reformer

Add the content below to /etc/td-agent/td-agent.conf to setup Fluentd transfer all docker logs to Elasticsearch :

1
2
3
4
5
6
7
8
<match docker.*>
  @type elasticsearch
  logstash_format true
  host 192.168.1.191
  port 9200
  index_name fluentd-docker
  type_name fluentd-docker
</match>

And restart FluentD:

1
sudo /etc/init.d/td-agent restart

Docker

Now, we change docker configuration file to use Fluent as a Log Driver. Open /etc/default/docker, and add the line below:

1
DOCKER_OPTS="--log-driver=fluentd --log-opt fluentd-address=localhost:24224"

Add restart docker to apply the change:

1
sudo service docker restart

Kibana

We will run Kibana in Docker Container with command:

1
docker run --name kibana -e ELASTICSEARCH_URL=http://192.168.1.191:9200 -p 5601:5601 -d kibana:4.1.4

Now, you can access http://192.168.1.191:5601 to see Docker Logs in Kibana.

Tips

Delete a index in Elasticsearch:

1
curl -XDELETE 'http://localhost:9200/twitter/'

List all Indexes in Elasticsearch:

1
curl 'localhost:9200/_cat/indices?v'

Nguyen Sy Thanh Son

3

Docker, Linux

Monitor Nginx with CollectD, InfluxDB and Grafana

6

Monitor is the best solution to know your system is working well or not.  If your system is complicated,  you will have many things need to be monitored. In this post, I just show you a simple way to monitor Nginx with CollectD, InfluxDB and Grafana.

Before reading this post, make sure that you are take a look Monitor server with CollectD, InfluxDB and Grafana to get started with CollectD, InfluxDB and Grafana.

Nginx

To monitor Nginx, your nginx have to be enabled http_stub_status_module. At the first, you should check your Nginx contains http_stub_status_module or not by command:

1
$ nginx -V 2>&1 | grep -o with-http_stub_status_module

In the default, if you are using Ubuntu 14.04, and install nginx by apt-get command, then you do not worry about the step above.

And now, you should change nginx config with the content below:

1
2
3
4
5
6
7
8
9
server {
    location /nginx_status {
        stub_status on;
 
        access_log off;
        allow 127.0.0.1;
        deny all;
    }
}

And restart your nginx:

1
sudo /etc/init.d/nginx restart

Now, you can get nginx status by url http://127.0.0.1/nginx_status:

1
curl http://127.0.0.1/nginx_status

The output should be:

1
2
3
4
Active connections: 1
server accepts handled requests
13 13 106
Reading: 0 Writing: 1 Waiting: 0

CollectD

In the next step, we will enable Nginx plugin of CollectD in /opt/collectd/etc/collectd.conf:

1
2
3
4
LoadPlugin nginx
<Plugin nginx>
    URL "http://localhost/nginx_status?auto"
</Plugin>

Restart your CollectD:

1
sudo /etc/init.d/collectd restart

InfluxDB

After restarting CollectD, you wait a minute then checking InfluxDB to make sure that Nginx monitor data is stored.

Grafana

In the last step, we create a Graph Panel in Grafana to monitor how many “requests per second” . And Switch editor Mode to input the query below:

1
SELECT DERIVATIVE("value") FROM "nginx_" WHERE "host" = 'yourhost' AND "type_instance" = 'handled'

If you do not know how to “Switch editor mode”, you should see the image below:

14-01-2016 9-17-47 SA

Grafana – Switch editor mode

Finally, you will get the graph below:

13-01-2016 10-17-47 SA

Nginx – Request Per Second

You can also use data stored in InfluxDB to create the output by your way.

 

Nguyen Sy Thanh Son

6

Linux

Backup Postgres 9.4 to S3 with WAL-E in Ubuntu 14.04

5

If you are using Postgres 9.4 Database for your project. I think that you are thinking about backup Backup Postgres everyday. So in this post I will show you how to  backup Backup Postgres 9.4 to S3.

9efd1a62-cdf7-4a05-8d2f-11e0b44492c8-medium

A sign of a good leader is not how many followers you have, but how many leaders you create.

Install Dependencies:

1
apt-get install lzop pv python-pip python daemontools

Using PIP to install WAL-E:

1
pip install wal-e

Using PIP to upgrade Request:

1
pip install -U requests

Using PIP to upgrade Six:

1
pip install --upgrade six

If you not upgrade them,  maybe you will meet an error as below when you run WAL-E Backup:

1
2
3
4
5
6
7
8
9
10
11
12
13
$ /usr/bin/envdir /etc/wal-e.d/env /usr/local/bin/wal-e backup-push /var/lib/postgresql/9.4/main
Traceback (most recent call last):
  File "/usr/local/bin/wal-e", line 5, in <module>
    from pkg_resources import load_entry_point
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2749, in <module>
    working_set = WorkingSet._build_master()
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 446, in _build_master
    return cls._build_from_requirements(__requires__)
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 459, in _build_from_requirements
    dists = ws.resolve(reqs, Environment())
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 628, in resolve
    raise DistributionNotFound(req)
pkg_resources.DistributionNotFound: six>=1.9.0

And we should change permission for PIP packet so that postgres user is able to use them:

1
2
$ chmod a+xr -R /usr/local/lib/python2.7/dist-packages/requests*
$ chmod a+xr -R /usr/local/lib/python2.7/dist-packages/six*

Edit postgresql.conf to do backup with wall-push command:

1
2
3
4
wal_level = archive # hot_standby in 9.0+ is also acceptable
archive_mode = on
archive_command = 'envdir /etc/wal-e.d/env /usr/local/bin/wal-e wal-push %p'
archive_timeout = 60

Now, we restart postgres to apply the changes:

1
/etc/init.d/postgresql restart

Backup Everyday

Assume that you created a bucket on S3, and you have AWS credentials. So you should push them to config file with commands:

1
2
3
4
5
6
7
umask u=rwx,g=rx,o=
mkdir -p /etc/wal-e.d/env
echo "your_aws_secret_key" > /etc/wal-e.d/env/AWS_SECRET_ACCESS_KEY
echo "your_aws_access_key_id" > /etc/wal-e.d/env/AWS_ACCESS_KEY_ID
echo 's3://yourbucketname/postgres' > \
  /etc/wal-e.d/env/WALE_S3_PREFIX
chown -R root:postgres /etc/wal-e.d

Now, we will try to backup to S3 in the first time. At the first, change to postgres user:

1
sudo su postgres

Run backup command:

1
$ /usr/bin/envdir /etc/wal-e.d/env /usr/local/bin/wal-e backup-push /var/lib/postgresql/9.4/main

The output should be:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
wal_e.main   INFO     MSG: starting WAL-E
        DETAIL: The subcommand is "backup-push".
        STRUCTURED: time=2016-01-05T02:20:47.435213-00 pid=11384
wal_e.operator.backup INFO     MSG: start upload postgres version metadata
        DETAIL: Uploading to s3://xxxxxxxxxxxxxxxxxx/postgres/basebackups_005/base_000000010000000000000002_00000040/extended_version.txt.
        STRUCTURED: time=2016-01-05T02:20:47.715716-00 pid=11384
wal_e.operator.backup INFO     MSG: postgres version metadata upload complete
        STRUCTURED: time=2016-01-05T02:20:47.786793-00 pid=11384
wal_e.worker.upload INFO     MSG: beginning volume compression
        DETAIL: Building volume 0.
        STRUCTURED: time=2016-01-05T02:20:47.826936-00 pid=11384
wal_e.worker.upload INFO     MSG: begin uploading a base backup volume
        DETAIL: Uploading to "s3://xxxxxxxxxxxxxxx/postgres/basebackups_005/base_000000010000000000000002_00000040/tar_partitions/part_00000000.tar.lzo".
        STRUCTURED: time=2016-01-05T02:20:48.233511-00 pid=11384
wal_e.worker.upload INFO     MSG: finish uploading a base backup volume
        DETAIL: Uploading to "s3://xxxxxxxxxxxxxxxxxx/postgres/basebackups_005/base_000000010000000000000002_00000040/tar_partitions/part_00000000.tar.lzo" complete at 9791.88KiB/s.
        STRUCTURED: time=2016-01-05T02:20:48.846993-00 pid=11384
NOTICE:  pg_stop_backup complete, all required WAL segments have been archived

Finally, we add the command to crontab to backup 5 AM everyday:

1
0 5 * * * /usr/bin/envdir /etc/wal-e.d/env /usr/local/bin/wal-e backup-push /var/lib/postgresql/9.4/main

Finished your works now!

Nguyen Sy Thanh Son

5