Temporary SSH access on Linux servers

A while ago it was requested that developers should be able to login, upon request, on our production servers via SSH. Normally this is restricted to SysOps and DevOps operators. Developers have their DTA(P) to do their thing, but nevertheless management decided that they need CLI access to our live systems. Needless to say, we…

Continue Reading

More Debian vs Ubuntu stuff

Last week I’ve explained a bit why I’m considering jumping from Debian to Ubuntu to get our managed hosting a bit more up-to-date by default, instead of using 10 third party repos. This week I would like to specify more about our managed hosting tooling, what we’re using for Debian, what we might like to…

Continue Reading

From Debian to Ubuntu?

Ubuntu. Oh my. This is awkward. When I started out experimenting with Linux, I opted for CentOS since it is one of the most stable versions out there. You’ll soon find out though, that the software in the repos is too old for many situations in the web application industry. Right before I started working…

Continue Reading

Ansible prequel / preparation

Aargh all these Ansible posts and right after the last one I realised that it all needs a ‘prequel’: before we run our playbook we need some preparation. A VPS is setup in a few minutes and when we properly prepare the new VPS we run run the playbook after a few minutes more. Let’s…

Continue Reading

Wrapping up our Ansible playbook

For now I’m done with the Ansible playbook posts. We’ve covered some elementary parts of our playbook how to get a server going with at least the LEMP stack. There are two things I would like to cover in this post: setting up CSF/LFD and setting up AppArmor and both with a very specific reason….

Continue Reading

LEMP stack with an Ansible playbook

I can go on and on about what to put in a Ansible playbook and what we are using it for, but I won’t copy and paste our whole playbook. Besides its length, there’s also some pretty specific stuff in there thats surely of no use to you. I think this is my second to…

Continue Reading

Some more Ansible playbook stuff

In our last post we had a pretty decent start at our playbook. The top, some variables, bootstrap and repo configuration. Now, our Ansible configuration is pretty elaborate and I won’t go about and post the entire playbook here but I would like to share some more key elements. In this post configuring a user…

Continue Reading

First steps in the Ansible playbook

My last three posts build up to this one: the actual Ansible playbook. Well, actually, the playbook.yml file because the complete playbook consists of more elements than just this file, as described in the last posts. I’ve converted my existing config for all my Debian servers for 90% to Ansible which I find, as I…

Continue Reading

Making use of the existing Ansible structure

As introduced in my last post, I have a growing fleet of Debian servers on our managed hosting platform, that need some more centralised managed. The plan is to convert the config to Ansible playbooks and take it from there. But, we have to work with an existing structure. Ansible has a nice default folder…

Continue Reading

MariaDB migration to MySQL

In my last post I’ve explained how and why we need MySQL instead of the default MariaDB from the Debian repo. In the post, I’ve stated that I’ve assumed that there isn’t already a MariaDB installation active. But what when there is? Then we have to migrate from MariaDB to MySQL. It looks simple, but…

Continue Reading

MySQL instead of MariaDB on Debian

MySQL instead of MariaDB… At my current employer, I’ve introduced Debian as the poison of choice for all managed servers, instead of the more exotic FreeBSD. I believe there’re nothing wrong with FreeBSD, on the contrary, but getting support or fully qualified personnel is way more difficult for a company our size. Anyway, what does…

Continue Reading

Graphite and Graphite Web on Debian – Part 2

I really left you hanging last post, but for me getting Graphite running was a real challenge as well, because of a lot of, to me, unknown software and mechanisms. But you have to learn someday right? Well, I did and am now running some beautiful graphs alongside my Icinga configuration. This post we’re wrapping…

Continue Reading

Graphite and Graphite Web on Debian – Part 1

To complement our Icinga configuration, I’m installing Graphite and Graphite web on my Icinga master. Find out more here and of course here. Basically we’re going to visualise our Icinga checks. It’s not the easiest thing I’ve done so far, mainly because a few concepts were new to me. For instance: it works with a time-series database and…

Continue Reading