The reason for this is not to map out an environment for a legit company, but more a way to keep a small, budget diy setup organized and complete. I want to utilize my home network and figure out the most minimalist way to host services that won't just die out. I want a few things just so I have them:
postgres elasticsearch jenkins automatic backups a way to not worry about a failure monitoring
Generally, i want to host a few things on a machine in a datacenter but be able to automatically fail over to my house if that server barfs.
service how it is monitored where it is backed up how to manage security credentials
email - get the fiftytwo.net email working via google apps
install virtualbox. make a big ubuntu 14.04 box and install:
salt: https://www.digitalocean.com/community/tutorials/how-to-install-salt-on-ubuntu-12-04 https://www.digitalocean.com/community/tutorials/how-to-create-your-first-salt-formula http://docs.saltstack.com/en/latest/topics/tutorials/quickstart.html
how to add formulas - http://docs.saltstack.com/en/latest/topics/development/conventions/formulas.html
cd /srv/formulas git clone https://github.com/saltstack-formulas/jenkins-formula.git vi /etc/salt/master service salt-master restart
what's done? git, nginx, jenkins, es, logstash, kibana, nodejs, pm2, nagios(?), ipython. jenkins can pull from github and my private git repo (i added jenkins and jordan public keys to the git user) jenkins can build and test a node project but to get angularNonsense to really test, read and implement this: http://karma-runner.github.io/0.12/plus/jenkins.html
the full salt config is in my personal git server.
now i need to install aws-cli, put keys on the server and write a cron job to automate backups to s3. things to back up: /home/git/repos (use this gist to figure out how to create the date and whatnot - https://gist.github .com/philippb/1988919 ) /usr/lib/jenkins (install scm-sync-configuration and configure it to sync to my git repo) elsaticsearch - http://www.elasticsearch.org/guide/en/elasticsearch/guide/current/backing-up-your-cluster.html and http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/modules-snapshots.html and https://github.com/elasticsearch/elasticsearch-cloud-aws#s3-repository
wget -O - https://bootstrap.saltstack.com | sudo sh vi /etc/salt/minion add file_client: local vi /srv/salt/top.sls base: '*':
- git
- nginx
- jenkins
- elasticsearch
- logstash
- kibana
- nodejs
- pm2
- nagios
- ipython
- postgres
add a state tree for each state above: vi /srv/salt/git.sls git: # ID declaration pkg: # state declaration
- installed # function declaration
run salt: salt-call --local state.highstate -l debug
git - host my own git server , gitolite? have nagios check the url to make sure it responds s3cmd sync the project directory and config directory every night. ssh access only
nginx - for everything nagios commit config to git log everything to logstash
jenkins (build/deploy/multi environment) requires a jdk to run. figure out the best place for JENKINS_HOME nagios commit config to git, stored in JENKINS_HOME ssl via fiftytwo.net, password protected behind nginx
elasticsearch nagios commit {path.home}/config to git, s3cmd sync {path.home}/data and {path.home}/plugins ssl via fiftytwo.net, add basic-auth and authorization per this article - http://www.elasticsearch.org/blog/playing-http-tricks-nginx/
logstash - https://blog.devita.co/2014/09/04/monitoring-pfsense-firewall-logs-with-elk-logstash-kibana-elasticsearch/ nagios commit config to git - https://www.digitalocean.com/community/tutorials/how-to-use-logstash-and-kibana-to-centralize-and-visualize-logs-on-ubuntu-14-04 behind nginx basic auth
kibana nagios commit config to git behind nginx basic auth
nagios ? commit config to git behind nginx
ipython notebook nagios commit my environment setup to git behind nginx basic auth
python codebase commit everything to my git
pm2 for running node apps nagios? log to logstash - https://blog.devita.co/2014/09/04/monitoring-pfsense-firewall-logs-with-elk-logstash-kibana-elasticsearch/ s3cmd the startup script every night. (lib/scripts/pm2-init.sh via https://github .com/Unitech/PM2/blob/master/ADVANCED_README.md#startup-script)
postgres nagios https://wiki.postgresql.org/wiki/Automated_Backup_on_Linux then s3cmd to copy to s3, commit pg_backup.config to git
s3 fiftytwo-git fiftytwo-postgres fiftytwo-elasticsearch fiftytwo-securitycameras
security cameras are running on the host, set them up to: nagios, send logs to logstash s3cmd sync mpgs to s3 mysql nagios log to logstash auto backup to s3!
automatic updates
apt-get install fail2ban
apt-get install unattended-upgrades
vim /etc/apt/apt.conf.d/10periodic
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
vim /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Allowed-Origins {
"Ubuntu lucid-security";
// "Ubuntu lucid-updates";
};
apt-get install logwatch
vim /etc/cron.daily/00logwatch
/usr/sbin/logwatch --output mail --mailto test@gmail.com --detail high
ops domain is fiftytwo.net = get a wildcard ssl cert.
route53 for DNS.
encrypted, offsite backups
fileserver.
dev and production environments.