Puppet

installation :

Centos 7

https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm

Centos 6

https://yum.puppetlabs.com/puppetlabs-release-pc1-el-6.noarch.rpm

Debian : http://apt.puppetlabs.com/

Server :

yum install puppetserver -y

vim /etc/sysconfig/puppet

change Ram value to match your server capacity

service puupetserver start

Done for server until now

client “agant “

yum install puppet-agent -y

vim /opt/puppetlabs/puppet/puppet.conf

[main]

server = master server `hostname`

runinterval = 10m

# puppet resource service puppet ensure=running enable=true # enable agent startup and Deomen

run the agent

puppet agent –test || will generate SSL

run on the master

puppet cert list

puppet cert sign `agent.hostname`

run on the agent

puppet agent –test

Setup complated

includes Vars :

Ruby Vars like : <%= Time.now =%> everywhere

Facter vars like : in modules $osfamily and in .erb files <%= @osfamily =%>

selectors :

$ntpservice = $osfamily ? {

‘redhat’ => ‘ntpd’,

‘debian’ => ‘ntp’,

default => ‘ntp’,

}

package { ‘$ntpservice’:

ensure => ‘installed’,

}

Or

if $osfamily == ‘redhat’ {

  package { ‘httpd’:

  ensure => ‘lastest’

  }

}

elsif $osfamily == ‘debian’ {

  

  package { ‘apache2’:

  ensure => ‘lastest’

       }

}

group Vars :

$admintools = [‘git’, ‘nano’, ‘screen’]

==================

Package Resource :

========================================

package { $admintools:

        ensure => ‘installed’,

  }

service Reource :

=================

service {‘ntpd’:

ensure => ‘running’,

enable => true,

}

==========================================

file options

==============

file { ‘/path’:

options => ‘value’,

owner => ‘root’,

group => ‘root’,

mode => ‘0664’,

ensure => ‘persent’

content => ‘welcome to the real world’,

        content => inline_template(“Created by Puppet at <%= Time.now %>\n”),

}

Mouldes :

==========

mkdir /etc/puupetlabs/code/envierment/producations/modules/my_mod/

manifests/init.pp

files

templates

whatever put in init.pp we can call it from node defineition like this

node ‘default’ {

class {‘my_mod’:}

# to include sub modules

class { ‘my_mod::sub_mode:’ }

while we can include any new class in our modules in init.pp

include my_mod::submode # just like that when we call my_mod class it will call all sub modules

creating sub modules like : sub_mod

vim sub_mode.pp

class my_mode::sub_mode {

file { ‘/info.txt’:

content => ‘ any file ‘,

}

  }

example of includes files or templates

file {/info.txt’:

content => template(‘my_mod/new_template.erb’)

or

source => “puppet:///modules/my_mode/new_file.txt”

working with modules

puppet module list ( show local modules )

puppet module search $name ( wil find online )

puppet module install $name –modulepath /our_path

Raid HW

megacli -CfgLdAdd -r0 [252:0,252:1] WB RA Direct CachedBadBBU -a0
megacli -CfgLdAdd -r1 [252:0,252:1] WT NORA Direct CachedBadBBU -a0

WT : writethrough faster. Data in disk cache is considered written. vs
WB: write-back safer. Only considered to be written once on disk.
NORA :No Read Ahead vs
RA: ReadAhead vs
ADRA : Adaptive ReadAhead where if the previous two requests were sequential it pre-loads the next in sequence.
Cached: Cache reads.
Direct: Only the previous read is cached.
-strpszM : Stripe size so -strpsz64 means 64kb stripe size.
Hsp[E0:S0] : Choose this drive to be a hot-spare
148148

nginx tips

http://www.nginxtips.com/how-to-install-nginx-geoip-module/
http://www.nginxtips.com/how-to-install-mod_security-on-nginx/
http://articles.slicehost.com/2009/2/2/centos-adding-an-nginx-init-script
http://www.nginxtips.com/nginx-optimization-the-definitive-guide/
https://github.com/cfsego/nginx-limit-upstream/
https://github.com/kyprizel/nginx_ocsp_proxy-module
http://wiki.nginx.org/HttpHealthcheckModule
https://code.google.com/p/nginx-sflow-module/
http://labs.frickle.com/nginx_ngx_slowfs_cache/
https://github.com/yaoweibin/nginx_tcp_proxy_module

nginx init.d

vim /etc/init.d/nginx

#!/bin/sh
#
# nginx – this script starts and stops the nginx daemin
#
# chkconfig: – 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /usr/local/nginx/conf/nginx.conf
# pidfile: /usr/local/nginx/logs/nginx.pid

Continue reading

nginx build scr

yum install -y gcc make automake autoconf libtool pcre pcre-devel libxml2 libxml2-devel curl curl-devel httpd-devel gcc-c++ pcre-dev pcre-devel zlib-devel make unzip

git clone https://github.com/SpiderLabs/ModSecurity.git mod_security
cd mod_security
./autogen.sh
./configure –enable-standalone-module
make

http://www.webtrafficexchange.com/how-mitigate-ddos-modsecurity-and-modevasive-centos-6
http://blog.cherouvim.com/simple-dos-protection-with-mod_security/
NPS_VERSION=1.9.32.2
wget https://github.com/pagespeed/ngx_pagespeed/archive/release-1.9.32.2-beta.zip
unzip release-1.9.32.2-beta.zip
cd ngx_pagespeed-release-1.9.32.2-beta/
wget https://dl.google.com/dl/page-speed/psol/1.9.32.2.tar.gz
tar -xzvf 1.9.32.2.tar.gz
wget http://nginx.org/download/nginx-1.7.7.tar.gz
tar -xvpzf nginx-*
cd nginx-*
./configure –add-module=/root//mod_security/nginx/modsecurity –add-module=/root/ngx_pagespeed-release-1.9.32.2-beta
make
make install

tuning 10Gbps

sysctl
========
fs.file-max = 5000000
net.core.netdev_max_backlog = 400000
net.core.optmem_max = 10000000
net.core.rmem_default = 10000000
net.core.rmem_max = 10000000
net.core.somaxconn = 100000
net.core.wmem_default = 10000000
net.core.wmem_max = 10000000
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_ecn = 0
net.ipv4.tcp_max_syn_backlog = 12000
net.ipv4.tcp_max_tw_buckets = 2000000
net.ipv4.tcp_mem = 30000000 30000000 30000000
net.ipv4.tcp_rmem = 30000000 30000000 30000000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_wmem = 30000000 30000000 30000000
net.ipv4.tcp_tw_reuse = 1
net.netfilter.nf_conntrack_max = 131072
net.ipv4.netfilter.ip_conntrack_generic_timeout = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 54000
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 30
net.ipv4.ip_forward=1
net.core.wmem_max=12582912
net.core.rmem_max=12582912
net.ipv4.tcp_rmem= 10240 87380 12582912
net.ipv4.tcp_no_metrics_save = 1
net.core.netdev_max_backlog = 5000
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_wmem= 10240 87380 12582912
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_max_syn_backlog=2048
net.netfilter.nf_conntrack_tcp_timeout_syn_recv=40
sysctl -p

init setup

Sysyem update
============
yum localinstall http://dl.iuscommunity.org/pub/ius/stable/CentOS/6/x86_64/ius-release-1.0-13.ius.centos6.noarch.rpm
yum localinstall wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum update

Kvm install
============
wget -N http://files.virtualizor.com/install.sh
chmod 0755 install.sh
./install.sh email=id3@id3m.net kernel=kvm lvg=new

===============================================================
## Get the latest source
# cd /usr/src/utils
# mkdir ddos
# cd ddos
wget http://www.inetbase.com/scripts/ddos/install.sh
sh install.sh
echo /usr/local/ddos/ddos.sh -c >> /etc/rc.local
===============================================================