ElasticSearch LogStash and Kibana Stack on a CentOS

I. Install JDK

yum install java-1.7.0-openjdk

II. Install & Configure ElasticSearch

Add repository

rpm --import http://packages.elasticsearch.org/GPG-KEY-elasticsearch
cat > /etc/yum.repos.d/elasticsearch.repo <<EOF
[elasticsearch-1.3]
name=Elasticsearch repository for 1.3.x packages
baseurl=http://packages.elasticsearch.org/elasticsearch/1.3/centos
gpgcheck=1
gpgkey=http://packages.elasticsearch.org/GPG-KEY-elasticsearch
enabled=1
EOF

Install ElasticSearch

Kerberos setup on centos 7

Installing Kerberos on Redhat 7

This installation is going to require 2 servers one acts as kerberos KDC server and the other machine is going to be client. Lets assume the FQDN's are (here cw.com is the domain name, make a note of the domain name here): * Kerberos KDC Server: kdc.cw.com * Kerberos Client: kclient.cw.com

Tags 
kerberos centos7

Apache let's encrypt centos

Create needed directories

cd /etc/httpd
mkdir /etc/httpd/sites-available
mkdir /etc/httpd/sites-enabled

Append

IncludeOptional sites-enabled/*.conf

To vim /etc/httpd/conf/httpd.conf

Create vhost

/etc/httpd/sites-available/example.com.conf
<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/html
    ErrorLog /var/log/apache/example.com/error.log
</VirtualHost>

Enable vhost

Apache let's encrypt on ubuntu 16.04

Update and install the Let's Encrypt client

Install

sudo apt-get update
sudo apt-get install letsencrypt python-letsencrypt-apache

Invoke letsencrypt

sudo letsencrypt --apache -d <DOMAIN HERE>

Automate the renewal process

sudo letsencrypt renew renews all the domains on the server secured with Let's Encrypt as long as there are less than 30 days remaining until the certificate expires. We can automate the renewal process via cron.

Editing crontab:

Nginx let's encrypt (IPv6, HTTP/2 and A+ SLL) on ubuntu

There are two modes when you don't want Certbot to edit your configuration: - Standalone: replaces the webserver to respond to ACME challenges - Webroot: needs your webserver to serve challenges from a known folder.

Webroot is better because it doesn't need to replace Nginx (to bind to port 80) to renew certificates.

Kubernetes setup on ubuntu 16.04

Master: Install dependencies

apt update && apt upgrade -y
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -

cat <<EOF > /etc/apt/sources.list.d/kubernetes.list
deb http://apt.kubernetes.io/ kubernetes-xenial main
EOF

apt-get update
apt install linux-image-extra-virtual ca-certificates curl software-properties-common -y

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

add-apt-repository    "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) \
stable"

apt update

Adagios and naemon install on centos 7

Adagios and Naemon on CentOS 7 or Red Hat Enterprise Linux 7 x86_64.

If you don't know how to configure SElinux, put it in permissive mode:

sed -i "s/SELINUX=enforcing/SELINUX=permissive/" /etc/selinux/config
setenforce 0

First install the opensource.is and consol labs repositories

rpm -ihv http://opensource.is/repo/ok-release.rpm
rpm -Uvh https://labs.consol.de/repo/stable/rhel7/x86_64/labs-consol-stable.rhel7.noarch.rpm
yum update -y ok-release