Paul's Resources

Search

SearchSearch

Notes

Apr 07, 2024, 4 min read

Resources

2FA for ssh https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-18-04

8/31/23 - Availability and Redundancy

  • CIA Triad
    • Confidentiality - encryption in transit (TLS), encryption at rest, access-control
    • Integrity - Hashing!
  • Threats to Availability
    • Why is availability important
      • $$$
      • Clients
    • What are the threats to availability?
      • Poor network setup
        • Bad Configs
      • Natural Disaster
  • What are the barriers to good availability
    • Cost
    • Disaster Recovery Site Options
      • Hot $$$, Cold $, and Warm $$
    • Types of Failover Like Sites
      • Hot $$$, Cold $, and Warm $$
    • Disaster Recovery Means
      • Data - Replication, Offiste Backup
      • Networks - High availability options, Double
      • People
        • Complex issues here
          • Who goes to the backup site?
  • Do cloud providers and services fix the problem
    • Cons
      • Must rely on another company for support
    • Pros
      • Can access anywhere
      • Larger companies have more availability zones
      • Cloud can scale

9/7/23 - First hop redundancy protocol

  • PKI signing (and singing in general is the future
  • They present the illusion of a single router to the host

9/14/23 - Web and Proxy Redundancy

  1. OPT Network set
    1. 10.0.6 Going
    2. NAT, DNS
    3. VRRP
  2. Web02 Setup
    4. Httpd
    5. All other config stuff
    6. Create web pages for web01 and web02
  3. HAproxy
    7. To load balance web01 and web02
    1. https://www.digitalocean.com/community/tutorials/how-to-use-haproxy-to-set-up-http-load-balancing-on-an-ubuntu-vps
    8. Use curl
  4. Keepalived for HAproxy
    9. https://tecadmin.net/setup-ip-failover-on-ubuntu-with-keepalived/
  5. Update nat for web server

9/21/23 - Database

  • Data to be consistent
  • Database Clustering
  • Setup database cluster first then webapp
  • Use HA machines for residency on the db
  • Galera is what Adam used

Standard Replication for maintenance

  • BackUps
    • Continuous - Never old
    • Without Locking tables - No Performance Drain
  • Upgrades and Schema Changes
    • Set Slave to Read-Only
    • Make Slave Master
    • Redirect Traffic away from Master to Slave - New Master
    • Apply Changes to Original Master
    • Redirect Traffic back to Master

Replication for Load Balancing

  • Distribute Read Traffic
    • Move Slow Heavy Queries to Slave
  • Redirect for Maintenance
    • Take Slave Offline to for Backups
    • Direct away from Failed Servers
    • Redirect Traffic while Upgrading

Enhanced Replication with Galera Cluster

  • Multiple Masters
  • Transactional
  • Writes
    • Conflict Detection and Resolution upon commit
    • Nodes Isolated Easily
    • Seamlessly Remove and Add Servers
    • Automatic Provisioning

Galera Cluster Basics

  • Virtual Synchronous Replication
  • True Multi-Master Solution
  • Almost No Slave Lag
  • Conflict Detection and Resolution on Commit
  • Easy Maintenance
    • Automatic Provisioning
    • Node Isolation

Data Centric

  • Data Doesn’t Belong to a Node
  • Data is Synchronized among Multiple Nodes

Node Provisioning Tool

  • State Transfers for New Nodes
    • State Snapshot Transfer SST
    • Incremental State Transfers IST
  • Methods for State Transfer
    • Physical - rsync

Database Configuration

  • Set Bing Address - Not Local Host
  • Set Default Storage Engine to InnoDB
  • Set Binary Log Format to Row
  • Enable Error Logging

10/5/23 - AWS

  • Start working on AWS
  • Amazon EC2
    • Amazon Elastic Compute Cloud allows customer to run virtual server sin the Amazon Cloud and provides
      • Virtual Computing environments, known as instances
      • Preconfigured templates for your instances, known as Amazon Machines Images (AMIs), that package the bits you need for your server (including operating system and additional software)
      • Various configurations of CPU, memory, storage, and networking capacity for your instances, known as instance types
      • Secure login information for you instances using key pairs (AWS stores the public key, and you store the private key in a secure place)
  • EC2 Features
    • Multiple physical locations for your resources, such as instances and Amazon EBS volumes, known as regions and availability zones
    • A firewall that enables you to specify the protocols, ports, and source ip ranges that can reach your instances using security groups
    • Static IPv4 addresses for dynamic cloud computing, known as Elastic IP addresses
    • Virtual networks you can create that are logically isolated from the rest of the AWS cloud, and that you can optionally connect to your own network, known as a virtual private cloud (VPC)
  • Instances and AMIs
    • An Amazon machine image is a template that contains a software configuration
      • For example an operating system an application server and applications
      • Like VMWare template
  • AMIs
    • AWS publishes many AMIs that contain common software configurations
    • In addition, members of the aws developer community publish custom AMIs
  • Instances
    • A virtual server in the cloud
    • An instance type essentially determines the hardware of the host computer used by your instance
  • Instance Storage
    • Amazon Elastic Block Store (Amazon EBS)
      • Most common must pay monthly fee per GB even if instance is stopped

10/19/23 - Federated Identity

  • Eduroam
    • Provides and Authentication method login on higher ed networks
  • 3rd Party authentication for applications
  • Oauth and Saml are the biggest federated authentication
  • Sometimes it makes sense for a web application to use user credentials from a 3rd party authentication service
    • Oauth 2
  • Sometimes it makes sense for a local authentication service to allow 3rd party applications to use it’s credentials
    • SAML
  • Oauth 2 RFC 6749

Graph View

Backlinks