sábado, 16 de mayo de 2020

[EN] How to update backend servers on HAproxy using HAproxy API (and not reloading config)

The HAproxy API is a great tool to interact with the configuration, updating it without the need to reload after every change (which is completely safe as stated here). In this case, I am just going to add and remove a backend server, so you can see how it works and how powerful it could be

I am going to use netcat instead of socat, but the result will be very similar.

When you configure your HAproxy, make sure that the backend block will have the server definition, which is going to be something like

> server-template websrv 1-100 192.168.122.1:80 check disabled

where

    server-template is the section of the block
    websrv will be the name of the backend servers, followed by a number
    1-100 is the range for that number that will complete the name of the backend servers
    192.168.122.1 will be an template address, but make sure that you have nothing there (you can set any IP you want)
    80 is the port you are balancing the traffic
    check disabled is an option, but we don't really want the check to be enabled because the host IP won't pass the check

You can add more options if you need, but that's a basic example.

Another important thing you need to know or count with is the number of sockets your HAproxy will have, because you'll have to inform all of them about the changes you are going to make. Keep that in mind.

Once your haproxy starts, you have no backend server listening, and you need to any some; remember that the idea is that you run a background process to update those servers.
The commands to enable and add a new backend server are

> echo "set server #BACKEND_BLOCK/#WEBSRV_NUMBER addr #IP_ADDRESS port #PORT" | nc -U #SOCKET
> echo "set server #BACKEND_BLOCK/#WEBSRV_NUMBER state ready" | nc -U #SOCKET

where
    #BACKEND_BLOCK is the backend block's name
    #WEBSRV_NUMBER is the backend server's name on haproxy
    #IP_ADDRESS is the IP of that new backend server
    #PORT is the port
    #SOCKET is the HAproxy socket you are talking to

After running the first command, your HAproxy will notify the changes (IP and port if they have changed), and after running the second command there will be no output.

> echo "set server backend/server50 addr 1.1.1.1 port 8080" | nc -U /var/run/haproxy.sock

IP changed from '192.168.122.1' to '1.1.1.1', port changed from '80' to '8080' by 'stats socket command'

> echo "set server backend/server50 state ready" | nc -U /var/run/haproxy.sock


and this way your HAproxy instance will start to send traffic to that backend server. If you have more that one instances of HAproxy running, you'll have to spread the changes to all of them; the command would be the same, just change the socket you are talking to.


In the case you want to put a server in maintenance state (so disable it), the command would be

> echo "set server backend/server50 state maint" | nc -U /var/run/haproxy.sock

Besides ready and maint, there is a thrird state of haproxy: drain; in this state the backend server is removed from the Load Balancer, but still allowed it to be checked and to accept new persistent connections.

Source: HAproxy.com

jueves, 30 de abril de 2020

[EN] DevOps roadmap

Hello!

Today I come with a roadmap that someone sent me a few days ago. It is a roadmap of what (according to how it is understood by who has drew it) a DevOps should know.



You can more or less agree with what is in it, but it has helped me to get to know some new technologies that could be very interesting to me.

What about you? What do you think? One thing amazing is that you can suggest your changes, but I am not sure they would take them into account. Anyway, I have at least two suggestions, that are
  • HOW COME Debian is not in purple???
  • I know there is no Load Balancing section but they should include it somehow


Source: roadmap.sh
You have a few more interesting roadmaps in that page

sábado, 4 de abril de 2020

[EN] Regular Expressions

Hello everyone!

How do you carry the lockdown? At the moment nothing bad, taking advantage of the time to do things that before didn't have enough time to do.

One of these things is to study; I have finished with a very interesting 'sed' and 'awk' course, and I wanted to share some notes on regular expressions, to see what you think.

‘\b[Cc]olou?r\b’
\b :: boundaries, limits the word
? :: optional inclusion of this character
\. :: Exactly one single character
this example matches Color, color, Colour, colour

Anchors
'^' :: start of a string
'$' :: end of a string

Ranges
[] :: denote the ranges
'[A-Za-z]' :: any letter
'[0-9]' :: any number; it could be represented as \d
'[a-z_]' :: lower case character and underscore character
'[349]' :: matches number 3, number 4 and number 9; it would match 34, 49 or 349 because include those numbers
'[^4]' :: matches anything BUT 4
'[Ss]erver' :: matches Server and server

Boundaries and strings
\s :: any white space character (space, line return, tap) > \S :: NOT looking for a white space character
\b :: word boundary (may include hyphen as word separator) >  \B :: NOT looking for a word boundary
'\ssytem' :: Matches "file system"
'\bsystem' :: Matches "file system" and "file-system"
'\bpop[0-9]\b' :: Matches pop2 and pop3 but not pop3s (from /etc/services file)
'\bpop[0-9]\B' :: Not matches pop2 and pop3 but matches pop3s (from /etc/services file)

Quantifiers
'u*' :: Matches u zero or more times
'u?' :: Matches u zero or once only (optional)
'u+' :: Matches u once or more times
'u{3}' :: Matches uuu (u 3 times)


'^\s*#' :: Matches all kind of commented lines: with no space, with spaces and with tabs
'start\s*end' :: Matches all independently the spaces between 'start' and 'end'
'start\s?end' :: Matches 'start end' and 'startend'
'start\s{2}end' :: Matches the option with 2 spaces between 'start and 'end'
'[a-z]{2}[0-9]{1,2}' :: Matches a postcode [ab12 7af]; {1,2} means that it could happen once or twice

grep -E :: takes extended regular expressions :: egrep. RE are extended when they use {}, but not when they use []

 



sábado, 14 de marzo de 2020

[EN] Pills :: using grep and sed

Hello everyone!

Today I bring you a tiny grep pills, a couple of features that I did not know and I think they are very interesting



So let's go there:

Returns # of matches (similar to wc -l)
> grep -c pattern

Shows the line that matches and two lines after
> cat file | grep -A2 pattern

Shows the line that matches and two lines before
> cat file | grep -B2 pattern

Shows the line that matches, two lines before and and two lines after
> cat file | grep -C2 pattern


Extra pill: This reminds me that if you want to add a line to a file, for example, above or below a specific row, you can do it using sed

Imagine that you want to add a line to /etc/passwords file, one above and one below a user named 'esther'

Adds the new line just after the user that starts with 'esther'
> sed ' /^esther/ a newuser:x:1001:1000:New User:/home/user:/bin/sh' /etc/passwd

Adds the new line just before the user that starts with 'esther'
> sed ' /^esther/ i newuser:x:1001:1000:New User:/home/user:/bin/sh' /etc/passwd


domingo, 23 de febrero de 2020

[EN] Nmap cheat sheet

Hello again,

nmap is a wonderful tool, very powerful and with which you can do a lot of things. I love it, it is one of the first utilities that I install on a new system, and I have found this cheat sheet that you will love for sure!



I have it to consult it often, so you will tell me if it is also as useful to you as it is to me.

Source: Sans.org

viernes, 24 de enero de 2020

[EN] [OOC] My first tattoo

Exactly a month ago I did a little crazy thing that I wanted to do for a long time and I got my first tattoo. Now healed and perfect, it looks like this


Just wanted to share it with you, I hope you like it!