Blogs

Integrate AWS EKS and GitHub Actions

Introduction In today’s cloud-native world, container orchestration has become a must for scaling applications reliably. Kubernetes (K8s), an open-source orchestration platform, is the de facto standard for managing containers in production. But managing the control plane, networking, and high availability? That’s not something you want to handle manually. That’s where Amazon EKS (Elastic Kubernetes Service) comes in. EKS is a managed Kubernetes service by AWS. It takes care of provisioning the control plane, automating upgrades, and integrating deeply with other AWS services like IAM, VPC, CloudWatch, and Load Balancers. ...

[PART 2] Automated WebApp Provisioning and Secure Monitoring

Blog ini merupakan kelanjutan dari bagian sebelumnya. Jika belum membacanya, bisa cek disini. Langkah Implementasi Instalasi dan Konfigurasi Tools Prometheus. Note : Lakukan langkah dibawah ini di monitoring node. Download dan ekstrak file Prometheus. ~$ sudo su - ~# cd /opt /opt# wget https://github.com/prometheus/prometheus/releases/download/v2.48.1/prometheus-2.48.1.linux-amd64.tar.gz /opt# tar xvfz prometheus-2.48.1.linux-amd64.tar.gz Menambahkan file konfigurasi untuk Prometheus. /opt# cd prometheus-2.48.1. linux-amd64 /opt/prometheus-2.48.1. linux-amd64# vim config.yml --- global: scrape_interval: 10s evaluation_interval: 15s scrape_configs: - job_name: 'node' scrape_interval: 5s static_configs: - targets: ['192.168.4.10:9100','192.168.4.20:9100','192.168.4.30:9100'] - job_name: 'nginx' static_configs: - targets: ['192.168.4.20:9113'] - job_name: 'cadvisor' static_configs: - targets: ['192.168.4.30:8080'] - job_name: 'docker' static_configs: - targets: ['192.168.4.30:9323'] alerting: alertmanagers: - static_configs: - targets: - 192.168.4.10:9093 rule_files: - "rules/container.yml" - "rules/node.yml" - "rules/web-server.yml" Membuat SSL Key dan Certificate Signing Request. /opt/prometheus-2.48.1.linux-amd64# sudo openssl genrsa -out /opt/prometheus-2.48.1.linux-amd64/prometheus.key 2048 /opt/prometheus-2.48.1.linux-amd64# sudo openssl req -new -key /opt/prometheus-2.48.1.linux-amd64/prometheus.key -out /opt/prometheus-2.48.1.linux-amd64/prometheus.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. Country Name (2 letter code) [AU]:ID State or Province Name (full name) [Some-State]: South Kalimantan Locality Name (eg, city) []:Banjarbaru Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []: Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Membuat SSL Self-Signed Certificate. /opt/prometheus-2.48.1.linux-amd64# openssl x509 -req -days 365 -signkey prometheus.key -in prometheus.csr -out prometheus.crt -extfile <(echo "subjectAltName=IP:192.168.4.10" ) Certificate request self-signature ok subject=C = ID, ST = South Kalimantan, L = Banjarbaru, O = Internet Widgits Pty Ltd Instalasi paket yang dibutuhkan untuk basic authentication. ~# sudo apt-get update && sudo apt install apache2-utils -y Membuat password untuk basic authentication. ~# htpasswd -nBC 12 "" | tr -d ':\n' New password: <inputYourPassword> Re-type new password: <inputYourPassword> $2y$12$<saltAndHash> Menambahkan konfigurasi untuk web agar SSL dan basic authentication diterapkan. /opt/prometheus-2.48.1. linux-amd64# vim web.yml basic_auth_users: rifkyards: $2y$12$<saltAndHash> tls_server_config: cert_file: /opt/prometheus-2.48.1.linux-amd64/prometheus.crt key_file: /opt/prometheus-2.48.1.linux-amd64/prometheus.key Menambahkan rules untuk mengirimkan alert node yang mati ke Alert Manager. /opt/prometheus-2.48.1.linux-amd64# vim rules/node.yml # Add this lines groups: - name: NodeStatus rules: - alert: "NodeMonitoringDown" expr: up{instance="192.168.4.10:9100"} == 0 for: 5m labels: severity: critical instance: "{{ $labels.instance }}" alertname: "NodeMonitoringDown" annotations: title: "{{ $labels.instance }} is down" description: "The server with IP {{ $labels.instance }} has been down for more than 5 minutes." - alert: "NodeClient1Down" expr: up{instance="192.168.4.10:9100"} == 0 for: 5m labels: severity: critical instance: "{{ $labels.instance }}" alertname: NodeClient1Down annotations: title: "{{ $labels.name }} is down" description: "The server with IP {{ $labels.instance }} has been down for more than 5 minutes." - alert: "NodeClient2Down" expr: up{instance="192.168.4.30:9100"} == 0 for: 5m labels: severity: critical instance: "{{ $labels.instance }}" alertname: NodeClient2Down annotations: title: "{{ $labels.instance }} is down" description: "The server with IP {{ $labels.instance }} has been down for more than 5 minutes." Menambahkan rules untuk mengirimkan alert Nginx Server yang mati ke Alert Manager. /opt/prometheus-2.48.1.linux-amd64# vim rules/web-server.yml # Add this lines groups: - name: WebNginxStatus rules: - alert: NginxDown expr: nginx_up{instance="192.168.4.20:9113", job="nginx"} == 0 for: 5m labels: severity: critical instance: "{{ $labels.instance }}" alertname: NginxDown annotations: title: "{{ $labels.name }} is down" description: "The {{ $labels.job }} server on {{ $labels.instance }} has been down for more than 5 minutes." Menambahkan rules untuk mengirimkan alert container yang mati ke Alert Manager. /opt/prometheus-2.48.1.linux-amd64# vim rules/container.yml # Add this lines groups: - name: containerMonitoring rules: - alert: "Container2048Down" expr: absent(container_start_time_seconds{name="2048-apps",instance="192.168.4.30:8080"}) for: 5m labels: severity: critical instance: "{{ $labels.instance }}" alertname: Container2048Down annotations: title: "{{ $labels.name }} is down" description: "The {{ $labels.name }} container on {{ $labels.instance }} has been down for more than 5 minutes." - alert: "ContainerTicTacToeDown" expr: absent(container_start_time_seconds{name="tic-tac-toe-apps",instance="192.168.4.30:8080"}) for: 5m labels: severity: critical instance: "{{ $labels.instance }}" alertname: ContainerTicTacToeDown annotations: title: "{{ $labels.name }} is down" description: "The {{ $labels.name }} container on {{ $labels.instance }} has been down for more than 5 minutes." - alert: "GeneralContainerDown" expr: time() - container_last_seen{instance="192.168.4.30:8080", image!="", name!~"2048-apps|tic-tac-toe-apps|cadvisor"} > 220 for: 20s labels: severity: critical instance: "{{ $labels.instance }}" alertname: GeneralContainerDown resolved: 'false' annotations: title: "{{ $labels.name }} is down" description: "A container {{ $labels.name }} on {{ $labels.instance }} has been down for more than 5 minutes." Menambahkan konfigurasi untuk Prometheus berjalan di SystemD. ~# vim /etc/systemd/system/prometheus_server.service # Add this lines [Unit] Description=Prometheus Server [Service] User=root ExecStart=/opt/prometheus-2.48.1.linux-amd64/prometheus --config.file=/opt/prometheus-2.48.1.linux-amd64/config.yml --web.config.file=/opt/prometheus-2.48.1.linux-amd64/web.yml --web.external-url=https://192.168.4.10:9090/ [Install] WantedBy=default.target Menjalankan perintah agar SystemD Prometheus berjalan. ~# systemctl daemon-reload ~# systemctl start prometheus_server ~# systemctl enable prometheus_server Instalasi dan Konfigurasi Tools Alert Manager. Note : Lakukan langkah dibawah ini di monitoring node. ...

[PART 1] Automated WebApp Provisioning and Secure Monitoring

Dalam lingkungan TI modern, banyak organisasi menghadapi tantangan dalam mengelola kombinasi aplikasi berbasis SystemD dan container. Kesulitan ini dapat menyebabkan kurangnya visibilitas terhadap performa sistem, meningkatkan risiko downtime yang tidak terdeteksi, dan menyulitkan tim dalam merespons masalah dengan cepat. Untuk mengatasi tantangan ini, pendekatan yang umum diterapkan adalah menetapkan satu server sebagai pusat monitoring dan kontrol otomatisasi. Server ini berperan dalam mengintegrasikan berbagai alat seperti Terraform untuk otomatisasi pembuatan infrastruktur berbasis container, serta Ansible untuk mengelola konfigurasi sistem, termasuk pengumpulan metrik dan pengelolaan aplikasi berbasis SystemD. ...

Using Horizon and Yuyu to Track Your OpenStack Resource

Pada blog sebelumnya tentang Deploying Openstack with OpenStack-Ansible, telah dibahas bagaimana OpenStack memungkinkan pengelolaan banyak server secara otomatis dan efisien, sehingga menciptakan infrastruktur cloud yang lebih stabil dan mudah dikembangkan. Namun, untuk pengelolaan biaya dan tagihan terkait penggunaan sumber daya OpenStack, dibutuhkan sebuah solusi tambahan yang memudahkan pemantauan dan perhitungan biaya. Yuyu Billing hadir sebagai plug-in untuk OpenStack yang memungkinkan pengelolaan tagihan secara otomatis dan efisien. Dengan Yuyu, Anda dapat menghitung biaya untuk berbagai fitur OpenStack, seperti instance flavors, volumes, floating IPs, routers, snapshots, dan images, sehingga memudahkan pengelolaan anggaran dan memastikan transparansi biaya dalam lingkungan cloud. ...

Deploying OpenStack with Openstack-Ansible

Saat ini, pengelolaan banyak server secara manual sangat tidak efisien dan memerlukan waktu yang lama. Jika salah satu server mengalami gangguan, sistem dapat terganggu, dan proses penambahan server baru juga cukup rumit. Solusi yang dapat diterapkan adalah menggunakan OpenStack, yang menggabungkan seluruh server menjadi satu sistem cloud agar lebih fleksibel dan mudah dikelola. Untuk memastikan proses ini berjalan otomatis dan efisien, digunakan OpenStack-Ansible, yang memungkinkan konfigurasi sistem dilakukan tanpa perlu pengaturan manual satu per satu. Dengan solusi ini, infrastruktur menjadi lebih stabil, mudah dikembangkan, dan lebih andal dalam menghadapi gangguan. ...