The Blog of Nitin J Mutkawoa, AKA @TheTunnelix – Page 2 – Mauritian living in the USA | Founding member of cyberstorm.mu | Creator of tunnelix.com | Devops Engineer | Hacker at IETF Hackathon | VCA & VCP

10 steps to install Puppet configuration management tool

10/09/2019 Nitin J Mutkawoa Add Comment

Some days ago a guy asked me why I do not blog anything on Puppet configuration management tool and prefer Ansible over Puppet. True it is that I prefer Ansible because it is agentless and very easy to use. However, we agreed that there are certain situations that Puppet wins over Ansible. I decided to blog about this configuration management tool so as to enhance my knowledge and that of my readers. Puppet provides several services such as Windows automation, cloud management, configuration management, etc. However, in this blog post, we will talk about puppet as a configuration management tool. Puppet provides the ability to define which software and configuration a system requires and then maintain a specified state after the initial setup. The nodes that Puppet control must have the Puppet agent installed. In this blog post, we will focus on the installation of the Puppet Server and the Agent as well.

1. For that, I created two VMs (puppet-server and puppet-client) on my Virtual Box labs which are Puppet-Server and Pupper-Client. I have also mentioned each hostname and IP Address in the /etc/hosts file of each server.

2. You can get the repository on yum.puppetlabs.com. I downloaded it with the following commands on both servers:

rpm -Uvh https://yum.puppetlabs.com/puppet-release-el-7.noarch.rpm

3. On the puppet-server, install the puppet-server package.

yum install puppetserver

4. Since I am on a virtual machine with very low memory assigned, I tweak the memory Xms and Xmx value (heap size). The Xms is the initial minimum heap size when the service start whilst the Xmx is the maximum heap size. On the puppet-server, I edited the file /etc/sysconfig/puppetserver and change the heap value to this:

JAVA_ARGS="-Xms1g -Xmx1g -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"

5. Add the puppet binary to your environment. I edited the bash_profile file for that.

PATH=$PATH:$HOME/bin:/opt/puppetlabs/bin

Also launched the following command:

source bash_profile

6. Also, install the puppet-agent on the puppetclient machine.

yum install puppet-agent -y

7. On the puppetserver, you can start the service with the following command:

systemctl start puppetserver

8. And, on the puppetclient you can start the service as follows:

systemctl start puppet

9. Now, that we have seen how to install the Puppet server and the agent. Let’s now see other directories related to Puppet.

/etc/puppetlabs/puppet – contain several configuration files
/etc/puppetlabs/puppet/ssl – contain the certificate
/etc/sysconfig/puppetserver – file that contain the java configuration such as heap size, start timeout etc.
/etc/puppetlabs/code/environments/production – Default production environment available to write the codes.

10. In Puppet, whatever instructions you give the Puppet agent is called a ‘resource’. This is the fundamentals to write the manifest where instructions are given to manage Puppet. To know the resources available you need to launch the following command:

puppet resource --type

11. To understand the syntax of the resource, for example, the resource ‘file’, use the following command:

puppet describe file

In the next article, I will describe how to use the Puppet configuration management tool to administer or to instruct the puppet agent to perform specific tasks. Remember, Puppet file extension ends with ‘.pp’ and I will focus a lot more on that. At the same time, this is a good way to refresh my memory when using Puppet. I hope you liked this article when it comes to the basic installation and configuration when using Puppet.

Linux Application DevOps, linux, Puppet

Getting started with Terraform

10/08/2019 Nitin J Mutkawoa Add Comment

Terraform is an open-source tool created by HashiCorp and it is written in Go programming language. Using Terraform allows us to define our infrastructure as a Code by using declarative language. It’s important to understand that Terraform language is declarative, which describes an intended goal rather than the steps to reach the goal. Once you define your infrastructure, Terraform will figure out how to create it. Terraform also supports a variety of cloud providers and virtualization platforms such as AWS, Azure, VMware, OpenStack, etc.. This is pretty cool as it eliminates several tasks, for example, to create several AWS instances.

Installation of Terraform

1. This is pretty simple. You just have to go on the official website and download the package. In my case, I am on a Linux machine, and I am choosing a Linux 64 bit package.

To download and unzip it, use the following command:

wget https://releases.hashicorp.com/terraform/0.12.10/terraform_0.12.10_linux_amd64.zip && unzip terraform*.zip

2. I moved the binary to /usr/local/bin. Make sure it is in the path environment variable.

mv terraform /usr/local/bin

3. By this time, you should get your binary and be able to check the version.

terraform version

Setting up API call for Terraform on AWS

4. We also need to allow terraform to make an API call on our behalf. I will be calling the API on AWS. For that, you will need to create a user on the AWS IAM and assign the rights and policies. Assuming that you have already created the user and you have the credentials to move ahead. Use the following commands:

export AWS_ACCESS_KEY_ID="AKIA***************"

export AWS_SECRET_ACCESS_KEY="mVTwU6JtC***************"

export AWS_DEFAULT_REGION="us-east-1"

Writing the codes

5. Once you are done exporting the credentials, you can start building your Terraform code. The whole code is in my Github and you can download it for free.

The first thing is to configure the provider and the region.

provider "aws" {

 region = "us-east-1"

}

6. Each provider supports different kinds of resources such as load balancers, servers, databases, etc.. In this example, we are trying to create a single EC2 instance. I have chosen the AWS Linux OS and the smallest nano server. The tags are just the identifier in AWS.

resource "aws_instance" "web" {

  ami           = "ami-0b69ea66ff7391e80"

  instance_type = "t2.nano"

}

7. Then launch a terraform init to initialized the Terraform working directory. By that, I mean that it will download the AWS plugin. You should found a similar type of output from your screen.

8. Before performing the actual change, you can use the terraform plan to understand what change has been established. The plus sign means what is going to be added and the minus sign means those that are going to be removed.

9. To create the instance use the terraform apply to create the instance. It will prompt you to type ‘yes’ to continue on with the creation.

10. If you go on the AWS EC2 console, you will notice that the resource has been created successfully.

11. Hey, it’s not over yet! There are more things that need to be added for example the name of the instance. Let’s called it Nginx-Server. Let’s add the tags. Also, launch a terraform apply.

tags = {

    Name = "Nginx-Web"

 }

Adding User Data and Security groups

12. At this stage, I believed you must understand what is Terraform and how it works? To make the installation of Nginx add the following block of lines:

user_data = <<-EOF

  #!/bin/bash

  yum install nginx -y

  systemctl start nginx

  systemctl enable nginx

  EOF

13. To add the security groups, enter these codes:

resource "aws_security_group" "allow_http" {

  name        = "allow_http"

  description = "Allow HTTP inbound traffic"

  ingress {

    from_port   = 80

    to_port     = 80

    protocol    = "tcp"

    cidr_blocks = ["0.0.0.0/0"]

  }

14. In part 6 under instance_type, I have added this line. What it means? “aws_security_group” is a resource, “allow_http” is a variable that has been called from the security group in part 13, and lastly “id” is the attribute.

  vpc_security_group_ids = ["${aws_security_group.allow_http.id}"]

15. Note that when launching terraform apply, you will notice that Terraform will destroy the old machine and build a new one which implies that there will be a downtime.

16. You can also view your code through a graph. Launch the command terraform graph. The output can also be viewed as more human-readable through Graphviz which you have to install. You can also go to webgraphviz.com to view it online.

It is very interesting to understand the dependency when using declarative language in Terraform. The full code can be viewed here on my Github Repository.

Linux Application, Linux System, Scripts and codes, Virtualisation AWS, DevOps, Terraform, virtualization

cyberstorm.mu member relocated to the United States of America

08/20/2019 Nitin J Mutkawoa Add Comment

I admit that I was keeping that a secret since long. Well, many already know now that I moved to the state of Connecticut in the United States of America. I finally got my permanent residency authorization and I am considering different job opportunities. However, I am open to voluntary works here in the states.

When someone first arrives here, there are many things to start with such as a Driving license. It is also important to ensure that the green card is being shipped although the permanent residency is already proven on through the passport visa, Social Security card, Conversion of certificates, prospective jobs, getting used to traveling, communication tools such as SIM cards, Internet access, housing, etc.

Today is the fifth day that I am in the states and I have been visiting several places in Connecticut and been to New York City. As we are in summer here, I have been to BlueBerry picking at a farm and other nature recreational places. Of course, when it comes to food, I make sure that I did not miss the burger. There are also several health caravans which were providing free health checkup which I did. I made some shopping in huge hardware shops such as Lowes which were pretty fascinating. Also had some administrative tasks to complete at the John Kennedy International Airport.

firstweekusa

When reaching the United States, I made a landing video from the plane. You can check it out below.

[yotuwp type=”videos” id=”6zLfD0TQS5k” ]

Now, the adventure begins and my checklist is becoming so complicated. But, I’m sure everything will get sorted soon. I’m also following events and meetups in Mauritius and I’m glad that cyberstorm.mu is present in the AFPIF – African Peering and Interconnection Forum conference in Mauritius.

Uncategorized usa

IETF 105 Hackathon remotely from Mauritius

08/20/2019 Nitin J Mutkawoa Add Comment

For sure, I cannot miss out to share this blog post which is about the IETF 105 hackathon which took place in Montreal, Canada. It was carried out at The Kiosk, Coromandel at the quarters of cyberstorm.mu. If you have been following cyberstorm.mu team during the IETF hackathon, you would have noticed that we had a pool and several amenities. This time, due to some constraints, we have decided to shift to our brand new office at The Kiosk, Coromandel.

It was two days hackathon. Some decided to work remotely whilst others came at the office to discuss and proceed ahead with robust analysis and more codes. We also had new participants who agreed to attend the hackathon. Some visited us for a while whilst others came to visit us just out of curiosity.

The team also came to know that it could be my last days in Mauritius as I decided to move to the United States and also resigned from my current position as DevOps Engineer at Orange Business Services. Thanks to Nathan Sunil Mangar who provided us with several goodies. Some days back the SANS Internet Storm Center sent me some stickers which I shared with the team.

The team was working on TLS 1.3, SSH, SCE, DSCP-LE PHB, and the IETF Mobile App. On the next day, Loganaden Velvindron presented the work remotely from Mauritius. I was glad to be able to work on the Check-SMTP software by ZeroSpam which is a company in Canada. More and more applications are now TLS 1.3 compatible. The SSH RC4 deprecation is now becoming a reality. You can view the presentation here:

[yotuwp type=”videos” id=”SoHsM4SlYZ0″ ]

Thanks to the TheKiosk who sponsored us the location and a brand new office. The team is looking forward to work further in the next IETF hackathon. Also, cyberstorm.mu is now giving support to several IETF hubs in Africa and bringing more free security patches to the world. More picture here:

ietf105

MeetUps and Presentations hackathon, ietf, ietf 105

Attending Africa Internet Summit 2019 remotely from South Africa

07/31/2019 Nitin J Mutkawoa Add Comment

This year the Africa Internet Summit was held in Kampala, Uganda. I could not be physically present as I had to fly urgently to Johannesburg for both personal and business reasons. For those, who are not aware of the Africa Internet Summit AIS’19, it is an event initiated by the ISOC and Afrinic organizations to discuss policy and tech happening in the big Africa continent. There were also few presentations about networking and tech by ISOC, ICANN, Dot Africa TLD, etc. Jeremy Daniel (Cyberstorm.mu) and Loganaden Velvindron (AfriNIC) were present there to lead the hackathon on NTP, and well as a presentation by Loganaden Velvindron who spoken on, QUIC (Quick UDP Internet Connections) which is a new encrypted-by-default Internet transport protocol, that provides a number of improvements designed to accelerate HTTP traffic as well as make it more secure, with the intended goal of eventually replacing TCP and TLS on the web.

As I could not be physically present, I registered myself to attend remotely. The streaming was amazing and worked pretty fine for me with really little major networking issues. The hackathon was lead by the cyberstorm.mu team. I remember last year during the Africa Internet Summit 2018, I was there leading for the NTP hackathon.

Champions: Loganaden Velvindron (AFRINIC) & Jeremie Daniel (University of Mauritius and cyberstorm.mu)

NTS interop
https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp/
NTS measures are to enable NTP entities to cryptographically identify their communication partner, to ensure authenticity and integrity of exchanged time synchronization packets, and to provide replay protection.

There were also one of the most interesting parts that are policy discussion in the Africa region. The online streaming was very good with little connectivity problems noted. I’m glad about the NTP hackathon which was led by the cyberstorm.mu team. There were also other tracks such as IPwave, IPv6, DNS, etc. More information is also available on the official AIS wiki page. There is also another French article on ict.io as well as an English article from the Internet Society which covers the AIS hackathon.

MeetUps and Presentations Africa, AIS, cyberstorm.mu, mauritius