Pass utility to store password

Using Pass to save password securely. It requires GPG and keyes

gpg2 --gen-key
gpg --list-keys
gpg --list-keys  #Note Pubkey
      pub   2048R/0850D367 2020-11-09
      uid                  Securepass-store pass@nobody.com
      sub   2048R/677223F7 2020-11-09

#Initialise password store using GPG UID or Pub
pass init 2048R/0850D367
    Password store initialized for 2048R/0850D367.
#Now Pass is ready to ass password
pass insert -n user1

    

Quality is a mindset

 

Accuracy:  Achieving 100% accuracy is not always practical and often very expensive/time-consuming.   Each time you write a script/software, you must consider the level of accuracy required.  Whatever may be the requirement always maintain a high level of accuracy.

Best Practices:  Following industry-standard best practices always makes your code easy to read, identify mistakes, easy to modify, etc. Many codes are written to run for a long time and often have to revisit to make amendments. Following best practices makes it much easier to revisit and improve your code.

Consistency: This is the key to winning users' trust in your code. You only get one chance and if users lose confidence due to inconsistent results, it is very difficult to win them back. Go extra length to ensure your code produces a consistent result, and if it is not ready better not make it available than release incomplete script/software.

Documentation: It can be within the code itself and or externally.  Every code should describe the purpose, and thought process at a high level.  Programs should be intuitive and should contain help available to users.

Exception Handling: Every block code must have error checks to validate the result of each execution step and have an appropriate error message to clearly indicate the problem.  Also at each stage of error check a decision has to be made on what action to be taken if a particular step fails.

Fault Tolerance: No service is 100% reliable, and should always have tolerance for failures. This is especially true when dealing with external services. There must be checks to detect faults and a plan to handle faults. For example, if there is a failure at and endpoint, you have to make sure your application does not keep sending requests or filling up resources on your own system which in turn can cause further failures. 

Overtime

 

Automation balance

 

Java upgrade manual process

 

Upgrade steps when you have Java package

# Unzip/untar java to /usr/java
$ cd /usr/java ; tar xzf jdk-11.0.7.tar.gz
# Remove any existing link to latest and add link to new
$ rm latest
$ ln -s /usr/java/jdk-11.0.7 latest
# Update alternatives and set correct version
$ alternatives  --config java
There are 3 programs which provide 'java'.

    Selection    Command
   -----------------------------------------------
     1           /usr/java/jdk1.8.0_202-amd64/jre/bin/java
   + 2           /usr/java/jdk-11.0.3/bin/java
  *  3           /usr/java/jdk-11.0.7/bin/java
Enter to keep the current selection[+], or type selection number:

$ java -version

  java version "11.0.7" 2020-04-14 LTS

  Java(TM) SE Runtime Environment 18.9 (build 11.0.7+8-LTS)

  Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.7+8-LTS, mixed mode)

SLA and downtime window

 

Experience as a teacher

 

Enterprise Monitoring Alerting vs Notifying

 

 Enterprise monitoring is a living breathing entity that requires constant evaluation and adjustments to produce the most reliable accurate results. Once defined it is not often reviewed and often edge case monitoring is added as new systems evolve. This often adds to false alerts, noise, and loss of trust in monitoring systems

Alert or Notify?

An alert should be triggered only if it warrants definite action and has defined action to work on. When designing monitoring, people always get carried away with the number of metrics available to monitor and ofter end up generating a lot of noise. Yes good to have monitoring data to help with troubleshooting, but that does not mean alert!

When should you alert?

1. Service impact detected and human intervention required.
2. Breaching a threshold that is likely to cause a service outage.
3. Critical failures that have defined actions to rectify the issue.
4. Failures that have the potential to cause outage like host down.

What to monitor

Quote from SRE Book

 

"The four golden signals of monitoring are latency, traffic, errors, and saturation. If you can only measure four metrics of your user-facing system, focus on these four."

Not all metrics require monitoring and even fewer require alerting.

There are often 2 areas to consider when it comes to defining monitoring.

1. Events that can cause service disruption and requires manual intervention (On-Call)
2. Events/thresholds recording to help fault finding and long term analysis.

The Four golden signals are especially suitable for defining monitoring for events that generate alerts. For example, a high CPU for a short period does not always warrant Alerting unless there is an impact on Latency/errors and/or reaching resource saturation.

How many alerts?

Number of alerts for same incident should be minimal. For example when an underlying host fails, all metrics on that servers will fail too. There must be single alert for the host and rest of the checks should have dependency on it to have quality alerting.

Also major noise maker is repeat alert. Once an alert been acknowledged or being actioned, further repeat alerts only disrupts investigation and increases recovery time as Engineer will have to deal/change thought process to attend alert. 

Dunstable Priory and Busway

Excellent route for biking with kids, wheelchair access.

How do I check if IP is whitelisted on Ec2 instance?

With many service groups and rules whitelisting access in the service group, it is often difficult to find out if specific IP is white listed or not. Or sometimes you need list of all the rules attached to a specific Ec2 instance.

ec2-whitelistcheck.py  : Is a Python boto3 script that will accept Instance ID as input and

        ec2 :  Print all the Rules attached to Instance

        ec2check : Check whether specified IP is whitelisted or not. Can accept multiple IP addresses.

Python printing colourful text

Pythons scripts running on terminal can make use of Terminal colours to enhance output.

Example : https://github.com/vettom/PythonBasics/blob/master/terminal-color.py

Using Combination of Foreground and Backgrunod can ensure required colours.

\033[1;41m \033[97m{} \033[00m"

The way I manage is by defining function and call with required text. Or you could define it in your own class and include

Text Format	Foreground (text) color	Background color
0: normal text	30: Black	40: Black
1: bold	31: Red	41: Red
4: Underlined text	32: Green	42: Green
	33: Yellow	43: Yellow
	34: Blue	44: Blue
	35: Purple	45: Purple
	36: Cyan	46: Cyan
	37: White	47: White

AWS Check IP Whitelisting

Python Boto3 script to print all SG rules attached to a LoadBalancer

• How to list or check all the Security group rules attached to ELB/ALB
• How to find out if specific IP is whitelisted or not

Solution :  https://github.com/vettom/Aws-Boto3/blob/master/lb-whitelistcheck.py

AWS Boto3 script will take Loadbalancer as argument and loop through all Security groups attached and print or check if IP provided are whitelisted or not.

Help is available by run -h at anypoint

• Listing all Security Group rules attached to an ALB

   ./lb-whitelistcheck.py alb -l vettomalb1 -p vettomprofile -r eu-central-1

  INFO : Printing SG rules attached to ALB vettomalb1 using Profile=vettomprofile, Region=eu-central-1

  Procssing SG ['sg-00bb3ba21b32d6e', 'sg-07677a1dea9c6a']

 sg-003ba21b7832d6e  54.20.13.152/32  80 - 443

 sg-00bba21b7832d6e  54.28.231.43/32  80 - 443

 sg-00bb3bab7832d6e  56.208.110.37/32  80 - 443

 sg-07d7dd42ae859cd  192.150.3.2/32  22 - 443

• Check if provided IP are whitelisted or not

./lb-whitelistcheck.py albcheck -l vettomalb1 -p vettomprofile -r eu-central-1 -s 192.147.118.254 192.168.3.2 10.50.0.0

192.147.118.254 allowed in SG=sg-07d7f2ae859cd Rule=192.147.118.254/32 Ports 22-443

192.168.3.2 not whitelisted.

10.50.0.0 allowed in SG=sg-0f9f542ae859cd Rule=10.50.0.0/24 Ports 22-22

Dream big but set your goals right

   

    Often people chase their dream and end up disappointed because they may never reach it or pay very high price for their dream.  Chasing a dream people often forget to live and when/if they achieve the Dream, it may be too late for them to live.

   People are judged for the lack of ambition/drive, however if they found balance in life and living their dream who are we to say they should dream big? 

  It is always good to have big dreams, but should always have smaller achievable goals towards your dream. Achieving each goal makes you happier and move one step closer to your final dream. This way weather you reach your dream or not, you are likely to live happier life.