Sometimes we need to add some application to pre-configured docker container. We can do this with “docker build” in a few easy steps. Step 1. Create Dockerfile. In it add source docker container to add requsted application installation procedure. Sampe Dockerfile Step 2. Build docker container from Dockerfile. Step 3. Modify docker-compose.yml file. replace original […]
Author: maxglaz
HowTo Kill all Docker containers and remove all data
If you need for any reason to kill all docker containers and remove all docker-related data, use following procedure: What this will do? This will not uninstall Docker and/or docker compose, but now your system will be clean like after initial docker installation.
VRRP on Linux. Use Keepalived for HA and load balancing.
VRRP – Virtual Redundancy Routing Protocol in Linux systems could be implemented with keepalived. Also, keepalived could be used to implement High Availability (active/passive) or load balancing (active/active). Four aspects need to be configured on a VRRP HA server: keepalived, iptables, sysctl and the service itself (rsyslog in this case). Sysctl. The host’s kernel needs […]
Case: revew firewall configuration
Case: Customer concerns about firewall configuration. Firewall implemented on Linux server. Firewall includes NAT. Discovery: During review of firewall configuration I discovered following – total number of lines in configuration are ~5500. Some rules grouped in groups (chains). Some groups have no rules in them. Many rules never have had traffic passing through them. Advice […]
How to configure PAT on Mikrotik (RouterOS)
Download WinBox and connect to Mikrotik. Select “IP” – > “Firewall”. Select NAT. Click on plus and select “Chain” -> “dsnat”. Enter dst.address – this is tipically public IP address of Mikrotik router. Enter protocol type (for HTTP this is “tcp”). Enter dst.port – port, what will be NAT-ed. Click “Atcion” tab. Select “Action” -> […]
Case: remote execution in Linux
Case: Customer have appliance from vendor running Linux. Customer have no access (restricted by agreement with vendor) to scheduler on server. Customer want periodically gather some information from applience and use it. Solution: Create shell script on Linux server, owned by customer. Schedule it on customers server. In mentioned script use remote execution to gather […]
Case: Separate call-center/support team from production network and from management network
Customer have one big network with all users in same network fragment. Customer want to improve security. Problem description: All employee reside in one big network fragment and have some level of access to all corporate servers. Production and support team span acros entire building. Proposed solution: Split network in 4 fragments: servers, support, production […]
Case: improve resilency and throughput of network.
Customer have issues with LAN. Customer do not want to spend money on new switches/routeres. Bottleneck – connection between datacenter switches and distribution/access level switches. Problems description: low througput. No redundancy for access switches 1 & 2 for cases, when link from access witch to distribution switch fail. Proposed solution: increase througput between DC switches […]
Upgrade OS on NEXUS switch from v6 to v9
There is no option to direct upgrade from v6 to v9. Following steps allow this happens. Remember memory limits and use smaller image, if you need to. Copy new image to switch. Install image. remove old image Install v7 image. delete old images Copy v9 image do some configuration change Install v9.
Port-channel (PC) / Virtual port-channel (VPC)
Port-Channel – is a bundle of 2+ links between 2 switches (see example below). Links bundled together and connection utilize throughput of both links. In comparison to spanning tree, links utilization become more efficient, as both links are used for data transfer. Sample configuration. Sw1 Sw2 Virtual Port-Channel – same as Port-Channel, with single difference […]