Duplicity encrypted backups to Amazon S3
Duplicity is a tool for creating bandwidth-efficient, incremental, encrypted backups. It backs directories by producing encrypted tar-format volumes and uploading them to a remote or local file server. And because duplicity uses librsync, the incremental archives are space efficient and…
Building VPC with Terraform in Amazon AWS
Terraform is a tool for automating infrastructure management. It can be used for a simple task like managing single application instance or more complex ones like managing entire datacenter or virtual cloud. The infrastructure Terraform can manage includes low-level components…
Securing Logstash to Redis communication with Stunnel
Logstash is meant for private LAN usage since it doesn’t offer any kind of encryption support. If we need to ship sensitive data across WAN’s, like between Amazon VPC’s, we would like to have the communication channel secure. That’s where…
Centralized logs collection with Logstash, ElasticSearch and Kibana in Amazon AWS
Logstash is a tool for managing events and logs. It is very useful for collecting, parsing and storing logs for later use like for example searching. It comes with a web interface for searching through the logs. The picture bellow…
Setting up Encompass Maintenance Page with ELB, S3, Route53 and CloudFront
This is for the environments we have ELB (Elastic Load Balancer) instead of HAProxy. The idea is to host the maintenance page as static website in S3 bucket and then have a Failover DNS records in Route53 for the targeted…
SRIOV Enhanced Networking in AWS EC2 on Ubuntu-14.04 HVM
The latest EC2 generation of HVM instances makes use of the Enhanced Networking, utilizing the ixgbevf e1000 Gigabit Virtual Function Network Driver which provides significantly faster network layer processing. We can see it is already in use on Ubuntu-14.04 with…
Managing system resources with Cgroups and Ansible
Sometimes we need to limit particular resource usage for some process, utility or group of processes in order to prioritize or limit their usage. One way to achieve this in the modern Linux kernel is via Cgroups. They provide kernel…
IPSEC VPN tunnel setup between two Amazon VPC’s with OpenSwan and EC2 NAT instances’
With services running in multiple VPC’s sooner or later a need will arise for secure clustering of instances across regions. This is especially important in case when such services do not have built in SSL/TLS support or when the services…
IPSec VPN server setup in Amazon VPC with OpenSwan
The access to our Amazon VPC’s atm is based on ssh key pairs. While this is working fine and is pretty much secure it requires though each EC2 instance having public subnet interface which is not always desired. Usually the…