§ Welcome!

$>ls -al ../.plan ../.project
-rw-rw-r-- 1 jlj family 1330 Dec 22 15:17 ../.plan
-rw-rw-r-- 1 jlj family 1355 Dec 22 15:17 ../.project

$>cat ../.project
Done my first Splunk PS now; I'm officially a consultant!
I'm also certified as Professional (above Associate) with both Terraform and Vault now!
I finished the Linux Upskill Challenge! An excellent course. I highly recommend it. As I write this, it's being offered each month, for free, beginning on the first Monday of the month, IIRC. Check out reddit for details.
My Vault HA cluster is up and running:

I'm running two Vault nodes, one in an LXD container, and the other on one of my old laptops.
It's backed by Consul, running on three nodes, each in another LXD container.
The gossip key is now stored in Vault, and can be automatically rotated.
All cluster traffic is encrypted over SSL, using certificates generated by my intermediate CA (in Vault).
I'm also using the Transit Secrets Engine to auto-unseal another Vault I have running as two nodes, each on other old laptops. (One of those just failed yesterday, however. Gonna see whether a hoover can revive it.)
All four containers are bridged on the LAN.
I'm running Telegraf on each of these nodes, sending metrics to InfluxDB, running on my Xubuntu server.

I've then got Grafana running on my main workstation, with a few different dashboards, monitoring Consul, Vault, telemetry from my old laptops themselves, Jitsi, my broadband, etc.
I'm running Jitsi Meet on my Xubuntu server as well. Let me know if you'd like to use it for video conferencing!

I'm still using LXC, because Jitsi's videobridge service uses 9090/tcp by default, meaning that Cockpit, in default configuration, had to go.

$>cat ../.plan
I might revive Cockpit. But I'll probably try to get Splunk to serve my monitoring needs, along with Grafana: then it's CPD too.
Multipass is still in the mix, but falling by the wayside. I've picked up Docker now, because docker-splunk is just so simple and powerful. It's jumped my troubleshooting game an order of magnitude!
I'm looking at docker-vault now too, for an upcoming demo.
Oh, and docker-splunk has killed my desire to run any sort of Splunk cluster natively; I've got an All-In-One instance on the LAN, and that's enough, for playing.

I'm looking to replicate my Jitsi Meet dashboard, currently in Grafana, in Splunk, for CPD.

The Consul Engineering Team have released an official Grafana dashboard, backed by Prometheus. I want to translate this to one backed by InfluxDB; an engineer suggested that translating PromQL to IFQL is fairly straightforward.
I want to start monitoring the expiry dates of all the certificates I'm using in my environment.
Also re Consul, I want to get ACLs working in a professional manner:

So, more locked down than in my current runbook; and
In such a way that the associated tokens are automatically rotated.

Also re CPD, I'm considering going for Consul Associate. I'll hold off for a bit, though, as HashiCorp is in the middle of switching exam proctors, as I understand it.

§ Further info:

0xE94407F8 (or on Keybase)
$>^C notes
I'm usually on IRC these days, in:
- #ctrl-c, on our club's server;
- #splunk, on EFNet; and
- #ubuntu-uk, #terraform and #vault-tool, on freenode
- Or random rooms on matrix.org
My blog: stale, at the mo, but I'm hoping to get back to it
Old blog: 17-year archive
Let's play chess

Don't forget to check out our club!

This site is a proud member of the geekring! Check some other geeky websites!
Previous site -- Random site -- Next site

Aaron dead.
World wanderers, we have lost a wise elder.
Hackers for right, we are one down.
Parents all, we have lost a child.
Let us weep.

--Sir Tim Berners-Lee

RIP Aaron Swartz
1986 - 2013

Last modified: Tue Dec 22 15:50:13 BST 2020 — jlj@ctrl-c.club