Home ¦ Posts ¦ Books ¦ Articles ¦ Talks ¦ Notes > Category: infrastructure ¦ Atom

Posts on infrastructure

Notes on using Cloudflare DNS over HTTPS

I recently learned about Cloudflare's 1.1.1.1 DNS service. One of the more interesting things that caught my attention there was DNS over HTTPS. That is, we can do this:

22:27 $ http 'https://cloudflare-dns.com/dns-query?ct=application/dns-json&name=echorand.
me'
HTTP/1.1 200 OK …

Setting up AWS EC2 Assume Role with Terraform

In this post, we will see how we can implement the AWS assume role functionality which allows an IAM role to be able to obtain temporary credentials to access a resource otherwise only accessible by another IAM role. We will implement the infrastructure changes using Terraform and see how to …


Doing something before systemd shuts your supervisord down

If you are running your server applications via supervisord on a Linux distro running systemd, you may find this post useful.

Problem Scenario

An example scenario to help us establish the utility for this post is as follows:

  • systemd starts the shutdown process
  • systemd stops supervisord
  • supervisord stops your processes …

Tip: Terraform and AWS Security Group rules in EC2 classic

When using Terraform's aws_security_group_rule with EC2 classic, you may get an error saying that the source security group doesn't exist, even though it does. That's probably because you (like me and others) used the source security group ID and not the security group name, like so:

resource "aws_security_group_rule" "my_sg_rule" {
  type …

Brief overview of using consul tags

consul allows a service to associate itself with tags. These are arbitrary metadata that can be associated with the service and can be used for different purposes. Below I outline a few examples of making use of tags and discuss some related topics.

Use case #1: Dedicated service instances based …


Add an additional host entry to docker container

Problem

Let's say a program in a container should be able to resolve a custom hostname.

Solution

When using docker run:

$ sudo docker run --add-host myhost.name:127.0.0.1 -ti python bash
Unable to find image 'python:latest' locally
latest: Pulling from library/python
Digest: sha256:eb20fd0c13d2c57fb602572f27f05f7f1e87f606045175c108a7da1af967313e
Status …

User-defined networks in Docker for inter-container communication

Problem

Let's say a program in a container wants to communicate with a service running in another docker container on the same host. The current recommended approach to do so is using a user-defined network and avoid using links.

Solution

Docker user defined network

Create an user-defined network and run both (or as many …


Data only Docker containers

In this post, we shall take a look at the idea of data only containers - containers whose sole purpose is to exist on the docker host so that other containers can have portable access to a persistent data volume.

Why do we need a persistent data volume?

We will experiment …


Mounting a docker volume on SELinux enabled host

My workflow with docker usually involves volume mounting a host directory so that I can read and write to the host directory from my container as a non-root user. On a Fedora 23 host with SELinux enabled, this is what I have to do differently:

Use: -v /var/dir1:var …

© Amit Saha. Built using Pelican. Customised theme based on the one by Giulio Fidente on github.