From 4cec66fc135ebc93b0b14995d5a3e8b2a22869bc Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sun, 7 Jan 2024 21:16:37 -0600 Subject: [PATCH 1/6] sshca: Add machine IDs for nvr1, k8s-aarch64-n1 --- sshca/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sshca/secrets.yaml b/sshca/secrets.yaml index b3c0aed..91b968c 100644 --- a/sshca/secrets.yaml +++ b/sshca/secrets.yaml @@ -63,7 +63,7 @@ metadata: namespace: sshca spec: encryptedData: - machine-ids.json: AgCmwNtLiL3SbRthy7TIMcKtNWzo2Xm1uSpdyWAWSxLnuyfBDT7sgNn2ILma/bCW9zJe/EaPbbZDgeUbcob1YWLkm6gBEZ8UkA0z/Jgu9hyvVDFoicvDFcmpLiPviyUrak7mmioeOgshAKmHAILa5m1fWNjbzxy0UgkjrGPJA9GXF/g1BFerf/kp5qAkpk0zAONx3ToganSDL7wXj4Mz6x2bb4Nu4s6kdyWdaxyz3evOzvBcy9HRl9Yyq/sIjW/nSahrTs1iwtWDOqF7j5pLmUa5FBoD2hlPmDUCC2Sw5JhwDJd2KuTV811Sl4qk60xLrp6RLlbhrhq3XsRPsUJm/5F8s7kKr2KPtEZu24+uZ12w7DYxlkuEJSlRcH1g/BMc1SD4PDQ2UJK04uQN6RVZlkm8bBYKunMniX9btF4ECXNlgYe0jr7o1SHj862tSnx63GJ4LVnO6Q8ahuM5d9BqMduo+8gpLBVb8vV1pT0zDhLVDGAsDHZE7s8V84eDn83iqlIVaTkUyUt4UAVvRseXENk7s2wyTSf7hYEbVPfcoMfuYR//PQWlN1+iEHtwxU6wSYEBmAXEuS0HXUAVFo55XSQylLDZBERkP0xD1svVFUV062hfFy5sTWTgEciZItMqdX+2TFlPdojZUSj0hk0TsxnuKUBnZLDimKmMa/8e360s3t4b9q9TL4PutGbr57SFZvat5wRmDjq/YgPOtA8H1QV6U7CU5SjG2vKH7KXdoI4wGk84n+F6ECUBQ8pp8lxwlzjyIDzIYM8EEsWW3qc7EcZC7wsj1i+0MJAoauyTYQBpAu9OzwzVSpHlK4N6QNm7do0fpL8UsAX1EbdSxsLg7yWUTpNx02qiXhtLVt/csUGiokHapLxy+60b3kzHS5vpW5k= + machine-ids.json: AgCwbQ/AT8iRyTWAGbRNhr7EdPfk7dXkaiRkjEgMwHwE3fXBmfY+6i81N7h4sFRCHhfkmqWmArSHWRZTX1OMpakYaG69mardX5N99IpbOfNEGOlDH2mYAn1znjP72kVZ4JI+xz7FMs7BxjmMid4Kjil1GrHD5GA8Q3pLE1NLoztTrry/5JJoJHhhH/913V/ZLtaYY6Y3PO/toUqvNWNVf77JklZCST06beKKO2j9AqqsbegcnIEvKeENzRWIQDtY4vFoDKm2rPHfCRx251hMIeD2oPuZWMRkvTQT9Feuatqj5UrOZoIRquBJfPHMIvCKKuejCDyc4L/u5N7ZF4/v6VhG6WUtIKqA6TWf5X8Ol01tGn04N6ih1iGWl3tzpuXYQqXNY9WluOVeLj8plhO7NT+WabPd/MwDwy130fHI+eStMC3oBZjyKmz0SqXnOgcF3bzO1Jk1tZQZJl9VZaL17cQKdxRgJGn0L0KNVxb5lYugUPNYgm6UefKIFVaTtL/f8NXaOUqD9JfRMDdGGTg2QG2naPcu7XOqH51NvZqLMGUHZFmpnyM2eSu5bmw5s+HTRxcmPkLGU6Ju3NIG5VoeEAVMGHfHdMn1iFvFztMCR8lQUq4UYMJfSqcDDWEfw3BwgIeAlJJlfjRAOmcuBYX9Zag5rc5gII/f0zWiHMOsKBOYWr1VVH/m7Kt3T2/Nkui7knastPd8xpE/R4IcYdNYqNe+Dtp/eO5zhTzsSwDvq2TUQP+Seu+Ag+Bmn8I+EhEjHuDltiZMC2uwDfozPFTgGpG4pcOUykjoPgWgm9QUfAb0t4FKTcBot5gVdODlO3REFlmCzc3KhV4eWpbIc0Tt/R8dqw/70ggFwikTtXQ/uQKqG8YfUs8fyc+H/iIqjR7eBq2Vsfl7WrWrkVqKheBXg2XTS6cx8xODnrfiSn+n8d0AgUtzrJsCQ/rhCksjZu7+XEv/cdfqMKLI5UIX4ldaZqqR0l6J09zVDfb4ZpC+yqQZ9RHCkFtLwe99kSJpaYUqD8/BoRzjb/Vpec0YPf+rwPXafTDHd3fdaQMDQTOuh3VbBweiLC/hR/VAkgXUIjNHD1k/VA== template: metadata: name: sshca-data From 89516ebf55b452df6f608a4f0ea97ff35c521536 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sat, 13 Jan 2024 09:51:13 -0600 Subject: [PATCH 2/6] sshca: Add machine ID for nut0 --- sshca/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sshca/secrets.yaml b/sshca/secrets.yaml index 91b968c..4987130 100644 --- a/sshca/secrets.yaml +++ b/sshca/secrets.yaml @@ -63,7 +63,7 @@ metadata: namespace: sshca spec: encryptedData: - machine-ids.json: AgCwbQ/AT8iRyTWAGbRNhr7EdPfk7dXkaiRkjEgMwHwE3fXBmfY+6i81N7h4sFRCHhfkmqWmArSHWRZTX1OMpakYaG69mardX5N99IpbOfNEGOlDH2mYAn1znjP72kVZ4JI+xz7FMs7BxjmMid4Kjil1GrHD5GA8Q3pLE1NLoztTrry/5JJoJHhhH/913V/ZLtaYY6Y3PO/toUqvNWNVf77JklZCST06beKKO2j9AqqsbegcnIEvKeENzRWIQDtY4vFoDKm2rPHfCRx251hMIeD2oPuZWMRkvTQT9Feuatqj5UrOZoIRquBJfPHMIvCKKuejCDyc4L/u5N7ZF4/v6VhG6WUtIKqA6TWf5X8Ol01tGn04N6ih1iGWl3tzpuXYQqXNY9WluOVeLj8plhO7NT+WabPd/MwDwy130fHI+eStMC3oBZjyKmz0SqXnOgcF3bzO1Jk1tZQZJl9VZaL17cQKdxRgJGn0L0KNVxb5lYugUPNYgm6UefKIFVaTtL/f8NXaOUqD9JfRMDdGGTg2QG2naPcu7XOqH51NvZqLMGUHZFmpnyM2eSu5bmw5s+HTRxcmPkLGU6Ju3NIG5VoeEAVMGHfHdMn1iFvFztMCR8lQUq4UYMJfSqcDDWEfw3BwgIeAlJJlfjRAOmcuBYX9Zag5rc5gII/f0zWiHMOsKBOYWr1VVH/m7Kt3T2/Nkui7knastPd8xpE/R4IcYdNYqNe+Dtp/eO5zhTzsSwDvq2TUQP+Seu+Ag+Bmn8I+EhEjHuDltiZMC2uwDfozPFTgGpG4pcOUykjoPgWgm9QUfAb0t4FKTcBot5gVdODlO3REFlmCzc3KhV4eWpbIc0Tt/R8dqw/70ggFwikTtXQ/uQKqG8YfUs8fyc+H/iIqjR7eBq2Vsfl7WrWrkVqKheBXg2XTS6cx8xODnrfiSn+n8d0AgUtzrJsCQ/rhCksjZu7+XEv/cdfqMKLI5UIX4ldaZqqR0l6J09zVDfb4ZpC+yqQZ9RHCkFtLwe99kSJpaYUqD8/BoRzjb/Vpec0YPf+rwPXafTDHd3fdaQMDQTOuh3VbBweiLC/hR/VAkgXUIjNHD1k/VA== + machine-ids.json: AgBUC/qQazMFNaONhi4FsbFODHm4i0NYSLhFgAqkwKRHrpBu/5A6u/+z5JotFYuT8JOOoJzs0NF4M7PtOqumkgawTAn31NP0wAtSXfNVJrlRznX78tVRy/haHhK8CWddmnhBqqygVh6gTP5vtlNWGzVC9ONL82RPyLUAEReQwGICx+VRGSV2C3k178YAE2XQPQhGTGOa6KhO+uQwikThpUwk4qihzohnJ7L757fBZgJ3gsNGK1uATk2PyN2pZSuBZ3VU3pFyHStFqGceG5i8asas9+5bPnBMHlQXEvcYVcn5obfXHgy2RouIK5vkeTASmLpysuIZD17M3YnZobXSkJdn8wv/o+PD1CNM66mG2lB2kBKeCqpyKm2oEiVlX0GfM13cWDLA9FZmZS4wReUXgJijm5M73c6FWctGwGcXGe3cqPJh9O0NLYPssRtUL2LAwljGUQVLcRuCAxXVi/Aapk+aIPTZrwmtLXAcTRC0nzVjTQF+NNuv3u//t1JaSHXGmbV3ti3T5fZ5tiHbBZCLNKeYr8y9Xt7iUnf1jmTeGFD0+cY/+mzPv/o8SZA+7ASG3yq3ehoZTE6/RKC1T/DEZ2n1dMc7PTzecauPd+IotnY1zubq/V1uzyvkpihgEUEBdUzVlN+kvsAVqKmapLPOpr7U/98uJZ7afmIqgU3SLYLRMMhbmo1q5rdmX525yvGt2iQztbBNj/uou0qVHTvpMfbIOLrP0oJZ0wpeH0Q4QrDmHvMRCwKYfSkBwooiW2y9Y1mzOq+9GneuQfY9jkaSJ3R9JAUbLG6xF1O8gfbe1oZd47OuaPhOFsWQn07Du19i30a8BgeDMO9CXxHwtdhogG41eZlfUfh8bBnAjhw4T1wts5JdaAaFqwvGQrhrGOso9Ox8UsX7OWrHinCKQywetW1B7FMBvM2Q3GbsToVJW3H6WhT+CrbHqND96e+LrDazMJFzjpZ1UyRIVqAyGedXIqTqeZGMc7FELo7LZy3niafTOpJoTjRZ8quId/z8VXVUDENG9L1rdxvk4GiVNdxwlYE5ZKJEdRkjfrc87Y0Ue6Uxdyfl8+Cs5A4wnEFE1bb2HpP0D9ONAXZi8+gR09cp7ga2syuVZ/5xgo9R/5o7pWG8gkfRR9wlM6zc9JiwwKSCVYOVe9TFm21f8AFGDRdHVTEmQ0VUJJ3Y template: metadata: name: sshca-data From 539e25d9bda4921faed443cded19916737dae52c Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sat, 6 Jan 2024 13:59:00 -0600 Subject: [PATCH 3/6] v-m/vmagent: Scrape public clouds to test Internet Scraping the public DNS servers doesn't work anymore since the firewall routes traffic through Mullvad. Pinging public cloud providers should give a pretty decent indication of Internet connectivity. It will also serve as a benchmark for the local DNS performance, since the names will have to be resolved. --- victoria-metrics/blackbox.yml | 2 ++ victoria-metrics/scrape.yml | 7 ++++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/victoria-metrics/blackbox.yml b/victoria-metrics/blackbox.yml index edb21d5..08dfec1 100644 --- a/victoria-metrics/blackbox.yml +++ b/victoria-metrics/blackbox.yml @@ -26,6 +26,8 @@ modules: icmp: prober: icmp timeout: 5s + icmp: + preferred_ip_protocol: ip4 smtp: prober: tcp tcp: diff --git a/victoria-metrics/scrape.yml b/victoria-metrics/scrape.yml index 22aa3bf..54bca58 100644 --- a/victoria-metrics/scrape.yml +++ b/victoria-metrics/scrape.yml @@ -22,9 +22,10 @@ scrape_configs: - icmp static_configs: - targets: - - 1.1.1.1 - - 8.8.8.8 - - 9.9.9.9 + - github.com + - cloudflare.com + - amazonaws.com + - azure.com relabel_configs: - source_labels: [__address__] target_label: __param_target From 278be05121c9074e04d80955d7aa1309afee3f78 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sat, 6 Jan 2024 14:13:00 -0600 Subject: [PATCH 4/6] v-m/blackbox: Switch to upstream container image I found the official container image for Prometheus Blackbox exporter. It is hosted on Quay, which is why I didn't see it on Docker Hub when I looked initially. --- victoria-metrics/blackbox-exporter.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/victoria-metrics/blackbox-exporter.yaml b/victoria-metrics/blackbox-exporter.yaml index 3568cea..61877a7 100644 --- a/victoria-metrics/blackbox-exporter.yaml +++ b/victoria-metrics/blackbox-exporter.yaml @@ -34,7 +34,7 @@ spec: spec: containers: - name: blackbox-exporter - image: docker.io/bitnami/blackbox-exporter:0.24.0 + image: quay.io/prometheus/blackbox-exporter:v0.24.0 args: - --config.file=/etc/blackbox-exporter/blackbox.yml ports: @@ -52,7 +52,6 @@ spec: failureThreshold: 30 timeoutSeconds: 1 securityContext: - runAsNonRoot: true readOnlyRootFilesystem: true volumeMounts: - mountPath: /etc/blackbox-exporter @@ -63,6 +62,8 @@ spec: subPath: tmp securityContext: runAsNonRoot: true + runAsUser: 1422 + runAsGroup: 1422 sysctls: - name: net.ipv4.ping_group_range value: 0 65536 From 90b293d5c8c12d58a68c98fc3378f82cd27ebc6c Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sat, 6 Jan 2024 15:14:00 -0600 Subject: [PATCH 5/6] v-m/vmagent: Scrape k8s-amd64-n3 --- victoria-metrics/scrape.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/victoria-metrics/scrape.yml b/victoria-metrics/scrape.yml index 54bca58..366ab57 100644 --- a/victoria-metrics/scrape.yml +++ b/victoria-metrics/scrape.yml @@ -71,6 +71,7 @@ scrape_configs: - gw1.pyrocufflink.blue - k8s-aarch64-n0.pyrocufflink.blue - k8s-aarch64-n1.pyrocufflink.blue + - k8s-amd64-n3.pyrocufflink.blue - nvr1.pyrocufflink.blue - vmhost0.pyrocufflink.blue - vmhost1.pyrocufflink.blue @@ -268,6 +269,7 @@ scrape_configs: - targets: - k8s-aarch64-n0.pyrocufflink.blue - k8s-aarch64-n1.pyrocufflink.blue + - k8s-amd64-n3.pyrocufflink.blue - nvr1.pyrocufflink.blue relabel_configs: - source_labels: [__address__] From 51775ede81489b286588445b12ff80f6ac4d0819 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Mon, 15 Jan 2024 18:46:46 -0600 Subject: [PATCH 6/6] v-m/vmagent: Scrape nut0 *nut0.pyrocufflink.blue* is the new UPS monitor server. It runs Fedora CoreOS, with NUT in a container. --- victoria-metrics/scrape.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/victoria-metrics/scrape.yml b/victoria-metrics/scrape.yml index 366ab57..21dde17 100644 --- a/victoria-metrics/scrape.yml +++ b/victoria-metrics/scrape.yml @@ -72,6 +72,7 @@ scrape_configs: - k8s-aarch64-n0.pyrocufflink.blue - k8s-aarch64-n1.pyrocufflink.blue - k8s-amd64-n3.pyrocufflink.blue + - nut0.pyrocufflink.blue - nvr1.pyrocufflink.blue - vmhost0.pyrocufflink.blue - vmhost1.pyrocufflink.blue @@ -270,6 +271,7 @@ scrape_configs: - k8s-aarch64-n0.pyrocufflink.blue - k8s-aarch64-n1.pyrocufflink.blue - k8s-amd64-n3.pyrocufflink.blue + - nut0.pyrocufflink.blue - nvr1.pyrocufflink.blue relabel_configs: - source_labels: [__address__]