[{"content":"","date":"May 1 2024","externalUrl":null,"permalink":"/","section":"Alberto Olvera","summary":"","title":"Alberto Olvera","type":"page"},{"content":"","date":"May 1 2024","externalUrl":null,"permalink":"/posts/","section":"Posts","summary":"","title":"Posts","type":"posts"},{"content":"","date":"April 14 2024","externalUrl":null,"permalink":"/tags/home-lab/","section":"Tags","summary":"","title":"Home Lab","type":"tags"},{"content":"This blog post will guide you through setting up a monitoring system for your Proxmox cluster using Prometheus and Grafana. By implementing this solution, you\u0026rsquo;ll gain valuable insights into the health and performance of your Proxmox environment, allowing you to identify potential issues before they escalate and optimize resource allocation for your virtual machines and containers.\nWho should follow this guide?\nThis guide is ideal for those who are already comfortable with Proxmox and want to add a monitoring layer to their setup. Basic understanding of Linux concepts and familiarity with navigating the command line will be helpful.\nThe setup # I\u0026rsquo;m going to setup my monitoring in a way that I don\u0026rsquo;t have to install anything on my Proxmox nodes. Instead, I will install the complete monitoring stack on one of the VMs running in my cluster. Like in the following diagram, I\u0026rsquo;ll have an AlmaLinux server running in my cluster that will host the following:\nPrometheus Server Grafana Prometheus VE Exporter flowchart LR; PV1[PVE1]--\u003ePE[PVE Exporter]; subgraph ide1 [AlmaLinux VM] PE[PVE Exporter]--\u003ePS[Prometheus Server] --\u003e G[Grafana] end PV2[PVE2]--\u003ePE PV3[PVE3]--\u003ePE; PV4[PVE4]--\u003ePE; style ide1 fill:#888 stroke:#000,stroke-width:4px,stroke-dasharray: 5 5 Security Considerations:\nWhile the guide demonstrates the configuration process, it\u0026rsquo;s important to note that the example uses a weak password for Prometheus. In a real environment, always choose a strong and unique password to protect your monitoring setup. Introducing the Tools: # Prometheus: # An open-source monitoring system that acts like a central collector, scraping metrics from various sources like Proxmox VE at regular intervals and storing them in a time-series database.\nGrafana: # An open-source platform for visualizing data. It allows you to create interactive dashboards that display the metrics collected by Prometheus, making it easy to understand resource utilization, identify trends, and troubleshoot issues.\nWith a combination of this two tools in your Proxmox cluster you can have the following benefits:\nEnhanced Visibility: Gain real-time insights into your Proxmox VE performance, including CPU, memory, storage, and network usage. Proactive Problem Detection: Identify potential issues before they escalate, allowing you to take preventive action. Improved Resource Management: Optimize resource allocation for your virtual machines and containers based on actual usage data. Informed Decision Making: Gain data-driven insights to make informed choices about scaling your Proxmox VE infrastructure. Setting Up Monitoring # Prometheus # Installation # There are many options to install, I\u0026rsquo;ll use one of the official precompiled binaries provided on their dowloads page\nSo I\u0026rsquo;ll just download their tar file and extract the downloaded file with the following command.\ntar xfvz prometheus.tar.gz -C prometheus First, add a new user specific for Prometheus usage\nsudo useradd --no-create-home --shell /bin/false prometheus Create the required directories for Prometheus and change the ownership for them\nsudo mkdir /etc/prometheus sudo mkdir /var/lib/prometheus sudo chown prometheus:prometheus /etc/prometheus sudo chown prometheus:prometheus /var/lib/prometheus Begin by copying the essential Prometheus tools (prometheus and promtool) to their designated locations:\ncp prometheus/prometheus /usr/local/bin/ cp prometheus/promtool /usr/local/bin/ Ensure the Prometheus user owns these binaries for proper execution:\nchown prometheus:prometheus /usr/local/bin/prometheus chown prometheus:prometheus /usr/local/bin/promtool Configuration # Use a text editor, (in the case of AlmaLinux, vi comes preinstalled) to create the Prometheus configuration file:\nvi /etc/prometheus/prometheus.yml Add configuration: Paste the following configuration details into the file:\nglobal: scrape_interval: 10s scrape_configs: - job_name: \u0026#34;prometheus\u0026#34; scrape_interval: 5s static_configs: - targets: [\u0026#34;localhost:9090\u0026#34;] This configuration defines the scraping interval (how often Prometheus collects data) and sets up a job to scrape metrics from the Prometheus server itself (localhost:9090). Save and adjust ownership: Once you\u0026rsquo;ve added the configuration, save the file and ensure the Prometheus user owns it:\nsudo chown prometheus:prometheus /etc/prometheus/prometheus.yml Set Prometheus as a Linux service # Since I want to monitor my cluster anytime, I\u0026rsquo;ll setup the Prometheus server as a Linux Service using Systemd:\nAdd this to the file /etc/systemd/system/prometheus.service\n[Unit] Description=Prometheus Wants=network-online.target After=network-online.target [Service] User=prometheus Group=prometheus Type=simple ExecStart=/usr/local/bin/prometheus \\ --config.file /etc/prometheus/prometheus.yml \\ --storage.tsdb.path /var/lib/prometheus/ \\ --web.console.templates=/etc/prometheus/consoles \\ --web.console.libraries=/etc/prometheus/console_libraries [Install] WantedBy=multi-user.target Apply Changes and Verify Status\nReload systemd: After saving the Prometheus configuration, inform systemd about the changes using:\nsudo systemctl daemon-reload Start Prometheus: Finally, initiate the Prometheus service:\nsudo systemctl start prometheus sudo systemctl enable prometheus Verify Status: To confirm whether Prometheus is running successfully, check its status with:\nsudo systemctl status prometheus By now, you should have Prometheus running in your VM and accesible from the web UI on the port 9090.\nGrafana # Installation # In the case of the Grafana installation, I\u0026rsquo;m going to use the default package manager to install the OSS version of Grafana:\nsudo dnf install grafana Once installation is complete, initiate and enable the Grafana server using these commands:\nsudo systemctl start grafana-server sudo systemctl enable grafana-server The first command starts the service immediately, while the second ensures it starts automatically on system boot.\nConfirm that Grafana is running successfully:\nsudo systemctl status grafana-server Configuration # Web interface access: With Grafana running, you can access its web interface at http://\u0026lt;VM IP address\u0026gt;:3000 in your web browser.\nInitial login: The default credentials are username: \u0026lsquo;admin\u0026rsquo; and password: \u0026lsquo;admin\u0026rsquo;. You\u0026rsquo;ll be prompted to change the password upon first login for security reasons.\nAdvanced configuration (optional): For further configuration (e.g., email alerts or port changes), edit the /etc/grafana/grafana.ini file using any text editor :\nsudo vi /etc/grafana/grafana.ini Make any necessary adjustments within the file and save your changes.\nPrometheus VE Exporter # We\u0026rsquo;ll use the Prometheus-pve-exporter to send the metrics from our clusters to our Prometheus Server and from that to grafana\nInstallation # Make sure venv is installed (i.e. apt install python3-venv), then prepare a new env for the PVE Exporter:\npython3 -m venv /opt/prometheus-pve-exporter Install PVE Exporter into the new env:\n/opt/prometheus-pve-exporter/bin/pip install prometheus-pve-exporter Configuration # Previous to running the exporter, we need to create a Proxmox user that the exporter will use to scrape the metrics. Create a new user under the Datacenter -\u0026gt; Users section. Fill in the user name, set realm to Proxmox VE authentication \u0026amp; give it your password. Create the promexporter user on your Proxmox cluster Go back to the Permissions. Set the path to \u0026lsquo;/\u0026rsquo; and select your user. Give it the PVE Auditor role. Add the PVE Auditor role to the new user Next, create a configuration file for the exporter: /etc/prometheus/pve.yml In this file you need to specify the user details from the promexporter user we just created and we\u0026rsquo;ll add a flag to skip the verification from the Proxmox cluster:\ndefault: user: promexporter@pve password: supersecretpassword verify_ssl: false PVE exporter as Linux Service # Since I want to monitor my cluster anytime, I\u0026rsquo;ll setup the PVE exporter as a Linux Service using Systemd:\nAdd this to the file /etc/systemd/system/prometheus-pve-exporter.service\n[Unit] Description=Prometheus exporter for Proxmox VE Documentation=https://github.com/znerol/prometheus-pve-exporter [Service] Restart=always User=prometheus ExecStart=/opt/prometheus-pve-exporter/bin/pve_exporter /etc/prometheus/pve.yml [Install] WantedBy=multi-user.target Apply Changes and Verify Status\nReload systemd: After saving the exporter configuration, inform systemd about the changes using:\nsudo systemctl daemon-reload Start the service: Finally, initiate the PVE exporter service:\nsudo systemctl start prometheus-pve-exporter sudo systemctl enable prometheus-pve-exporter Verify Status: To confirm whether the Exporter is running successfully, check its status with:\nsudo systemctl status prometheus-pve-exporter By now, you should have the exporter running in your VM and its metrics accesible from the web UI on the port 9221.\nYou can access the metrics with curl: Associating Prometheus with the PVE exporter # Now, we need to configure the Prometheus server to collect the metrics exposed by the Proxmox PVE Exporter. To do this we need to edit the Prometheus config file /etc/prometheus/prometheus.yml\nglobal: scrape_interval: 10s scrape_configs: - job_name: \u0026#34;prometheus\u0026#34; scrape_interval: 5s static_configs: - targets: [\u0026#34;localhost:9090\u0026#34;] - job_name: \u0026#34;pve\u0026#34; static_configs: - targets: - \u0026lt;IP of node 1\u0026gt; # pve1 - \u0026lt;IP of node 2\u0026gt; # pve2 metrics_path: /pve params: module: [default] cluster: [\u0026#34;1\u0026#34;] node: [\u0026#34;1\u0026#34;] relabel_configs: - source_labels: [__address__] target_label: __param_target - source_labels: [__param_target] target_label: instance - target_label: __address__ replacement: \u0026lt;IP from the VM where the exporter is installed\u0026gt;:9221 If everyting is correct, by now you should have the metrics from the Proxmox cluster accesible from your browser:\nIf for some reason you cannot reach any of the addresses we\u0026rsquo;ve gone trough, I\u0026rsquo;d recommend you check your network configuration, in a previous post I talked about how the firewall config from my AlmaLinux server stopped me from accessing these sites on my local computer. AlmaLinux Administration Basics - Firewalld 3 mins Home Lab CLI Linux Admin Visualizing Proxmox metrics from Grafana # Once you\u0026rsquo;ve set up Prometheus and Grafana, the next step is to connect them so Grafana can visualize the metrics collected by Prometheus. Here\u0026rsquo;s how to achieve this:\nAdd Prometheus as a Data Source in Grafana:\nOpen the Grafana web interface in your browser Login using your credentials On the left sidebar, click the configuration cogwheel icon and select \u0026ldquo;Data Sources\u0026rdquo;. Click \u0026ldquo;Add data source\u0026rdquo;. Choose \u0026ldquo;Prometheus\u0026rdquo; as the type. In the \u0026ldquo;URL\u0026rdquo; field, enter the address of your Prometheus server. If Prometheus is running on the same machine as Grafana, you can use http://\u0026lt;Prometheus Server IP\u0026gt;:9090. Click \u0026ldquo;Save \u0026amp; Test\u0026rdquo; to verify the connection. If successful, you\u0026rsquo;ll see a message confirming connectivity. Explore and Visualize Metrics:\nThe fastest way to utilize the metrics is to export a great dashboard that is available to the public.\nThis dashboard can be imported to our Grafana server and will come preconfigured with helpful charts and tables from our cluster, which will look like this:\nBy now, you should be able to explore the dashboard and start monitoring your home lab, this will allow you to gain valuable insights into your Proxmox VE health and performance.\nThank you for reading!\n","date":"April 14 2024","externalUrl":null,"permalink":"/posts/20240414-prometheus-proxmox/","section":"Posts","summary":"This entry will walk you through the setup of Proxmox Monitoring using Prometheus and Grafana","title":"Monitoring your Proxmox cluster with Prometheus and Grafana","type":"posts"},{"content":"","date":"April 14 2024","externalUrl":null,"permalink":"/tags/proxmox/","section":"Tags","summary":"","title":"Proxmox","type":"tags"},{"content":"","date":"April 14 2024","externalUrl":null,"permalink":"/tags/","section":"Tags","summary":"","title":"Tags","type":"tags"},{"content":"","date":"February 4 2024","externalUrl":null,"permalink":"/series/almalinux-administration-basics/","section":"Series","summary":"","title":"AlmaLinux Administration Basics","type":"series"},{"content":"Welcome home lab enthusiasts! On this entry I\u0026rsquo;ll share a small guide to manage the firewall rules in an AlmaLinux environment. As seen on previous entries, this series covers bits that I had to learn by running my own Home Lab running on Proxmox.\nFirewalld, the default firewall in RHEL based distributions, it was meant as a replacement for iptables introduced in 2011. At its core, firewalld acts as a security gatekeeper, controlling incoming and outgoing network traffic.\nWhile it comes pre-enabled with a secure default configuration, you might need to open specific ports to allow essential services to function correctly.\nFor instance, when encountering issues with exporting node metrics on my VMs, I looked around my Proxmox and network configurations, only to discover that the issue was the traffic being blocked from the VM itself.\nIf you are on a similar situation, this guide will help you with the following:\nAllowing ports or services through the firewall: Grant access to incoming connections for your chosen services. Applying firewall rules: Activate changes made to firewall configurations. Checking open ports and services: Maintain awareness of currently accessible ports and services. Managing opened ports: Revoke access when a service is no longer required. Understanding Firewall Ports and Zones # Firewalld utilizes zones to categorize network interfaces and manage traffic flow accordingly. Your home lab network interface likely belongs to the \u0026ldquo;public\u0026rdquo; zone, which handles internet-facing traffic.\nGenerally, the default rule of a firewall is to deny everything and only allow specific exceptions to pass through for needed services. You can add rules to this zone to control incoming traffic from the internet. There are two primary methods for opening ports:\nBy Service: This is the preferred approach as it automatically opens the relevant port number associated with a service. For instance, the following command allows HTTP traffic on port 80.\nfirewall-cmd --zone=public --add-service=http --permanent By Port Number: Use this method if there\u0026rsquo;s no corresponding service for the port you want to open. The following command opens port 8080 for TCP connections:\nfirewall-cmd --zone=public --add-port=8080/tcp --permanent Essential Firewall Management Commands # Listing Open Services and Ports: Display active services with open ports\nfirewall-cmd --zone=public --list-services Display open ports regardless of associated service\nfirewall-cmd --zone=public --list-ports Reloading Firewall: This will activate any permanent changes made on the firewall Rules\nfirewall-cmd --reload Viewing All Firewall Rules: This provides a comprehensive view of your firewall configuration\nfirewall-cmd --list-all Closing a Port: Removes the HTTPS rule from the firewall\nfirewall-cmd --zone=public --permanent --remove-service=HTTPS Common Ports and Firewall Commands for Home Lab Services # These are some helpful commands to open ports for essential services you might use in your home lab environment:\n# Allow HTTP through firewall firewall-cmd --zone=public --add-service=http --permanent # Allow HTTPS through firewall firewall-cmd --zone=public --add-service=https --permanent # Allow MySQL through firewall firewall-cmd --zone=public --add-service=mysql --permanent # Allow SSH through firewall (assuming it\u0026#39;s not already open) firewall-cmd --zone=public --add-service=ssh --permanent # Allow DNS through firewall firewall-cmd --zone=public --add-service=dns --permanent # Allow PostgreSQL through firewall firewall-cmd --zone=public --add-service=postgresql --permanent # Allow telnet through firewall firewall-cmd --zone=public --add-service=telnet --permanent Security Considerations When Opening ports # Always prioritize security when managing your firewall. Only open ports for services you genuinely need and actively use in your home lab. Here are some additional security best practices to consider:\nMinimize Exposed Ports: Only open the specific ports required for a service to function. Avoid opening entire port ranges. Strong Passwords: Enforce strong passwords for all services that require authentication, especially for remotely accessible services. Keep Software Updated: Regularly update your AlmaLinux system and applications to address security vulnerabilities. Monitor Firewall Logs: Regularly review your firewall logs for suspicious activity that might indicate unauthorized access attempts. By following these steps and understanding firewall rules, you can effectively manage incoming traffic in your AlmaLinux home lab.\n","date":"February 4 2024","externalUrl":null,"permalink":"/posts/20240203-almalinux-3/","section":"Posts","summary":"A short guide to manage ports on your AlmaLinux setup","title":"AlmaLinux Administration Basics - Firewalld","type":"posts"},{"content":"","date":"February 4 2024","externalUrl":null,"permalink":"/tags/cli/","section":"Tags","summary":"","title":"CLI","type":"tags"},{"content":"","date":"February 4 2024","externalUrl":null,"permalink":"/tags/linux-admin/","section":"Tags","summary":"","title":"Linux Admin","type":"tags"},{"content":"","date":"February 4 2024","externalUrl":null,"permalink":"/series/","section":"Series","summary":"","title":"Series","type":"series"},{"content":" Granting Sudo Privileges on AlmaLinux 9.2 # Empower users in your home lab with sudo access! This guide walks you through adding a user with administrative privileges on AlmaLinux 9.2.\nNon-Sudo Users: # For users who don\u0026rsquo;t require administrative privileges, simply follow steps 1 and 2 below. These users will have basic access to the system but won\u0026rsquo;t be able to execute commands with sudo.\nWhy Sudo Users? # Sudo allows authorized users to execute commands with elevated permissions, crucial for managing your server effectively.\nSteps: # Create a New User:\nOpen a terminal and run:\nsudo useradd myuser Replace \u0026ldquo;myuser\u0026rdquo; with your desired username.\nSet a Strong Password:\nUse the passwd command followed by the username:\npasswd myuser Enter and confirm a strong password for the user. Here are some strong password practices:\nLength: Use a password with at least 12 characters. Complexity: Combine uppercase and lowercase letters, numbers, and symbols. Uniqueness: Avoid using the same password for multiple accounts. Password Managers: Consider using a password manager to generate and store strong, unique passwords for all your accounts. Grant Sudo Access:\nLinux uses groups to manage permissions. The \u0026ldquo;wheel\u0026rdquo; group has sudo access by default. Let\u0026rsquo;s add \u0026ldquo;myuser\u0026rdquo; to the \u0026ldquo;wheel\u0026rdquo; group:\nsudo usermod -aG wheel myuser Verify Sudo Access (Optional):\nSwitch to the new user:\nsu - myuser Try running a command with sudo:\nsudo ls /root If prompted for the user\u0026rsquo;s password and the command executes, sudo access is granted.\nService Accounts vs. User Accounts # So far, we\u0026rsquo;ve discussed user accounts, which are for human users who log in and interact with the system. There\u0026rsquo;s another type of account: the service account.\nService Accounts: # These accounts are used by programs or services running on your system. They provide a secure way for these programs to access resources without requiring human intervention or a traditional user login. Service accounts often have specific permissions assigned to them, allowing them to perform limited tasks.\nUser Accounts vs. Service Accounts: # The key difference is that user accounts are for human users, while service accounts are for automated tasks. Furthermore, service accounts often don\u0026rsquo;t have a login shell like users do, in certain distributions, they have /usr/sbin/nologin as login shell.\nUser accounts typically have more privileges and require a password for login, while service accounts are designed for secure programmatic access with limited permissions.\nSecurity First! # Here are some key security practices to follow when managing users and permissions on your AlmaLinux server:\nPrinciple of Least Privilege: Grant users only the minimum permissions they need to perform their tasks. This minimizes the damage if a user account is compromised. Strong Password Policies: Enforce strong password requirements as mentioned previously. Consider using a password manager and avoid sharing passwords. Disable Root Login: For enhanced security, disable direct root login via SSH. Use sudo for administrative tasks when necessary. Regular Updates: Keep your system software and packages updated to address security vulnerabilities. Monitor System Activity: Regularly review system logs for suspicious activity. By following these security best practices, you can minimize the risk of unauthorized access and keep your AlmaLinux server secure.\nNow you have a dedicated sudo user for managing your AlmaLinux server, separate non-privileged users for everyday tasks, and an understanding of service accounts for automated processes!\nRemember, responsible permission management and strong security practices are key to maintaining a secure and stable system. ","date":"February 2 2024","externalUrl":null,"permalink":"/posts/20240202-almalinux-2/","section":"Posts","summary":"This entry guides users through creating a new user, setting a password, and granting sudo access","title":"AlmaLinux Administration Basics - Users","type":"posts"},{"content":"","date":"1 February 2024","externalUrl":null,"permalink":"/es/series/administraci%C3%B3n-de-almalinux/","section":"Series","summary":"","title":"Administración De AlmaLinux","type":"series"},{"content":"Welcome to the first installment of our series on running Alma Linux for your home lab server needs! Whether you\u0026rsquo;re a seasoned Linux user or just starting your journey, a home lab is a fantastic way to experiment, learn new skills, and host your own personal services. Alma Linux, a stable and community-driven Red Hat Enterprise Linux (RHEL) fork, provides a robust foundation for building your home lab environment.\nWhy Alma Linux? # There are several reasons why Alma Linux is a great choice for home labs:\nStability: Based on RHEL, Alma Linux inherits its renowned stability and focus on long-term support. This ensures your servers run smoothly and receive security updates for an extended period. Familiarity: If you plan to pursue Red Hat certifications or work in RHEL environments, Alma Linux offers a familiar experience that translates directly to those settings. Community-Driven: Backed by a strong community, Alma Linux offers ample resources and support to help you navigate any challenges. Installation with Proxmox # Since I\u0026rsquo;m utilizing a Proxmox cluster, I\u0026rsquo;ll cover its installation on a setup similar to mine.\nGrab the desired Alma Linux version, I downloaded their ISO from their official downloads site. Within the proxmox web interface, create a new VM. Allocate desired CPU cores, memory, and storage resources. When booting up the new VM, Alma Linux will guide us through its installation on a nice GUI, here you can select the language of the installaton and settings like the root password. During Alma Linux installation, configure settings like language and encryption, then choose additional software based on your preferred base environment. In this guide, we have chosen to go with the Server selection. Feel free to select your preferred environment and select any additional components from the right panel. Once you are happy with your selections, hit the ‘Done’ button to go back. Basic Administration Essentials # Once you have Alma Linux installed, let\u0026rsquo;s explore some fundamental administration tasks:\nCommand Line Interface (CLI): The CLI, also known as the terminal, is your primary tool for interacting with Alma Linux. Familiarize yourself with basic navigation commands like cd (change directory), ls (list directory contents), and man (access manual pages for commands). Package Management: Alma Linux uses the RPM package manager (dnf). Learn how to install, update, and remove packages using commands like dnf install \u0026lt;package_name\u0026gt;, dnf update, and dnf remove \u0026lt;package_name\u0026gt;. User Management: Create and manage user accounts for accessing your server. Use the useradd, passwd, and userdel commands to add, set passwords for, and delete users, respectively. Remember, the root user account is powerful, so exercise caution when using it. Firewall Management: The firewall controls incoming and outgoing network traffic. Tools like firewall-cmd allow you to configure firewall rules to secure your server. Learning Resources # This is just a taste of the exciting world of Alma Linux administration. Here are some resources to deepen your knowledge:\nAlma Linux Documentation: https://wiki.almalinux.org/ Red Hat System Administration Guide: https://www.redhat.com/en/services/certification/rhcsa (While not Alma Linux specific, offers valuable insights into RHEL administration) Online Tutorials: Numerous online tutorials and courses cater to all experience levels. Looking Ahead # In the next part of our series, we\u0026rsquo;ll delve into specific server applications you can deploy on your Alma Linux home lab, along with configuration and management details. Stay tuned to explore the potential of your home lab environment!\n","date":"February 1 2024","externalUrl":null,"permalink":"/posts/20240201-almalinux-1/","section":"Posts","summary":"We explore why Alma Linux is a great choice and how to get started","title":"AlmaLinux Administration Basics - Installation","type":"posts"},{"content":"","date":"May 14 2023","externalUrl":null,"permalink":"/tags/azure/","section":"Tags","summary":"","title":"Azure","type":"tags"},{"content":"","date":"May 14 2023","externalUrl":null,"permalink":"/tags/containers/","section":"Tags","summary":"","title":"Containers","type":"tags"},{"content":"In the world of cloud computing, we constantly strive for efficient and agile application deployment. Virtual machines (VMs) have long been the workhorse, but they can be cumbersome. Enter containers: a lighter-weight alternative that streamlines application delivery.\nThis blog post unpacks the fundamentals of containerization, exploring its benefits and how it integrates with Azure services like Azure Container Registry (ACR) and Azure Container Instances (ACI).\nVirtual Machines vs. Containers\nThink of VMs as self-contained computers running within a physical machine. Each VM has its own operating system (OS), consuming resources even when applications are idle. This can lead to maintenance overhead and slow deployments.\nContainers, on the other hand, share the host machine\u0026rsquo;s OS. They package an application with all its dependencies into a single unit, making them portable and efficient. This translates to faster deployments and a smaller footprint.\nBenefits of Containers\nPortability: Containers run seamlessly across different environments, whether on-premises, in the cloud, or on a laptop. Scalability: Easily scale applications up or down by adding or removing containers. Agility: Faster deployments and rollbacks due to the lightweight nature of containers. Resource Efficiency: Containers share the host OS, minimizing resource consumption. Building and Running Containers with Docker\nDocker is a popular tool for building, managing, and running containers. A Dockerfile specifies the instructions to create a container image, essentially a blueprint for your application.\nHere\u0026rsquo;s a simplified breakdown of a Dockerfile structure:\nBase Image: Define the base OS image using the FROM instruction. Environment Variables: Configure environment variables specific to your application. Working Directory: Create a directory for your application using RUN mkdir and set it as the working directory with WORKDIR. Application Binaries: Copy the application binaries into the container using COPY. Scripts: Copy and run any necessary scripts using RUN and specifying the shell environment. Expose Ports: Expose the application\u0026rsquo;s port using the EXPOSE command. Entrypoint: Define the startup command using the ENTRYPOINT instruction. Once the Dockerfile is created, use the docker build command to build the container image.\nAzure Container Registry (ACR)\nACR is a managed Docker registry service that simplifies storing and managing container images. It integrates seamlessly with your CI/CD pipeline, automating the build, test, and push process for container images.\nACR uses Azure Active Directory (AAD) for authentication, ensuring secure access. You can also leverage Role-Based Access Control (RBAC) to define permissions for users and tools.\nAzure Container Instances (ACI)\nACI is a serverless container deployment platform. You can deploy containerized applications without managing the underlying infrastructure. ACI supports both Windows and Linux containers and allows you to specify resource requirements like CPU and memory.\nFor persistent storage, you can integrate Azure Files with ACI. ACI also offers policies to define container restart behavior in case of application failures.\nKey Takeaway\nContainers offer a powerful and efficient way to package and deploy applications. By leveraging Azure services like ACR and ACI, cloud consultants can streamline containerized application development and deployment in the Azure cloud.\nRemember: While this blog post focuses on Azure container services, the core concepts of containers and Docker are applicable across different cloud providers.\n","date":"May 14 2023","externalUrl":null,"permalink":"/posts/202305-containers/","section":"Posts","summary":"Exploring Containers in Azure","title":"Containers 101: A Cloud Consultant's Guide","type":"posts"},{"content":"","date":"February 10 2023","externalUrl":null,"permalink":"/tags/networking/","section":"Tags","summary":"","title":"Networking","type":"tags"},{"content":"This post dives into the essential services that make your network tick: DNS, DHCP, and proxies. Understanding these services empowers you to manage your home lab with confidence and optimize its performance.\nDNS: The Address Book of the Internet # Imagine the internet without domain names like google.com DNS (Domain Name System) acts as the internet\u0026rsquo;s address book, translating user-friendly domain names into numerical IP addresses that computers understand. Here\u0026rsquo;s a breakdown of the key DNS components:\nDNS Servers: These are the workhorses of DNS. There are several types:\nCaching Servers: Provided by your ISP or local network, these store recent lookups to speed up future requests. Recursive Servers: Also from your ISP or local network, these perform full resolution if the answer isn\u0026rsquo;t in the cache. Root Servers: The foundation of the DNS hierarchy, these 13 servers direct requests to the appropriate TLD server. TLD Servers: Manage top-level domains like \u0026ldquo;.com\u0026rdquo; or \u0026ldquo;.org\u0026rdquo; and point queries to the authoritative name server. Authoritative Servers: The final stop, these servers hold the actual IP address for a specific domain. DNS Records: These are like entries in the address book, providing various details about a domain:\nA Record: Maps a domain name to an IPv4 address (e.g., \u0026ldquo;[invalid URL removed]\u0026rdquo; -\u0026gt; 142.250.68.139) AAAA Record: Similar to A record, but for IPv6 addresses. CNAME Record: Redirects traffic from one domain to another (e.g., \u0026ldquo; www.example.com\u0026rdquo; CNAME \u0026ldquo;example.com\u0026rdquo;) MX Record: Directs emails to the correct mail server. SRV Record: Defines the location of specific services like chat or video conferencing. TXT Record: Stores additional text data for the domain. SOA Record: Specifies the authoritative name server for a domain zone. NS Record: Lists other name servers responsible for a zone. DHCP: Automating Network Configuration # Tired of manually assigning IP addresses to every device? DHCP (Dynamic Host Configuration Protocol) comes to the rescue. It automates network configuration for devices on your network, assigning IP addresses, subnet masks, default gateways, and name servers.\nDHCP Process: A device broadcasts a \u0026ldquo;DHCP Discover\u0026rdquo; message. The DHCP server offers a lease (temporary IP) with a \u0026ldquo;DHCP Offer\u0026rdquo; message. The device requests the offered lease with a \u0026ldquo;DHCP Request\u0026rdquo; message. The server acknowledges with a \u0026ldquo;DHCP Ack\u0026rdquo; message, finalizing the configuration. Leases expire, requiring renewal or a new lease negotiation. Proxies: The Middlemen of the Web # A proxy server acts as an intermediary between your device and the internet. It can provide various functionalities:\nSecurity: Filters malicious content or protects your device\u0026rsquo;s identity. Caching: Stores frequently accessed data to speed up browsing. Content Filtering: Restricts access to certain websites. Load Balancing: Distributes traffic across multiple servers for better performance. The Takeaway # Understanding DNS, DHCP, and proxies empowers you to manage your home lab network effectively. You can optimize performance, improve security, and gain granular control over how your devices connect to the internet. With this knowledge, your home lab can become a powerful platform for experimentation and learning!\n","date":"February 10 2023","externalUrl":null,"permalink":"/posts/202302-basicnetworking/","section":"Posts","summary":"Exploring basic networking concepts for the homelab","title":"Networking 101: DNS, DHCP, and Proxies","type":"posts"},{"content":"Hi! This is my space to share my knowledge and explore all things tech, especially the world of infrastructure, cloud computing, and the ever-evolving landscape of DevOps. I\u0026rsquo;m a passionate DevOps engineer with a few years of experience under my belt, but my curiosity keeps me diving into different areas – backend development, frontend exploration, and even cloud administration.\nWhether I\u0026rsquo;m tackling infrastructure projects or delving into the latest DevOps trends, I genuinely enjoy the process of learning and creating. This blog is my way to share that journey with you!\nThanks for joining me!\nHere\u0026rsquo;s what you can expect:\nIn-depth dives: I\u0026rsquo;ll tackle technical topics related to infrastructure, cloud, and DevOps, providing insightful explanations and practical tips. Real-world experiences: Learn from my adventures (and mishaps!) as I navigate the ever-changing tech landscape. A touch of enthusiasm: My passion for tech is contagious, and I hope to spark your curiosity and inspire you to explore new things. No matter your tech background, there\u0026rsquo;s something here for everyone. Let\u0026rsquo;s learn and grow together!\nP.S. Feel free to reach out and connect with me!\n","date":"January 1 0001","externalUrl":null,"permalink":"/about/","section":"Alberto Olvera","summary":"","title":"About","type":"page"},{"content":"","date":"January 1 0001","externalUrl":null,"permalink":"/authors/","section":"Authors","summary":"","title":"Authors","type":"authors"},{"content":"","date":"January 1 0001","externalUrl":null,"permalink":"/categories/","section":"Categories","summary":"","title":"Categories","type":"categories"},{"content":" Experience Company Link Role Dates Location Sailpoint Senior DevOps Engineer 2024 - Present Mexico City, Mexico Thomson Reuters Senior DevOps Engineer 2023 - 2024 Mexico City, Mexico Honeywell Software Engineer 2021 - 2023 Mexico City, Mexico Education School Link Degree Date Location Instituto Politecnico Nacional BSc, Control and Automation Engineering 2017-2022 Mexico City, Mexico ","date":"January 1 0001","externalUrl":null,"permalink":"/resume/","section":"Alberto Olvera","summary":"","title":"Resume","type":"page"}]