Thursday, July 15, 2021

AWS : Capacity Reservation: AWS Calculator : Savings Plan: Reserved Instances :Compute Savings Plans : EC2 Instance Savings Plans

Capacity Reservation

 When you create a Capacity Reservation, we reserve the specified capacity for your use. The reserved capacity is charged at the selected instance type’s On-Demand rate whether an instance is running in it or not. You can also use your regional reserved instances with your Capacity Reservations to benefit from billing discounts.


https://calculator.aws/#/

AWS Calculator


Reserved Instances

 Platform[Linux, Windows], Tenancy[Default/Dedicated], Offering class[Convertible,Standard] 

 Instance type[c2.medium], Term[1 year/3 Years], Payment option[Partial, Upfront, None]


 

Savings Plan

Savings Plans also offer significant savings on your Amazon EC2 costs compared to On-Demand Instance pricing. With Savings Plans, you make a commitment to a consistent usage amount, measured in USD per hour. This provides you with the flexibility to use the instance configurations that best meet your needs and continue to save money, instead of making a commitment to a specific instance configuration

---------------------------------------

SageMaker Savings Plans

Compute Savings Plans

EC2 Instance Savings Plans

---------------------------------------

Compute Savings Plans [Better than EC2 Instance Savings Plan]

Applies to EC2 instance usage, AWS Fargate, and AWS Lambda service usage, regardless of region, instance family, size, tenancy, and operating system.

Term, Payment option, Purchase commitment [Hourly commitment]

---------------------------------------

EC2 Instance Savings Plans

Applies to instance usage within the committed EC2 family and region, regardless of size, tenancy, and operating system.

Region,Instance family, Term, Payment option, Purchase commitment [Hourly commitment]

at No comments:
Labels: , , , , , ,

Tuesday, July 13, 2021

Docker Compose

  • docker-compose logs --follow elasticsearch
  • docker-compose -f docker-compose.elastic.yml up -d
  • docker-compose ps 
  • docker-compose down 
  • docker-compose up 
  • docker-compose -f filename up
  • docker-compose images
  • docker-compose down -v                                                [Removes all volumes created by docker]

Commands:
  build              Build or rebuild services
  bundle             Generate a Docker bundle from the Compose file
  config             Validate and view the Compose file
  create             Create services
  down               Stop and remove containers, networks, images, and volumes
  events             Receive real time events from containers
  exec               Execute a command in a running container
  help               Get help on a command
  images             List images
  kill               Kill containers
  logs               View output from containers
  pause              Pause services
  port               Print the public port for a port binding
  ps                 List containers
  pull               Pull service images
  push               Push service images
  restart            Restart services
  rm                 Remove stopped containers
  run                Run a one-off command
  scale              Set number of containers for a service
  start              Start services
  stop               Stop services
  top                Display the running processes
  unpause            Unpause services
  up                 Create and start containers
  version            Show the Docker-Compose version information


at No comments:
Labels: ,

Monday, July 12, 2021

Docker Compose YAML Elasticsearch HTTPS

https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-tls-docker.html

---------------------------------
services:
  create_certs:
    container_namecreate_certs
    imagedocker.elastic.co/elasticsearch/elasticsearch:7.13.0
    # command: >
    #   bash -c '
    #     if [[ ! -f /certs/bundle.zip ]]; then
    #       bin/elasticsearch-certutil cert --silent --pem --in config/certificates/instances.yml -out /certs/bundle.zip;
    #       unzip /certs/bundle.zip -d /certs; 
    #     fi;
    #     chown -R 1000:0 /certs
    #   '
    # user: "0"
    # working_dir: /usr/share/elasticsearch
    # volumes: ['certs:/certs', '.:/usr/share/elasticsearch/config/certificates']

    command: >
      bash -c '
        if [[ ! -f ./config/certificates/elastic-certificates.p12 ]]; then
          bin/elasticsearch-certutil cert -out config/certificates/elastic-certificates.p12 -pass ""
        fi;
        chown -R 1000:0 /usr/share/elasticsearch/config/certificates
      '
    user"0"
    working_dir/usr/share/elasticsearch
    volumes: ['certs:/usr/share/elasticsearch/config/certificates']

  elasticsearch:
    container_nameelasticsearch
    depends_on: [create_certs]
    imagedocker.elastic.co/elasticsearch/elasticsearch:7.13.0
    environment:
      - cluster.name=docker-cluster
      - discovery.type=single-node
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - ELASTIC_PASSWORD=$ELASTIC_PASSWORD # password for default user: elastic 
      - xpack.security.enabled=true
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.security.transport.ssl.keystore.path=$CERTS_DIR/elastic-certificates.p12
      - xpack.security.transport.ssl.truststore.path=$CERTS_DIR/elastic-certificates.p12
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.verification_mode=none
      - xpack.security.http.ssl.truststore.path=$CERTS_DIR/elastic-certificates.p12
      - xpack.security.http.ssl.keystore.path=$CERTS_DIR/elastic-certificates.p12

      # - xpack.license.self_generated.type=trial 
      # - xpack.security.enabled=true
      # - xpack.security.http.ssl.enabled=true
      # - xpack.security.http.ssl.key=$CERTS_DIR/es01/es01.key
      # - xpack.security.http.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
      # - xpack.security.http.ssl.certificate=$CERTS_DIR/es01/es01.crt
      # - xpack.security.transport.ssl.enabled=true
      # - xpack.security.transport.ssl.verification_mode=certificate 
      # - xpack.security.transport.ssl.certificate_authorities=$CERTS_DIR/ca/ca.crt
      # - xpack.security.transport.ssl.certificate=$CERTS_DIR/es01/es01.crt
      # - xpack.security.transport.ssl.key=$CERTS_DIR/es01/es01.key

    volumes: ['esdata:/usr/share/elasticsearch/data''certs:$CERTS_DIR']
    ulimits:
      nofile:
        soft65536
        hard65536
      memlock:
        soft-1
        hard-1
    ports:
      - "9200:9200"

volumes: {"esdata""certs"}
at No comments:

Saturday, July 10, 2021

TLS SSL Docker Elasticsearch

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup.html#generate-certificates

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup-https.html#encrypt-http-communication

--------------------------------------------------------------------------------------------------------

https://stackoverflow.com/questions/50832249/enable-authentication-in-elasticsearch-with-docker-environment-variable

https://dev.to/thehoodsdev/securing-our-dockerized-elastic-stack-3o15

https://medium.com/@mandeep_m91/setting-up-elasticsearch-and-kibana-on-docker-with-x-pack-security-enabled-6875b63902e6


https://askubuntu.com/questions/772050/reset-the-password-in-ubuntu-linux-bash-in-windows

wsl --user root


elasticsearch has own cert creation module

https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-tls.html#tls-http

xpack.security.enabled to true


OS

Basic 

Gold

Platinum


https://stackoverflow.com/questions/51445846/elasticsearch-max-virtual-memory-areas-vm-max-map-count-65530-is-too-low-inc/51447991#51447991

max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

sudo sysctl -w vm.max_map_count=262144


wsl --user root



https://stackoverflow.com/questions/22049212/docker-copying-files-from-docker-container-to-host

docker cp <containerId>:/file/path/within/container /host/path/target

docker cp elasticsearch:/usr/share/elasticsearch  ~


docker run -it --rm --privileged --pid=host justincormack/nsenter1


PKCS#12 format

A PFX file indicates a certificate in PKCS#12 format

https://www.sslmarket.com/ssl/how-to-create-an-pfx-file#:~:text=A%20PFX%20file%20indicates%20a,need%20to%20deploy%20a%20certificate.


docker-compose down -v


https://www.bleepingcomputer.com/news/security/new-meow-attack-has-deleted-almost-4-000-unsecured-databases/


http://localhost:9200/_xpack

http://localhost:9200/


xpack.security.http.ssl.enabled

xpack.security.transport.ssl.enabled


 - xpack.security.transport.ssl.enabled=true

at No comments:

Friday, July 9, 2021

Docker Desktop + WSL2 + Ubuntu + WSL +docker

 docker run -it --rm --privileged --pid=host justincormack/nsenter1

\\wsl2$ - Special Shared Path on Windows - which hides complex Path of Windows 
Docker Desktop + Ubuntu(WSL2) --- linked
Docker commands run from both
but Images go in Docker Desktop only -  \\wsl$\docker-desktop-data\version-pack-data\community\docker
Volume should be uploaded from Ubuntu/WSL2
Volume upload from Windows wont work
You can upload Folders from Windows to \\wsl$ shared path -specfically here  - \\wsl$\Ubuntu-20.04\home\karankaw
and it will show up as ~ in WSL2/Ubuntu
at No comments:
Labels: , , , ,

Thursday, July 8, 2021

Docker Logs


 docker logs  <web_container_ID_Or_Name>


 docker logs --follow web

at No comments:

Windows: Docker : exec :Docker Desktop

https://www.bretfisher.com/getting-a-shell-in-the-docker-for-windows-vm/


Getting a Shell in the Docker for Windows Moby VM

Moby VM - Mean Dummy Linux VM running on WSL Windows



docker run -it --rm --privileged --pid=host justincormack/nsenter1

at No comments:
Labels: ,
Subscribe to: Posts (Atom)

Azure - Pipeline - Add Approver for Stage

https://learn.microsoft.com/en-us/azure/devops/pipelines/process/approvals?view=azure-devops&tabs=check-pass