Monitoring Keepalived with SNMP on Ubuntu 14.04


Using keepalived in combination with a couple of HAProxy instances is a convenient yet powerful way of ensuring high availability of services.

Network map, Normal
Load balancer pair in normal state

Up until now, I’ve considered it enough to monitor the VMs where the services run, and the general availability of a HAProxy listener on the common address. The drawback is that it’s hard to see if the site is served by the intended master or the backup load balancer at a glance. The image to the right shows the intended – and at the end of this article achieved – result, with the color of the lines between nodes giving contextual information about the state of the running services.

Monitoring state changes could naïvely be achieved by continuously tailing the syslog and searching for “entered the MASTER state”. This would be a pretty resource-intensive way of solving the issue, though. A less amateurish way to go about it would to use keepalived’s built-in capability of running scripts on state changes, but there are a number of situations in which you can’t be sure that the scripts are able to run, so that’s not really what we want to do either.

Fortunately, keepalived supports SNMP, courtesy of the original author of the SNMP patch for keepalived, Vincent Bernat. In addition to tracking state changes, it potentially allows us to pull out all kinds of interesting statistics from keepalived, as long as we have a third machine from which to monitor things. Let’s set it up. Continue reading “Monitoring Keepalived with SNMP on Ubuntu 14.04”

Where to spend money as a new motorcycle rider (Part 1)


Today’s ride made me consider some points I wish I had known earlier as a motorcycle rider. Those who know me can attest that I am slightly frugal when spending money on toys and gear. Not that I don’t buy stuff, but I usually want to be really sure that it’ll do what I imagine before committing to a purchase, especially when it comes to stuff with large price tags. This planned series of articles will contain information that wasn’t readily available to me before I actually bought the gear. My hope is to be able to share what’s worth its price and perhaps some stuff that I bought which quite frankly is a waste of money.

Continue reading “Where to spend money as a new motorcycle rider (Part 1)”

Setting up my gaming computer in Ubuntu 16.04

This is really a how-to for my personal hardware setup in case I want to try other distributions or operating systems on my gaming computer down the line. However it may be helpful to anyone who would like to play games or run flight sims in a Linux environment. What? Stranger things have happened!

Continue reading “Setting up my gaming computer in Ubuntu 16.04”

Changing screen refresh rate in Fedora 23

I’ve just installed Fedora 23 on my gaming computer at home, switching from Mint 17.3.

I have an nVidia card (using RPM Fusion to install the non-free drivers still necessary to get any kind of 3D performance out of it), and an Eizo Foris monitor capable of running at 120 Hz refresh rate. It took me a while to figure out how to make the latter work in Mint (create a ~/.config/monitors.xml). Unfortunately, this approach – along with a number of others – didn’t work in Fedora 23.

The solution (and its cause) was embarrassingly simple: I followed the general gist of the initial posts in this discussion thread, using xrandr to output the necessary data and creating a Gnome autostart item  (~/.config/autostart/xrandr.desktop) which starts xrandr with the correct output, mode and refresh rate options. I did not disable the Wayland session where gdm initially runs.

SSL load balancing with HAProxy in VMWare

So this is a new project I’ve recently finished.

Create a secure high availability (HA) load balancing service spreading user load across two pairs of two servers, providing two different sets of services:

One service requires SSL passthrough, while the other is a websockets connection over SSL, where the use of a proxy demands SSL termination. Securing communications with the web backend for the latter is done by routing the traffic via an OpenVPN tunnel.

The software I’ve chosen for this, is HAProxy 1.5 on FreeBSD 10.1-Release, running in a VSphere 5.5 environment.

Continue reading “SSL load balancing with HAProxy in VMWare”

OpenVPN 2.x and Windows Firewall

The documentation for OpenVPN is pretty good, but I found a detail that may cause some confusion in a Windows environment, so I thought I’d address it here:

What do you do if you need to run OpenVPN but still want the Windows Firewall to work on your Windows server?

The background for this issue is how Windows decides what profile to use for a specific network: It reads the gateway address. The TAP interface for OpenVPN doesn’t automatically receive a gateway, so the network profile for it will be “Unknown network”, and so it won’t allow the necessary traffic for the OpenVPN connection to be properly established.

So what do you do?

First, open up a port in your firewall to allow for the initial handshake to be made between the client and the server. By default, this is UDP port 1194. Then we need to take a step back. We don’t want to open an uncontrolled pipe from the VPN client to the server, which is exactly what happens if you turn off the firewall for the VPN TAP device.

Instead, we’ll do two things:

1) Give the OpenVPN TAP device a gateway. In the server configuration for OpenVPN, you assign a subnet to be used by OpenVPN. The server will be [subnet].1. The gateway will be [subnet].2.

2) Some people claim that the above doesn’t always work unless you set the status of the TAP device to “always connected”, so let’s do that.

The result?

You now have control over data in the VPN tunnel too, using Windows firewall, meaning that you can stop unwanted traffic within the tunnel easily.

Norway tour 2012 debrief

Having spent the weekend riding some 1400 kilometers in the beautiful Norwegian fjord and mountain landscape, I feel like jotting down some notes and almost-reviews.

Scala Rider

This intercom system worked so much better than I thought when I first saw it. I bought a NeckMike system a while ago, since I wanted to combine ear plugs with intercom functionality. In reality, the Scala Rider system does a better job when it comes to communication (it’s got full duplex for one, and second, it’s wireless, which means no forgotten cables when you step off the bike). It’s also fully functional up to about 120 km/h (on an effectively fairing-less bike) with or without ear plugs.

There are three main drawbacks:
1. I needed to “slightly adjust” my helmet to fit the speakers. It doesn’t come with depressions for this kind of communications system, so I needed to cut open the noice-reducing padding on the inside of the styrofoam protective layer to avoid getting cauliflower ears from the speakers pressing against my earlobes. Since the fabric cover for the chin pads is removable, I could do it without destroying anything.
2. The carrier rack for the communications module sticks down below the helmet if you don’t choose to glue it in place. This makes putting on and (especially) removing the helmet somewhat painful after a while, since the opening in effect becomes a little tighter than usual, so the ear on the receiver side tends to snag a little.
3. The accumulator is pretty integrated into the system, which means that with use, the time available for communications will diminish and you can’t do anything about it. Anyone familiar with Apple gear knows this problem. It’s OK if you plan on getting new stuff every other year or so, but a system like this shouldn’t be that upgrade prone, and therefore I count non-serviceability as a drawback.

As I mentioned above, wind noise renders the system useless above 120 km/h or so on a bike without a large windscreen. The sensitivity for voice activation needs to be adjusted or you’ll get closer to 8 than 13 hours of battery life out of it, and on the pair we used, one speaker quit working within a day of use, which probably is an individual problem rather than a design one – but again, miniaturization makes for lousy serviceability.

GoPro HD Hero 2

I never really saw the point of video cams until I really tried one. This one basically has a power/function button and a start/stop button, but it’s surprisingly easy to make nice movies, thanks to the fisheye lens. I edited the resulting raw film with iMovie on my Mac, and the result of an evening of playing around with the material can be viewed below.

The Zero Gravity Tall Windscreen

This was my first real test of the higher windscreen for my bike. Windscreens are a tradeoff between environmental feedback and comfort. Where the XB12X is an excellent hooligan bike and canyon carver, the R1200GS is a ride which lets the pilot step off the bike fully rested after 300 kilometers of highway.

Basically, even with the taller screen, the air – and, as I frequently experienced during this ride – the rain, hits me at the upper part of my chest. At highway speeds, this means my helmet gets pressed into my face, and I need to fight to keep my posture against the wind, and if it rains, it means all the rain that hits the front of my bike will end up on my jacket, drop down, and finally create a puddle in which I sit. This is OK with proper rain gear, but textile riding gear without GoreTex membranes soaks right through after a while in these conditions.

The next thing to try, of course, is a windscreen bracket from Palmer Products, to get the windscreen up a bit and make it adjustable. This should also fix the potential problem of the original rubber grommets breaking at highway speeds, giving me a face-full of windscreen at a hundred mph.