nixCraft Linux / UNIX Newsletter

Sometimes Linux sysadmins or developers need to determine the number of RAM slots on their servers or desktop/laptop without opening the case. Then, it is helpful to upgrade or install new RAM. Let us see how to find the number of RAM slots and supported max memory on Linux using command-line options.

The post How to find the number of RAM Slots in Linux appeared first on nixCraft.

{nixCraft Patreon supporters content}

All Linux and Unix servers are managed manually or by automation tools such as Ansible using ssh. For example, say you have a server at Linode or AWS. Then you copy your public ssh key to a remote cloud server. Once copied, you can now login to those servers without a password as long as ssh keys are matched. It is the best practice. Unfortunately, you are not protecting ssh keys stored on a local desktop or dev machine at $HOME/.ssh/ directory. If your keys are stolen, an attacker can get access to all of your cloud servers, including backup servers. To avoid this mess, we can protect our ssh keys stored on local dev/desktop machines using physical security keys such as YubiKey.

In both cases, you need to insert your YubiKey (or any FIDO2 compatible hardware key) into a USB port and complete the authentication. In other words, ssh login will not work when malware or attacker has stolen your passphrase and ssh keys as they can not insert YubiKey and press the button on it to complete OTP for ssh keys.
In the corporate environment, we have a bastion host that allows ssh access with Yubikey. It is a special-purpose server on a network specifically designed and configured to withstand attacks. The server generally hosts an sshd process, and all other services are removed. Once logged into bastion host, you can access all other cloud servers easily. This guide will cover the following topics:

The post How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2) appeared first on Opensource Flare✨.

{nixCraft Patreon supporters content}

This guide explains how to set up Redis sentinel failover cluster for caching database or any other data type in high availability node.

Software and hardware requirements

Minimum three VMs running at cloud providers or bare metal servers. Always keep an ODD number of servers.

1. Ubuntu 20.04 or Debian 10 Linux LTS.
2. Redis server with sentinel on each VM.
3. HAProxy for load balancing and traffic redirection to healthy Redis node for writing or reading data.
4. Keepalived for IP failover for HAProxys.
5. The Redis cluster will be protected using firewall, password, and VLAN or VPC.
6. Email-based alert for HAproxy and Keepalived cluster.
7. Simple web-based stats for Redis.

Out sample setup:

All clients (your web app written in Python/PHP/Perl) will send Redis to read and write requests to 172.0.0.5 TCP port 6379. HAproxy will redirect read requests based upon the health status of the Redis server among three servers. The Redis write request will redirect to an active node in the sentinel cluster. Keepalived is used to maintain standby HAPorxy node in case primary HAPorxy node is down for any reason. In addition, Keepalived will provide IP failover based upon the VRRP protocol running on an interface. This in-depth guide will cover the following topics:

The post How to set up Redis sentinel cluster on Ubuntu or Debian Linux appeared first on Opensource Flare✨.