Support IT

- tambahkan hostname di NS:
mk1.wahana.com : 185.111.159.245
mk2.wahana.com : 194.195.90.25
mk3.wahana.com : 194.195.90.9
--
setup mk1.wahana.com, mk2.wahana.com, mk3.wahana.com
install : htop iotop iptraf-ng lynx screen mc finger firewalld

mk1.wahana.com:
-- ES sudah diinstall
-- MariaDB sudah diinstall
-- apps Setara; install nginx, uwsgi, uwsgi-plugin-psgi, install uwsgi-plugin-psgi uwsgi nginx-full uwsgi-extra uwsgi-plugins-all uwsgi-dev

mk2.wahana.com:
-- ES sudah diinstall
-- MariaDB sudah diinstall
-- mailserver, postfixadmin; install nginx

mk3.wahana.com:
-- ES sudah diinstall
-- MariaDB sudah diinstall
-- web mokirim.com; install nginx
-- BIND / DNS master mokirim.com

mk1.mokirim.com + mk3.mokirim.com
-- setup elasticsearch
apt install htop iotop iptraf-ng lynx screen mc finger firewalld nmap bind9-utils bmon fail2ban y
apt install dirmngr ca-certificates software-properties-common apt-transport-https lsb-release curl -y

wget q https://artifacts.elastic.co/GPG-KEY-elasticsearch -O | sudo gpg --dearmor o /usr/share/keyrings/elasticsearch-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list
apt update
apt install elasticsearch
---
mk1.mokirim.com ES:
--------------------------- Security autoconfiguration information ------------------------------

Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.

The generated password for the elastic built-in superuser is : ouvOiWHaD1NQ7+oat8_L

If this node should join an existing cluster, you can reconfigure this with
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
after creating an enrollment token on your existing cluster.

You can complete the following actions at any time:

Reset the password of the elastic built-in superuser with
'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.

Generate an enrollment token for Kibana instances with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.

Generate an enrollment token for Elasticsearch nodes with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.

---

1. NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
   sudo systemctl daemon-reload
   sudo systemctl enable elasticsearch.service
2. You can start elasticsearch service by executing
   sudo systemctl start elasticsearch.service

======

mk1.mokirim.com mariadb:
--
apt install wget apt-transport-https

wget https://r.mariadb.com/downloads/mariadb_repo_setup

echo "935944a2ab2b2a48a47f68711b43ad2d698c97f1c3a7d074b34058060c2ad21b mariadb_repo_setup" \ | sha256sum -c -

chmod +x mariadb_repo_setup

sudo ./mariadb_repo_setup
--
apt install mariadb-backup mariadb-client mariadb-client-core mariadb-server mariadb-server-core libmariadb3 galera-4
--
setup mk1, mk2, mk3 sbg mariadb nodes di galera-cluster 'cluster-mokirim',
file konfigurasi mariadb : /etc/mysql/mariadb.conf.d/z-default.cnf

---

- setup elasticsearch:
apt install dirmngr ca-certificates software-properties-common apt-transport-https lsb-release curl -y

wget q https://artifacts.elastic.co/GPG-KEY-elasticsearch -O | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg

echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list

apt update; apt install elasticsearch
---- =======================================================================================================
ES mk3.mokirim.com:
--------------------------- Security autoconfiguration information ------------------------------

Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.

The generated password for the elastic built-in superuser is : 4dSJfLQFGKPHliF0n0L*

If this node should join an existing cluster, you can reconfigure this with
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
after creating an enrollment token on your existing cluster.

You can complete the following actions at any time:

Reset the password of the elastic built-in superuser with
'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.

Generate an enrollment token for Kibana instances with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.

Generate an enrollment token for Elasticsearch nodes with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.

---

1. NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
   sudo systemctl daemon-reload
   sudo systemctl enable elasticsearch.service
2. You can start elasticsearch service by executing
   sudo systemctl start elasticsearch.service

=======================================================================================================
ES mk1.mokirim.com
--------------------------- Security autoconfiguration information ------------------------------

Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.

The generated password for the elastic built-in superuser is : q+e6x6WC4FmTXON=0_Ux

If this node should join an existing cluster, you can reconfigure this with
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
after creating an enrollment token on your existing cluster.

You can complete the following actions at any time:

Reset the password of the elastic built-in superuser with
'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.

Generate an enrollment token for Kibana instances with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.

Generate an enrollment token for Elasticsearch nodes with
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.

---

1. NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
   sudo systemctl daemon-reload
   sudo systemctl enable elasticsearch.service
2. You can start elasticsearch service by executing
   sudo systemctl start elasticsearch.service =======================================================================================================

======
elasticsearch:
/etc/hosts :
185.111.159.245 vmi1574618.contaboserver.net vmi1574618 mk1.mokirim.com node01
194.195.90.25 mk2.mokirim.com node02
194.195.90.9 mk3.mokirim.com node03
--
mk1.mokirim.com node01 node01.mokirim.com
mk2.mokirim.com node02 node02.mokirim.com
mk3.mokirim.com node03 node03.mokirim.com
--
[2024-01-02T18:47:45,414][INFO ][o.e.x.s.InitialNodeSecurityAutoConfiguration] [node01] Auto-configuration will not generate a password for the elastic built-in superuser, as we cannot determine if there is a terminal attached to the elasticsearch process. You can use the `bin/elasticsearch-reset-password` tool to set the password for the elastic user.
--
mk1.mokirim.com:
eyJ2ZXIiOiI4LjExLjMiLCJhZHIiOlsiMTg1LjExMS4xNTkuMjQ1Ojk0MDAiXSwiZmdyIjoiZTFlYmExZjY2NDlkNDMwYWQzM2I3NjFkNzg2MjBlYWI5NzJlZWRjZjc2ZmM4ZmEzM2MzNjI5M2YwM2JiZDZhYSIsImtleSI6InlBUGF5WXdCRjN5OHNNeU9nUFFWOm5jWnVteUUtUnZlMExzREFIVzVnd1EifQ==

---
-- =======================================================================================================

set firewall-cmd:
mariadb galera cluster port open:
3306 / tcp
4567 / tcp
4567/udp
4568 / tcp
4444 / tcp
elasticsearch port open:
9400 / tcp
9443 / tcp
9300 / tcp

firewall-cmd --new-zone=mariadb --permanent
firewall-cmd --reload
firewall-cmd --get-zones ==> block dmz drop external home internal mariadb public trusted work
firewall-cmd --zone=mariadb --add-source=185.111.159.245/32 --add-source=194.195.90.25/32 --add-source=194.195.90.9/32 --add-source=127.0.0.1 --permanent
firewall-cmd --reload
firewall-cmd --zone=mariadb --add-port=3306/tcp --add-port=4567/tcp --add-port=4567/udp --add-port=4568/tcp --add-port=4444/tcp --add-port=9400/tcp --add-port=9300/tcp --add-port=9443/tcp --permanent
firewall-cmd --reload
firewall-cmd --zone=mariadb --list-all
firewall-cmd --zone=public --add-service=https --permanent
firewall-cmd --reload