January 12, 2019January 13, 2019 by ary

Mengamankan SSH dengan Google Authenticator – openSUSE Leap 15

Bagi saya, akses SSH ke Jump server, Jump host atau Jumpbox menggunakan Public Key adalah mandatori, kali ini saya akan menambahkan Multi-factor Authentication (MFA) untuk akses SSH ke Jump server saya. Berikut langkah-langkahnya:

1. Pasang Repositori

zypper addrepo https://download.opensuse.org/repositories/security/openSUSE_Leap_15.0/security.repo
zypper refresh

1 2	zypper addrepo https://download.opensuse.org/repositories/security/openSUSE_Leap_15.0/security.repo zypper refresh

2. Pasang paket Google Authenticator

zypper install -y pam-google-authenticator

1	zypper install -y pam-google-authenticator

3. Jalankan Google Authenticator

google-authenticator

1	google-authenticator

Scan barcode atau masukan Your new secret key ke aplikasi Google Authenticator

4. Sunting berkas Konfigurasi SSH

vim /etc/ssh/sshd_config

ChallengeResponseAuthentication yes 
AuthenticationMethods publickey,keyboard-interactive

vim /etc/ssh/sshd_config

ChallengeResponseAuthentication yes

AuthenticationMethods publickey,keyboard-interactive

5. Disable common-auth dan tambahkan auth google

vim /etc/pam.d/sshd

#@include common-auth 
auth required pam_google_authenticator.so

vim /etc/pam.d/sshd

#@include common-auth

auth required pam_google_authenticator.so

6. Muat ulang layanan SSH

systemctl restart sshd
systemctl status sshd

1 2	systemctl restart sshd systemctl status sshd

7. Ujicoba SSH ke Jump server

ssh -l ary gateway.aryulianto.com -p2222
Authenticated with partial success.
Verification code:

ssh -l ary gateway.aryulianto.com -p2222

Authenticated with partial success.

Verification code:

Sekarang kalian akan dimintai kode Google Authenticator setiap kali Anda mencoba masuk melalui SSH.

Sekian dan Terima kasih

December 23, 2018December 25, 2018 by ary

Monitoring OpenStack Instances with Service Discovery Prometheus + Grafana

Linux, OpenStack
Grafana, Instances, Monitoring, nova, OpenStack, Prometheus
Leave a comment

Selain bisa mendefine target secara static, Prometheus juga mendukung konfigurasi secara dynamically menggunakan service discovery.
Salah satunya Prometheus dapat melakukan query ke Nova API untuk me-list seluruh Instances di OpenStack sebagai target untuk dimonitoring.

Kebutuhan:
– Prometheus
– Grafana
– Node Exporter
– OpenStack RC / Credential

Langkah-langkah:

I. Prometheus Server

1. Update server dan pasang paket pendukung

yum -y update
yum -y install vim

1 2	yum -y update yum -y install vim

2. Unduh Prometheus Server

curl -LO "https://github.com/prometheus/prometheus/releases/download/v2.5.0/prometheus-2.5.0.linux-amd64.tar.gz"
tar xvfz nxvfz prometheus-2.5.0.linux-amd64.tar.gz -C /opt/ && mv prometheus-2.5.0.linux-amd64 prometheus-server
cd /opt/prometheus-server/

curl -LO "https://github.com/prometheus/prometheus/releases/download/v2.5.0/prometheus-2.5.0.linux-amd64.tar.gz"

tar xvfz nxvfz prometheus-2.5.0.linux-amd64.tar.gz -C /opt/ && mv prometheus-2.5.0.linux-amd64 prometheus-server

cd /opt/prometheus-server/

3. Sunting berkas konfigurasi, sesuaikan konfigurasi yang diinginkan

vim config.yml

# my global config

global:
  scrape_interval:     15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
  evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
  # scrape_timeout is set to the global default (10s).

# Alertmanager configuration
alerting:
  alertmanagers:
  - static_configs:
    - targets:
      # - alertmanager:9093

# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
rule_files:
  # - "first_rules.yml"
  # - "second_rules.yml"

# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
  # The job name is added as a label `job=` to any timeseries scraped from this config.
  - job_name: 'prometheus'
    static_configs:
    - targets: ['localhost:9090']
  - job_name: 'openstack-sd'
    openstack_sd_configs:
      - identity_endpoint: https://url-keystone-server:443/v3
        username: <username>
        project_id: <project_id>
        password: <secret>
        role: 
        region: 
        domain_name: 
        port: 9100

vim config.yml

# my global config

global:

scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.

evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.

# scrape_timeout is set to the global default (10s).

# Alertmanager configuration

alerting:

alertmanagers:

- static_configs:

- targets:

# - alertmanager:9093

# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.

rule_files:

# - "first_rules.yml"

# - "second_rules.yml"

# A scrape configuration containing exactly one endpoint to scrape:

# Here it's Prometheus itself.

scrape_configs:

# The job name is added as a label `job=` to any timeseries scraped from this config.

- job_name: 'prometheus'

static_configs:

- targets: ['localhost:9090']

- job_name: 'openstack-sd'

openstack_sd_configs:

- identity_endpoint: https://url-keystone-server:443/v3

username: <username>

project_id: <project_id>

password: <secret>

role:

region:

domain_name:

port: 9100

4. Verifikasi berkas config Prometheus server pastikan SUCCESS

./promtool check config config.yml

1	./promtool check config config.yml

5. Jalankan Prometheus server sebagai service

vim /etc/systemd/system/prometheus-server.service

[Unit]
Description=Prometheus Server

[Service]
User=root
ExecStart=/opt/prometheus-server/prometheus --config.file=/opt/prometheus-server/config.yml --web.external-url=http://ip-server:9090/

[Install]
WantedBy=default.target

vim /etc/systemd/system/prometheus-server.service

[Unit]

Description=Prometheus Server

[Service]

User=root

ExecStart=/opt/prometheus-server/prometheus --config.file=/opt/prometheus-server/config.yml --web.external-url=http://ip-server:9090/

[Install]

WantedBy=default.target

6. Jalankan service Prometheus Server

systemctl daemon-reload
systemctl enable prometheus-server.service
systemctl start prometheus-server.service

systemctl daemon-reload

systemctl enable prometheus-server.service

systemctl start prometheus-server.service

7. Verifikasi bahwa service Prometheus sudah berjalan

systemctl status prometheus-server.service
ss -tulpn |grep 9090

1 2	systemctl status prometheus-server.service ss -tulpn \|grep 9090

II. Grafana
1. Pasang Grafana

yum -y install https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana-5.1.4-1.x86_64.rpm
/sbin/chkconfig --add grafana-server

1 2	yum -y install https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana-5.1.4-1.x86_64.rpm /sbin/chkconfig --add grafana-server

2. Jalankan service Grafana

systemctl enable grafana-server.service
systemctl start grafana-server.service
systemctl status grafana-server.service

systemctl enable grafana-server.service

systemctl start grafana-server.service

systemctl status grafana-server.service

3. Akses Grafana Dashboard http://ip-server:3000
– Login dengan usename dan passsword admin/admin – Klik 'Add Datasource' – Name: Prometheus, Type: Prometheus – Http settings: http://localhost:9090 – Klik 'Save and Test'. Pastikan hasilnya 'success' dan 'datasource added'

4. Buat dashboard atau bisa juga unduh di https://grafana.com/dashboards sesuai dengan kebutuhan anda, sebagai contoh:

III. Node Exporter

1. Pasang Node Exporter ditiap Instance yang ingin anda monitoring

#!/bin/bash

sudo -i
curl -LO "https://github.com/prometheus/node_exporter/releases/download/v0.17.0/node_exporter-0.17.0.linux-amd64.tar.gz"
tar xvfz node_exporter-0.17.0.linux-amd64.tar.gz -C /opt/

cat << EOF >/etc/systemd/system/node_exporter.service
[Unit]
Description=Node Exporter

[Service]
User=root
ExecStart=/opt/node_exporter-0.17.0.linux-amd64/node_exporter

[Install]
WantedBy=default.target
EOF

systemctl daemon-reload
systemctl enable node_exporter.service
systemctl start node_exporter.service
systemctl status node_exporter.service
rm -rf node_exporter-0.17.0.linux-amd64.tar.gz

#!/bin/bash

sudo -i

curl -LO "https://github.com/prometheus/node_exporter/releases/download/v0.17.0/node_exporter-0.17.0.linux-amd64.tar.gz"

tar xvfz node_exporter-0.17.0.linux-amd64.tar.gz -C /opt/

cat << EOF >/etc/systemd/system/node_exporter.service

[Unit]

Description=Node Exporter

[Service]

User=root

ExecStart=/opt/node_exporter-0.17.0.linux-amd64/node_exporter

[Install]

WantedBy=default.target

EOF

systemctl daemon-reload

systemctl enable node_exporter.service

systemctl start node_exporter.service

systemctl status node_exporter.service

rm -rf node_exporter-0.17.0.linux-amd64.tar.gz

Sekarang saat ada Instances baru anda hanya perlu memasang atau menambahkan Node Exporter (bisa juga dipasang waktu create Instance di Customization Script) dan secara otomatis Prometheus server akan men-scrapenya dan viola! seluruh Instances bisa dimonitoring di dashboard Grafana sekarang 😀

Referensi:
https://medium.com/@pasquier.simon/monitoring-your-openstack-instances-with-prometheus-a7ff4324db6c

October 28, 2018 by ary

Enable Soft Delete to Recover Deleted Instances OpenStack

Ubah konfigurasi Nova di node Controller dan semua node Compute

vim /etc/nova/nova.conf

1	vim /etc/nova/nova.conf

Cari nilai reclaim_instance_interval

reclaim_instance_interval=0

1	reclaim_instance_interval=0

# * Any positive integer(in seconds) greater than 0 will enable
#   this option.
# * Any value <=0 will disable the option.
#  (integer value)

# * Any positive integer(in seconds) greater than 0 will enable

# this option.

# * Any value <=0 will disable the option.

# (integer value)

Ubah nilainya sesuai yang diinginkan misal ingin menahan Instance agar tidak dihapus secara permanent selama 1 hari (24 jam x 3600 = 86400 detik) berarti disi

reclaim_instance_interval=86400

1	reclaim_instance_interval=86400

Muat ulang service Nova compute dan API

systemctl restart openstack-nova-compute.service 
systemctl status openstack-nova-compute.service

1 2	systemctl restart openstack-nova-compute.service systemctl status openstack-nova-compute.service

systemctl restart openstack-nova-api.service
systemctl status openstack-nova-api.service

1 2	systemctl restart openstack-nova-api.service systemctl status openstack-nova-api.service

List Instance

[root@openstack ~(keystone_admin)]# openstack server list
+--------------------------------------+-------------+--------+------------------+-------------------------------------------------------+-----------+
| ID                                   | Name        | Status | Networks         | Image                                                 | Flavor    |
+--------------------------------------+-------------+--------+------------------+-------------------------------------------------------+-----------+
| 2cffc5b3-feb3-40a6-b6af-62cdde03d69c | soft-delete | ACTIVE | extnet=10.1.1.49 | cirros-0.4.0-x86_64-disk.img                          | ns.1-1-1  |
| 281a9a9b-0fe7-48d7-93e0-3dae7c9db695 | instance-01 | ACTIVE | extnet=10.1.1.2  | ubuntu-16.04-server-cloudimg-amd64-disk1-20180306.img | ns.2-2-20 |
+--------------------------------------+-------------+--------+------------------+-------------------------------------------------------+-----------+

[root@openstack ~(keystone_admin)]# openstack server list

+--------------------------------------+-------------+--------+------------------+-------------------------------------------------------+-----------+

+--------------------------------------+-------------+--------+------------------+-------------------------------------------------------+-----------+

+--------------------------------------+-------------+--------+------------------+-------------------------------------------------------+-----------+

Ujicoba hapus Instance

[root@openstack ~(keystone_admin)]# openstack server delete 2cffc5b3-feb3-40a6-b6af-62cdde03d69c

[root@openstack ~(keystone_admin)]# openstack server list
+--------------------------------------+-------------+--------+-----------------+-------------------------------------------------------+-----------+
| ID                                   | Name        | Status | Networks        | Image                                                 | Flavor    |
+--------------------------------------+-------------+--------+-----------------+-------------------------------------------------------+-----------+
| 281a9a9b-0fe7-48d7-93e0-3dae7c9db695 | instance-01 | ACTIVE | extnet=10.1.1.2 | ubuntu-16.04-server-cloudimg-amd64-disk1-20180306.img | ns.2-2-20 |
+--------------------------------------+-------------+--------+-----------------+-------------------------------------------------------+-----------+

[root@openstack ~(keystone_admin)]# openstack server delete 2cffc5b3-feb3-40a6-b6af-62cdde03d69c

[root@openstack ~(keystone_admin)]# openstack server list

+--------------------------------------+-------------+--------+-----------------+-------------------------------------------------------+-----------+

+--------------------------------------+-------------+--------+-----------------+-------------------------------------------------------+-----------+

+--------------------------------------+-------------+--------+-----------------+-------------------------------------------------------+-----------+

Cek List instance yang sudah di Hapus, jika kita aktifkan Soft Delete maka statusnya akan menjadi SOFT_DELETE sampai batas waktu yang sudah kita tentukan akan berubah menjadi DELETED

[root@openstack ~(keystone_admin)]# openstack server list --deleted
+--------------------------------------+------------------+--------------+------------------+-----------------------------------------+-----------+
| ID                                   | Name             | Status       | Networks         | Image                                   | Flavor    |
+--------------------------------------+------------------+--------------+------------------+-----------------------------------------+-----------+
| 2cffc5b3-feb3-40a6-b6af-62cdde03d69c | soft-delete      | SOFT_DELETED | extnet=10.1.1.49 | cirros-0.4.0-x86_64-disk.img            | ns.1-1-1  |
| 239c18af-3ffc-41aa-9a47-d07e9af4ac52 | test-centos      | DELETED      |                  | CentOS-7-x86_64-GenericCloud-1802.qcow2 | ns.2-4-20 |
| 83448c2a-66fe-4864-8296-253ed4bcb16f | cirros-test      | DELETED      |                  | cirros-0.4.0-x86_64-disk.img            | ns.1-1-1  |
+--------------------------------------+------------------+--------------+------------------+-----------------------------------------+-----------+

[root@openstack ~(keystone_admin)]# openstack server list --deleted

+--------------------------------------+------------------+--------------+------------------+-----------------------------------------+-----------+

+--------------------------------------+------------------+--------------+------------------+-----------------------------------------+-----------+

+--------------------------------------+------------------+--------------+------------------+-----------------------------------------+-----------+

Ujicoba Restore Instance

[root@openstack ~(keystone_admin)]# openstack server restore 2cffc5b3-feb3-40a6-b6af-62cdde03d69c

[root@openstack ~(keystone_admin)]# openstack server list
+--------------------------------------+-------------+--------+------------------+-------------------------------------------------------+-----------+
| ID                                   | Name        | Status | Networks         | Image                                                 | Flavor    |
+--------------------------------------+-------------+--------+------------------+-------------------------------------------------------+-----------+
| 2cffc5b3-feb3-40a6-b6af-62cdde03d69c | soft-delete | ACTIVE | extnet=10.1.1.49 | cirros-0.4.0-x86_64-disk.img                          | ns.1-1-1  |
| 281a9a9b-0fe7-48d7-93e0-3dae7c9db695 | instance-01 | ACTIVE | extnet=10.1.1.2  | ubuntu-16.04-server-cloudimg-amd64-disk1-20180306.img | ns.2-2-20 |
+--------------------------------------+-------------+--------+------------------+-------------------------------------------------------+-----------+

[root@openstack ~(keystone_admin)]# openstack server restore 2cffc5b3-feb3-40a6-b6af-62cdde03d69c

[root@openstack ~(keystone_admin)]# openstack server list

+--------------------------------------+-------------+--------+------------------+-------------------------------------------------------+-----------+

+--------------------------------------+-------------+--------+------------------+-------------------------------------------------------+-----------+

+--------------------------------------+-------------+--------+------------------+-------------------------------------------------------+-----------+

Lalu bagaimana jika kita ingin segera memakai resource kita tanpa menunggu 1 hari? bisa gunakan perintah

[root@openstack ~(keystone_admin)]# nova force-delete 2cffc5b3-feb3-40a6-b6af-62cdde03d69c

[root@openstack ~(keystone_admin)]# openstack server list --deleted
+--------------------------------------+------------------+---------+----------+-----------------------------------------+-----------+
| ID                                   | Name             | Status  | Networks | Image                                   | Flavor    |
+--------------------------------------+------------------+---------+----------+-----------------------------------------+-----------+
| 2cffc5b3-feb3-40a6-b6af-62cdde03d69c | soft-delete      | DELETED |          | cirros-0.4.0-x86_64-disk.img            | ns.1-1-1  |
| 239c18af-3ffc-41aa-9a47-d07e9af4ac52 | test-centos      | DELETED |          | CentOS-7-x86_64-GenericCloud-1802.qcow2 | ns.2-4-20 |
| 83448c2a-66fe-4864-8296-253ed4bcb16f | cirros-test      | DELETED |          | cirros-0.4.0-x86_64-disk.img            | ns.1-1-1  |
+--------------------------------------+------------------+---------+----------+-----------------------------------------+-----------+

[root@openstack ~(keystone_admin)]# nova force-delete 2cffc5b3-feb3-40a6-b6af-62cdde03d69c

[root@openstack ~(keystone_admin)]# openstack server list --deleted

+--------------------------------------+------------------+---------+----------+-----------------------------------------+-----------+

+--------------------------------------+------------------+---------+----------+-----------------------------------------+-----------+

+--------------------------------------+------------------+---------+----------+-----------------------------------------+-----------+

Sekian dan Terima kasih!

July 24, 2018 by ary

Failover using VRRP Keepalived

Requirements:

2 Server atau lebih dalam 1 jaringan yang sama
1 Virtual IP (VIP)

Disini saya menggunakan 3 Server Ubuntu 16.04 dan HAProxy dibelakangnya:
node1 = 10.0.0.5 node2 = 10.0.0.6 node3 = 10.0.0.7 VIP = 10.0.0.200

Langsung saja berikut cara Failover menggunakan VRRP (Virtual Router Redundancy Protocol) sebagai berikut

Pasang paket Keepalived disemua node

apt install keepalived -y

1	apt install keepalived -y

Buat Konfigurasi Keepalived disemua node

vim /etc/keepalived/keepalived.conf

1	vim /etc/keepalived/keepalived.conf

vrrp_script haproxy-check {
    script "killall -0 haproxy"
    interval 2
    weight 20
}
 
vrrp_instance haproxy-vip {
    state MASTER
    priority 101
    interface ens3
    virtual_router_id 51
    advert_int 3
 
    unicast_src_ip 10.0.0.5
    unicast_peer {
        10.0.0.6
        10.0.0.7
    }
 
    virtual_ipaddress {
        10.0.0.200
    }
 
    track_script {
        haproxy-check weight 20
    }

vrrp_script haproxy-check {

script "killall -0 haproxy"

interval 2

weight 20

}

vrrp_instance haproxy-vip {

state MASTER

priority 101

interface ens3

virtual_router_id 51

advert_int 3

unicast_src_ip 10.0.0.5

unicast_peer {

10.0.0.6

10.0.0.7

}

virtual_ipaddress {

10.0.0.200

}

track_script {

haproxy-check weight 20

}

Sesuaikan bagian:
interface (interface yang digunakan untuk failover)
priority (prioritas masing-masing node)
unicast_src_ip (IP node tersebut)
unicast_peer (IP node lainnya)

Muat ulang servis Keepalived

systemctl enable keepalived
systemctl restart keepalived
systemctl status keepalived

systemctl enable keepalived

systemctl restart keepalived

systemctl status keepalived

Verifikasi disemua node:

root@node3:~# ip address 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:52:a1:72 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.7/24 brd 10.0.0.255 scope global ens3
       valid_lft forever preferred_lft forever
    inet 10.0.0.200/32 scope global ens3
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe52:a172/64 scope link

root@node3:~# ip address

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

link/ether 52:54:00:52:a1:72 brd ff:ff:ff:ff:ff:ff

inet 10.0.0.7/24 brd 10.0.0.255 scope global ens3

valid_lft forever preferred_lft forever

inet 10.0.0.200/32 scope global ens3

valid_lft forever preferred_lft forever

inet6 fe80::5054:ff:fe52:a172/64 scope link

Test Failover
~ Matikan node yang saat ini menempel VIP
~ Pantau konfigurasi IP di node lainnya dengan perintah

watch -n1 ip address

1	watch -n1 ip address

Sekian.

June 10, 2018November 4, 2018 by ary

Attach Multiple Network Interfaces to Instance OpenStack

Dalam beberapa kasus kalian mungkin membutuhkan 2 Internal Network dalam satu Instance, dan itu memang sudah didukung dengan baik oleh OpenStack bahkan saat Instance sudah berjalan kita bisa dapat secara live menambahkan Interface baru 😀

Tapi jika ada lebih dari satu Interface dalam satu Instance, cloud-init/images tidak secara otomatis mengkonfigurasi seluruh Interface. Maka dari itu kita perlu melakukan langkah tambahan agar seluruh Interface dapat berjalan dengan semestinya:

CentOS 7
Cara Ke-1:

sudo ip addr

1: lo: &lt;LOOPBACK,UP,LOWER_UP&gt; mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:d4:31:b5 brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.10/24 brd 10.99.99.255 scope global dynamic eth0
       valid_lft 60138sec preferred_lft 60138sec
    inet6 fe80::f816:3eff:fed4:31b5/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: &lt;BROADCAST,MULTICAST&gt; mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether fa:16:3e:f2:65:4a brd ff:ff:ff:ff:ff:ff

sudo ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

link/ether fa:16:3e:d4:31:b5 brd ff:ff:ff:ff:ff:ff

inet 10.10.10.10/24 brd 10.99.99.255 scope global dynamic eth0

valid_lft 60138sec preferred_lft 60138sec

inet6 fe80::f816:3eff:fed4:31b5/64 scope link

valid_lft forever preferred_lft forever

3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000

link/ether fa:16:3e:f2:65:4a brd ff:ff:ff:ff:ff:ff

Buat berkas Konfigurasi eth1

sudo cp -v /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth1

1	sudo cp -v /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth1

Sesuaikan Device dan HWADDR

sudo vi /etc/sysconfig/network-scripts/ifcfg-eth1

BOOTPROTO=dhcp
DEVICE=eth1
HWADDR=fa:16:3e:f2:65:4a
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
DEFROUTE=no

sudo vi /etc/sysconfig/network-scripts/ifcfg-eth1

BOOTPROTO=dhcp

DEVICE=eth1

HWADDR=fa:16:3e:f2:65:4a

ONBOOT=yes

TYPE=Ethernet

USERCTL=no

DEFROUTE=no

Bring up eth1

sudo ifup eth1

1	sudo ifup eth1

Verifikasi

sudo ip addr
1: lo: &lt;LOOPBACK,UP,LOWER_UP&gt; mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:d4:31:b5 brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.10/24 brd 10.99.99.255 scope global dynamic eth0
       valid_lft 60138sec preferred_lft 60138sec
    inet6 fe80::f816:3eff:fed4:31b5/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:f2:65:4a brd ff:ff:ff:ff:ff:ff
    inet 10.11.11.10/24 brd 10.199.199.255 scope global dynamic eth1
       valid_lft 85976sec preferred_lft 85976sec
    inet6 fe80::f816:3eff:fef2:654a/64 scope link 
       valid_lft forever preferred_lft forever

sudo ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

link/ether fa:16:3e:d4:31:b5 brd ff:ff:ff:ff:ff:ff

inet 10.10.10.10/24 brd 10.99.99.255 scope global dynamic eth0

valid_lft 60138sec preferred_lft 60138sec

inet6 fe80::f816:3eff:fed4:31b5/64 scope link

valid_lft forever preferred_lft forever

3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

link/ether fa:16:3e:f2:65:4a brd ff:ff:ff:ff:ff:ff

inet 10.11.11.10/24 brd 10.199.199.255 scope global dynamic eth1

valid_lft 85976sec preferred_lft 85976sec

inet6 fe80::f816:3eff:fef2:654a/64 scope link

valid_lft forever preferred_lft forever

Cara Ke-2:
Dengan menambahkan Configuration > Customisation Script berikut pada saat membuat Instance baru dengan Multiple Interface:

#!/bin/bash
sudo -i
echo "dhclient" >> /etc/rc.local
chmod +x /etc/rc.local
/etc/rc.local

#!/bin/bash

sudo -i

echo "dhclient" >> /etc/rc.local

chmod +x /etc/rc.local

/etc/rc.local

Ubuntu 16.04

vim K99multinic.sh

1	vim K99multinic.sh

#!/bin/bash
hname=$(hostname)
cat /etc/hosts | grep $hname >> /dev/null
if [ $? -ne 0 ];then
 sudo bash -c "echo '127.0.0.1 $hname' >> /etc/hosts"
fi
netfile=$(find /etc/network/interfaces.d -name "*.cfg")
for interface in $(ls -1 /sys/class/net | grep ens) ;do
   cat $netfile | grep $interface >> /dev/null
   if [ $? -ne 0 ];then
     sudo bash -c "echo 'auto $interface' >> ${netfile}"
     sudo bash -c "echo 'iface $interface inet dhcp' >> ${netfile}"
     sudo ifup $interface
  fi
done

#!/bin/bash

hname=$(hostname)

cat /etc/hosts | grep $hname >> /dev/null

if [ $? -ne 0 ];then

sudo bash -c "echo '127.0.0.1 $hname' >> /etc/hosts"

netfile=$(find /etc/network/interfaces.d -name "*.cfg")

for interface in $(ls -1 /sys/class/net | grep ens) ;do

cat $netfile | grep $interface >> /dev/null

if [ $? -ne 0 ];then

sudo bash -c "echo 'auto $interface' >> ${netfile}"

sudo bash -c "echo 'iface $interface inet dhcp' >> ${netfile}"

sudo ifup $interface

done

Ubah permission dan Eksekusi skrip

chmod +x K99multinic.sh
./K99multinic.sh

1 2	chmod +x K99multinic.sh ./K99multinic.sh

Ubah kepemilikan lalu simpan ke /etc/rc0.d/ agar skrip dieksekusi saat reboot

sudo chown root:root K99multinic.sh
sudo mv K99multinic.sh /etc/rc0.d/

1 2	sudo chown root:root K99multinic.sh sudo mv K99multinic.sh /etc/rc0.d/

Ujicoba reboot Instance

sudo reboot

1	sudo reboot

Sekian dan Selamat Liburan. 🙂

Refrensi: https://support.metacloud.com/hc/en-us/articles/115002332667-Configuring-a-VM-to-work-with-multiple-network-interfaces
https://leadwithoutatitle.wordpress.com/2017/07/06/how-to-create-a-multi-nic-ubuntu-cloud-image/

ROAR

cuma situs Blog biasa. Berisikan catatan hasil oprekan dan cerita perjalanan pribadi.

Mengamankan SSH dengan Google Authenticator – openSUSE Leap 15

Monitoring OpenStack Instances with Service Discovery Prometheus + Grafana

Enable Soft Delete to Recover Deleted Instances OpenStack

Failover using VRRP Keepalived

Attach Multiple Network Interfaces to Instance OpenStack