Upgrade to Oracle JDK 10 on CentOS/RHEL

With the release of Java 10 only a few days ago, it seems only prudent to update to Java 10 on suitable systems since the support for Java 9 official ends with the release of Java 10. (Note that Java 8 still enjoys long-time support, so it might be the best choice to stick with that on systems which are difficult to change)

Go to the official download site and indicate you agree to their terms.
Copy the link for jdk-10_linux-x64_bin.rpm
Log into your CentOS machine
Download the RPM file using the following command (Don’t forget to provide the link you have copied)


wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" [paste copied link here]

Install the JDK


sudo yum localinstall jdk-*_linux-x64_bin.rpm

Set the default Java version to 10 using alternatives


sudo alternatives --config java

Lastly, make sure you are running the correct version of Java:


java -version

Configuring an initd Service for node_exporter

I recently wrote an article showing how to configure Prometheus and Grafana for easy metrics collection. In that article, I assumed that the system which should be monitored would use the systemd approach for defining services.

I now had to set up the node_exporter utility on a system which uses the initd approach. Thus, I provide some simple instructions here on how to accomplish that.

Go to the directory /opt
Download the latest version of the node_exporter executable suitable for your system.


wget https://github.com/prometheus/node_exporter/releases/download/v0.15.2/node_exporter-0.15.2.linux-amd64.tar.gz

Extract the archive


tar xvfz node_exporter-*.tar.gz

Create a link


ln -s node_exporter-* node_exporter

Create the file /opt/node_exporter/node_exporter.sh and add the following content:


#!/bin/sh

/opt/node_exporter/node_exporter --no-collector.diskstats

Create the file /etc/init.d/node_exporter and add the following content (based on this sample init.d script):


#!/bin/sh
### BEGIN INIT INFO
# Provides: node_exporter
# Required-Start: $local_fs $network $named $time $syslog
# Required-Stop: $local_fs $network $named $time $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Description:
### END INIT INFO

SCRIPT=/opt/node_exporter/node_exporter.sh
RUNAS=root

PIDFILE=/var/run/node_exporter.pid
LOGFILE=/var/log/node_exporter.log

start() {
if [ -f "$PIDFILE" ] && kill -0 $(cat "$PIDFILE"); then
echo 'Service already running' >&2
return 1
fi
echo 'Starting service…' >&2
local CMD="$SCRIPT &> \"$LOGFILE\" && echo \$! > $PIDFILE"
su -c "$CMD" $RUNAS > "$LOGFILE"
echo 'Service started' >&2
}

stop() {
if [ ! -f "$PIDFILE" ] || ! kill -0 $(cat "$PIDFILE"); then
echo 'Service not running' >&2
return 1
fi
echo 'Stopping service' >&2
kill -15 $(cat "$PIDFILE") && rm -f "$PIDFILE"
echo 'Service stopped' >&2
}

uninstall() {
echo -n "Are you really sure you want to uninstall this service? That cannot be undone. [yes|No] "
local SURE
read SURE
if [ "$SURE" = "yes" ]; then
stop
rm -f "$PIDFILE"
echo "Notice: log file is not be removed: '$LOGFILE'" >&2
update-rc.d -f  remove
rm -fv "$0"
fi
}

case "$1" in
start)
start
;;
stop)
stop
;;
uninstall)
uninstall
;;
retart)
stop
start
;;
*)
echo "Usage: $0 {start|stop|restart|uninstall}"
esac

Note 1: This sample script runs the script as user root. For production environments, it is highly recommended to configure another user (such as ‘prometheus’) which runs the script.

Note 2: Also check out this init.d script made specifically for node_exporter: node.exporter.default by eloo.

Make both files executable


chmod +x /etc/init.d/node_exporter

chmod +x <em>/opt/node_exporter/node_exporter.sh</em>

Test the script


/etc/init.d/node_exporter start

/etc/init.d/node_exporter stop

Enable start with chkconfig


chkconfig --add node_exporter

All done! Now you can configure your Prometheus server to grab the metrics from the node_exporter instance.

Easy VPS Backup

I love VPS providers such as RamNode or ServerCheap which provide excellent performance at a low price point. Unfortunately, when going with most VPS providers, there are no easy built-in facilities for backing up and restoring the data of your servers (such as with AWS EC2 snapshots). Thankfully, there is some powerful, easy to use and open source software available to take care of the backups for us!

In this article, I am going to show how to easily do a backup of your VPS using restic. Another tool you might want to look at is Duplicity, which provides a higher level of security but which is also more difficult to use. (And there are a many, many other alternatives available as well.)

You will need to have access to two servers to follow the following. One server which should be backed up (in the following referred to as Backup Client) and one server which will host your backups (in the following referred to as Backup Server).

Installing Restic (on Backup Client)

Get the URL to the binary for you system from the latest restic release.
Log into the Backup Client
Download the binary using wget


wget https://github.com/restic/restic/releases/download/v0.8.1/restic_0.8.1_linux_amd64.bz2

Unzip the binary


bzip2 -dk restic_0.8.1_linux_amd64.bz2

Move restic to /opt


sudo mv restic_0.8.1_linux_amd64 /opt/restic

Make restic executable


chmod +x /opt/restic

Establishing SSH Connection

On the Backup Client generate an SSH private and public key (Confirm location `/root/.ssh/id_rsa` and provide no passphrase)

sudo su - root
ssh-keygen -t rsa -b 4096

Get the public key


cat /root/.ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDG3en ...

On the Backup Server, create a new user called backup
Copy the public key from the Backup Client to the Backup Server so that Backup Client is authorised to access it via SSH. Just copy the output from above and paste it at the end of the authorized_keys file


sudo vi /home/backup/.ssh/authorized_keys

On the Backup Client, test the connection to the Backup Server.


sudo ssh backup@...

Perform Backup (on Backup Client)

Initialise a new repository


/opt/restic -r sftp:backup@[backup-server]:/home/backup/[backup client host name] init

Backup the full hard disk (this may take a while!)


/opt/restic --exclude={/dev,/media,/mnt,/proc,/run,/sys,/tmp,/var/tmp} -r sftp:backup@[backup-server]:/home/backup/[backup client host name] backup /

Schedule Regular Backups (Backup Client)

On the Backup Client, create the file /root/restic_password. Paste your password into this file.
Create the script file /root/restic.sh (replace with the details of your servers)


#/bin/bash

/opt/restic -r sftp:backup@[backup-server]:/home/backup/[backup client host name] --password-file=/root/restic_password --exclude={/dev,/media,/mnt,/proc,/run,/sys,/tmp,/var/tmp} backup /
/opt/restic -r sftp:backup@[backup-server]:/home/backup/[backup client host name] --password-file=/root/restic_password forget --keep-daily 7 --keep-weekly 5 --keep-monthly 12 --keep-yearly 75
/opt/restic -r sftp:backup@[backup-server]:/home/backup/[backup client host name] --password-file=/root/restic_password prune
/opt/restic -r sftp:backup@[backup-server]:/home/backup/[backup client host name] --password-file=/root/restic_password check

Make script executable


chmod +x /root/restic.sh

Trail run this script: /root/restic.sh
If everything worked fine, schedule to run this script daily (e.g. with sudo crontab -e) or at whichever schedule you prefer (Note that the script might take 10 min or more to execute, so it is probably not advisable to run this very frequently. If you need more frequent updates, just run the first line of the script ‘backup’ which is faster than the following maintenance operations).


0 22 * * * /root/restic.sh

That’s it! All important files from your server will now be backed up regularly.

Setting up Prometheus and Grafana for CentOS / RHEL 7 Monitoring

As mentioned in my previous post, I have long been looking for a centralised solution for collecting logs and monitoring metrics. I think my search was unsuccessful since I was looking for too many things in one solution. Instead I found now two separate solutions, one for log management (using Graylog) and one for metrics (using Prometheus and Grafana). I deployed both of these on very inexpensive VPS machines and so far I am very happy with them.

In this post, I provide some pointers how to set up the metrics solution based on Prometheus and Grafana. I assume you are using a RHEL / CentOS system as the server hosing Prometheus and Grafana and you are interested in the OS metrics for a CentOS system. This tutorial will guide you through setting up the Prometheus server, collecting metrics for it using node_exporter and finally how to create dashboards and alerts using Grafana for the collected metrics.

Installing Prometheus Server

Follow the excellent instructions here with the following modifications.
- Make sure to download the latest version of Prometheus (the link can be obtained on the Prometheus download page, this guide works with version 2.1.0)
- For the systemd service, use the following file:


[Unit]
Description=Prometheus Server
Documentation=https://prometheus.io/docs/introduction/overview/
After=network-online.target
[Service]
User=root
Restart=on-failure
ExecStart=/opt/prometheus/prometheus --config.file=/opt/prometheus/prometheus.yml
[Install]
WantedBy=multi-user.target

Note: This configuration will run the Prometheus server as root. In a production environment, it is highly recommended to run it as another user (e.g. ‘prometheus’)

If you are using a firewall, add the following rule to /etc/sysconfig/iptables and restart service iptables:


-A INPUT -p tcp -m state --state NEW -m tcp --dport 9090 -j ACCEPT

Viewing a Metric

Go to http://yourserver.com:9090
Click on Graph
Enter the expression http_requests_total and click Execute.

You should the data of http requests served by the Prometheus server itself. If you click on the tab graph, you can see the data as a graph.

Installing Node Exporter on the Server to be Monitored

On the Prometheus server, go to the directory /opt
Download the latest version of Node Exporter with wget.
Extract the archive

tar xvfz node_exporter-*.tar.gz

Create link (replace 0.15.2 with the version you have downloaded)


ln -s node_exporter-0.15.2.linux-amd64 node_exporter

Define a service for node_exporter in /etc/systemd/system/node_exporter.service

(or if you are using init.d, please see this article).


[Unit]
Description=Node Exporter

[Service]
User=root
ExecStart=/opt/node_exporter/node_exporter --no-collector.diskstats

[Install]
WantedBy=default.target

Note: This configuration will run the Grafana server as root. In a production environment, it is highly recommended to run it as another user (e.g. ‘prometheus’)

(The –no-collector.diskstats is added above since diskstats often does not work in virtualized environments. If that is not an issue for you, be free to leave this argument out.)

Enable and start service


systemctl daemon-reload
systemctl start node_exporter
systemctl enable node_exporter

Tell Prometheus to scrape these metrics by adding the following to /opt/prometheus/prometheus.yml

 - job_name: "node"
static_configs:
- targets: ['localhost:9100']

Now if you got to yourserver.com:9090/graph you can for instance enter the expression node_memory_MemFree and see the free memory available on the server.

You can also install node_exporter on another server. Simply point the job definition then to this servers address; and of course remember to open port 9100 on the server.

Installing Grafana

The default Prometheus interface is quite basic. Thankfully Grafana offers excellent integration with Prometheus and will result in a much nicer UI.

You can easily install Grafana on your own server or use a free cloud-based instance (limited to one user and five dashboards).

To install Grafana locally:

First follow these instructions.
Graphana by default runs on port 3000, so make sure you add the following firewall rule after you install it:


-A INPUT -p tcp -m state --state NEW -m tcp --dport 3000 -j ACCEPT

In the file /etc/grafana/grafana.ini, provide details for an SMTP connection which can be used for sending emails (section [smtp]).
Also update the host name in the field domain to the address at which your server can be reached on the internet.

Configuring Grafana

Go to yourserver.com:3000
The default login is username ‘admin’ and password ‘admin’. Create a new user with a good password and delete the admin user.
First connect with your Prometheus instance as a data source.
Then go to Dashboards and select import

Import the dashboard Node Exporter Server Metrics by providing the dashboard id 405

Done! You should now be able to see the metrics for your server such as CPU usage or free memory.

If you monitor multiple servers, you can switch between them by clicking next to the text ‘node’.

Additional servers will appear here if you add them to the Prometheus configuration:

- job_name: "node"
 static_configs:
 - targets: ['localhost:9100', 'xxxxx']

Configure Alerting

While Prometheus has some build in alerting facilities, alerting in Grafana is much easier to use. To set up altering for the dashboard you have created:

Go to Alerting / Notification Channels
Click on New Channel
Provide a name for the channel and your email address and click Save.

Next go to the dashboard you have created: Node Exporter Server Metrics
Click on the first panel to select it

Next click on Edit in the menu which is shown above the panel
Go to the Alert tab and click on Create Alert

Configure the following condition(for more details about this, please see this page):

Select the Notification page on the right
In Send to, select the notification channel you have created earlier.
Provide a message such as: CPU usage high.
Save the dashboard (Ctrl+S)

Done! You should now receive notifications if the CPU usage on any of the servers monitored on this dashboard is too high.

Installing Jenkins on Centos 7

I set up a Jenkins server on a brand new Centos 7 VPS. In the following the instructions for doing this in case you are looking at doing the same:

Setting up Jenkins Server

Install OpenJDK Java

sudo yum install java-1.8.0-openjdk

Add Jenkins Repo and install Jenkins

sudo wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo
sudo rpm --import https://jenkins-ci.org/redhat/jenkins-ci.org.key
sudo yum install jenkins

Or for stable version (link did not work for me when I tried it)

sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo
sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key
yum install jenkins

Start Jenkins server

sudo systemctl start jenkins

You should now be able to access Jenkins at yourserver.com:8080 (if not, see troubleshooting steps at the bottom).

If you want to access your server more securely on port 80, you can do so by installing ngnix as outlined in this article in step 4: How to Install Jenkins on CentOS 7.

Connecting to a Git Repo

You will probably want to connect to a git repository next. This is also somewhat dependent on the operating system you use, so I provide the steps to do this on CentOS as well:

Install git

sudo yum install git

Generate an SSH key on the server

ssh-keygen -t rsa

When prompted, save the SSH key under the following path (I got this idea from reading the comments here)

/var/lib/jenkins/.ssh

Assure that the .ssh directory is owned by the Jenkins user:

sudo chown -R jenkins:jenkins /var/lib/jenkins/.ssh

Copy the public generated key to your git server (or add it in the GitHub/BitBucket web interface)
Assure your git server is listed in the known_hosts file. In my case, since I am using BitBucket my /var/lib/jenkins/.ssh/known_hosts file contains something like the following

bitbucket.org,104.192.143.3 ssh-rsa [...]

You can now create a new project and use Git as the SCM. You don’t need to provide any git credentials. Jenkins pulls these automatically form the /var/lib/jenkins/.ssh directory. There are good instructions for this available here.

Connecting to GitHub

In the Jenkins web interface, click on Credentials and then select the Jenkins Global credentials. Add a credential for GitHub which includes your GitHub username and password.
In the Jenkins web interface, click on Manage Jenkins and then on Configure System. Then scroll down to GitHub and then under GitHub servers click the Advanced Button. Then click the button Manage additional GitHub actions.

In the popup select Convert login and password to token and follow the prompts. This will result in a new credential having been created. Save and reload the page.
Now go back to the GitHub servers section and now click to add an additional server. As credential, select the credential which you have just selected.
In the Jenkins web interface, click on New Item and then select GitHub organisation and connect it to your user account.

Any of your GitHub projects will be automatically added to Jenkins, if they contain a Jenkinsfile. Here is an example.

Connect with BitBucket

First, you will need to install the BitBucket plugin.
After it is installed, create a normal git project.
Go to the Configuration for this project and select the following option:

Log into BitBucket and create a webhook in the settings for your project pointing to your Jenkins server as follows: http://youserver.com/bitbucket-hook/ (note the slash at the end)

Testing a Java Project

Chances are high you would like to run tests against a Java project, in the following, some instructions to get that working:

Install maven as described here: How To Install Apache Maven on CentOS/RHEL 7/6 & Fedora
Add Maven installation as described here: Jenkins – Maven Setup

Troubleshooting

If you cannot open the Jenkins web ui, you most likely have a problem with your firewall. Temporarily disable your firewall with: `sudo systemctl stop iptables` and see if it works then.
If it does, you might want to check your rules in `/etc/sysconfig/iptables` and assure that port 8080 is open
Check the log file at:

sudo cat /var/log/jenkins/jenkins.log

Test Latency Between Two Servers (Linux)

Today I was looking for a simple way to test the latency and bandwidth between two Linux servers.

The easiest way, of course, is to just use ping. The ping utility should be available on almost any Linux server and is extremely easy to use. Just login to one of your servers and then execute the following command using the IP address of your second server:

ping x.x.x.x

You can leave this running for a while and when you have seen enough data, just hit Ctrl + C to interrupt the program. This will result in an output such as the following:

PING 168.235.94.7 (168.235.94.7) 56(84) bytes of data.
64 bytes from 168.235.94.7: icmp_seq=1 ttl=64 time=0.180 ms
64 bytes from 168.235.94.7: icmp_seq=2 ttl=64 time=0.150 ms
64 bytes from 168.235.94.7: icmp_seq=3 ttl=64 time=0.148 ms
64 bytes from 168.235.94.7: icmp_seq=4 ttl=64 time=0.150 ms
^C
--- 168.235.94.7 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.148/0.157/0.180/0.013 ms

Important to note here are are the latencies for the individual tests as well as the overall average which are highlighted in bold in the above. This shows us that there is an average latency of 0.157 between the two servers tested.

In order to test the bandwidth and get some more information about latencies, you might also want to install the iperf tool.

Install PHP Application and WordPress Alongside Each Other

Problem

You have a webpage like http://www.example.com and you would like to serve both WordPress and files from a PHP application from the root domain. For instance, opening

http://www.example.com/my-post

will open a post on WordPress and

http://www.example.com/index.php

will open a page in a PHP application.

Solution

Set up your php application in /var/www/html
Install WordPress /usr/share/wordpress
Put the following lines into /usr/share/wordpress/.htacces before # BEGIN WordPress.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond "/var/www/html%{REQUEST_URI}" -f
RewriteRule ^/?(.*)$ /app/$1 [L]

</IfModule>

# BEGIN WordPress
...

Put the following line into /etc/httpd/conf/httpd.conf

Alias /app /var/www/html

Add the following configuration file to /etc/httpd/conf.d/wordpress.conf

Alias /wordpress /usr/share/wordpress
DocumentRoot /usr/share/wordpress

<Directory /usr/share/wordpress/>
 AddDefaultCharset UTF-8

AllowOverride All

Require all granted

</Directory>

Restart httpd and you are all done!

Versioning WordPress with Git and Revisr

WordPress is a powerful platform to just get a simple website up and running. Unfortunately, some things which are considered best practice in software development projects are a bit difficult to realize with WordPress. One of these things is versioning. Thankfully, there is a powerful plug in which enables versioning WordPress using a git repository: Revisr.

As of writing this, one is first greeted by an error message when visiting the Revisr website (something to do with SSL). It is safe to ignore this and to instruct your browser to show this website irrespective of the error message displayed (you won’t be giving any confidential information to this webiste, just browsing around).

In any case, you can download Revisr from WordPress with the following link:

https://wordpress.org/plugins/revisr/

Following the steps for setting it up:

Go to your WordPress Admin console
Install the plugin
Activate it
Reload WordPress Admin console
Click on Revisr on the Sidebar
Instruct it to create a new repository

That’s already it for setting up a local git repo that will enable some versioning. However, you can also use this plugin to backup your site and all versions to a remote git repository, for instance using BitBucket. The instructions for this come as follows (assuming you are using an Apache Web server):

Login to your server using SSH with a user with sudo rights
Execute the following

sudo ssh keygen

Follow the prompts to create the key
Execute the following (where /var/www is the root dir of your Apache server)

sudo cp -r /root/.ssh /var/www

sudo chown -R apache:apache /var/www/.ssh

Create the file /var/www/.ssh/.htaccess and put in the following content (this is just a security measure)

Deny from all

Grab the public key and save it somewhere

sudo cat /var/www/.ssh/id_rsa.pub

Create a new account for BitBucket if you don’t have one already.
Add a public SSH key for your account. Add the SSH key you saved earlier.
Create a new repository. Grab the git SSH link for this repository.
Go back to your WordPress Admin console and select the Revisr plugin from the sidebar
Go to Settings / General. Set your username to git and define an email. Click Save
Go to Settings / Remote. Set Remote URL to the SSH link for the repository you saved earlier. Click Save.

Now you can go back to the main Revisr page and start committing changes and pushing to the remote repository!

Install Latest JDK on Linux Server

Edit: Updated with new script version provided by MaxdSre.

To install the Oracle JDK on a Linus server is often a tricky proposition. For one, the download page requires to confirm a prompt and only unlocks the download link after this prompt has been confirmed (via a cookie, I think). This makes it difficult to download the binary in the first place!

Thankfully, MaxdSre has created the following handy script to download and extract the JDK:

OracleSEJDK.sh

If you run this script, you are presented with a prompt as follows:

Just select the version you require, and the script will download and install the Oracle JDK.

Finally, you might have existing JDK versions installed on your machine which are managed using alternatives. The updated version of the script should already trigger the alternatives command for you to configure which Java version to use.

For reference how to point your ‘java’ command to the new installation manually, please see this article.

Simple MySQL / MariaDB Backup

There are many ways to back up a MySQL or MariaDB server. Some ways include using mysqldump, mydumper, LVM Snapshots or XtraBackup. However, any robust backup solution boils down to one key requirement:

The ability to restore the databases to a point-in-time.

So, for instance, if your server crashes, you would like to be able to restore to the point in time before the server crashed. If data was deleted accidentally or damaged in some other way, you need to restore the data to the point in time before it was deleted or damaged.

If you use AWS RDS this ability is provided out of the box. However, you can meet this requirement much more cost effectively by using a simple VPS (such as Linode or Ramnode) with a simple setup I will describe below.

This setup will perform the following:

Write a log of all transactions and back up this log every 5 minutes to a remote server
Create a full database backup with mysqldump every day and copy this to a remote server

The backup keeps the binary logs for two days and the dumps for two weeks. Thus, any data loss should be limited to 5 minutes and full database backups should allow restoring data from up to two weeks ago.

System Landscape

Database Server: Runs the MariaDB or MySQL instance you want to back up
Backup Server: Used as a remote location to store backups

(any Linux based server will do for these)

Step 1: Enable Binary Logs

On Database Server:

Edit your my.cnf file (e.g. under /etc/my.cnf or /etc/my.cnf.d/server.cnf). Assert the following lines:

log-bin=logs/backup
expire-logs-days=2
server-id=1

Create the folder logs in your MySQL data dir (e.g. /var/lib/mysql)

mkdir /var/lib/mysql/logs

Set owner to user mysql for folder logs

chown mysql:mysql /var/lib/mysql/logs

Restart MySQL server

sudo systemctl restart mysqld

Now a binary logs should be written into the logs folder in your MySQL data dir.

Step 2: Create Script Full Backups with MySQL dump

On Database Server:

Create the folder /var/lib/mysql/dumps
Create the script /usr/local/mysql_dump.sh and copy the contents of mariadb-backup.sh into this script.
Search for the line starting with dumpopts. In this line, provide your mysql username and password.
Make the script executable

sudo chmod +x /usr/local/mysql_dump.sh

Schedule the script to run once every day using cron or systemd

cron

30 3 * * * /usr/local/mysql_dump.sh

systemd

Create /etc/systemd/system/mysql_dump.service

[Unit]
Description=Dumps mysql databases to backup directory

[Service]
Type=oneshot
ExecStart=/usr/local/mysql_dump.sh

Create /etc/systemd/system/mysql_dump.timer

[Unit]
Description=Run MySQL dump once per day

[Timer]
OnCalendar=*-*-* 03:13:00
OnBootSec=60min
Unit=mysql_dump.service

And don’t forget to enable and start the timer:

sudo systemctl enable mysql_dump.timer
sudo systemctl start mysql_dump.timer

Step 3: Write Script to Backup Files to Remote Server

On the Backup Server:

Log into your Backup Server. Create a user mysqlbackup here:

useradd mysqlbackup

Change to mysqlbackup user

sudo su - mysqlbackup

Create directories logs and dumps

mkdir logs
mkdir dumps

On the Database Server:

Copy public key for root user from /root/.ssh/id_rsa.pub
If the public key for root does not exist, run:

sudo ssh-keygen -t rsa

On the Backup Server:

While being logged in as user mysqlbackup, assure the following file exists

~/.ssh/authorized_keys

Into this file, paste the public key for root on Server 1
Assure correct permissions for .ssh folder:

chmod 700 .ssh
chmod 600 .ssh/authorized_keys

On the Database Server:

Test access to the Backup Server (the sudo is important here, since you want to connect as the root user). Replace yourservername.com with the address/IP of Server 2.

sudo ssh mysqlbackup@yourservername.com

If the SSH does not work for some reason, check this guide for more information.
Create the script /usr/local/mysql_backup.sh. Replace yourserver.com with the address/IP of your server.

#!/bin/bash
rsync -avz --delete /var/lib/mysql/logs mysqlbackup@yourserver.com:/home/mysqlbackup
rsync -avz --delete /var/lib/mysql/dumps mysqlbackup@yourserver.com:/home/mysqlbackup

Make the script executable

sudo chmod +x /usr/local/mysql_backup.sh

Use crontab or systemd to schedule the job for execution every 5 minutes:

crontab

Add the following line to the crontab for the user root

*/5 * * * * /usr/local/mysql_backup.sh

systemd

Create the file /etc/systemd/system/mysql_backup.service

[Unit]
Description=Backs up Mysql binary logs and full backups to remote server

[Service]
Type=oneshot
ExecStart=/usr/local/mysql_backup.sh

Create the file /etc/systemd/system/mysql_backup.timer

[Unit]
Description=Run MySQL binlog backup and full backup sync every 5 minutes

[Timer]
OnCalendar=*:0/5
OnBootSec=5min
Unit=mysql_backup.timer

Enable and start the timer

sudo systemctl enable mysql_backup.timer
sudo systemctl start mysql_backup.timer

Menu

Installing Restic (on Backup Client)

Establishing SSH Connection

Perform Backup (on Backup Client)

Schedule Regular Backups (Backup Client)

Installing Prometheus Server

Viewing a Metric

Installing Node Exporter on the Server to be Monitored

Installing Grafana

Configuring Grafana

Configure Alerting

Further Reading

Setting up Jenkins Server

Connecting to a Git Repo

Connecting to GitHub

Connect with BitBucket

Testing a Java Project

Troubleshooting

Problem

Solution

System Landscape

Step 1: Enable Binary Logs

Step 2: Create Script Full Backups with MySQL dump

cron

systemd

Step 3: Write Script to Backup Files to Remote Server

crontab

systemd