Forem: Abubakar Hassan The latest articles on Forem by Abubakar Hassan (@itssadon). https://forem.com/itssadon https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F241462%2Fdfa0157e-18a6-4c7d-b45b-d354bff04b4b.jpeg Forem: Abubakar Hassan https://forem.com/itssadon en How to Prevent Race Conditions in a Node.js System Using Mutexes and RabbitMQ Abubakar Hassan Fri, 20 Dec 2024 21:39:31 +0000 https://forem.com/itssadon/how-to-prevent-race-conditions-in-a-nodejs-system-using-mutexes-and-rabbitmq-3mkn https://forem.com/itssadon/how-to-prevent-race-conditions-in-a-nodejs-system-using-mutexes-and-rabbitmq-3mkn <blockquote> <p>In distributed systems, ensuring data consistency across multiple concurrent processes is critical. When dealing with sensitive operations like account withdrawals, race conditions can result in corrupted data or financial discrepancies. This article explains how to use mutexes (mutual exclusion locks) with RabbitMQ and Node.js to safely handle concurrent operations while maintaining efficient memory management.</p> </blockquote> <h2> The Problem </h2> <p>Imagine a scenario where multiple RabbitMQ workers process withdrawal requests from the same account simultaneously. Without proper synchronization, two workers might read the same initial balance, subtract different amounts, and then update the account, leading to an incorrect balance.</p> <h3> Race condition example: </h3> <ol> <li>Initial balance: $1000</li> <li>Worker A reads the balance: $1000</li> <li>Worker B reads the balance: $1000</li> <li>Worker A subtracts $300 and updates the balance: $700</li> <li>Worker B subtracts $200 and updates the balance: $800 (overwriting Worker A’s update)</li> </ol> <p>Final balance: $800 (should have been $500).</p> <h2> Solution: Using Mutexes </h2> <p>A mutex ensures that only one worker can process operations on a specific account at any time. Here’s how we can implement a mutex-based solution in a RabbitMQ-driven Node.js system.</p> <h2> Step-by-Step Implementation </h2> <ol> <li>Prerequisites</li> </ol> <p>Install the necessary packages:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install </span>async-mutex amqplib </code></pre> </div> <ul> <li>async-mutex: Provides an easy-to-use mutex for asynchronous operations.</li> <li>amqplib: Enables interaction with RabbitMQ.</li> </ul> <ol> <li>Code Implementation</li> </ol> <p>Below is the complete implementation, including robust memory management for mutex cleanup.</p> <p>a. Mutex Management</p> <p>We use a Map to maintain mutexes per account. Mutexes are created on demand and removed when they are no longer needed.</p> <p>b. Memory Optimization</p> <p>To avoid memory bloat, we implement:</p> <ol> <li>Idle Timeouts: Automatically remove mutexes for inactive accounts after 5 minutes.</li> <li>Periodic Cleanup: A background process ensures stale mutexes are removed every 1 minute.</li> </ol> <p>c. Full Implementation<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="p">{</span> <span class="nx">Mutex</span> <span class="p">}</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">async-mutex</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">amqp</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">amqplib</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Mutex for account operations with automatic cleanup</span> <span class="kd">const</span> <span class="nx">accountMutexes</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Map</span><span class="p">();</span> <span class="c1">// Store one mutex per account</span> <span class="kd">const</span> <span class="nx">accountTimeouts</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Map</span><span class="p">();</span> <span class="c1">// Store timeout references for cleanup</span> <span class="kd">const</span> <span class="nx">CLEANUP_INTERVAL_MS</span> <span class="o">=</span> <span class="mi">60000</span><span class="p">;</span> <span class="c1">// 1-minute cleanup interval</span> <span class="kd">const</span> <span class="nx">IDLE_TIMEOUT_MS</span> <span class="o">=</span> <span class="mi">300000</span><span class="p">;</span> <span class="c1">// 5-minute idle timeout per account</span> <span class="c1">// Function to get or create a mutex for a specific account</span> <span class="kd">function</span> <span class="nf">getAccountMutex</span><span class="p">(</span><span class="nx">accountId</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">accountMutexes</span><span class="p">.</span><span class="nf">has</span><span class="p">(</span><span class="nx">accountId</span><span class="p">))</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">mutex</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Mutex</span><span class="p">();</span> <span class="nx">accountMutexes</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">accountId</span><span class="p">,</span> <span class="nx">mutex</span><span class="p">);</span> <span class="nf">resetAccountTimeout</span><span class="p">(</span><span class="nx">accountId</span><span class="p">);</span> <span class="c1">// Start idle timeout cleanup</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">accountMutexes</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">accountId</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Function to reset idle timeout for an account</span> <span class="kd">function</span> <span class="nf">resetAccountTimeout</span><span class="p">(</span><span class="nx">accountId</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">accountTimeouts</span><span class="p">.</span><span class="nf">has</span><span class="p">(</span><span class="nx">accountId</span><span class="p">))</span> <span class="p">{</span> <span class="nf">clearTimeout</span><span class="p">(</span><span class="nx">accountTimeouts</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">accountId</span><span class="p">));</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">timeout</span> <span class="o">=</span> <span class="nf">setTimeout</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">accountMutexes</span><span class="p">.</span><span class="k">delete</span><span class="p">(</span><span class="nx">accountId</span><span class="p">);</span> <span class="nx">accountTimeouts</span><span class="p">.</span><span class="k">delete</span><span class="p">(</span><span class="nx">accountId</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Mutex for account </span><span class="p">${</span><span class="nx">accountId</span><span class="p">}</span><span class="s2"> removed due to inactivity.`</span><span class="p">);</span> <span class="p">},</span> <span class="nx">IDLE_TIMEOUT_MS</span><span class="p">);</span> <span class="nx">accountTimeouts</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">accountId</span><span class="p">,</span> <span class="nx">timeout</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Periodic cleanup process</span> <span class="kd">function</span> <span class="nf">startPeriodicCleanup</span><span class="p">()</span> <span class="p">{</span> <span class="nf">setInterval</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">accountTimeouts</span><span class="p">.</span><span class="nf">forEach</span><span class="p">((</span><span class="nx">_</span><span class="p">,</span> <span class="nx">accountId</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">accountMutexes</span><span class="p">.</span><span class="nf">has</span><span class="p">(</span><span class="nx">accountId</span><span class="p">))</span> <span class="p">{</span> <span class="nx">accountTimeouts</span><span class="p">.</span><span class="k">delete</span><span class="p">(</span><span class="nx">accountId</span><span class="p">);</span> <span class="p">}</span> <span class="p">});</span> <span class="p">},</span> <span class="nx">CLEANUP_INTERVAL_MS</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Periodic cleanup started: checking every </span><span class="p">${</span><span class="nx">CLEANUP_INTERVAL_MS</span> <span class="o">/</span> <span class="mi">1000</span><span class="p">}</span><span class="s2"> seconds.`</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Simulated database of accounts</span> <span class="kd">const</span> <span class="nx">accounts</span> <span class="o">=</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">123</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="na">balance</span><span class="p">:</span> <span class="mi">1000</span> <span class="p">},</span> <span class="dl">"</span><span class="s2">456</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="na">balance</span><span class="p">:</span> <span class="mi">2000</span> <span class="p">},</span> <span class="p">};</span> <span class="c1">// Process withdrawal</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">processWithdrawal</span><span class="p">(</span><span class="nx">accountId</span><span class="p">,</span> <span class="nx">amount</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">mutex</span> <span class="o">=</span> <span class="nf">getAccountMutex</span><span class="p">(</span><span class="nx">accountId</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">release</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">mutex</span><span class="p">.</span><span class="nf">acquire</span><span class="p">();</span> <span class="k">try</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Processing withdrawal for account </span><span class="p">${</span><span class="nx">accountId</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">account</span> <span class="o">=</span> <span class="nx">accounts</span><span class="p">[</span><span class="nx">accountId</span><span class="p">];</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">account</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Account not found</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">account</span><span class="p">.</span><span class="nx">balance</span> <span class="o">&lt;</span> <span class="nx">amount</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Insufficient funds</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="nx">account</span><span class="p">.</span><span class="nx">balance</span> <span class="o">-=</span> <span class="nx">amount</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Withdrawal successful! New balance for account </span><span class="p">${</span><span class="nx">accountId</span><span class="p">}</span><span class="s2">: </span><span class="p">${</span><span class="nx">account</span><span class="p">.</span><span class="nx">balance</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="s2">`Error processing withdrawal for account </span><span class="p">${</span><span class="nx">accountId</span><span class="p">}</span><span class="s2">:`</span><span class="p">,</span> <span class="nx">error</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="p">}</span> <span class="k">finally</span> <span class="p">{</span> <span class="nf">release</span><span class="p">();</span> <span class="nf">resetAccountTimeout</span><span class="p">(</span><span class="nx">accountId</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// RabbitMQ message handler</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">handleMessage</span><span class="p">(</span><span class="nx">message</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">accountId</span><span class="p">,</span> <span class="nx">amount</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">message</span><span class="p">.</span><span class="nx">content</span><span class="p">.</span><span class="nf">toString</span><span class="p">());</span> <span class="k">await</span> <span class="nf">processWithdrawal</span><span class="p">(</span><span class="nx">accountId</span><span class="p">,</span> <span class="nx">amount</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Connect to RabbitMQ and consume messages</span> <span class="p">(</span><span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">connection</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">amqp</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="dl">'</span><span class="s1">amqp://localhost</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">channel</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">connection</span><span class="p">.</span><span class="nf">createChannel</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">queueName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">withdrawals</span><span class="dl">'</span><span class="p">;</span> <span class="k">await</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">assertQueue</span><span class="p">(</span><span class="nx">queueName</span><span class="p">,</span> <span class="p">{</span> <span class="na">durable</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Waiting for messages in queue: </span><span class="p">${</span><span class="nx">queueName</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">consume</span><span class="p">(</span><span class="nx">queueName</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">msg</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">msg</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">handleMessage</span><span class="p">(</span><span class="nx">msg</span><span class="p">);</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">ack</span><span class="p">(</span><span class="nx">msg</span><span class="p">);</span> <span class="c1">// Acknowledge message after processing</span> <span class="p">}</span> <span class="p">});</span> <span class="nf">startPeriodicCleanup</span><span class="p">();</span> <span class="c1">// Start periodic cleanup</span> <span class="p">})();</span> </code></pre> </div> <h2> How It Works </h2> <ol> <li>Account-Specific Mutex: <ul> <li>Each account has its own mutex (accountMutexes), allowing safe concurrency for different accounts.</li> <li>Mutexes are dynamically created when accessed for the first time.</li> </ul> </li> <li>Critical Section: <ul> <li>The processWithdrawal function locks the mutex to ensure that only one worker can modify the account’s balance.</li> </ul> </li> <li>Memory Management: <ul> <li>Idle Timeout: Removes mutexes after 5 minutes of inactivity.</li> <li>Periodic Cleanup: A background process runs every minute to clean up stale or unreferenced mutexes.</li> </ul> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvvi4fe94a7kgbpo2nti0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvvi4fe94a7kgbpo2nti0.png" alt="Image description" width="800" height="255"></a></p> <h2> Advantages </h2> <ol> <li>Race Condition Prevention: <ul> <li>Ensures that only one worker processes withdrawals for a given account at a time.</li> </ul> </li> <li>Efficient Memory Management: <ul> <li>Automatically removes mutexes for inactive accounts, preventing memory bloat.</li> </ul> </li> <li>High Throughput: <ul> <li>Concurrent processing of different accounts is unaffected, maintaining system scalability.</li> </ul> </li> <li>Robust Error Handling: <ul> <li>Proper handling of account errors and lock release in the finally block ensures the system stays consistent.</li> </ul> </li> </ol> <h2> Sample Output </h2> <h3> Input Queue Messages: </h3> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"accountId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"123"</span><span class="p">,</span><span class="w"> </span><span class="nl">"amount"</span><span class="p">:</span><span class="w"> </span><span class="mi">100</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"accountId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"456"</span><span class="p">,</span><span class="w"> </span><span class="nl">"amount"</span><span class="p">:</span><span class="w"> </span><span class="mi">200</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"accountId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"123"</span><span class="p">,</span><span class="w"> </span><span class="nl">"amount"</span><span class="p">:</span><span class="w"> </span><span class="mi">300</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Console Output: </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Waiting for messages in queue: withdrawals Periodic cleanup started: checking every 60 seconds. Processing withdrawal for account 123 Withdrawal successful! New balance for account 123: 900 Processing withdrawal for account 456 Withdrawal successful! New balance for account 456: 1800 Processing withdrawal for account 123 Withdrawal successful! New balance for account 123: 600 Mutex for account 123 removed due to inactivity. Mutex for account 456 removed due to inactivity. </code></pre> </div> <h2> Conclusion </h2> <p>By combining mutexes with RabbitMQ, you can safely handle concurrent operations in Node.js systems.</p> <p>Adding idle timeouts and periodic cleanup ensures efficient memory management, making this solution scalable and robust for real-world use cases.</p> node eventdriven tutorial architecture How to end a telnet session (Linux, MAC, Windows) Abubakar Hassan Tue, 13 Dec 2022 16:33:17 +0000 https://forem.com/itssadon/how-to-end-a-telnet-session-linux-mac-windows-hbb https://forem.com/itssadon/how-to-end-a-telnet-session-linux-mac-windows-hbb <p>Hello there 👋</p> <p>Like me, you have started a telnet connection through the terminal and have no idea how to close it 🤣</p> <p>If you currently don't have an active telnet connection, you can start one on the terminal by typing:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>$ telnet address port </code></pre> </div> <blockquote> <p>To end your current telnet session you must reach the telnet prompt and type quit.</p> </blockquote> <p>Here are the steps for doing so:</p> <ol> <li>Open the telnet prompt by holding down the 'Ctrl' key and push the ']' key. (prompt: telnet&gt;)</li> <li>Type <code>quit</code>.</li> <li>Push the <code>Enter</code> key.</li> </ol> <p>I hope this helped.</p> <p><em>You're welcome</em> 💪</p> beginners linux devops tutorial How to build a minimal production-ready infrastructure with Terraform on DigitalOcean Abubakar Hassan Sun, 11 Dec 2022 23:21:32 +0000 https://forem.com/itssadon/how-to-build-a-minimal-production-ready-infrastructure-with-terraform-on-digitalocean-3id6 https://forem.com/itssadon/how-to-build-a-minimal-production-ready-infrastructure-with-terraform-on-digitalocean-3id6 <p>This how-to will help you deploy a production-ready infrastructure on Digital Ocean using Terraform.</p> <h2> Pre-requisites </h2> <ol> <li>Install <a href="https://www.terraform.io/downloads.html" rel="noopener noreferrer">Terraform</a> </li> <li>Create a <a href="https://m.do.co/c/72deb6aa82de" rel="noopener noreferrer">Digital Ocean</a> account if you don't already have one (Use this link to get $100 credit)</li> <li>Generate a Personal Access Token for your Digital Ocean account to access the DigitalOcean API. Go to <code>API =&gt; Tokens/Keys =&gt; Generate New Token</code>. Save the <code>string</code> generated.</li> <li>Create a domain for your project. Go to <code>Networking =&gt; Domains =&gt; Add domain</code> </li> </ol> <h2> Initial setup terraform files </h2> <ul> <li>Open your terminal and create a new project directory, and open with you code editor. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>$ mkdir minimal-prod` $ cd minimal-prod` $ code . </code></pre> </div> <ul> <li>Create the following terraform files: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>$ touch versions.tf $ touch main.tf $ touch variables.tf </code></pre> </div> <ul> <li>In <code>versions.tf</code>, specify the Digital Ocean terraform provider as follows: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>terraform { required_providers { digitalocean = { source = "digitalocean/digitalocean" version = "2.25.2" } } } </code></pre> </div> <ul> <li>In <code>main.tf</code>, add the token required by the provider like this: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>provider "digitalocean" { token = var.do_token } </code></pre> </div> <ul> <li>In <code>variables.tf</code>, create a new variable called <code>do_token</code>. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>variable "do_token" { type = string description = "Digital Ocean personal access token" default = "&lt;token_string&gt;" } </code></pre> </div> <blockquote> <p>If you wish to commit <code>variables.tf</code> to your version control system, you might want to use a different file for more sensitive information, such as your Digital Ocean's personal access token. Create a new file <code>terraform.tfvars</code> and save the following to it:<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>do_token = "&lt;digital_ocean_token&gt;" </code></pre> </div> <blockquote> <p>Replace <code>&lt;digital_ocean_token&gt;</code> with the actual value generated.<br> ⚠️ Make sure *.tfvars is in your .gitignore file.</p> </blockquote> <ul> <li>Now prepare your working directory for other commands by running the following command: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>$ terraform init </code></pre> </div> <h2> Architecture Diagram </h2> <p>Below is a diagram representing the architecture that will be produced by executing the Terraform files at the end of this tutorial.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> | https | v +--------------------+ | Load Balancer | +--------------------------------------------------+ | | | | | +--------------------+ | | | | | | | | http +---------+ | | | | | | | | | | | | +-------SSH------| Bastion |&lt;---SSH--- | | | | | | | | | | | | +---------+ | | +----------+---------+ | | | | | | | v v v | | +-------+ +-------+ +-------+ | | | web | | web | | web | | | +---+---+ +---+---+ +---+---+ | | | | | | | | v | | | | +----------+ | | | | | | | | | +----&gt;| database |&lt;---+ | | | | | | +----------+ | +--------------------------------------------------+ </code></pre> </div> <h3> Virtual Private Cloud (VPC) setup </h3> <ul> <li>Create a file <code>network.tf</code> and add the following to build the VPC </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>resource "digitalocean_vpc" "web" { name = "${var.name}-vpc" region = var.region ip_range = var.ip_range } </code></pre> </div> <ul> <li>Add new variables to <code>variables.tf</code> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>... variable "name" { type = string description = "Infrastructure project name" default = "minimal-prod" } variable "region" { type = string default = "ams2" } variable "ip_range" { type = string description = "IP range for VPC" default = "192.168.22.0/24" } </code></pre> </div> <ul> <li>Run the command below to see the execution plan so far </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>$ terraform plan </code></pre> </div> <h3> Web Servers setup </h3> <ul> <li>Add a few more variables to <code>variables.tf</code> to be used in the future </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>... variable "droplet_count" { type = number default = 1 } variable "image" { type = string description = "OS to install on the servers" default = "ubuntu-20-04-x64" } variable "droplet_size" { type = string default = "s-1vcpu-1gb" } variable "ssh_key" { type = string } variable "subdomain" { type = string } variable "domain_name" { type = string } </code></pre> </div> <ul> <li>Create a new file <code>data.tf</code> and add a data resource for our ssh key which will be pulled from Digital Ocean directly: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>data "digitalocean_ssh_key" "main" { name = var.ssh_key } </code></pre> </div> <ul> <li>Create a file <code>servers.tf</code> hold all the resources we'll be creating for our web servers as follows: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>resource "digitalocean_droplet" "web" { count = var.droplet_count image = var.image name = "web-${var.name}-${var.region}-${count.index + 1}" region = var.region size = var.droplet_size ssh_keys = [data.digitalocean_ssh_key.main.id] vpc_uuid = digitalocean_vpc.web.id tags = ["${var.name}-webserver"] user_data = &lt;&lt;EOF #cloud-config packages: - nginx - postgresql - postgresql-contrib runcmd: - [ sh, -xc, "echo '&lt;h1&gt;web-${var.region}-${count.index + 1}&lt;/h1&gt;' &gt;&gt; /var/www/html/index.html"] EOF lifecycle { create_before_destroy = true } } </code></pre> </div> <ul> <li>Update <code>terraform.tfvars</code> with the following variables for our environment: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>... region = "ams3" droplet_count = 3 ssh_key = "&lt;ssh_key_name_on_digitalocean&gt;" domain_name = "&lt;domain_added_on_digitalocean&gt;" subdomain = "app" </code></pre> </div> <ul> <li>Add a value for the domain you want to use in <code>data.tf</code> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>... data "digitalocean_domain" "web" { name = var.domain_name } </code></pre> </div> <ul> <li>Create a lets encrypt certificate to be used by the load balancer. Add the following to the <code>servers.tf</code> file </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>resource "digitalocean_certificate" "web" { name = "${var.name}-certificate" type = "lets_encrypt" domains = ["${var.subdomain}.${data.digitalocean_domain.web.name}"] lifecycle { create_before_destroy = true } } </code></pre> </div> <blockquote> <p>You can use the Digital Ocean terraform provider to provide your own certificate if you want to.</p> </blockquote> <ul> <li>Next, we create our load balancer with the correct forwarding rules and the firewall setup in <code>servers.tf</code>. This is to block all inbound traffic directly to the web servers from the internet. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>... resource "digitalocean_loadbalancer" "web" { name = "web-${var.region}" region = var.region droplet_ids = digitalocean_droplet.web.*.id vpc_uuid = digitalocean_vpc.web.id redirect_http_to_https = true forwarding_rule { entry_port = 443 entry_protocol = "https" target_port = 80 target_protocol = "http" certificate_name = digitalocean_certificate.web.name } forwarding_rule { entry_port = 80 entry_protocol = "http" target_port = 80 target_protocol = "http" certificate_name = digitalocean_certificate.web.name } lifecycle { create_before_destroy = true } } resource "digitalocean_firewall" "web" { name = "${var.name}-only-vpc-traffic" droplet_ids = digitalocean_droplet.web.*.id inbound_rule { protocol = "tcp" port_range = "1-65535" source_addresses = [digitalocean_vpc.web.ip_range] } inbound_rule { protocol = "udp" port_range = "1-65535" source_addresses = [digitalocean_vpc.web.ip_range] } inbound_rule { protocol = "icmp" source_addresses = [digitalocean_vpc.web.ip_range] } outbound_rule { protocol = "tcp" port_range = "1-65535" destination_addresses = [digitalocean_vpc.web.ip_range] } outbound_rule { protocol = "udp" port_range = "1-65535" destination_addresses = [digitalocean_vpc.web.ip_range] } outbound_rule { protocol = "icmp" destination_addresses = [digitalocean_vpc.web.ip_range] } outbound_rule { protocol = "udp" port_range = "53" destination_addresses = ["0.0.0.0/0", "::/0"] } outbound_rule { protocol = "tcp" port_range = "80" destination_addresses = ["0.0.0.0/0", "::/0"] } outbound_rule { protocol = "tcp" port_range = "443" destination_addresses = ["0.0.0.0/0", "::/0"] } outbound_rule { protocol = "icmp" destination_addresses = ["0.0.0.0/0", "::/0"] } } </code></pre> </div> <ul> <li>Next, we create the record for the subdomain </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>... resource "digitalocean_record" "web" { domain = data.digitalocean_domain.web.name type = "A" name = var.subdomain value = digitalocean_loadbalancer.web.ip ttl = 30 } </code></pre> </div> <h3> Database resource </h3> <ul> <li>Next, we add a few more variables to be used to setup our database in <code>variables.tf</code> as follows: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>... variable "db_count" { type = number default = 1 } variable "database_size" { type = string default = "db-s-1vcpu-1gb" } </code></pre> </div> <ul> <li>Next, create <code>database.tf</code> to build the database. For this example we will be creating a Postgres database. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>resource "digitalocean_database_cluster" "postgres-cluster" { name = "${var.name}-database-cluster" engine = "pg" version = "11" size = var.database_size region = var.region node_count = var.db_count private_network_uuid = digitalocean_vpc.web.id } resource "digitalocean_database_firewall" "postgress-cluster-firewall" { cluster_id = digitalocean_database_cluster.postgres-cluster.id rule { type = "tag" value = "${var.name}-webserver" } } </code></pre> </div> <h3> Jump server (Bastion) for accessing our infrastructure </h3> <ul> <li>Next, we need to create a jump server (Bastion) to access our infrastructure. Create a <code>bastion.tf</code> with the following: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>resource "digitalocean_droplet" "bastion" { image = var.image name = "bastion-${var.name}-${var.region}" region = var.region size = "s-1vcpu-1gb" ssh_keys = [data.digitalocean_ssh_key.main.id] vpc_uuid = digitalocean_vpc.web.id tags = ["${var.name}-webserver"] lifecycle { create_before_destroy = true } } resource "digitalocean_record" "bastion" { domain = data.digitalocean_domain.web.name type = "A" name = "bastion-${var.name}-${var.region}" value = digitalocean_droplet.bastion.ipv4_address ttl = 300 } resource "digitalocean_firewall" "bastion" { name = "${var.name}-only-ssh-bastion" droplet_ids = [digitalocean_droplet.bastion.id] inbound_rule { protocol = "tcp" port_range = "22" source_addresses = ["0.0.0.0/0", "::/0"] } outbound_rule { protocol = "tcp" port_range = "22" destination_addresses = [digitalocean_vpc.web.ip_range] } outbound_rule { protocol = "icmp" destination_addresses = [digitalocean_vpc.web.ip_range] } } </code></pre> </div> <ul> <li>Now you can apply the files and let terraform create the infrastructure on Digital Ocean </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>$ terraform apply </code></pre> </div> <blockquote> <p>You can use the <code>--auto-approve</code> flag to let terraform automatically continue without asking you for approval.</p> </blockquote> <h3> Access the server through the bastion host </h3> <ul> <li>Copy the domain name of the bastion host and ssh into it from your terminal. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>$ ssh -A root@&lt;FQDN of bastion host&gt; </code></pre> </div> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqc95exma5x0z43n40dmk.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqc95exma5x0z43n40dmk.png" alt="Screenshot of bastion host after logging in"></a></p> <ul> <li>Copy the IP address of any of the web servers and ssh into it from the bastion host </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>$ ssh root@&lt;private_ip_address_of_server&gt; </code></pre> </div> <h3> Delete infrastructure </h3> <p>This will undo everything. You can delete the infrastructure by running the following command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>$ terraform destroy </code></pre> </div> <p>That's it.</p> <p><strong>Thanks for the time reading this!</strong></p> <p>Let me know if you there's a way you think this infrastructure can be improved.<br> 👍</p> terraform digitalocean linux devops How to recursively remove .DS_Store Abubakar Hassan Sat, 05 Nov 2022 12:58:56 +0000 https://forem.com/itssadon/how-to-recursively-remove-dsstore-4kdd https://forem.com/itssadon/how-to-recursively-remove-dsstore-4kdd <p>Lately, I've been doing a lot of development on Mac. With that comes a lot of use of the Finder app.</p> <p>In order keep your repo clean, you need to remove .DS_Store files from the folders created using the Mac GUI. Doing that by hand is really boring, painful, and repetitive. Enter that awesome thing we call the command line.</p> <h2> Recursively Remove .DS_Store </h2> <p>Open up Terminal</p> <p>In the command line, type: </p> <p><code>cd to/your/directory</code> - then press enter.</p> <p>Finally, in the command line, type: </p> <p><code>find . -name '.DS_Store' -type f -delete</code> - then press enter.</p> <blockquote> <p>Warning: Never use a wildcard (*) with this command, unless you know what you're doing. Bad things can happen if you don't.</p> </blockquote> <p>This snippet will remove .DS_Store files from the selected folder, as well as all of the folders that it contains. All of them. At once.</p> <p>This command can be used for other types of files, as well. Just replace '<strong>.DS_Store</strong>' with whatever file name, or type, that you want to delete.</p> <h2> Other uses </h2> <p>You can do this for other file types, as well.</p> <p>For example, you could use the below to delete all JavaScript files within a containing folder.</p> <p><code>find . -name '*.js' -type f -delete</code> </p> <blockquote> <p>Note that the asterisk is a wildcard, meaning the Terminal is looking for any file with an extension of .js... it can be dangerous to use wildcards...</p> </blockquote> <p><em>be careful.</em></p> devops bash