幹壞事是進步最大的原動力
難得在 Percona 的 blog 上看到專門談 PostgreSQL 的文章:「Collect PostgreSQL Metrics with Percona Monitoring and Management (PMM)」。
其實是透過 Prometheus 疊出來的:
Starting from PMM 1.4.0. it’s possible to add monitoring for any service supported by Prometheus.
在步驟也可以看到:
3. In the next dialog, choose Prometheus as a data source and continue.
這方法有點奇怪就是了,但反正會動比較重要?XD
我第一眼看到的時候還在想是哪個 content farm 的標題,我應該沒有訂到 content farm 的 RSS feed 才對... 結果發現是 Google Cloud Platform 上的文章:「12 best practices for user account, authorization and password management」。
然後看完內容後還是有種 content farm 的感覺... (歡樂)
AWS Key Management Service 宣布支援 AWS PrivateLink Endpoint 了:「How to Connect Directly to AWS Key Management Service from Amazon VPC by Using an AWS PrivateLink Endpoint」。先前需要透過 Internet 流量存取 (透過 NAT、Proxy 之類的服務),現在則是可以接到 VPC 內直接用了:
Previously, applications running inside a VPC required internet access to connect to AWS KMS. This meant managing internet connectivity through internet gateways, Network Address Translation (NAT) devices, or firewall proxies.
With support for Amazon VPC endpoints, you can now keep all traffic between your VPC and AWS KMS within the AWS network and avoid management of internet connectivity.
KMS 需要 Internet 也是之前設計架構時比較痛的地方,現在總算是有個方向可以減少痛處了...
Amazon Route 53 的新功能,可以解決以前自己要建立 Service Discovery 服務的工作:「Amazon Route 53 Releases Auto Naming API for Service Name Management and Discovery」。官方的文件在「Using Autonaming for Service Discovery」這邊。
不過目前有些限制,一個 namespace (domain name) 目前只能有五個服務:
DNS settings for up to five records.
然後 DNS 回應時,最多回八個 record:
When Amazon Route 53 receives a DNS query for the name of an instance, such as backend.example.com, it responds with up to eight IP addresses (for A or AAAA records) or up to eight SRV record values.
回應八個 record,但應該是可以註冊超過八個吧... (i.e. 每次都回不一樣)
自建服務 (像是 Cassandra 或是 ScyllaDB) 可以直接用這個服務掛上去,就不用自己架 Consul 了。
目前支援了這四區,亞洲不在這波提供範圍:
Amazon Route 53 Auto Naming is available in US East (N. Virginia), US East (Ohio), US West (Oregon), and EU (Ireland) regions.
AWS 計畫把先前設計的 VPC Endpoint 都併到 AWS PrivateLink 裡,統一管理:「New – AWS PrivateLink for AWS Services: Kinesis, Service Catalog, EC2 Systems Manager, Amazon EC2 APIs, and ELB APIs in your VPC」。
Today we are announcing AWS PrivateLink, the newest generation of VPC Endpoints which is designed for customers to access AWS services in a highly available and scalable manner, while keeping all the traffic within the AWS network. Kinesis, Service Catalog, Amazon EC2, EC2 Systems Manager (SSM), and Elastic Load Balancing (ELB) APIs are now available to use inside your VPC, with support for more services coming soon such as Key Management Service (KMS) and Amazon Cloudwatch.
這樣就不用弄 proxy server 然後在上面管一堆 policy 了... (先不講自己搞 HA 的麻煩事,光是有些程式還得 patch 才能支援 proxy 就會想翻桌了 XD)
CMU 的 CS (Computer Science) 發的新聞稿:「Carnegie Mellon Offers New Master's Degree in Product Management」。
副標也清楚寫出是一年的課程:
One-Year Program Turns Computer Professionals Into "CEOs of the Product"
除了 CMU CS 外,也結合了 CMU 的 Tepper Business School 一起開:
A joint program of the university's School of Computer Science (SCS) and Tepper School of Business, the Master of Science in Product Management (MSPM) program will start January 2018.
另外一個不同角度的 Product Management。
在「AWS Organizations:多帳號的管理」這邊提到 AWS Organizations,當時都還是 preview,現在變成 GA 開放給大家用了:「AWS Organizations – Policy-Based Management for Multiple AWS Accounts」。
如果因為很多專案而開不同的 AWS 帳號時,帳號的管理就會變得超麻煩,現在可以用 AWS 提供的方案來管了:
晚點來用看看,看可以省多少功夫 :o
在 console 上發現不見了,跑去 forum 上看看是不是有其他人遇到同樣的問題,結果發現被拔掉了:「Attach IAM Role to existing EC2 instance in console not available」。
On Friday, Feb 24th, we were made aware that under certain conditions, the feature was not working for customers using the EC2 console. As a result, we have temporarily removed this capability from the EC2 console, but we will enable this feature when this issue has been resolved.
Ouch... 只好先用 CLI 了...
GCP 提供 Cloud Key Management Service (目前是 beta),將對 key 的處理 (像是加解密) 變成服務的一部分。
費用的部份,比較大的量應該會在「Key use operations (Encrypt/ Decrypt)」這塊?每一萬次收 USD$0.03。
自己建會有一堆稽核問題要處理,有人建起來後直接用,拔責任直接拆開的確是比較方便...
