Skip to content

Quick Reference Guide

πŸš€ Quick Commands

VPN Infrastructure

# Start VPN services
docker-compose -f docker-compose-vpn.yml up -d

# Quick VPN setup
./scripts/quick-vpn-setup.sh

# Apply firewall rules
sudo ./firewall-rules.sh

# Test VPN connectivity
./scripts/manage-access.sh test-vpn

# Show access configuration
./scripts/manage-access.sh show-config

Start/Stop Services

# Start all services (production with VPN)
docker-compose up -d

# Start local development
docker-compose -f docker-compose-local.yml up -d

# Start VPN infrastructure only
docker-compose -f docker-compose-vpn.yml up -d

# Start specific service
docker-compose up -d opensearch

# Stop all services
docker-compose down

# Stop and remove volumes
docker-compose down -v

VPN Client Management

# Add new VPN-only service
./scripts/manage-access.sh add-vpn-service myapp.domain.com myapp 8080

# Add public service (⚠️ use carefully)
./scripts/manage-access.sh add-public-service api.domain.com myapi 3000

# Block port from public access
./scripts/manage-access.sh block-port 3306

# Generate client config
./scripts/manage-access.sh generate-client "laptop-name"

# Open VPN admin interface
open https://vpn-admin.olanna.ai
# Login: admin / secureWgPassword123!

Service Management

# View running containers
docker-compose ps

# View logs
docker-compose logs -f [service_name]

# Restart specific service
docker-compose restart [service_name]

# Scale services
docker-compose up -d --scale opensearch=3

Health Checks

# VPN Services
curl -I https://vpn-admin.olanna.ai
docker logs wg-easy
docker logs wireguard

# Public Services (no VPN required)
curl -I https://status.olanna.ai
curl -I https://assets.olanna.ai

# Administrative Services (basic auth required)
curl -I https://vpn-admin.olanna.ai

# Private Services (VPN required - should fail without VPN)
curl -I https://auth.olanna.ai         # Should fail without VPN
curl -I https://monitoring.olanna.ai   # Should fail without VPN
curl -I https://search.olanna.ai       # Should fail without VPN
curl -I https://jenkins.olanna.ai      # Should fail without VPN

# Internal Services (localhost only)
curl http://localhost:9200/_cluster/health  # OpenSearch
curl http://localhost:9090/-/healthy        # Prometheus
curl http://localhost:3000/api/health       # Grafana
curl http://localhost:8500/v1/status/leader # Consul
curl http://localhost:8200/v1/sys/health    # Vault

πŸ”— Service URLs

Production (VPN Required for Private Services)

Public Services

  • Keycloak: https://auth.olanna.ai
  • Status Page: https://status.olanna.ai
  • Assets: https://assets.olanna.ai
  • VPN Admin: https://vpn-admin.olanna.ai

Private Services (VPN Required)

  • Grafana: https://monitoring.olanna.ai
  • OpenSearch Dashboards: https://search.olanna.ai
  • Jaeger: https://tracing.olanna.ai
  • Jenkins: https://jenkins.olanna.ai
  • pgAdmin: https://database.olanna.ai
  • Consul: https://consul.olanna.ai
  • Vault: https://vault.olanna.ai
  • Nexus: https://nexus.olanna.ai
  • Traefik: https://traefik.olanna.ai
  • RabbitMQ: https://rabbitmq.olanna.ai
  • Pi-hole: https://dns.olanna.ai

Local Development

  • OpenSearch Dashboards: http://localhost:5601
  • Grafana: http://localhost:3000
  • Jaeger: http://localhost:16686
  • Jenkins: http://localhost:8090
  • Vault: http://localhost:8200
  • Consul: http://localhost:8500

πŸ”‘ Default Credentials

Service Username Password Notes
VPN Admin admin secureWgPassword123! Change immediately
Pi-hole admin 6vmvFh9PuAv1Xo/e Secure password
Grafana admin 15qIUK8n6WYc Production
RabbitMQ rabbitmq A5kwa5ZO7yDb Production
PostgreSQL admin 9tRQF5H2TsNM Production
pgAdmin devops@olanna.ai A48hb6WNdW2D Production
Keycloak admin g6KfLOOH60FIkg Production

⚠️ Security Note: Change all default passwords before production use!

πŸ“Š Monitoring Queries

OpenSearch

# Search recent errors
curl "localhost:9200/app-logs-*/_search" -d '{
  "query": {
    "bool": {
      "must": [
        {"term": {"level": "ERROR"}},
        {"range": {"@timestamp": {"gte": "now-1h"}}}
      ]
    }
  }
}'

Prometheus

# CPU usage
curl "localhost:9090/api/v1/query?query=cpu_usage"

# Memory usage
curl "localhost:9090/api/v1/query?query=memory_usage"

πŸ› Common Issues

VPN Connection Issues

Can't Connect to VPN

# Check VPN server status
docker logs wg-easy
docker logs wireguard

# Check if VPN port is accessible
nmap -sU -p 51820 vpn.olanna.ai

# Test DNS resolution
nslookup vpn.olanna.ai

# Check firewall allows VPN port
sudo iptables -L | grep 51820

VPN Connects but Can't Access Services

# Check VPN IP assignment
ip addr show | grep "10.8.0"

# Test internal connectivity
ping 172.18.0.10  # Pi-hole DNS
ping 172.18.0.1   # Docker gateway

# Check DNS resolution through VPN
nslookup monitoring.olanna.ai 172.18.0.10

# Test service directly
curl -H "Host: monitoring.olanna.ai" http://172.18.0.X:3000

Services Accessible from Internet (Security Issue)

# Check if firewall rules are applied
sudo iptables -L -n

# Verify port blocking
nmap -p 3000,5601,8080 YOUR_SERVER_IP

# Check Traefik middleware
docker logs traefik | grep "vpn-only"

# Test without VPN (should fail)
curl -I https://monitoring.olanna.ai

Service Access Issues

Service Won't Start

# Check service status
docker-compose ps

# Check logs for errors
docker-compose logs SERVICE_NAME

# Check resource usage
docker stats

# Check network connectivity
docker network ls
docker network inspect olanna-network

SSL/Certificate Issues

# Check certificate status
docker logs traefik | grep "certificate"

# Verify domain resolution
nslookup monitoring.olanna.ai

# Check Let's Encrypt rate limits
curl -s https://crt.sh/\?q\=olanna.ai\&output\=json

Performance Issues

High Memory Usage

# Check container memory usage
docker stats --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}"

# Restart memory-heavy services
docker-compose restart opensearch grafana

# Check system memory
free -h

Slow Response Times

# Check Docker network latency
docker exec CONTAINER ping 172.18.0.1

# Check service response times
curl -w "@curl-format.txt" -o /dev/null -s https://monitoring.olanna.ai

# Check database connections
docker exec postgres psql -U admin -c "SELECT * FROM pg_stat_activity;"

Emergency Procedures

Locked Out of VPN

# Get your public IP
MY_IP=$(curl -s ifconfig.me)

# Temporarily allow your IP (emergency only)
sudo iptables -I INPUT -s $MY_IP/32 -j ACCEPT

# Access services directly via localhost (if on server)
curl http://localhost:3000

# Fix VPN issue, then remove emergency rule
sudo iptables -D INPUT -s $MY_IP/32 -j ACCEPT

Reset VPN Configuration

# Stop VPN services
docker-compose -f docker-compose-vpn.yml down

# Clear VPN data (⚠️ this removes all client configs)
docker volume rm devops-scripts_wg-easy-data

# Regenerate configuration
./scripts/quick-vpn-setup.sh

Service Recovery

# Reset all services (⚠️ data loss possible)
docker-compose down -v
docker-compose up -d

# Reset specific service
docker-compose stop SERVICE_NAME
docker volume rm SERVICE_VOLUME
docker-compose up -d SERVICE_NAME

OpenSearch won't start

# Check memory limits
echo "vm.max_map_count=262144" >> /etc/sysctl.conf
sysctl -p

# Check disk space
df -h

Traefik SSL issues

# Check logs
docker logs traefik

# Verify DNS
nslookup localhost

Service discovery problems

# Check Consul
curl localhost:8500/v1/catalog/services

# Restart networking
docker network prune
docker network create olanna-network

πŸ”„ Backup Commands

# Backup OpenSearch data
docker run --rm -v opensearch_data:/data -v $(pwd):/backup alpine tar czf /backup/opensearch-backup.tar.gz -C /data .

# Backup PostgreSQL
docker exec postgres pg_dump -U admin postgres > backup-$(date +%Y%m%d).sql

# Backup Grafana dashboards
docker exec grafana grafana-cli admin export-all > grafana-backup.json

β˜• Java Spring Integration

application.yml Configuration

# OpenTelemetry Configuration
otel:
  exporter:
    otlp:
      endpoint: http://localhost:4318
  traces:
    exporter: otlp
  metrics:
    exporter: otlp

# OpenSearch Configuration
opensearch:
  host: localhost
  port: 9200

# Vault Configuration
spring:
  cloud:
    vault:
      host: localhost
      port: 8200
      scheme: http
      authentication: TOKEN
      token: ${VAULT_TOKEN}

Quick Spring Boot Setup

// build.gradle - Simple and clean
plugins {
    id 'org.springframework.boot' version '3.2.0'
    id 'io.spring.dependency-management' version '1.1.4'
    id 'java'
}

dependencies {
    implementation 'org.springframework.boot:spring-boot-starter-web'
    implementation 'org.springframework.boot:spring-boot-starter-actuator'
    implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
    // Feign clients automatically traced
    implementation 'org.springframework.cloud:spring-cloud-starter-openfeign'
    // One dependency for all tracing
    implementation 'io.opentelemetry.instrumentation:opentelemetry-spring-boot-starter:1.29.0-alpha'
}

# application.yml - Simple configuration
otel:
  service:
    name: my-app
    version: 1.0.0
  exporter:
    otlp:
      endpoint: http://localhost:4318
  traces:
    exporter: otlp

  # Exclude database tracing (optional)
  # instrumentation:
  #   jdbc:
  #     enabled: false

// Main Application Class
@SpringBootApplication
@EnableFeignClients // Enable Feign clients
public class Application {
    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }
}

// Everything automatically traced - no manual code needed!
@RestController
public class UserController {
    @GetMapping("/users/{id}")
    public User getUser(@PathVariable Long id) {
        return userService.findById(id); // Automatically traced
    }
}

Why Spring Boot Auto-Configuration is Better: - βœ… Simpler - just one dependency + config - βœ… Spring-native - works with profiles and properties
- βœ… No external files - everything in your app - βœ… Easier deployment - no agent management

Alternative: Java Agent (For Legacy Apps)

doLast {
    def agentUrl = 'https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/latest/download/opentelemetry-javaagent.jar'
    new URL(agentUrl).withInputStream{ i -> 
        file('opentelemetry-javaagent.jar').withOutputStream{ it << i }
    }
}

} java // Main Application Class - No tracing code needed! @SpringBootApplication @EnableFeignClients // Enable Feign clients public class Application { public static void main(String[] args) { SpringApplication.run(Application.class, args); } } // Controllers automatically traced @RestController public class UserController { @Autowired private UserServiceClient feignClient; // Automatically traced @GetMapping("/users/{id}") public User getUser(@PathVariable Long id) { // All request/response data automatically captured return feignClient.getUser(id); // Feign call traced! } } // Feign client automatically traced @FeignClient(name = "user-service", url = "http://user-service") public interface UserServiceClient { @GetMapping("/users/{id}") User getUser(@PathVariable Long id); } ```

# Run with automatic tracing
./gradlew downloadOtelAgent
java -javaagent:./opentelemetry-javaagent.jar \
     -Dotel.service.name=my-app \
     -Dotel.exporter.otlp.endpoint=http://localhost:4318 \
     -jar build/libs/my-app.jar

# Or with bootRun
./gradlew bootRun -Dotel.javaagent.path=./opentelemetry-javaagent.jar

Option 2: Spring Boot Auto-Configuration

dependencies {
    implementation 'io.opentelemetry.instrumentation:opentelemetry-spring-boot-starter:1.29.0-alpha'
    implementation 'org.springframework.boot:spring-boot-starter-actuator'
    implementation 'org.opensearch.client:opensearch-java:2.11.1'
    implementation 'org.springframework.vault:spring-vault-core:3.0.4'
}
```