add explicit docker cleanup or keep running instructions at the end o…

…f each lab
kris-watts-gravwell · Jul 25, 2022 · b50d80b · b50d80b
1 parent 56e6707
commit b50d80b
Show file tree

Hide file tree

Showing 5 changed files with 70 additions and 13 deletions.
diff --git a/Indexers/indexers.tex b/Indexers/indexers.tex
@@ -300,6 +300,9 @@ \subsection{Hands-on Lab: Well Definitions}
 	\caption{Tags}
 \end{figure}
 
+Do not \code{rm} the test container, as we are
+going to use it again for the next lab.
+
 \section{Well Ageout}
 \index{Ageout}\index{Wells!ageout}
 Gravwell is designed to manage data sets with minimal user interaction;
@@ -508,12 +511,13 @@ \subsection{Hands-on Lab: Ageout}
 \end{Verbatim}
 
 Then we'll use the ingesters container (make sure you've loaded the ingesters container image as described in Section \ref{sec:load-lab-images}) to import the syslog data:
-
+\begin{samepage}
 \begin{Verbatim}[breaklines=true]
 docker run -v $PWD/data:/tmp/data --rm -i --net gravnet \
 gravwell:ingesters /opt/gravwell/bin/reimport -rebase-timestamp \
 -clear-conns test:4023 -i /tmp/data/syslogdata -import-format json
 \end{Verbatim}
+\end{samepage}
 
 In the command above, we spin up a new container and run the \code{reimport} ingester, telling it to read json-formatted entries from standard input.
 
@@ -590,6 +594,12 @@ \subsection{Hands-on Lab: Ageout}
     Delete-Frozen-Data=true
 \end{Verbatim}
 
+To clean up after the experiment, simply run:
+
+\begin{Verbatim}[breaklines=true]
+docker kill $(docker ps -a -q)
+\end{Verbatim}
+
 \section{Replication}
 \index{Replication}
 Hardware failures happen, drives crash, and humans mis-type commands;
@@ -743,6 +753,12 @@ \subsubsection{Lab Questions}
 	\item Why would we want to restore shards to the cold well on replication recovery?
 \end{enumerate}
 
+To clean up after the experiment, simply run:
+
+\begin{Verbatim}[breaklines=true]
+docker kill $(docker ps -a -q)
+\end{Verbatim}
+
 \section{Query Acceleration and Indexing}
 \label{sec:acceleration}
 \index{Acceleration}\index{Indexing|see {Acceleration}}
@@ -1128,6 +1144,12 @@ \subsubsection{Lab Questions}
 	\end{enumerate}
 \end{enumerate}
 
+To clean up after the experiment, simply run:
+
+\begin{Verbatim}[breaklines=true]
+docker kill $(docker ps -a -q)
+\end{Verbatim}
+
 \section{Indexer Optimization}
 \index{Tuning!indexers}
 Gravwell prides itself on not requiring specific machine specs and
@@ -1410,3 +1432,9 @@ \subsection{Hands-on Lab: Docker Configuration}
 	\caption{Wells Page with Four Indexers}
 	\label{fig:idx-wells}
 \end{figure}
+
+To clean up after the experiment, simply run:
+
+\begin{Verbatim}[breaklines=true]
+docker kill $(docker ps -a -q)
+\end{Verbatim}
diff --git a/Ingesters/ingesters.tex b/Ingesters/ingesters.tex
@@ -1426,6 +1426,13 @@ \subsection{Hands-on Lab: Federation}
 -ingest-secret enclaveBSecrets -tag-name testB
 \end{Verbatim}
 
+To clean up after the experiment, simply run:
+
+\begin{Verbatim}[breaklines=true]
+docker kill $(docker ps -a -q)
+\end{Verbatim}
+
+
 \section{Ingester Caching}
 \index{Ingesters!caching}
 Ingester caching allows Gravwell ingesters to continue receiving data
@@ -2017,3 +2024,9 @@ \subsubsection{Lab Questions}
   Why is this configuration system essential for deployment using
   something like Kubernetes or OpenShift?
 \end{enumerate}
+
+To clean up after the experiment, simply run:
+
+\begin{Verbatim}[breaklines=true]
+docker kill $(docker ps -a -q)
+\end{Verbatim}
diff --git a/Kits/kits.tex b/Kits/kits.tex
@@ -241,6 +241,12 @@ \section{Hands-on Lab: Installing Kits}
 
 When you're done, return to the `Manage kits' page and uninstall the kit. Verify that none of the Netflow dashboards or other objects still exist. Note that there is still a kit installed--which kit is it, and why was it installed?
 
+To clean up after the experiment, simply run:
+
+\begin{Verbatim}[breaklines=true]
+docker kill $(docker ps -a -q)
+\end{Verbatim}
+
 \section{Building Kits}
 \index{Kits!building}
 Although Gravwell distributes pre-built official kits, any user can build a kit themselves. This is a convenient way to share objects built on one Gravwell instance with another instance. Note that kits built like this are not signed by Gravwell and therefore can only be installed by administrators.

diff --git a/Search/search.tex b/Search/search.tex
@@ -248,12 +248,8 @@ \subsection{Hands-on Lab: Basic Filtering}
 	\end{enumerate}
 \end{enumerate}
 
-To clean up after the experiment, simply run:
-
-\begin{Verbatim}[breaklines=true]
-docker kill $(docker ps -a -q)
-\end{Verbatim}
-
+Do not \code{rm} the test container, as we are
+going to use it again for the next lab.
 
 \section{Entries, Enumerated Values, and Field Extraction}
 \index{Search!enumerated values}\index{Enumerated Values}
@@ -1797,14 +1793,14 @@ \subsection{Hands-on Lab: Data Fusion}
 so that the switch logs occur before the DHCP logs so that a mac address
 from the DHCP log can be looked up against a MAC address from the switch log.
 
+The resulting table (Figure \ref{fig:mac-host-table}) is pretty useful for keeping an eye on what devices are on your network. Note that some MAC addresses don't have a hostname associated with them; those are devices we may want to investigate!
+
 \begin{figure}
 	\includegraphics[width=0.6\linewidth]{images/mac-host-table.png}
 	\caption{MAC / Hostname / Switch Port table}
 	\label{fig:mac-host-table}
 \end{figure}
 
-The resulting table (Figure \ref{fig:mac-host-table}) is pretty useful for keeping an eye on what devices are on your network. Note that some MAC addresses don't have a hostname associated with them; those are devices we may want to investigate!
-
 \subsubsection{Lab Tasks}
 
 \begin{enumerate}
@@ -1820,9 +1816,8 @@ \subsubsection{Lab Tasks}
   Can you find any hosts on more than one vlan?
 \end{enumerate}
 
-
+\begin{samepage}
 \subsubsection{Lab Questions}
-
 \begin{enumerate}
 \item
   {When would data fusion enrichment make more sense than creating a
@@ -1833,6 +1828,7 @@ \subsubsection{Lab Questions}
   {How would you combine the two methods to get ``the best of both
   worlds''?}
 \end{enumerate}
+\end{samepage}
 
 To clean up after the experiment, simply run:
 

diff --git a/Webserver/webserver.tex b/Webserver/webserver.tex
@@ -111,7 +111,7 @@ \subsection{Hands-on Lab: Adding Indexers to a Webserver}
 	\label{fig:twoindexers}
 \end{figure}
 
-\subsubsection{Lab questions}
+\subsubsection{Lab Questions}
 
 \begin{enumerate}
 \item
@@ -122,6 +122,12 @@ \subsubsection{Lab questions}
   the indexer on the indexer0 container, not the local instance?
 \end{enumerate}
 
+To clean up after the experiment, simply run:
+
+\begin{Verbatim}[breaklines=true]
+docker kill $(docker ps -a -q)
+\end{Verbatim}
+
 \section{Configuring Multiple Webservers}
 \index{Distributed webservers}\index{Webservers!distributed}\index{Datastore}
 Gravwell can use multiple webservers to load-balance user requests.
@@ -231,14 +237,22 @@ \subsection{Hands-on Lab: Configuring multiple webservers}
 should be visible on the other webserver's Groups screen too. It may be
 necessary to refresh the page.
 
-\subsubsection{Lab questions}
+\subsubsection{Lab Questions}
 
 \begin{enumerate}
 \item
   Why does it take some seconds for the new group to appear on the
   second webserver? How might this be sped up?
 \end{enumerate}
 
+To clean up after the experiment, simply run:
+
+\begin{Verbatim}[breaklines=true]
+docker kill $(docker ps -a -q)
+\end{Verbatim}
+
+
+
 %%%%%%%%%%
 % TODO: Kris please update this for the Gravwell load balancer
 %%%%%%%%%%