cron.weekly issue #37: Kubernetes, diffs, SYN floods, chage, Jenkins & more!July 17, 2016 - Mattias Geniar
Welcome to cron.weekly issue #37 for Sunday, July 17th, 2016.
I’d like to give a special thanks to Papertrail for sponsoring the previous 4 editions of cron.weekly. If you’re looking to promote a product or service relevant to open source & linux sysadmins, have a look at the sponsorship options.
And now without further ado, enjoy this week’s edition!
Rkt is a relatively new container technology, next to Docker. The Kubernetes project now supports the rkt runtime as of version 1.3.
The source code that got the Apollo 11 rocket to the moon (and back!) with Neil Armstrong and Buzz Aldrin in 1969, is now available as open source.
The Jenkins team has declared the latest 2.7.1 release LTS, meaning long term support is here for the 2.x branch. At the same time, Jenkins 1.x is now end of life and all users are encouraged to upgrade to 2.x.
Tools & Projects
While this isn’t new, it isn’t very known either: systemd has a subsystem that allows you to manage and spawn containers, much like Docker or LXC.
This tip was sent in via e-mail: a list of conferences on (open source) software development and their CFP (Call For Paper) dates.
An improvement to ye old diff tool, with a more modern diff output. The biggest improvement is in highlighting the differences within a single line.
The team at Github have created their own DDoS mitigation technique for preventing SYN floods: Synsanity. Synsanity is a SYN flood DDoS mitigation module for Linux 3.x.
A new release for the Poppins script. This rotating backup script is based on rsync with support for BTRFS/ZFS snapshots.
An interesting project: it stores all git objects on IPFS — a content addressable storage network, while an Ethereum smart contract provides means for access control and stores the pointers to the latest repository revisions. It’s blockchain-meets-git.
A simple crontab visualizer, easier to read than the cryptic crontab output.
Guides & Tutorials
Quite a lengthy read but a good one: how our industry is moving from a “task oriented” system to more “state oriented” with config management and how that’s evolving to containers.
A bit about how Product Hunt monitors and troubleshoots their Ruby and Node.js stack. Most microservices run on Heroku, often with Heroku Postgres. (PDF) (Sponsored)
A practical guide on using Docker on VMware’s vSphere Integrated Container (VIC). For those running a VMware stack, this looks like a great way to integrate containers.
A good high-level introduction into the different container stacks, their terminology and technology and a look at container orchestration.
An excellent guide if you really want to learn and understand Kubernetes: from setting up etcd clusters to managing CA’s and TLS certs, Kubernetes control plane, … No “one-click install scripts”, but really getting deep into each part of the setup.
When you need to enforce password changes for users on Linux machines, the chage command-line tool is a must-have.
This is a clever hack: by using a specific configuration in /etc/hosts.allow you can spawn a Bash script whenever the SSH daemon would accept a connection. This Bash script can, by looking at a GeoIP database, determine if you’re allowed access or not. I didn’t know hosts.allow or hosts.deny could do this!
This document is a guide to understanding how the Linux kernel (version 2.2.14 specifically) implements networking protocols, focused primarily on the Internet Protocol (IP). And it’s a thorough one, very in-depth.
A slightly older post, but a good reminder that running strace on processes can be dangerous: they can slow down applications by factor 400x (!) while pausing system calls and performing context switches.
This is a Bash script that does a couple of repetitive things whenever you install a new server: set the timezone, update the system, enable the firewall, … It doesn’t do a lot, but scripts like these show what the first few things on any server can be (although I’m missing a config management installation step).