cron.weekly issue #40: Ansible, OpenSSH, Checkup, TLS, Postfix & more!


cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Image of Mattias Geniar

Mattias Geniar, August 07, 2016

Follow me on Twitter as @mattiasgeniar

Welcome to cron.weekly issue #40 for Sunday, August 7th, 2016.

A bit later than usual, but I was too busy recompiling kernels to better fight of F.Society hackers, tunnelling my TCP traffic over a UDP DNS interface while trying to circumvent rate limiting and at the same time mitigating an incoming SNMP amplification attack.

Or I fell asleep when I should’ve been writing the newsletter. Pick whichever you story you prefer.

Either way, enjoy your Sunday read!

Podcast: Ansible with James Cammarata

I recorded a new podcast last week with James Cammarata, head of Ansible core engineer, to talk about the Ansible project.

We discuss how it’s used as a config management tool in both a push/pull scenario, how Ansible can be used as a deployment tool and an orchestrator. We touch on the terminology, Red Hat’s acquisition, ideal use cases, how to get started with Ansible, Ansible vs. Puppet and so much more.

If you’re interested, go have a listen.

News

5 Sysadmin Horror Stories

In honour of SysAdmin Day last week, here’s a set of stories that prove our heroic skills.

A look at DevOps tools landscape

A good list of “devops tools” (what’s in a name, right) ranging from project management to source code & integration testing.

OpenSSH 7.3 released

Lots of security improvements, easier jump-host configs, stronger Diffie-Hellman cipheres and an “include” directive for ssh_config files. That last one is going to make many config management folks happy, much easier to integrate custom configs that way.

The History of Email

Sometimes I stop and think how much of a miracle it is that e-mail even works. All the intermediate steps, the protocols, a thousand anti-spam filters, … So this was a fun read to go back to the basics: the first e-mail sent from ARPANET, the concept of mailboxes, e-mail headers, … Fun read if you like e-mail protocols.

Moving to GitLab

It’s a story from the GitLab team themselves, so probably biased, but the numbers are impressive: for large teams, you can save thousands of dollars from moving away from GitHub to a GitLab server. Many practical examples for many users/small repositories and small users/many repositories scenario’s.

Google’s QUIC protocol: moving the web from TCP to UDP

Heads-up for network engineers and firewall fans: Google is experimenting with a new protocol built on top of UDP instead of TCP. If you see strange traffic via UDP port 443, it might be the QUIC protocol. And judging by the attention it gets, QUIC might be here to stay.

Tools & Projects

gh-ost

GitHub’s Online Schema Change for MySQL. This looks like a very powerful, no-downtime tool to help make schema changes in MySQL easier.

Terraform 0.7

Terraform allows you to describe your infrastructure as code. It can describe which VMs you want and which cloud provider needs to run them. The 0.7 release introduces imports (of your existing infrastructure), external data sources (like Consul etc.) and useful tools to check the state of each machine.

httping

Give it an url, and it’ll show you how long it takes to connect, send a request and retrieve the reply (only the headers). A useful little tool to help troubleshoot HTTP errors.

Minio

Minio is an object storage server built for cloud application developers and devops. It’s amazon S3 compatible and written in Go. It is best suited for storing unstructured data such as photos, videos, log files, backups and container / VM images.

Sup

Stack Up is a simple deployment tool that performs given set of commands on multiple hosts in parallel. It reads Supfile, a YAML configuration file, which defines networks (groups of hosts), commands and targets.

fzf

fzf is a general-purpose command-line fuzzy finder.

Checkup

Checkup does ‘Simple uptime monitoring’: easy configs, cross platform and co-created from the same person that created the Caddy webserver. Looks like a very simple to use and powerful uptime monitoring tool, you should check this one out!

Guides & Tutorials

Nginx as a TLS multi-domain reverse-proxy in Docker

How to deploy a Nginx reverse-proxy with Let’s Encrypt and SNI support for serving multi-domains. The examples are using Docker containers, which make this a very practical example of how to set up a Docker container for a single service.

How To Create A Self-Signed SSL Certificate With OpenSSL

A couple of one-liners to help you create a self-signed certificate for testing purposes in OpenSSL.

Server Side TLS configurations

The Mozilla team has created a very good overview of what TLS on the server means: compatibility, how forward secrecy works, OCSP stapling, HSTS (HTTP Strict Transport Security) and HPKP (Public Key Pinning) and so much more. If you’re interested in securing server-side applications, bookmark this.

How To Use A Jumphost in your SSH Client Configurations

Many organisations use jumphosts or “bastion servers” that act as intermediates before you can SSH to other servers. It introduces several layers of extra control. This post explains how to use them in your SSH configs.

How to Deploy With Ansible: An Accessible Explanation

A very practical explanation on how to deploy code (PHP, Ruby, Node, …) with Ansible. Unlike other config management tools, Ansible is perfectly suited to orchestrate complex and multi-state deployments.

Postfix mail queue: deliver e-mail to an alternate address

Ever had an e-mail stuck in the Postfix queue? These steps allow you to send those mails that are stuck in the queue to an alternative address, bypassing the original recipient.

Explaining Ed: The Standard Text Editor

‘The original text editor’, hardly anyone uses ed anymore. This post gives a good overview of the ed text editor and highlights some of its strengths.

Monitor All HTTP Requests (like TCPdump) On a Linux Server with httpry

The ‘httpry’ tool translates output from tcpdump into readable HTTP requests. It can only sniff HTTP traffic on port 80, but for those situations it can be pretty useful.

Videos

From serverless to Service Full – How the role of devops is evolving

A very nice talk from Patrick Debois (the ‘godfather’ of DevOps) on how our role is shifting. It introduces AWS Lambda’s (the “serverless” part) and the concept of “promises”.



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.