cron.weekly issue #46: Kimchi, MySQL, Zabbix, Varnish, Logtrail, Swift, DHCP & more!September 18, 2016 - Mattias Geniar
Welcome to cron.weekly issue #46, for Sunday, September 18th, 2016.
Loads of new tools this time, plenty of variation all around. Enjoy!
This is a fun introduction comparing Docker to rkt by running over the steps involved to get both to work in production, each with its’ pro’s and con’s.
What else but Linux would power self-driving cars?
A nice overview of ‘what’s a fork of what’: ubuntu vs debian, centos vs red hat, openbsd vs netbsd, …
A description of how Facebook handles SSH: signed certificates, security domains, lots of info on the implementation.
Nearly all MySQL variants (Oracle, MariaDB) are vulnerable to a critical remote code execution that grants root privileges. While the requirements to exploit are rather complicated, it’s best to schedule your upgrades.
Tools & Projects
The project stands for “Full install as a Service”: a collection of Ansible roles and playbooks to setup an configure a full LAMP stack with additional services like Varnish, Memcached or Redis where required. The FIAAS playbooks generate more than just the standard service on your VM.
It’ll probably take a while until this release hits the DEB/RPM repo’s, but some nifty new features: different signal handling for async jobs, loadable plugins, better –help output and loads of bugfixes.
A caching DNS proxy for the Google DNS-over-HTTPS. It effectively encrypts all your DNS traffic.
NAXSI is an open-source, high performance, low rules maintenance Web Application Firewall for Nginx.
LogTrail is a plugin for Kibana to view, analyze, search and tail log events from multiple hosts in realtime with devops friendly interface inspired by Papertrail.
Goofy is an HTTP load testing tool that simulates waves of surfers in a somewhat unusual way.
A new release for the popular Varnish caching daemon: first (experimental) support for HTTP/2, a new shard directory (load balancing base on strings/keys) and the ability to more easily split the VCL files among multiple files.
The latest stable release of the Zabbix monitoring solution adds event tags, event correlation, nested host groups, better alert flapping detection & prevention.
The Swift language (originally developed by Apple) has reached a new milestone. It now has a stable API, so if you’re thinking of getting started with Swift, now is a good time – the runtime, syntax & usage of Swift isn’t likely to change much any time soon.
A load testing tool for MySQL, simulating client connections & SQL queries, all fully configurable.
A new release of Oracle’s version of MySQL: 8.0. It implements SQL roles, new character sets, invisible indexes, better IPv6 manipulation, improved performance schema & much more.
This project adds support for Arch Linux as the WSL (Windows Subsystem for Linux) host. So, you can now run Arch Linux as a native Linux system on Windows.
You know you’re working at scale when you need a DHCP load balancer! This tool, dhcplb, comes from the Facebook team.
A new release of the popular text editor: Asynchronous I/O support, channels, JSON, Jobs, Timers, Partials, Lambdas and Closures.
pyinfra automates service deployment. It does this by diff-ing the state of the server with the state defined in the deploy script. Deploys are asyncronous and highly performant. The inventory & deploy are managed with pure Python, allowing for near-infinite extendability.
A terminal based search engine for bash commands. Borg was built out of the frustration of having to leave the terminal to search for bash commands.
An HTML5 management interface for KVM.
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
Guides & Tutorials
This is an interesting paper comparing the performance of VMs (in this case on KVM) to the performance of containers running via Docker.
This post describes how challenges involving high-available Kafka setups drove them to ZeroMQ to process application & server logs in a streaming, real-time, fashion.
A really in-depth article explaining everything that goes on network-wise in your server: virtualized NICs, buffer addresses & lengths, MAC address filtering & promiscuous mode, how CPU’s relate to packet handling, …
Lots of examples in this post explaining how you can use your Puppet config management to create and manage containers.
A good introduction to the routing table, Linux servers acting as routers, how to configure routing via the route tool & a solid reminder of the TCP stack.
This post gives a high level overview of how the Kafma, ZooKeeper, HDFS & Cassandra work together.