cron.weekly issue #61: Btrfs, Syncthing, Parallel, Rootkit, Kubernetes, Container networking & more!January 1, 2017 - Mattias Geniar
Happy new year cron.weekly readers! It’s january 1st, 2017 and this is probably the first newsletter to arrive in your inbox in 2017.
My wishes for your new year: may your favourite abandoned open source project get an active fork and may your own open source projects become a source of steady income as you continue to support them.
If you’re using this newsletter as a distraction during yet-another-family-dinner, I hope it can keep you entertained.
Some good insights in how Facebook handles upstream kernel releases, how they’re running the 4.6 kernel and how and where they’re fitting in the Btrfs file system.
If you’ve ever maintained an open source project you know sometimes you have to say “no” to a pull request, because it doesn’t align with your own (or the projects’ ) interests. This post explores some of the good reasons why you might want to say “no”.
Yet another good reminder than unauthenticated protocols, like MongoDB, Redis or Memcached, need to be firewalled or properly configured to prevent anyone on the internet from spying on your data.
There are 2 different kind of load balancing: for capacity vs for resilience. This post explores both and gives some examples of situations where it’s easy to make mistakes in your load balancers.
Tools & Projects
Track & alert on the health and performance of every server, container, and app in any environment. Sign up for a free 14-day trial. (Sponsored)
DNScrypt is a protocol for securing communications between a client and a DNS resolver, using high-speed high-security elliptic-curve cryptography. dnscrypt-proxy is a client-implementation of the protocol. It requires a DNSCrypt server on the other end.
Open Source Continuous File Synchronization. Syncthing is an easy-to-use file and directory synchronisation protocol & tool.
The Alerta monitoring tool was developed with the following aims in mind: distributed and de-coupled so that it is scalable, minimal configuration that easily accepts alerts from any source, quick at-a-glance visualisation with drill-down to detail.
Gitea is a community managed fork of Gogs, lightweight code hosting solution written in Go and published under the MIT license. Gitea is a painless self-hosted Git service.
GNU parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU parallel can then split the input and pipe it into commands in parallel.
An SSL-capable man-in-the-middle proxy for pen testers and web developers.
Bosun is an open-source monitoring and alerting system by Stack Exchange. It has an expressive domain specific language for evaluating alerts and creating detailed notifications. It also lets you test your alerts against history for a faster development experience.
Bash-it is a collection of community Bash commands and scripts. Includes autocompletion, themes, aliases, custom functions, a few stolen pieces from Steve Losh, and more.
This repository contains Dockerfiles for a complete Puppet 4 infrastructure running in Docker. The following components are used: HAProxy, Puppetserver, PuppetDB, Postgres, r10k, NATS, Puppet explorer.
Guides & Tutorials
This is a slightly older tutorial, but still spot-on: how to get started with Puppet.
In this blog post, the author explains how the Kubernetes resource model works, why you should always set resource limits on your containers, and then show you how you can do exactly that.
A really good explanation on networking inside containers. It covers vxlan, ip-in-ip, the route tabel, local networks, … Looking forward to the follow-ups on this one.
Quite a lot of code in this article, but very interesting if you like the low-level details of how rootkits work on Linux.