cron.weekly issue #80: nftables, BBR, WireGuard, Kubernetes, %CPU, GlusterFS, BTRFS & more


cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Image of Mattias Geniar

Mattias Geniar, May 14, 2017

Follow me on Twitter as @mattiasgeniar

Welcome to _cron.weekly _issue #80 for Sunday, May 14th, 2017.

If you’re also responsible for Windows servers, this probably hasn’t been a good week for you. Good luck in patching everything against the cryptolocker worm doing the rounds!

I’d also like to give a special thanks to the kind folks at Datadog who have been sponsoring this newsletter for a very long time. Make sure to check them out if you’re looking for performance monitoring and tell’m you came via cron.weekly.

Further on, there’s quite a bit of financial news in this issue (I know, it surprised me too!), many new & interesting guides, news & tools.

Enjoy!

News

New in Debian stable Stretch: nftables

nftables replaces the good old iptables framework, this post gives some practical commands to help get you started using nftables on Linux.

Truly Seamless Reloads with HAProxy – No More Hacks!

In an age where microservices cause load balancer reconfigures as often as every few minutes, making those changes as unobtrusive as possible is important. The HAProxy team describes their efforts to make true, zero downtime, reloads possible.

Database provider MariaDB secures €25 million from European Investment Bank

That’s a lot of money to go to open source. Congratulations, MariaDB!

Canonical starts IPO path

Even more open source financial news: Canonical is planning to go public, after an initial round of investment. Looks like money will soon flow towards Ubuntu and the other services offered by Canonical.

BBR, the new kid on the TCP block

This isn’t Linux-news per sé, but I know a lot of you appreciate low-level protocol details: BBR is a new TCP delay-controlled TCP flow control algorithm from Google, similar to Vegas, Cubic, … etc.

New distro’s coming to Bash/WSL via Windows Store

Turns out, 2017 is the year of Linux on the desktop, but the desktop just happens to be Windows (credit). Windows is adding additional distro’s, like SUSE and Fedora, to the Windows Subsystem for Linux. Your ‘bash on Windows’ might soon run another distro than Ubuntu.

Estimating CPU Per Query With Weighted Linear Regression

It’s sometimes impossible to answer what’s consuming resources like CPU, IO, & memory in a complex software such as a database. This ebook explains how a specialization of ordinary linear regression answers seemingly unsolvable database questions. (Sponsored)

Tools & Projects

Datadog: all your infrastructure, in one place

Track & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial. (Sponsored)

HackerTarget: Online Vulnerability Scanners

Your favourite Open Source Vulnerability Scanners hosted online for remote security testing. With HackerTarget, perform once off scans or schedule jobs to alert on changes to Internet facing systems. Signup now for immediate access(Sponsored)

Debian 8.8

A new point release on Debian 8 came out last week, fixing mostly security problems.

hobby-kube

A series of steps & guides to start Kubernetes clusters for the hobbyist. This has so many detailed steps and looks like really valuable content if you ever want to get started with Kubernetes.

WireGuard

WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache.

Jackhammer

Jackhammer is a collaboration tool built with an aim of bridging the gap between Security team vs dev team, QA team. It can do static code analysis and dynamic analysis with built-in vulnerability management.

CockroachDB 1.0

These folks also took a new investment round (more open source money!) and announced the 1.0 of CockroachDB, a cloud-native SQL database for building global, scalable cloud services that survive disasters.

gixy

Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection.

Guides & Tutorials

CPU utilization is wrong

Earths shattered, dreams crushed, fantasies annihilated. But besides that, also a very well-written post about how CPU usage is currently being shown on Linux, how to interpret the numbers, etc.

Booting the Linux Kernel Without an initrd/initramfs

Some clever use of /etc/fstab configs, a custom compiled kernel & bootloader changes to make this happen.

Configuring NFS-Ganesha over GlusterFS

You want NFS for its convenience, but what goes on behind your NFS stack? What storage is powering that? This guide explains how to make a GlusterFS backend for your NFS setup.

Use DRBD in a cluster with Corosync and Pacemaker on CentOS 7

Friends don’t let friends use DRBD, but just in case you want to: this guide gets you up-and-running with a DRBD cluster.

Using BTRFS with loopback for compressed directories

This is a clever trick: you can create a local loopback device, format it as BTRFS and mount it with options that enable compression. This can allow you to compress files & directories on a “fake” BTRFS volume.

ProxySQL: High Performance & High Availability Proxy for MySQL (PDF)

Slides with lots of details on using ProxySQL, a high performant proxy for MySQL. Very similar to MariaDB’s MaxScale.

When bash scripts bite

A fair warning when using “set -e” in Bash scripts (to make scripts fail, if any its commands fail). Things don’t always run the way you want.

Videos

LinuxFest Northwest 2017

Lots of good video content on service discovery, PBX, git, credential management, containers, … from the LinuxFest Northwest conference.



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.