cron.weekly issue #80: nftables, BBR, WireGuard, Kubernetes, %CPU, GlusterFS, BTRFS & moreMay 14, 2017 - Mattias Geniar
Welcome to cron.weekly issue #80 for Sunday, May 14th, 2017.
If you’re also responsible for Windows servers, this probably hasn’t been a good week for you. Good luck in patching everything against the cryptolocker worm doing the rounds!
I’d also like to give a special thanks to the kind folks at Datadog who have been sponsoring this newsletter for a very long time. Make sure to check them out if you’re looking for performance monitoring and tell’m you came via cron.weekly.
Further on, there’s quite a bit of financial news in this issue (I know, it surprised me too!), many new & interesting guides, news & tools.
nftables replaces the good old iptables framework, this post gives some practical commands to help get you started using nftables on Linux.
In an age where microservices cause load balancer reconfigures as often as every few minutes, making those changes as unobtrusive as possible is important. The HAProxy team describes their efforts to make true, zero downtime, reloads possible.
That’s a lot of money to go to open source. Congratulations, MariaDB!
Even more open source financial news: Canonical is planning to go public, after an initial round of investment. Looks like money will soon flow towards Ubuntu and the other services offered by Canonical.
This isn’t Linux-news per sé, but I know a lot of you appreciate low-level protocol details: BBR is a new TCP delay-controlled TCP flow control algorithm from Google, similar to Vegas, Cubic, … etc.
Turns out, 2017 is the year of Linux on the desktop, but the desktop just happens to be Windows (credit). Windows is adding additional distro’s, like SUSE and Fedora, to the Windows Subsystem for Linux. Your ‘bash on Windows’ might soon run another distro than Ubuntu.
It’s sometimes impossible to answer what’s consuming resources like CPU, IO, & memory in a complex software such as a database. This ebook explains how a specialization of ordinary linear regression answers seemingly unsolvable database questions. (Sponsored)
Tools & Projects
Track & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial. (Sponsored)
Your favourite Open Source Vulnerability Scanners hosted online for remote security testing. With HackerTarget, perform once off scans or schedule jobs to alert on changes to Internet facing systems. Signup now for immediate access. (Sponsored)
A new point release on Debian 8 came out last week, fixing mostly security problems.
A series of steps & guides to start Kubernetes clusters for the hobbyist. This has so many detailed steps and looks like really valuable content if you ever want to get started with Kubernetes.
WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache.
Jackhammer is a collaboration tool built with an aim of bridging the gap between Security team vs dev team, QA team. It can do static code analysis and dynamic analysis with built-in vulnerability management.
These folks also took a new investment round (more open source money!) and announced the 1.0 of CockroachDB, a cloud-native SQL database for building global, scalable cloud services that survive disasters.
Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent security misconfiguration and automate flaw detection.
Guides & Tutorials
Earths shattered, dreams crushed, fantasies annihilated. But besides that, also a very well-written post about how CPU usage is currently being shown on Linux, how to interpret the numbers, etc.
Some clever use of /etc/fstab configs, a custom compiled kernel & bootloader changes to make this happen.
You want NFS for its convenience, but what goes on behind your NFS stack? What storage is powering that? This guide explains how to make a GlusterFS backend for your NFS setup.
Friends don’t let friends use DRBD, but just in case you want to: this guide gets you up-and-running with a DRBD cluster.
This is a clever trick: you can create a local loopback device, format it as BTRFS and mount it with options that enable compression. This can allow you to compress files & directories on a “fake” BTRFS volume.
Slides with lots of details on using ProxySQL, a high performant proxy for MySQL. Very similar to MariaDB’s MaxScale.
A fair warning when using “set -e” in Bash scripts (to make scripts fail, if any its commands fail). Things don’t always run the way you want.
Lots of good video content on service discovery, PBX, git, credential management, containers, … from the LinuxFest Northwest conference.