Saw this picture showing what your log levels should actually be and figured it was awesome. Thought you might like it too! (Also Jamie’s content is fab generally)
@dylanbeattie has advised some new names for common log levels #TechNott pic.twitter.com/tVu5AJ0b9I
— Jamie Tanna | www.jvt.me (@JamieTanna) October 8, 2018
One to read: “A Beginner’s Guide to IPFS”
Ever wondered about IPFS (the “Inter Planetary File System”) – a new way to share and store content. This doesn’t rely on a central server (e.g. Facebook, Google, Digital Ocean, or your home NAS) but instead uses a system like bittorrent combined with published records to keep the content in the system.
If your host goes down (where the original content is stored) it’s also cached on other nodes who have visited your site.
These caches are cleared over time, so are suitable for short outages, or you can have other nodes who “pin” your content (and this can be seen as a paid solution that can fund hosts).
IPFS is great at hosting static content, but how to deal with dynamic content? That’s where PubSub comes into play (which isn’t in this article). There’s a database service which sits on IPFS and uses PubSub to sync data content across the network, called Orbit-DB.
It’s looking interesting, especially in light of the announcement from CloudFlare about their introduction of an available IPFS gateway.
It’s looking good for IPFS!
This was automatically posted from my RSS Reader, and may be edited later to add commentary.
At work, we share tips and tricks, and one of my colleagues recently called me out on the following stanza I posted:
I like this [ansible] one for Debian based systems:
- name: "Apt update, Full-upgrade, autoremove, autoclean"
become: yes
apt:
upgrade: full
update_cache: yes
autoremove: yes
autoclean: yes
And if you’re trying to figure out how to do that in Shell:
apt-get update && apt-get full-update -y && apt-get autoremove -y && apt-get autoclean -y
His response was “Surely you’re not logging into bash as root”. I said “I normally sudo -i as soon as I’ve logged in. I can’t recall offhand how one does a sudo for a string of command && command statements”
Well, as a result of this, I looked into it. Here’s one comment from the first Stack Overflow page I found:
You can’t run multiple commands from
sudo– you always need to trick it into executing a shell which may accept multiple commands to run as parameters
So here are a few options on how to do that:
sudo -s whoami \; whoami (link to answer)sudo sh -c "whoami ; whoami" (link to answer)An alternative using eval so avoiding use of a subshell:
sudo -s eval 'whoami; whoami'
Why do I prefer the last one? Well, I already use eval for other purposes – mostly for starting my ssh-agent over SSH, like this: eval `ssh-agent` ; ssh-add
Ever been told that IPsec is hard? Maybe you’ve seen it yourself? Well, Paul Wouters and Sowmini Varadhan recently co-delivered a talk at the NetDev conference, and it’s really good.
Sowmini’s and Paul’s slides are available here: https://www.files.netdevconf.org/d/a18e61e734714da59571/
A complete recording of the tutorial is here. Sowmini’s part of the tutorial (which starts first in the video) is quite technically complex, looking at specifically the way that Linux handles the packets through the kernel. I’ve focused more on Paul’s part of the tutorial (starting at 26m23s)… but my interest was piqued from 40m40s when he starts to actually show how “easy” configuration is. There are two quick run throughs of typical host-to-host IPsec and subnet-to-subnet IPsec tunnels.
A key message for me, which previously hadn’t been at all clear in IPsec using {free,libre,open}swan is that they refer to Left and Right as being one party and the other… but the node itself works out if it’s “left” or “right” so the *SAME CONFIG* can be used on both machines. GENIUS.
Also, when you’re looking at the config files, anything prefixed with an @ symbol is something that doesn’t need resolving to something else.
It’s well worth a check-out, and it’s inspired me to take another look at IPsec for my personal VPNs :)
I should note that towards the end, Paul tried to run a selection of demonstrations in Opportunistic Encryption (which basically is a way to enable encryption between two nodes, even if you don’t have a pre-established VPN with them). Because of issues with the conference wifi, plus the fact that what he’s demoing isn’t exactly production-grade yet, it doesn’t really work right, and much of the rest of the video (from around 1h10m) is him trying to show that working while attendees are running through the lab, and having conversations about those labs with the attendees.
I’m sure that anyone doing operational work has been asked at some point if you can run a “TCPDump” on something, or if you could get a “packet capture” – if you have, this tool (as spotted on the Check Point community sites) might help you!
Using simple drop-down fields for filters and options and using simple prompts, this tool tells you how to run each of the packet capturing commands for common firewall products (FortiGate, ASA, Check Point) and the more generic tcpdump tool (indicated by a Linux Penguin, but it runs on all major desktop and server OSs, as well as rooted Android devices).
Well worth a check out!
Format: Websites loaded on projector. Classroom layout. 20 attendees.
Websites: hacktoberfest.digitalocean.com, github.com
Video: None
Slot: Slot 4 Saturday 12:30-13:00
Notes: This was an opportunity to promote Hacktoberfest, and explain how github pull requests work.
Format: Slide deck on a large TV. Meeting room layout. 10 attendees.
Slides: https://jon.sprig.gs/blog/post/slideshow/10-protocols-in-20-minutes
Video: None
Slot: Slot 1 10:55-11:20
Notes: IP, ICMP, TCP, UDP, DNS, HTTP, TLS, SSH, IPSEC, and (not actually a protocol) TOTP
Good questions from the audience.
One to read: “Tyblog | Systemd for (Impatient) Sysadmins”
The two parts about this post which interest me the most are about timers (a replacement for Cron, perhaps?) and User Instances (likewise, a replacement for how I use Cron :) ). There’s other interesting stuff here, but this is the crux of it for me!
This blog post was found via cron.weekly #89.
Wow, now there’s a specific post title…
I use Ansible… quite a bit :) and one of the things I do with Ansible is to have a standard build desktop that I can create using Vagrant. Recently I upgraded the base to Ubuntu 18.04, and it annoyed me that I still didn’t have a working keyboard combination, so I kept getting US keyboards. I spent 20 minutes sorting it out, and here’s how to do it.
- name: Set keyboard layout
debconf:
name: "keyboard-configuration"
question: "keyboard-configuration/{{ item.key }}"
value: "{{ item.value }}"
vtype: "{{ item.type|default('string') }}"
with_items:
- { key: "altgr", value: "The default for the keyboard layout", vtype: "select" }
- { key: "compose", value: "No compose key", vtype: "select" }
- { key: "ctrl_alt_bksp", value: "false", type: "boolean" }
- { key: "variant", value: "English (UK)", vtype: "select" }
- { key: "layout", value: "English (UK)", vtype: "select" }
- { key: "model", value: "Generic 105-key PC (intl.)", vtype: "select" }
I posted how I got to this point over at the Server Fault post that got me most of the way. https://serverfault.com/a/912342/14832
For those of you who are working with #Ansible… Ansible 2.5 is out, and has an unusual documentation change around a key Ansible concept – `with_` loops Where you previously had:
with_dict: "{{ your_fact }}"
or
with_subelements:
- "{{ your_fact }}"
- some_subkey
This now should be written like this:
loop: "{{ lookup('dict', your_fact) }}"
and
loop: "{{ lookup('subelements', your_fact, 'some_subkey') }}"
Fear not, I hear you say, It’s fine, of course the documentation suggests that this is “how it’s always been”…… HA HA HA Nope. This behaviour is new as of 2.5, and needs ansible to be updated to the latest version. As far as I can tell, there’s no way to indicate to Ansible “Oh, BTW, this needs to be running on 2.5 or later”… so I wrote a role that does that for you.
ansible-galaxy install JonTheNiceGuy.version-check
You’re welcome :)
More useful URLs: