While debugging a problem with OCSP, I had to sit down and understand what it really does and why. So What is OCSP, and why do we use it?
... [continue reading]systemd comforts
One common complaint about systemd is that it does «too much», where the threshold for the appropriate amount of action is left unspecified. Some of the stuff it can do is hold your hand and offer some comfort functions.
... [continue reading]Running wallscreens using a Raspberry Pi
For the wallscreens within the operations department, we currently use Raspberry Pies and provision those using Ansible. We found that the USB sockets on a typical LCD TV do not provide enough power for a Raspberry Pi model 3, so we went for the cheaper – although a little less powerful – model 2. Since we have cabled network in place from before, this does not really pose any limitations.
The Inventory
- Raspberry Pi 2 Model ... [continue reading]
Encrypted cloud backups with Duplicity
Duplicity is a piece of software that can perform encrypted backups to remote storage over the network. It uses the rsync algorithm to implement incremental backups, thus minimising the amount of data that needs to be transferred over the network and stored remotely. The GNU Privacy Guard is used to provide strong encryption, making it safe to keep your backups in one of the many public cloud storage solutions.
In this post, I will demonstrate basic usage ... [continue reading]
Systemd at 3am
A few of systemd features that helps you and your fellow sysadmins.
At 3am, I want to sleep. I do not want SMS with “Service X is down”, and I do not want my systems to wake the on-call personnel, so they can scratch their heads and call me about “Service X is down, and I need help fixing it”.
There are a couple of things you can do to avoid this.
Automatic restarts
Sometimes processes die. Particularly at ... [continue reading]
Feeding the Elastic Stack
This is the last of three posts about Elastic Stack.
By now, we should have a reasonably secure Elastic Stack. It is sadly empty, so we should feed it some logs.
Logstash is a log processor. It can be configured with inputs, filters, and outputs.
- Inputs are commonly log files, or logs received over the network.
- Filters are used to accept, drop and modify log events.
- Outputs are used for storing the filtered logs.
Filebeat is a log ... [continue reading]
Enabling HTTP/2 for a site
When we installed the new frontend nodes for our main site, we wanted make use of some technologies that aren’t yet in broad use by our customers. The intention was both to gain more experience with said technologies, and to show that they are ready for production use. HTTP/2 was one of these technologies.
Why use HTTP/2?
HTTP/2 offers several features that improve the load speed of pages. To quote the HTTP/2 FAQ, the new version of ... [continue reading]
Small-scale honeynet with Raspberry Pi
The Raspberry Pi units are small and don’t use much power. If you have one or two to spare, why not use them to explore the sweet smell of honeypots?
Ye who enter here
First of all, a warning: Even though honeypot software is usually isolated from the underlying operating system, bugs do exist and accidents can happen. You should not run any other services on a system hosting honeypot software.
I would not recommend running an unattended ... [continue reading]
Deduplication of old file systems
Modern file systems, and even storage systems, might have built-in deduplication, but common file systems still do not. So checking for redundant data and do deduplication when possible might save disk space.
Once up on a a time, there was a system, were we had this 6TB spool of binary files on an production ext4 file-system, and the volume was running out of disk space. The owner of the data thought it likely that there were duplicates in the vast ... [continue reading]
JMole monitoring framework
Monitoring Java applications can be a painful operation that often require lots of configuration, with technologies like byte code instrumentation and JMX, you can literally have thousands of Metrics to choose from just from a single Java application. This post will talk about JMole which has good sensible defaults that makes monitoring java applications much less painful.
JMole is an excellent monitoring client framework for gathering data dynamically from various Java MBeans (Java 6 and higher). It consists of a ... [continue reading]