When an ISP or Autonomous System (AS) such as Redpill Linpro acquires a block of globally unique IP addresses (called a prefix), it must advertise it to the global Internet routing table. This advertisement causes all other ASes in the world to find out that the new prefix is now alive, and also how and where to send any IP packets destined for it. Connectivity is established, and everybody is happy. Right?
Except there is a problem. The ... [continue reading]
This is the first of three posts about Elastic Stack.
At a glance, Elastic Stack is a web based search engine. It’s like Google. For your logs.
Elastic stack contains multiple components.
You might, like me, once have tried to get something to run on the first Monday of the month, or maybe the last Friday of the month, or something else that’s a combination of a weekday (Mon–Sun) and a «week» (i.e. a date range, like 01–07). The naive approach is to use cron as you would expect it to work:
0 0 1-7 * 1 /usr/bin/foo The surprise comes when this makes foo ... [continue reading]
I’ve always had a bad conscience about the audit trail on the servers I manage. Sure, we use personal accounts and sudo, so we know who ran every command. Unfortunately, the command in the sudo log is often just “bash”.
The reason for this is simple: It is quite awkward to work in the shell when TAB completion doesn’t work. You want to read the error log in /var/log/httpd? Too bad, the directory is off limits for normal users. So ... [continue reading]
All in all, very odd, bash continues to be the most bizarre of languages, convoluted, twisted, but with strange solutions thrown in just when you are about to give up hope entirely.” (forum post at Techpatterns )
When re-working a database backup script at one of my customers I stumbled onto the problem that I wanted to have both proper error handling and at the same time avoid filling the disk.
The code providing the challenge was ... [continue reading]
The intention of this post is to get oneself kick-started into playing with Platform as a Service (PaaS) by interacting with a lab environment that is running in a VM on your local machine. It relies heavily on other parties (OpenShiftOrigin, jmorales, Red Hat and JavaZone) ... [continue reading]
Our company has embraced our local GitLab installation extensively. At its core, GitLab provides a repository management system based on the Git versioning system. A very practical extension to GitLab is the GitLab CI feature.
In short, the GitLab CI is a set of commands that can be run when a repository receives a push, when an API is called, or when it is triggered by someone through the GUI. The commands are specified in a given YAML formatted ... [continue reading]
The network is a very proprietary place. When you buy an IP router or an Ethernet switch, what you’re really buying is a tightly integrated bundle of hardware and software.
Mixing and matching software and hardware components in order to design a network infrastructure tailored to your precise set of requirements is something that has previously been completely unheard of.
For example, imagine that you’ve found a Cisco Systems switch that has the exact hardware specifications you’re after. However, ... [continue reading]
If you rely on SSL/TLS certificates and you have a slew of services to maintain online, things can quickly get out of hand. If you don’t have the time or the resources to keep up to speed with what ciphers to disable or what techniques to employ server-side, you might quickly fall prey to the next “Exploit with a Logo”. Heartbleed, Beast, Poodle and friends come to mind.
The guys at Mozilla have taken measures to give all of us ... [continue reading]
The Varnish Cache project recently released varnish-5.0, and Varnish Software released hitch-1.4.1. I have wrapped packages for Fedora and EPEL.
... [continue reading]