In this bumper feedback episode we talk about line endings in files, OpenStack, secrets management, and protecting your network.
Show Notes: https://www.adminadminpodcast.co.uk/ep087sn/
Podcast: Play in new window | Download
In this bumper feedback episode we talk about line endings in files, OpenStack, secrets management, and protecting your network.
Show Notes: https://www.adminadminpodcast.co.uk/ep087sn/
Podcast: Play in new window | Download
In this bumper feedback episode we talk about line endings in files, OpenStack, secrets management, and protecting your network.
Iain asks:
Hello all,
I hear a lot about Openstack but whenever I try to find out stuff about it, I get vague buzzword-laden and vague comments from “evangelists”. Could any of you guys explain to an IT-literate but not a sysadmin end user, what the hell Openstack is?
Stu explains what OpenStack is built for, where it’s often deployed these days, and some of the issues he’s seen with it.
Jon talks about some of the components inside OpenStack, and how OpenStack upgrades can have issues.
Jon and Stu talk about companies who were selling OpenStack distributions, and comparisons to Kubernetes.
Jerry mentions that many of the problems OpenStack was created to solve are now mostly solved by Kubernetes. He also mentions that we discussed Kubernetes in Episode 51.
Jon mentions Eucalyptus, nominally as an alternative to using AWS S3 or OpenStack Swift (the object storage module), but also mentions it could be used to virtualize some of the other services provided by AWS.
Al asked about “Dark Matter Engineering” which he’s heard about on Coder Radio. We presume it’s code that isn’t released into the public, or never gets any traction. We also discuss Linode and compare it to Digital Ocean as a result of the adverts run on Coder Radio.
Jay provides some feedback:
Hi, in your last podcast someone mentioned having an issue with VSCode in windows always saying that files were all edited.
What’s probably going on is a wrong setting for the
core.autocrlf
setting.You can fix it by opening powershell in windows and running
git config --global core.autocrlf input
https://git-scm.com/book/en/v2/Customizing-Git-Git-Configuration#_formatting_and_whitespace
There are 3 settings, but I always recommend the ‘input’ one, as it converts everything to LF endings on commit, and checks out without modification.
Also, you may be interested in a recent networking video series I made: https://jaytuckey.name/2020/10/18/how-websites-load-a-deep-dive-into-the-ip-network-stack-and-how-it-is-used-to-connect-to-a-site/
Jon talks about how he’s got Microsoft’s Windows Subsystem for Linux (WSL) setup and how he organizes his “My Documents” directory structure. He mentions “Symbolic Links” to easily find Windows directories in his WSL environment.
We also talk about Line Endings (CR – Carriage Return, LF – Line Feed, CR+LF). Jon incorrectly recalls CR as ASCII character 10 (it should be 13) and LF as ASCII character 13 (it should be 10).
WIE E asks for help with Secrets Management in a Continuous Integration (CI)/Continuous Delivery (CD)/Continuous Deployment (CD) environment.
Stu talks about Gitlab, HashiCorp Vault, and AWS IAM roles, which Jerry extends to include Azure System Assigned Identities. Jerry mentions that you can use your provisioning system to create a per-system key during a build, which never commit to your version control system.
Jon mentions about protecting CI/CD/CD systems and references the exploit of a CI/CD system on the Matrix.org project.
Yannick asks:
VPN: always on or not?
How to protect the target network – i.e. does my machine becomes the weakest link in the network and what can/should I do to protect the network ?
Jon talks about his views on always-on Client-to-Server Virtual Private Network (VPN) connections.
Al mentions that he thought the question was talking about Site-to-Site VPNs, and Jon suggests that VPNs typically now auto-establish themselves when traffic is initiated from the “Encryption Domain” on one side of the network to the “Encryption Domain” on the other side of the network. Jon refers to IPsec Phase 1 and Phase 2 which are two stages of a VPN tunnel, dealing with the initial connection between the “left” and “right” sides of a VPN tunnel, and the connections between two encryption domains (subnets or hosts at either end of the tunnel). Jon also mentions about various encryption algorithms like DES, Triple DES, AES, and hashing algorithms like SHA1.
Jerry quotes “Clarke’s Third Law“: Any sufficiently advanced technology is indistinguishable from magic.
Jon mentions about the Diffie Hellman Key Exchange video, and then talks about browse-down management environments and references the National Cyber Security Centre (NCSC) End User Device security guidance for hardening machines. He also talks about segregating network segments for protecting trusted and untrusted networks, and then goes into “Zero Trust” networks, mentions “CASB“. Jon and Stu both talk about broadcast domains in a network, and how you can work around that.
Jerry mentions about Bastion Hosts, and Jon explains why they’re not really a good idea.
Jon butchers talking about User Behaviour Analytics (UBA) systems. He also mentions about a protocol break.
We’re a member of the Other Side Podcast Network. The lovely Dave Lee does our Audio Production.
We want to remind our listeners that we have a Telegram channel and email address if you want to contact the hosts. We also have Patreon, if you’re interested in supporting the show. Details can all be found on our Contact Us page.
The whole crew is back together for the first time in a while, talking about: Git commit hooks, Windows as a development environment, cloud network firewalls, and Azure DevOps.
~/.aws/config
) and the Windows expected path (%UserProfile%\.aws
) worked around this issue!/etc/wsl.conf
to configure mounting the Windows drives into WSL, and notes that you can configure it to permit POSIX style file permissions with this sample:[automount] options = "metadata"
/mnt/c/Users/Jon/Documents
and ~/Documents
to “easily” get into the Windows paths that are backed up in Windows.\\wsl$
in Windows Explorer, you can access the Linux file system from Windows Subsystem for Linux. Stu mentions he has this open in the left hand pane in Explorer all the time!code
in any path in WSL (or Command Prompt, for that matter [ed.]) it will open that folder in Visual Studio Code.count
and for each
statements. Jon also mentions about defining which “providers” to use in the Terraform files. He also notes that you can get into a dependency loop if you have several modules with different provider files. Talking of Providers, Jon mentions using the “null” provider, but doesn’t explain what he uses it for.We’re a member of the Other Side Podcast Network. The lovely Dave Lee does our Audio Production.
We want to remind our listeners that we have a Telegram channel and email address if you want to contact the hosts. We also have Patreon, if you’re interested in supporting the show. Details can all be found on our Contact Us page.
The whole crew is back together for the first time in a while, talking about: Git commit hooks, Windows as a development environment, cloud network firewalls, and Azure DevOps.
Show Notes: https://www.adminadminpodcast.co.uk/ep086sn/
Podcast: Play in new window | Download
In this episode, without Jerry this time, we talk about Object Orientated Programming, provisioning machines with Terraform, Ansible, and Azure DevOps, and how to build new machines.
Show Notes: https://www.adminadminpodcast.co.uk/ep085sn/
Podcast: Play in new window | Download
No Jerry this time, but we do have Al back!
/etc/
and /home/<user>/
with Vagrant to test each stage of the build, and to see what files are changed by each action performed. Once you’ve got your build instructions based on that, you can use something like Ansible, Salt, Puppet or Chef to apply pos-install statements.https://boxstarter.org/package/<yourpackage>
and https://boxstarter.org/package/url/?some_path_to_a_boxstarter_set_of_instructions
.We’re a member of the Other Side Podcast Network. The lovely Dave Lee does our Audio Production.
We want to remind our listeners that we have a Telegram channel and email address if you want to contact the hosts. We also have Patreon, if you’re interested in supporting the show. Details can all be found on our Contact Us page.
We’re a member of the Other Side Podcast Network. The lovely Dave Lee does our Audio Production.
We want to remind our listeners that we have a Telegram channel and email address if you want to contact the hosts. We also have Patreon, if you’re interested in supporting the show. Details can all be found on our Contact Us page.
In this episode, without Al, who sadly couldn’t make the show this time, we talk about Hashistack, Git, and what we’ve been up to.
Show Notes: https://www.adminadminpodcast.co.uk/ep084sn/
Podcast: Play in new window | Download
In this episode, we talk about Terraform, provisioning servers in Azure, Ansible best practices, and what we’ve been up to recently.
Show Notes: https://www.adminadminpodcast.co.uk/ep083sn/
Podcast: Play in new window | Download
ansible-galaxy
to create role template directories.Astute members of the community will notice that we’re now a member of the Other Side Podcast Network.
We want to remind our listeners that we have a Telegram channel and email address if you want to contact the hosts. We also have Patreon, if you’re interested in supporting the show. Details can all be found on our Contact Us page.
TRIGGER WARNING: We mention the current Covid-19/Coronavirus situation a few times in the podcast, but without really going into any details about it.
We add Stu to our permanent line-up! Welcome Stu!
Al started a new job. He’s doing Agile working, with sprints and standups. They’re On-Prem and in Azure. He’s considering looking at Ansible with AWX to standardise their builds. He’s started using Slack, and noted that the company he works for uses Slack rather than Email for most conversations.
We talk about using GMail instead of Exchange. Jon mentions about a blog post talking about improving workflow in GMail following a comment in the Bad Voltage community slack.
Jerry mentions that Slack’s free plan has a limit on the number of messages you can recall. Stu mentions that his company were using Slack, but that they’ve started the migration to MS Teams. Jon mentioned that the backgrounds in Teams videocalls can be changed, or set to a blur. [New Path?]
Jon explains what CI/CD/CD stands for and explains what it can be used for. He also mentions that he wrote some AWX deployment scripts as part of a Gitlab and AWX demo which might be useful. He also mentions that he recorded a video about how AWX works.
Jon explains that he’s been writing documentation at work, and that outside work, he’s building a card playing game script that is based on the code he wrote for talk scheduling at OggCamp and inspired by the code he wrote for CCHits.net. Al also notes that Laravel is good for a PHP framework, and mentioned that Jon suggested it to him…
Al mentions playingcards.io as an alternative to writing his own game, and said he uses that to play Cards Against Humanity. Jon counters with houseparty.com .
Al then said that he’s using Git at work, which is the first time he’s using Git at work, rather than just in his personal life. Jon asks if Al’s signing his commits, and suggests using krypt.co to perform Two Factor Authentication (2FA) where you pair your phone to a browser and use the phone as the U2F authenticator, and it also has a mode where you can also pair the phone to enable signed git commits and use the phone as an separate SSH key provider too, if you turn the “developer” switch on in the phone app.
Stu talks about bypassing AWS network architecture moving to linux based routers, moving Prometheus/Consul into production, and why they’re doing that, and about some blogs he’s been writing about automating network products with Ansible. Jon talks about the Ansible modules moving out from Ansible core, and into Ansible Collections. Jon mentions looking at Nebula instead of changing the AWS network architecture, and explains how this works with NAT environments. He makes reference to a Pull Request he’s raised to add more documentation. We talked about Nebula in Episode 80.
Jerry has just got a new job, which is a permanent role, making a change from his previous freelance environment. Until that job starts he’s been writing some documentation on Disaster Recovery for sysadmin with VProtect, and also been looking at providing some support to a developer to provide configuration management tooling and new images with Packer [ ].
Al mentions that another podcast (the Mike Tech Show) had a question about using appliances that need IPv6, when you don’t have IPv6, like several of the hosts have with PlusNet. Jon used Hurricane Electric to create an IPv6 gateway. The downside to this was that the connection became much more flakey because you’re effectively using Hurricane Electric as a VPN provider. Stu mentions that this is likely to be because of “Happy Eyeballs“. We talked about Jon’s IPv6 gateway in Episodes 73 and 72.
Jerry mentions that he had an interesting situation because of his printer and was being detected on it’s IPv6 address, not on the IPv4 address. Jon makes some suggestions on alternatives using trunking or VLANs. We discuss how complicated our networks are, and what our partners/spouses will do if we’re not available in case of a disaster with that network.
We want to remind our listeners that we have a telegram channel and email address if you want to contact the hosts. We also have Patreon, if you’re interested in supporting the show. Details can all be found on our Contact Us page.
In this episode, we welcome Stu to our regular line up, plus we have a general catch up about what we’ve been doing at work, CI/CD and Ansible, networking, and working from home.
Show Notes: https://www.adminadminpodcast.co.uk/ep082sn/
Podcast: Play in new window | Download