Author Archives: mralcadmin

Admin Admin Podcast #65 Show Notes – Learning to accept failure

This is the episode of the ironsysadin podcast we discuses in the podcasts

Windows admin Center is the new way to manage servers in windows 2016.

tldr command

Tiny Tiny RSS

Jon’s Learning List!

Mailing List: DevOps’ish: devopsish.com
Mailing List: Andy Bounds Tuesday Tip: andybounds.com
Mailing List: Security Newsletter: securitynewsletter.co
Mailing List: Awesome Self Hosting: selfhosted.libhunt.com
Mailing List: Servers for Hackers: serversforhackers.com
Mailing List: The Hustle: thehustle.co
Mailing List: Versioning: versioning.substack.com
Mailing List: Cron Weekly: cronweekly.com
Mailing List: DevOps Weekly: devopsweekly.com
Mailing List: Monitoring Weekly: http://weekly.monitoring.love
Mailing List: Raspberry Pi Weekly: https://www.raspberrypi.org/weekly
Mailing List: SRE Weekly: sreweekly.com
Packt Daily Free Book: https://www.packtpub.com/packt/offers/free-learning
RSS: SysAdvent: http://sysadvent.blogspot.com/feeds/posts/
RSS: How I Automate: https://howiautomate.wordpress.com/
RSS: Free Tech Books: http://www.freetechbooks.com/rss
Slack: HangOps: hangops.slack.com
Slack: All Day Devops: alldaydevops.slack.com
Slack: Manchester Tech: mcrtech.slack.com
Podcast: Defensive Security
Podcast: Darknet Diaries
Podcast: Risky Business

Al’s List

Mailing List: THE WORD FROM GOSTEV – You need to signup to this forum to get the weekly Veeam  Digest.
Podcast: Minimalist
Podcast: brendon.com

Admin Admin Podcast #64 – Show Notes Enter the Matrix

    • Enabling TLS 1.2 and disabling TLS 1.1, 1.0 and SSL 3.0 and SSL 2.0.
      • Test your Server to what SSL/TLS version you website uses – ssl labs
      • Enable/Disable TLS versions via a GUI  –  IISCrypto
    • Immutable Infrastructures – CoreOS
      • CoreOS is a linux distribution that is completely described by YAML
      • Kubernetes – learnt a bit more about it by actually installing it (kubespray), also, trying to do it in an “air-gapped” environment proved hard work
      • kubespray works by bootstrapping python onto the CoreOS nodes so it can use ansible.
      • Doing Immutable Infrastructure with deb packages?
      • Docker
      • Terraform
        • Plan & Apply stage
        • Providers talk to cloud provider APIs
      • Lab with PXE Booting using Ansible
    • Highly available Network Appliances on OpenStack
      • Allowed_Address_Pairs – 0.0.0.0/1 and 128.0.0.0/1
      • Virtual MAC address between HA members, which means adding an extra Allowed_Address_Pairs pair per Virtual MAC address
      • Ansible with Jinja2 for the Allowed_Address_Pairs variable
    • Ansible 2.5 is out
      • With_SubElements has been depreciated – still works, but documentation refers to loop and lookup plugins
      • loops can have names now
      • roles: has been replaced by include_roles
      • Ansible Galaxy roles don’t need to be the files from galaxy.ansible.com – you can use Git repos.
    • Matrix.org / riot.im
      • Bridges to Telegram and others
      • Matrix.org runs bridges to IRC, Slack and Gitter and host some bots and plugins.
      • Other bridges are in-place (e.g. t2bot.io) and you can host your own.
      • French Government to use Matrix as their inter-government communication system
      • Synapse (Matrix.org homeserver) federates between all the other Synapse servers, and updates the servers when they all come back online. Demo at matrix.org.
    • Email about Postlayer (Email and Spam Filtering) being demised
      • Replaced by Fusemail
      • Discussed open source options (no conclusion)
    • Bullet journal revisited
      • Monthly too often – weekly…
  • Audio Production by Dave Lee @thebugcast
  • Fosstalk Live
  • Glasgow Podcrawl
  • Oggcamp

Admin Admin Podcast #63 – Show Notes Diving into Ansible

In this edition of the Admin Admin Podcast, we discuss a little bit about FOSDEM and ConfigMgmtCamp, and then our deep-dive on Ansible.

When talking about Ansible, we talk about the alternatives (Puppet, Chef, Salt, Desired State Configuration and reverse DSC, and that you can install software on Windows via Group Policy), and then talk about:

We plug the following forthcoming events: FossTalk Live – 9th June at King’s Cross, London, Glasgow Podcrawl – 28th July, Glasgow and OggCamp – 18th and 19th August, Sheffield

We mention the following other things: Jerry’s Tech Blog, Bullet Journals, Hackable Podcast, Cool Tools Podcast, Centre for Computing History, Cambridge, and the fiction series Within the Wires.

Admin Admin Podcast #62 Show Notes – Admin in the Ham Shack

Special Guest Co-Presenter: Russ Woodman from Linux In The Ham Shack

Errata: Jon got Streisand Routing wrong in the last show.

Russ works for a Broadband Carrier (ISP) that also supplies telephone, cellular (mobile), internet, satellite and cable. He’s in a team of 5 people, and is the main escalation point for the team.

Jon explains “Pets versus Cattle” (badly) and Russ explains they’re converting from Pets to Cattle.

The Broadband Carrier that Russ works for uses mostly open source technologies, and he is trying to move to more robust services.

He explains his path to Linux and Open Source, via VMS, BSD, Minix and SCO Unix. He started in his current job just after Y2K but has been working in System Administration for many years before that.

Russ talks about using Amateur Radio with Linux and Open Source.

We talk about how his job has changed, which is mostly in the abstraction of Hardware away from users, but Russ also talks about REST APIs and SOAP.

We all talk about Cloud reliability and cost.

Jerry brings up RINA.

Russ talks about his home network. Jon talks about “Becoming your own WISP”.

Al asks Russ about Amateur Radio and how you use it from Linux. Russ talks about different transmission modes and encoding/decoding. He then explains a bit about the Linux In The Ham Shack podcast.

Al talks about setting up a new server for hosting WordPress and how he’s moving away from FreeBSD to Ubuntu (or RedHat/CentOS). He asks for guidance about Ansible and authentication. Russ suggests OpenSUSE as an alternative to review as well. Jon mentions about commercial support. Jon also talks about the recent history of SUSE. Al asks about running sudo to become root. Jon talks about setting up TOTP (Google Authenticator) and enabling it for PAM authentication.

Al also asks about Linux permissions. Russ talks about setting permissions. There is a talk about SetUID and SetGID. Jon suggests using containers or chroot instead of trying to harden a whole machine. Jerry talks about ACLs.

Al goes on to ask about whether he’s in the right job. Jerry, Jon and Russ all provide their viewpoints.

Al mentions about a telegram group which he heard about on Tuxjam Podcast which alert you on the latest security alerts  https://t.me/itsecalert

We read some feedback

We ask a question for a follow-up podcast – if you have got some suggestions about how you would do a backup for your clients and customers which doesn’t involve spending money, or at least, as cheaply as possibly.

We mention FossTalk Live (9th June at King’s Cross, London), OggCamp (18th and 19th August in Sheffield) and Podcrawl Glasgow (28th July in Glasgow).

Please consider spreading the word about the podcast. We have a presence on Facebook and Twitter. The team chat on Telegram, and if you want to support the show, we have a Patreon account.

What would you would like to see on the podcast? Is there anything we should change? Please get in touch via our Telegram group or email feedback@nospam.adminadminpodcast.co.uk (remove the filter to send the mail…) 🙂

Admin Admin Podcast #61 Show Notes – Not quite so ephemeral

Show notes:

  • Relaunched the podcast!
    • Andy has stepped back 🙁
    • Jon Spriggs has stepped in 🙂
    • Al and Jerry are sticking around 🙂
    • We’re planning to do a monthly release (starting this month!)
    • Hopefully better audio (although, Jerry’s audio played up a bit in the middle… we know why, we’re fixing it for the next time!)
    • If you want us to make any changes, let us know!
  • How do you name servers?
    • Al mentioned the Iron Sysadmin Podcast
    • We basically concluded that naming by function is probably best in managed networks, but that’s based on how you manage your security posture.
    • We briefly touched on how we name our personal machines… but who typically has more than one personal laptop? 🙂
    • It’s different in cloud environments – hosts may have ephemeral names, and Jon explained about Ephemeral Naming, and how that works with DNS names.
  • Talking about home routers
  • Home labs
    • Jon mentioned the Home Labs facebook group
    • Jon and Al mentioned their home lab kit, while Jerry explained how he threw away all his old kit, and now uses the cloud
    • Jon explained how he got in trouble because he got rid of his old kit and explained how he debugged hardware failure on a computer with no spare parts
    • All the hosts explain that they virtualize everything
    • Jon and Jerry both use talked about using Vagrant to stand up boxes both locally and remotely using the Digital Ocean Plugin or AWS Plugin. Jerry has also used the VSphere Plugin and mentioned the Azure Plugin. Jerry mentioned using the Mosh plugin and Jon mentioned the you can use RDP (as well as SSH) and talks about the Vagrant Cachier plugin
    • Jerry mentioned “Kubernetes the Hard Way
    • Jon explained how he separates out the Vagrant boxes on his home server, and (at GREAT LENGTH) incorrectly explained how he sets up the networking for his VPN appliance – he’ll explain more in another show!
    • Al mentioned Openstack
    • Jerry mentioned the “Partner Acceptance Test” and noted that anything more significant than what we have would fail this test
  • Firewalls
  • AOB