okd – The Origin Community Distribution of Kubernetes that powers Red Hat OpenShift.

Built around a core of OCI container packaging and Kubernetes container cluster management, OKD is also augmented by application lifecycle management functionality and DevOps tooling. OKD provides a complete open source container application platform.

OKD is a distribution of Kubernetes optimized for continuous application development and multi-tenant deployment. OKD adds developer and operations-centric tools on top of Kubernetes to enable rapid application development, easy deployment and scaling, and long-term lifecycle maintenance for small and large teams. OKD is the upstream Kubernetes distribution embedded in Red Hat OpenShift.

KD embeds Kubernetes and extends it with security and other integrated concepts. OKD is also referred to as Origin in github and in the documentation. An OKD release corresponds to the Kubernetes distribution – for example, OKD 1.10 includes Kubernetes 1.10. If you are looking for enterprise-level support, or information on partner certification, Red Hat also offers Red Hat OpenShift Container Platform.

Find out more at its website.

Be careful: Microsoft Outlook iOS app is using Azure cloud services to process, store and cache your email data

I tried out the Microsoft Outlook app on iOS. Checking what kind of features this product might bring to me or my customers.
Since I do host my own email services on my servers, I realized after some time, that Microsoft catches your emails via an online service, hosted on Microsoft’s own Azure cloud platform.

THIS, I DID NOT know beforehand!

This means to me and for everybody else:

  • Using this Software will transfer, cache and store my email data in a Microsoft cloud service.
  • My email account information will be transfered to and stored within this cloud service environment. For Exchange based accounts and also your normal IMAP and POP3 based accounts
  • Since the Microsoft cloud service is a service provided by an American company that has to follow the law of the United States, it is not clear whether you or the company itself is able to make sure, that your data is secured under the duties of the European data protection security laws.

After some quick research I found the following architecture diagram on a Microsoft website, explaining their technology:

Here ist the link to the Microsoft website explaining their technology. 

Result for me:

I did immediately stop using this product for accounts I host directly on my email servers and changed the account information for every account I did use and connect with this tool.

Changes between Red Hat Enterprise Linux 6 and 7

The distribution RHEL 7.x comes with a lot of changes on the administration side. Make sure you are aware of those and plan the migration of your infrastructure.

Paket manager Yum shifts to DNF

Yum is going to be deprecated and replaced by DNF.  It brings some significant changes:

  • Faster, more mathematically correct method for solving dependency resolution
  • A “clean”, well documented Python API with C bindings &
  • Python 3 support

DNF or Dandified yum is the next generation version of yum. It roughly maintains CLI compatibility with yum and defines a strict API for extensions and plugins. Plugins can modify or extend features of DNF or provide additional CLI commands on top of those mentioned below. If you know the name of such a command (including commands mentioned bellow), you may find/install the package which provides it using the appropriate virtual provide in the form of dnf-command(<alias>) where <alias> is the name of the command; e.g. dnf-command(repoquery) for a repoquery command (the same applies to specifying dependencies of packages that require a particular command).

Isn’t this a Release by Another Name?

No, DNF marks a shift, and not just a fork to Python 3, C support and cleaner docs.  The move to libsolv, librepo and a slim, planned API means Yum’s organic sprawl and bespoke depsolving are being phased out.

The shift solves old depsolving problems and readies DNF for some of the changes afoot in the devops world — e.g. empowered and independent devops-ers who don’t want to reinvent the wheel on each deploy.  Whether that warrants more than a major release is a bike-shed argument.

System and command changes between RHEL 6 and RHEL 7

Between RHEL6 and RHEL7 there are a number of changes to tools, commands, and workflows. Changes that are likely to affect common administrative tasks are listed here:

  • Anaconda RHEL installer completely redesigned
  • Legacy GRUB boot loader replaced by GRUB2
  • Procedure for bypassing root password prompt at boot completely different3
  • SysV init system and all related tools replaced by systemd
  • ext4 replaced by xfs as default filesystem type
  • Directories /bin/sbin/lib and /lib64 are now all under the /usr directory
  • Network interfaces have a new naming scheme based on physical device location (e.g., eth0 might become enp0s3)7
  • ntpd replaced by chronyd as the default network time protocol daemon
  • GNOME2 replaced by GNOME3 as default desktop environment
  • System registration and subscription now handled exclusively with Red Hat Subscription Management (RHSM)
  • MySQL replaced by Mariadb
  • tgtd replaced by targetcli
  • High Availability Add-On: RGManager removed as resource-management option (in favor of Pacemaker); all CMAN features merged into Corosync (qdiskd replaced by votequorum plugin); all tools unified into pcs
  • ifconfig and route commands are further deprecated in favor of ip
  • netstat further deprecated in favor of ss
  • System user UID range extended from 0-499 to 0-999
  • locate no longer available by default; (available as mlocate package)
  • nc (netcat) replaced by nmap-ncat

Read more information on the support pages of RedHat

34C3 – Chaos Computer Congress

This year, the Chaos Computer Congress opened his doors in Leipzig.
About 15000 visitors joined the presentation & questions sessions.

All sessions have been recorded and are provided in various formats:
https://media.ccc.de/c/34c3

R.E.A.R. – Relax and Recover

Relax-and-Recover has a few interesting characteristics you may find useful when assessing it as a Disaster Recovery solution:

  • Modular design, written in Bash
    • easy to extend with custom functionality
    • targeted at sysadmins foremost
  • Set up and forget nature
    • designed to be easy to setup
    • designed to require no maintenance (e.g. cron integration, nagios monitoring)
  • Recovery image based on original distribution with original tools
    • recovery process remains compatible with original system and applications
    • hardware support is guaranteed
  • Two-step recovery, with optional guided menus
    • disaster recovery process targeted at operational teams
    • migration process offers flexibility and control
  • Bare metal recovery on dissimilar hardware
    • support for physical-to-virtual (P2V), virtual-to-physical (V2P)
    • support for physical-to-physical (P2P) and virtual-to-virtual (V2V)
    • various virtualization technologies supported (KVM, Xen, VMware)
  • Support for various integrated boot media types, incl.
    • ISO
    • USB
    • eSATA
    • OBDR/bootable tape
    • PXE
  • Support for various transport methods, incl.
    • HTTP
    • HTTPS
    • FTP
    • SFTP
    • NFS
    • CIFS (SMB)
  • Extensive disk layout implementation, incl.
    • HWRAID (HP SmartArray)
    • SWRAID
    • LVM
    • multipathing
    • DRBD
    • iSCSI
    • LUKS (encrypted partitions and filesystems)
  • Supports various 3rd party backup technologies, incl.
  • Supports various internal backup methods
  • Two phase disk layout recovery, allows reconfiguration before recovery, e.g.
    • migrations from e.g. SWRAID to HWRAID, or unencryped to encrypted partitions
    • HWRAID reconfigurations
    • migration from partitions to LVM
  • Various techniques to help troubleshooting
    • structured log files and guided menus
    • log files are moved to recovery image, and to recovered system (available in every step for debugging)
    • advanced debugging options to help trace scripts or develop new functionality
  • Integration with monitoring (examples for Nagios/Opsview)
  • Integration with scheduler (e.g. let cron recreate and transfer your images upon disk layout changes)
  • Various best practices to assist recovery
    • integrates with local bootloader (in case it is still possible, you can restore from local disk through Grub)
    • automatic network and ssh configuration (for remote recovery)
    • automatic serial console support (useful for recovery through iLO or KVM serial console)
    • shell history-stuffing (stuff shell history with useful commands at every step)
    • automatic recovery when possible, guided recovery when needed

 

Read more:

relax-and-recover.org

 

FreeIPA

 

Identity

Manage Linux users and client hosts in your realm from one central location with CLI, Web UI or RPC access. Enable Single Sign On authentication for all your systems, services and applications.

Policy

Define Kerberos authentication and authorization policies for your identities. Control services like DNS, SUDO, SELinux or autofs.

Trusts

Create mutual trust with other Identity Management systems like Microsoft Active Directory.

Main features

  • Integrated security information management solution combining Linux (Fedora), 389 Directory ServerMIT Kerberos, NTP, DNSDogtag certificate systemSSSD and others.
  • Built on top of well known Open Source components and standard protocols
  • Strong focus on ease of management and automation of installation and configuration tasks.
  • Full multi master replication for higher redundancy and scalability
  • Extensible management interfaces (CLI, Web UI, XMLRPC and JSONRPC API) and Python SDK

Read more:
www.freeipa.org