The Linux Admin Show

The Show This week I talked to Nathen Harvey from Opscode about the Chef configuration management software. Links Opscode Home Page Overview of Chef - Great diagram showing the various components ChefConf - April 24-26, 2013 Food Fight Show - Great podcast about DevOps and Chef DEVOPS + Chef + Windows at Ancestry.com Chef Documentation Chef on IRC Learning Chef Part 1 - 4 part series (so far), it’s on Nathen’s blog which is also highly recommended. Community cookbooks - Sorted by function, nice! @NathenHarvey Closing Thoughts I really liked the diversion into DevOps and hearing Nathan’s take on it, especially as it applies to people in traditional IT shops. Ops doesn’t have to write code to work more closely with developers, and the developers can stay out of servers if that’s what’s desired. It’s all about the collaboration and tearing down of walls. On the Chef front I think we covered the architecture of the system quite well and also the way that someone can get started and work with it. We didn’t discuss his videos, but they’re linked above and are very helpful in getting your feet wet. Just like the discussion in Episode #4 it was pointed out that any configuration management is a huge win. Chef is a great tool with a vibrant community.

The Show One of the more painful tasks I’ve had to deal with in IT has been undergoing an audit, and the PCI ones always seemed to be the worst. Shawn Lukaschuk is a PCI assessor who is well familiar with the issues that come up. Links PCI DSS PCI PA-DSS Microsoft Surface Shawn’s email address is shawn at lukaschuk.com Closing thoughts It was interesting to hear the perspective of a PCI assessor. Most surprising was the understanding that IT usually gets PCI dumped on them by “the business” when it’s a shared responsibility. To paraphrase Bruce Schneier, “If you think technology will solve your problem, you don’t understand your problem, and you don’t understand technology.”

The Show This week I talked to Eric Sorenson of Puppet Labs about the Puppet configuration management software. Links Puppet Labs Home Page Puppet Documentation Learning Puppet Series - A good place to start The Puppet Forge - A place to get community built modules and talk with other Puppet users Masterless Puppet example Masterless Puppet Capistrano script - one example of using Capistrano to run Puppet on a server without needing a master Git Workflow and Puppet Environments Puppet Labs GitHub Repos - if you want the bleeding edge… Puppet Templates with ERB - Use Ruby ERB templates to generate configuration files Facter 101 Skyfall - Just watched the trailer, I’m looking forward to watching this! Eric Sorenson on Twitter Closing Thoughts I’ve used Puppet a bit before, but this conversation taught me a lot about the flexibility of Puppet, such as masterless deploys, running from cron instead of as a daemon, and some of the thinking behind the design. As Eric said early in the interview, configuration management is an important thing to do. You can start as slowly as you need to. Everything you put under management is one less thing that you have to worry about. Of course, if something’s under Puppet management it means you have to either backport all your manual changes to the manifest, or they’ll be undone the next time Puppet runs. But this discipline ensures that changes are made correctly.

The Show This week I talked with Ross Brunson, the Director of Member Services for the Linux Professional Institute Links Linux Professional Institute LPI certifications How the LPI figures out what to put on the exam LPI Mailing Lists Red Hat Certified Engineer LPI Marketplace - See which books are current IBM developerWorks LPI documents - Self study for all LPI levels UNIX Power Tools Closing thoughts Certifications aren’t only for people trying to get in a field. They can also be a way give you a guided learning path and give you something tangible to work for. There are both vendor specific and vendor neutral options out there, so do your research to see which one is best for your particular situation.

The Show This week I talked to Sean Cody who is a local Unix administrator with a strong interest in security, especially Secure Sockets Layer (SSL). We got on Skype and talked about various issues to do with SSL, such as trust and proper creation and handling of certificates. Links DEFCON 17: More Tricks For Defeating SSL presentation by Moxie Marlinspike - Sean attended this talk and “it just completely opened my eyes to how weak SSL ‘as typically assumed’ is.” Setting up a CA An example of a CA trust policy framework A Whitepaper about untrusted root certificates - This ‘whitepaper’ is decent.. not great but not terrible on the topic of untrusted root certs. A very nice cheat sheet - the most common OpenSSL commands. A lesson in timing attacks - One of the many ways attackers can subvert an encrypted channel to retreive a cookie. An attack against compressed SSL Arduino Closing thoughts We talked about a lot of things this week having to do with SSL, and surprisingly most of them focused on the identity aspect, that is “am I talking to the person/thing I think I am”, as opposed to the encryption part. After our discussion I have a renewed appreciation for this phase, it is indeed more important than most give it credit for.

The Show This week I talked to Aaron Paxson, a seasoned IT professional. Aaron looks after a global network including both network elements and servers, and I thought that it would be interesting to talk network and systems management. We also talk about the benefits of being able to program even if that’s not your job. Links Sean’s Review of Deploying Rails Deploying Rails homepage FCAPS Model Nagios OpenNMS HP Intelligent Management Center Why I Prefer Net-SNMP Network Ops Community Virtues of a programmer Closing thoughts Thanks to Aaron for his time and for being my first guest. If you want to find out more about Aaron, his blog is at http://www.myteneo.net/home or you can check out his network community.