1. 42 aufs layers or how to provision docker containers

    I've been playing with docker a little bit now. And while is just playing and I don't have anything production ready, this are my insights on how docker containers should be provisioned/created.

    You can have a single Dockerfile like this one:

    # Based on the Ubuntu image  
    FROM ubuntu  
    # Bootstrap the node  
    RUN apt-get update && aptitude -y safe-upgrade  
    RUN sed -i 's/PermitRootLogin.*/PermitRootLogin yes/'
    /etc/ssh/sshd_config  
    # [...]  
    # A lot of other RUN commands  
    # [...]
    
    RUN cat /proc/mounts > /etc/mtab  
    RUN mkdir -p /root/.ssh  
    ADD ...

  2. Prevent startup execution of initscript on Debian/Ubuntu

    If you have a service/daemon you don't want to be started by default at the startup you probably know that you can use a command like this one to deactivate the service:

    Removing any system startup links for /etc/init.d/apache2 ...  
    /etc/rc0.d/K09apache2  
    /etc/rc1.d/K09apache2  
    /etc/rc2.d/S91apache2  
    /etc/rc3.d/S91apache2  
    /etc/rc4.d/S91apache2  
    /etc/rc5.d/S91apache2  
    /etc/rc6.d/K09apache2
    

    The problem, though, will be with when you update your server with a "aptitude update && aptitude -y safe-upgrade ...


  3. About ssh and long long running processes

    [SSH]

    In one month you learn nothing new about the tools you are using and in one day you discover a few new awesome things. The first one is about ssh; it may be not very useful but I did not know about it. Since a lot of people has already posted[4][5] about that I'm not going to repeat everything here and link some posts instead. The new feature I did not know about is the scape sequences in SSH. Imagine you do "ssh 10.0.0 ...


  4. Backups

    Because of the new prices of S3 (60% less) I decided to have my backups not just in a hard drive but on the cloud.

    The backup solution should be:

    • Simple to setup and do the recover
    • Be able to do differential backups
    • Be able to do the backups to both the cloud and a HD
    • Be able to encrypt the data

    The last point is because I don't trust my personal data to anybody. My laptop is encrypted, the backups to the HDD are encrypted too. Why on ...


  5. Sublime

    I've bought a license of Sublime Text. I'm not a heavy user but it rocks, and the "buy me" messages were annoying and remmembered me that I was using something for free that should be paying.

    :D

    (first time I buy software that runs on my Linux laptop. I'm really happy though)

  6. Sobre todo y nada

    I'm not posting lately. Is funny for me, because in this blog I usually post stuff about system administrations. When I was working as a programmer, I use to write a few entries a week about system administration. Now that I work as a sysadmin, I don't write at all. It's like I feel like writting about system administration is like working or something like that.

    Today's post is about a little bit of everything.

    First I want to talk about the RaspCTL project. The first ...


  7. Android mobile encryption

    I have a brand new Nexus 5 from my work. As always, I care about the sensible data that is stored in the device. Luckily I've found the option of "Encrypt the phone". Sound great, doesn't it?

    The instructions are quite straightforward: it can take up to one hour to encrypt the device, it can be protected by both a PIN code or a password and from the instructions seems clear that the whole device is encrypted and protected . OK. Great.

    I was planning on having a long ...


  8. CNAME and its problems

    Let's write a quick post about CNAMEs.

    You cannot create a CNAME and make it co-exist with any other record, it just cannot be combined with anything else (with the exception of SIG record, when configuring DNSSEC). It defeats the propose of CNAME.

    That's why you cannot have a CNAME with the same name as your zone name. You should create a SOA record for every zone name and because CNAME cannot be combined with any other record, it is not possible to have a CNAME in as ...


  9. Bonding in linux with XEN

    In my previous post I've talk about how to configure bonding. If you are using XEN, you'll need to configure a bridge to be able to give Internet connection to your VPS. All the examples about bridging are focused in create a bridge with a single physical network interface, but what if you want to configure the bridge on top of a bonded interfaces? I didn't found a clear answer on the Internet but is really straightforward, though.

    Here is my /etc/network/interfaces file:

    auto lo ...

  10. Bonding in Linux

    The principle is to have a special network device that is using two or more underlying NICs. The main propose of bonding is to have a redundant connectivity between a host and your switching layer. If one of the links is down for whatever reason: cable is detached, the switch is down due an error or maintenance, the NIC dies, etc; the other NIC takes all the traffic and no connectivity is lost.

    The schema could be something like:

    ----     ----
    eth0     eth1
    ----     ----
      |       |   
      |       |   
      \      /   
       \   /   
       ------
        bond0 192.168.1.100/24
       ------
    

    Both interfaces don ...


Page 1 / 4