upstream projects

On January 28, 2023January 28, 2023 By ManuLeave a comment

If you know the Amazon Web Services or Azure portfolio, and you are interested in OpenShift or the OKD OpenShift community distribution, this is a table of corresponding technologies.

OpenShift is Red Hat’s Kubernetes distribution: it is basically the upstream Kubernetes delivered with monitoring, logging, CI/CD, underlying OS, tested upgrade paths not found with a manual kubernetes.io kubeadm install.

After passing the two corresponding certifications, my opinion on cloud operators is that it is very much a step back in the direction of proprietary software. You can rebuild their cloud stack with opensource components, but it is also a lot of integration work, similar to using the Linux from scratch distribution instead of something like Debian. A good middle point are the OpenShift and OKD Kubernetes distributions, who integrate the most common cloud components, but allow an installation on your own hardware or cloud provider of your choice.

AWS	Azure	OpenShift	*OpenShift upstream project&
Cloud Trail		Kubernetes API Server audit log	Kubernetes
Cloud Watch	Azure Monitor, Azure Log Analytics	OpenShift Monitoring	Prometheus, Kubernetes Metrics
AWS Artifact		Compliance Operator	OpenSCAP
AWS Trusted Advisor	Azure Advisor	Insights
AWS Marketplace		Red Hat Market place	Operator Hub
AWS Identity and Access Management (IAM)	Azure Active Directory, Azure AD DS	Red Hat SSO	Keycloack
AWS Elastisc Beanstalk	Azure App Services	OpenShift Source2Image (S2I)	Source2Image (S2I)
AWS S3	Azure Blob Storage`**`	ODF Rados Gateway	Rook RGW
AWS Elastic Block Storage	Azure Disk Storage	ODF Rados Block Device	Rook RBD
AWS Elastic File System	Azure Files	ODF Ceph FS	Rook CephFS
AWS ELB – Classic	Azure Load Balancer	MetalLB Operator	MetalLB
AWS ELB – Application Load Balancer	Azure Application Gateway	OpenShift Router	HAProxy
Amazon Simple Notification Service		OpenShift Streams for Apache Kafka	Apache Kafka
Amazon Guard Duty	Microsoft Defender for Cloud	API Server audit log review, ACS Runtime detection	Stackrox
Amazon Inspector	Microsoft Defender for Cloud	Quay.io container scanner, ACS Vulnerability Assessment	Clair, Stackrox
AWS Lambda	Azure Serverless	Openshift Serverless`*`	Knative
AWS Key Management System	Azure Key Vault	could be done with Hashicorp Vault	Vault
AWS WAF		NGINX Ingress Controller Operator with ModSecurity	NGINX ModSecurity
Amazon Elasticache		Redis Enterprise Operator	Redis, memcached as alternative
AWS Relational Database Service	Azure SQL	Crunchy Data Operator	PostgreSQL
	Azure Arc	OpenShift ACM	Open Cluster Management
AWS Scaling Group	Azure Scale Set	OpenShift Autoscaler	OKD Autoscaler

* OpenShift Serverless requires the application to be packaged as a container, something AWS Lambda does not require. ** Azure Blob Storage covers the object storage use case of S3, but is itself not S3 compatible

Ensuring someone is listening before telling a joke

On January 2, 2023 By ManuLeave a comment

Alice (speaking to Bob): Bob, I have a good joke to tell, can I call you at 12:00 ?
Bob (turns head towards Alice): OK, fine for me, but can we make it at 13:00 ?
Alice (nodding): Works for me.
At 13:00, Alice starts telling a joke.

Did you recognize the three way TCP handshake ?

Protagonists:

Alice: Client
Bob: Server

Dialog:

I have a good joke to tell: TCP segment with SYN flag
12:00: initial sequence number
OK: TCP segment with SYN and ACK flag
13:00: acknowledgment number (initial sequence number + 1)
Works for me: TCP segment with ACK flag, acknowledgment of the server acknowledgment

More details on this in https://www.linuxjournal.com/article/6447 and remember tcpdump uses a dot(‘.’) to indicate segments with the ACK flag.

Convert a root filesystem to a bootable disk image

On October 27, 2022October 27, 2022 By ManuLeave a comment

The year is 2022, and it is still that complicated to install GRUB2 externally onto a disk image.

But using the wonders of libguestfs, you can create a bootable diskimage using a qemu VM abstraction very easily. The steps here imply we want to create a disk with a single partition containing the root filesystem.

Create an empty disk image, partition it

$ truncate --size 40G target.img
$ virt-format --add target.img --partition=mbr --filesystem=ext4

copy the root file system into a partition

cd path/to/root/fs
sudo tar --numeric-owner -cvf - . | guestfish --rw --add ../target.img --mount /dev/sda1:/ -- tar-in - /

install grub using guestfish

$ guestfish --add target.img --inspector

and in the guestfish prompt:

>> command 'grub-install /dev/sda'
>> command 'update-grub'
# also make sure init can mount our root partition
>> write /etc/fstab '/dev/sda1 / ext4 defaults 0 1'
>> exit

test boot the disk image

$ kvm -m 1024 -drive file=target.img,format=raw

Markdown CMS or Wiki for smallish website

On October 9, 2022 By ManuLeave a comment

Following my markdown craze, I am slowly starting to move my Dokuwiki based homesite to Grav, a flat file Markdown CMS.

PHP will be always be PHP, but the documentation and usage seem sound (all config is either via an admin panel or editing YAML files) and it has professional support. I intend to use this Debian based Dockerfile and Podman to deploy Grav.

Pandoc the talented document converter, hat support for Dokuwiki syntax, Markdown and PHP Markdown extra, so I expected limited hurdles when converting the data.

“Forever loading” error with Jitsi and Google Meet

On September 9, 2022 By ManuLeave a comment

I had this issue preventing me to start a call, which happened on two different browsers. It turned out that the pulseaudio service was hung, and no audio devices were available for the browser to use.

In that case it makes sense to check:

if pulseaudio is running

systemctl status --user pulseaudio

if pulseaudio is running, that you have a list from input (sources) and output (sinks) audio devices in the Gnome Desktop Settings. You can also check from the command line with

pactl list sources
pactl list sinks

OpenShift vs. AWS product mapping

On September 1, 2022September 1, 2022 By ManuLeave a comment

If you know the Amazon Web Services portfolio, and you are interested in OpenShift or the OKD OpenShift community distribution, this is a table of corresponding technologies.

AWS	OpenShift	OpenShift upstream project
Cloud Trail	Kubernetes API Server audit log	Kubernetes
Cloud Watch	OpenShift Monitoring	Prometheus
AWS Artifact	Compliance Operator	OpenSCAP
AWS Trusted Advisor	Insights
AWS Marketplace	OpenShift Operator Hub
AWS Identity and Access Management (IAM)	Red Hat SSO	Keycloack
AWS Elastisc Beanstalk	OpenShift Source2Image (S2I)	Source2Image (S2I)
AWS S3	ODF Rados Gateway	Rook RGW
AWS Elastic Bloc Storage	ODF Rados Block Device	Rook RBD
AWS Elastic File System	ODF Ceph FS	Rook CephFS
Amazon Simple Notification Service	OpenShift Streams for Apache Kafka	Apache Kafka
Amazon Guard Duty	API Server audit log review, ACS Runtime detection	Stackrox
Amazon Inspector	Quay.io container scanner, ACS Vulnerability Assessment	Clair, Stackrox
AWS Lambda	Openshift Serverless`*`	Knative
AWS Key Management System	could be done with Hashicorp Vault	Vault
AWS WAF	NGINX Ingress Controller Operator with ModSecurity	NGINX ModSecurity
Amazon Elasticache	Redis Enterprise Operator	Redis, memcached as alternative
AWS Relational Database Service	Crunchy Data Operator	PostgreSQL

* OpenShift Serverless requires the application to be packaged as a container, something AWS Lamda does not require.

Moving blog from blogger.com to wordpress.com

On August 29, 2022August 29, 2022 By ManuLeave a comment

I switched from blogger.com the Google Blog platform to the hosted wordpress.com of Automaticc, the WordPress blog engine main authors.
I thus gain:

markdown formatting when writing blog entries, finally !
running on a opensource core, that I can move locally to my own server if I ever want to fiddle with MySQL and PHP.

I lose:

free CNAME redirect using my own domain name
a bit of advertising-free space. The blog at wordpress.com has a prominent header indicating I am using the free plan, but I am OK so far with that.

What stays the same:

Blogger and WordPress.com offer both tag-based RSS feed exports, so I decided to keep for Debian Planet a feed containing only the posts related to free, libre and opensource software.

I was not ready to make the jump to a self hosted static blog generator, as I still wanted to have the possibility to comment, without me having to host the comment subsystem.

On the personal side, I also intend to pause twitter activity, as I notice current microblogging platforms tend to mostly contain flame wars, self promotion, or shared links I could find anyway with a good feed reader.

Investigating database replication in different availability zones

On August 24, 2022 By ManuLeave a comment

Investigating today what is AWS Relational Database Service with two readable standbys

Considering your current read/write server is in Availability Zone AZ1, this is basically postgres 14 with synchronous_standby_names = ANY 1 (az2, az3) and synchronous_commit = on.

In regards to safety of data, it looks similar to the raft algorithm used by etcd with three members as a write is only ack’ed if it has been fsynced by two servers, the difference is that raft has a leader election, whereas in PostgreSQL the leader is set at startup and you have to build yourself the election mechanism.

There is no special cloud magic here, it is just database good practices paid by the minute.

Everything markdown with pandoc

On August 19, 2022October 9, 2022 By Manu1 Comment

Using a markdown file , this style sheet and this simple command,

pandoc couronne.md --standalone --css styling.css \
    --to  html5  --table-of-contents > couronne.html

I feel I will never need a word processor again. It produces this nice looking document without pain.