397 liens privés
Dans les coulisses de AWS, avec un ex-sysadmin ('deleted' car son compte n'existe plus manifestement) qui répond aux questions
Un extrait au pif ;)
"""
Personal question but did you make more than six figures/year?
[–][deleted] 9 points 2 years ago
Negative, their stock plan isn't very great either. You don't go to Amazon for the pay. You go for the free beer, literally.
Also, there is a 10% discount on all things at Amazon.com up to the first $1000. So a maximum of $100 in savings.
The companies core values include "frugality" and that's just the word "cheap" wrapped up in a bow.
"""
Plus sérieusement il y a beaucoup à apprendre sur l'envers du décor technique.
"""
apt-get install auditd
auditctl -a task,always
ausearch -i -sc execve | grep foobar
"""
"""
You should be able to lift 25 pounds, have good written and communication skills, be comfortable working in close quarters under extreme conditions (we think that one will be pretty important) – oh, and if you've got it, "experience in search and rescue, mountaineering, small boat operations, firefighting, or emergency medical response."
You know, basic sysadmin stuff.
"""
lulz
On oublie trop souvent 'sysdig' et tout ce qu'il permet de faire..
C'est un mélange de strace, lsof et tcpdump.
Voici quelques exemples d'utilisation.
https://jeekajoo.eu/links/?searchtags=syscall
EDIT: si vous souhaitez jouer avec csysdig (sysdig en ncurse), utilisez les derniers paquets http://www.sysdig.org/wiki/latest-packages/ . Si vous êtes confrontés à "error mapping the ring buffer for device /dev/sysdig0", faites
"""
rmmod sysdig-probe
modprobe sysdig-probe
"""
source: https://github.com/draios/sysdig/issues/295
Sandra Henry-Stocker relate ses 30 années d'expérience en tant qu'admin sys et explique comment son métier a évolué.
Petit extrait choisi:
"""
The downside: Compared to many IT jobs, there's not much climbing up the corporate ladder for sysadmins. As a systems administrator, you'll seldom be in the spotlight. You can easily still be a "bottom rung" (nobody reporting to you) worker after 30 years in the field. It's also hard sometimes to get a sense of value. You generally get noticed least when everything is running smoothly. Unless you resolve Big Problems, most of the people you support won't think about you very often. Maybe not even on Sysadmin Day.
Systems administrators are rarely customer-facing unless you count as customers the staff that use the systems that you keep humming along. And, even then, the big changes that you make are likely done after hours when everyone else is off duty and having a relaxing weekend or enjoying happy hour at the local pub. Do your job really well and no one will remember you're there.
The upside: The work is seldom boring and there's always something new to learn -- something breaking, some new coming through the door. Even after 30+ years, the work is anything but monotonous. And the job pays reasonably well. There's also a lot of variability in what you do and what you specialize in. You might automate all of your tasks or manage a huge data center, but there will always be something that challenges you and problems that need your attention.
Some of the significant trade-offs involve the kind of organization you work for. I worked in one company with only three employees and two independent contractors and other organizations with staffs of tens of thousands. The benefit of the smaller staff positions was getting to touch nearly everything and being involved in almost every aspect of the work. The big ones offered more chance of moving around and changing my organizational role fairly dramatically.
"""
Article remarquable.
'"'"
Apart from the inevitable problems associated with being a jack-of-all-trades (and) master-of-none, the result will be the death of innovation for all functions absorbed into systemd as it is impossible to replace any one of them without replacing systemd entirely... which makes the job of developing improvements just too big a job.
"Right now, we have several alternatives to choose between for cron, ntp, logging, etc – each of them with different advantages and disadvantages. With systemd, it becomes a one-size-fits-all-or-else situation. If what it does doesn't suit you then tough luck, because you can't replace it without breaking your system.
"The second major problem with systemd is that it is becoming (or has become) mandatory - unnecessary dependencies on logind or systemd itself make it nearly impossible to avoid having systemd installed."
It remains to be seen which other functions systemd will seek to take over. As one wag put it, it might come to the point where one has just systemd and the kernel making up a LInux distribution.
"""
"""
A series of posts about the linux kernel and its insides.
The goal is simple - to share my modest knowledge about the internals of the linux kernel and help people who are interested in linux kernel internals, and other low-level subject matter.
"""
Freight, alternative à reprepro (qui ne permet pas d’avoir plusieurs versions d’un même paquet).
Voir aussi aptly (https://jeekajoo.eu/links/?-BYaoQ).
Un beau projet qui propose des cookbooks chef, des modules puppets et des playbooks ansible pour automatiser le renforcement (hardening) de la sécurité système et de quelques logiciels tels ssh, postgresql, mysql, nginx et apache.
exemple
vmstat -p /dev/sda6
vmstat, l'outil indispensable du sysadmin.
installation complète de Debian via Debootstrap
Je pose ça là. :)
"""
Wait… what exactly is SysAdmin Day? Oh, it’s only the single greatest 24 hours on the planet… and pretty much the most important holiday of the year. It’s also the perfect opportunity to pay tribute to the heroic men and women who, come rain or shine, prevent disasters, keep IT secure and put out tech fires left and right.
At this point, you may be thinking, “Great. I get it. My sysadmin is a rock star. But now what?” Glad you asked! Proper observation of SysAdmin Day includes (but is not limited to):
Cake & Ice cream
Pizza
Cards
Gifts
Words of gratitude
Custom t-shirts celebrating the epic greatness of your SysAdmin(s)
Balloons
Streamers
Confetti"""
demain.
petite ruse pour faire résoudre l'entrée dns du backend vers lequel on renvoie les requêtes.
directives: proxy_pass + resolver
Voici la vidéo de cette rencontre: http://www.dailymotion.com/video/k5o36NvlFBfyQAbZUDk
Mysql 5.6 apporte la réplication multi-threadée. Je vois 2 avantages parmi d'autres:
- meilleures performances parce que forcément on a un nombre de worker threads supérieur à 1
- mise en place de la réplication plus facile, moins sujette à des erreurs coté ops grâce aux GTID. En effet il n'y a plus besoin d'indiquer de MASTER_LOG_FILE / MASTER_LOG_POS. Mysql s'autopositionne en scannant les transactions dans les binlogs. Il se place sur la transaction qui n'a pas encore été exécutée sur le réplica.
Références:
Faire de l'infra immutable sans docker.
On se force en plus à ne pas avoir ssh sur les instances pour se forcer à fonctionner avec des images (et réduire la surface d'attaque) : si on a besoin de faire une modif on trash l'instance et on switch sur une nouvelle qui est basée sur une autre version d'une image.
C'est bien joli mais pour fonctionner avec ces principes cela implique d'avoir un process bien bien carré pour faire ces images, comme la solution de l'auteur du billet en question.
Enfin pour débugguer, sans ssh c'est compliqué. Docker n'encourage pas non plus à mettre ssh dans les containers mais on peut l'avoir sur les machines qui les hébergent.
A creuser, concept néanmoins intéressant. Reste à trouver comment l'implémenter.
Me gusta mucho!
Sysdig permet d'afficher un spectrogram coloré avec la latence des différents appels systèmes (par ex. open, close, read, write, socket…) pour un programme donné. Cela permet directement de voir, de manière élégante et sans serveur X, dans quel frange de temps de réponse se situent les syscalls qu'on analyse.
Pour mettre en valeur cet outil, l'auteur montre un cas pratique avec un benchmark des différents type de stockage qu'offre EC2: ssd local à l'instance, ebs magnetic, ebs ssd.