Born in 2008, LXC (pronouced lexy) is a userspace interface for the Linux kernel containment features, that enables the creation and management of application containers. LXC leverages a number of kernel features to contain processes: Kernel namespaces (ipc, uts, mount, pid, network and user) Apparmor and SELinux profiles Seccomp policies Chroots (using pivot_root) Kernel capabilities CGroups (control groups) LXC containers are often considered as something in between a chroot and a full blown VM. The goal of LXC is to create an environment as close as possible to a standard Linux installation, without the need for a separate kernel. ...

Some of my (and others) notes of managing PKI with the excellent openssl. Its simple and just works. To get going will create a root CA (Certificate Authority) and an intermediate signing CA. Using the CA’s will issue three keypairs; one for email protection, one for TLS, and one for digital signatures. The digital signature keypair will be presented in the form of a CSR (Certificate Signing Request), as if generated by a third party that would like a keypair, signed by our CA hierarchy. ...

Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy. Avoid writing scripts or custom code to deploy and update your applications. Automate in a language that approaches plain English, using SSH, with no agents to install on remote systems. With Ansible and its amazing module ecosystem, you describe what needs to be accomplished (i.e. declarative), rather than describing how to accomplish each step (i.e. imperative). ...

When something becomes messy in the software industry, we have the habit of tucking the problems away behind abstractions. To me Vagrant is simply an abstraction layer for working with a range of hypervisors (libvirt, VirtualBox, VMWare, Hyper-V, Docker and more), in a reliable and consistent manner. By articulating VM’s as a simple text based (Ruby) configuration file, a Vagrantfile, achieve greater simplicity, portability across systems, and consistency which could theoretically be used with any virtual environment running on top of any other system. ...

Partitioning Two popular partition schemes are used in the wild, MBR and GPT. MBR MBR, or Master Boot Record, often associated with BIOS, was introduced in 1983 with IBM PC DOS 2.0, is a special boot sector located at the beginning of a drive. This sector contains a boot loader (e.g GRUB), and details about the logical partitions. MBR supports drives upto 2TiB, and up to 4 primary partitions. # fdisk /dev/vda Welcome to fdisk (util-linux 2.23.2). Changes will remain in memory only, until you decide to write them. Be careful before using the write command. Device does not contain a recognized partition table Building a new DOS disklabel with disk identifier 0x9228f9b7. Command (m for help): m Command action a toggle a bootable flag b edit bsd disklabel c toggle the dos compatibility flag d delete a partition g create a new empty GPT partition table G create an IRIX (SGI) partition table l list known partition types m print this menu n add a new partition o create a new empty DOS partition table p print the partition table q quit without saving changes s create a new empty Sun disklabel t change a partition's system id u change display/entry units v verify the partition table w write table to disk and exit x extra functionality (experts only) Command (m for help): n Partition type: p primary (0 primary, 0 extended, 4 free) e extended Select (default p): Using default response p Partition number (1-4, default 1): First sector (2048-2097151, default 2048): Using default value 2048 Last sector, +sectors or +size{K,M,G} (2048-2097151, default 2097151): +500M Partition 1 of type Linux and of size 500 MiB is set Command (m for help): l 0 Empty 24 NEC DOS 81 Minix / old Lin bf Solaris 1 FAT12 27 Hidden NTFS Win 82 Linux swap / So c1 DRDOS/sec (FAT- 2 XENIX root 39 Plan 9 83 Linux c4 DRDOS/sec (FAT- 3 XENIX usr 3c PartitionMagic 84 OS/2 hidden C: c6 DRDOS/sec (FAT- 4 FAT16 <32M 40 Venix 80286 85 Linux extended c7 Syrinx 5 Extended 41 PPC PReP Boot 86 NTFS volume set da Non-FS data 6 FAT16 42 SFS 87 NTFS volume set db CP/M / CTOS / . 7 HPFS/NTFS/exFAT 4d QNX4.x 88 Linux plaintext de Dell Utility 8 AIX 4e QNX4.x 2nd part 8e Linux LVM df BootIt 9 AIX bootable 4f QNX4.x 3rd part 93 Amoeba e1 DOS access a OS/2 Boot Manag 50 OnTrack DM 94 Amoeba BBT e3 DOS R/O b W95 FAT32 51 OnTrack DM6 Aux 9f BSD/OS e4 SpeedStor c W95 FAT32 (LBA) 52 CP/M a0 IBM Thinkpad hi eb BeOS fs e W95 FAT16 (LBA) 53 OnTrack DM6 Aux a5 FreeBSD ee GPT f W95 Ext'd (LBA) 54 OnTrackDM6 a6 OpenBSD ef EFI (FAT-12/16/ 10 OPUS 55 EZ-Drive a7 NeXTSTEP f0 Linux/PA-RISC b 11 Hidden FAT12 56 Golden Bow a8 Darwin UFS f1 SpeedStor 12 Compaq diagnost 5c Priam Edisk a9 NetBSD f4 SpeedStor 14 Hidden FAT16 <3 61 SpeedStor ab Darwin boot f2 DOS secondary 16 Hidden FAT16 63 GNU HURD or Sys af HFS / HFS+ fb VMware VMFS 17 Hidden HPFS/NTF 64 Novell Netware b7 BSDI fs fc VMware VMKCORE 18 AST SmartSleep 65 Novell Netware b8 BSDI swap fd Linux raid auto 1b Hidden W95 FAT3 70 DiskSecure Mult bb Boot Wizard hid fe LANstep 1c Hidden W95 FAT3 75 PC/IX be Solaris boot ff BBT 1e Hidden W95 FAT1 80 Old Minix Command (m for help): t Selected partition 1 Hex code (type L to list all codes): 83 Changed type of partition 'Linux' to 'Linux' Command (m for help): w The partition table has been altered! Calling ioctl() to re-read partition table. Syncing disks. The partition is now available as a block device, below we now see /dev/vda1: ...

Cheatsheet ========================================== ========================================== INFORMATION LOGS ========================================== ========================================== systemctl journalctl list-dependencies -u <name> by service list-sockets -f follow live log list-jobs -k kernel messages list-unit-files -k kernel messages list-units -r reverse (newest first) get-default -o json format output --type=service --all -b -1 from previous boot -n 10 limit output lines (tail) ========================================== -S,--since e.g "2012-10-30 18:17:16" SERVICES -U,--until e.g. "10 min ago" ========================================== systemctl ========================================== stop <name> SYSTEM STATES start <name> ========================================== restart <name> reload <name> systemctl status <name> reboot reboot.target enable <name> poweroff poweroff.target disable <name> emergency emergency.target show <name> default default.target -H <host> status network

I’m a software engineer not a sysadmin. In fact I know I’m a bad one. The RHCSA is a rote, mechanical process. It did force me to discover discover several gaps in my GNU/Linux knowledge so overall happy about that. Essential Tools Documentation man /usr/share/doc RPM bundled documentation General Searching Techniques Shell history Globbing I/O Redirection and Pipes Essential File Management Linux file system layout Finding Files locate find Archiving and compression with tar Hard and Soft Links Working with text Regular expressions grep sed and awk Connecting a Linux host Consoles Terminals and TTYs Switch Users (su) sudo SSH Managing users and groups Creating users User properties User configuration files Creating and managing groups Managing password properties Managing Permissions Changing file ownership Managing basic permissions Understanding umask (user mask) Special permissions suid sgid Sticky bit Understanding ACLs Configuring Networking Network device naming Managing runtime network configuration with ip Storing network configuration persistently nmcli Routing and DNS Managing Processes Shell jobs ps Memory usage CPU load System activity with top Sending signals to processes Priority and niceness tuned profiles Managing Software RPM and yum rpm queries yum Groups Repositories Modules and Application Streams Red Hat Subscription Manager Systemd Scheduling Tasks cron at systemd Timers tmpfiles.d Logging Rsyslog Systemd Journal Logrotate Managing Storage Disk layout Creating partitions GPT partitions with parted MBR partitions with fdisk File System Choices XFS Ext4 Mounting Persistent block device naming systemd mounts Swap Advanced Storage LVM Stratis VDO LUKS Advanced tasks Kernel management Boot procedure GRUB Systemd targets Essential troubleshooting Changing root password Managing network services SSH httpd (apache) SELinux Context Labels Booleans File context labels SELinux logs SELinux troubleshooting Firewalling with firewalld Automating installs Time services Remote file systems NFS CIFS with Samba Automount Containers Autostarting non-root containers with systemd user units Dont forget list Exam shakedown Linux Gems Essential Tools Documentation The ability to understand a program using local documentation resources; man, info, /usr/share/doc, within the RPM package. ...

Some heros in the world of computer science. Founding Fathers (pre 1960) George Boole (1815 - 1864) Boolean algegra. Papers The Mathematical Analysis of Logic (1847), and An Investigation of the Laws of Thought (1854). Friedrich Ludwig Gottlob Frege (1848 - 1925) Analytic philosophy. Developed modern logic in the Begriffsschrift and work in the foundations of mathematics. Books The Foundations of Arithmetic, On Sense and Reference and The Thought. Alan Turing (1912 - 1954) The father of theoretical computer science. Formalised the concepts of algorithm and computation through the notion of a Universal Machine (i.e Turing Machine) in his seminal paper On Computable Numbers, with an Application to the Entscheidungsproblem. ...

Kudos to afair for putting together this neat Tmux Cheat Sheet, which I’m addicted to at the moment. ========================================== ========================================== TMUX COMMAND WINDOW (TAB) ========================================== ========================================== List tmux ls List ^b w New -s <session> Create ^b c Attach att -t <session> Rename ^b , <name> Rename rename-session -t <old> <new> Last ^b l (lower-L) Kill kill-session -t <session> Close ^b & ========================================== Goto # ^b <0-9> CONTROLS Next ^b n ========================================== Previous ^b p Choose ^b w <name> Detach ^b d List ^b = ========================================== Buffer ^b <PgUpDn> PANE (SPLIT WINDOW) Command ^b : <command> ========================================== Copy ^b [ ... <space> ... <enter> Show # ^b q Moving vim/emacs key bindings Split Horiz ^b " -------- Start <space> Split Vert ^b % | Copy <enter> Pane->Window ^b ! Paste ^b ] Kill ^b x ========================================== Reorganize ^b <space> SESSION (Set of Windows) Expand ^b <alt><arrow> ========================================== Resize ^b ^<arrow> Resize x n ^b <n> <arrow> New ^b :new ^b :new -s <name> Rename ^b $ Select ^b <arrow> List ^b s Previous ^b { Next ^b ( Next ^b } Previous ^b ) Switch ^b o other Swap ^b ^o Last ^b ;

A continuation of my participation in the amazing Nand2Tetris course, by Noam Nisan and Shimon Schocken, now running on Coursera. Related posts: [DIY Computer Part 1 The NAND Gate]({% post_url 2016-03-06-diy-computer-nands %}) [DIY Computer Part 2 The ALU]({% post_url 2016-03-12-diy-computer-alu %}) [DIY Computer Part 3 Memory]({% post_url 2016-03-12-diy-computer-alu %}) [DIY Computer Part 4 Machine Language]({% post_url 2016-05-23-diy-computer-ml %}) Now armed with the necessary elementary logic gates and chips, are now ready to assemble a general purpose computer. Using a finite amount of hardware, it will be capable of performing practically an infinite number of tasks (e.g. games, word processing, networking). This remarkable flexibility, the fruit of the profound invention of several mathematicians in the 1930’s, is known as the stored program. ...