Decentralized team passwords with Keepass and Syncthing
At synyx we constantly try to improve the quality of the work of the Operations team. We found we were missing certain security requirements. Although we were already using ssh-key-authentication for all our linux-servers, we still had some devices and assets lying around, that were (only) accessible with the vendor-assigned default credentials. Sadly it’s impossible to use key-authentication for all devices and some appliances don’t allow for creation of multiple personalized accounts with admin rights.
Welcome to Spring LDAP with SSL: The entrance is free
Some time ago we started to create our own intranet called CoffeeNet, which is a microservice landscape based on our own Spring Boot Starters, a service discovery and an OAuth2 service. The vision is to create a system with a very easy integration of new applications by just adding a few Spring Boot Starters and starting to code the specific functionality of the new service. We passed that stage of the developer friendly integration, started to look at the security and vulnerability of the system where we tried to make things more secure.
synyx at the OpenSource Datacenter Conference 2016 #OSDC
Last week we attended the Open Source Datacenter Conference #OSDC 2016 in Berlin. It offered great presentations about open source tools in relation to devops, automation, monitoring, communication, logging, continuous delivery and more. I especially liked that the speakers felt like attendees themselves, with all of them being happy to answer tons of questions and openly discuss their (and other’s) topics and presentations, creating a great atmosphere that felt like working with colleagues that have to solve the same issues and suffer the same pain :-)
RANCID on Ubuntu 14.10
Just a quick one today… RANCID (Really Awesome New Cisco config Differ) is a software to monitor a routers software and hardware configuration, and to maintain history of configuration changes by using CVS. If you need more information about Rancid, you can take a look at their website. Installing RANCID Installing Rancid is easy: root@[server]:/# apt-get install rancid After the installation, we can check for a new group and user on the system:
Running Proxmox VE 3.3 on a software RAID
During installation of Proxmox VE 3.3 (available here), you are only given the choice of what disk you want to use for the installation process, but not what disk layout you want to use. Now, there are several ways of installing Proxmox on a software RAID. One of them is to run through the standard installation process and add a software RAID afterwards, using mdadm. This blog post is just to show how setting up a software RAID on a fresh Proxmox installation worked for me!
Installing XenServer and Virtual Hosts in a Routed Network
A few days ago, we had to set up a XenServer Host, running on one of Hetzners dedicated servers. There are plenty of howto’s around, but since we happened to run into a few problems with routed networking and Domain Name Resolution during installation, that weren’t documented in Hetzners Wiki, i decided to provide a blog post for self-reference and as a way to contribute a (hopefully helpful) basic guide on how to install XenServer on a dedicated server - in our Case a Hetzner Root Server.