Running Docker in Production

Running Docker in Production

Background This blog series is focused on programmers, systems administrators, and application administrators that want to run Docker in production. The subject matter ranges from workflow and practical guidelines to security and best practices in manageability.   A Practical Introduction to Docker Containers A Practical Introduction to the Docker Registry Server Core Builds in the

Securing Docker Containers with sVirt and Trusted Sources

Securing Docker Containers with sVirt and Trusted Sources

Background As has been stated before, Docker containers do not contain all of the parts of the operating system necessary to be considered secure. That said, the advantages of using them is so compelling that many companies, large and small, have began to investigate how to run containers in a production environment. I would argue

CentOS Post Mortem & Analysis

Background I manage the crunchtools lab and the infrastructure for this blog similar to a development data center. I have a rigorous weekly checklist, which includes optionally applying operating system patches as they are available. I do not perform the updates every week because of time constraints, but when I do, I patch all of

OpenSSL Certificate Authority

Background Recently, I discovered how to use the openssl provided CA script to create a certificate authority and self signed certificates. Traditionally, I had ran all fo the commands manually. When using the CA script it is critical to understand the underlying security concepts. Certificate Authority Openssl has infrstructure to create a long lived Certificate

Designing a Robust Monitoring System

Reading Ted Dziuba’s article Monitoring Theory article, I was reminded of several conventions that I have developed over the years to help with monitoring servers, network devices, software services, batch processes, etc. First, break down your data points into levels so that you can decide how to route them. Second avoid interrupt driven technology like email, it lowers your productivity and prohibits good analysis techniques.

Decade of Storage: Analysis of Data Costs

Yesterday, I noticed this interesting tidbit from Rackspace calculating the cost of data over the last Decade of Storage. Of course, there a few bumps in the road that made me chuckle. Interestingly, in the last couple of years it plots the cost from $0.40/GB to $0.06/GB. This ties together a whole bunch of things that I have thought about over the last couple of years. First, now is a wonderful time to be a user buying storage for personal audio and video. Second, regular people are going to have to start to learn data management strategies. Finally, this cost isn’t even close to what it is for me in my data center. It is easy for us to celebrate the cheap cost of raw storage while loosing track of the total cost of ownership for data. I will elaborate.

OpenSSH and Keychain for Systems Administrators

This tutorial provides guidance on best practices and configuration of OpenSSH/Keychain, but also includes some important troubleshooting techniques for which documentation is somewhat lacking. These techniques took me several years to develop and I have tried to compile them here in one concise post so that others do not have to suffer through the arduous learning process

System’s Administrator’s Lab: Testing

Today, I got an email from the Fedora package manager, Red, who let me know that there was a problem with Petit. I don’t think he knew it, but it was actually my fault that the whole thing got screwed up, so I felt kind of bad. Well, to make a long story short, when

Systems Administrator’s Lab: Cacti Development

Background Today, I finally took the time to update a Cacti Data Query which I wrote a while back. When I took a look at it, I found out that it was never actually working for other people strait out of the box. This data query graphs BGP prefixes, messages received and messages sent. I

Bootstrapping and Rooting Documentation: Part3

Background In Part 1, I described a method of documentation where the introduction of the system is made using the documentation. This builds consensus, enculturates an operations group, and provides a platform unto which more automation can be built. In Part 2, I elaborated on the ideas of Bootstrapping & Rooting, Self Service Culture, and