[[PageOutline]] = 2011-01-25 = * [http://lca2011.linux.org.au/ linux.conf.au] LCA2011 Day 2 * Keynote: Vinton G. Cerf == '''!SysAdmin Miniconf''' == * <1> Implementing devops in the real world - Devdas Bhagat * [[Image(http://upload.wikimedia.org/wikipedia/commons/4/4e/Devops.png)]] * 講者主要想談的是如何讓開發者改變,開創新的公司文化?首先,讓開發者去面對客戶,其次是提供客服(Customer Service)、監控服務(Monitor System)、打包軟體(Packaging)、設定管理(Configuration Management)、分析日誌(Log Analysis)、版本控制等。 * <2> Brief history of time sync - Julien Goodwin * 介紹不同的振盪器,時鐘,到最後的 NTP(Network Time Protocol), PTP(Precision Time Protocol) * 時間同步的重要性:Log Analysis 日誌分析如果時間不對,也沒啥用了!! * <3> Samba4 update, new features and real users - Andrew Bartlett * <4> Setting up a HA cluster in 20 minutes + avoiding common errors - by Sander van Vugt * 講者是"[http://osdir.com/ml/attachments/pdftrU756ebWz.pdf A Practical Guide to XEN High Availability]"的作者 * [http://www.corosync.org Corosync Cluster Engine] - 用 Multicast 方式,讓叢集的每一台電腦自動加入。 * 講者用 SuSE 的 yast 工具,執行 cluster 的工具,然後產生 /etc/corosync/corosync.conf * 在 SuSE 底下用 [http://www.openais.org openais] 提供 Standards Based Cluster Framework * 用 crm_mon 指令來查目前叢集的狀態(命令列),或者用 crm_gui 圖形介面。 * OCF 比 heartbeat 新,所以講者建議用 OCF 或 LSB * <5> IPv6 issues and experience - by Peter Chubb * Issues: (1) Routing (2) Naming (3) DHCP/PXE boot still IPv4 (4) DNS, NTP is more complex than IPv4 * <6> Centrally monitoring almost anything - by Ken Wilson * 主要介紹使用 Nagios 的經驗分享 * http://docs.pnp4nagios.org * <7> Backing up network devices - by Julien Goodwin * 介紹如何備份 Cisco IOS, Juniper OS 等路由器的設定與作業系統 * http://www.shrubbery.net/rancid/ - RANCID : Really Awesome New Cisco confIg Differ * 用 CVS 或 SVN 紀錄網路設定檔,所以可以追蹤設定檔的變動歷史 * http://code.google.com/p/punc/ - PUNC : RANCID replacement * http://code.google.com/p/notch/ - Notch : A Network Operator's Toolkit for Command-line Hacking * http://code.google.com/p/mr-cli/ - Mr. CLI * <8> DNSSEC @ Mozilla - by Shyam Mani * DNS Security Extensions - 因為 DNS Cache 造成一些安全上的困擾,所以要用金鑰的方式來識別是否為同一個 DNS-IP 對應結果。 * http://www.opendnssec.org/ * http://dnsviz.net/d/mozilla.org/dnssec/ - 驗證 Mozilla.org 的 DNSSEC 運作正常 * <9> Lightening Talk - Enterprise File System (EFS) * http://openefs.org * <10> Lightening Talk - Building ISP using Open Source * L2TPNS - http://l2tpns.sf.net/ - 可以自己架 ISP 服務 * <11> Defending VoIP on the Internet - Craig Askings * 駭客會為了打昂貴的越洋電話或設法賺取利益而入侵 VoIP / SIP * 建議在 VPN 裡面用 VoIP (架設 SIP 服務) * http://www.fail2ban.org - fail2ban 可以幫忙根據嘗試密碼失敗的帳號進行封鎖動作 - [http://packages.debian.org/fail2ban Debian 套件 fail2ban] * http://etel.wiki.oreilly.com/wiki/index.php/SIP_DoS/DDoS_Mitigation * <12> Lazy management of a secure gateway - Mark Suter * <投影片> http://zwitterion.org/talks/sgs-20110125/lazy-gateway.pdf * [http://www.cacti.net/ Cacti] – Capacity Planning * [http://www.nagios.org/ Nagios] – Everything okay right now? * [http://netflow.cesnet.cz/ !NetFlow Monitor] – historical “tcpdump” * Logs – [http://www.balabit.com/network-security/syslog-ng/ syslog-ng] /archive/yyyy-mm-dd/ - 透過 syslog-ng 做歷史日誌檔歸檔 * <13> Bare metal recovery - Caesar Sun * <14> Resource allocation using cgroups - Steven Ellis * cgroup (control group) 是 Linux 核心 2.6.27 以後的新功能,看起來有助於管理虛擬機器的權限。 * Resource controllers includes (1) CPU/CPUSET (2) Memory (3) Network (4) I/O * 可以控制每個虛擬機器可以用的 CPU, Memory, Network & Disk I/O 資源比例為何 * http://libcg.sourceforge.net/ - libcgroup * http://www.kernel.org/doc/Documentation/cgroups/cgroups.txt * [http://broadcast.oreilly.com/print/37323.html Manage Your Performance with Cgroups and Projects] * [http://berrange.com/posts/2009/12/03/using-cgroups-with-libvirt-and-lxckvm-guests-in-fedora-12/ Using CGroups with libvirt and LXC/KVM guests in Fedora 12] * [http://www.serverwatch.com/print.php/3920051 Introduction to Linux Cgroups] * 安裝方法: {{{ ~$ sudo apt-get install cgroup-bin libcgroup1 }}} * Apache Example - /etc/cgconfig.conf {{{ group http { memory { memory.limit_in_bytes = 1024 } } }}} * Apache Example - /etc/sysconfig/httpd {{{ CGROUP_DAEMON="memory:/virt }}} * <15> Varnish and HTTP acceleration - Simon Lyall * <16> En-Visage-ing system and instrumented statistics - Lindsay Holmwood * http://visage-app.com * 基於 Ruby, 可以把 RRDTool 的資料匯入,並繪製成圖形,以方便呈現關聯性。 == '''Research and Student Innovation''' == * <*> Releasing Research as FOSS: Experiences from the K-Tree Project - by Chris De Vries * http://ktree.sourceforge.net/ - The algorithm is a hybrid of the B+-tree and k-means algorithms. == Yubikey == * https://conf.linux.org.au/wiki/Yubikey * 這次大會發了一個很像 USB 拇指碟的東西,叫做 Yubikey。試玩了一下,原來這是一個會依照時間產生密碼的裝置呢~挺有趣的!!