[[PageOutline]] = 2011-01-25 = * [http://lca2011.linux.org.au/ linux.conf.au] LCA2011 Day 2 * Keynote: Vinton G. Cerf == '''!SysAdmin Miniconf''' == * <1> Implementing devops in the real world - Devdas Bhagat * [[Image(http://upload.wikimedia.org/wikipedia/commons/4/4e/Devops.png)]] * 講者主要想談的是如何讓開發者改變,開創新的公司文化?首先,讓開發者去面對客戶,其次是提供客服(Customer Service)、監控服務(Monitor System)、打包軟體(Packaging)、設定管理(Configuration Management)、分析日誌(Log Analysis)、版本控制等。 * <2> Brief history of time sync - Julien Goodwin * 介紹不同的振盪器,時鐘,到最後的 NTP(Network Time Protocol), PTP(Precision Time Protocol) * 時間同步的重要性:Log Analysis 日誌分析如果時間不對,也沒啥用了!! * <3> Samba4 update, new features and real users - Andrew Bartlett * <4> Setting up a HA cluster in 20 minutes + avoiding common errors - by Sander van Vugt * 講者是"[http://osdir.com/ml/attachments/pdftrU756ebWz.pdf A Practical Guide to XEN High Availability]"的作者 * [http://www.corosync.org Corosync Cluster Engine] - 用 Multicast 方式,讓叢集的每一台電腦自動加入。 * 講者用 SuSE 的 yast 工具,執行 cluster 的工具,然後產生 /etc/corosync/corosync.conf * 在 SuSE 底下用 [http://www.openais.org openais] 提供 Standards Based Cluster Framework * 用 crm_mon 指令來查目前叢集的狀態(命令列),或者用 crm_gui 圖形介面。 * OCF 比 heartbeat 新,所以講者建議用 OCF 或 LSB * <5> IPv6 issues and experience - by Peter Chubb * Issues: (1) Routing (2) Naming (3) DHCP/PXE boot still IPv4 (4) DNS, NTP is more complex than IPv4 * <6> Centrally monitoring almost anything - by Ken Wilson * 主要介紹使用 Nagios 的經驗分享 * http://docs.pnp4nagios.org * <7> Backing up network devices - by Julien Goodwin * 介紹如何備份 Cisco IOS, Juniper OS 等路由器的設定與作業系統 * http://www.shrubbery.net/rancid/ - RANCID : Really Awesome New Cisco confIg Differ * 用 CVS 或 SVN 紀錄網路設定檔,所以可以追蹤設定檔的變動歷史 * http://code.google.com/p/punc/ - PUNC : RANCID replacement * http://code.google.com/p/notch/ - Notch : A Network Operator's Toolkit for Command-line Hacking * http://code.google.com/p/mr-cli/ - Mr. CLI * <8> DNSSEC @ Mozilla - by Shyam Mani * DNS Security Extensions - 因為 DNS Cache 造成一些安全上的困擾,所以要用金鑰的方式來識別是否為同一個 DNS-IP 對應結果。 * http://www.opendnssec.org/ * http://dnsviz.net/d/mozilla.org/dnssec/ - 驗證 Mozilla.org 的 DNSSEC 運作正常 * <9> Lightening Talk - Enterprise File System (EFS) * http://openefs.org * <10> Lightening Talk - Building ISP using Open Source * L2TPNS - http://l2tpns.sf.net/ - 可以自己架 ISP 服務 * <11> Defending VoIP on the Internet - Craig Askings * 駭客會為了打昂貴的越洋電話或設法賺取利益而入侵 VoIP / SIP * 建議在 VPN 裡面用 VoIP (架設 SIP 服務) * http://www.fail2ban.org - fail2ban 可以幫忙根據嘗試密碼失敗的帳號進行封鎖動作 - [http://packages.debian.org/fail2ban Debian 套件 fail2ban] * http://etel.wiki.oreilly.com/wiki/index.php/SIP_DoS/DDoS_Mitigation * <12> Lazy management of a secure gateway - Mark Suter * <13> Bare metal recovery - Caesar Sun * <14> Resource allocation using cgroups - Steven Ellis * cgroup (control group) 是 Linux 核心 2.6.27 以後的新功能,看起來有助於管理虛擬機器的權限。 * http://www.kernel.org/doc/Documentation/cgroups/cgroups.txt * [http://berrange.com/posts/2009/12/03/using-cgroups-with-libvirt-and-lxckvm-guests-in-fedora-12/ Using CGroups with libvirt and LXC/KVM guests in Fedora 12] * [http://www.serverwatch.com/print.php/3920051 Introduction to Linux Cgroups] * <15> Varnish and HTTP acceleration - Simon Lyall == '''Research and Student Innovation''' == * <*> Releasing Research as FOSS: Experiences from the K-Tree Project - by Chris De Vries * http://ktree.sourceforge.net/ - The algorithm is a hybrid of the B+-tree and k-means algorithms.