1924219_92938015332_5265_n_large

John R. Ray

Chef, Inspec, and Dirty COW

Using Compliance to remediate CVE-2016-5195

Many of you know about or will hear about CVE-2016-5195 aka Dirty COW.

CVE-2016-5195
Bugzilla
FAQ

This particularly nasty kernel vulnerability has been around for years and likely affects a majority of the Linux nodes are currently running. The short form is that it allows an unprivileged user to gain root access to a system. I'm not . . .

Read More

November 28, 2016

Setting up Docker for Direct LVM

Devicemapper for the rest of us.

So guess what isn't in the upstream kernel? If you said AUFS then you'd be right.For all of us using RHEL/CentOS/OEL you might have noticed the default storage backend for Docker is devicemapper. You might have also noticed that it uses loop files for data storage which are slow and have a host of other problems. Seriously just do a . . .

Read More

October 13, 2016

SystemDocker

Getting Started w/ Docker and Systemd

SystemD?

So before anyone starts with all the Systemd hate I want to direct you to this comment by none other than Linus himself.

"I don't actually have any particularly strong opinions on systemd itself. I've had issues with some of the core developers that I think are much too cavalier about bugs and compatibility, and I think . . .

Read More

May 19, 2016

The Traveling DevOp - Windows Land

Tips, Tricks, and Advice for consultants

How many of us have shown up on site only to find out that we aren't allowed to use our own laptops on the customers network? "Welcome to Company X, where everything is locked down Windows and productivity doesn't matter." Working on a system that is completely locked down can really hold you back, and while I'm not . . .

Read More

January 28, 2016

Do You Really Need and Ops Team

Startups and DevOps

The following is an excerpt from a conversation I had w/ a developer who is part of a small start up. Most of the conversation was related to DevOps principals and toolchains, but after he told me about their staff of five I became worried that this was really too much. He was already worrying about CI/CD, Configuaration Management, and . . .

Read More

October 27, 2015

Nginx Reverse Proxy for your Docker Registry

Part 2 of Setting up a Docker Registry

Who is tired of typing :5000 every time you push or pull something from your private registry? Since everyone is raising their hands and several of you are screaming in fits of rage, I'm going to tell you a really quick way to set up Nginx to reverse proxy our traffic from port 80 and 443 to 5000.

Nginx?

Nginx (pronounced "engine . . .

Read More

October 26, 2015

Setting up a Docker V2 Registry

So the v2 implementation of the Docker Registry is out. You can find it here. As I continue to experiment with containerization I though it would be nice to have a private registry for me to work out of.

Before you begin!

In order for this to work you need to be running docker ~> 1.6. I'm using 1.8.3 in this example. You will also . . .

Read More

October 25, 2015

Archive