Professionally administering Linux is a very complex matter: it requires advanced skills on the kernel and on a lot of tools and utilities that are often combined in pipelines and scripts.

Professionals having a thorough understanding of the kernel know how to get optimal performance for specific workloads by tuning the right “knobs” and to what degree to do it. In addition to that they know what commands and tools should be used to gather all the information necessary to fix performance issues. This of course requires having a thorough understanding of the kernel scheduler, of memory allocators, of the virtual memory, the Virtual File System and so.

As anybody would expect, skilled professionals thoroughly know the Linux distribution they use – being able to install and remove software packages is absolutely not enough. They should know:

the file system standard layout used by the distro – so to honour it when installing custom software
how to create custom packages (such as RPM) to ease the installation of custom application and scripts
the peculiarities of the initialization process specific of the distribution, in order to sort out boot issues that may arise sooner or later
how to perform automated installations
how to use filesystems, partitioning and Logical Volume Management utilities to apply changes while keeping online the system

And of course a lot of other stuff.

X509 Certificates Howto – A Public Key Infrastructure Tutorial

Posted on May 6, 2023February 24, 2024 by Marco Antonio Carcano

As we saw in our post on Symmetric And Asymmetric Cryptography, asymmetric key pairs can be used to encrypt and digitally sign documents, but have a huge shortcoming: since they are just keys, they don't provide the metadata necessary to enable people to securely identify their owner. As we saw in the post on GNU Pretty-Good Privacy, GPG addresses this shortcoming by wrapping the key into a container object (the GPG key) that also embeds some metadata about the owner of the key. Of course also the IETF addressed this problem, defining the standard for X.509 certificates (currently X.509v3). X509 Certificates Howto & Public Key Infrastructure Tutorial explores X.509 certificates and how they are trusted by the means of a Public Key Infrastructure.

OpenSSH Tutorial – The Ultimate SSH Guide To Understand It

Posted on February 14, 2023April 18, 2024 by Marco Antonio Carcano

Every system administrator daily use SSH to connect to remote systems and perform they daily tasks: the very most of the time these consist into typing statements on the terminal or copying files from and to the remote system, or again running remote commands, but SSH is much more than this: it not only provides additional facilities such as agent or forwarding, port forwarding and X11 forwarding, but it has also a subsystem that can be exploited to provide SSH secured services such as SFTP.

The goal of the "OpenSSH Tutorial - The Ultimate SSH Guide To Understand It" post is to tell you what historically drove us to SSH, describe the protocol suite in detail and provide a thorough tutorial on using all of these facilities.

SSH is a huge topic: thoroughly explaining both server and client side would require much more than a single post - actually even just explaining server side would deserve several posts. For this reason this post shows only the minimum required settings that are required server side to enable the features that are instead thoroughly described client side. In addition to that, some parts of this post are a little bit redundant, but it was the only way I found to clearly explain how things work from the client perspective and from the server perspective.

This post is based on Red Hat Enterprise Linux 9, but the same concepts apply to the very most of the Linux distributions.

Linux Console Essential – Virtual Terminals, Terminal Emulation and configuring locale

Posted on December 9, 2022May 31, 2023 by Marco Antonio Carcano

Every time you interact with a computer, either using a command line or graphically, you are using a console. Despite its ease of use, a console must address and solve a lot of compatibility problems, for example properly interpreting control characters that may differ from terminal to terminal.

Being able to customize settings such as locale and keyboard layout is the basis, but it is not enough: , having at least a basic understanding of how a console works under the hood is certainly a valuable skill that lets you quickly and easily address some uncomfortable situations that sometimes arise, especially when connecting to old systems that, in the face of security best practices, for various reasons after decades are still there without being updated, maybe because very are running obsolete services that are not compatibles with up to date operating systems.

The "Linux Console Essential Virtual Terminals Terminal Emulation and configuring locale" post is meant to provide you everything it is necessary to know to solve the most common problems that may arise concerning the Linux console and locale.

LVM Tutorial – A Thorough Howto On The Logical Volume Manager

Posted on November 9, 2022November 10, 2022 by Marco Antonio Carcano

It is almost impossible not having heard about or not having used LVM: it is one of the pillars of every Linux distribution from decades ago. Almost everyone using Linux has used it to create or modify the basic storage structures of its Linux system. The trouble is that very often people are focused on the specific task they are onto, and neglect the time to investigate its amazing features. The goal of LVM Tutorial - A thorough howto on the Logical Volume Manager is to provide an easy yet comprehensive explanation on the most interesting features of LVM that it is very likely you will need to use sooner or later.

Managing Red Hat Network Satellite Clients With Ansible Roles And Playbooks

Posted on June 9, 2022June 16, 2022 by Marco Antonio Carcano

Managing Red Hat Network Satellite clients with Ansible roles and playbooks is a very powerful feature of Red Hat Network Satellite Server 6, as well as of its upstream project Katello. Conversely from Puppet, that requires the client host to install its agent package and to be registered to the Puppet master running on the Satellite or Capsule, Ansible does not require installing anything, since it relies on SSH or, to tell it in Red Hat Network Satellite 6 terms, it relies on remote execution with SSH.

This post shows you how to manage client hosts using Ansible, either executing the Ansible roles assigned to the host group the client host belongs to, or running Ansible playbooks using Job Templates.

The Linux distribution used in the examples is CentOS 7, but you can of course easily adapt it to any other Red Hat and derived Linux distribution.

Install Foreman-Proxy Using Ansible

Posted on April 22, 2022 by Marco Antonio Carcano

A Foreman proxy (that is the upstream software of the Red Hat Network Satellite Server 6 Capsules) is a server that mirrors the contents from Katello. It's primary aim is to facilitate content federation across various geographical locations, but it is often used to:

decrease the load on the central Katello server
reduce bandwidth usage onto geographical links
increase redundancy, and also to achieve a fine grained segregation level that may be required by some regulatory

Unless you are working in a quite small and not geographically distributed environment, it is very likely that you must provision a Foreman proxy sooner or later.

Provisioning Foreman proxies, same way as installing software in general, is a typical time consuming and error prone task that is often convenient to automate in some way.

As we already saw in the previous post, we can install Foreman proxy using Ansible having it to:

ensure that the target systems meet the minimal requirements
automatically partition the systems in the most convenient way
install everything taking in account of using the right versions of the involved packages so as to avoid installation failure because of wrong dependencies
set up all the configurations that are required to improve the usability of the installed environment
take care of issuing all the necessary statements to configure a Foreman proxy (a Capsule) on Katello (the Satellite) and automatically provision it

This is the second part of the "Install Katello Using Ansible" post: we are about to see how the playbooks developed in that post can be used to easily install Foreman-proxy using Ansible.