Remote unlocking of LUKS-encrypted root in Ubuntu/Debian

This Post is now outdated. Particularly the said bug is finally fixed.

Updated version is available HERE

Unfortunately the bug-fixed version of cryptsetup package, caused incompatibilities with the previous version of the workaround. If you see this message when remotely unlocking your server:
/bin/cryptroot-unlock: line 192: 2: parameter not set

Run this command instead to boot your system:
sed 's/print $1, $5/print $1, $3/' /bin/cryptroot-unlock > /tmp/cryptroot-unlock; ash /tmp/cryptroot-unlock

And then remove the workaround and rebuild initramfs:
sudo sh -c 'rm /etc/initramfs-tools/hooks/zz-busybox-initramfs-fix && update-initramfs -u'

Thanks to Gabriel Burkholder for reporting this

Not so long ago, remote unlocking of a LUKS-encrypted root partition was difficult to setup. While essential for headless servers, all required steps needed to be done manually and compatibility was a concern.

Luckily, it is much simpler to do so in recent versions of Ubuntu/Debian. Unlocking an encrypted root remotely should be as simple as installing a single package… We’ll see about that in a moment.

I am not going to cover the required steps for setting up LUKS/LVM here. That information is widely available on the net and is only a search a way. Instead, I’m going to do a quick review of the Continue reading

RPM Post-Upgrade Scripts

Something different today: Here’s something I learnt about RPM package management, and post-upgrade scripts. It turns out that they don’t work the way I thought they did. Post-uninstall commands are called on both uninstall and upgrade. For my own reference as much as anyone’s here some info about it, and how to deal with it.

RPM Package Management

RPM is a Linux package management system. It is a way of distributing and managing applications installed on Linux systems. Packages get distributed as .rpm files. These contain the application binaries, configuration files, and application metadata such as dependencies. They can also contain scripts to run pre- and post- installations, upgrades and removal.

Using package management systems is a vast improvement over distributing source code, or requiring users to manually copy files around and run scripts themselves.

There is some effort required to get the spec files used to create packages. But once it has been set up, it is easy to create new versions of packages, and distribute them to users. System administrators can easily check which version they’re running, check what new versions are available, and upgrade.

We use RPMs to distribute StackStorm packages for RHEL/CentOS systems. Similarly, we distribute Continue reading

RPM Post-Upgrade Scripts

Something different today: Here’s something I learnt about RPM package management, and post-upgrade scripts. It turns out that they don’t work the way I thought they did. Post-uninstall commands are called on both uninstall and upgrade. For my own reference as much as anyone’s here some info about it, and how to deal with it.

RPM Package Management

RPM is a Linux package management system. It is a way of distributing and managing applications installed on Linux systems. Packages get distributed as .rpm files. These contain the application binaries, configuration files, and application metadata such as dependencies. They can also contain scripts to run pre- and post- installations, upgrades and removal.

Using package management systems is a vast improvement over distributing source code, or requiring users to manually copy files around and run scripts themselves.

There is some effort required to get the spec files used to create packages. But once it has been set up, it is easy to create new versions of packages, and distribute them to users. System administrators can easily check which version they’re running, check what new versions are available, and upgrade.

We use RPMs to distribute StackStorm packages for RHEL/CentOS systems. Similarly, we distribute Continue reading

VMware NSX and Check Point vSEC

One of the current challenges of data center security is the East-West traffic that has become so pervasive as modern applications communicate a great deal between their different components.  Conventional perimeter security is poorly placed to secure these lateral flows, to promote a zero-trust model in order to prevent threats moving within each application layer.  VMware NSX addresses this, providing virtual firewall at the virtual NIC of each VM with a management framework where micro-segmentation is achievable with a sensible level of overhead.  Check Point vSEC can be deployed in conjunction to provide threat and malware protection.

The VMware NSX Distributed Firewall (DFW) protects East-West L2-L4 traffic within the virtual data center. The DFW operates in the vSphere kernel and provides a firewall at the NIC of every VM.  This enables micro-segmented, zero-trust networking with dynamic security policy leveraging the vCenter knowledge of VMs and applications to build policy rather than using IP or MAC addresses that may change.  Tools for automation and orchestration as well as a rich set of APIs for partner and customer extensibility complete the toolset for security without impossible management overhead.  While this is a dramatic improvement in the security Continue reading

The top 7 Linux IoT projects

It’s a Linux world, and the rest of computing is just living in it – often literally, thanks to containerization. IoT, in all of its manifold forms, is no exception, and the Linux Foundation lists these seven projects as the key players in the march of connected open-source systems. Here’s a quick rundown.Automotive-Grade LinuxStarted: 2012Key Members: A mix of big car companies (including Mazda, Suzuki, Toyota, Honda, Nissan and Ford), and a diverse array of well-known tech names. Everything from carriers (China Mobile, NTT), silicon makers (Intel, ARM, Nvidia) to electronics powerhouses like LG, Samsung and Panasonic.To read this article in full or to leave a comment, please click here

Data should be stored in space, firm says

Space is significantly more data-center-friendly than earth, reckons a Los Angeles company that recently received a U.S. patent for a proposed galactic server farm and associated network.Cloud Constellation Corp. says it’s going to provide a way for organizations and governments to shift chunks of data around, without using the traditional terrestrial infrastructure that it says is slow, insecure and a legal minefield.“This concept will soon become reality,” president Cliff Beek says, writing in Nextgov about SpaceBelt. “Data will never pass through the internet or along its leaky and notoriously insecure lines. In-transit espionage, theft and surveillance become impossible.”To read this article in full or to leave a comment, please click here

IDG Contributor Network: Two ITIL processes that will protect your existence

In my recent blog entry, I talked about the future of the traditional IT organization and the need for sound governance and processes in the implementation of IT solutions, especially if they are leveraged through cloud and outsourced solution suppliers.IT service management (ITSM) and IT infrastructure library (ITIL) have become the dominant approach and best practices for operational excellence in most IT organizations. Yet, I question why so many have implemented only four or five of the 26 defined ITIL 2011 processes given the strength and magnitude of guidance that the ITIL IT service lifecycle provides.To read this article in full or to leave a comment, please click here

IDG Contributor Network: When it comes to cloud, one size does not fit all

While the cloud market is very competitive, enterprises are making it clear that when it comes to cloud, one size does not fit all. They can’t build their businesses by just relying on infrastructure-as-a-serve (IaaS) and committing to one vendor.These sentiments were echoed by Mary Meeker’s annual internet trends report, which found that companies are increasingly concerned about being locked-in with one cloud vendor. Citing data from Bain and Morgan Stanley, it was found that in 2015, 22 percent of organizations surveyed said they had concerns about using only one cloud vendor, compared with only seven percent in 2012.To read this article in full or to leave a comment, please click here

Unifying Massive Data at Cloud Scale

Enterprises continue to struggle with the issue of data: how to process and move the massive amounts that are coming in from multiple sources, how to analyze the different types of data to best leverage its capabilities, and how to store and unify it across various environments, including on-premises infrastructure and cloud environments. A broad array of major storage players, such as Dell EMC, NetApp and IBM are building out their offerings to create platforms that can do a lot of those things.

MapR Technologies, which made its bones with its commercial Hadoop distribution, is moving in a similar direction.

Unifying Massive Data at Cloud Scale was written by Jeffrey Burt at The Next Platform.

42% off Cable Organizer Electronics Accessories Travel Bag – Deal Alert

Do you have a ball of tangled up wires and adapters somewhere in the bottom of your bag? This Universal Electronics Accessories Travel Organizer provides a flexible organization solution for your electronics and computer accessories. It helps make you better organized with all the small items and gadgets.  Made of durable and weather-resistant nylon with well padded semi-flexible covers.  It's compact size of  8.8“ x W 6.1"allows it to easily stored in you laptop bag or backpack.  This travel organizers typical list price of $18.99 has been reduced 42% to just $10.98. See this deal on Amazon.To read this article in full or to leave a comment, please click here

1 2,040 2,041 2,042 2,043 2,044 3,858