Writing Manifests for Windows This documentation applies to Puppet ≥ 2.7.6 and Puppet Enterprise ≥ 2.5. Earlier versions may behave differently. Just as on *nix systems, Puppet manages resources on Windows using manifests written in the Puppet language. There are several major differences to be aware of when writing manifests that manage Windows resources: Windows primarily uses the backslash as its directory separator character, and Ruby handles it differently in different circumstances. File Paths on Windows Windows file paths must be written in different ways at different times, due to various tools’ conflicting rules for backslash use. Windows file system APIs accept both the backslash (\) and forwardslash (/) to separate directory and file components in a path. As a result, any system that interacts with *nix and Windows systems as equal peers will unavoidably have complicated behavior around backslashes. The following guidelines will help you use backslashes safely in Windows file paths with Puppet. The Rule file
This is how Facebook Develops and Deploys Software. Should you care? A recently published academic paper by Prof. Dror Feitelson at Hebrew University, Eitan Frachtenberg a research scientist at Facebook, and Kent Beck (who is also doing something at Facebook), describes Facebook’s approach to developing and deploying their front-end software. While it would be more interesting to understand how back-end development is done (this is where the real heavy lifting is done scaling up to handle hundreds of millions of users), there are a few things in the paper that are worth knowing about. Continuous Deployment at Facebook is not Continuous Deployment Rather than planning work out in projects or breaking work into time boxed Sprints, Facebook developers do most of their work in independent, small changes which are released frequently. At Facebook, code can be released twice a day, but this is done mostly for bug fixes and internal code. Code Ownership Testing? Facebook doesn't have an independent test team, because, they say, they don’t need one. Security???
Fabric: a System Administrator's Best Friend Do you routinely make changes to more than a dozen machines at a time? Read this article to find out about a tool to make that task much easier. I'll be honest. Even though this library is fully five years old, I hadn't heard of Fabric until about six months ago. Installation Fabric requires Python 2.5 or later, the setuptools packaging/installation library, the ssh Python library, and SSH and its dependencies. Once installed, you will have access to the fab script from the command line. Operations The Fabric library is composed of nine separate operations that can be used in conjunction to achieve your desired effect. get(remote_path, local_path=None) — get allows you to pull files from the remote machine to your local machine.
Firefox Release Engineering Recently, the Mozilla Release Engineering team has made numerous advances in release automation for Firefox. We have reduced the requirements for human involvement during signing and sending notices to stakeholders, and have automated many other small manual steps, because each manual step in the process is an opportunity for human error. While what we have now isn't perfect, we're always striving to streamline and automate our release process. Our final goal is to be able to push a button and walk away; minimal human intervention will eliminate many of the headaches and do-overs we experienced with our older part-manual, part-automated release processes. In this chapter, we will explore and explain the scripts and infrastructure decisions that comprise the complete Firefox rapid release system, as of Firefox 10. This chapter describes the mechanics of how we generate release builds for Firefox. 2.1. This mindset has three important consequences: 2.2. Who Can Send the "Go to Build"? 2.3.
Building an SSH Botnet C&C Using Python and Fabric Introduction Disclaimer: I suppose it would be wise to put a disclaimer on this post. Compromising hosts to create a botnet without authorization is illegal, and not encouraged in any way. This post simply aims to show security professionals how attackers could use standard IT automation tools for a purpose in which they were not originally intended. System administrators often need to perform the same (or similar) tasks across a multitude of hosts. Fabric's documentation describes it as a "library and command-line tool for streamlining the use of SSH for application deployment or systems administration tasks." The "fab" Command-line Tool While we won't be using it much in this post, I don't feel a post about Fabric would be complete without mentioning the "fab" tool. Create a "fabfile" (more on this later)Use the fab tool to execute tasks defined in the fabfile on selected hosts The fab tool simply imports your fabfile and executes the function or functions you instruct it to. Great!
7 DevOps Habits Glenn O'Donnell and Kurt Bittner, Forrester Research analysts, have published a report that describes how developers and operations see each other when working in isolation and offers seven habits of collaboration between the two. Their "The Seven Habits Of Highly Effective DevOps" are: Getting the two sides to talk to each other Taking an outside-in approach to everything Automating the build, test and release processes so they contain less human error Simplifying and standardizing the development and production environments Instilling a culture of systems engineering across both development and operations Implementing feedback and feed-forward loops Putting developers on the front line of support They go into detail for each of them: Getting the two sides to talk to each other Talking face to face is a good way to learn about each other's daily challenges and struggles. Taking an outside-in approach to everything Simplifying and standardizing the development and production environments
How to set up SSH on Linux for AuthAnvil using PAM RADIUS Overview Purpose of this Guide To instruct users on the configuration steps necessary to set up support for AuthAnvil strong authentication in SSH on Linux using RADIUS. Requirements A version of Linux that supports PAM A working sshd implementation. Introduction SSH is a common way of remotely managing Linux servers. The rest of this document will step through the process to accomplish the implementation and configuration of AuthAnvil RADIUS support on a server running Ubuntu 9.10 and sshd. NOTE: The exact steps vary depending on the version of Linux in use. Configuring sshd to support RADIUS Authentication Step 1 – Run apt-get install libpam-radius-auth to install the PAM Radius Authentication Module (pam_radius_auth). Step 2 – Configure sshd for RADIUS Authentication by editing /etc/pam.d/sshd and adding the following line as the second line of the file: NOTE: If you need more verbose output, you can add the word debug to this line so that it reads: Add the line: Other Configurations
Facebook release engineering Facebook is headquartered in Menlo Park, California at a site that used belong to Sun Microsystems. A large sign with Facebook's distinctive "like" symbol—a hand making the thumbs-up gesture—marks the entrance. When I arrived at the campus recently, a small knot of teenagers had congregated, snapping cell phone photos of one another in front of the sign. Thanks to the film The Social Network, millions of people know the crazy story of Facebook's rise from dorm room project to second largest website in the world. But few know the equally intriguing story about the engine humming beneath the social network's hood: the sophisticated technical infrastructure that delivers an interactive Web experience to hundreds of millions of users every day. I recently had a unique opportunity to visit Facebook headquarters and see that story in action. As I passed through the front entrance of the campus and onto the road that circles the buildings, I saw the name on a street sign: Hacker Way.
Greg's Busy Hours: SSH and PAM and TACACS+ Recently I had to configure central point of authentication for number of servers. Cisco ACS was meant to be this authentication point. The first concept for this was to use PAM and RADIUS or TACACS+. With pam_tacplus (from tacplus.sf.net) the configuration occurred to be fairly easy. On Solaris 10 5/08: On Solaris 10 (SPARC) compilation of the pam_tacplus was easy - the only problem I had was the PATH settings. # export PATH=$PATH:/usr/ccs/bin:/usr/sfw/bin# make After compilation I have placed pam_tacplus.so library in /usr/lib/security Than I modified /etc/pam.conf by adding couple of lines: first_hitfirst_hit On RedHat 4.6 x64 (this was a bit tricky): First of all I had to compile pam_tacplus with -m64 option. In both files I added -m64 to CFLAGS. After 'make' I received nice 64bit pam_tacplus.so library which I placed in /lib64/security As the next step I modified /etc/pam.d/sshd file to look like: first_hitfirst_hit Please note 'service=ssh' and protocol='tcp' options. On ACS:
2nd International Workshop on Release Engineering, Mountain View, CA, USA, 2014 Abstract: Within the software development community the practices of continuous integration, continuous delivery, and other development process improvements have become widely adopted in recent years. It's generally accepted that these improvements to tools, process, and culture will have a positive impact on a software product's time to market, quality, feature set, etc. But how can one quantify the business value of these development process enhancements? Relevance: Release engineers are in a unique position to deliver an extraordinary amount of value to an R&D organization. Bio: Dan Tehranian is a release engineer and the "Economist in Residence" at Virtual Instruments, Inc., a dynamic and rapidly growing technology company headquartered in the heart of Silicon Valley.