Linux DevOps Automate Everything

Blog and life update

Another twist in my life occurred. Life at Siemens was good and peaceful and that was the problem. I was becoming frustrated with tons of meetings every day with any pratical outcome and that was making me mad. It was really annoying to hear in every call “Let’s think over a week to decide”…

Not only that but the projects presented were like “How do I use the cloud?” As a Siemens colleague once said “I believe that you will become dumb in here” and it was true… I was feeling that I was becoming dumb.

The company where I am now was searching for someone with my profile so they engaged with me to have a litle talk and I accepted.

The conversation went good and the job seemed cool so I accepted the challenge.

After 2 weeks, my time in work flies like never before, in a better environment than in Siemens (didn’t really think that was possible)!

AB

Quick Meltdown Check

Just run this simple command on the terminal:

dmesg | grep "Kernel/User page tables isolation: enabled" && echo "Cool! Patched! You are on the right way! :)" || echo "Shit, you are still vulnerable :("

AB

Meltdown and Spectre

As you might have heard, there are 2 new major vulnerabilities and they are called Meltdown and Spectre.

Both are tie to the CPU manufacturing and to a process of preparing in cache the next cpu instruction leading this to a vulnerability called “speculative execution”

But I’m here just to show some real effects in AWS Cloud.

Everyone that has any instance at AWS should update their machines.

At this moment, new RedHat instances are patched but new Ubuntu instances are not yet patched so they need to be patched ASAP after creation.

It’s not yet the final solution but it patches some stuff.

Please check the pictures provided.

RedHat out-of-the-box (only git was installed)

Ubuntu 16.04 straight from AWS

Ubuntu 16.04 updated

There are tons of reading to do if you want. Some I found that where interesting are: https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability) https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)

Ubutu: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
RedHat: https://access.redhat.com/security/cve/CVE-2017-5754
AWS: https://alas.aws.amazon.com/ALAS-2018-939.html
Nextcloud: https://nextcloud.com/blog/security-flaw-in-intel-cpus-breaks-isolation-between-cloud-containers/

Git repo used to show the status: https://github.com/abacao/spectre-meltdown-checker

AB

AWS Cli Autocomplete

If you are using WSL and AWS Cli, you might be missing the TAB to autocomplete.

Follow the instruction below and behold the magic.

which aws_completer
complete -C '/usr/local/bin/aws_completer' aws

If it works, you have to keep this instruction started in every bash, so:

vim ~/.bashrc

Add the next line to the bottom of the file.

complete -C '/usr/local/bin/aws_completer' aws

Save, quit, start a new session and see if it worked.

AB

Ansible in WSL

Yet again another step to a better direction.

sudo apt-get -y install python-pip python-dev libffi-dev libssl-dev
pip install ansible
echo 'PATH=$HOME/.local/bin:$PATH' >> ~/.bashrc

Soon I will try to use Vagrant with Windows being the host of the VMs

AB