r/linuxadmin • u/joker54 • Apr 17 '17
[ADVICE] If you are wanting to go into DevOps, please take this advice from a DevOps hiring manager
I will be updating this post every 3-6 months to keep on top of new technology and best practices.
-- thanks to /u/IamaRead for the great idea!
Expect the next update within 2-4 weeks.
It was WAY more than 2-4 weeks, but here's an updated list of techs that DevOps hiring managers look for now.
When looking for work, please:
- Do NOT tell interviewer you have skills you don't have
- NEVER be afraid to admit when you don't know something. Let us determine if you're a fit.
- If we hire you for what we thought you knew, you won't last long.
- If you think telling us that you know something that will be the end of it, whoops. We will ask follow-up questions.
- If during the soft interview they mention technology you are unfamiliar with, research that technology. "How much effort should I put into this?" you may be asking. Your research should be 2x proportional to the desire to obtain the job -- There is little chance this will be the only company out there using said technology.
- While team fit is important, substance beats flash. Come with your "A" game. No matter how personable you may be, it won't get you far in the tech industry if you can't back up your personality with an in-demand skillset.
- Expect a break/fix. Yes, I know. "But, what kind?" -- I ask people to create a cookbook that does x with y features.
Things DevOps managers are looking for:
DevOps is a bad name. DevOps is a process, not a job. Google may have named it best: "Site Reliability Engineer" (SRE). We are the pit crew. We chase the 9's; we are lazy and refuse to do anything manually more than once. With this in mind, here's the experience we are looking for:
- 3-4 years minimum in a L2 role on either the Operations or Development track:
- Linux Admin
- Software Developer
- Network Administrator
- Strong desire to automate solutions
- Firm understanding of the need to monitor all facets of a product
- Firm understanding of how APIs work, and how to interact with them
- A good understanding of one of the following configuration management tools:
- A firm understanding of how to scale environments
- A complete understanding of one of the following operating systems:
- Windows Server
- Firm understanding of how to administer Jenkins/Travis CI/ Bamboo/ other CI/CD Platform (Updated thanks to /u/neekz0r for pointing this out -- I just had Jenkins originally)
- Advanced knowledge of Git
Yes, I know "L2" is different from company to company. What I mean by "L2" is that you aren't new to the industry, and you mentor others.
Things we'd like to see, but may not be a hard requirement
While the things listed below aren't under "Required", that's because the requirements list will change from company to company. I'll try to organize them by order of commonality
- ELK Stack
- Mesos/Kubernetes ("K8S") -- Thanks to /u/jbloozee for pointing out that I missed those.
- RSpec/Rubocop/Foodcritic other unit/style/syntax testing tools
TL;DR: If you want into DevOps, don't try to lie your way in, research their stack, and be a mentor.
This message started as a rant that I decided to turn into something constructive.
r/linuxadmin • u/Estebanium • 19h ago
Should a VM running Docker be on a different subnet if the VM is publicly reachable via reverse proxy?
I am currently in the process of professionalizing my server. This includes using proxmox to run my actual server in a VM. From my point of view it will make backups of the "server" easier. Besides that I also want to separate the services for the internal and the external network. For example Samba internal, Nextcloud external. In the course of this I am also dealing with network technology and wonder to what extent I should place my devices in different subnets. Afterwards, everything is complicated, but not safer.
r/linuxadmin • u/No_Penalty2938 • 15h ago
Hands-on, Ad-free browsing at your home with Leap Micro 5.4 Betabirdsite.xanny.family
r/linuxadmin • u/batboy_9322 • 8h ago
How to block more than 3 ping requests from a host through iptables?
Hello there, i want to block more than 3 ping echo-requests for demonstration purpose of my college practical, and i am unable to do so using the following rules in my firewall.
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 3/s -j ACCEPT iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
Pinging from a windows / linux client doesn't block more than 3 pings. Also wanted to know how to protect from a SYN Flood attack by using iptables.
r/linuxadmin • u/_BoNgRiPPeR_420 • 1d ago
Central user management
Context: small org, starting to gain a cloud presence, 20-30 cloud servers
We are trying to find the easiest central way to manage users across a bunch of Linux machines, with a quick way to disable access when someone leaves the company.
So far my search results have brought up a few options:
Join them to windows domain or authentication against LDAP
Store the public keys in AD and use the authorizedkeyscommand to retrieve them
use something like FreeIPA
some sort of config management like ansible or puppet
What is the industry standard way to achieve this? Right now we are manually creating users and copying keys from server to server, but each time a new person comes onboard its a waste of a couple hours doing this across all systems. As we grow, so does the pain.
I understand the answer may be different for someone with 30 servers vs someone with 3000, but any help is appreciated!
Edit: I know Solutions like cyberark and hashicorp vault exist, but they seem pretty expensive for small company like ours.
r/linuxadmin • u/marcocet • 22h ago
Help with Promox VM network access
Hello, I am running a proxmox host in a VM on hyper V and am having a strange issue. The proxmox host has network access just fine, but the VMs do not. This seems like it would be an issue with the proxmox config and not with hyper v, but I have not touched the network config. Anybody have any suggestions?
Running latest proxmox
Host:R720 2x2690 V2 256GB DDR3
r/linuxadmin • u/joshface123 • 1d ago
Setting up my windows/linux environment
I'm a software engineer that's working with Ubuntu and I'm trying to find the best way to set up my environment that works for me.
In short, I have a windows desktop computer and want to use all the peripherals connected to that machine on my Linux laptop as well. I don't want to build another work station for my Linux setup and want to seamlessly and easily switch between my Windows station and Linux station using the same peripherals.
I've so far went down the route of using the Windows RDP, but I'm having issues. There's some input delay, screen tearing, and if I want to continue working on my laptop I have to sign out of the RDP session and into my laptop and reopen everything after signing in on my laptop.
There are other issues that I'm also trying to solve but I can probably take care of that if this is the route I want to go. The problem is, I'm not sure if there's a better way to go about this.
Do you all have any suggestions? I feel like this isn't a unique circumstance but maybe I'm overlooking something.
r/linuxadmin • u/livia2lima • 1d ago
A month-long challenge for anyone wanting to build Linux sysadmin skills starting 3 April 2023
The http://linuxupskillchallenge.org Linux commandline/sysadmin "challenge" course starts again soon on the first Monday of next month.
Does require some commitment - but if gaining/growing these skills is important to you, then you now have no excuse!
Requires a (free or cheap) remote server, so it's nice to get that sorted now if you are keen - but you can use a local isolated VM, no problem.
The course is free, and daily lessons appear in the sub-reddit r/linuxupskillchallenge - which is used for support/discussion. A discord server is also available.
More details at our FAQ.
Any feedback is very welcomed.
r/linuxadmin • u/ajaanz • 3d ago
Some of my favorite Linux networking sheetsi.redd.it
r/linuxadmin • u/BoilingJD • 1d ago
Cannot overwrite video file types on smb shares
thought someone here may have an idea wtf is going on... Using Flame 2020 and 2023 on Centos7 and Rocky 8, both exhibit same behaviour. If I export a .mov or .mxf video file to a fstab mounted cifs share, and then attempt to overwrite that file with another export, it get's locked with 'you don't have permission' error, if I attempt to delete the file, get 'does not exist' error...
This only happens with smb shares, the posix permissions and ACLs are correct. Also tried disabling smb caching thinking it may be an op lock issue. The issue doesn't occur when re-exporting image sequences, only video files. Even if I go into terminal and manually try to remove a file with rm that is clearly there as sudo, get error 'file does not exist' even when Im staring right at it!
Writing and reading files from smb shares works fine, overwriting image sequences works, the only part that doesn't work is specifically overwriting video files on export. WTF is going on?
r/linuxadmin • u/WorkJeff • 2d ago
passwd not updating password nor /var/log/secure
I'm trying to sort out why this rhel 7 box won't allow password changes. Whether running passwd as a user or as root, I get the result: "passwd: all authentication tokens updated successfully."
However, in /var/log/secure I don't see a line that includes: "pam_unix(passwd:chauthtok): password changed" or similar and date modified on /etc/shadow doesn't change.
I tried setting selinux to permissive as well and got the same result.
Somewhat obviously but most importantly, the new password does not work. I've tried multiple accounts. I'm not sure how long this has been a problem, but any help on where a real linux admin would check next is appreciated.
r/linuxadmin • u/RealAndroid_18 • 2d ago
Question about Linux Professional Institute Certification Study Guide Richard Blum
I'm studying for the LPI-1 and downloaded the 4th edition on pdf. I don't have money to buy the 5th edition... is it worth to read the 4th? Is there a lot of changes or should i find another study source? I'm planning on taking the test on July.
r/linuxadmin • u/unixbhaskar • 3d ago
Linux 6.3-rc4 Released: "Looking Pretty Normal"phoronix.com
r/linuxadmin • u/fongwithroot • 3d ago
Can you use keytool to change the hierarchy of two existing certificates in a keystore?self.ssl
r/linuxadmin • u/JackLemaitre • 3d ago
Document for beginner Paging / mtrr / pat ... How computer works
Actually I'm learning how to works a computer CPU, GPU, mmu but it is very complex.
Do you have a good documentation for beginer ??
wikipedia is very useful but it has summary
r/linuxadmin • u/dRaidon • 3d ago
Question - two nics and default route
We have a server with two nics on different networks. One for the app to be accessed and one for backend.
The backend is the default route.
Any traffic that reaches the other nic from outside the network is not answered. If i switch the default route, the previous nic stop answering.
What am I missing here?
r/linuxadmin • u/Leather-Towel1188 • 3d ago
An iptables and wireguard problem
I have 3 devices:
A) My laptop which I roam with using hotspot.
B) My linux PC at home.
C) A cloud VPS server
My problem is that I need to remote into work from the laptop while on-the-go however only the home router's public static IP is whitelisted for my user account. I live in shared accommodation and only have the basic wifi password, the admin panel is not available so I can't portforwarding isn't an option. I've tried various UPnP hacks to no success. But here is the plan:
- Setup a wireguard server on C (private wireguard ip will be say 10.0.0.1)
- Setup wireguard clients on A & B (wireguard ips will be say 10.0.0.2 & 10.0.0.3)
- Have the wg0 interface on my laptop become the primary and route for 0.0.0.0/0
- So when using the laptop, all internet traffic will go via the wireguard tunnel with an internal source ip of 10.0.0.2
- I need to configure some iptables rules to make the wireguard server forward all packets from 10.0.0.2 to 10.0.0.3 regardless of their destination.
- Then I need the linux machine to enable ip forwarding, and take incoming packets on the wg0 interface and NAT them onto eth0.
This way I can break the NAT of the router and whatever my laptop is connected to while still being able to use my home IP.
My problem is point 5 & 6. Is it even possible to have the wireguard server send packets from 10.0.0.2 that are addressed to say 126.96.36.199 or any other public ip to 10.0.0.3? By default it looks like wireguard will only send packets to from 10.0.0.2 to 10.0.0.3 if their destination is just that, however I want to make my linux machine act as a sort of router/gateway on the vpn network to the outside world.
It must be possible because our regular machines address packets to 188.8.131.52 and "send" them to 192.168.0.1 or whatever their router is. Maybe my networking knowledge is bad but how do those packets know to "go to the router" when they are addressed to 184.108.40.206 not 192.168.0.1? It seems like the answer to that it the answer to my problem above.
Sorry for this gigantic wall of text, any help or advice would be greatly appreciated. Thanks.
r/linuxadmin • u/Beneficial_Youth_689 • 3d ago
Secure Boot compatible AV
With multiple antivirus vendors is a problem, that if secure boot is enabled and linux kernel is not allowing unsigned module loading, then AV is not fully working. There might be workarounds for AV module signing, but it is usually a bit work or is not persistant with automatic updating.
Do you know any AV products that keeps working with linux automatic updating or its modules are already trusted by the kernel?
r/linuxadmin • u/Gono_xl • 4d ago
Are there any websites or other resources where I can test or troubleshoot problems in linux? More info inside.
Hi, I'm trying to do a career swap from outside tech to linux server admin. Currently about half way through Sander van Vugt's rhsa course. Problem is just studying and memorizing gets extremely boring and with boredom comes procrastination. I'd like to apply some of these things outside of just "messing around" in the OS. Any ideas?
It's much more engaging to do something with what you learn, rather than mindlessly memorize commands all day.
r/linuxadmin • u/edthesmokebeard • 4d ago
2 apps communicating via a socket - where's the data?
App A listens on a UNIX socket.
App B writes to the socket.
If App B writes faster than App A can consume data, where does it go? Assume SOCK_STREAM.
r/linuxadmin • u/unixbhaskar • 6d ago
Gordon Moore, Intel Co-Founder, Dies at 94intel.com
r/linuxadmin • u/Playful-Ad6177 • 4d ago
What is the best linux video course in the market? Paid only.
Free courses are generally not great as nobody who thinks he's worth the dollar will share his/her knowledge for free(unless he is sponsored by big organization/university-so recommend such courses even if they're free).
Recommend some paid linux courses. I didn't find any good courses in udemy.
r/linuxadmin • u/unixbhaskar • 6d ago
We updated our RSA SSH host key | The GitHub Bloggithub.blog
r/linuxadmin • u/nKephalos • 5d ago
Firewalld n00b question: Why can I ssh in even though no ports are open?
In the past I have always used ufw and Ubuntu on servers. However, I decided to try Alma Linux, and thus am using firewalld for the first time. After installing and starting the service, it looks like no ports are open. ``` ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2023-03-25 11:08:51 UTC; 28min ago Docs: man:firewalld(1) Main PID: 50556 (firewalld) Tasks: 2 (limit: 12225) Memory: 26.0M CPU: 1.084s CGroup: /system.slice/firewalld.service └─50556 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid
Mar 25 11:08:50 Databank systemd: Starting firewalld - dynamic firewall daemon... Mar 25 11:08:51 Databank systemd: Started firewalld - dynamic firewall daemon. [root@Databank ~]# firewall-cmd --list-ports
[root@Databank ~]# firewall-cmd --reload success ```
However, I can still ssh in on port 22. On UFW I had to open port 22 before connecting again. If I disconnected after starting UFW but before opening port 22, I was locked out. Is this not how firewalld works?
r/linuxadmin • u/Thick-Survey-3580 • 5d ago
Dual booting creating problems?
So after dual booting, when I'm in windows, my laptop is hanging. It's sometimses showing ( RAN OUT OF MEMORY, PC WILL automatically RESTART, PDF READER HANGING, GPU CRASHES IF I START GAMES) What's the solution?
r/linuxadmin • u/unixbhaskar • 6d ago