document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-25 23:11:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/LCTT/TranslateProject into translating

Browse Source
This commit is contained in:
geekpi 2022-06-23 08:33:41 +08:00
commit 07dcf437e3
14 changed files with 1128 additions and 453 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
published/20210531 Get started with Kubernetes using chaos engineering.md Normal file
View File

@ -0,0 +1,72 @@
[#]: subject: (Get started with Kubernetes using chaos engineering)
[#]: via: (https://opensource.com/article/21/5/kubernetes-chaos)
[#]: author: (Jessica Cherry https://opensource.com/users/cherrybomb)
[#]: collector: (lujun9972)
[#]: translator: (Donkey-Hao)
[#]: reviewer: (turbokernel, wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-14743-1.html)
在 Kubernetes 中使用混沌工程
======
> 在这篇文章中学习混沌工程的基础知识。
![](https://img.linux.net.cn/data/attachment/album/202206/22/110901xbb88ccb8lfcgcrl.jpg)
混沌工程是由科学、规划以及实验组成的。它是一门在系统上进行实验的学科,用来建立系统在生产中承受混乱条件能力的信心。
首先,我会在文章导论部分解释混沌系统如何工作。
### 如何开始学习混沌系统呢?
以我的经验,开始学习混沌系统的最好方式是触发一个此前生产中出现的事故来进行实验。使用过去的数据,制定一个计划,以相同的方式破坏你的系统,然后建立修复策略,并确认结果满足你预期。如果计划失败,你就有了一种新的实验方式,并朝着快速处理问题的新方式前进。
最重要的是,你可以随时记录所有内容,这意味着,随着时间的推移,整个系统将被完整记录下来,任何人都可以值守而无需太多加码,每个人都可以在周末好好休息。
### 你要在混沌工程中做什么?
混沌系统实验运行背后有一些科学依据。我记录了其中一些步骤:
1. **定义一个稳定状态:** 使用监控工具来搜集当系统没有问题或事故时,看起来功能正常的数据。
2. **提出假设或使用先前的事故:** 现在你已经定义了一个稳定状态,请提出一个关于在事故或中断期间会发生(或发生过)的情况的假设。用这个假设来得出一系列将会发生的事故,以及如何解决问题的理论。然后你可以制定一个故意引发该问题的计划。
3. **引发问题:** 用这个计划来破坏系统,并开始在真实环境中测试。收集破坏时的指标状态,按计划修复,并追踪提出解决方案所需时长。确保你把所有的东西都记录下来,以备将来发生故障时使用。
4. **试图推翻你的假设:** 实验中最精彩的部分是尝试推翻你的思考或计划。你要创建一个不同的状态,看看你能走多远,并在系统中生成一个不同的稳定状态。
确保在你在另一个系统中生成的破坏因素前,建立一个处于稳定状态的控制系统。这将使你更容易在实验前、期间和之后发现各种稳定状态的差异。
### 混沌工程需要什么?
这有一些初学混沌工程很好的工具:
* 良好的文档编制方法
* 一个捕捉你系统是否处于稳定状态的监控系统
* Grafana
* Prometheus
* 混沌工程工具:
* Chaos mesh
* Litmus
* 之后的文章我会介绍更多
* 一个假设
* 一个计划
### 去搞破坏吧
现在你已经掌握了基础,是时候去安全的摧毁你的系统了。我计划每年制造四次混乱,然后努力实现每月一次的破坏。
混沌工程是一种很好的实践,也是推进你的内部文档保持最新的好方法。此外,随着时间的推移,新升级或应用程序部署将更加顺畅,你的日常生活管理将通过 Kubernetes 变得更加轻松。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/kubernetes-chaos
作者:[Jessica Cherry][a]
选题:[lujun9972][b]
译者:[Donkey](https://github.com/Donkey-Hao)
校对:[turbokernel](https://github.com/turbokernel), [wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/cherrybomb
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/brett-jordan-chaos-unsplash.jpg?itok=sApp5dVd (Scrabble letters spell out chaos for chaos engineering)

61
translated/tech/20220607 How Garbage Collection works inside a Java Virtual Machine.md → published/20220607 How Garbage Collection works inside a Java Virtual Machine.md
View File

@ -3,17 +3,16 @@
[#]: author: "Jayashree Huttanagoudar https://opensource.com/users/jayashree-huttanagoudar"
[#]: collector: "lkxed"
[#]: translator: "lkxed"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-14742-1.html"
JVM 垃圾回收的工作原理
======
对于程序员来说,掌握 Java 的内存管理机制并不是必须的,但它能够帮助你更好地理解 JVM 是如何处理程序中的变量和类实例的。
![咖啡豆][1]
![](https://img.linux.net.cn/data/attachment/album/202206/22/094238qvh45pv2jtpde9td.jpg)
图源Pixabay. CC0.
> 对于程序员来说,掌握 Java 的内存管理机制并不是必须的,但它能够帮助你更好地理解 JVM 是如何处理程序中的变量和类实例的。
Java 之所以能够如此流行,自动 <ruby>垃圾回收<rt>Garbage Collection</rt></ruby>GC功不可没它也是 Java 最重要的几个特性之一。在这篇文章中我将说明为什么垃圾回收如此重要。本文的主要内容为自动的分代垃圾回收、JVM 划分内存的依据,以及 JVM 垃圾回收的工作原理。
@ -21,10 +20,10 @@ Java 之所以能够如此流行,自动 <ruby>垃圾回收<rt>Garbage Collecti
Java 程序的内存空间被划分为以下四个区域:
1. 堆区Heap:对象实例就是在这个区域分配的。不过,当我们声明一个对象时,堆中不会有任何内存分配发生,只是在栈中创建了一个对象的引用而已。
2. 栈区Stack:方法、局部变量和类的实例变量就是在这个区域分配的。
3. 代码区Code:这个区域存放了程序的字节码。
4. 静态区Static:这个区域存放了程序的静态数据和静态方法。
1. <ruby>堆区<rt>Heap</rt></ruby>:对象实例就是在这个区域分配的。不过,当我们声明一个对象时,堆中不会发生任何内存分配,只是在栈中创建了一个对象的引用而已。
2. <ruby>栈区<rt>Stack</rt></ruby>:方法、局部变量和类的实例变量就是在这个区域分配的。
3. <ruby>代码区<rt>Code</rt></ruby>:这个区域存放了程序的字节码。
4. <ruby>静态区<rt>Static</rt></ruby>:这个区域存放了程序的静态数据和静态方法。
### 什么是自动垃圾回收?
@ -34,13 +33,13 @@ Java 程序的内存空间被划分为以下四个区域:
垃圾回收的基本步骤如下:
#### 1. 标记已使用和未使用的对象
#### 1标记已使用和未使用的对象
在这一步骤中,已使用和未使用的对象会被分别做上标记。这是一个及其耗时的过程,因为需要扫描内存中的所有对象,才能够确定它们是否正在被使用。
![标记已使用和未使用的对象][2]
#### 2. 扫描/删除对象
#### 2扫描/删除对象
有两种不同的扫描和删除算法:
@ -62,56 +61,56 @@ Java 程序的内存空间被划分为以下四个区域:
为了提升垃圾回收中的“标记清除”的效率JVM 将对内存划分成以下三个“代”:
* 年轻代
* 老年代
* 永久代
* <ruby>新生代<rt>Young Generation</rt></ruby>
* <ruby>老年代<rt>Old Generation</rt></ruby>
* <ruby>永久代<rt>Permanent Generation</rt></ruby>
![Hotspot 堆内存结构][5]
下面我将介绍每个“代”及其主要特征。
#### 年轻
#### 新生
所有创建不久的对象都存放在这里。年轻代被进一步分为以下两个区域:
所有创建不久的对象都存放在这里。新生代被进一步分为以下两个区域:
1. 伊甸区Eden:所有新创建的对象都在此处分配内存。
2. 幸存者区Survivor分为 S0 和 S1:经历过一次垃圾回收后,仍然存活的对象会被移动到两个幸存者区中的一个。
1. <ruby>伊甸区<rt>Eden</rt></ruby>:所有新创建的对象都在此处分配内存。
2. <ruby>幸存者区<rt>Survivor</rt></ruby>,分为 S0 和 S1:经历过一次垃圾回收后,仍然存活的对象会被移动到两个幸存者区中的一个。
![对象分配][6]
年轻代发生的分代垃圾回收被称为 “Minor GC”。Minor GC 过程中的每个阶段都是“<ruby>停止世界<rt>Stop The World</rt></ruby>STW这会导致其他应用程序暂停运行直到垃圾回收结束。这也是 Minor GC 更快的原因。
新生代发生的分代垃圾回收被称为 “<ruby>次要回收<rt>Minor GC</rt></ruby>LCTT 译注:也称为“<ruby>新生代回收<rt>Young GC</rt></ruby>”)。Minor GC 过程中的每个阶段都是“<ruby>停止世界<rt>Stop The World</rt></ruby>STW这会导致其他应用程序暂停运行直到垃圾回收结束。这也是次要回收更快的原因。
一句话总结:伊甸区存放了所有新创建的对象,当它的可用空间被耗尽,第一次垃圾回收就会被触发。
![填充伊甸区][7]
Minor GC:在该垃圾回收过程中,所有存活和死亡的对象都会被做上标记。其中,存活对象会被移动到 S0 幸存者区。当所有存活对象都被移动到了 S0未被引用的对象就会被删除。
次要回收:在该垃圾回收过程中,所有存活和死亡的对象都会被做上标记。其中,存活对象会被移动到 S0 幸存者区。当所有存活对象都被移动到了 S0未被引用的对象就会被删除。
![拷贝被引用的对象][8]
S0 中的对象年龄为 1因为它们挺过了一次 Minor GC。此时,伊甸区和 S1 都是空的。
S0 中的对象年龄为 1因为它们挺过了一次次要回收。此时,伊甸区和 S1 都是空的。
每当完成清理后,伊甸区就会再次接受新的存活对象。随着时间的推移,伊甸区和 S0 中的某些对象被宣判死亡(不再被引用),并且伊甸区的可用空间也再次耗尽(填满了),那么 Minor GC 又将再次被触发。
每当完成清理后,伊甸区就会再次接受新的存活对象。随着时间的推移,伊甸区和 S0 中的某些对象被宣判死亡(不再被引用),并且伊甸区的可用空间也再次耗尽(填满了),那么次要回收 又将再次被触发。
![对象年龄增长][9]
这一次,伊甸区和 S0 中的死亡和存活的对象会被做上标记。其中,伊甸区的存活对象会被移动到 S1并且年龄增加至 1。S0 中的存活对象也会被移动到 S1并且年龄增加至 2因为它们挺过了两次 Minor GC。此时伊甸区和 S0 又是空的了。每次 Minor GC 之后,伊甸区和两个幸存者区中的一个都会是空的。
这一次,伊甸区和 S0 中的死亡和存活的对象会被做上标记。其中,伊甸区的存活对象会被移动到 S1并且年龄增加至 1。S0 中的存活对象也会被移动到 S1并且年龄增加至 2因为它们挺过了两次次要回收)。此时,伊甸区和 S0 又是空的了。每次次要回收之后,伊甸区和两个幸存者区中的一个都会是空的。
新对象总是在伊甸区被创建,周而复始。当下一次垃圾回收发生时,伊甸区和 S1 都会被清理,它们中的存活对象会被移动到 S0 区。每次 Minor GC 之后这两个幸存者区S0 和 S1就会交换一次。
新对象总是在伊甸区被创建,周而复始。当下一次垃圾回收发生时,伊甸区和 S1 都会被清理,它们中的存活对象会被移动到 S0 区。每次次要回收之后这两个幸存者区S0 和 S1就会交换一次。
![额外年龄增长][10]
这个过程会一直进行下去,直到某个存活对象的年龄达到了某个阈值,然后它就会被移动到一个叫做“老年代”的地方,这是通过一个叫做“晋升”的过程来完成的。
使用 `-Xmn` 选项可以设置年轻代的大小。
使用 `-Xmn` 选项可以设置新生代的大小。
### 老年代
这个区域存放着那些挺过了许多次 Minor GC,并且达到了某个年龄阈值的对象。
这个区域存放着那些挺过了许多次次要回收,并且达到了某个年龄阈值的对象。
![晋升][11]
在上面这个示例图表中,晋升的年龄阈值为 8。在老年代发生的垃圾回收被称为 “Major GC”。
在上面这个示例图表中,晋升的年龄阈值为 8。在老年代发生的垃圾回收被称为 “<ruby>主要回收<rt>Major GC</rt></ruby>”。LCTT 译注:也被称为“<ruby>全回收<rt>Full GC</rt></ruby>”)
使用 `-Xms``-Xmx` 选项可以分别设置堆内存大小的初始值和最大值。LCTT 译注:结合上面的 `-Xmn` 选项,就可以间接设置老年代的大小了。)
@ -123,13 +122,13 @@ S0 中的对象年龄为 1因为它们挺过了一次 Minor GC。此时
#### 元空间
Java 8 引入了元空间,并用它替换了永久代。这么做的好处是自动调整大小,避免了 <ruby>内存不足<rt>OutOfMemory</rt></ruby>OOM错误。
Java 8 引入了<ruby>元空间<rt>Metaspace</rt></ruby>,并用它替换了永久代。这么做的好处是自动调整大小,避免了 <ruby>内存不足<rt>OutOfMemory</rt></ruby>OOM错误。
### 总结
本文讨论了各种不同的 JVM 内存“代”,以及它们是如何在分代垃圾回收算法中起作用的。对于程序员来说,掌握 Java 的内存管理机制并不是必须的,但它能够帮助你更好地理解 JVM 处理程序中的变量和类实例的方式。这种理解使你能够规划和排除代码故障,并理解特定平台固有的潜在限制。
正文配图来自Jayashree HuttanagoudarCC BY-SA 4.0
*正文配图来自Jayashree HuttanagoudarCC BY-SA 4.0*
--------------------------------------------------------------------------------
@ -138,7 +137,7 @@ via: https://opensource.com/article/22/6/garbage-collection-java-virtual-machine
作者:[Jayashree Huttanagoudar][a]
选题:[lkxed][b]
译者:[lkxed](https://github.com/lkxed)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

70
translated/tech/20220610 Run Windows Apps And Games Using WineZGUI On Linux.md → published/20220610 Run Windows Apps And Games Using WineZGUI On Linux.md
View File

@ -3,44 +3,40 @@
[#]: author: "sk https://ostechnix.com/author/sk/"
[#]: collector: "lkxed"
[#]: translator: "geekpi"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-14744-1.html"
在 Linux 上使用 WineZGUI 运行 Windows 应用和游戏
======
WineZGUI - 一个使用 Zenity 的 Wine GUI 前台
不久前,我们写了关于 **[Bottles][1]** 的文章,这是一个开源的图形应用,可以在 Linux 操作系统上轻松运行 Windows 软件和游戏。今天,我们将讨论一个类似的有趣项目。向 **WineZGUI** 打个招呼,它是一个 Wine GUI 前台,可以**[在 Linux 上用 Wine 运行 Windows 应用和游戏][2]**。
![](https://img.linux.net.cn/data/attachment/album/202206/22/160322tds2ut05d8jqdlzz.jpg)
> WineZGUI - 一个使用 Zenity 的 Wine GUI 前台
#### 内容
1. 什么是 WineZGUI
2. Bottles 与 WineZGUI
3. 如何在 Linux 中安装 WineZGUI
4. 在 Linux 中用 WineZGUI 运行 Windows 应用和游戏
5. 总结
不久前,我们写了关于 [Bottles][1] 的文章,这是一个开源的图形应用,可以在 Linux 操作系统上轻松运行 Windows 软件和游戏。今天,我们将讨论一个类似的有趣项目。向 **WineZGUI** 打个招呼,它是一个 Wine GUI 前台,可以 [在 Linux 上用 Wine 运行 Windows 应用和游戏][2]。
### 什么是 WineZGUI
WineZGUI 是一个 Bash 脚本的集合,它允许你轻松地管理 wine 前缀,并在 Linux 上使用 **Zenity** 提供更容易的 wine 游戏体验。
WineZGUI 是一个 Bash 脚本的集合,它允许你轻松地管理 Wine 前缀,并在 Linux 上使用 **Zenity** 提供更轻松的 Wine 游戏体验。
使用 WineZGUI我们可以直接从文件管理器中启动 Windows exe 文件或游戏,而无需安装它们。
LCTT 译注Wine 前缀是一个特殊文件夹Wine 在其中放置所有 Wine 特定的文件,安装 Windows 程序、库和注册表代码,以及用户首选项。)
WineZGUI 为每个应用或游戏创建快捷方式,以便于访问,同时也为每个 exe 二进制文件创建单独的前缀
使用 WineZGUI我们可以直接从文件管理器中启动 Windows EXE 文件或游戏,而无需安装它们
当你用 WineZGUI 启动一个 Windows exe 文件时,它会提示你是否使用默认的 wine 前缀或创建一个新的前缀。默认的前缀是 `~/.local/share/winezgui/default`
WineZGUI 为每个应用或游戏创建快捷方式,以便于访问,同时也为每个 EXE 二进制文件创建单独的前缀
如果你选择为 windows 二进制文件或 exe 创建一个新的前缀WineZGUI 将尝试从 exe 文件中提取产品名称和图标,并创建一个桌面快捷方式
当你用 WineZGUI 启动一个 Windows EXE 文件时,它会提示你是否使用默认的 Wine 前缀或创建一个新的前缀。默认的前缀是 `~/.local/share/winezgui/default`
当你以后启动相同的 exe 或二进制文件时,它将建议你用先前的相关前缀来运行它
如果你选择为 Windows 二进制文件EXE创建一个新的前缀WineZGUI 将尝试从 EXE 文件中提取产品名称和图标,并创建一个桌面快捷方式
说得通俗一点WineZGUI 只是一个用于官方原始 wine 的 Wine 和 winetricks 的简单 GUI。当我们启动一个 exe 来玩游戏时Wine 前缀的设置是自动的
当你以后启动相同的二进制文件EXE它将建议你用先前的相关前缀来运行它
你只需打开一个 exe它就会创建一个前缀和一个桌面快捷方式并从该 exe 中提取名称和图标
说得通俗一点WineZGUI 只是一个用于官方原始 Wine 的简单 GUI。当我们启动一个 EXE 来玩游戏时Wine 前缀的设置是自动的
它使用 **exiftool****icotool** 工具来分别提取名称和图标。你可以通过现有的前缀打开一个 exe 来启动该游戏,或者使用桌面快捷方式。
你只需打开一个 EXE它就会创建一个前缀和一个桌面快捷方式并从该 EXE 中提取名称和图标。
它使用 `exiftool``icotool` 工具来分别提取名称和图标。你可以通过现有的前缀打开一个 EXE 来启动该游戏,或者使用桌面快捷方式。
WineZGUI 是一个在 GitHub 上免费托管的 shell 脚本。你可以抓取源代码,改进它,修复错误和增加功能。
@ -48,30 +44,30 @@ WineZGUI 是一个在 GitHub 上免费托管的 shell 脚本。你可以抓取
你可能想知道 WineZGUI 与 Bottles 相比如何。但这些应用之间有一个微妙的区别。
**Bottles 是面向前缀的**和**面向运行器的**。意思是Bottles 首先创建一个前缀,然后使用不同的 exe 文件。Bottles 不会记住 exe 的前缀。Bottles 使用不同的运行器。
**Bottles 是面向前缀的**和**面向运行器的**。意思是Bottles 首先创建一个前缀,然后使用不同的 EXE 文件。Bottles 不会记住 EXE 的前缀。Bottles 使用不同的运行器。
**WineZGUI 是面向 exe 的**。它使用 exe 只为该 exe 创建一个前缀。下次我们打开一个 exe 时,它将询问是否用现有的 exe 前缀启动。
**WineZGUI 是面向 EXE 的**。它使用 EXE 并只为该 EXE 创建一个前缀。下次我们打开一个 EXE 时,它将询问是否用现有的 EXE 前缀启动。
WineZGUI 不提供像 **bottles****[lutris][3]** 那样的高级功能,如运行程序、在线安装程序等。
WineZGUI 不提供像 Bottles 或 [lutris][3] 那样的高级功能,如运行程序、在线安装程序等。
### 如何在 Linux 中安装 WineZGUI
确保你已经安装了 WineZGUI 的必要先决条件。
**Debian/Ubuntu**
Debian/Ubuntu
```
$ sudo dpkg --add-architecture i386
$ sudo apt install zenity wine winetricks libimage-exiftool-perl icoutils gnome-terminal
```
**Fedora**
Fedora
```
$ sudo dnf install zenity wine winetricks perl-Image-ExifTool icoutils gnome-terminal
```
官方推荐的安装 WineZGUI 的方法是使用 **[Flatpak][4]**
官方推荐的安装 WineZGUI 的方法是使用 [Flatpak][4]。
安装完 Flatpak 后,逐一运行以下命令,在 Linux 中安装 WineZGUI。
@ -107,12 +103,12 @@ $ flatpak --user -y install io.github.WineZGUI_0_4_20220608.flatpak
* 打开 Winetricks GUI 和 CLI。
* 启动 Wine 配置。
* 启动资源管理器。
* 打开 BASH shell。
* 打开 BASH Shell。
* 关闭所有的应用/游戏,包括 WineZGUI 界面。
* 删除 wine 前缀。
* 删除 Wine 前缀。
* 查看已安装的 WineZGUI 版本。
为了演示,我将打开一个 .exe 文件。
为了演示,我将打开一个 EXE 文件。
在下一个窗口中,选择要运行的 EXE 文件。在我的例子中,它是 WinRAR。
@ -126,11 +122,11 @@ $ flatpak --user -y install io.github.WineZGUI_0_4_20220608.flatpak
![Install WinRAR In Linux][9]
点击 OK 来完成 WinRAR 的安装。
点击 OK 来完成 WinRAR 的安装。
![Complete WinRAR Installation][10]
点击“运行 WinRAR” 来启动它。
点击 <ruby>运行 WinRAR<rt>Run WinRAR</rt></ruby>” 来启动它。
![Run WinRAR][11]
@ -140,13 +136,13 @@ $ flatpak --user -y install io.github.WineZGUI_0_4_20220608.flatpak
### 总结
WineZGUI 是俱乐部的新人。 如果你正在寻找一种在 Linux 桌面上使用 Wine 运行 Windows 应用和游戏的更简单方法WineZGUI 可能是一个不错的选择。
WineZGUI 是俱乐部的新人。如果你正在寻找一种在 Linux 桌面上使用 Wine 运行 Windows 应用和游戏的更简单方法WineZGUI 可能是一个不错的选择。
在 WineZGUI 的帮助下,用户可以选择在与 `.exe` 相同的文件夹中创建一个 wine 前缀,并创建一个相对链接的 `.desktop` 条目来自动执行此操作。
在 WineZGUI 的帮助下,用户可以选择在与 EXE 相同的文件夹中创建一个 Wine 前缀,并创建一个相对链接的 `.desktop` 条目来自动执行此操作。
原因是使用 wine 前缀备份和删除游戏更容易,并且让它生成一个 `.desktop` 将使其能够适应移动和转移。
原因是使用 Wine 前缀备份和删除游戏更容易,并且让它生成一个 `.desktop` 将使其能够适应移动和转移。
一个很酷的场景是使用应用进行设置,然后将 wine 前缀分享给你的朋友和其他人,他们只需要一个具有所有依赖性和保存的工作 wine 前缀。
一个很酷的场景是使用该应用进行设置,然后将 Wine 前缀分享给你的朋友和其他人,他们只需要一个具有所有依赖性和保存的工作 Wine 前缀。
请试一试它,在下面的评论区告诉我们你对这个项目的看法。
@ -161,7 +157,7 @@ via: https://ostechnix.com/winezgui-run-windows-apps-and-games-on-linux/
作者:[sk][a]
选题:[lkxed][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

87
sources/news/20220617 Ubuntu Runs on a Google Nest Hub, Wait, What-.md
View File

@ -1,87 +0,0 @@
[#]: subject: "Ubuntu Runs on a Google Nest Hub, Wait, What?"
[#]: via: "https://news.itsfoss.com/ubuntu-google-nest/"
[#]: author: "Ankush Das https://news.itsfoss.com/author/ankush/"
[#]: collector: "lkxed"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Ubuntu Runs on a Google Nest Hub, Wait, What?
======
A hacker successfully managed to run Ubuntu on a Google Nest Hub (2nd Gen), say, what now?
![ubuntu google][1]
I just spotted a story about Ubuntu running on a Google Nest Hub (2nd Gen).
Well, that is certainly exciting!
So, let me share more about it here.
### Hacking Google Nest Hub to Install Ubuntu
Yes, a hacking attempt made this possible.
A cybersecurity professional, **Frédéric Basse**, broke the secure boot on Google Nest Hub (2nd gen) and managed to run Ubuntu.
Of course, Google Nest Hub does not officially support booting a custom OS. But, a security vulnerability allowed Fred to use an exploit and run Ubuntu.
While this is fun, it is also a severe problem for an always-connected smart home display by Google.
As explained in his [blog post][2], the hacker utilized a Raspberry Pi Pico microcontroller to exploit a USB bug in the bootloader to break the secure boot chain.
The security expert concluded:
> As a result, an attacker can execute arbitrary code at early boot stage (before kernel execution) by plugging a malicious USB device and pressing two buttons
He has also made the bootloader exploit available on [GitHub][3], if you want to experiment (suited for security researchers).
### Making Ubuntu Work on Google Nest
![][4]
The exploit allowed the attacker to boot an unsigned OS. However, he had to make some modifications with the preinstalled Ubuntu image tailored for Raspberry Pi (64-bit ARM).
Heres what he mentions about it:
> We build a custom U-Boot bootloader with secure boot disabled and boot flow altered to load environment from USB flash drive. We also build a custom Linux kernel for elaine with [additionnal d][5]r[ivers like USB mouse][6]. The initial ramdisk (initrd) from Ubuntu is repacked to integrate firmware binaries required for the touchscreen. The boot image is created based on the custom Linux kernel and modified initrd.
So, it is evident that you will not get a full-fledged Ubuntu experience, but thanks to the exploit, we now know that Ubuntu can run on a Google Nest as an experiment if youre willing to break your Google Nest for the test (dont do that, really!).
### Smart Home Security Concern + Linux
The cybersecurity expert mentions that the vulnerability has been fixed upstream (twice).
But, the lack of CVE may have influenced the fix not propagating downstream, as the researcher suggests.
Undoubtedly, seeing Linux running on an unsupported device is awesome. Makes me wonder if we should have someone make **commercial smart home devices powered by Linux?**
*Is there something like that already available?*
Nevertheless, it is equally concerning for smart home devices to be vulnerable to easy attacks.
What do you think? Share your thoughts in the comments down below.
**Via**: [Liliputing][7]
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/ubuntu-google-nest/
作者:[Ankush Das][a]
选题:[lkxed][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lkxed
[1]: https://news.itsfoss.com/wp-content/uploads/2022/06/hacker-installs-ubuntu-on-google-nest-hub.jpg
[2]: https://fredericb.info/2022/06/breaking-secure-boot-on-google-nest-hub-2nd-gen-to-run-ubuntu.html
[3]: https://github.com/frederic/chipicopwn
[4]: https://news.itsfoss.com/wp-content/uploads/2022/06/ubuntu-google-nest.jpg
[5]: https://github.com/frederic/elaine-linux/commit/11068237d9178e77d79e3a5d27fc4f8f9b923c51
[6]: https://github.com/frederic/elaine-linux/commit/11068237d9178e77d79e3a5d27fc4f8f9b923c51
[7]: https://liliputing.com/2022/06/hacker-installs-ubuntu-on-a-google-nest-hub-2nd-gen-smart-display.html

84
sources/news/20220622 Rocket.Chat Aims to Replace Skype for Business by Collaborating with Pexip.md Normal file
View File

@ -0,0 +1,84 @@
[#]: subject: "Rocket.Chat Aims to Replace Skype for Business by Collaborating with Pexip"
[#]: via: "https://news.itsfoss.com/rocket-chat-pexip/"
[#]: author: "Ankush Das https://news.itsfoss.com/author/ankush/"
[#]: collector: "lkxed"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Rocket.Chat Aims to Replace Skype for Business by Collaborating with Pexip
======
Rocket.Chat is collaborating with a video communication platform, Pexip to offer an alternative to Skype for Business and Microsoft Teams.
![rocket chat pixep][1]
Rocket.Chat is making headlines this year, and for all the good reasons.
To start with, they collaborated with [Nextcloud to offer an open-source Microsoft 365 alternative][2], then [joined forces with Matrix][3], and now they have announced another partnership to tackle the likes of “Skype for Business” and Microsoft Teams.
So, what is it about? Let us get to know more here.
### Rocket.Chat + Pexip to Integrate Chat and Video Conferencing Platforms
Rocket.Chat is one of the [best open-source Slack alternatives][4] out there. It is probably going to be one of the [best Matrix clients][5] as well. It most likely does not need an introduction for users who prefer using open-source solutions.
[Pexip][6], on the other hand, is not an open-source platform that provides a video communication solution. You can self-host the service along with enterprise and cloud services.
Pexip is a good contender when it comes to video communication solutions for healthcare, government, or any security-conscious organizations. Companies like Accenture, and Intel, rely on some of their services.
Hence, Rocket.Chat and Pexip decided to integrate their strengths to offer a solid offering for organizations that require high-level security.
**Gabriel Engel**, CEO, and co-founder of Rocket.Chat, mentioned the following:
> “Theres an immediate need in the market for an on-premise digital collaboration solution thatenables fully compliant and secure chat and video communications. Rocket.Chat and Pexip havecome together with a complete solution and a strong commitment for the long-term success ofour customers,”
While they target every type of organizations with the partnership, but the public sector and government organizations are one of the top priorities.
**John Thorneycroft**, Senior VicePresident, Business Management at Pexip said:
> Our public sector and government customers are especially mindful of data privacy andsecurity when selecting a communications solution. The combination of Pexips on-premisevideo communication platform and Rocket.Chats secure chat functionality provides thesecustomers with the control and compliance they require.
### Replacing Skype for Business and Teams
Microsoft retired Skype for Business on July 31, 2021. And, its online infrastructure will be decommissioned after June 30, 2022.
And, Rocket.Chats partnership with Pexip focuses on being a replacement for those organizations that are looking to switch to a better solution considering privacy and security.
Not just Skype for Business, but it can also be a potential substitute for organizations using Microsoft Teams. Mostly because of the security features of Rocket.Chat and Pexip including:
* End-to-End encryption chat.
* Secure file sharing.
* Transcoding, secure/flexible access on any device.
* Role-based permissions.
* Data loss prevention.
* Audit trails.
* Active Directory/single sing-on.
* On-premise deployment.
* Compliance with privacy regulations.
Not to forget, Rocket.Chat also enables cross-platform communication using its bridges and helps you interact with users from Microsoft Teams, Slack, and Matrix clients.
Are you an organization that is looking to use a secure collaboration platform? I think Rocket.Chat and Pexips integration solution should be a great alternative, considering the competition does not offer the same features.
Share your thoughts in the comments down below.
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/rocket-chat-pexip/
作者:[Ankush Das][a]
选题:[lkxed][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lkxed
[1]: https://news.itsfoss.com/wp-content/uploads/2022/06/rocketchat-pixep-collabortation.jpg
[2]: https://news.itsfoss.com/rocket-chat-nextcloud-collaboration/
[3]: https://news.itsfoss.com/rocket-chat-matrix/
[4]: https://itsfoss.com/open-source-slack-alternative/
[5]: https://itsfoss.com/best-matrix-clients/
[6]: https://www.pexip.com/

90
sources/talk/20211203 Should Businesses Opt for Serverless Computing-.md
View File

@ -1,90 +0,0 @@
[#]: subject: "Should Businesses Opt for Serverless Computing?"
[#]: via: "https://www.opensourceforu.com/2021/12/should-businesses-opt-for-serverless-computing/"
[#]: author: "Krishna Mohan Koyya https://www.opensourceforu.com/author/krishna-mohan-koyya/"
[#]: collector: "lkxed"
[#]: translator: "lkxed"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Should Businesses Opt for Serverless Computing?
======
Serverless computing removes the server from the equation and enables businesses to give undivided attention to the application functionality. Does that make serverless computing the automatic choice? Lets find out.
![Severless-Cloud-Computing-Featured-image-OSFY-Oct-2021][1]
Until recently, almost every product manager organised his or her engineering resources into two separate teams — the development team and the operations team. The development team is usually involved in coding, testing and building the application functionality, whereas the operations team takes the responsibility of delivery, deployment, and operational maintenance of the application.
When a development team builds an e-commerce application, the operations team sets up the server to host that application. Setting up a server involves several aspects, which include:
* Choosing the appropriate hardware and operating system
* Applying the required set of patches
* Installing applicable server environments like JDK, Python, Tomcat, NodeJS, etc
* Deploying, configuring, and provisioning the actual application
* Opening and securing appropriate ports
* Setting up required database engines
… and the list just goes on.
Besides this, managers also break their heads on capacity planning. After all, any non-trivial application is expected to be 100 per cent available, reliable and scalable all the time. This requires optimal investment in the hardware. As we all know, shortage of hardware at crucial periods results in business loss, and on the other hand, redundant hardware hurts the bottomline. Capacity planning is crucial, irrespective of whether the application is targeted for the on-premises data centre or for cloud infrastructure.
By now, it is clear that businesses spend a lot of time not only in building the functionality but also in delivering it.
Serverless computing aims at offering a seamless way to deliver the functionality without worrying about the server setup and maintenance. In other words, a serverless computing platform offers a ready-to-use environment in such a way that the businesses build and deploy the applications as a set of smaller functions as quickly as possible. That is why this approach is referred to as Function as a Service (FaaS).
Remember that there is still a server in serverless computing, but it is taken care of by the FaaS vendors like AWS, Microsoft, and Google.
For example, AWS offers a serverless computing environment in the name of Lambda functions. Developers can choose to build the applications as a set of Lambda functions that can be written in NodeJS, Java, Python, and a few other languages. AWS offers a ready-to-use environment to deploy these functions. It also offers ready-to-use database servers, file servers, application gateways, authentication servers, etc.
Similarly, Microsoft Azure offers an environment to build and deploy Azure functions in languages like C#.
### Why serverless?
There are two main factors driving the popularity of serverless computing.
#### Ready-to-use environment
Obviously, this is the topmost selling point in favour of serverless computing. Businesses need not procure/book hardware or instances in advance, or worry about licences and setting up and provisioning the server. And they need not bother about scaling up and down. All of this is taken care of by the FaaS vendor.
Optimal cost: Since FaaS vendors always charge the clients based on the utilisation of the environment (pay as you use model), businesses need not worry about upfront costs and wastage of resources. For example, AWS charges the clients based on the number of requests a Lambda function receives, number of queries run on a table, etc.
### Challenges with serverless computing
Like with any other approach, serverless computing is also not the perfect approach that everyone can blindly follow. It has its own set of limitations. Here are a few of them.
#### Vendor locking
The first and most important problem associated with serverless computing is that functions like Lambda or Azure are to be written using vendor-supplied APIs. For example, the functions that are written using an AWS Lambda API cannot be deployed into Google Cloud and vice versa. Hence, serverless computing forces businesses to commit to a vendor, for years. The success or failure of the application depends not only on the functionality but also on the ability of the vendor with respect to performance, etc.
#### Programming language
No serverless computing platform supports all the possible programming languages. Moreover, it may not support all the versions of a given programming language. The application development teams are constrained to choose only the languages that are offered. This may turn out to be very crucial in terms of the capabilities of the team.
#### Optimal cost, really?
It all depends on the usage of the resources. If your application is attracting a huge load, like millions of requests per second, the bill that you foot might be exorbitant. At such a scale, having your own server on-premises or on the cloud might work cheaper. It doesnt mean that applications with Web-scale are not suitable for serverless computing. It all boils down to the way you architect around the platform and the deal you sign with the vendor.
#### Ecosystem
No application is written for an isolated environment. It requires other components like data stores, databases, security engines, gateways, messaging servers, queues, cache, etc. Every platform offers its own set of such tools. For instance, AWS offers Dynamo DB as one of the NoSQL solutions. Obviously, other vendors offer their own NoSQL solutions. The teams are thus forced to architect the applications based on the chosen platform. Though most of the commercial FaaS vendors offer one or another component for a particular requirement, not every component may be best-in-class.
### What about containers?
Many of us migrated to containerised deployment models in the last decade, since they offer a lightweight alternative to the costly machines, physical or virtual. With orchestration tools like Kubernetes, we love to deploy containerised applications and meet Web-scale requirements. Containers offer a certain degree of isolation from the underlying environment, which makes deployment relatively easy. However, we still need investments in hardware (on-premises or cloud), licences, networking, provisioning, etc, which demands forward planning, applicable technical skills, and careful monitoring. Serverless computing frees us even from these responsibilities, albeit with its own set of pros and cons.
### Road ahead
We are in the days of continuous development, continuous integration, and continuous deployment. Every business is facing competition. Time to market (TTM) plays a significant role in gaining and retaining customers. In this backdrop, businesses love to spend more time churning out the functionality as quickly as possible rather than struggling with the nitty-gritty of deployment and maintenance. Serverless computing has the potential to meet these demands. Big players are committing huge investments to make FaaS as seamless and as affordable as possible. The future looks bright for serverless computing.
--------------------------------------------------------------------------------
via: https://www.opensourceforu.com/2021/12/should-businesses-opt-for-serverless-computing/
作者:[Krishna Mohan Koyya][a]
选题:[lkxed][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.opensourceforu.com/author/krishna-mohan-koyya/
[b]: https://github.com/lkxed
[1]: https://www.opensourceforu.com/wp-content/uploads/2021/10/Severless-Cloud-Computing-Featured-image-OSFY-Oct-2021.jpg

137
sources/tech/20210122 Configure a Linux workspace remotely from the command line.md
View File

@ -1,137 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (Donke-Hao)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Configure a Linux workspace remotely from the command line)
[#]: via: (https://opensource.com/article/21/1/remote-configuration-xfce4)
[#]: author: (David Both https://opensource.com/users/dboth)
Configure a Linux workspace remotely from the command line
======
Nearly everything can be done from the Linux command line, including
remote configuration of Xfce4.
![Coding on a computer][1]
One of the things I appreciate about Linux versus proprietary operating systems is that almost everything can be managed and configured from the command line. That means that nearly everything can be configured locally or even remotely via an SSH login connection. Sometimes it takes a bit of time spent on Internet searches, but if you can think of a task, it can probably be done from the command line.
### The problem
Sometimes it is necessary to make remote modifications to a desktop using the command line. In this particular case, I needed to reduce the number of workspaces on the [Xfce][2] panel from four to three at the request of a remote user. This configuration only required about 20 minutes of searching on the Internet.
The default workspace count and many other settings for **xfwm4** can be found and changed in the **/usr/share/xfwm4/defaults** file. So setting _workspace_count=4_ to _workspace_count=2_ changes the default for all users on the host. Also, the **xfconf-query** command can be run by non-root users to query and set various attributes for the **xfwm4** window manager. It should be used by the user account that requires the change and not by root.
In the sample below, I have first verified the current setting of _four_ workspaces, then set the number to _two_, and finally confirmed the new setting.
```
[user@test1 ~]# xfconf-query -c xfwm4 -p /general/workspace_count
4
[user@test1 ~]# xfconf-query -c xfwm4 -p /general/workspace_count -s 2
[user@test1 ~]# xfconf-query -c xfwm4 -p /general/workspace_count
2
[user@test1 ~]#
```
This change takes place immediately and is visible to the user without a reboot or even logging out and back in. I had a bit of fun with this on my workstation by watching the workspace switcher change as I entered commands to set different numbers of workspaces. I get my amusements where I can these days. ;-)
### More exploration
Now that I fixed the problem, I decided to explore the **xfconf-query** command in a bit more detail. Unfortunately, there are no man or info pages for this tool, nor is there any documentation in **/usr/share**. The usual fallback of using the **-h** option resulted in little helpful information.
```
$ xfconf-query -h
 Usage:
   xfconf-query [OPTION…] - Xfconf commandline utility
 Help Options:
   -h, --help            Show help options
 Application Options:
   -V, --version         Version information
   -c, --channel         The channel to query/modify
   -p, --property        The property to query/modify
   -s, --set             The new value to set for the property
   -l, --list            List properties (or channels if -c is not specified)
   -v, --verbose         Verbose output
   -n, --create          Create a new property if it does not already exist
   -t, --type            Specify the property value type
   -r, --reset           Reset property
   -R, --recursive       Recursive (use with -r)
   -a, --force-array     Force array even if only one element
   -T, --toggle          Invert an existing boolean property
   -m, --monitor         Monitor a channel for property changes
```
This is not a lot of help, but we can figure out a good bit from it anyway. First, _channels_ are groupings of properties that can be modified. I made the change above to the **general** channel, and the property is **workspace_count**. Lets look at the complete list of channels.
```
$ xfconf-query -l
Channels:
  xfwm4
  xfce4-keyboard-shortcuts
  xfce4-notifyd
  xsettings
  xfdashboard
  thunar
  parole
  xfce4-panel
  xfce4-appfinder
  xfce4-settings-editor
  xfce4-power-manager
  xfce4-session
  keyboards
  displays
  keyboard-layout
  ristretto
  xfcethemer
  xfce4-desktop
  pointers
  xfce4-settings-manager
  xfce4-mixer
```
The properties for a given channel can also be viewed using the following syntax. I have used the **less** pager because the result is a long stream of data. I have pruned the listing below but left enough to see the type of entries you can expect to find.
```
$ xfconf-query -c xfwm4 -l | less
/general/activate_action
/general/borderless_maximize
/general/box_move
/general/box_resize
/general/button_layout
/general/button_offset
&lt;SNIP&gt;
/general/workspace_count
/general/workspace_names
/general/wrap_cycle
/general/wrap_layout
/general/wrap_resistance
/general/wrap_windows
/general/wrap_workspaces
/general/zoom_desktop
(END)
```
You can explore all the channels in this manner. I discovered that the channels generally correspond to the various settings in the **Settings Manager**. The properties are the ones that you would set in those dialogs. Note that not all the icons you will find in the **Settings Manager** dialog window are part of the **Xfce** desktop, so there are no corresponding channels for them. The **Screensaver** is one example because it is a generic GNU screensaver and not unique to **Xfce**. The **Settings Manager** is just a good central place for **Xfce** to locate many of these configuration tools.
### Documentation
As mentioned previously, there do not appear to be any man or info pages for the **xconf-query** command, and I found a lot of incorrect and poorly documented information on the Internet. The best documentation I found for **Xfce4** is on the [Xfce website][2], and some specific information on **xconf-query** can be found here.
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/1/remote-configuration-xfce4
作者:[David Both][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/dboth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/code_computer_laptop_hack_work.png?itok=aSpcWkcl (Coding on a computer)
[2]: https://www.xfce.org/

255
sources/tech/20220622 A site reliability engineer-s guide to change management.md Normal file
View File

@ -0,0 +1,255 @@
[#]: subject: "A site reliability engineer's guide to change management"
[#]: via: "https://opensource.com/article/22/6/change-management-site-reliability-engineers"
[#]: author: "Robert Kimani https://opensource.com/users/robert-charles"
[#]: collector: "lkxed"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
A site reliability engineer's guide to change management
======
The three core tenets of effective change management for SREs are progressive rollouts, monitoring, and safe and fast rollbacks.
![change button with arrow clicking][1]
Image by: Opensource.com
In my [previous article][2], I wrote about incident management (IM), an important component of site reliability engineering. In this article, I focus on change management (CM). Why is there a need to manage change? Why not simply just have a free-for-all where anyone can make a change at any time?
There are three tenets of effective CM. This gives you a forecast framework for your CM strategy:
* Rolling out changes progressively: There's a difference between progressive rollouts in which you deploy changes in stages, and doing it all at once. You get to find out that even though progressive change may look good on paper,there are pitfalls to avoid.
* Detecting problems with changes: Monitoring is extremely critical for your CM to work. I discuss and look at examples of how to setup effective monitoring to ensure that you can detect problems and make changes as quickly as possible.
* Rollback procedures: How can you effectively rollback when things go wrong?
### Why manage change?
It's estimated that 75% of production outages are due to changes. Scheduled and approved changes that we all perform. This number is staggering and only requires you to get on top of CM to ensure that everything is in order before the change is attempted. The primary reason for these staggering numbers is that there are inherent problems with changes.
Infrastructure and platforms are rapidly evolving. Not so long ago, infrastructure was not as complex, and it was easy to manage. For example an organization could have a few servers, where they ran an application server, web-servers, and database servers. But lately the infrastructure and platform are as complex as ever.
It is impossible to analyze every interconnection and dependency after the fact caused by the numerous sub-systems involved. For instance an application owner may not even know a dependency of an external service until it actually breaks. Even if the application team is aware of the dependency, they may not know all of the intricacies and all the different ways the remote service will respond due to their change.
You cannot possibly test for unknown scenarios. This goes back to the complexity of the current infrastructure and platforms. It will be cost prohibitive in terms of the time you spend to test each and every scenario before you actually apply a change. Whenever you make a change in your existing production environment, whether it's a configuration change or a code change, the truth is that, you are at high risk of creating an outage. So how do we handle this problem? Let's take a peek at the three tenets of an effective CM system.
### 3 tenets of an effective change management system for SREs
Automation is the foundational aspect of effective CM. Automation flows across the entire process of CM. This involves a few things:
* Progressive rollouts: Instead of doing one big change, the progressive rollouts mechanism allows you to implement change in stages, thereby reducing the impact to the user-base if something goes wrong. This attribute is critical especially if your user-base is large, for instance web-scale companies.
* Monitoring: You need to quickly and accurately detect any issue with changes. Your monitoring system should be able to reveal the current state of your application and service without any considerable lag in time.
* Safe rollback: The CM system should rollback quickly and safely when needed. Do not attempt any change in your environment without having a bulletproof rollback plan.
#### Role of automation
Many of you are aware of the concept of automation, however a lot of organizations lack automation. To increase the velocity of releases, which is an important part of running an Agile organization, manual operations must be eliminated. This can be accomplished by using Continuous Integration and Continuous Delivery but it is only effective when most of the operations are fully automated. This naturally eliminates human errors due to fatigue and carelessness. By virtue, auto-scaling which is an important function of cloud-based applications requires no manual intervention. This process needs to be completely automated.
### Progressive rollouts for SREs: deploying changes progressively
Changes to configuration files and binaries have serious consequences, in other words when you make a change to an existing production system, you are at serious risk of impacting the end-user experience.
For this reason, when you deploy changes progressively instead of all at once you can reduce the impact when things go wrong. If we need to roll back, the effort is generally smaller when the changes are done in a progressive manner. The idea here is, that you would start your change with a smaller set of clients. If you find an issue with the change, you can rollback the change immediately because the size of the impact is small at that point.
There is an exception to the progressive rollout, you can rollout the change globally all at once if it is an emergency fix and it is warranted to do so.
#### Pitfalls to progressive rollouts
Rollout and rollback can get complex because you are dealing with multiple stages of a release. Lack of required traffic can undermine the effectiveness of a release. Especially if in the initial stages you are targeting a smaller set of clients in your rollout. The danger is that, you may prematurely sign off on a release based on a smaller set of clients. It also releases a pipline where you run one script with multiple stages
Releases can get much longer compared to one single (big) change. In a truly web-scale application that is scattered across the globe, a change can take several days to fully rollout, which can be a problem in some instances.
Documentation is important. Especially when a stage takes a long time and it requires multiple teams to be involved to manage the change. Everything must be documented in detail in case a rollback or a roll forward is warranted.
Due to these pitfalls, it is advised that you take a deeper look into your organization change rollout strategy. While progressive rollout is efficient and recommended, if your application is small enough and does not require frequent changes, a change all at once is the way to go. By doing it all at once, you have a clean way to rollback if there is a need to do so.
#### High level overview of progressive rollout
Once the code is committed and merged, we start a "Canary release," where canaries are the test subjects. Keep in mind that they are not a replacement for complete automated testing. The name "canary" comes from the early days of mining, when a canary bird was used to detect whether a mine contained poisonous gas before humans entering.
After the test, a small set of clients are used to rollout our changes and see how things go. Once the "canaries" are signed off, go to the next stage, which is the "Early Adaptors release." This is a slightly bigger set of clients you use to do the rollout. Finally, if the "Early Adaptors" are signed off, move to the biggest pack of the bunch: "All users."
![high level overview of a progressive rollout][3]
Image by: (Robert Kimani, CC BY-SA 4.0)
"Blast radius" refers to the size of the impact if something goes wrong. It is the smallest when we do the canary rollout and actually the biggest when we rollout to all users.
#### Options for progressive rollouts
A progressive rollout is either dependent on an application or an organization. For global applications, a geography-based method is an option. For instance you can choose to release to the Americas first, followed by Europe and regions of Asia. When your rollout is dependent on departments within an organization, you can use the classic progressive rollout model, used by many web-scale companies. For instance, you could start off with "Canaries", HR, Marketing, and then customers.
It's common to choose internal departments as the first clients for progressive rollouts, and then gradually move on to the external users.
You can also choose a size-based progressive rollout. Suppose you have one-thousand servers running your application. You could start off with 10% in the beginning, then pump up the rollout to 25%, 50%, 75%, and finally 100%. In this way, you can only affect a smaller set of servers as you advance through your progressive rollout.
There are periods where an application must run 2 different versions simultaneously. This is something you cannot avoid in progressive rollout situations.
#### Binary and configuration packages
There are three major components of a system: binary: (software), data (for instance, a database), and configuration (the parameters that govern the behavior of an application).
It's considered best practice to keep binary and configuration files separate from one another. You want to use version controlled configuration. Your configurations must be "hermetic." At any given time, when the configuration is derived by the application, it's the same regardless of when and where the configurations are derived. This is achieved by treating configuration as code.
### Monitoring for SREs
Monitoring is a foundation capability of an SRE organization. You need to know if something is wrong with your application that affects the end-user experience. In addition, your monitoring should help you identify the root cause.
The primary functions of monitoring are:
* Provides visibility into service health.
* Allows you to create alerts based on a custom threshold.
* Analyzes trends and plan capacity.
* Provides detailed insight into various subsystems that make up your application or service.
* Provides Code-level metrics to understand behavior.
* Makes use of visualization and reports.
#### Data Sources for Monitoring
You can monitor several aspects of your environment. These include:
* Raw logs: Generally unstructured generated from your application or a server or network devices.
* Structured event logs: Easy to consume information. For example Windows Event Viewer logs.
* Metrics: A numeric measurement of a component.
* Distributed tracing: Trace events are generally either created automatically by frameworks, such as open telemetry, or manually using your own code.
* Event introspection: Helps to examine properties at runtime at a detailed level.
When choosing a monitoring tool for your SRE organization, you must consider what's most important.
#### Speed
How fast can you retrieve and send data into the monitoring system?
* How fresh the data should be? The fresher the data, the better. You don't want to be looking at data that's 2 hours old. You want the data to be as real-time as possible.
* Ingesting data and alerting of real-time data can be expensive. You may have to invest in a platform like Splunk or InfluxDB or ElasticSearch to fully implement this.
* Consider your service level objective (SLO) to determine how fast the monitoring system should be. For instance, if your SLO is 2 hours, you do not have to invest in systems that process machine data in real-time.
* Querying vast amounts of data can be inefficient. You may have to invest in enterprise platforms if you need very fast retrieval of data.
#### Resolution check
What is the granularity of the monitoring data?
* Do you really need to record data every second? The recommended way is to use aggregation wherever possible.
* Use sampling if it makes sense for your data.
* Metrics are suited for high-resolution monitoring instead of raw log files.
#### Alerting
What alert capabilities can the monitoring tool provide?
Ensure the monitoring system can be integrated with other event processing tools or third party tools. For instance, can your monitoring system page someone in case of emergency? Can your monitoring system integrate with a ticketing system?
You should also classify the alerts with different severity levels. You may want to choose a severity level of three for a slow application versus a severity level of one for an application that is not available. Make sure the alerts can be easily suppressed to avoid alert flooding. Email or page flooding can be very distracting to the On-Call experience. There must be an efficient way to suppress the alerts.
#### User interface check
How versatile is it?
* Does your monitoring tool provide feature-rich visualization tools?
* Can it show time series data as well as custom charts effectively?
* Can it be easily shared? This is important because you may want to share what you found not only with other team members but you may have to share certain information with leadership.
* Can it be managed using code? You don't want to be a full-time monitoring administrator. You need to be able to manage your monitoring system through code.
#### Metrics
Metrics may not be efficient in identifying the root cause of a problem. It can tell what's going on in the system, but it can't tell you why it's happening. They are suitable for low-cardinality data, when you do not have millions of unique values in your data.
* Numerical measurement of a property.
* A counter accompanied by attributes.
* Efficient to ingest.
* Efficient to query.
* It may not be efficient in identifying the root cause. Metrics can tell what's going on in the system but it won't be able to tell you why that's happening.
* Suitable for low-cardinality data When you do not have millions of unique values in your data.
#### Logs
Raw text data is usually arbitrary text filled with debug data. Parsing is generally required to get at the data. Data retrieval and recall is slower than using metrics. Raw text data is useful to determine the root causes of many problems and there are no strict requirements in terms of the cardinaltiy of data.
* Arbitrary text, usually filled with debug data.
* Generally parsing is required.
* Generally slower than metrics, both to ingest and to retrieve.
* Most of the times you will need raw logs to determine the root cause.
* No strict requirements in-terms of cardinality of data.
You should use metrics because they can be assimilated, indexed and retrieved at a fast pace compared to logs. Analyzing with metrics and logs are fast, so you can give an alert fast. In contrast, logs are actually required for root cause analysis (RCA).
#### 4 signals to monitor
There's a lot you can monitor, and at some point you have to decide what's important.
* Latency: What are the end-users experiencing when it comes to responsiveness from your application.
* Errors: This can be both Hard errors such as an HTTP:500 internal server error or Soft errors, which could refer to a functionality error. It could also mean a slow response time of a particular component within your application.
* Traffic: Refers to the total number of requests coming in.
* Saturation: Generally occurs in a component or a resource when it cannot handle the load anymore.
#### Monitoring resources
Data has to be derived from somewhere. Here are common resources used in building a monitoring system:
* CPU: In some cases CPU utilization can indicate an underlying problem.
* Memory: Application and System memory. Application memory could be the Java heap size in a Java application.
* Disk I/O: Many applications are heavy I/O dependent, so it's important to monitor disk performance.
* Disk volume: Monitors the sizes of all your file-systems.
* Network bandwidth: It's critical to monitor the network bandwidth utilized by your application. This can provide insight into eliminating performance bottlenecks.
#### 3 best practices for monitoring for SREs
Above all else, remember the three best practices for an effective monitoring system in your SRE organization:
1. Configuration as code: Makes it easy to deploy monitoring to new environments.
2. Unified dashboards: Converge to a unified pattern that enables reuse of the dashboards.
3. Consistency: Whatever monitoring tool you use, the components that you create within the monitoring tool should follow a consistent naming convention.
### Rolling back changes
To minimize user impact when change did not go as expected, you should buy time to fix bugs. With fine-grained rollback, you are able to rollback only a portion of your change that was impacted, thus minimizing overall user impact.
If things don't go well during your "canary" release, you may want to roll back your changes. When combined with progressive rollouts, it's possible to completely eliminate user impact when you have a solid rollback mechanism in place.
Rollback fast and rollback often. Your rollback process will become bulletproof over time!
#### Mechanics of rollback
Automation is key. You need to have scripts and processes in place before you attempt a rollback. One of the ways application developers rollback a change is to simply toggle flags as part of the configuration. A new feature in your application can be turned on and off based on simply switching a flag.
The entire rollback could be a configuration file release. In general, a rollback of the entire release is more preferred than a partial rollback. Use a package management system with version numbers and labels that are clearly documented.
A rollback is still a change, technically speaking. You have already made a change and you are reverting it back. Most cases entail a scenario that was not tested before so you have to be cautious when it comes to rollbacks.
#### Roll forward
With roll forward, instead of rolling back your changes, you release a quick fix "Hot Fix," an upgraded software that includes the fixes. Rolling forward may not always be possible. You might have to run the system in degraded status until an upgrade is available so the "roll forward is fully complete." In some cases, rolling forward may be safer than a rollback, especially when the change involves multiple sub-systems.
### Change is good
Automation is key. Your builds, tests, and releases should all be automated.
Use "canaries" for catching issues early, but remember that "canaries" are not a replacement for automated testing.
Monitoring should be designed to meet your service level objectives. Choose your monitoring tools carefully. You may have to deploy more than one monitoring system.
Finally, there are three tenets of an effective CM system:
1. Progressive rollout: Strive to do your changes in a progressive manner.
2. Monitoring: A foundational capability for your SRE teams.
3. Safe and fast rollbacks: Do this with processes and automation in place which increase confidence in your SRE organization functionality.
In the next article, the third part of this series, I will cover some important technical topics when it comes to SRE best practices. These topics will include the Circuit Breaker Pattern, self healing systems, distributed consensus, effective load balancing, autoscaling, and effective health check.
--------------------------------------------------------------------------------
via: https://opensource.com/article/22/6/change-management-site-reliability-engineers
作者:[Robert Kimani][a]
选题:[lkxed][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/robert-charles
[b]: https://github.com/lkxed
[1]: https://opensource.com/sites/default/files/lead-images/Open%20Health.jpg
[2]: https://opensource.com/article/22/6/introduction-site-reliability-engineering
[3]: https://opensource.com/sites/default/files/2022-05/effetiverollout1.png
[4]: https://enterprisersproject.com/article/2021/3/7-top-site-reliability-engineer-sre-job-interview-questions

143
sources/tech/20220622 Manage your Rust toolchain using rustup.md Normal file
View File

@ -0,0 +1,143 @@
[#]: subject: "Manage your Rust toolchain using rustup"
[#]: via: "https://opensource.com/article/22/6/rust-toolchain-rustup"
[#]: author: "Gaurav Kamathe https://opensource.com/users/gkamathe"
[#]: collector: "lkxed"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Manage your Rust toolchain using rustup
======
Rustup can be used to install Rust and keep it updated. It also allows you to seamlessly switch between the stable, beta, and nightly Rust compilers and tooling.
![Tools illustration][1]
Image by: Opensource.com
The [Rust programming language][2] is becoming increasingly popular these days, used and loved by hobbyists and corporations alike. One of the reasons for its popularity is the amazing tooling that Rust provides making it a joy to use for developers. [Rustup][3] is the official tool used to manage Rust tooling. Not only can it be used to install Rust and keep it updated, it also allows you to seamlessly switch between the stable, beta, and nightly Rust compilers and tooling. This article will introduce you to rustup and some common commands to use.
### Default Rust installation method
If you want to install Rust on Linux, you can use your package manager. On Fedora or CentOS Stream you can use this, for example:
```
$ sudo dnf install rust cargo
```
This provides a stable version of the Rust toolchain, and works great if you are a beginner to Rust and want to try compiling and running simple programs. However, because Rust is a new programming language it changes fast and a lot of new features are frequently added. These features are part of the nightly and later beta version of the Rust toolchain. To try out these features you need to install these newer versions of the toolchain, without affecting the stable version on the system. Unfortunately, your distros package manager cant help you here.
### Installing Rust toolchain using rustup
To get around the above issues, you can download an install script:
```
$ curl --proto '=https' --tlsv1.2 \
-sSf https://sh.rustup.rs > sh.rustup.rs
```
Inspect it, and then run it. It doesnt require root privileges and installs Rust accordingly to your local user privileges:
```
$ file sh.rustup.rs
sh.rustup.rs: POSIX shell script, ASCII text executable
$ less sh.rustup.rs
$ bash sh.rustup.rs
```
Select option 1 when prompted:
```
1) Proceed with installation (default)
2) Customize installation
3) Cancel installation
> 1
```
After installation, you must source the environment variables to ensure that the `rustup` command is immediately available for you to use:
```
$ source $HOME/.cargo/env
```
Verify that the Rust compiler (rustc) and Rust package manager (cargo) are installed:
```
$ rustc --version
$ cargo --version
```
### See installed and active toolchains
You can view the different toolchains that were installed and which one is the active one using the following command:
```
$ rustup show
```
### Switch between toolchains
You can view the default toolchain and change it as required. If youre currently on a stable toolchain and wish to try out a newly introduced feature that is available in the nightly version you can easily switch to the nightly toolchain:
```
$ rustup default
$ rustup default nightly
```
To see the exact path of the compiler and package manager of Rust:
```
$ rustup which rustc
$ rustup which cargo
```
### Checking and Updating the toolchain
To check whether a new Rust toolchain is available:
```
$ rustup check
```
Suppose a new version of Rust is released with some interesting features, and you want to get the latest version of Rust. You can do that with the `update` subcommand:
```
$ rustup update
```
### Help and documentation
The above commands are more than sufficient for day-to-day use. Nonetheless, rustup has a variety of commands and you can refer to the help section for additional details:
```
$ rustup --help
```
Rustup has an entire [book][4] on GitHub that you can use as a reference. All the Rust documentation is installed on your local system, which does not require you to be connected to the Internet. You can access the local documentation which includes the book, standard library, and so on:
```
$ rustup doc
$ rustup doc --book
$ rustup doc --std
$ rustup doc --cargo
```
Rust is an exciting language under active development. If youre interested in where programming is headed, keep up with Rust!
--------------------------------------------------------------------------------
via: https://opensource.com/article/22/6/rust-toolchain-rustup
作者:[Gaurav Kamathe][a]
选题:[lkxed][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/gkamathe
[b]: https://github.com/lkxed
[1]: https://opensource.com/sites/default/files/lead-images/tools_hardware_purple.png
[2]: https://www.rust-lang.org/
[3]: https://github.com/rust-lang/rustup
[4]: https://rust-lang.github.io/rustup/

193
sources/tech/20220622 Using Linux System Roles to implement Clevis and Tang for automated LUKS volume unlocking.md Normal file
View File

@ -0,0 +1,193 @@
[#]: subject: "Using Linux System Roles to implement Clevis and Tang for automated LUKS volume unlocking"
[#]: via: "https://fedoramagazine.org/using-linux-system-roles-to-implement-clevis-and-tang-for-automated-luks-volume-unlocking/"
[#]: author: "Brian Smith https://fedoramagazine.org/author/briansmith/"
[#]: collector: "lkxed"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Using Linux System Roles to implement Clevis and Tang for automated LUKS volume unlocking
======
![][1]
Photo by [Mikhail Fesenko][2] on [Unsplash][3]
One of the key aspects of system security is encrypting storage at rest. Without encrypted storage, any time a storage device leaves your presence it can be at risk. The most obvious scenario where this can happen is if a storage device (either just the storage device or the entire system, server, or laptop) is lost or stolen.
However, there are other scenarios that are a concern as well: perhaps you have a storage device fail, and it is replaced under warranty — many times the vendor will ask you to return the original device. If the device was encrypted, it is much less of a concern to return it back to the hardware vendor.
Another concern is anytime your storage device is out of sight there is a risk that the data is copied or cloned off of the device without you even being aware. Again, if the device is encrypted, this is much less of a concern.
Fedora (and other Linux distributions) include the Linux Unified Key Setup (LUKS) functionality to support disk encryption. LUKS is easy to use, and is even integrated as an option in the Fedora Anaconda installer.
However there is one challenge that frequently prevents people from implementing LUKS on a large scale, especially for the root filesystem: every single time you reboot the host you generally have to manually access the console and type in the LUKS passphrase so the system can boot up.
If you are running Fedora on a single laptop, this might not be a problem, after all, you probably are sitting in front of your laptop any time you reboot it. However, if you have a large number of Fedora instances, this quickly becomes impractical to deal with.
![][4]
You might be managing Fedora systems that are at remote locations, and you might not even have good or reliable ways to access a console on them. In this case, rebooting the hosts could result in them not coming up until you or someone else travels to their location to type in the LUKS passphrase.
This article will cover how to implement a solution to enable automated LUKS volume unlocking (and the process to implement these features will be done using automation as well!)
### Overview of Clevis and Tang
Clevis and Tang are an innovative solution that can help with the challenge of having systems with encrypted storage boot up without manual user intervention on every boot. At a high level, Clevis, which is installed on the client systems, can enable LUKS volumes to be unlocked without user intervention as long as the client system has network access to a configurable number of Tang servers.
The basic premise is that the Tang server(s) are on an internal/private or otherwise secured network, and if the storage devices are lost, stolen, or otherwise removed from the environment, that they would no longer have network access to the Tang server(s), and thus no longer automatically unlock automatically at boot.
Tang is stateless and doesnt require authentication or even TLS, which means it is very lightweight and easy to configure, and can run from a container. In this article, Im only setting up a single Tang server, however it is also possible to have multiple Tang servers in an environment, and to configure the number Tang servers the Clevis clients must connect to in order to unlock the encrypted volume. For example, you could have three Tang servers, and require the Clevis clients to be able to connect to at least two of the three Tang servers.
For more information on how Tang and Clevis work, refer to the GitHub pages: [Clevis][5] and [Tang][6], or for an overview of the inner workings of Tang and Clevis, refer to the [Securing Automated Decryption New Cryptography and Techniques][7] FOSDEM talk.
### Overview of Linux System Roles
Linux System Roles is a set of Ansible Roles/Collections that can help automate the configuration and management of many aspects of Fedora, CentOS Stream, RHEL, and RHEL derivatives. Linux System Roles is packaged in Fedora as an RPM (*linux-system-roles*) and is also available on Ansible Galaxy (as both roles and as a collection). For more information on Linux System Roles, and to see a list of included roles, refer to the [Linux System Roles project page][8].
Included in the list of Linux System Roles are the *nbde_client*, *nbde_server*, and *firewall* roles that will be used in this article. The *nbde_client* and *nbde_server* roles are focused on automating the implementation of Clevis and Tang, respectively. The “nbde” in the role names stands for network bound disk encryption, which is another term to refer to using Clevis and Tang for automated unlocking of LUKS encrypted volumes. The *firewall* role can automate the implementation of firewall settings, and will be used to open a port in the firewall on the Tang server.
### Demo environment overview
In my environment, I have a Raspberry Pi, running Fedora 36 that I will install Linux System Roles on and use as my Ansible control node. In addition, Ill use this same Raspberry Pi as my Tang server. This device is configured with the *pi.example.com* hostname.
In addition, I have four other systems in my environment: two Fedora 36 systems, and two CentOS Stream 9 systems, named *fedora-server1.example.com*, *fedora-server2.example.com*, *c9s-server1.example.com*, and *c9s-server2.example.com*. Each of these four systems has a LUKS encrypted root filesystem and currently the LUKS passphrase must be manually typed in each time the systems boot up.
Ill use the *nbde_server* and *firewall* roles to install and configure Tang on my*pi.example.com*system, and use the *nbde_client* role to install and configure Clevis on my four other systems, enabling them to automatically unlock their encrypted root filesystem if they can connect to the *pi.example.com* Tang system.
### Installing Linux System Roles and Ansible on the Raspberry Pi
Ill start by installing the *linux-system-roles* package on the *pi.example.com* host, which will act as my Ansible control node. This will also install *ansible-core* and several other packages as dependencies. These packages do not need to be installed on the other four systems in my environment (which are referred to as managed nodes).
```
$ sudo dnf install linux-system-roles
```
SSH keys and sudo configuration need to be configured so that the control node host can connect to each of the managed nodes in the environment and escalate to root privileges.
### Defining the Ansible inventory file
Still on the *pi.example.com* host, Ill create an Ansible inventory file to group the five systems in my environment into two Ansible inventory groups. The *nbde_servers* group will contain a list of hosts that I would like to configure as Tang servers (which in this example is only the *pi.example.com*host), and the *nbde_clients* group will contain a list of hosts that I would like to configure as Clevis clients. Ill name this inventory file *inventory.yml* and it contains the following content:
```
all:
children:
nbde_servers:
hosts:
pi.example.com:
nbde_clients:
hosts:
fedora35-server1.example.com:
fedora35-server2.example.com:
c9s-server1.example.com:
c9s-server2.example.com:
```
### Creating Ansible Group variable files
Ansible variables are set to specify what configuration should be implemented by the Linux System Roles. Each role has a README.md file that contains important information on how to use each role, including a list of available role variables. The README.md files for the *nbde_server*, *nbde_client*, and *firewall* roles are available in the following locations, respectively:
* /usr/share/doc/linux-system-roles/nbde_server/README.md
* /usr/share/doc/linux-system-roles/nbde_client/README.md
* /usr/share/doc/linux-system-roles/firewall/README.md
Ill create a *group_vars* directory with the *mkdir group_vars* command. Within this directory, Ill create a *nbde_servers.yml* file and *nbde_clients.yml* file, which will define, respectively, the variables that should be set for systems listed in the *nbde_servers* inventory group and the *nbde_clients* inventory group.
The *nbde_servers.yml* file contains the following content, which will instruct the *firewall* role to open TCP port 80, which is the default port used by Tang:
```
firewall:
- port: ['80/tcp']
state: enabled
```
The *nbde_clients.yml* file contains the following content:
```
nbde_client_bindings:
- device: /dev/vda2
encryption_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
62666465373138636165326639633...
servers:
- http://pi.example.com
```
Under *nbde_client_bindings*, *device* specifies the backing device of the encrypted root filesystem on the four managed nodes. The *encryption_password* specifies a current LUKS passphrase that is required to configure Clevis. In this example, Ive used *ansible-vault* to encrypt the string rather than place the LUKS passphrase in clear text. And finally, under *servers*, a list of Tang servers that Clevis should bind to are specified. In this example, the Clevis clients will be configured to bind to the *pi.example.com* Tang server.
### Creating the playbook
Ill create a simple Ansible playbook, named *nbde.yml* that will call the *firewall* and *nbde_server* roles for systems in the *nbde_servers* inventory group, and call the *nbde_client* role for systems in the *nbde_clients* group:
```
- name: Open firewall for Tang
hosts: nbde_servers
roles:
- linux-system-roles.firewall
- name: Deploy NBDE Tang server
hosts: nbde_servers
roles:
- linux-system-roles.nbde_server
- name: Deploy NBDE Clevis clients
hosts: nbde_clients
roles:
- linux-system-roles.nbde_client
```
At this point, I have the following files and directories created:
* inventory.yml
* nbde.yml
* group_vars/nbde_clients.yml
* group_vars/nbde_servers.yml
### Running the playbook
The *nbde.yml* playbook can be run with the following command:
```
$ ansible-playbook nbde.yml -i inventory.yml --ask-vault-pass -b
```
The*-i*flag specifies which inventory file should be used, the *ask-vault-pass* flag will prompt for the Ansible Vault password to decrypt the *encryption_password* variable, and the *-b* flag specifies that Ansible should escalate to root privileges.
![][9]
### Validating the configuration
To validate the configuration, I rebooted each of my four managed nodes that were configured as Clevis clients of the Raspberry Pi Tang server. Each of the four managed nodes boots up and briefly pauses on the LUKS passphrase prompt:
![][10]
However, after the brief delay, each of the four systems continued booting up without requiring me to enter the LUKS passphrase.
### Conclusion
If you would like to secure your data at rest with LUKS encryption, but need a solution that enables systems to boot up without intervention, consider implementing Clevis and Tang. Linux System Roles can help you implement Clevis and Tang, as well as a number of other aspects of your system, in an automated manner.
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/using-linux-system-roles-to-implement-clevis-and-tang-for-automated-luks-volume-unlocking/
作者:[Brian Smith][a]
选题:[lkxed][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/briansmith/
[b]: https://github.com/lkxed
[1]: https://fedoramagazine.org/wp-content/uploads/2022/06/Automatic-LUKS-volume-unlocking-816x345.jpg
[2]: https://unsplash.com/@proggga?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
[3]: https://unsplash.com/s/photos/system-administrator?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
[4]: https://fedoramagazine.org/wp-content/uploads/2022/06/several-1024x576.png
[5]: https://github.com/latchset/clevis
[6]: https://github.com/latchset/tang
[7]: https://www.youtube.com/watch?v=2uLKvB8Z5D0
[8]: https://linux-system-roles.github.io/
[9]: https://fedoramagazine.org/wp-content/uploads/2022/06/results.png
[10]: https://fedoramagazine.org/wp-content/uploads/2022/06/prompt.png

86
translated/news/20220617 Ubuntu Runs on a Google Nest Hub, Wait, What-.md Normal file
View File

@ -0,0 +1,86 @@
[#]: subject: "Ubuntu Runs on a Google Nest Hub, Wait, What?"
[#]: via: "https://news.itsfoss.com/ubuntu-google-nest/"
[#]: author: "Ankush Das https://news.itsfoss.com/author/ankush/"
[#]: collector: "lkxed"
[#]: translator: "lkxed"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Ubuntu 在 Google Nest Hub 上运行,等等,什么?
======
一名黑客成功地在 Google Nest Hub第二代上运行了 Ubuntu然后呢
![Ubuntu Google][1]
我刚刚看到了一个关于在 Google Nest Hub第二代上运行的 Ubuntu 的故事。
嗯,这实在是让人兴奋!
所以,让我在这里分享更多关于它的信息吧。
### 破解 Google Nest Hub 以安装 Ubuntu
是的,一次黑客攻击使这成为可能。
网络安全专家 **Frédéric Basse** 破解了 Google Nest Hub第 2 代)的安全启动,并成功运行 Ubuntu。
当然Google Nest Hub 并没有正式支持启动一个自定义操作系统。但是Fred 使用了一个安全漏洞,从而成功运行了 Ubuntu。
虽然这很有趣,但对于始终连接的谷歌智能家居显示器来说,这也是一个严重的问题。
正如他在 [博客文章][2] 中所解释的,黑客使用了 Raspberry Pi Pico 微控制器,利用引导加载程序中的 USB 漏洞,从而破坏了安全启动链。
安全专家得出结论:
> 因此,攻击者可以通过插入恶意 USB 设备并按下两个按钮,从而在早期启动阶段(内核执行之前)执行任意代码。
如果你想进行实验(适合安全研究人员),他还在 [GitHub][3] 上提供了相关代码(关于如何利用这个引导加载程序漏洞)。
### 让 Ubuntu 在 Google Nest 上运行
![][4]
该漏洞允许攻击者启动未签名的操作系统。但是,在那之前,攻击者必须对为 Raspberry Pi64 位 ARM量身定制的预装 Ubuntu 镜像进行一些修改。
攻击者还提到了以下内容:
> 我们构建了一个自定义 U-Boot 引导加载程序,禁用了安全引导,并更改了引导流程以从 USB 闪存驱动器加载环境。我们还为 elaine 构建了一个自定义 Linux 内核,其中包括包括了一些 [额外驱动,例如 USB 鼠标][5] 。来自 Ubuntu 的初始 ramdiskinitrd被重新打包以集成触摸屏所需的固件二进制文件。引导镜像是基于自定义 Linux 内核和修改的 initrd 创建的。
因此,很明显,你不会获得完整的 Ubuntu 体验,但由于该漏洞,我们现在知道,如果你愿意破解 Google Nest 进行测试的话Ubuntu 是可以在 Google Nest 上作运行的,作为一个实验(不要那样做,真的!)。
### 智能家居安全担忧 + Linux
网络安全专家指出,该漏洞已在上游修复(两次)。
但是,研究人员也指出,缺乏 CVE 可能会导致修复程序无法向下游传播。
毫无疑问,看到有人在不受支持的设备上运行 Linux 真是太棒了。这让我思考,我们是否应该也制造一些**由 Linux 驱动的商业智能家居设备?**
*或者说,已经有类似的东西了吗?*
然而,智能家居设备容易受到简单攻击,也同样令人担忧。
你怎么看?在下面的评论中分享你的想法吧。
**本文最初发布于** [Liliputing][6]
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/ubuntu-google-nest/
作者:[Ankush Das][a]
选题:[lkxed][b]
译者:[lkxed](https://github.com/lkxed)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/ankush/
[b]: https://github.com/lkxed
[1]: https://news.itsfoss.com/wp-content/uploads/2022/06/hacker-installs-ubuntu-on-google-nest-hub.jpg
[2]: https://fredericb.info/2022/06/breaking-secure-boot-on-google-nest-hub-2nd-gen-to-run-ubuntu.html
[3]: https://github.com/frederic/chipicopwn
[4]: https://news.itsfoss.com/wp-content/uploads/2022/06/ubuntu-google-nest.jpg
[5]: https://github.com/frederic/elaine-linux/commit/11068237d9178e77d79e3a5d27fc4f8f9b923c51
[6]: https://liliputing.com/2022/06/hacker-installs-ubuntu-on-a-google-nest-hub-2nd-gen-smart-display.html

92
translated/talk/20211203 Should Businesses Opt for Serverless Computing-.md Normal file
View File

@ -0,0 +1,92 @@
[#]: subject: "Should Businesses Opt for Serverless Computing?"
[#]: via: "https://www.opensourceforu.com/2021/12/should-businesses-opt-for-serverless-computing/"
[#]: author: "Krishna Mohan Koyya https://www.opensourceforu.com/author/krishna-mohan-koyya/"
[#]: collector: "lkxed"
[#]: translator: "lkxed"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
企业应该选择无服务器计算吗?
======
无服务器计算将服务器从等式中移除,使企业能够专注于应用功能。那么,企业是不是都应该选择无服务器计算呢?让我们来探究一下吧!
![2021 年 10月 OSFY 无服务器云计算][1]
直至不久之前,几乎每个产品经理都会将他/她的工程资源,分成两个独立的团队 —— 开发团队和运维团队。开发团队通常参与编码、测试和构建应用功能,而运维团队负责应用程序的交付、部署和运行维护。
当开发团队构建电商应用时,运维团队会搭建好服务器来托管该应用。搭建服务器涉及到许多方面,其中包括:
* 选择合适的硬件和操作系统
* 应用所需的补丁集
* 搭建所需服务器环境,如 JDK、Python、Tomcat、NodeJS 等
* 部署、配置和提供实际的应用
* 打开并固定合适的端口
* 搭建所需的数据库引擎
……这个名单还在继续。
除此之外,管理人员还对容量规划感到头疼。毕竟,任何重要应用都应始终保持 100% 可用、可靠且可扩展。这需要对硬件进行最佳投资。众所周知,在一些关键时期,硬件短缺会导致业务损失,而硬件冗余又会损害利润。因此,无论应用是针对本地数据中心,还是针对云基础架构,容量规划都是至关重要的。到目前为止,很明显,企业不仅在功能构建上投入了大量的精力,还在功能交付上也花费了大量的时间。
<ruby>无服务器计算<rt>Serverless computing</rt></ruby>旨在提供一种无缝的方式来交付功能,而无需担心服务器的设置和维护。换句话说,无服务器计算平台提供了一个<ruby>“即用型”<rt>ready-to-use</rt></ruby>环境,企业可以尽快将应用程序构建和部署为一些较小的功能。这就是为什么这种方法被称为<ruby>“功能即服务”<rt>Function as a Service</rt></ruby>FaaS
请记住,无服务器计算中仍然存在服务器,但它由 AWS、微软和谷歌等 FaaS 供应商负责。
例如AWS 以 “Lambda 函数”的形式提供了一个无服务器计算环境。开发人员可以选择将应用程序构建为一组 Lambda 函数,这些函数可以用 NodeJS、Java、Python 和其他一些语言编写。AWS 提供了一个现成的环境来部署这些函数。它还提供了即用​​型数据库服务器、文件服务器、应用程序网关和身份验证服务器等。
同样Microsoft Azure 也提供了一个环境,它可以用 C# 等语言构建和部署 Azure 函数。
### 为什么选择无服务器?
有两个主要因素推动了无服务器计算的普及。
#### 1、即用型环境
显然,这是无服务器计算的最大卖点。企业无需提前采购/预订硬件或实例,也无需操心许可证,以及设置和配置服务器。他们不需要为扩大和缩小规模而烦恼。所有这些都由 FaaS 供应商负责。
#### 2、最优成本
由于 FaaS 供应商总是根据环境的利用率向客户收费按使用付费模式因此企业无需担心前期成本和资源浪费。例如AWS 根据 Lambda 函数接收的请求数量、在数据表上运行的查询数量等指标来向客户端收费。
### 无服务器计算的挑战
与任何其他方法一样,无服务器计算也不是每个人都可以盲目遵循的完美方法。它本身也有一系列限制。以下是其中的几个。
#### 1、供应商锁定
当使用无服务器计算时第一个也是最重要的问题就是Lambda 或 Azure 等函数将使用供应商提供的 API 来编写。例如,使用 AWS Lambda API 编写的函数无法部署到 Google Cloud 中,反之亦然。因此,无服务器计算迫使企业在许多年内,只能使用同一家供应商。并且,应用的成功或失败不仅取决于它的功能,还取决于供应商在性能等方面的能力。
#### 2、编程语言
没有无服务器计算平台支持所有的编程语言。此外,对于它支持的编程语言,它也可能不支持其所有版本。这样一来,应用开发团队只能选择供应商提供的语言。就团队的能力而言,这可能是非常关键的。
#### 3、最优成本真的吗
其实也不一定,这一切都取决于资源的使用情况。如果你的应用正在承受巨大的负载,例如每秒数百万个请求,那么你所支付的费用可能会过高。在这样的规模下,在本地或云端拥有自己的服务器可能会更便宜。这并不意味着具有 Web 规模的应用不适合用无服务器计算。归根结底,它还是取决于你的平台的构建方式,以及你与供应商签署的协议。
#### 4、生态系统
没有应用是为了一个孤立的环境而编写的。它总是需要其他组件如数据存储、数据库、安全引擎、网关、消息服务器、队列、缓存等。每个平台都提供自己的一组此类工具。例如AWS 提供了 Dynamo DB 作为其 NoSQL 解决方案之一。显然,其他供应商也提供了自己的 NoSQL 解决方案。因此,团队又会被迫地基于所选平台来构建应用程序。尽管大多数商业 FaaS 供应商都为特定需求提供了多个组件,但并非每个组件都可能是同类型中最佳的。
### 为什么不考虑容器呢?
在过去十年中,我们中的许多人都迁移到了容器化部署模型,因为它们为昂贵的物理机或虚拟机提供了一种轻量级的替代方案。有了 Kubernetes 等编排工具后,我们乐于部署容器化应用,同时也满足了 Web 规模的要求。容器提供了与底层环境一定程度的隔离,这使得部署相对容易。但是,我们仍然需要在硬件(本地或云)、许可证、网络、配置等方面进行投资,这需要具有前瞻性的规划、合适的技术能力和仔细的监控。无服务器计算,尽管它也有自己的优点和缺点,但它让我们把这些责任也摆脱了。
### 展望未来
我们正处于持续开发、持续集成和持续部署的时代。每个企业都面临着竞争。<ruby>上市时间<rt>Time to market</rt></ruby>TTM在吸引客户、留住客户这两个方面发挥着重要作用。在这种背景下企业喜欢花更多时间来尽可能快地推出功能而不是在部署和维护的细节上苦苦挣扎。无服务器计算有可能满足这些需求。大玩家们正在投入巨额资金以使 FaaS 尽可能地无缝且经济。无服务器计算的未来看起来是一片光明。
--------------------------------------------------------------------------------
via: https://www.opensourceforu.com/2021/12/should-businesses-opt-for-serverless-computing/
作者:[Krishna Mohan Koyya][a]
选题:[lkxed][b]
译者:[lkxed](https://github.com/lkxed)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.opensourceforu.com/author/krishna-mohan-koyya/
[b]: https://github.com/lkxed
[1]: https://www.opensourceforu.com/wp-content/uploads/2021/10/Severless-Cloud-Computing-Featured-image-OSFY-Oct-2021.jpg

140
translated/tech/20210122 Configure a Linux workspace remotely from the command line.md Normal file
View File

@ -0,0 +1,140 @@
[#]: collector: (lujun9972)
[#]: translator: (Donke-Hao)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Configure a Linux workspace remotely from the command line)
[#]: via: (https://opensource.com/article/21/1/remote-configuration-xfce4)
[#]: author: (David Both https://opensource.com/users/dboth)
从命令行远程配置 Linux 工作区
======
几乎所有的事情都可以从 Linux 命令行完成,包括 Xfce4 的远程配置。
![Coding on a computer][1]
几乎所有的事情都可以通过命令行管理和配置。意味着几乎所有的事情都可以在本地或者通过 SSH 远程登录进行管理。有时候在互联网上搜索会花费一点时间但是如果译者个人感觉这里上下文有省略一些意思我感觉是“如果利用这段时间你能想到…”——_**请校对者注意并删除括号内的话**_你能想到一个可能可以从命令行完成的任务。
### 问题
有时候需要使用命令行进行远程修改。在这种特殊情况下,我需要响应远程用户的请求将在 [Xfce][2] 控制板上的工作区从四个减少到三个。这种配置仅需要在互联网上搜索约 20 分钟。
默认工作区数量和许多其他 **xfwm4** 设置可以在 **/usr/share/xfwm4/defaults** 这个文件中找到并修改。因此将 _workspace_count=2_ 设置为 _workspace_count=4_ 改变了所有主机的默认值。 同时,非 root 用户可以执行 **xfconf-query** 命令来查询并修改 **xfwm4** 窗口管理器的不同属性。它应该由需要更改的用户帐户使用,而不是由 root 使用。
在下面的例子中,首先我验证了当前工作区数量为 _4_ ,然后将数量改为 _2_ ,最后确认了新设置。
```
[user@test1 ~]# xfconf-query -c xfwm4 -p /general/workspace_count
4
[user@test1 ~]# xfconf-query -c xfwm4 -p /general/workspace_count -s 2
[user@test1 ~]# xfconf-query -c xfwm4 -p /general/workspace_count
2
[user@test1 ~]#
```
此更改会立即发生,并且用户可以看到,无需重新启动,甚至无需注销并重新登录。当我输入命令以设置不同数量的工作区时,通过观察工作区切换器的变化,使我在我的工作站上有些快乐。 这些天,我尽我所能获得娱乐。 ;-)
### 更多探索
现在我解决了问题,我决定更详细的探索一下 **xfconf-query** 命令。不幸的是,该工具没有手册或信息页,**/usr/share** 中也没有任何文档。退而求其次,使用 **-h** 选项获取一些帮助信息。
```
$ xfconf-query -h
 Usage:
   xfconf-query [OPTION…] - Xfconf commandline utility
 Help Options:
   -h, --help            显示帮助选项
 Application Options:
   -V, --version         版本信息
   -c, --channel         询问/修改通道
   -p, --property        询问/修改属性
   -s, --set             更新权限的值
   -l, --list            罗列属性(或者通道 如果没有用 -c 指定)
   -v, --verbose         详细输出
   -n, --create          当新属性不存在,则创建它
   -t, --type            指定属性值类型
   -r, --reset           重置属性
   -R, --recursive       递归(与 -r 一起使用)
   -a, --force-array     即使只有一个元素也强制数组
   -T, --toggle          反转现有的布尔属性
   -m, --monitor         监视属性更改的通道
```
这没有多大帮助,但无论如何我们都可以从中找出一些好处。首先, _通道_ 以属性分组便于修改。我对 **general** 通道进行了更改,属性为 **workspace_count** 。 让我们看看完整的通道列表。
```
$ xfconf-query -l
Channels:
  xfwm4
  xfce4-keyboard-shortcuts
  xfce4-notifyd
  xsettings
  xfdashboard
  thunar
  parole
  xfce4-panel
  xfce4-appfinder
  xfce4-settings-editor
  xfce4-power-manager
  xfce4-session
  keyboards
  displays
  keyboard-layout
  ristretto
  xfcethemer
  xfce4-desktop
  pointers
  xfce4-settings-manager
  xfce4-mixer
```
给定通道的属性也可以用下列的命令来查看。我使用 **less** 寻呼机,因为结果是一长串数据。我已经缩减了下表,但留下了足够的空间来查看你可以找到的条目类型。
```
$ xfconf-query -c xfwm4 -l | less
/general/activate_action
/general/borderless_maximize
/general/box_move
/general/box_resize
/general/button_layout
/general/button_offset
&lt;SNIP&gt;
/general/workspace_count
/general/workspace_names
/general/wrap_cycle
/general/wrap_layout
/general/wrap_resistance
/general/wrap_windows
/general/wrap_workspaces
/general/zoom_desktop
(END)
```
你可以用这种方式探索所有的通道。我发现频道通常对应 **设置管理器** 中的各种设置。属性是你将在这些对话框中设置的属性。请注意,并非您会在 **设置管理器** 对话窗口中找到的所有图标都是 **Xfce** 桌面的一部分,因此它们没有对应的通道。 **屏幕保护程序** 就是一个例子,因为它是通用的 GNU 屏幕保护程序,并不是 **Xfce** 独有的。 **设置管理器****Xfce** 定位这些配置工具的一个很好的中心位置。
### 总结
综上所述,在 **xconf-query** 命令似乎没有任何手册或信息页,并且我在网上发现了一些错误的糟糕的记录信息。我发现对 **Xfce4** 来说最好的文件是 [Xfce 网站][2],以及一些具体信息可以在 **xconf-query** 找到。、
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/1/remote-configuration-xfce4
作者:[David Both][a]
选题:[lujun9972][b]
译者:[Donke-Hao](https://github.com/Donke-Hao)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/dboth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/code_computer_laptop_hack_work.png?itok=aSpcWkcl (Coding on a computer)
[2]: https://www.xfce.org/

71
translated/tech/20210531 Get started with Kubernetes using chaos engineering.md
View File

@ -1,71 +0,0 @@
[#]: subject: (Get started with Kubernetes using chaos engineering)
[#]: via: (https://opensource.com/article/21/5/kubernetes-chaos)
[#]: author: (Jessica Cherry https://opensource.com/users/cherrybomb)
[#]: collector: (lujun9972)
[#]: translator: (Donkey)
[#]: reviewer: (turbokernel)
[#]: publisher: ( )
[#]: url: ( )
在混沌工程中开始使用 Kubernetes
======
在庆祝 Kubernetes 11 岁生日的系列文章中的第一篇文章中学习混沌工程的基础知识。
![Scrabble letters spell out chaos for chaos engineering][1]
Kubernetes 快 11 岁了,我打算通过给你一些会引起混沌的开源工具来庆祝它的生日。混沌工程是科学、规划以及实验的学科。它在系统上进行训练,来建立系统在生产中承受混乱条件能力的信心的学科。
在我给你礼物前,我会在文章导论部分解释混沌系统如何工作。
### 如何开始学习混沌系统呢?
以我的经验,开始学习混沌系统的最好方式是触发一个此前生产中出现的事件来进行实验。使用过去的数据,制定以相同的方式破坏你的系统的计划,然后建立修复策略并确认结果确实是你想要的。如果计划失败,你就有了一种新的实验方式,并朝着快速处理问题的新方式前进。
最重要的是,你可以随时记录所有内容,这意味着,随着时间的推移,整个系统将被完整记录下以便任何人都可以随时待命而无需太多升级,并且每个人都可以在周末好好休息。
### 你在混沌工程中做什么?
混沌系统实验运行背后有一些科学依据。我已经记录了步骤:
1. **定义一个稳定状态:** 使用监控工具来搜集当系统没有问题或事件时,看起来功能正常的数据。
2. **提出假设或使用先前的事件:** 现在你已经定义了一个稳定状态,请提出一个关于在事件或中断期间会发生(或已经发生)的情况的假设。用这个假设来得出一系列将会发生的事件以及如何解决问题的理论。然后你可以指定一个故意引起该问题的计划。
3. **介绍问题:** 用既定计划来破坏你的系统并开始在真实环境中测试。收集损坏的指标状态,按计划修复,并跟踪在你达到解决方案之前需要多长时间。确保你为之后中断记录了任何事情。
4. **试图推翻你的假设:** 实验中最精彩的部分是尝试推翻你的思考或计划。你想创建一个不同的状态,看看你能走多远,并在系统中生成一个不同的稳定状态。
当你在另一个系统中生成破坏的变量前,确保建立一个处于稳定状态的控制系统。这将使你更容易在实验前、期间和之后发现各种稳态的差异。
### 混沌工程需要什么?
这有一些初学混沌工程很好的工具:
* 良好的记录习惯
* 一个捕捉你系统是否处于稳定状态的监控系统
* Grafana
* Prometheus
* 混沌工程工具:
* Chaos mesh
* Litmus
* 之后的文章我会介绍更多
* 一个假设
* 一个计划
### 去搞破坏吧
现在你已经掌握了基础,是时候去安全的摧毁你的系统了。我计划每年造成四次混乱,并努力实现每月的破坏。
混沌工程是一种很好的实践,也是使你的内部文档保持最新的好方法。此外,随着时间的推移,新升级或应用程序部署将更加顺畅,你的日常生活将通过 Kubernetes 管理变得更加轻松。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/kubernetes-chaos
作者:[Jessica Cherry][a]
选题:[lujun9972][b]
译者:[Donkey](https://github.com/Donkey-Hao)
校对:[turbokernel](https://github.com/turbokernel)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/cherrybomb
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/brett-jordan-chaos-unsplash.jpg?itok=sApp5dVd (Scrabble letters spell out chaos for chaos engineering)