From 6489c1205015ae9a9da1682d928c4f8e925e9214 Mon Sep 17 00:00:00 2001 From: Xingyu Wang Date: Tue, 28 Jan 2020 14:15:15 +0800 Subject: [PATCH 1/7] PRF @robsean --- ...0 is Released- Here-s How to Install it.md | 128 ++++++++++++------ 1 file changed, 87 insertions(+), 41 deletions(-) diff --git a/translated/tech/20200123 Wine 5.0 is Released- Here-s How to Install it.md b/translated/tech/20200123 Wine 5.0 is Released- Here-s How to Install it.md index 24c1077236..78f0909d4a 100644 --- a/translated/tech/20200123 Wine 5.0 is Released- Here-s How to Install it.md +++ b/translated/tech/20200123 Wine 5.0 is Released- Here-s How to Install it.md @@ -1,97 +1,141 @@ [#]: collector: (lujun9972) [#]: translator: (robsean) -[#]: reviewer: ( ) +[#]: reviewer: (wxy) [#]: publisher: ( ) [#]: url: ( ) [#]: subject: (Wine 5.0 is Released! Here’s How to Install it) [#]: via: (https://itsfoss.com/wine-5-release/) [#]: author: (Ankush Das https://itsfoss.com/author/ankush/) -Wine 5.0 发布了!这里是如何安装它的方法 +Wine 5.0 发布了! ====== -_**简介:在这里,Wine 的一个新的主要版本发布。使用 Wine 5.0 ,在 Linux 上运行 Windows 应用程序和游戏得到进一步改进。**_ +> Wine 的一个新的主要版本发布了。使用 Wine 5.0,在 Linux 上运行 Windows 应用程序和游戏的体验得到进一步改进。 -因为一些努力,你可以使用 Wine [在 Linux 上运行 Windows 应用程序][1] 。Wine 是一个当你必需使用一个仅在 Windows 上可用的软件时你可以尝试的工具。它支持许多这样的软件。 +通过一些努力,你可以使用 Wine [在 Linux 上运行 Windows 应用程序][1]。当你必须使用一个仅在 Windows 上可用的软件时,Wine 是一个可以尝试的工具。它支持许多这样的软件。 -Wine 的一个新的主要发布版本已经降临,即 Wine 5.0 ,几乎在它的 4.0 发布一年之后。 +Wine 的一个新的主要发布版本已经降临,即 Wine 5.0,几乎距它的 4.0 发布一年之后。 -Wine 5.0 发布版本引进了几个主要的特色和很多有重大意义的更改/改进。我将重点介绍新的特色是什么,并且也将提到安装说明。 +Wine 5.0 发布版本引进了几个主要特性和很多显著的更改/改进。在这篇文章中,我将重点介绍新的特性是什么,并且也将提到安装说明。 -### 在 Wine 5.0 中有什么新的特色? +### 在 Wine 5.0 中有什么新的特性? ![][2] -在 5.0 发布版本中的关键更改,正如在他们的[官方声明][3]所述一样: +如他们的[官方声明][3]所述,这是 5.0 发布版本中的关键更改: - * PE 格式的内置模块。 - * 多监视器支持。 - * XAudio2 重新实施。 - * Vulkan 1.1 支持。 - * 支持微软安装程序(MSI)补丁文件。 - * 性能改进。 +* PE 格式的内置模块。 +* 支持多显示器。 +* 重新实现了 XAudio2。 +* 支持 Vulkan 1.1。 +* 支持微软安装程序(MSI)补丁文件。 +* 性能提升。 +因此,随着 Vulkan 1.1 和对多显示器的支持 —— Wine 5.0 发布版本是一件大事。 +除了上面强调的这些关键内容以外,在新的版本中包含成千上万的更改/改进中,你还可以期待对控制器的支持更好。 -因此,随着 Vulkan 1.1 和多监视器的支持 – Wine 5.0 发布版本是一件大事。 - -除了关键强调以外,就在新的版本中包含成千上万的更改/改进而言,你同样可以期待在新的版本中有更好的控制器支持。 - -这个发布版本致力于纪念 **Józef Kucia** (_vkd3d 项目的首席开发人员_)也是值得注意的 +值得注意的是,此版本特别纪念了 **Józef Kucia**(vkd3d 项目的首席开发人员)。 他们也已经在[发布说明][4]中提到这一点: -> 这个发布版本致力于纪念 Józef Kucia ,他在 2019 年 8 月去世,年仅 30 岁。Józef 是 Wine 的 Direct3D 实施的一个主要贡献者,并且是 vkd3d 项目的首席开发人员。我们都非常怀念他的技能和善良。 +> 这个发布版本特别纪念了 Józef Kucia,他于 2019 年 8 月去世,年仅 30 岁。Józef 是 Wine 的 Direct3D 实现的一个主要贡献者,并且是 vkd3d 项目的首席开发人员。我们都非常怀念他的技能和友善。 ### 如何在 Ubuntu 和 Linux Mint 上安装 Wine 5.0 -注意 +> 注意: -_如果你在以前安装过 Wine ,你应该将其完全移除,以避免一些冲突(像你希望的一样)。此外,WineHQ 秘钥存储库最近已被更改,对于额外的操作指南,你可以根据你的 Linux 发行版来参考它的_ [_下载页面_][5]。_ +> 如果你在以前安装过 Wine,你应该将其完全移除,以(如你希望的)避免一些冲突。此外,WineHQ 存储库的密钥最近已被更改,针对你的 Linux 发行版的更多的操作指南,你可以参考它的[下载页面][5]。 -Wine 5.0 的源码可在它的[官方网站][3]上获得。为了使其工作,你可以阅读更多关于[构建 wine][6]的信息。基于 Arch 的用户应该很快就会得到它。 +Wine 5.0 的源码可在它的[官方网站][3]上获得。为了使其工作,你可以阅读更多关于[构建 Wine][6] 的信息。基于 Arch 的用户应该很快就会得到它。 -在这里,我将向你展示在 Ubuntu 和其它基于 Ubuntu 的发行版上安装 Wine 5.0 的步骤。 +在这里,我将向你展示在 Ubuntu 和其它基于 Ubuntu 的发行版上安装 Wine 5.0 的步骤。请耐心,并按照步骤一步一步安装和使用 Wine。这里涉及几个步骤。 -首先,使用这个命令来移除现存的 Wine 安装: +请记住,Wine 安装了太多软件包。你会看到大量的软件包列表,下载大小约为 1.3 GB。 + +### 在 Ubuntu 上安装 Wine 5.0(不适用于 Linux Mint) + +首先,使用这个命令来移除现存的 Wine: ``` -sudo apt remove winehq-stable wine-stable wine1.6 +sudo apt remove winehq-stable wine-stable wine1.6 wine-mono wine-geco winetricks ``` -下载并添加官方 Wine 存储库秘钥: +然后确保添加 32 位体系结构支持: + +``` +sudo dpkg --add-architecture i386 +``` + +下载并添加官方 Wine 存储库密钥: ``` wget -qO - https://dl.winehq.org/wine-builds/winehq.key | sudo apt-key add - ``` -_**现在,接下来的步骤需要添加存储库,为此, 你需要首先[知道你的 Ubuntu 版本][7]。**_ +现在,接下来的步骤需要添加存储库,为此, 你需要首先[知道你的 Ubuntu 版本][7]。 -对于 **Ubuntu 19.10** ,添加这个存储库: +对于 **Ubuntu 18.04 和 19.04**,用这个 PPA 添加 FAudio 依赖, **Ubuntu 19.10** 不需要它: ``` -sudo apt-add-repository 'deb https://dl.winehq.org/wine-builds/ubuntu/ eoan main' +sudo add-apt-repository ppa:cybermax-dexter/sdl2-backport ``` -如果你正在使用 **Ubuntu 18.04** 或 **Linux Mint 19.x** ,使用这个命令来添加存储库: +现在使用此命令添加存储库: ``` -sudo apt-add-repository 'deb https://dl.winehq.org/wine-builds/ubuntu/ bionic main' +sudo apt-add-repository "deb https://dl.winehq.org/wine-builds/ubuntu $(lsb_release -cs) main" ``` -对于 **Ubuntu 16.04 和 Linux Mint 18.x 系列** ,你可以使用这个命令: - -``` -sudo apt-add-repository 'deb https://dl.winehq.org/wine-builds/ubuntu/ xenial main' -``` - -现在,你已经添加了正确的存储库,你可以使用这个命令来安装 Wine 5.0 : +现在你已经添加了正确的存储库,可以使用以下命令安装 Wine 5.0: ``` sudo apt update && sudo apt install --install-recommends winehq-stable ``` -**总结** +请注意,尽管[在软件包列表中将 Wine 5 列为稳定版][8],但你仍可能会看到 winehq-stable 的 wine 4.0.3。也许它不会传播到所有地理位置。从今天早上开始,我可以看到 Wine 5.0。 + +### 在 Linux Mint 19.1、19.2 和 19.3 中安装 Wine 5.0 + +正如一些读者通知我的那样,[apt-add 存储库命令][9]不适用于 Linux Mint 19.x 系列。 + +这是添加自定义存储库的另一种方法。你必须执行与 Ubuntu 相同的步骤。如删除现存的 Wine 包: + +``` +sudo apt remove winehq-stable wine-stable wine1.6 wine-mono wine-geco winetricks +``` + +添加 32 位支持: + +``` +sudo dpkg --add-architecture i386 +``` + +然后添加 GPG 密钥: + +``` +wget -qO - https://dl.winehq.org/wine-builds/winehq.key | sudo apt-key add - +``` + +添加 FAudio 依赖: + +``` +sudo add-apt-repository ppa:cybermax-dexter/sdl2-backport +``` + +现在为 Wine 存储库创建一个新条目: + +``` +sudo sh -c "echo 'deb https://dl.winehq.org/wine-builds/ubuntu/ bionic main' >> /etc/apt/sources.list.d/winehq.list" +``` + +更新软件包列表并安装Wine: + +``` +sudo apt update && sudo apt install --install-recommends winehq-stable +``` + +### 总结 你尝试过最新的 Wine 5.0 发布版本吗?如果是的话,在运行中你看到什么改进? @@ -104,7 +148,7 @@ via: https://itsfoss.com/wine-5-release/ 作者:[Ankush Das][a] 选题:[lujun9972][b] 译者:[robsean](https://github.com/robsean) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 @@ -117,3 +161,5 @@ via: https://itsfoss.com/wine-5-release/ [5]: https://wiki.winehq.org/Download [6]: https://wiki.winehq.org/Building_Wine [7]: https://itsfoss.com/how-to-know-ubuntu-unity-version/ +[8]: https://dl.winehq.org/wine-builds/ubuntu/dists/bionic/main/binary-amd64/ +[9]: https://itsfoss.com/add-apt-repository-command-not-found/ From 0f6c9206e83df2770d447759b8f2f1562a74ee2b Mon Sep 17 00:00:00 2001 From: Xingyu Wang Date: Tue, 28 Jan 2020 14:15:50 +0800 Subject: [PATCH 2/7] PUB @robsean https://linux.cn/article-11827-1.html --- ...20200123 Wine 5.0 is Released- Here-s How to Install it.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename {translated/tech => published}/20200123 Wine 5.0 is Released- Here-s How to Install it.md (98%) diff --git a/translated/tech/20200123 Wine 5.0 is Released- Here-s How to Install it.md b/published/20200123 Wine 5.0 is Released- Here-s How to Install it.md similarity index 98% rename from translated/tech/20200123 Wine 5.0 is Released- Here-s How to Install it.md rename to published/20200123 Wine 5.0 is Released- Here-s How to Install it.md index 78f0909d4a..683f033104 100644 --- a/translated/tech/20200123 Wine 5.0 is Released- Here-s How to Install it.md +++ b/published/20200123 Wine 5.0 is Released- Here-s How to Install it.md @@ -1,8 +1,8 @@ [#]: collector: (lujun9972) [#]: translator: (robsean) [#]: reviewer: (wxy) -[#]: publisher: ( ) -[#]: url: ( ) +[#]: publisher: (wxy) +[#]: url: (https://linux.cn/article-11827-1.html) [#]: subject: (Wine 5.0 is Released! Here’s How to Install it) [#]: via: (https://itsfoss.com/wine-5-release/) [#]: author: (Ankush Das https://itsfoss.com/author/ankush/) From bd0cd29fdfa9daea6b126db74f8056f26552f3e3 Mon Sep 17 00:00:00 2001 From: alim0x Date: Tue, 28 Jan 2020 16:26:54 +0800 Subject: [PATCH 3/7] [translated]20191108 My Linux story- Learning Linux in the 90s --- ... Linux story- Learning Linux in the 90s.md | 61 ------------------- ... Linux story- Learning Linux in the 90s.md | 60 ++++++++++++++++++ 2 files changed, 60 insertions(+), 61 deletions(-) delete mode 100644 sources/talk/20191108 My Linux story- Learning Linux in the 90s.md create mode 100644 translated/talk/20191108 My Linux story- Learning Linux in the 90s.md diff --git a/sources/talk/20191108 My Linux story- Learning Linux in the 90s.md b/sources/talk/20191108 My Linux story- Learning Linux in the 90s.md deleted file mode 100644 index 11ba748cc8..0000000000 --- a/sources/talk/20191108 My Linux story- Learning Linux in the 90s.md +++ /dev/null @@ -1,61 +0,0 @@ -[#]: collector: (lujun9972) -[#]: translator: (alim0x) -[#]: reviewer: ( ) -[#]: publisher: ( ) -[#]: url: ( ) -[#]: subject: (My Linux story: Learning Linux in the 90s) -[#]: via: (https://opensource.com/article/19/11/learning-linux-90s) -[#]: author: (Mike Harris https://opensource.com/users/mharris) - -My Linux story: Learning Linux in the 90s -====== -This is the story of how I learned Linux before the age of WiFi, when -distributions came in the form of a CD. -![Sky with clouds and grass][1] - -Most people probably don't remember where they, the computing industry, or the everyday world were in 1996. But I remember that year very clearly. I was a sophomore in high school in the middle of Kansas, and it was the start of my journey into free and open source software (FOSS). - -I'm getting ahead of myself here. I was interested in computers even before 1996. I was born and raised on my family's first Apple ][e, followed many years later by the IBM Personal System/2. (Yes, there were definitely some generational skips along the way.) The IBM PS/2 had a very exciting feature: a 1200 baud Hayes modem. - -I don't remember how, but early on, I got the phone number of a local [BBS][2]. Once I dialed into it, I could get a list of other BBSes in the local area, and my adventure into networked computing began. - -In 1995, the people [lucky enough][3] to have a home internet connection spent less than 30 minutes a month using it. That internet was nothing like our modern services that operate over satellite, fiber, CATV coax, or any version of copper lines. Most homes dialed in with a modem, which tied up their phone line. (This was also long before cellphones were pervasive, and most people had just one home phone line.) I don't think there were many independent internet service providers (ISPs) back then, although that may have depended upon where you were located, so most people got service from a handful of big names, including America Online, CompuServe, and Prodigy. - -And the service you did get was very slow; even at dial-up's peak evolution at 56K, you could only expect to get a maximum of about 3.5 Kbps. If you wanted to try Linux, downloading a 200MB to 800MB ISO image or (more realistically) a disk image set was a dedication to time, determination, and lack of phone usage. - -I went with the easier route: In 1996, I ordered a "tri-Linux" CD set from a major Linux distributor. These tri-Linux disks provided three distributions; mine included Debian 1.1 (the first stable release of Debian), Red Hat Linux 3.0.3, and Slackware 3.1 (nicknamed Slackware '96). As I recall, the discs were purchased from an online store called [Linux Systems Labs][4]. The online store doesn't exist now, but in the 90s and early 00s, such distributors were common. And so were multi-disc sets of Linux. This one's from 1998 but gives you an idea of what they involved: - -![A tri-linux CD set][5] - -![A tri-linux CD set][6] - -On a fateful day in the summer of 1996, while living in a new and relatively rural city in Kansas, I made my first attempt at installing and working with Linux. Throughout the summer of '96, I tried all three distributions on that tri-Linux CD set. They all ran beautifully on my mom's older Pentium 75MHz computer. - -I ended up choosing [Slackware][7] 3.1 as my preferred distribution, probably more because of the terminal's appearance than the other, more important reasons one should consider before deciding on a distribution. - -I was up and running. I was connecting to an "off-brand" ISP (a local provider in the area), dialing in on my family's second phone line (ordered to accommodate all my internet use). I was in heaven. I had a dual-boot (Microsoft Windows 95 and Slackware 3.1) computer that worked wonderfully. I was still dialing into the BBSes that I knew and loved and playing online BBS games like Trade Wars, Usurper, and Legend of the Red Dragon. - -I can remember spending days upon days of time in #Linux on EFNet (IRC), helping other users answer their Linux questions and interacting with the moderation crew. - -More than 20 years after taking my first swing at using the Linux OS at home, I am now entering my fifth year as a consultant for Red Hat, still using Linux (now Fedora) as my daily driver, and still on IRC helping people looking to use Linux. - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/19/11/learning-linux-90s - -作者:[Mike Harris][a] -选题:[lujun9972][b] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]: https://opensource.com/users/mharris -[b]: https://github.com/lujun9972 -[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/bus-cloud.png?itok=vz0PIDDS (Sky with clouds and grass) -[2]: https://en.wikipedia.org/wiki/Bulletin_board_system -[3]: https://en.wikipedia.org/wiki/Global_Internet_usage#Internet_users -[4]: https://web.archive.org/web/19961221003003/http://lsl.com/ -[5]: https://opensource.com/sites/default/files/20191026_142009.jpg (A tri-linux CD set) -[6]: https://opensource.com/sites/default/files/20191026_142020.jpg (A tri-linux CD set) -[7]: http://slackware.com diff --git a/translated/talk/20191108 My Linux story- Learning Linux in the 90s.md b/translated/talk/20191108 My Linux story- Learning Linux in the 90s.md new file mode 100644 index 0000000000..ea0847761d --- /dev/null +++ b/translated/talk/20191108 My Linux story- Learning Linux in the 90s.md @@ -0,0 +1,60 @@ +[#]: collector: (lujun9972) +[#]: translator: (alim0x) +[#]: reviewer: ( ) +[#]: publisher: ( ) +[#]: url: ( ) +[#]: subject: (My Linux story: Learning Linux in the 90s) +[#]: via: (https://opensource.com/article/19/11/learning-linux-90s) +[#]: author: (Mike Harris https://opensource.com/users/mharris) + +我的 Linux 故事:在 90 年代学习 Linux +====== +这是一个关于我如何在 WiFi 时代之前学习 Linux 的故事,那时的发行版还以 CD 的形式出现。 +![Sky with clouds and grass][1] + +大部分人可能不记得 1996 年时计算产业或日常生活世界的样子。但我很清楚地记得那一年。我那时候是堪萨斯中部一所高中的二年级学生,那是我的自由与开源软件(FOSS)旅程的开端。 + +我从这里开始进步。我在 1996 年之前就开始对计算机感兴趣。我出生并成长于我家的第一台 Apple ][e,然后多年之后是 IBM Personal System/2。(是的,在这过程中有一些代际的跨越。)IBM PS/2 有一个非常激动人心的特性:一个 1200 波特的 Hayes 调制解调器。 + +我不记得是怎样了,但在那不久之前,我得到了一个本地 [BBS][2] 的电话号码。一旦我拨号进去,我可以得到本地的一些其他 BBS 的列表,我的网络探险就此开始了。 + +在 1995 年,[足够幸运][3]的人拥有了家庭互联网连接,每月可以使用不到 30 分钟。这个互联网不像我们现代的服务那样,通过卫星、光纤、有线电视同轴电缆或任何版本的铜线提供。大多数家庭通过一个调制解调器拨号,它连接到他们的电话线上。(这时离移动电话无处不在的时代还早得很,大多数人只有一部家庭电话。)尽管这还要取决你所在的位置,但我不认为那时有很多独立的互联网服务提供商(ISP),所以大多数人从仅有的几家大公司获得服务,包括 America Online,CompuServe 以及 Prodigy。 + +你获取到的服务速率非常低,甚至在拨号上网演变的顶峰 56K,你也只能期望得到最高 3.5Kbps 的速率。如果你想要尝试 Linux,下载一个 200MB 到 800MB 的 ISO 镜像或(更加切合实际的)磁盘镜像要贡献出时间,决心,以及面临电话不可用的情形。 + +我走了一条简单一点的路:在 1996 年,我从一家主要的 Linux 分发商订购了一套“tri-Linux”CD。这些光盘提供了三个发行版,我的这套包含了 Debian 1.1 (Debian 的第一个稳定版本),Red Hat Linux 3.0.3 以及 Slackware 3.1(代号 Slackware '96)。据我回忆,这些光盘是从一家叫做 [Linux Systems Labs][4] 的在线商店购买的。这家在线商店如今已经不存在了,但在 90 年代和 00 年代早期,这样的分发商很常见。对于多光盘 Linux 套件也是如此。这是 1998 年的一套光盘,你可以了解到他们都包含了什么: + +![A tri-linux CD set][5] + +![A tri-linux CD set][6] + +在 1996 年夏天一个命中注定般的日子,那时我住在堪萨斯一个新的并且相对较为乡村的城市,我做出了安装并使用 Linux 的第一次尝试。在 1996 年的整个夏天,我尝试了那套三 Linux CD 套件里的全部三个发行版。他们都在我母亲的老 Pentium 75MHz 电脑上完美运行。 + +我最终选择了 [Slackware][7] 3.1 作为我喜欢的发行版,相比其他发行版可能更多的是因为它的终端的外观,这是决定选择一个发行版前需要考虑的重要因素。 + +我将系统设置完毕并运行了起来。我连接到一家“杂牌”ISP(一家这个区域的本地服务商),通过我家的第二条电话线拨号(为了满足我的所有互联网使用而订购)。那就像在天堂一样。我有一台完美运行的双系统(Microsoft Windows 95 和 Slackware 3.1)电脑。我依然拨号进入我所知道和喜爱的 BBS,游玩在线 BBS 游戏,比如 Trade Wars,Usurper 以及 Legend of the Red Dragon。 + +我能够记得花在 EFNet(IRC)上 #Linux 频道的一天天时光,帮助其他用户,回答他们的 Linux 问题以及和审核人员互动。 + +在我第一次在家尝试使用 Linux 系统的 20 多年后,我现在正进入作为 Red Hat 顾问的第五年,仍然在使用 Linux(现在是 Fedora)作为我的日常系统,并且依然在 IRC 上帮助想要使用 Linux 的人们。 + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/19/11/learning-linux-90s + +作者:[Mike Harris][a] +选题:[lujun9972][b] +译者:[alim0x](https://github.com/alim0x) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://opensource.com/users/mharris +[b]: https://github.com/lujun9972 +[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/bus-cloud.png?itok=vz0PIDDS (Sky with clouds and grass) +[2]: https://en.wikipedia.org/wiki/Bulletin_board_system +[3]: https://en.wikipedia.org/wiki/Global_Internet_usage#Internet_users +[4]: https://web.archive.org/web/19961221003003/http://lsl.com/ +[5]: https://opensource.com/sites/default/files/20191026_142009.jpg (A tri-linux CD set) +[6]: https://opensource.com/sites/default/files/20191026_142020.jpg (A tri-linux CD set) +[7]: http://slackware.com From c86d2bf7e564e4267d671d41997d2b9bdd9c74a2 Mon Sep 17 00:00:00 2001 From: lixin <56751837+lixin555@users.noreply.github.com> Date: Tue, 28 Jan 2020 23:32:10 +0800 Subject: [PATCH 4/7] lixin555 is translating lixin555 is translating --- .../20190503 Mirror your System Drive using Software RAID.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sources/tech/20190503 Mirror your System Drive using Software RAID.md b/sources/tech/20190503 Mirror your System Drive using Software RAID.md index 1b5936dfa0..e72f3a5722 100644 --- a/sources/tech/20190503 Mirror your System Drive using Software RAID.md +++ b/sources/tech/20190503 Mirror your System Drive using Software RAID.md @@ -1,5 +1,5 @@ [#]: collector: (lujun9972) -[#]: translator: ( ) +[#]: translator: (lixin555) [#]: reviewer: ( ) [#]: publisher: ( ) [#]: url: ( ) @@ -272,7 +272,7 @@ via: https://fedoramagazine.org/mirror-your-system-drive-using-software-raid/ 作者:[Gregory Bartholomew][a] 选题:[lujun9972][b] -译者:[译者ID](https://github.com/译者ID) +译者:[lixin555](https://github.com/lixin555) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 From 06071a54cfe5dcd1a56a8441626d537903ee70eb Mon Sep 17 00:00:00 2001 From: DarkSun Date: Wed, 29 Jan 2020 00:57:16 +0800 Subject: [PATCH 5/7] =?UTF-8?q?=E9=80=89=E9=A2=98:=2020200129=20Ansible=20?= =?UTF-8?q?Playbooks=20Quick=20Start=20Guide=20with=20Examples?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit sources/tech/20200129 Ansible Playbooks Quick Start Guide with Examples.md --- ...aybooks Quick Start Guide with Examples.md | 349 ++++++++++++++++++ 1 file changed, 349 insertions(+) create mode 100644 sources/tech/20200129 Ansible Playbooks Quick Start Guide with Examples.md diff --git a/sources/tech/20200129 Ansible Playbooks Quick Start Guide with Examples.md b/sources/tech/20200129 Ansible Playbooks Quick Start Guide with Examples.md new file mode 100644 index 0000000000..93b17b0fd3 --- /dev/null +++ b/sources/tech/20200129 Ansible Playbooks Quick Start Guide with Examples.md @@ -0,0 +1,349 @@ +[#]: collector: (lujun9972) +[#]: translator: ( ) +[#]: reviewer: ( ) +[#]: publisher: ( ) +[#]: url: ( ) +[#]: subject: (Ansible Playbooks Quick Start Guide with Examples) +[#]: via: (https://www.2daygeek.com/ansible-playbooks-quick-start-guide-with-examples/) +[#]: author: (Magesh Maruthamuthu https://www.2daygeek.com/author/magesh/) + +Ansible Playbooks Quick Start Guide with Examples +====== + +We have already written two articles about Ansible, this is the third article. + +If you are new to Ansible, I advise you to read the two topics below, which will teach you the basics of Ansible and what it is. + + * **Part-1: [How to Install and Configure Ansible on Linux][1]** + * **Part-2: [Ansible ad-hoc Command Quick Start Guide][2]** + + + +If you have finished them, you will feel the continuity as you read this article. + +### What is the Ansible Playbook? + +Playbooks are much more powerful and completely different way than ad-hoc command mode. + +It uses the **“/usr/bin/ansible-playbook”** binary. It provides rich features to make complex task easier. + +Playbooks are very useful if you want to run a task often. + +Also, this is useful if you want to perform multiple tasks at the same time on the group of server. + +Playbooks are written in YAML language. YAML stands for Ain’t Markup Language, which is easier for humans to read and write than other common data formats such as XML or JSON. + +The Ansible Playbook Flow Chart below will tell you its detailed structure. + +![][3] + +### Understanding the Ansible Playbooks Terminology + + * **Control Node:** The machine where Ansible is installed. It is responsible for managing client nodes. + * **Managed Nodes:** List of hosts managed by the control node + * **Playbook:** A Playbook file contains a set of procedures used to automate a task. + * **Inventory:** The inventory file contains information about the servers you manage. + * **Task:** Each play has multiple tasks, tasks that are executed one by one against a given machine (it a host or multiple host or a group of host). + * **Module:** Modules are a unit of code that is used to gather information from the client node. + * **Role:** Roles are ways to automatically load some vars_files, tasks, and handlers based on known file structure. + * **Play:** Each playbook has multiple plays, and a play is the implementation of a particular automation from beginning to end. + * **Handlers:** This helps you reduce any service restart in a play. Lists of handler tasks are not really different from regular tasks, and changes are notified by notifiers. If the handler does not receive any notification, it will not work. + + + +### How Does the Basic Playbook looks Like? + +Here’s how the basic playbook looks. + +``` +--- [YAML file should begin with a three dash] +- name: [Description about a script] + hosts: group [Add a host or host group] + become: true [It requires if you want to run a task as a root user] + tasks: [What action do you want to perform under task] + - name: [Enter the module options] + module: [Enter a module, which you want to perform] + module_options-1: value [Enter the module options] + module_options-2: value + . + module_options-N: value +``` + +### How to Understand Ansible Output + +The Ansible Playbook output comes with 4 colors, see below for color definitions. + + * **Green:** **ok –** If that is correct, the associated task data already exists and configured as needed. + * **Yellow: changed –** Specific data has updated or modified according to the needs of the tasks. + * **Red: FAILED –** If there is any problem while doing a task, it returns a failure message, it may be anything and you need to fix it accordingly. + * **White:** It comes with multiple parameters + + + +To do so, create a playbook directory to keep them all in one place. + +``` +$ sudo mkdir /etc/ansible/playbooks +``` + +### Playbook-1: Ansible Playbook to Install Apache Web Server on RHEL Based Systems + +This sample playbook allows you to install the Apache web server on a given target node. + +``` +$ sudo nano /etc/ansible/playbooks/apache.yml + +--- +- hosts: web + become: yes + name: "Install and Configure Apache Web server" + tasks: + - name: "Install Apache Web Server" + yum: + name: httpd + state: latest + - name: "Ensure Apache Web Server is Running" + service: + name: httpd + state: started +``` + +``` +$ ansible-playbook apache1.yml +``` + +![][3] + +### How to Understand Playbook Execution in Ansible + +To check the syntax error, run the following command. If it finds no error, it only shows the given file name. If it detects any error, you will get an error as follows, but the contents may differ based on your input file. + +``` +$ ansible-playbook apache1.yml --syntax-check + +ERROR! Syntax Error while loading YAML. + found a tab character that violate indentation +The error appears to be in '/etc/ansible/playbooks/apache1.yml': line 10, column 1, but may +be elsewhere in the file depending on the exact syntax problem. +The offending line appears to be: + state: latest +^ here +There appears to be a tab character at the start of the line. + +YAML does not use tabs for formatting. Tabs should be replaced with spaces. +For example: + - name: update tooling + vars: + version: 1.2.3 +# ^--- there is a tab there. +Should be written as: + - name: update tooling + vars: + version: 1.2.3 +# ^--- all spaces here. +``` + +Alternatively, you can check your ansible-playbook content from online using the following url @ [YAML Lint][4] + +Run the following command to perform a **“Dry Run”**. When you run a ansible-playbook with the **“–check”** option, it does not make any changes to the remote machine. Instead, it will tell you what changes they have made rather than create them. + +``` +$ ansible-playbook apache.yml --check + +PLAY [Install and Configure Apache Webserver] ******************************************************************** + +TASK [Gathering Facts] ******************************************************************************************* +ok: [node2.2g.lab] +ok: [node1.2g.lab] + +TASK [Install Apache Web Server] ********************************************************************************* +changed: [node2.2g.lab] +changed: [node1.2g.lab] + +TASK [Ensure Apache Web Server is Running] *********************************************************************** +changed: [node1.2g.lab] +changed: [node2.2g.lab] + +PLAY RECAP ******************************************************************************************************* +node1.2g.lab : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 +node2.2g.lab : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 +``` + +If you want detailed information about your ansible playbook implementation, use the **“-vv”** verbose option. It shows what it really does to gather this information. + +``` +$ ansible-playbook apache.yml --check -vv + +ansible-playbook 2.9.2 + config file = /etc/ansible/ansible.cfg + configured module search path = ['/home/daygeek/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] + ansible python module location = /usr/lib/python3.8/site-packages/ansible + executable location = /usr/bin/ansible-playbook + python version = 3.8.1 (default, Jan 8 2020, 23:09:20) [GCC 9.2.0] +Using /etc/ansible/ansible.cfg as config file + +PLAYBOOK: apache.yml ***************************************************************************************************** +1 plays in apache.yml + +PLAY [Install and Configure Apache Webserver] **************************************************************************** + +TASK [Gathering Facts] *************************************************************************************************** +task path: /etc/ansible/playbooks/apache.yml:2 +ok: [node2.2g.lab] +ok: [node1.2g.lab] +META: ran handlers + +TASK [Install Apache Web Server] ***************************************************************************************** +task path: /etc/ansible/playbooks/apache.yml:6 +changed: [node2.2g.lab] => {"changed": true, "msg": "Check mode: No changes made, but would have if not in check mod +e", "rc": 0, "results": ["Installed: httpd"]} +changed: [node1.2g.lab] => {"changed": true, "changes": {"installed": ["httpd"], "updated": []}, "msg": "", "obsolet +es": {"urw-fonts": {"dist": "noarch", "repo": "@anaconda", "version": "2.4-16.el7"}}, "rc": 0, "results": []} + +TASK [Ensure Apache Web Server is Running] ******************************************************************************* +task path: /etc/ansible/playbooks/apache.yml:10 +changed: [node1.2g.lab] => {"changed": true, "msg": "Service httpd not found on host, assuming it will exist on full run"} +changed: [node2.2g.lab] => {"changed": true, "msg": "Service httpd not found on host, assuming it will exist on full run"} +META: ran handlers +META: ran handlers + +PLAY RECAP *************************************************************************************************************** +node1.2g.lab : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 +node2.2g.lab : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 +``` + +### Playbook-2: Ansible Playbook to Install Apache Web Server on Ubuntu Based Systems + +This sample playbook allows you to install the Apache web server on a given target node. + +``` +$ sudo nano /etc/ansible/playbooks/apache-ubuntu.yml + +--- +- hosts: web + become: yes + name: "Install and Configure Apache Web Server" + tasks: + - name: "Install Apache Web Server" + yum: + name: apache2 + state: latest + + - name: "Start the Apache Web Server" + service: + name: apaceh2 + state: started + + - name: "Enable mod_rewrite module" + apache2_module: + name: rewrite + state: present + + notify: + - start apache + + handlers: + - name: "Ensure Apache Web Server is Running" + service: + name: apache2 + state: restarted + enabled: yes +``` + +### Playbook-3: Ansible Playbook to Install a List of Packages on Red Hat Based Systems + +This sample playbook allows you to install a list of packages on a given target node. + +**Method-1:** + +``` +$ sudo nano /etc/ansible/playbooks/packages-redhat.yml + +--- +- hosts: web + become: yes + name: "Install a List of Packages on Red Hat Based System" + tasks: + - name: "Installing a list of packages" + yum: + name: + - curl + - httpd + - nano + - htop +``` + +**Method-2:** + +``` +$ sudo nano /etc/ansible/playbooks/packages-redhat-1.yml + +--- +- hosts: web + become: yes + name: "Install a List of Packages on Red Hat Based System" + tasks: + - name: "Installing a list of packages" + yum: name={{ item }} state=latest + with_items: + - curl + - httpd + - nano + - htop +``` + +**Method-3: Using Array Variable** + +``` +$ sudo nano /etc/ansible/playbooks/packages-redhat-2.yml + +--- +- hosts: web + become: yes + name: "Install a List of Packages on Red Hat Based System" + vars: + packages: [ 'curl', 'git', 'htop' ] + tasks: + - name: Install a list of packages + yum: name={{ item }} state=latest + with_items: "{{ packages }}" +``` + +### Playbook-4: Ansible Playbook to Install Updates on Linux Systems + +This sample playbook allows you to install updates on your Linux systems, running Red Hat and Debian-based client nodes. + +``` +$ sudo nano /etc/ansible/playbooks/security-update.yml + +--- +- hosts: web + become: yes + name: "Install Security Update" + tasks: + - name: "Installing Security Update on Red Hat Based System" + yum: name=* update_cache=yes security=yes state=latest + when: ansible_facts['distribution'] == "CentOS" + + - name: "Installing Security Update on Ubuntu Based System" + apt: upgrade=dist update_cache=yes + when: ansible_facts['distribution'] == "Ubuntu" +``` + +-------------------------------------------------------------------------------- + +via: https://www.2daygeek.com/ansible-playbooks-quick-start-guide-with-examples/ + +作者:[Magesh Maruthamuthu][a] +选题:[lujun9972][b] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://www.2daygeek.com/author/magesh/ +[b]: https://github.com/lujun9972 +[1]: https://www.2daygeek.com/install-configure-ansible-automation-tool-linux-quick-start-guide/ +[2]: https://www.2daygeek.com/ansible-ad-hoc-command-quick-start-guide-with-examples/ +[3]: data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7 +[4]: http://www.yamllint.com/ From 475869c5a8f6af61dd6288f28f83ba5206cc72bc Mon Sep 17 00:00:00 2001 From: DarkSun Date: Wed, 29 Jan 2020 00:57:58 +0800 Subject: [PATCH 6/7] =?UTF-8?q?=E9=80=89=E9=A2=98:=2020200127=20Build=20yo?= =?UTF-8?q?ur=20own=20cloud=20with=20Fedora=2031=20and=20Nextcloud=20Serve?= =?UTF-8?q?r?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit sources/tech/20200127 Build your own cloud with Fedora 31 and Nextcloud Server.md --- ...oud with Fedora 31 and Nextcloud Server.md | 226 ++++++++++++++++++ 1 file changed, 226 insertions(+) create mode 100644 sources/tech/20200127 Build your own cloud with Fedora 31 and Nextcloud Server.md diff --git a/sources/tech/20200127 Build your own cloud with Fedora 31 and Nextcloud Server.md b/sources/tech/20200127 Build your own cloud with Fedora 31 and Nextcloud Server.md new file mode 100644 index 0000000000..69b8ad9e06 --- /dev/null +++ b/sources/tech/20200127 Build your own cloud with Fedora 31 and Nextcloud Server.md @@ -0,0 +1,226 @@ +[#]: collector: (lujun9972) +[#]: translator: ( ) +[#]: reviewer: ( ) +[#]: publisher: ( ) +[#]: url: ( ) +[#]: subject: (Build your own cloud with Fedora 31 and Nextcloud Server) +[#]: via: (https://fedoramagazine.org/build-your-own-cloud-with-fedora-31-and-nextcloud-server/) +[#]: author: (storyteller https://fedoramagazine.org/author/storyteller/) + +Build your own cloud with Fedora 31 and Nextcloud Server +====== + +![][1] + +[Nextcloud][2] is a software suite for storing and syncing your data across multiple devices. You can learn more about Nextcloud Server’s features from [https://github.com/nextcloud/server][3]. + +This article demonstrates how to build a personal cloud using Fedora and Nextcloud in a few simple steps. For this tutorial you will need a dedicated computer or a virtual machine running Fedora 31 server edition and an internet connection. + +### Step 1: Install the prerequisites + +Before installing and configuring Nextcloud, a few prerequisites must be satisfied. + +First, install Apache web server: + +``` +# dnf install httpd +``` + +Next, install PHP and some additional modules. Make sure that the PHP version being installed meets [Nextcloud’s requirements][4]: + +``` +# dnf install php php-gd php-mbstring php-intl php-pecl-apcu php-mysqlnd php-pecl-redis php-opcache php-imagick php-zip php-process +``` + +After PHP is installed enable and start the Apache web server: + +``` +# systemctl enable --now httpd +``` + +Next, allow _HTTP_ traffic through the firewall: + +``` +# firewall-cmd --permanent --add-service=http +# firewall-cmd --reload +``` + +Next, install the MariaDB server and client: + +``` +# dnf install mariadb mariadb-server +``` + +Then enable and start the MariaDB server: + +``` +# systemctl enable --now mariadb +``` + +Now that MariaDB is running on your server, you can run the _mysql_secure_installation_ command to secure it: + +``` +# mysql_secure_installation + +NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL + MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP + CAREFULLY! + +In order to log into MariaDB to secure it, we'll need the +current password for the root user. If you've just installed +MariaDB, and you haven't set the root password yet, the password +will be blank, so you should just press enter here. + +Enter current password for root (enter for none): +OK, successfully used password, moving on... + +Setting the root password ensures that nobody can log into +the MariaDB root user without the proper authorization. + +Set root password? [Y/n] +New password: Your_Password_Here +Re-enter new password: Your_Password_Here + +Password updated successfully! + +Reloading privilege tables... + ... Success! + +By default, a MariaDB installation has an anonymous user, +allowing anyone to log into MariaDB without having to have +a user account created for them. This is intended only for +testing, and to make the installation go a bit smoother. You +should remove them before moving into a production environment. + +Remove anonymous users? [Y/n] + ... Success! + +Normally, root should only be allowed to connect from +'localhost'. This ensures that someone cannot guess at the +root password from the network. + +Disallow root login remotely? [Y/n] + ... Success! + +By default, MariaDB comes with a database named 'test' that +anyone can access. This is also intended only for testing, and +should be removed before moving into a production environment. + +Remove test database and access to it? [Y/n] + + - Dropping test database... + ... Success! + + - Removing privileges on test database... + ... Success! + +Reloading the privilege tables will ensure that all changes +made so far will take effect immediately. + +Reload privilege tables now? [Y/n] + ... Success! + +Cleaning up... + +All done! If you've completed all of the above steps, your +MariaDB installation should now be secure. + +Thanks for using MariaDB! +``` + +Next, create a dedicated user and database for your Nextcloud instance: + +``` +# mysql -p +> create database nextcloud; +> create user 'nc_admin'@'localhost' identified by 'SeCrEt'; +> grant all privileges on nextcloud.* to 'nc_admin'@'localhost'; +> flush privileges; +> exit; +``` + +### Step 2: Install Nextcloud Server + +Now that the prerequisites for your Nextcloud installation have been satisfied, download and unzip [the Nextcloud archive][5]: + +``` +# wget https://download.nextcloud.com/server/releases/nextcloud-17.0.2.zip +# unzip nextcloud-17.0.2.zip -d /var/www/html/ +``` + +Next, create a data folder and grant Apache read and write access to the _nextcloud_ directory tree: + +``` +# mkdir /var/www/html/nextcloud/data +# chown -R apache:apache /var/www/html/nextcloud +``` + +SELinux must be configured to work with Nextcloud. The basic commands are those bellow, but a lot more, by features used on nexcloud installation, are posted here: [Nextcloud SELinux configuration][6] + +``` +# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/config(/.*)?' +# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/apps(/.*)?' +# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/data(/.*)?' +# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.user.ini' +# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?' +# restorecon -Rv '/var/www/html/nextcloud/' +``` + +### Step 3: Configure N**extclou**d + +Nextcloud can be configured using its web interface or from the command line. + +#### Using the web interface + +From your favorite browser, access __ and fill the fields: + +![][7] + +#### Using the command line + +From the command line, just enter the following, substituting the values you used when you created a dedicated Nextcloud user in MariaDB earlier: + +``` +# sudo -u apache php occ maintenance:install --data-dir /var/www/html/nextcloud/data/ --database "mysql" --database-name "nextcloud" --database-user "nc_admin" --database-pass "DB_SeCuRe_PaSsWoRd" --admin-user "admin" --admin-pass "Admin_SeCuRe_PaSsWoRd" +``` + +### Final Notes + + * I used the _http_ protocol, but Nextcloud also works over _https_. I might write a follow-up about securing Nextcloud in a future article. + * I disabled SELinux, but your server will be more secure if you configure it. + * The recommend PHP memory limit for Nextcloud is 512M. To change it, edit the _memory_limit_ variable in the _/etc/php.ini_ configuration file and restart your _httpd_ service. + * By default, the web interface can only be accessed using the __ URL. If you want to allow access using other domain names, [you can do so by editing the _/var/www/html/nextcloud/config/config.php_ file][8]. The * character can be used to bypass the domain name restriction and allow the use of any URL that resolves to one of your server’s IP addresses. + + + +``` +'trusted_domains' => + array ( + 0 => 'localhost', + 1 => '*', + ), +``` + +_— Updated on January 28th, 2020 to include SELinux configuration —_ + +-------------------------------------------------------------------------------- + +via: https://fedoramagazine.org/build-your-own-cloud-with-fedora-31-and-nextcloud-server/ + +作者:[storyteller][a] +选题:[lujun9972][b] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://fedoramagazine.org/author/storyteller/ +[b]: https://github.com/lujun9972 +[1]: https://fedoramagazine.org/wp-content/uploads/2020/01/nextcloud-1-816x345.png +[2]: https://nextcloud.com/ +[3]: https://github.com/nextcloud/server#nextcloud-server- +[4]: https://docs.nextcloud.com/server/17/admin_manual/installation/system_requirements.html#server +[5]: https://nextcloud.com/install/#instructions-server +[6]: https://docs.nextcloud.com/server/17/admin_manual/installation/selinux_configuration.html +[7]: https://fedoramagazine.org/wp-content/uploads/2019/11/image.png +[8]: https://help.nextcloud.com/t/adding-a-new-trusted-domain/26 From b079c802edfc1ac53d9908a73b598324da20903b Mon Sep 17 00:00:00 2001 From: DarkSun Date: Wed, 29 Jan 2020 00:59:24 +0800 Subject: [PATCH 7/7] =?UTF-8?q?=E9=80=89=E9=A2=98:=2020200127=20Building?= =?UTF-8?q?=20Zero=20Trust=20authentication=20for=20multi-cloud=20applicat?= =?UTF-8?q?ion=20services?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit sources/tech/20200127 Building Zero Trust authentication for multi-cloud application services.md --- ...on for multi-cloud application services.md | 69 +++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 sources/tech/20200127 Building Zero Trust authentication for multi-cloud application services.md diff --git a/sources/tech/20200127 Building Zero Trust authentication for multi-cloud application services.md b/sources/tech/20200127 Building Zero Trust authentication for multi-cloud application services.md new file mode 100644 index 0000000000..009b39108f --- /dev/null +++ b/sources/tech/20200127 Building Zero Trust authentication for multi-cloud application services.md @@ -0,0 +1,69 @@ +[#]: collector: (lujun9972) +[#]: translator: ( ) +[#]: reviewer: ( ) +[#]: publisher: ( ) +[#]: url: ( ) +[#]: subject: (Building Zero Trust authentication for multi-cloud application services) +[#]: via: (https://www.linux.com/articles/building-zero-trust-authentication-for-multi-cloud-application-services/) +[#]: author: (Swapnil Bhartiya https://www.linux.com/author/swapnil/) + +Building Zero Trust authentication for multi-cloud application services +====== + +[![][1]][2] + +[![][1]][2] + +One of the fundamental challenges organizations have about multi-cloud and hybrid cloud environments, is how to easily establish secure communication across different clouds and environments. Cloud providers have their own identity and access management solutions, such as AWS IAM, to manage what access an instance should and should not have. But as soon as the applications or services  need to communicate from AWS to GCP or from AWS to their on-prem infrastructure, it becomes a challenge because it’s AWS-specific and not interoperable. Engineering and operations teams need something secure that could work across environments and at the same time should not add any friction to the deployment cycles + +This is the problem [Scytale][3], a is trying to address with Secure Production Identity Framework for Everyone ([SPIFFE][4]) and SPIFFE Runtime Environment ([SPIRE][5]). Both of these open-source  projects originated at Scytale but now are part of  the Cloud Native Computing Foundation (CNCF). These projects have grown in popularity within the cloud native community and have seen contributions from organizations such as Amazon, Bloomberg, Google, Pinterest, Square , Uber and more. + +“Scytale is the primary driver of these projects that offer ‘interoperable identity’ between different cloud providers and different platforms,” Evan Gilman, Senior Engineer at Scytale.io and co-author of _[Zero Trust Networks][6]_. “From the commercial angle, we have built solutions to help organizations adopt these projects faster and  extend their functionalities to address the needs of enterprise customers .” + +**Vendor and technology neutral identity solution** +The passport analogy best explains interoperable identity. Passports from different countries all look different, but they all have the same size and meet the same specifications. They all have a picture of the passport holder at the same spot, they all have a barcode at the bottom. Regardless of what country issued the passport, it works across the globe. + +A “country” can be a particular software stack, platform, or a cloud provider. Regardless of the environment, the identities that exist within and between those silos can communicate. + +Interoperable identity becomes even more critical in the multi-cloud and hybrid cloud deployments, as they raise this fundamental challenge of how users secure communication across those boundaries. + +“We are bringing in a platform-agnostic service identity that is not specific to a cloud provider, platform, and technology,” said Gilman. It levels the playing field and allows users to talk across boundaries. Users won’t talk in AWS or GCP specifics; they communicate on the SPIFFE level. “SPIFFE provides users with what is sometimes referred to as a secure dial tone: you pick up the phone, it rings the other side irrespective of where it’s running and what platform it’s running on,” added Gilman. + +**SPIFFE based service** authentication **foundational for zero trust networks** +SPIFFE is a standard, a set of documents whereas SPIRE is the software implementation of that standard. SPIRE implements the SPIFFE specifications and enables workloads or services to get these “passports” as soon as they boot, in a way that is very reliable, scalable, and highly automated. This identity centric authentication is also critical for building a zero trust-based security model  , which removes reliance on networks to deliver trustworthy information. + +“Networks have been historically fairly manipulable. So instead we build systems in such a way that it doesn’t rely on that network to deliver trustworthy information,” said Gilman, “We use protocols and strong authentication and authorization to try to mitigate any kind of business that might happen on the wire. It also mitigates what we call lateral movement. So if a neighbor is compromised, just because you’re attached to the same network, that should not mean that you should gain access that you would not have otherwise.” + +Gilman explains, “Part of the SPIFFE specification set deals with what we call ‘federation’. There is usually a centralized authority that issues these identities. In reality, there are different companies that have their own authorities. Even different software stacks have their own authorities. There is a need to bridge these gaps.” + +That’s where the SPIFFE Federation enters the picture. It swaps these cryptographic keys between different domains. It allows users with different identity providers to communicate effortlessly. + +One key design principle of the SPIFFE Federation is that it is compatible with OIDC, which is a similar identity federation spec, but is more focused around users. It allows for server-to-server and service-to-service communication. Any existing OIDC can take advantage of it and pass one of its SPIFFE identity documents to a public cloud like AWS, which will be able to validate it using this OIDC SPIFFE Federation mechanism. + +While SPIFFE as a specification doesn’t change, SPIRE has a monthly release cadence. It continues to add new features on a regular basis. + +The latest release introduced integration with the AWS Private CA Manager, which means that SPIRE deployments living inside AWS can use it to protect the sign-in keys for identities. These identities are cryptographically backed so there is a key that is used to sign these identities. One of the biggest challenges is to secure these sign-in keys. Being able to bury that key inside the AWS service, which is backed by hardware protection, is an incredible feature. + +The community is also working on a feature called Nested SPIRE, which allows users to have multiple SPIRE server clusters that form a tree and chain up to each other. + +Together, these new features give a lot of flexibility in terms of architecting for failure modes and failure domains, and architecting around different security domains. + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/articles/building-zero-trust-authentication-for-multi-cloud-application-services/ + +作者:[Swapnil Bhartiya][a] +选题:[lujun9972][b] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://www.linux.com/author/swapnil/ +[b]: https://github.com/lujun9972 +[1]: https://www.linux.com/wp-content/uploads/2020/01/buffer-1143485_1920-1068x638.jpg (passport) +[2]: https://www.linux.com/wp-content/uploads/2020/01/buffer-1143485_1920.jpg +[3]: https://scytale.io/ +[4]: https://spiffe.io/ +[5]: https://spiffe.io/spire/ +[6]: https://www.amazon.com/Zero-Trust-Networks-Building-Untrusted/dp/1491962194