mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-03-03 01:10:13 +08:00
Merge remote-tracking branch 'LCTT/master'
This commit is contained in:
commit
ab4a9d320c
@ -0,0 +1,73 @@
|
||||
[#]: collector: (lujun9972)
|
||||
[#]: translator: ( )
|
||||
[#]: reviewer: ( )
|
||||
[#]: publisher: ( )
|
||||
[#]: url: ( )
|
||||
[#]: subject: (Report: Smart-city IoT isn’t smart enough yet)
|
||||
[#]: via: (https://www.networkworld.com/article/3411561/report-smart-city-iot-isnt-smart-enough-yet.html)
|
||||
[#]: author: (Jon Gold https://www.networkworld.com/author/Jon-Gold/)
|
||||
|
||||
Report: Smart-city IoT isn’t smart enough yet
|
||||
======
|
||||
A report from Forrester Research details vulnerabilities affecting smart-city internet of things (IoT) infrastructure and offers some methods of mitigation.
|
||||
![Aleksandr Durnov / Getty Images][1]
|
||||
|
||||
Security arrangements for smart-city IoT technology around the world are in an alarming state of disrepair, according to a report from Forrester Research that argues serious changes are needed in order to avoid widespread compromises.
|
||||
|
||||
Much of what’s wrong has to do with a lack of understanding on the part of the people in charge of those systems and a failure to follow well-known security best practices, like centralized management, network visibility and limiting attack-surfaces.
|
||||
|
||||
**More on IoT:**
|
||||
|
||||
* [What is the IoT? How the internet of things works][2]
|
||||
* [What is edge computing and how it’s changing the network][3]
|
||||
* [Most powerful Internet of Things companies][4]
|
||||
* [10 Hot IoT startups to watch][5]
|
||||
* [The 6 ways to make money in IoT][6]
|
||||
* [What is digital twin technology? [and why it matters]][7]
|
||||
* [Blockchain, service-centric networking key to IoT success][8]
|
||||
* [Getting grounded in IoT networking and security][9]
|
||||
* [Building IoT-ready networks must become a priority][10]
|
||||
* [What is the Industrial IoT? [And why the stakes are so high]][11]
|
||||
|
||||
|
||||
|
||||
Those all pose stiff challenges, according to “Making Smart Cities Safe And Secure,” the Forrester report by Merritt Maxim and Salvatore Schiano. The attack surface for a smart city is, by default, enormous, given the volume of Internet-connected hardware involved. Some device, somewhere, is likely to be vulnerable, and with the devices geographically spread out it’s difficult to secure all types of access to them.
|
||||
|
||||
Worse still, some legacy systems can be downright impossible to manage and update in a safe way. Older technology often contains no provision for live updates, and its vulnerabilities can be severe, according to the report. Physical access to some types of devices also remains a serious challenge. The report gives the example of wastewater treatment plants in remote locations in Australia, which were sabotaged by a contractor who accessed the SCADA systems directly.
|
||||
|
||||
In addition to the risk of compromised control systems, the generalized insecurity of smart city IoT makes the vast amounts of data that it generates highly suspect. Improperly configured devices could collect more information than they’re supposed to, including personally identifiable information, which could violate privacy regulations. Also, the data collected is analyzed to glean useful information about such things as parking patterns, water flow and electricity use, and inaccurate or compromised information can badly undercut the value of smart city technology to a given user.
|
||||
|
||||
“Security teams are just gaining maturity in the IT environment with the necessity for data inventory, classification, and flow mapping, together with thorough risk and privacy impact assessments, to drive appropriate protection,” the report says. “In OT environments, they’re even further behind.”
|
||||
|
||||
Yet, despite the fact that IoT planning and implementation doubled between 2017 and 2018, according to Forrester’s data, comparatively little work has been done on the security front. The report lists 13 cyberattacks on smart-city technology between 2014 and 2019 that had serious consequences, including widespread electricity outages, ransomware infections on hospital computers and emergency-service interruptions.
|
||||
|
||||
Still, there are ways forward, according to Forrester. Careful log monitoring can keep administrators abreast of what’s normal and what’s suspicious on their networks. Asset mapping and centralizing control-plane functionality should make it much more difficult for bad actors to insert malicious devices into a smart-city network or take control of less-secure items. And intelligent alerting – the kind that provides contextual information, differentiating between “this system just got rained on and has poor connectivity” and “someone is tampering with this system” – should help cities be more responsive to security threats when they arise.
|
||||
|
||||
Join the Network World communities on [Facebook][12] and [LinkedIn][13] to comment on topics that are top of mind.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://www.networkworld.com/article/3411561/report-smart-city-iot-isnt-smart-enough-yet.html
|
||||
|
||||
作者:[Jon Gold][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://www.networkworld.com/author/Jon-Gold/
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://images.idgesg.net/images/article/2019/02/smart_city_smart_cities_iot_internet_of_things_by_aleksandr_durnov_gettyimages-971455374_2400x1600-100788363-large.jpg
|
||||
[2]: https://www.networkworld.com/article/3207535/internet-of-things/what-is-the-iot-how-the-internet-of-things-works.html
|
||||
[3]: https://www.networkworld.com/article/3224893/internet-of-things/what-is-edge-computing-and-how-it-s-changing-the-network.html
|
||||
[4]: https://www.networkworld.com/article/2287045/internet-of-things/wireless-153629-10-most-powerful-internet-of-things-companies.html
|
||||
[5]: https://www.networkworld.com/article/3270961/internet-of-things/10-hot-iot-startups-to-watch.html
|
||||
[6]: https://www.networkworld.com/article/3279346/internet-of-things/the-6-ways-to-make-money-in-iot.html
|
||||
[7]: https://www.networkworld.com/article/3280225/internet-of-things/what-is-digital-twin-technology-and-why-it-matters.html
|
||||
[8]: https://www.networkworld.com/article/3276313/internet-of-things/blockchain-service-centric-networking-key-to-iot-success.html
|
||||
[9]: https://www.networkworld.com/article/3269736/internet-of-things/getting-grounded-in-iot-networking-and-security.html
|
||||
[10]: https://www.networkworld.com/article/3276304/internet-of-things/building-iot-ready-networks-must-become-a-priority.html
|
||||
[11]: https://www.networkworld.com/article/3243928/internet-of-things/what-is-the-industrial-iot-and-why-the-stakes-are-so-high.html
|
||||
[12]: https://www.facebook.com/NetworkWorld/
|
||||
[13]: https://www.linkedin.com/company/network-world
|
@ -1,169 +0,0 @@
|
||||
[#]: collector: (lujun9972)
|
||||
[#]: translator: (geekpi)
|
||||
[#]: reviewer: ( )
|
||||
[#]: publisher: ( )
|
||||
[#]: url: ( )
|
||||
[#]: subject: (How to run virtual machines with virt-manager)
|
||||
[#]: via: (https://fedoramagazine.org/full-virtualization-system-on-fedora-workstation-30/)
|
||||
[#]: author: (Marco Sarti https://fedoramagazine.org/author/msarti/)
|
||||
|
||||
How to run virtual machines with virt-manager
|
||||
======
|
||||
|
||||
![][1]
|
||||
|
||||
In the beginning there was dual boot, it was the only way to have more than one operating system on the same laptop. At the time, it was difficult for these operating systems to be run simultaneously or interact with each other. Many years passed before it was possible, on common PCs, to run an operating system inside another through virtualization.
|
||||
|
||||
Recent PCs or laptops, including moderately-priced ones, have the hardware features to run virtual machines with performance close to the physical host machine.
|
||||
|
||||
Virtualization has therefore become normal, to test operating systems, as a playground for learning new techniques, to create your own home cloud, to create your own test environment and much more. This article walks you through using Virt Manager on Fedora to setup virtual machines.
|
||||
|
||||
### Introducing QEMU/KVM and Libvirt
|
||||
|
||||
Fedora, like all other Linux systems, comes with native support for virtualization extensions. This support is given by KVM (Kernel based Virtual Machine) currently available as a kernel module.
|
||||
|
||||
QEMU is a complete system emulator that works together with KVM and allows you to create virtual machines with hardware and peripherals.
|
||||
|
||||
Finally [libvirt][2] is the API layer that allows you to administer the infrastructure, ie create and run virtual machines.
|
||||
|
||||
The set of these three technologies, all open source, is what we’re going to install on our Fedora Workstation.
|
||||
|
||||
### Installation
|
||||
|
||||
#### Step 1: install packages
|
||||
|
||||
Installation is a fairly simple operation. The Fedora repository provides the “virtualization” package group that contains everything you need.
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
sudo dnf install @virtualization
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
#### Step 2: edit the libvirtd configuration
|
||||
|
||||
By default the system administration is limited to the root user, if you want to enable a regular user you have to proceed as follows.
|
||||
|
||||
Open the /etc/libvirt/libvirtd.conf file for editing
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
sudo vi /etc/libvirt/libvirtd.conf
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
Set the domain socket group ownership to libvirt
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
unix_sock_group = "libvirt"
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
Adjust the UNIX socket permissions for the R/W socket
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
unix_sock_rw_perms = "0770"
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
#### Step 3: start and enable the libvirtd service
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
sudo systemctl start libvirtd
|
||||
sudo systemctl enable libvirtd
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
#### Step 4: add user to group
|
||||
|
||||
In order to administer libvirt with the regular user you must add the user to the libvirt group, otherwise every time you start virtual-manager you will be asked for the password for sudo.
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
sudo usermod -a -G libvirt $(whoami)
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
This adds the current user to the group. You must log out and log in to apply the changes.
|
||||
|
||||
### Getting started with virt-manager
|
||||
|
||||
The libvirt system can be managed either from the command line (virsh) or via the virt-manager graphical interface. The command line can be very useful if you want to do automated provisioning of virtual machines, for example with [Ansible][3], but in this article we will concentrate on the user-friendly graphical interface.
|
||||
|
||||
The virt-manager interface is simple. The main form shows the list of connections including the local system connection.
|
||||
|
||||
The connection settings include virtual networks and storage definition. it is possible to define multiple virtual networks and these networks can be used to communicate between guest systems and between the guest systems and the host.
|
||||
|
||||
### Creating your first virtual machine
|
||||
|
||||
To start creating a new virtual machine, press the button at the top left of the main form:
|
||||
|
||||
![][4]
|
||||
|
||||
The first step of the wizard requires the installation mode. You can choose between a local installation media, network boot / installation or an existing virtual disk import:
|
||||
|
||||
![][5]
|
||||
|
||||
Choosing the local installation media the next step will require the ISO image path:
|
||||
|
||||
![ ][6]
|
||||
|
||||
The subsequent two steps will allow you to size the CPU, memory and disk of the new virtual machine. The last step will ask you to choose network preferences: choose the default network if you want the virtual machine to be separated from the outside world by a NAT, or bridged if you want it to be reachable from the outside. Note that if you choose bridged the virtual machine cannot communicate with the host machine.
|
||||
|
||||
Check “Customize configuration before install” if you want to review or change the configuration before starting the setup:
|
||||
|
||||
![][7]
|
||||
|
||||
The virtual machine configuration form allows you to review and modify the hardware configuration. You can add disks, network interfaces, change boot options and so on. Press “Begin installation” when satisfied:
|
||||
|
||||
![][8]
|
||||
|
||||
At this point you will be redirected to the console where to proceed with the installation of the operating system. Once the operation is complete, you will have the working virtual machine that you can access from the console:
|
||||
|
||||
![][9]
|
||||
|
||||
The virtual machine just created will appear in the list of the main form, where you will also have a graph of the CPU and memory occupation:
|
||||
|
||||
![][10]
|
||||
|
||||
libvirt and virt-manager is a powerful tool that allows great customization to your virtual machines with enterprise level management. If something even simpler is desired, note that Fedora Workstation comes with [GNOME Boxes pre-installed and can be sufficient for basic virtualization needs][11].
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://fedoramagazine.org/full-virtualization-system-on-fedora-workstation-30/
|
||||
|
||||
作者:[Marco Sarti][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://fedoramagazine.org/author/msarti/
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://fedoramagazine.org/wp-content/uploads/2019/07/virt-manager-816x346.jpg
|
||||
[2]: https://libvirt.org/
|
||||
[3]: https://fedoramagazine.org/get-the-latest-ansible-2-8-in-fedora/
|
||||
[4]: https://fedoramagazine.org/wp-content/uploads/2019/07/Screenshot-from-2019-07-14-09-41-45.png
|
||||
[5]: https://fedoramagazine.org/wp-content/uploads/2019/07/Screenshot-from-2019-07-14-09-30-53.png
|
||||
[6]: https://fedoramagazine.org/wp-content/uploads/2019/07/Screenshot-from-2019-07-14-10-42-39.png
|
||||
[7]: https://fedoramagazine.org/wp-content/uploads/2019/07/Screenshot-from-2019-07-14-10-43-21.png
|
||||
[8]: https://fedoramagazine.org/wp-content/uploads/2019/07/Screenshot-from-2019-07-14-10-44-58.png
|
||||
[9]: https://fedoramagazine.org/wp-content/uploads/2019/07/Screenshot-from-2019-07-14-10-55-35.png
|
||||
[10]: https://fedoramagazine.org/wp-content/uploads/2019/07/Screenshot-from-2019-07-14-11-09-22.png
|
||||
[11]: https://fedoramagazine.org/getting-started-with-virtualization-in-gnome-boxes/
|
@ -1,5 +1,5 @@
|
||||
[#]: collector: (lujun9972)
|
||||
[#]: translator: ( )
|
||||
[#]: translator: (geekpi)
|
||||
[#]: reviewer: ( )
|
||||
[#]: publisher: ( )
|
||||
[#]: url: ( )
|
||||
|
@ -0,0 +1,126 @@
|
||||
[#]: collector: (lujun9972)
|
||||
[#]: translator: ( )
|
||||
[#]: reviewer: ( )
|
||||
[#]: publisher: ( )
|
||||
[#]: url: ( )
|
||||
[#]: subject: (Manage your passwords with Bitwarden and Podman)
|
||||
[#]: via: (https://fedoramagazine.org/manage-your-passwords-with-bitwarden-and-podman/)
|
||||
[#]: author: (Eric Gustavsson https://fedoramagazine.org/author/egustavs/)
|
||||
|
||||
Manage your passwords with Bitwarden and Podman
|
||||
======
|
||||
|
||||
![][1]
|
||||
|
||||
You might have encountered a few advertisements the past year trying to sell you a password manager. Some examples are [LastPass][2], [1Password][3], or [Dashlane][4]. A password manager removes the burden of remembering the passwords for all your websites. No longer do you need to re-use passwords or use easy-to-remember passwords. Instead, you only need to remember one single password that can unlock all your other passwords for you.
|
||||
|
||||
This can make you more secure by having one strong password instead of many weak passwords. You can also sync your passwords across devices if you have a cloud-based password manager like LastPass, 1Password, or Dashlane. Unfortunately, none of these products are open source. Luckily there are open source alternatives available.
|
||||
|
||||
### Open source password managers
|
||||
|
||||
These alternatives include Bitwarden, [LessPass][5], or [KeePass][6]. Bitwarden is [an open source password manager][7] that stores all your passwords encrypted on the server, which works the same way as LastPass, 1Password, or Dashlane. LessPass is a bit different as it focuses on being a stateless password manager. This means it derives passwords based on a master password, the website, and your username rather than storing the passwords encrypted. On the other side of the spectrum there’s KeePass, a file-based password manager with a lot of flexibility with its plugins and applications.
|
||||
|
||||
Each of these three apps has its own downsides. Bitwarden stores everything in one place and is exposed to the web through its API and website interface. LessPass can’t store custom passwords since it’s stateless, so you need to use their derived passwords. KeePass, a file-based password manager, can’t easily sync between devices. You can utilize a cloud-storage provider together with [WebDAV][8] to get around this, but a lot of clients do not support it and you might get file conflicts if devices do not sync correctly.
|
||||
|
||||
This article focuses on Bitwarden.
|
||||
|
||||
### Running an unofficial Bitwarden implementation
|
||||
|
||||
There is a community implementation of the server and its API called [bitwarden_rs][9]. This implementation is fully open source as it can use SQLite or MariaDB/MySQL, instead of the proprietary Microsoft SQL Server that the official server uses.
|
||||
|
||||
It’s important to recognize some differences exist between the official and the unofficial version. For instance, the [official server has been audited by a third-party][10], whereas the unofficial one hasn’t. When it comes to implementations, the unofficial version lacks [email confirmation and support for two-factor authentication using Duo or email codes][11].
|
||||
|
||||
Let’s get started running the server with SELinux in mind. Following the documentation for bitwarden_rs you can construct a Podman command as follows:
|
||||
|
||||
```
|
||||
$ podman run -d \
|
||||
--userns=keep-id \
|
||||
--name bitwarden \
|
||||
-e SIGNUPS_ALLOWED=false \
|
||||
-e ROCKET_PORT=8080 \
|
||||
-v /home/egustavs/Bitwarden/bw-data/:/data/:Z \
|
||||
-p 8080:8080 \
|
||||
bitwardenrs/server:latest
|
||||
```
|
||||
|
||||
This downloads the bitwarden_rs image and runs it in a user container under the user’s namespace. It uses a port above 1024 so that non-root users can bind to it. It also changes the volume’s SELinux context with _:Z_ to prevent permission issues with read-write on _/data_.
|
||||
|
||||
If you host this under a domain, it’s recommended to put this server under a reverse proxy with Apache or Nginx. That way you can use port 80 and 443 which points to the container’s 8080 port without running the container as root.
|
||||
|
||||
### Running under systemd
|
||||
|
||||
With Bitwarden now running, you probably want to keep it that way. Next, create a unit file that keeps the container running, automatically restarts if it doesn’t respond, and starts running after a system restart. Create this file as _/etc/systemd/system/bitwarden.service_:
|
||||
|
||||
```
|
||||
[Unit]
|
||||
Description=Bitwarden Podman container
|
||||
Wants=syslog.service
|
||||
|
||||
[Service]
|
||||
User=egustavs
|
||||
Group=egustavs
|
||||
TimeoutStartSec=0
|
||||
ExecStart=/usr/bin/podman run 'bitwarden'
|
||||
ExecStop=-/usr/bin/podman stop -t 10 'bitwarden'
|
||||
Restart=always
|
||||
RestartSec=30s
|
||||
KillMode=none
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
```
|
||||
|
||||
Now, enable and start it [using][12] _[sudo][12]_:
|
||||
|
||||
```
|
||||
$ sudo systemctl enable bitwarden.service && sudo systemctl start bitwarden.service
|
||||
$ systemctl status bitwarden.service
|
||||
bitwarden.service - Bitwarden Podman container
|
||||
Loaded: loaded (/etc/systemd/system/bitwarden.service; enabled; vendor preset: disabled)
|
||||
Active: active (running) since Tue 2019-07-09 20:23:16 UTC; 1 day 14h ago
|
||||
Main PID: 14861 (podman)
|
||||
Tasks: 44 (limit: 4696)
|
||||
Memory: 463.4M
|
||||
```
|
||||
|
||||
Success! Bitwarden is now running under system and will keep running.
|
||||
|
||||
### Adding LetsEncrypt
|
||||
|
||||
It’s strongly recommended to run your Bitwarden instance through an encrypted channel with something like LetsEncrypt if you have a domain. Certbot is a bot that creates LetsEncrypt certificates for us, and they have a [guide for doing this through Fedora][13].
|
||||
|
||||
After you generate a certificate, you can follow the [bitwarden_rs guide about HTTPS][14]. Just remember to append _:Z_ to the LetsEncrypt volume to handle permissions while not changing the port.
|
||||
|
||||
* * *
|
||||
|
||||
*Photo by _[_CMDR Shane_][15]_ on *[_Unsplash_][16].
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://fedoramagazine.org/manage-your-passwords-with-bitwarden-and-podman/
|
||||
|
||||
作者:[Eric Gustavsson][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://fedoramagazine.org/author/egustavs/
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://fedoramagazine.org/wp-content/uploads/2019/07/bitwarden-816x345.jpg
|
||||
[2]: https://www.lastpass.com
|
||||
[3]: https://1password.com/
|
||||
[4]: https://www.dashlane.com/
|
||||
[5]: https://lesspass.com/
|
||||
[6]: https://keepass.info/
|
||||
[7]: https://bitwarden.com/
|
||||
[8]: https://en.wikipedia.org/wiki/WebDAV
|
||||
[9]: https://github.com/dani-garcia/bitwarden_rs/
|
||||
[10]: https://blog.bitwarden.com/bitwarden-completes-third-party-security-audit-c1cc81b6d33
|
||||
[11]: https://github.com/dani-garcia/bitwarden_rs/wiki#missing-features
|
||||
[12]: https://fedoramagazine.org/howto-use-sudo/
|
||||
[13]: https://certbot.eff.org/instructions
|
||||
[14]: https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-HTTPS
|
||||
[15]: https://unsplash.com/@cmdrshane?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
|
||||
[16]: https://unsplash.com/search/photos/password?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
|
@ -0,0 +1,68 @@
|
||||
[#]: collector: (lujun9972)
|
||||
[#]: translator: ( )
|
||||
[#]: reviewer: ( )
|
||||
[#]: publisher: ( )
|
||||
[#]: url: ( )
|
||||
[#]: subject: (What does it mean to be a sysadmin hero?)
|
||||
[#]: via: (https://opensource.com/article/19/7/sysadmin-heroics-saving-day)
|
||||
[#]: author: (Opensource.com https://opensource.com/users/admin)
|
||||
|
||||
What does it mean to be a sysadmin hero?
|
||||
======
|
||||
Two stories from the community on sysadmin heroics: What does it mean to
|
||||
you?
|
||||
![Open Force superhero characters][1]
|
||||
|
||||
Sysadmins spend a lot of time preventing and fixing problems. There are certainly times when a sysadmin becomes a hero, whether to their team, department, company, or the general public, though the people they "saved" from trouble may never even know.
|
||||
|
||||
Enjoy these two stories from the community on sysadmin heroics. What does it mean to you?
|
||||
|
||||
* * *
|
||||
|
||||
I worked as a system administrator for a contract with the Army National Guard in the early 2000s. I was involved in a project to pilot a new content management system. This system would enable distribution of online educational materials to classrooms across the country. The state of Montana was chosen for the initial pilot and test phase. I traveled to Montana and deployed several servers running Red Hat Linux plus the content management software in their data centers.
|
||||
|
||||
A few days later, I received a call at my regular office from a worried guardsman with urgent news. One of the servers would not boot. Due to the circumstances, there was no way to easily troubleshoot.
|
||||
|
||||
The testing was scheduled to commence the following week, which left little time to get the server back online. A delay in the project would be costly. I needed to solve the problem fast. Fortunately, we had several identical servers in our local data center. I used one of them to reinstall the operating system and applications, and then configured it identically to the problem server back in Montana. I then pulled the hard drive, packed it safely, and overnighted it to the Montana National Guard Armory.
|
||||
|
||||
The guardsman called me the next morning to say he had the replacement drive. I instructed him on how to remove and replace the boot drive. After doing so, he pressed the power button. We waited for several silent seconds before he informed me that he could see lights and hear the sound of drive activity. I began pinging the server and after a few positive responses, I was able to SSH into it. This was a great sign!
|
||||
|
||||
Everyone was relieved that the server was online again so that testing could get underway.
|
||||
|
||||
If you want to know more about this program, [there is an article here][2]. (It takes a really long time to load for some reason, so I saved it as a PDF just in case.)
|
||||
|
||||
—_Alan Formy-Duval_
|
||||
|
||||
* * *
|
||||
|
||||
Humans love good stories. In IT, stories about heroic feats of coding and cabling go back to the first computers and the bugs that lived inside them. They’re all loved. They’re loved more if the audience wasn’t part of the fallout of what created the story.
|
||||
|
||||
Sysadmins tend to be left holding the bag when events turn sour. That fact affords us the often unwanted honor of being cast as the protagonist for one of these stories. Antagonists can be anything from bad weather or dug up cables, to mistyped commands, or simply human error. Because we operate in an industry built around generated conflict and drama, the legendary epics in our industry usually involve sysadmins battling the thoughtless developer. It’s an old trope, but a good one that gets lots of laughs and amazed stares when the stories are told.
|
||||
|
||||
I’ve always been someone who’s loved to share these stories with my peers and friends. The camaraderie and the laughs are important to me. These stories are ice breakers and scene closers when on stage, in a conference room, or just when having a beer with your friends after a hard day. But this year, I’ve begun to think about our storytelling tradition a little differently. The heroes we should be talking about around the water cooler aren’t the sysadmins who fix the problem with a flourish at 3am on Sunday. The true heroes in the industry are the sysadmins who prevent the problem from ever happening at 3pm on a Tuesday.
|
||||
|
||||
When I talk to my customers about building effective solutions, I focus the conversation around two core principles. First, I implore them to not rabbit hole themselves with shiny objects and base their solution around proven, supportable technology. Yes, shiny new tech can provide value in some use cases. But most likely it just adds complexity that drives down stability and maintainability. These factors all work together to ultimately slow down adoption by their end users.
|
||||
|
||||
Platforms that don’t grow are platforms that don’t last. I don’t want to work on a platform that won’t be around for its first upgrade. Violating this principle creates systems that require Herculean efforts to keep alive. No one benefits from that situation, even if you do get a good story out of it.
|
||||
|
||||
The second principle I drive home every time I get a chance is to focus on fundamental knowledge, and understand how the technology we’re implementing actually works. We’ve focused for a long time in our industry on marketing our products as fast to deploy, and easy to manage, but that’s almost always a thin veneer. Every IT system designed by humans will ultimately break at some point in its lifecycle. If you don’t understand what’s happening when that system goes sideways, you don’t have a chance of recovering without writing a new saga to talk about at lunch for weeks to come.
|
||||
|
||||
It took me much longer than I’m comfortable with to figure out that the same hero stories we all enjoyed are a result of not sticking to the fundamental principles that I value the most in any solution I have a hand in creating. So, when Sysadmin Day rolls around this year, I won’t be lifting my glass to the heroes who built a bad system and kept it alive through extreme circumstances and too much caffeine. I’ll tip my hat and share a drink with the boring people in the middle of our industry who specialize in preventing the hero moments. A boring weekend with the on-call phone is the most heroic thing I’m ever going to ask from my sysadmin brethren from now on.
|
||||
|
||||
_—Jamie Duncan_
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://opensource.com/article/19/7/sysadmin-heroics-saving-day
|
||||
|
||||
作者:[Opensource.com][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://opensource.com/users/admin
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/superhero_character_open_force.jpg?itok=cndIf6Zw (Open Force superhero characters)
|
||||
[2]: https://gcn.com/Articles/2002/01/18/National-Guard-will-test-distancelearning-standard.aspx
|
@ -0,0 +1,169 @@
|
||||
[#]: collector: (lujun9972)
|
||||
[#]: translator: (geekpi)
|
||||
[#]: reviewer: ( )
|
||||
[#]: publisher: ( )
|
||||
[#]: url: ( )
|
||||
[#]: subject: (How to run virtual machines with virt-manager)
|
||||
[#]: via: (https://fedoramagazine.org/full-virtualization-system-on-fedora-workstation-30/)
|
||||
[#]: author: (Marco Sarti https://fedoramagazine.org/author/msarti/)
|
||||
|
||||
如何使用 virt-manager 运行虚拟机
|
||||
======
|
||||
|
||||
![][1]
|
||||
|
||||
在早先年,在同一台笔记本中运行多个操作系统只能双启动。当时,这些操作系统很难同时运行或相互影响。许多年过去了,在普通的 PC 上,可以通过虚拟化在一个系统中运行另一个系统。
|
||||
|
||||
最近的 PC 或笔记本(包括价格适中的笔记本电脑)都有硬件虚拟化,可以运行性能接近物理主机的虚拟机。
|
||||
|
||||
虚拟化因此变得常见,它可以用来测试操作系统、学习新技术、创建自己的家庭云、创建自己的测试环境等等。本文将指导你使用 Fedora 上的 Virt Manager 来设置虚拟机。
|
||||
|
||||
### 介绍 QEMU/KVM 和 Libvirt
|
||||
|
||||
与所有其他 Linux 系统一样,Fedora 附带了虚拟化扩展支持。它由作为内核模块之一的 KVM(基于内核的虚拟机)提供支持。
|
||||
|
||||
QEMU 是一个完整的系统仿真器,它可与 KVM 协同工作,允许你使用硬件和外部设备创建虚拟机。
|
||||
|
||||
最后 [libvirt][2] 是能让你管理基础设施的 API 层,即创建和运行虚拟机。
|
||||
|
||||
这三个技术都是开源的,我们将在 Fedora Workstation 上安装它们。
|
||||
|
||||
### 安装
|
||||
|
||||
#### 步骤 1:安装软件包
|
||||
|
||||
安装是一个相当简单的操作。 Fedora 仓库提供了 “virtualization” 软件包组,其中包含了你需要的所有包。
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
sudo dnf install @virtualization
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
#### 步骤 2:编辑 libvirtd 配置
|
||||
|
||||
默认情况下,系统管理仅限于 root 用户,如果要启用常规用户,那么必须按以下步骤操作。
|
||||
|
||||
打开 /etc/libvirt/libvirtd.conf 进行编辑
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
sudo vi /etc/libvirt/libvirtd.conf
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
将域套接字组所有者设置为 libvirt
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
unix_sock_group = "libvirt"
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
调整 UNIX 套接字的读写权限
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
unix_sock_rw_perms = "0770"
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
#### 步骤 3:启动并启用 libvirtd 服务
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
sudo systemctl start libvirtd
|
||||
sudo systemctl enable libvirtd
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
#### 步骤 4:将用户添加到组
|
||||
|
||||
为了管理 libvirt 与普通用户,你必须将用户添加到 libvirt 组,否则每次启动 virtual-manager 时,都会要求你输入 sudo 密码。
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
sudo usermod -a -G libvirt $(whoami)
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
这会将当前用户添加到组中。你必须注销并重新登录才能应用更改。
|
||||
|
||||
### 开始使用 virt-manager
|
||||
|
||||
可以通过命令行 (virsh) 或通过 virt-manager 图形界面管理l ibvirt 系统。如果你想做虚拟机自动化配置,那么命令行非常有用,例如使用 [Ansible][3],但在本文中我们将专注于用户友好的图形界面。
|
||||
|
||||
virt-manager 界面很简单。主窗口显示连接列表,其中包括本地系统连接。
|
||||
|
||||
连接设置包括虚拟网络和存储定义。你可以定义多个虚拟网络,这些网络可用于在客户端系统之间以及客户端系统和主机之间进行通信。
|
||||
|
||||
### 创建你的第一个虚拟机
|
||||
|
||||
要开始创建新虚拟机,请按下主窗口左上角的按钮:
|
||||
|
||||
![][4]
|
||||
|
||||
向导的第一步需要选择安装模式。你可以选择本地安装介质、网络引导/安装或现有虚拟磁盘导入:
|
||||
|
||||
![][5]
|
||||
|
||||
选择本地安装介质,下一步将需要选择 ISO 镜像路径:
|
||||
|
||||
![ ][6]
|
||||
|
||||
随后的两个步能让你调整新虚拟机的 CPU、内存和磁盘大小。最后一步将要求你选择网络选项:如果你希望虚拟机通过 NAT 与外部隔离,请选择默认网络。如果你希望从外部访问虚拟机,那么选择桥接。请注意,如果选择桥接,那么虚拟机则无法与主机通信。
|
||||
|
||||
如果要在启动设置之前查看或更改配置,请选中“安装前自定义配置”:
|
||||
|
||||
![][7]
|
||||
|
||||
虚拟机配置窗口能让你查看和修改硬件配置。你可以添加磁盘、网络接口、更改引导选项等。满意后按“开始安装”:
|
||||
|
||||
![][8]
|
||||
|
||||
此时,你将被重定向到控制台来继续安装操作系统。操作完成后,你可以从控制台访问虚拟机:
|
||||
|
||||
![][9]
|
||||
|
||||
刚刚创建的虚拟机将出现在主窗口的列表中,你还能看到 CPU 和内存占用率的图表:
|
||||
|
||||
![][10]
|
||||
|
||||
libvirt 和 virt-manager 是功能强大的工具,它们可以以企业级管理为你的虚拟机提供出色的自定义。 如果你需要更简单的东西,请注意 Fedora Workstation [预安装的 GNOME Boxes 已经能够满足基础的虚拟化要求][11]。
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://fedoramagazine.org/full-virtualization-system-on-fedora-workstation-30/
|
||||
|
||||
作者:[Marco Sarti][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[geekpi](https://github.com/geekpi)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://fedoramagazine.org/author/msarti/
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://fedoramagazine.org/wp-content/uploads/2019/07/virt-manager-816x346.jpg
|
||||
[2]: https://libvirt.org/
|
||||
[3]: https://fedoramagazine.org/get-the-latest-ansible-2-8-in-fedora/
|
||||
[4]: https://fedoramagazine.org/wp-content/uploads/2019/07/Screenshot-from-2019-07-14-09-41-45.png
|
||||
[5]: https://fedoramagazine.org/wp-content/uploads/2019/07/Screenshot-from-2019-07-14-09-30-53.png
|
||||
[6]: https://fedoramagazine.org/wp-content/uploads/2019/07/Screenshot-from-2019-07-14-10-42-39.png
|
||||
[7]: https://fedoramagazine.org/wp-content/uploads/2019/07/Screenshot-from-2019-07-14-10-43-21.png
|
||||
[8]: https://fedoramagazine.org/wp-content/uploads/2019/07/Screenshot-from-2019-07-14-10-44-58.png
|
||||
[9]: https://fedoramagazine.org/wp-content/uploads/2019/07/Screenshot-from-2019-07-14-10-55-35.png
|
||||
[10]: https://fedoramagazine.org/wp-content/uploads/2019/07/Screenshot-from-2019-07-14-11-09-22.png
|
||||
[11]: https://fedoramagazine.org/getting-started-with-virtualization-in-gnome-boxes/
|
Loading…
Reference in New Issue
Block a user