openSUSE Leap 15 is here!

openSUSEopenSUSE Leap 15 is here! (download the iso) openSUSE has always been my favorite Linux distribution I’ve written extensively about the advantages that come from using zypper, the package manager that comes bundled into openSUSE and how to use it to install and update software on your system. Not only does openSUSE have the best package manager, they also have the best mascot. Geeko for the win!

I am really excited about  Leap 15, it is a major improvement over Leap 42, which is saying a lot since Leap 42 has been an absolutely phenomenal operating system. Leap 15 has some big shoes to fill here but I think it brings a lot to the table that should make it a worthy successor.

As far as open source desktop systems go I think openSUSE can give any of the other Linux contenders a run for their money. Linux desktop environments are in no short supply, and openSUSE is the only distribution I have used that works flawlessly whether you choose to use GNOME, KDE, Budgie, Cinnamon….the list goes on (sorry if I didn’t list your favorite). You can run any or all of these desktop environments on Leap 15 and each one feels as if it was made specifically for openSUSE.

One of the great strengths that openSUSE brings to the desktop is that it is great for both beginners and longtime Linux veterans. The graphical control center (YaST) makes Linux less intimidating to newcomers, and gives power users and administrators a great tool to fine tune their systems. There really isn’t anything else like it in the Linux ecosystem.  With YaST you can do everything from install software, create users and groups, set up a printer, create file shares, set up a web server, and a lot more. All from an easy to use graphical or terminal based interface that allows you to tweak nearly any aspect of your desktop or server.

For all that can be said for the openSUSE desktop, there are some great features built into this release for servers and that is what I would like to focus on.

Letsencrypt

In my mind letsencrypt is the best thing to happen to the world wide web since grumpy cat and it is now included in openSUSE Leap 15 directly from the official repositories. Letsencrypt is a free fully automated SSL certificate generation tool and signing authority sponsored by the Internet Security Research Group (ISRG).  Before letsencrypt, if you wanted an encrypted connection to your WordPress site (thus receiving that fancy green padlock in the address bar) you either had to pony up a couple hundred dollars to your hosting provider every now and then, or suffer through trust issues when your visitors received a warning from their browser explaining that your website was potentially malicious.

Having native support for letsencrypt in openSUSE is something that I’ve been looking forward to for a long time. I am grateful for all the work that has been put into this effort by Lukas Schauer (@lukas2511)and the rest of the developers who work on dehydrated.

I wrote a how-to blog for securing a website with letsencrypt here: https://lukerawlins.com/letsencrypt/ I expect to be updating that post soon to include instructions for openSUSE Leap 15. Also, keep an eye out for Richard Brown to include a how-to on his blog https://rootco.de/ 

Migrate to SLE

With the release of openSUSE Leap 15 you now have the ability to migrate your openSUSE systems to a fully supported SUSE Linux Enterprise (SLE) subscription. This is a huge advantage in the server market where you have to worry about things like long-term support, and hardware or software certifications. In order to accommodate this transition openSUSE Leap 15 and SLE 15 were built from common source material and share the underlying code base. Basically, if you are running Leap 15 you are running SLE 15.  “openSUSE Leap 15 brings plenty of community packages built on top of a core from SUSE Linux Enterprise (SLE) 15 sources, with the two major releases being built in parallel from the beginning for the first time.” (source) This is the first time that openSUSE and SUSE have shared the same core operating system and are fully interchangeable. This say’s a lot of good things for the long-term stability of openSUSE and signals a strong commitment to the community by SUSE.

To find out more about this feature I reached out to the openSUSE chairman Richard Brown (@sysrich on Twitter). Who, while busy getting prepared for the upcoming Leap 15 release, did confirm that there is”no need to redeploy a system” and that the migration path from openSUSE to SLE is fully supported.

If you want to learn a little more about the process of migrating an existing Leap 15 system to SLE 15 this document is a good place to start: https://susedoc.github.io/doc-sle/develop/SLES-upgrade/html/cha.upgrade-online.html#sec.upgrade-online.opensuse_to_sle

Firewalld

With Leap 15, openSUSE is moving away from its iptables based SuSEfirewall2 scripts to the widely used and powerful firewall management tool, firewalld. Firewalld has been around for awhile now is familiar to anyone who has been using Fedora, or CentOS 7, over the last few years. Firwalld uses the concept of zones to filter traffic to a Linux system and provides an intuitive command line interface (firewall-cmd) to create or modify rules in the running firewall configuration. As mentioned before YaST also provides a graphical interface to manage the firewall.

Having support for firewalld in Leap 15 will make it easier for administrators with training or experience using CentOS or Fedora to more easily transition onto openSUSE or SLE in the future.

Transactional Server Role

When you install Leap 15 you will be presented with the option to install the system with the transactional server role. “This system role features a new update system that applies updates atomically (as a single operation) and makes them easy to revert should that become necessary.” When you choose the transactional server role you will have a system that mounts the root file system as read-only, with only the /etc and /var filesystems being writable by users or system services.

The transactional server role is the product of the openSUSE Kubic project. Which is largely focused on developing a minimal system to host containers, without all the overhead that comes from traditional operating systems.

Lots of other new stuff too

Leap 15 comes with PHP 7, update-alternatives, and improvements to managing AppArmor profiles. This is a great update for openSUSE and I expect we will continue to see great work poor out of the project. For a complete list of features take a look at the official press release: https://en.opensuse.org/Features_15.0

As always when experimenting with openSUSE, “Have a lot of fun…”

Three reasons to start using Ansible

AnsibleA few months ago I attended a one day Ansible workshop in Columbus Ohio with a colleague. The workshop was sponsored by Red Hat and contained several labs, which is well worth your time if you have the opportunity. I wasn’t sure what to expect, generally you don’t walk away with much working knowledge from these short events, but I had some experience with Puppet (most of it frustrating) and I was curious to see what Ansible could do for my organization.

Continue reading “Three reasons to start using Ansible”

Motorcycle Season!

Motorcycle season has arrived in central Ohio….. Well, minus the snow we had today…. and possibly tomorrow….

Last Friday, I took a much needed vacation day and decided to make the most of the rare sunshine and mild temperatures by pulling my bike out of the garage and getting it ready for riding season.

motorcycle
My awesome Honda Rebel

This old Rebel 250 can sometimes have a bit of an attitude problem at the start of the spring. Back in 2009 these didn’t come equipped with fuel injection, so it’s always a toss up as to whether or not it’s going to start without a fight (or a trip to the shop) after a long winter. This year, however, after a quick battery charge and a fresh tank of gas it started right up!

At the end of last year I had a problem with the shift lever coming loose so I took a wrench to it to make sure that the locking nut I put on was holding tight. After letting the engine warm up and doing a good check of the brakes, the horn, the chain, and all the flashing lights it was time to get out on the road.

Every year I say I’m going to sell this thing and get something bigger, louder, faster… but every year I’m reminded about how much fun it is to ride this bike. The Honda Rebel isn’t the fastest (understatement of the year), or the loudest (at best it sounds like a well tuned weed wacker), but it does get over 60 miles per gallon, it will do highway speeds without any trouble if you keep up on maintenance, and its got to be one of the best commuter motorcycles you can get. It has just enough power to get you through traffic while staying humble enough to stifle any temptation you might have to become a daredevil in a roundabout.

This year I plan to get more riding time in with a trip or two to the Hocking Hills region, and maybe someplace’s near the lake. Maybe next year I’ll get something new…. (but probably not)

Now all I need is for the warm weather to stick around.

The caret is mightier than the up arrow

I learned a fun bash trick about a week ago that I thought I would share. In a bash shell you can use the caret ^ symbol to find and replace a sequence of characters in your previous command.

For instance if you type:

sudo systemctl restart httpd

and then want to look at the status of the httpd service all you need to do is:

^restart^status

Bash will look at the last command in your history and replace the first occurrence of “restart” with “status” and run the new command.

Over the last week or so I’ve found that I get the most use out of this trick from my atrocious spelling. More often than not I spell “systemctl” as “systemclt”, or instead of “sudo something” I type “sodu something.” Using the caret syntax I can quickly fix my spelling mistakes in the command line without having to retype long strings  that had a couple of letters out of place.

The other thing this is useful for, is to show off your awesome command line skills and see the looks of adoration you get from your fellow Linuxy people. In fact, to be honest, that is probably the best reason to learn these kinds of things. 🙂

So next time you are about to press the up arrow and fix a spelling mistake, or change a command option try using the ^oldstring^newstring trick instead.

Till next time

— Luke

LXD/LXC

I’ve been spending quite a bit of time learning about LXD/LXC containers on Ubuntu. There is a lot of really good information available about how to get started with these containers so I’m not going try to reproduce that content here, however, I will provide links at the bottom that I think are relevant to learn more about LXD and LXC.

Below I outline what it is that I like about LXC these reasons are also the driving factors behind my decision to use LXC for web hosting as opposed to other container technologies. Though I should note that LXC and Docker are not mutually exclusive. If you are comfortable using Docker you may want to consider using both of these technologies.

Continue reading “LXD/LXC”