By default SSHD will try to resolve the DNS name for any clients that are connecting. You’ll notice that it hangs for a bit while its connecting. While could be many things, more often than not its caused by DNS. This is because SSHD looks up the reverse DNS entries of any connection clients in order to improve its logging. If your SSH server runs in an environment where the connecting client might not have a DNS name, or the DNS server is slow to respond you will want to disable this lookup.
In this article we present a practical use of strace. shred is a tool used to securely delete files by overwriting them with random data several times. The theory is that when erasing files normally a ghost of the data is left behind. Overwriting the file several times is supposed to clear this ghost, and render the file unrecoverable. Of course today we have logging filesystems, SSDs and backup systems that all may retain data of the file, so shred is not that useful.
strace is a utility available on Linux that allows you to display all of the calls between a userspace program and the kernel, called system calls. System calls are used by userspace applications when they need to do something that requires the kernel. This covers pretty much and data entering or leaving the application, requests for more memory, libraries getting loaded, and more. strace is similar to other utilities from other systems such as ktrace on BSD/OSX and truss on Solaris/FreeBSD.
When there are a lot of paths, URLs or other strings to keep track of in a role it can get really messy. Especially if the some of them contain variables and are used in multiple places. Often to make roles easier to work with, I place a task at the tops of the role that calculates the variables so that they can easily be referred to later. It important to note that the set_fact role can set multiple facts at the same time.
This pattern is used to provide a quick way to include multiple roles at once. For example if you have a group of things that every server needs, you could use a meta role to include those things with one line. So lets say you have three roles for every machine named users, ssh and logs_to_syslog_server. You can include them all by making a role named common. In that common role you make a file named meta/main.
Often in Ansible I find myself needing to download an artifact. Whether it is a piece of software from GitHub or a build of some internal application that needs to be installed. One thing that is often important in these cases is speed of rollback. If something goes wrong with a new version I want the rollback to be fast, and preferable using preexisting files, and not downloading everything again.
For the last 10(!) years this blog has been running on Wordpress. Due to a very rigorous update schedule it managed to stay free of compromise its whole life. Which does show you something about the supposed insecurity of Wordpress. Despite the frequent updates to Wordpress however I found it hard to find time to update the actual OS, and before it was decommissioned it was running Fedora 17 (of 2012).