Linux Blimp

FreeBSD is a free and open source operating system for many different kinds of computers. FreeBSD’s based upon BSD, the version of UNIX developed at the University of California, Berkeley. FreeBSD is an alternative to Linux or Windows-based system. You can run almost all apps written in Perl, Python, PHP and other programming languages. FreeBSD heavily used by Netflix, EMC, IBM, Juniper, NetApp, Apple, Sony, and others. Absolute FreeBSD (3rd ed) book aims to be the complete guide to FreeBSD. Let us see why Michael W. Lucas’ FreeBSD system administration books so favorite among Unix lovers.

Book Review: Absolute FreeBSD (3rd Edition)

The book starts with an introduction to FreeBSD operating system and its history and strengths. The book divided into twenty-four chapters:

1. Getting More Help – You may find yourself needing more help about FreeBSD even after reading the book. The author talks about using man pages and resources on the Intenet to find more help match your requirements.
2. Before You Install – Before you start configuring FreeBSD box, you need to install FreeBSD. The author provides tips on avoiding common mistakes while installing FreeBSD.
3. Installation Walk-Through – This chapter provides a quick overview of installing FreeBSD with different filesystems and options.
4. Start Me Up! The Boot Process – The understanding of the FreeBSD boot process is an essential task for a sysadmin. Quite useful to solve and troubleshoot server issues.
5. Read This Before You Break Something Else! (Backup and Recovery) – The author talks about how to back up the FreeBSD system so that one can recover from human mistakes or system failures.
6. Kernel Games – The author explains how to configure the FreeBSD kernel to meet your requirements using the sysctl command, device drivers, custom kernel configs and more.
7. The Network – In this chapter, Michael talks about the basis of TCP/IP protocol.
8. Configuring Networking – The seventh chapter covered the theoretical part of TCP/IP. It is time to get hand dirty and learn actual commands that one can use to configure FreeBSD networking, routing, DNS, NIC teaming, VLAN and more.
9. Securing Your System – Securing the Internet-connected system is an essential task for the sysadmin. One can secure users, groups, files, FreeBSD system security level, and more.
10. Disks, Partitioning, and GEOM – Another import task is to configure and manage hard drives and partitions on your system. The author talks about partitioning schemes, disk alignment, and commands to manage disks under FreeBSD operating system.
11. The Unix File System – Unix File System (UFS) has been part of FreeBSD and Unix-like system for decades. ZFS is a cool FS but the much older system (read as “legacy” systems) and newer cloud-based system hosted by AWS/Google cloud by default use UFS. Learning UFS and its management commands are another crucial tasks for sysadmins.
12. ZFS – UFS is a 40-year-old and reliable file system for FreeBSD. However, ZFS is a newer and recommend filesystem to store a large amount of data, virtual machines, backups and more. One can learn about ZFS datasets, pools, virtual devices, and management commands for ZFS. (see also Book Review: FreeBSD Mastery – ZFS)
13. Foreign Filesystems – UFS and ZFS are the first class citizen of FreeBSD. Nevertheless, as a sysadmin one might need to mount different disks or configure file system for different client machines. The author talks about DVD/CD, ISOs, burning DVDs, temfs, configuring NFS/CIFS to create classic Unix file server and more. (see also Book Review: FreeBSD Mastery – Storage Essentials)
14. Exploring /etc – The author talks about the many configuration files in FreeBSD and how they work.
15. Making Your System Useful – Applications are the main reason to use any server and the author demos how to install, configure, remove, manage various applications on FreeBSD box using pkg command.
16. Customizing Software with Ports – The author talked about pkg command in the previous chapter. For most users, pre-built packages work out of the box, but in some cases, one might need to configure packages as per needs. FreeBSD ports provide additional tunning and building options for applications, and the author explains how to use FreeBSD ports system in details.
17. Advanced Software Management – The author talks about various concepts and commands for running software on FreeBSD systems such as SMP based system, rc scripts used at boot or shutdown times, shared libraries and more.
18. Upgrading FreeBSD – Want to upgrade FreeBSD system? Read this chapter to upgrade FreeBSD either using binary or source method.
19. Advanced Security Features – Over the years FreeBSD added the more exciting security features. The author discusses some of the important ones such as stateful packet filtering, public key encryption, OpenSSL, preparing system for intrusions, monitoring system, packages and more.
20. Small System Services – Want to turn FreeBSD into a small business server for LAN/WAN users? The author talks about popular services such as DHCP, email, time (ntpd), ssh (openssh), print server and more.
21. System Performance and Monitoring – Monitoring and running FreeBSD server is an essential task for the seasoned sysadmin. One can learn about the various command to find out the bottleneck that slowed down the system. The author talks about FreeBSD’s performance testing and troubleshooting tools that one might need to use to solve problems in production environments.
22. Jails – One must run all internet facing services in an isolated environment to maintain system security and integrity when you have multiple users or services. FreeBSD comes with Jails, and the author talks about setting up Jails to improve FreeBSD system security.
23. The Fringe of FreeBSD – The author covers some interesting topics such as running server/desktop without disks (diskless booting), and cloud-friendly features such as libxo. The libxo allows a FreeBSD application to generate text, XML, JSON, and HTML output using a standard set of function calls.
24. System (and Sysadmin) Crashes and Panics – Software and hardware crash. Sometimes one might find a ghost in the machine. How does one deal with rare occasions when a FreeBSD system fails? Fear not, the author shows how to debug problems, and create a useful problem report.

Absolute FreeBSD is a fantastic book on FreeBSD. Clear. Concise. Informative for new FreeBSD users and sysadmins. The author gives out best practices to learn FreeBSD operating system management and exciting tips to improve your skills. Lastly, I think this book is a must-have book for all people interested in learning FreeBSD system managment.

Book Info:

• Title: Absolute FreeBSD (3rd ed)
• Author: Michael W. Lucus
• Publisher: No starch press
• Length: 708 pages
• Target: System administrators or developers
• Rating: 5/5
• Disclaimer: No starch press sent us a review copy.
• Purchase online at Amazon

Source

News briefs for October 31, 2018.

The Fedora Project Manager announced the official release of Fedora 29 yesterday. This release is the first to include the Fedora Modularity feature across
all variants. Other changes include “GNOME 3.30 on the desktop, ZRAM for our ARM images, and a Vagrant image
for Fedora Scientific”. You can download it from here.

Red Hat Enterprise Linux 7.6 launched yesterday with improved security. eWeek reports that the new release features “TPM 2.0 support for security authentication, as well as integrating the open source
nftables firewall technology effort”. eWeek quotes principal project manager Steve Almy: “The TPM 2.0 integration in 7.6 provides an additional
level of security by tying the hands-off decryption to server hardware in addition to the network bound disk
encryption (NBDE) capability, which operates across the hybrid cloud footprint from on-premise servers to
public cloud deployments.” Version 7.6 is the second major milestone release of 2018.

Linux Lite 4.2 Final is now available. Linux Lite creator Jerry Bezencon says the release is “a ‘refinement’ and not a ‘major upgrade’.
There are some new wallpapers thanks to @whateverthing and some minor tweaks here and there.” One change with
this version is the addition of
Redshift, which “adjusts the color temperature according to the position of the sun”.

Google and a group of cetologists have been using AI to listen to years of undersea recordings with the hope of
creating “a machine learning model that can spot humpback whale calls”. According to TechCrunch, the project is part of Google’s AI for Social Good
initiative.

Resin.io, a container-based server platform for Linux device management, has “changed its name to balena and released an
open source version of its IoT fleet management platform for Linux devices called openBalena”, Linux
Gizmos reports. Founder and CEO of the company says the name change is due to “to trademark issues, to
cannabis references, and to people mishearing it as ‘raisin'”. balenaOS is “an open
source spinoff of the container-based device software that works with balenaCloud”, and the new openBalena “is an
open version of the balenaCloud server software. Customers can now choose between letting balena manage their
fleet of devices or building their own openBalena based server platform that manages fleets of devices running
balenaOS”.

Source

Bitnami EspoCRM Stack is a free and multiplatform software project that greatly simplifies the deployment of the EspoCRM application, as well as of its runtime dependencies, on desktop computers and laptops.

What is EspoCRM?

As its name suggests, EspoCRM is a CRM (Customer Relationship Management) software that runs on top of a web server and helps you easily manage your customer relationships. It’s a platform-independent, highly customizable, open source and free web-based application that is lightning-fast and features a responsive design.

Installing Bitnami EspoCRM Stack

Bitnami EspoCRM Stack is distributed for free as native installers, which have been built using the BitRock InstallBuilder tool and designed to support all GNU/Linux distributions, as well as the Mac OS X and Microsoft Windows operating systems.

To install the EspoCRM application and its server-related requirements, you must download the file that corresponds to your computer’s hardware architecture (32-bit or 64-bit), run it and follow the on-screen instructions.

Run EspoCRM in the cloud

In addition to installing EspoCRM on your personal computer, you can also run it in the cloud, as Bitnami provides pre-built cloud images for the Amazon EC2 and Windows Azure cloud hosting services.

Virtualize EspoCRM on VMware and VirtualBox

Users will also be able to virtualize the EspoCRM application on the Oracle VirtualBox and VMware ESX/ESXi virtualization software, thanks to the virtual appliance based on the latest stable (LTS) release of the Ubuntu Linux operating system.

The Bitnami EspoCRM Module and Docker container

Besides the Bitnami EspoCRM Stack product reviewed here, users can also download Bitnami EspoCRM Module, an installer that allows anyone to deploy the EspoCRM application on top of the Bitnami LAMP, WAMP and MAMP stacks, without having to install its runtime dependencies. An EspoCRM Docker container will also be distributed on the project’s homepage, free of charge.

Source

Share with friends and colleagues on social media

High performance computing (HPC) – the use of supercomputers and parallel processing techniques for solving complex computational problems – has traditionally been limited to the world of large research institutions, academia, governments and massive enterprises. But now, advanced analytics applications using artificial intelligence (AI), machine learning (ML), deep learning and cognitive computing are increasingly being used in the intelligence community, engineering and cognitive industries.

The need to analyze massive amounts of data and transaction-intensive workloads are driving the use of HPC into the business arena and making these tools mainstream for a variety of industries. Commercial users are getting into high performance applications for fraud detection, personalized medicine, manufacturing, smart cities, autonomous vehicles and many other areas. In order to effectively and efficiently run these workloads, SUSE has built a comprehensive and cohesive OS platform. In this blog, I will illustrate five things you should know about our SUSE solutions for AI over HPC.

Stronger partnerships

The first thing to know is how vital SUSE partnerships are to our HPC business. While the SLE HPC product can be obtained through direct Sales, it historically has been made available via our IHV and ISV partners. But obtaining the OS and associated HPC tools is only half of the story. Our key partnerships provide opportunities to innovate and contribute to open source development in AI/ML/DL and leading-edge advanced analytics applications.

Hewlett Packard Enterprises’ HPC software includes open source, HPE-developed and commercial HPC software that’s validated, integrated and performance-optimized for their systems. SUSE is the preferred HPE partner for Linux, HPC, OpenStack and Cloud Foundry solutions. And SUSE technology is embedded in every HPE ProLiant Server to power the intelligent provisioning feature. We have several joint papers that describe how SUSE and HPE together deliver HPC power to enterprises.

ARM System on a Chip (SoC) partners are driving new HPC adoptions in the modern data center. And SUSE is helping transform the 64-bit ARM platform to an enterprise computing platform by being the first commercial Linux distributor to fully support ARM servers. In fact, SUSE provides ARM HPC functionality as part of SLE HPC. The increased server density on the latest 64-bit ARM processors really helps to optimize the overall infrastructure costs – making Arm-based supercomputers more affordable. ARM SoC partners include Marvell (formerly Cavium), AMD, HPE, Cray, MACOM, Huawei HiSilicon, Mellanox, XILINX, Gigabyte, Qualcomm and more.

Cray builds their own Cray Linux Environment (CLE) – an adaptive operating system, purpose-built for HPC and designed for performance, reliability and compatibility – it also happens to be built on SUSE Linux Enterprise. Cray supercomputers continue to have a majority share of the Top500 sites around the world. And Cray is a key player in HPC, producing both Intel-based and ARM-powered supercomputers.

Lenovo’s strategy is to provide open access to clusters on their new highly efficient processors. SUSE and Lenovo jointly defined the scope of the Lenovo HPC stack using SUSE HPC componentry. In turn, Lenovo created the LiCO (Lenovo Intelligent Computing Orchestration) adaptation – a premier AI/HPC package tailored to power AI/ML/DL workloads.

Those are just a few highlights of key partnerships for SUSE and HPC. Others include NVIDIA, Microsoft Azure, Fujitsu, Intel, Univa, Dell Technologies, Altair, ANSYS, MathWorks, Supermicro and Bright Computing. Another aspect of partnering in open source is continuing to be a major contributor in communities that guide parallel computing – including OpenHPC (where SUSE is a founding member), OpenMP and many more involved in shaping HPC tools.

More differentiators

The second thing to know is the clear and concise set of HPC platform differentiators. This list encompasses what’s available in the SUSE OS as well as for HPC storage and HPC in the cloud:

• SUSE Enterprise Storage is Ceph-based and software-defined, providing backup and archival storage for HPC environments that is very easy to manage
• SLE HPC is enabled for Microsoft Azure and AWS Cloud
• SLE HPC and associated HPC packages are fully supported for Aarch64 (Arm) and x86-64 architectures
• Supported HPC packages, such as slurm for cluster workload management, are included with SLE HPC subscriptions. Also in the same HPC Module are Ganglia for cluster monitoring, OpenMPI, OpenBLAS, FFTW, HDF, Munge, MVAPICH and more.
• SLE HPC is priced very competitively, and uses a simple, one price per cluster node model
• SLE HPC provides ESPOS (Extended Service Pack Overlay Support) for longer service life for each service pack
• SUSE Enterprise Linux is used in about half of the top 100 HPC systems around the world
• SUSE Package Hub includes SUSE-curated and community-supported packages for HPC.

AI/ML focus

The third thing to know is our increased focus on the AI/ML market space and how we are providing the most efficient and effective HPC platform for these new workloads in a parallel computing environment. Technologies like cognitive computing, the Internet of Things and smart cities are powered by high performance computing and fueled by advanced data analytics. Businesses around the world today are recognizing that a Linux-based HPC infrastructure is vital to supporting the analytics applications of tomorrow. And we are finding that HPC is not just for scientific research any longer, and being adopted across banking, healthcare, retail, utilities and manufacturing.

In healthcare, an HPC platform underlies applications such as AI for precision medicine, diagnoses and treatment plans, cancer research, genomics and drug research. In the automotive world, we see HPC being used in aerodynamic designs, engine performance and timing, fuel consumption, safety systems and AI driverless operations. In manufacturing, HPC is vital for computational fluid dynamics, heat dissipation system design, AI advanced robotics, automated systems and other high-performance designs. And in energy, we find HPC as the basis for air flow designs in renewable energy, wind turbines and heating/cooling efficiencies.

SUSE Linux Enterprise HPC is integral to a highly scalable parallel computing infrastructure for supporting AI/ML and analytics applications being used across industries.

Restructured product

The fourth thing to know is how we’ve restructured our SLE HPC product with our goal of making HPC easier to implement and adapt. With SUSE’s concerted effort to make HPC easier to adopt, implement and maintain we have recently made the following changes:

• Invoked a simple, one price per cluster node model with significantly reduced list prices that can be used by IHVs, ISVs and direct Sales.
• SLE HPC is available for x86 and Arm HPC clusters
• SLE HPC has a new “level 3 support” SKU specifically for partners
• There are multiple service life options including Extended Service Pack Overlap Support and Long-Term Service Pack Support
• There are revised terms and conditions for smaller cluster sizes and increased clarity on defining compute nodes
• More frequent updates on demand for popular HPC packages, supported by SUSE

Growing market share

The fifth and final thing to know is that SUSE continues to grow its market share in the supercomputing arena, as evident by the market share in the latest Top500 report. The latest analysis of the Top500 supercomputer sites report shows that half of the top 30 run SUSE, expanding to 40% of the top 100. One of the most compelling statistics from the report is when we look at the vendor share of paid OS, which represents 116 supercomputers in the top 500 list. Here we see that over half of the paid Linux OS in the top 500 are running SUSE.

From the same segment, we also calculated the paid OS “performance share”, which is based on the total number of cores across 116 supercomputers. Here again we see that over half of the paid-for Linux OS in the top 500 are SUSE.

I will be providing more specifics on all of the areas I talked about in this blog post over the next several months, but hopefully I’ve given you a decent “first look”.

With our open and highly collaborative approach through our strong partner ecosystem, we can help deliver the required knowledge, skills and capabilities that will shape the adoption of HPC and AI technologies today and power the new analytics applications of tomorrow.

For more information about SUSE’s solutions for HPC, please visit https://www.suse.com/programs/high-performance-computing/ and https://www.suse.com/products/server/hpc/ and https://www.suse.com/solutions/hpc-storage/ .

Thanks for reading!

Source

ProtonDB has said users can play over 2,600 Windows games on Linux since the launch of the new Steam Play for Linux in August.

Valve launched Steam Play with Proton, making it easier for gamers to play Window games on Linux that had not yet been ported to the operating system, including games such as The Witcher 3, Dark Souls 3, and Dishonored.

Not all games may run perfectly on Linux, but the number of available games is growing daily.

This, however, is often the case with Windows 10, as it cannot play older games as well as the previous versions of Windows could – even under Compatibility Mode.

Since August, the database of games compatible with Proton has increased to over 2,600, which is more than half of the 5,000 Linux-native games that you can get through the Steam store.

Source

VirtualBox is an open source cross-platform virtualization software which allows you to run multiple guest operating systems (virtual machines) simultaneously.

In this tutorial we will show you how to install VirtualBox from the Oracle repositories on CentOS 7 systems.

Prerequisites

Before continuing with this tutorial, make sure you are logged in as a user with sudo privileges.

Installing VirtualBox from Oracle repositories

Follow the steps below to install the VirtualBox on your CentOS 7 machine:

1. Start by downloading the build tools necessary for compiling the vboxdrv kernel module:

   sudo yum install kernel-devel kernel-headers make patch gcc

2. Download the Oracle Linux repo file to /etc/yum.repos.d directory using the following wget command:

   sudo wget https://download.virtualbox.org/virtualbox/rpm/el/virtualbox.repo -P /etc/yum.repos.d

3. Install the latest version of VirtualBox 5.2.x by typing:

   sudo yum install VirtualBox-5.2

   During the installation you will be prompted to import repository the GPG key. Type y and hit Enter. Once the installation is complete you will see the following output:

   Creating group ‘vboxusers’. VM users must be member of that group!

   Verifying : VirtualBox-5.2-5.2.20_125813_el7-1.x86_64

   Installed:
   VirtualBox-5.2.x86_64 0:5.2.20_125813_el7-1

4. To verify that your VirtualBox installation was successful, run the following command which will check the status of the vboxdrv service.

   The output should look something like this indicating that the service is enabled and active :

   ● vboxdrv.service – VirtualBox Linux kernel module
   Loaded: loaded (/usr/lib/virtualbox/vboxdrv.sh; enabled; vendor preset: disabled)
   Active: active (exited) since Thu 2018-10-25 21:31:52 UTC; 6s ago

Installing VirtualBox Extension Pack

Thr VirtualBox Extension Pack provides several useful functionalities for guest machines such as virtual USB 2.0 and 3.0 devices, support for RDP, images encryption and more.

At the time of writing this article, the latest version of VirtualBox is 5.2.20. Before downloading the extension pack using the command bellow you should check the VirtualBox download page to see if a newer version is available.

Download the extension pack file by typing:

wget https://download.virtualbox.org/virtualbox/5.2.20/Oracle_VM_VirtualBox_Extension_Pack-5.2.20.vbox-extpack

When the download is completed import the extension pack using the following command:

sudo VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-5.2.20.vbox-extpack

You will be presented with the Oracle license and prompted to accept the terms and conditions.

Do you agree to these license terms and conditions (y/n)?

Type y and hit Enter. Once the installation is completed you will see the following output:

0%…10%…20%…30%…40%…50%…60%…70%…80%…90%…100%
Successfully installed “Oracle VM VirtualBox Extension Pack”.

Starting VirtualBox

Now that you have VirtualBox installed on your CentOS system you can start it either from the command line by typing VirtualBox or by clicking on the VirtualBox icon (Applications -> System Tools -> Oracle VM VirtualBox).

When the VirtualBox is started for the first time, a window like the following should appear:

Conclusion

You have learned how to install VirtualBox on your CentOS 7 machine. You can now install your first Windows or Linux guest machine. To find more information about VirtualBox visit the official VirtualBox documentation page.

If you have any question, please leave a comment below.

Source

The hardware vendor specializing in Linux systems has set a date for its latest venture. Their new Thelio desktop systems will be available for preorder soon.

For those of you unaware of System76 [Official Site], they’ve been selling Linux-powered laptops, mini computers and servers for a few years now and have even created their own Ubuntu derivative named Pop!_OS. Last month they started teasing their newest project, Thelio, which aims to be an open hardware desktop system.

Details on what the hardware will entail specifically are still a little light, and we’ll likely only know for sure when the system goes up for preorder, but there’s a few things that we can say for sure. In reply to a tweet sent by Liam asking whether or not they’d have a custom motherboard, the CEO clarified that “we’re pulling proprietary functionality off the mainboard and onto a custom, open source (hardware and firmware) daughter board.”

This open firmware will be GPLv3-licensed and you can already check out the master repository for the Thelio on GitHub. Personally, I can’t really make much heads or tails of the various bits of code and teaser blueprints and hardware schematics that System76 and its CEO have been posting in the last few weeks but I can say that I am excited to see a hardware vendor work on their own custom solutions for the Linux desktop.

I suppose we’ll just have to see what the prices are like when preorders go live November 1. Systems are expected to be shipped in December of this year. You may also want to check out the animated saga that System76 have created around Thelio.

Source

Bitnami Ghost Stack is a free and multiplatform software project, a native installer that has been designed from offset to allow you to deploy the Ghost application and its runtime dependencies on desktop computers or laptops. Cloud images, a virtual appliance and a Docker container are also available for the Ghost app.

What is Ghost?

Ghost is an open source, platform-independent and free web-based application, a beautifully designed and completely customizable software designed especially for publishing content on the web, allowing users to write and publish their own blogs.

Installing Bitnami Ghost Stack

The Bitnami Ghost Stack product is distributed as native installers for all mainstream operating systems, including all GNU/Linux distributions, as well as the Microsoft Windows and Mac OS X operating systems, supporting 32-bit and 64-bit (recommended) computers.

To install Ghost on your personal computer, simply download the package that corresponds to your computer’s operating system and hardware architecture, run it and follow the instructions displayed on the screen.

Run Ghost in the cloud

Thanks to Bitnami, users are now able to run Ghost in the cloud with their hosting platform of choice. Pre-built cloud images for the Windows Azure and Amazon EC2 cloud hosting services are also available for download on the project’s homepage (see link below).

Virtualize Ghost on VMware and VirtualBox

In addition to deploying Ghost in the cloud or on personal computers, it is possible to virtualize it using Bitnami’s virtual appliance for the VMware ESX, ESXi and Oracle VirtualBox virtualization software.

The Ghost Docker container and LAMP/WAMP/MAMP module

A Ghost Docker container will also be available on the project’s website, but Bitnami does not provide a Ghost module for its LAMP, WAMP and MAMP stacks, which could have allows users to deploy the application on personal computer, without having to deal with its runtime dependencies.

Source

Share with friends and colleagues on social media

SUSE Linux Enterprise Server 12 STIG has been approved by Defense Information Systems Agency (DISA) and posted on IASE. This assists with the adoption of SUSE Linux Enterprise Server 12 in the US Federal Government and with Government Contractors.

What is STIG? Where does it come from?

The Security Technical Implementation Guides (STIGs) define the configuration and settings of United States Department of Defense (DoD) IT systems that provide a standardization of the security profile for a particular technology. These cybersecurity guidelines are developed from the Security Requirements Guides (SRGs) that are produced by the Defense Information Systems Agency (DISA).

STIGs are widely used by the United States government and allies, government contractors, and various commercial entities to provide a cybersecurity methodology for securing and hardening operating systems to a DoD security standard.

The SUSE Linux Enterprise Server 12 STIG has several items to note for System Administrators and Security Auditors such as:

• AppArmor

The SUSE Linux Enterprise Server (SLES) 12 STIG references AppArmor, a Linux Security Module for implementing mandatory access controls (MAC) and application white listing in place of SELinux.

• Common Access Card (CAC) Support

The SLES 12 STIG prescribes the use of two-factor authentication to access IT resources. Support for CAC smart cards was verified and detailed in a SUSE Blog Configuring Smart Card authentication on SUSE Linux Enterprise.

The acceptance and approval of the SLES 12 STIG continues the commitment of SUSE Security to meet various federal and international security standards such as Common Criteria and Federal Information Processing Standards (FIPS) 140-2.

More information

You can access the SLES 12 STIG and latest SUSE security certifications information at

• SUSE Linux Enterprise Server 12 STIG Version 1 at IASE
• DISA Memo – SLES 12 STIG V1
• SLES12 STIG V1 at SUSE file server
• SUSE Security Certifications

You can reach out to SUSE security team at https://www.suse.com/support/security/contact/ or Adam Belmonte, Manager-Federal Programs (phone: 978-394-4780, email).

Share with friends and colleagues on social media

Source

Memory tables do not play well with replication.

The Problem

After upgrading MySQL server from 5.6 to 5.7, we noticed that Master/Slave replication started to fail with the following error:

Could not execute Delete_rows event on table my_database.my_table; Can’t find record in ‘my_table’, Error_code: 1032; handler error HA_ERR_KEY_NOT_FOUND; the event’s master log bin-log.003023, end_log_pos 552195868

If we restart the slave, we lose content of our MEMORY tables, and MySQL replication breaks.

Working Towards the Solution

MySQL Binary Logging: MySQL 5.6 vs MySQL 5.7

Prior to MySQL 5.7.7, the default binlog_format was STATEMENT. That’s what we used before the upgrade.

In MySQL 5.7.7 and later, the default is ROW. This is what we have after the upgrade.

Now, on MySQL 5.6, STATEMENT replication will often continue to run, with contents of the table just being different as there is a little checks whenever statements produce the same results on the slave.

ROW replication, however, will complain about a non-existent ROW for UPDATE or DELETE operation.

Workaround: use SQL_SLAVE_SKIP_COUNTER

When replication is broken because a row was not found and it cannot be deleted, we can do the following:

STOP SLAVE;
SET GLOBAL SQL_SLAVE_SKIP_COUNTER=1;
START SLAVE;

This will skip the offending statement and resume replication. Be careful with it! In our case it’s fine, because the application logic is such that the contents of MEMORY tables can be safely lost (the table in question is used for caching).

Note that this approach is not a solution, because our relication will get broken as soon as there is another update or delete statement that affects MEMORY tables.

Solution: do not replicate MEMORY tables

If we don’t need MEMORY tables on the slave, then we can stop replicating them.

We need to create a replication filter which keeps the slave thread from replicating a statement in which any table matches the given wildcard pattern.

In our case, we would use the following:

–replicate-wild-ignore-table=”my_database.my_table”

If we have more than one database that has this problem, we can use a wildcard:

–replicate-wild-ignore-table=”%.my_table”

The above will not replicate updates that use a table where the database name is any, and the table matches “my_table”.

This can be done on the fly as well:

STOP SLAVE;
CHANGE REPLICATION FILTER REPLICATE_WILD_IGNORE_TABLE = (‘%.my_table’);
START SLAVE;

References

https://www.percona.com/blog/2010/10/15/replication-of-memory-heap-tables/
https://dev.mysql.com/doc/mysql-replication-excerpt/5.7/en/replication-features-memory.html

Source