[lug] talk / workshop idea

Bear Giles bgiles at coyotesong.com
Mon Jul 1 09:46:15 MDT 2019 

Related to the last point - it occurs to me that LUGs often have
install-fests for new users but never have install-fests for advanced
users. I'm not volunteering for a talk - but mostly because it feels like
this is more of a workshop than a presentation.

Some of the ideas are:

1. Reflashing routers.

2. Kerberos for fun and profit. (Seriously - it's critical to the hadoop
ecosystem and increasingly other things as well. Many applications support
it, e.g., I think all databases support kerberos authentication).

3. That brings up FreeIPA  - you can set up a KDC on your own but it may be
easier to use a complete solution. Or use Samba as an AD. :-)

4. FreeNAS - esp. if it supports Kerberos + NFS and/or iSCSI

5. Advanced networking. We all know that IOTs are a risk and it would be
nice to put them on the guest network and configure it so they can't access
our main network... but most router software doesn't let you specify
"devices can see each other on the guest network" but not "devices can see
your main network". Without the former you can't control your smart
switches, get a live feed off of your security camera, etc.

This sounds like a classic networking/subnet problem. How's it implemented
on SOHO gear?

6. Advanced networking 2. A few related items - a mix of "this is how you
can do it" and "which is the best for different scenarios?". Things like
VLANs, assigning a static second IP address in a different private IP
address range, etc.

7. Another thought - there's been some discussion of just how often things
phone home. Is it worthwhile to put a system between the router and home
network that can monitor and restrict traffic? (In my case I can use a
dual-NIC system to ensure isolation.) It would allow monitoring and
possibly filtering but it could also hit the performance since everything
has to go through that system.

8. Kubernetes. Docker is old hat, Virtualbox is old hat. What about running
k8 on your home network?

(Note: k8 requires the host to disable swapping. You'll want to run it on
dedicated hardware with a decent amount of memory.)

I'm sure others can come up with ideas - either things they can offer or
things they're interested in.

BTW my day job is technically java development but over the past year+
I''ve also done a lot of hadoop sysadmin and over last 6 months a lot of
devops/IAC with an emphasis on the ops side. (The traditional ops team is
focused on production systems, I'm in a bridge role where I'm capturing the
process required for creating our many dev systems in a compatible approach
but is sensitive to the needs of developers and qa.) It's the type of thing
that could make a good talk...  but there's __so much__ that would need to
be covered.

Bear
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20190701/2c844a16/attachment.html>

More information about the LUG mailing list