From 33eef02907f37fe15d474091b73469a567241309 Mon Sep 17 00:00:00 2001 From: Paul Lecuq Date: Sat, 6 Aug 2022 15:06:23 +0200 Subject: [PATCH] added new article 2022-08-06 --- .../2022-08-06-PaulBSD-update-August-22.md | 67 +++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 content/post/2022-08-06-PaulBSD-update-August-22.md diff --git a/content/post/2022-08-06-PaulBSD-update-August-22.md b/content/post/2022-08-06-PaulBSD-update-August-22.md new file mode 100644 index 0000000..a0e68e5 --- /dev/null +++ b/content/post/2022-08-06-PaulBSD-update-August-22.md @@ -0,0 +1,67 @@ ++++ +categories = ["Services", "Proxmox", "SaltStack", "Platform"] +date = "2022-08-06" +menu = "" +tags = ["paulbsd", "services", "proxmox", "saltstack", "platform"] +title = "PaulBSD August '22 updates" ++++ + +# PaulBSD August '22 updates + +After 2 years with no news, there was time to deliver some news and updates about PaulBSD platform and software. + +## Infrastructure machines + +Starting in late 2020, instances in Scaleway were migrated to the Contabo which is a german hosting service based in Nurnberg, DE for its primary site and in the US. +It delivers for PaulBSD a reliable instance (now 2 years without any downtime) for a relatively low price: +- 6 CPU threads +- 16GB RAM +- 400GB SSD backed storage +- 400Mbps unmetered bandwidth +For only 10,79 euros per mo + + +## New programming language + +As of 2021, rust-lang software was written. As some projets that were made using this language we can list some of these: +- ipblc: a proactive defence system like fail2ban, with a clustered message queuing technique to live update nftables based firewalls blocklist across all client agents. It works with the Go written software ipbl (server part). See above for more details. +- zabbixlaunch: a tool used to have a monitoring dashboard on novation launchpad mini. It works on recent problems on zabbix using its API. +- some challenges on https://root-me.org and https://www.newbiecontest.org/ +- and some internal software + +Golang and Rust are privileged at PaulBSD as programming languages for internal software, keeping Python for SaltStack modules and small quick and dirty scripts. + + +## ipblc + +As mentioned previously, ipblc is new security software designed to run in clustered mode with a server. Some of it's features are the following : +- Designed for high-performance and a very small CPU / memory footprint. +- inotify based logfiles changes detector +- Multi-threading (a thread is parsing files while, an another thread receives to data from the message queing channel, and the last thread communicates to the firewall running on the host) +- ZMQ Message queing for communication between (REQ/REP mode from client to server to send ip, PUB/SUB for broadcast ip blocking to all ipblc agents) + +See https://git.paulbsd.com/paulbsd/ipblc for more information and source code. As always for public sources from PaulBSD, the source code is under two-clause BSD License. + + +## Continuous evolution + +Public scope: +- https://git.paulbsd.com/paulbsd/paulbsd-salt: A plenty of SaltStack states for internal use. +- https://grafana.paulbsd.com: new public dashboard like ip-abuses (based on ipbl/ipblc IP collectors), with the legacy coronafana and fuel prices +- https://paste.paulbsd.com: a pastebin-like service for sharing data between users, docker based instance, deployed using saltstack. + +Internal scope: +- A docker registry as been added on a new docker host has been provisioned in PaulBSD datacenter in Caen +- A caching proxy for APT software has been installed and is used / replicated across PaulBSD regions. It's designed to keep deb packages on a local machines for each PaulBSD sites, and limit external bandwidth for already downloaded packages + + +## Future + +Some of these aspects will be the next focus for PaulBSD +- More clusterisable components of the platform, such use of clustered database systems with PostgreSQL and MariaDB, website, applications, etc. +- New software with centralised and network available configurations, with distributed aspect inside. Maybe more on etcd and related software. +- A management panel for many components, with HTML5 / vanilla JS for frontend and a Go or Rust written backend API service. +- Maybe a peertube based video service soon + + +Made with fun, again !