Welcome to RTFM!¶
RTFM is a documentation related to various IT subjects that can give an idea on which steps to follow to achieve some particular tasks.
Objectives¶
You arrive in a small or bigger company where nothing exists or you need to start from scratch, what would you do? All decisions and changes should be documentated here.
Architecture
redundancy
high availability
Prod
staging
Fully automatically deployement on a cloud infrastructure a complete network with:
Todo
BaseOS
naming convention
SKEL
MOTD
basic packages
DNS server
LDAP
SSO
Backup and restoration
laptop/tower automatic installation and distant update
VPN access
Security
motd
firewall (and a port management system centralized to open or close them)
2FA
SNMP
password management and policies
patch, migration and update policy
Threat detection, itrusion detection
…
Logging [kibana]
ACL (to access different things, services)
monitoring and paging (of machines, VMs, services)
status page for services
services:
annuaire
HR system
large file sharing
Artifact repository manager [artifactory]
images building farm [gitlab-ci]
code versionning [gitlab]
CI/CD and info on DevOps for code, docker images, … [gitlab-ci]
communication tools [mattermost]
Issue manager [alternative to Jira]
documentation manager [sphinx/Gitlab pages]
email server
ML pipelines (automatic creation of computing nodes when pushing to the pipeline)
DVC or Pachyderm
Binder with Jupyter notebooks
to be continued…
- Introduction
- Documentation
- Bare metal setup
- CI/CD: test and deploy
- Annexes
- Notes
- Services list
- Security - SIEM - Monitoring - Supervision
- Virtualization - Containerization
- Backups - Restore
- Development
- Deployement
- Customer
- Useful services
- Authentication - Authorization
- Communication (synchronous or asynchronous)
- Domain Name
- Machine learning
- Search
- Databases
- To sort
- Bare metal provisionning system
- Services list
- Glossary
- Bibliography
TODO LIST¶
Todo
Explanation about what is docker
how to use it
how to configure it
some useful commands
(The original entry is located in /builds/mattberjon/rtfm/source/annexes/tools/docker.rst, line 4.)
Todo
better description of each configuration
add several useful aliases
add configuration for submodule
(The original entry is located in /builds/mattberjon/rtfm/source/annexes/tools/git.rst, line 12.)
Todo
Describe shortly how asymetric encryption works.
(The original entry is located in /builds/mattberjon/rtfm/source/annexes/tools/opengpg.rst, line 12.)
Todo
Renew the keys
How to use it with files
How to use it with emails
Backup your key pair and contact public keys
Some useful commands
(The original entry is located in /builds/mattberjon/rtfm/source/annexes/tools/opengpg.rst, line 124.)
Todo
Explain how to use Sphinx
how to manage images
integration of Gitlab snippets
…
(The original entry is located in /builds/mattberjon/rtfm/source/annexes/tools/sphinx.rst, line 10.)
Todo
Rewrite the part below fully
(The original entry is located in /builds/mattberjon/rtfm/source/annexes/tools/ssh.rst, line 6.)
Todo
Find the right configuration for server and the client
How to properly setup a rebound from one server to another
(The original entry is located in /builds/mattberjon/rtfm/source/annexes/tools/ssh.rst, line 31.)
Todo
SSH key management : https://www.ssh.com/iam/ssh-key-management/
SSH key management soft: https://www.ssh.com/products/universal-ssh-key-manager/
(The original entry is located in /builds/mattberjon/rtfm/source/annexes/tools/ssh.rst, line 54.)
Todo
What is VIm
how to use it
Nice plugins
Useful commands
(The original entry is located in /builds/mattberjon/rtfm/source/annexes/tools/vim.rst, line 4.)
Todo
workflow using git-flow, protected branched
git hook to ensure
(The original entry is located in /builds/mattberjon/rtfm/source/ci-cd.rst, line 38.)
Todo
BaseOS
naming convention
SKEL
MOTD
basic packages
DNS server
LDAP
SSO
Backup and restoration
laptop/tower automatic installation and distant update
VPN access
Security
motd
firewall (and a port management system centralized to open or close them)
2FA
SNMP
password management and policies
patch, migration and update policy
Threat detection, itrusion detection
…
Logging [kibana]
ACL (to access different things, services)
monitoring and paging (of machines, VMs, services)
status page for services
services:
annuaire
HR system
large file sharing
Artifact repository manager [artifactory]
images building farm [gitlab-ci]
code versionning [gitlab]
CI/CD and info on DevOps for code, docker images, … [gitlab-ci]
communication tools [mattermost]
Issue manager [alternative to Jira]
documentation manager [sphinx/Gitlab pages]
email server
ML pipelines (automatic creation of computing nodes when pushing to the pipeline)
DVC or Pachyderm
Binder with Jupyter notebooks
to be continued…
(The original entry is located in /builds/mattberjon/rtfm/source/index.rst, line 24.)
Misc¶
Create a wifi network connected to a radius server for nominative identification on the network
Hardware provisionning¶
Apprendre à déployer des OS sur des serveurs en masse - maas: http://maas.io/
Hardware configuration¶
Apprendre à configurer et gérer des équipements réseau en masse - rconfig: https://www.rconfig.com/ - ansible?
Good practices¶
development - git hooks - protected branch - bumping versionning
Use the wireless 4G as an AP for the network on DDwrt¶
You need first to set up the WIFI hostspot on your phone (with a proper password). Second, you need to setup your router using DDwrt.
What you have to do is using the physical wireless interface to connect to your phone and create a second virtual interface that will represent your local wireless network.
Here the configuration of of both of them:
# Physical interface
# in Wireless > Basic settings
Wireless Mode: Repeater
Wireless Network Mode: Mixed
Wireless Network Name (SSID): <the name (SSID) of the phone hotspot>
Sensitivity Range (ACK Timing): 2000
Network Configuration: Briged
# Virtual interface
# in Wireless > Basic settings
Wireless Network Name (SSID): <the name (SSID) of your local wireless network>
Wireless SSID broadcast: Enable
AP Isolation: Disable
Network Configuration: Briged
Once done, do not forget to save it and apply the settings. Second phase, you need to secure that. Go to Wireless > Wireless Security:
# Physical interface
Security Mode: WPA2-PSK
WPA Algorithms: CCMP-128 (AES)
WPA Shared Key: <password of your phone hotspot>
Key Renewal Interval (in seconds): 3600
# Virtual interface
Security Mode: WPA2-PSK
WPA Algorithms: CCMP-128 (AES)
WPA Shared Key: <password for your local wireless network>
Key Renewal Interval: 3600
Save the modifications and apply them. Your router should be able to connect to your phone hotspot and enjoy your mobile network.