Welcome to RTFM!

RTFM is a documentation related to various IT subjects that can give an idea on which steps to follow to achieve some particular tasks.

Objectives

You arrive in a small or bigger company where nothing exists or you need to start from scratch, what would you do? All decisions and changes should be documentated here.

• Architecture

• redundancy

• high availability

• Prod

• staging

Fully automatically deployement on a cloud infrastructure a complete network with:

Todo

• BaseOS

  • naming convention

  • SKEL

  • MOTD

  • basic packages

• DNS server

• LDAP

• SSO

• Backup and restoration

• laptop/tower automatic installation and distant update

• VPN access

• Security

  • motd

  • firewall (and a port management system centralized to open or close them)

  • 2FA

  • SNMP

  • password management and policies

  • patch, migration and update policy

  • Threat detection, itrusion detection

  • …

• Logging [kibana]

• ACL (to access different things, services)

• monitoring and paging (of machines, VMs, services)

• status page for services

• services:

  • annuaire

  • HR system

  • large file sharing

  • Artifact repository manager [artifactory]

  • images building farm [gitlab-ci]

  • code versionning [gitlab]

  • CI/CD and info on DevOps for code, docker images, … [gitlab-ci]

  • communication tools [mattermost]

  • Issue manager [alternative to Jira]

  • documentation manager [sphinx/Gitlab pages]

  • email server

  • ML pipelines (automatic creation of computing nodes when pushing to the pipeline)

    • DVC or Pachyderm

    • Binder with Jupyter notebooks

• to be continued…

• Introduction
• Documentation
  • The importance of dates
  • The README file
• Bare metal setup
  • Naming convention
  • Base Operating System
• CI/CD: test and deploy
• Annexes
  • VIm: a powerful text editor
  • SSH
    • Some Ed25519 Benefits
    • Configuration
    • Key generation
    • Useful commands
  • OpenGPG
    • Asymetric encryption
    • Configuring GnuPG
    • Master key and sub-keys
      • Creating the master key
  • Git: the dev tool
    • Git Configuration
    • Useful commands
  • Sphinx: documentation tool
  • Docker: Containers
    • Good practices
  • Cassandra: NoSQL thanks
  • Misc
    • Give right permissions to a group on a specific directory
    • Create a bootable key
  • Gitlab
    • Issue work flow
  • Ansible: automation at your fingertips
    • Ansible Galaxy
  • Getting started
  • RTFM
    • Installation
    • TODO
• Notes
  • Services list
    • Security - SIEM - Monitoring - Supervision
    • Virtualization - Containerization
    • Backups - Restore
    • Development
    • Deployement
    • Customer
    • Useful services
    • Authentication - Authorization
    • Communication (synchronous or asynchronous)
    • Domain Name
    • Machine learning
    • Search
    • Databases
    • To sort
    • Bare metal provisionning system
• Glossary
• Bibliography

TODO LIST

Todo

• Explanation about what is docker

• how to use it

• how to configure it

• some useful commands

(The original entry is located in /builds/mattberjon/rtfm/source/annexes/tools/docker.rst, line 4.)

Todo

• better description of each configuration

• add several useful aliases

• add configuration for submodule

(The original entry is located in /builds/mattberjon/rtfm/source/annexes/tools/git.rst, line 12.)

Todo

Describe shortly how asymetric encryption works.

(The original entry is located in /builds/mattberjon/rtfm/source/annexes/tools/opengpg.rst, line 12.)

Todo

• Renew the keys

• How to use it with files

• How to use it with emails

• Backup your key pair and contact public keys

• Some useful commands

(The original entry is located in /builds/mattberjon/rtfm/source/annexes/tools/opengpg.rst, line 124.)

Todo

• Explain how to use Sphinx

• how to manage images

• integration of Gitlab snippets

• …

(The original entry is located in /builds/mattberjon/rtfm/source/annexes/tools/sphinx.rst, line 10.)

Todo

Rewrite the part below fully

(The original entry is located in /builds/mattberjon/rtfm/source/annexes/tools/ssh.rst, line 6.)

Todo

• Find the right configuration for server and the client

• How to properly setup a rebound from one server to another

(The original entry is located in /builds/mattberjon/rtfm/source/annexes/tools/ssh.rst, line 31.)

Todo

• SSH key management : https://www.ssh.com/iam/ssh-key-management/

• SSH key management soft: https://www.ssh.com/products/universal-ssh-key-manager/

(The original entry is located in /builds/mattberjon/rtfm/source/annexes/tools/ssh.rst, line 54.)

Todo

• What is VIm

• how to use it

• Nice plugins

• Useful commands

(The original entry is located in /builds/mattberjon/rtfm/source/annexes/tools/vim.rst, line 4.)

Todo

• workflow using git-flow, protected branched

• git hook to ensure

(The original entry is located in /builds/mattberjon/rtfm/source/ci-cd.rst, line 38.)

Todo

• BaseOS

  • naming convention

  • SKEL

  • MOTD

  • basic packages

• DNS server

• LDAP

• SSO

• Backup and restoration

• laptop/tower automatic installation and distant update

• VPN access

• Security

  • motd

  • firewall (and a port management system centralized to open or close them)

  • 2FA

  • SNMP

  • password management and policies

  • patch, migration and update policy

  • Threat detection, itrusion detection

  • …

• Logging [kibana]

• ACL (to access different things, services)

• monitoring and paging (of machines, VMs, services)

• status page for services

• services:

  • annuaire

  • HR system

  • large file sharing

  • Artifact repository manager [artifactory]

  • images building farm [gitlab-ci]

  • code versionning [gitlab]

  • CI/CD and info on DevOps for code, docker images, … [gitlab-ci]

  • communication tools [mattermost]

  • Issue manager [alternative to Jira]

  • documentation manager [sphinx/Gitlab pages]

  • email server

  • ML pipelines (automatic creation of computing nodes when pushing to the pipeline)

    • DVC or Pachyderm

    • Binder with Jupyter notebooks

• to be continued…

(The original entry is located in /builds/mattberjon/rtfm/source/index.rst, line 24.)

Misc

• Create a wifi network connected to a radius server for nominative identification on the network

Hardware provisionning

Apprendre à déployer des OS sur des serveurs en masse - maas: http://maas.io/

Hardware configuration

Apprendre à configurer et gérer des équipements réseau en masse - rconfig: https://www.rconfig.com/ - ansible?

Good practices

• development - git hooks - protected branch - bumping versionning

Use the wireless 4G as an AP for the network on DDwrt

You need first to set up the WIFI hostspot on your phone (with a proper password). Second, you need to setup your router using DDwrt.

What you have to do is using the physical wireless interface to connect to your phone and create a second virtual interface that will represent your local wireless network.

Here the configuration of of both of them:

# Physical interface
# in Wireless > Basic settings
Wireless Mode: Repeater
Wireless Network Mode: Mixed
Wireless Network Name (SSID): <the name (SSID) of the phone hotspot>
Sensitivity Range (ACK Timing): 2000
Network Configuration: Briged

# Virtual interface
# in Wireless > Basic settings
Wireless Network Name (SSID): <the name (SSID) of your local wireless network>
Wireless SSID broadcast: Enable
AP Isolation: Disable
Network Configuration: Briged

Once done, do not forget to save it and apply the settings. Second phase, you need to secure that. Go to Wireless > Wireless Security:

# Physical interface
Security Mode: WPA2-PSK
WPA Algorithms: CCMP-128 (AES)
WPA Shared Key: <password of your phone hotspot>
Key Renewal Interval (in seconds): 3600

# Virtual interface
Security Mode: WPA2-PSK
WPA Algorithms: CCMP-128 (AES)
WPA Shared Key: <password for your local wireless network>
Key Renewal Interval: 3600

Save the modifications and apply them. Your router should be able to connect to your phone hotspot and enjoy your mobile network.