Technical Note: Disk Encryption using Cryptsetup with Vault as Key Management Service

In Linux Operating system, full disk encryption could be achieved by various solutions: encryptfs, dm-crypt… While a step-by-step setup of disk/partition encryption can be referred from official documentation, integration disk encryption with Key Management solution like Hashicorp Vault is unobvious. Fortunately, there are a package named vaultlocker in Ubuntu Universe repository that ease this integration. I decided to spend my free time to make cryptsetup work with Vault. Notes: A similar request has been made to Cryptsetup but it goes outside of cryptsetup so it was closed.
Read more...

New NUC

Background My old desktop becomes sluggish as I deploy multiple test environment on it. As I also use various desktop applications for my daily works on the same desktop machine, sometimes resource insufficiency freeze the all the applications, interfering my work flows. I am always a fan of small low-energy NUC devices so I take this chance to buy a new NUC device solve my resource issue. Before buying new device, I had some considerations for a NUC.
Read more...

Visualize Enviro Phat Sensors Data

Enviro pHat is an low-cost environmental sensing boards that let you measure temperature, light color, motion and analog sensors. The accompanied python SDK makes writing program to get data from enviro pHat as easy as pie. Enviro pHat could be used in combination with RaspPi zero to become a simple room conditions monitoring sensing board. With grafana and prometheus, it looks so easy to at least build a dashboard for environ pHat sensors data, so I decided to build a enviro pHat dashboard.
Read more...

Manage Local Computing Resource using MAAS

Besides managing bare metal machines, MAAS (Metal as a Service) can also manage KVM guests as long as those machines are boot from network PXE. This feature allow us to efficiently manage local computing resources, while at the same time, leverage JuJu for automatically middle ware deployment. In this post, I will detail steps to manage KVM guest machines using MaaS. System diagram MaaS Managed Machine: MaaS Virtual Machine creates other Virtual machines through KVM Pod.
Read more...

Technical Note: How to Change Juju User Password

Juju User JuJu has an internal user framework, which supports sharing of controllers and models. Using JuJu user feature, a sysadmin could separated users for controllers as in multiple clouds deployment or for users as in multiple systems deployment. Each juju user can have its own permissions at application, model, or controller layer. This separation of responsibilities allow multiple users to manage multiple infrastructures with a clear border of responsibilities.
Read more...

Technical Note: DynamicUser in Systemd

Background Recently, I received a really interesting question from my customer. He found out in his file system two files (directories), which belong to an user that not in /etc/passwd. Specifically in Ubuntu Linux 18.04, these 2 files are /var/lib/private/systemd /var/lib/private/systemd/timesync These two files belong to a user named systemd-timesync with UID/GID in 62583 and this user does not belong to /etc/passwd. Traditionally, a Linux user does not always need to be in /etc/passwd because it can come from many remote sources, for example
Read more...

My Presentation at Developer Summit 2018

Developer Summit one of the biggest developer gathering in Japan, where developer will gather in one day event with full of sessions to gain knowledge and experiences, as well as technology trends of current year. This season’s topic is “society in the expansion of data”. Full event timetable and speakers’ profiles could be confirmed at event homepage (https://event.shoeisha.jp/devsumi/20180727) This year, I’m honored to be one of the speaker at this event (https://event.
Read more...