What Is NoSQL?

By

-

June 1, 2017

NoSQL databases are one of those fun topics where people get all excited because it’s cool and new. But, they’re really not new, they’re different from SQL databases, and they have different use cases. NoSQL is not going to make world peace or give you your own private holodeck but, aside from those deficiencies, it is pretty cool.

What is NoSQL?

NoSQL is a fine multi-purpose term with multiple meanings, thanks to the incurable nerd habit of modifying everything and never being finished. NoSQL means non-SQL, non-relational, distributed, scalable, and not-only-SQL, because many support SQL-type queries. NoSQL-type databases have been around since the olden Unix days, although naturally some people act like they’re a brand-new awesome sauce Web 2.0 thingy. I don’t even know what Web 2.0 is, although I like it for not having blink tags. At any rate, NoSQL and SQL databases have some things in common, and some differences. NoSQL is not a replacement for SQL, and it is not better or worse, but is made for different tasks. The distinction between the two is blurring as they both evolve, and perhaps someday will not be very meaningful.

Traditional RDBMS

Some examples of traditional relational database management systems are MySQL, MariaDB, and PostgreSQL. We know and love these old-time RDBMS because they’re solid and reliable, are proven for ensuring data integrity, and we’re used to them.

But our beloved old-timers don’t fit well into our modern world of fabulously complex and high-speed datacenters. They have formal schema defining tables and field types, and may also have indexes, primary keys, triggers, and stored procedures. You have to start with designing your schema before you can start using your DB. Because of this rigid structure adding a new data type is a significant operation. They don’t scale, cluster, or replicate very easily, so while you can use them for your lovely cloud or distributed datacenter, many NoSQL DBs are designed for the fast-paced anarchic world of cloud and distributed computing.

NoSQL DBs also scale down nicely. When you don’t want all the complexity and overhead of MariaDB or PostgreSQL, or want an embedded DB, try CouchbaseLite, TinyDB, or good old Berkeley DB.

NoSQL Types

NoSQL DBs have flexible schema, which is both a lovely feature and a pitfall. It is easier than wrangling inflexible tables, although it doesn’t mean you don’t have to care about schema, because you do. Sensible design is always better than chaos.

There are over 200 NoSQL-type databases, and these fall into some general categories according to their data models.

Key:Value store uses a hash table of keys/value pairs.

Document-based store uses actual text documents.

Column-based store organizes your data in columns, and each storage block contains data from only one column.

Graph-based DBs are very fast at querying and retrieving diverse data.

Document store DBs include CouchDB, MongoDB, and SequoiaDB. Instead of tables, these use JSON-like field-value pair documents, actual text documents that you type and look at, and documents can be organized into collections. These examples show a little bit about how MongoDB organizes data.

{
   title: "MongoDB: The Definitive Guide",
   author: [ "Kristina Chodorow", "Mike Dirolf" ],
   published_date: ISODate("2010-09-24"),
   pages: 216,
   language: "English",
   publisher: {
              name: "O'Reilly Media",
              founded: 1980,
              location: "CA"
            }
}

There is not a rigid number of fields; you could omit any of the fields in the example, or add more. The publisher information is an embedded sub-document. If the publisher information is going to be re-used a lot, use a reference to make it available to multiple entries.

{
   _id: "oreilly",
   name: "O'Reilly Media",
   founded: 1980,
   location: "CA"
}

{
   _id: 123456789,
   title: "MongoDB: The Definitive Guide",
   author: [ "Kristina Chodorow", "Mike Dirolf" ],
   published_date: ISODate("2010-09-24"),
   pages: 216,
   language: "English",
   publisher_id: "oreilly"
}

Key:value NoSQLs include Redis, Riak, and our old friend Berkeley DB, which has been around since forever. Berkeley DB is the default back end for the Cyrus IMAP server, Exim, Evolution mail client, OpenLDAP, and Bogofilter.

Redis also represents another type of NoSQL database, in-memory. It is very fast because it defaults to running in memory only, with a configurable write-to-disk option (which, of course, is much slower). Redis is replacing Memcached as a distributed memory caching object system on dynamic web sites. If running in memory sounds scary, consider the use case: dynamic web sites delivering all kinds of transient data. If Redis makes the user click an extra time, no biggie. Start it by running redis-server; this is how it looks after installation:

$ redis-server
5786:C 30 May 07:34:06.939 # Warning: no config file specified, using 
the default config. In order to specify a config file use redis-server 
/path/to/redis.conf
5786:M 30 May 07:34:06.940 * Increased maximum number of open files 
to 10032 (it was originally set to 1024).
                _._                                                  
           _.-``__ ''-._                                             
      _.-``    `.  `_.  ''-._           Redis 3.0.6 (00000000/0) 64 bit
  .-`` .-```.  ```/    _.,_ ''-._                                   
 (    '      ,       .-`  | `,    )     Running in standalone mode
 |`-._`-...-` __...-.``-._|'` _.-'|     Port: 6379
 |    `-._   `._    /     _.-'    |     PID: 5786
  `-._    `-._  `-./  _.-'    _.-'                                   
 |`-._`-._    `-.__.-'    _.-'_.-'|                                  
 |    `-._`-._        _.-'_.-'    |           http://redis.io        
  `-._    `-._`-.__.-'_.-'    _.-'                                   
 |`-._`-._    `-.__.-'    _.-'_.-'|                                  
 |    `-._`-._        _.-'_.-'    |                                  
  `-._    `-._`-.__.-'_.-'    _.-'                                   
      `-._    `-.__.-'    _.-'                                       
          `-._        _.-'                                           
              `-.__.-'

Open a second terminal and run redis-cli. Commands in bold are what you type.

$ redis-cli
127.0.0.1:6379> SET my:name "carla schroder"
OK
127.0.0.1:6379> GET my:name
"carla schroder"
127.0.0.1:6379>

Type exit to quit. This is more like using a traditional RDBMS, because everything is done with commands and you don’t have nice text documents to look at.

Column Store Databases include Cassandra and Apache HBase. These store your data in a column format. Why does this matter, you ask? It makes queries and data aggregation easier. With document store and in-memory DBs you have to rely on good program logic to run queries and manipulate your data. Column-store DBs simplify your program logic.

When you see those “You may also be interested in…” links on a web site, they are most likely delivered from a graph-based DB. Graph-based DBs do not use SQL because it is too rigid for such fluid queries. There is not yet a standard query language, so each one is its own special flower. Some examples are InfiniteGraph, OrientDB, and Neo4J.

So, there you have it, another plethora of choices in an already-overloaded tech world. In a nutshell, NoSQL DBs are great for fast prototyping of new schema, raw speed, and scalability. If you want the most data integrity, such as for financial transactions, stick with RDBMS. Though, again, as the two evolve we’re going to see less-clear boundaries and perhaps someday One DB to Rule Them All.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

Ops Engineer Explains Let’s Encrypt’s Automated TLS/SSL Certificate Issuance

By

The Linux Foundation

-

June 1, 2017

Let’s Encrypt is a free, automated and open Certificate Authority issuing digital certificates for website encryption globally. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG), a public benefit organization with a mission to reduce financial, technological, and education barriers to secure communication over the Internet. Let’s Encrypt secures communication for more than 40 million websites.

Jillian Karner, operations engineer at Let’s Encrypt.

In an upcoming presentation at Open Source Summit Japan, Let’s Encrypt technical staff will provide a brief history of the organization’s development and how it has made considered decisions to enable a growing portion of the Web to benefit from the security provided by HTTPS. In this interview, Jillian Karner, operations engineer at Let’s Encrypt expands upon a key differentiator of Let’s Encrypt: its emphasis on automation.

Jillian is a full-time crypto enthusiast with a passion for a free, open, and secure Web. She has worked for start-ups in the security field since her early college years at Arizona State University maintaining secure infrastructures and developing encrypted endpoint to endpoint applications. She is currently working with Let’s Encrypt and looks forward to a 100% encrypted Web.

Linux.com: Can you give our readers some background on Let’s Encrypt? Why was it developed?

Jillian Karner: Let’s Encrypt is a free, automated, and open source certificate authority. It provides websites and endpoints on the Web a TLS/SSL certificate allowing users to communicate to those sites through an encrypted Web session. By having a web server configured with a TLS/SSL certificate, users can reach a site over the HTTPS protocol and know the endpoint has been authenticated and that the communication is encrypted. Let’s Encrypt also worked to write the ACME spec, currently a work in progress draft through the Internet Engineering Task Force (IETF), which defines an automated method for issuing certificates. The spec will allow other certificate authorities to create their own ACME-based CA systems and allows the community to write clients that use these issuance system.

Let’s Encrypt and the related ACME spec were developed with the goal to help encrypt the entire Web. To achieve that, the project was started with the foundation that it needs to be free to reduce the complexity and make it accessible to everyone. And since certificate authorities rely on being trusted, Let’s Encrypt worked to be as transparent as possible from the get-go. The certificate authority software, Boulder, is open-sourced and all the certificates issued are logged to Certificate Transparency and are auditable.

Linux.com: How does automation play into Let’s Encrypt’s approach?

Karner: Automation is a significant part of the Let’s Encrypt ecosystem both in terms of the certificate issuance protocol and the infrastructure that keeps it running. If you’ve ever attempted to get a certificate before Let’s Encrypt entered the game, you know that every few years or so you had to recall the special commands and steps to issue/renew and deploy a certificate. Even the most proficient System Administrators would not look forward to renewing certificates. But the ACME protocol that the Let’s Encrypt certificate authority is developed on enables automatic issuance and renewal of certificates. It was designed to remove the human element of the process and make getting a certificate more accessible for anyone who needs one.

Our team of system administrators has automated most of the processes for maintaining and running Boulder and the related infrastructure. We’ve worked hard to make sure that the environment is available for users with high uptime by using automated checks, repeatable processes, and configuration management tools.

Linux.com: Where do you see automation making a big difference for your users?

Karner: In the case of Let’s Encrypt it makes all the difference. Acquiring certificates is understood to be a tedious task, but with the help of Let’s Encrypt, the intermediary steps are automated and it only requires setting up one of the many available clients to start the process. Once a cert is issued most clients don’t require any manual work for certificate renewal. Since the work of issuing and renewing is automated, it also enables Let’s Encrypt to offer certificates that are valid for 90 days, which improves security in the certificate ecosystem by preventing a compromised certificate from lasting very long, which is much more effective than techniques like certificate revocation. The automation also trickles down to the end users on the Web and improves security for the user because there will be no lapse in a valid certificate.

Linux.com: What are the greatest challenges you’ve faced in building and maintaining Let’s Encrypt?

Karner: The greatest challenge has been dealing with rapid growth. There are nearly 34 million active certificates issued by Let’s Encrypt, and we’re not even at two years of operations. We’re constantly working to improve our services and our operations that will keep downtime to a minimum. With so many users, including large integrators that rely on the service, we have to frequently evaluate our infrastructure usage and needs to make sure we stay ahead of the growth that we see.

Linux.com: What has been the most interesting or fulfilling aspect of working on Let’s Encrypt?

Karner: Let’s Encrypt has a great mission in wanting to encrypt the entire Web and enable better security for users. It’s incredible to be a part of that mission and watch the change happen. When the project started, Firefox Telemetry data showed that only 39% of all Web sessions were encrypted. Now, that number has surpassed 55% and is continuing to increase. It’s fulfilling that people like my parents who aren’t very technical can browse the Web securely because Websites have an easy, free option to get a cert and provide that for them.

View the full agenda of sessions happening this week at Open Source Summit Japan.

Toyota Uses Open-Source Software in New Approach to In-Car Tech

By

Reuters

-

June 1, 2017

Toyota Motor Corp on Wednesday said the infotainment system of its revamped Camry sedan to be sold in the United States will run on a Linux-based, open-source technology platform as it tries to keep up with tech firms in developing software for cars.

With the Automotive Grade Linux (AGL) system in a mainstay model, Toyota aims to have the flexibility to customise its software, while it would also keep user data that could otherwise be captured by CarPlay from Apple Inc or Android Auto from Alphabet Inc’s Google – applications which enable users to access smartphone data through vehicle infotainment systems.

Streamlining Kubernetes Development with Draft

By

Microsoft Developer Blog

-

June 1, 2017

Application containers have skyrocketed in popularity over the last few years. In recent months, Kubernetes has emerged as a popular solution for orchestrating these containers. While many turn to Kubernetes for its extensible architecture and vibrant open-source community, some still view Kubernetes as too difficult to use.

Today, my team is proud to announce Draft, a tool that streamlines application development and deployment into any Kubernetes cluster. Using two simple commands, developers can now begin hacking on container-based applications without requiring Docker or even installing Kubernetes themselves.

Draft in action

Draft targets the “inner loop” of a developer’s workflow – while developers write code and iterate, but before they commit changes to version control. Let’s see it in action.

7 Cool KDE Tweaks That Will Change Your Life

By

OpenSource.com

-

June 1, 2017

The great thing about KDE’s Plasma desktop is that it’s universally familiar enough for anybody to use, but it’s also got all the knobs and switches needed to become a power user. There’s no way to cover all the great options available in the customizable desktop environment here, but these seven tweaks can change your Plasma experience for the better.

These are based on KDE 5. Most of them also apply to KDE 4, although in some cases extra packages are needed, or the configuration options are in slightly different locations.

The SCION Internet Architecture

By

Communications of the ACM

-

June 1, 2017

The Internet has been successful beyond even the most optimistic expectations. It permeates almost every aspect of our society and economy worldwide. This success has created universal dependence on communication, as many of the processes underpinning modern society would grind to a halt if it were unavailable. However, the state of the safety and availability of the Internet is far from commensurate with its importance.

This article describes SCION, or Scalability, Control, and Isolation On Next-generation networks, an inter-domain network architecture designed to address these issues, covering SCION’s goals, design, and functionality, as well as the results of six years of research we have conducted since our initial publication.

CoreOS Brings Kubernetes-as-a-Service to Enterprise

By

SDx Central

-

June 1, 2017

CoreOS today said it added features to its enterprise container-orchestration platform that include Kubernetes-as-a-service.

The upcoming Tectonic 1.6.4 will allow enterprises to deploy and manage the latest version of upstream Kubernetes across bare metal, public-, private-, and hybrid-cloud environments. The container company says this gives enterprises the flexibility of running their applications on the cloud, without cloud vendor lock-in.

“With Kubernetes-as-a-service, you can update your cluster with no downtime, smart ordering, and either in one click or fully automated,” wrote CoreOS CEO Alex Polvi in a blog post.

Patches Available for Linux sudo Vulnerability

By

Threat Post

-

June 1, 2017

Red Hat, Debian and other Linux distributions yesterday pushed out patches for a high-severity vulnerability in sudo that could be abused by a local attacker to gain root privileges.

Sudo is a program for Linux and UNIX systems that allows standard users to run specific commands as a superuser, such as adding users or performing system updates.

In this case, researchers at Qualys found a vulnerability in sudo’s get_process_ttyname function that allows a local attacker with sudo privileges to run commands as root or elevate privileges to root.

How the Moby Project Pivots Docker’s Open Source Business Model

By

Swapnil Bhartiya

-

May 31, 2017

When Docker creator Solomon Hykes announced the Moby Project at DockerCon, he said it was very close to his heart. It was the second most important project since Docker itself.

What makes the Moby Project so special for Hykes is that it fundamentally changes the Docker world. It changes the way Docker is being developed and consumed. It changes the relationship between Docker the company and Docker the ecosystem, which is the open source community around the project. It changes the entire business model.

Moby, and other components that Docker has open sourced, are result of the continuous pressure the community has been building on Docker to componentize Docker. There was growing criticism of Docker that, instead of being building blocks, Docker was becoming a monolithic solution where ecosystem had no say in the stability and development of those components. There were even rumors of forking Docker. The company responded by releasing core components of Docker to address these concerns. Componentizing Docker addresses those concerns of the community.

“It [Moby] has a more fruitful, more central role in how Docker does open source in general, and it’s our answer to a few different concerns that were articulated by the community over time and also an answer to a problem we had,” said Hykes.

There are many factors that, over a period of time, led to the creation of the project. It’s no secret that Docker containers are experiencing an explosive growth. According to Hykes, Docker Hub downloads have gone from 100 million to 6 billion in the past two years.

With this growth, there has been increasing demand for Docker on more platforms. Docker ended up creating Docker for Windows, Docker for Mac, Docker for Cloud, Docker for Azure…bare metal, virtual machines, and what not.

Over time, Docker has released many core components of Docker, the product, into open source making them independent projects. As a result, Docker became modular, which actually made it easier to build all these separate editions.

As Docker worked on these specialized editions, using the open source components, the production model started to break down. They saw wasted efforts as different teams working on different editions were duplicating efforts.

“There’s a lot of work that’s platform specific, and we’ve created pooling and processes for that,” said Hykes. “For creating different specialized systems out of the same common building blocks, because at the end of the day you still need to run containers for Docker. You need to orchestrate, you need to do networking, etc.,” he continued.

Hykes compares it with the car industry where manufacturers share the same components for totally different cars. Docker is not a huge company, they don’t have all the engineering resources in the world to throw at the problem. They were using the same components for different editions, so all they needed was to create a very efficient internal assembly line to build these systems and solve the problem. Then, they decided to open source this project, which puts all these different open source components together. And, that assembly line is the Moby Project.

Moby has become upstream for Docker. Every bit of code that goes into Docker goes through Moby.

If the relationship between the Moby and Docker reminds you of Fedora and RHEL, then you are right. That’s exactly what it is. The Moby Project is essentially Fedora, and Docker editions equate to RHEL. Moby is a Docker-sponsored project that’s upstream for Docker editions.

“There’s a free version, there’s a commercial version, and the consensus is that at some point beyond a certain scale, if you want to continue to grow both the project and the product, at some point you owe it to both of them to separate them, give them each a clean, well-defined space where the product can thrive as a project and the project can thrive as a product. So, in a nutshell, that’s what Moby is,” Hykes said.

Now the ecosystem and the community can not only contribute and improve the independent components that make Docker, they can participate in the assembly process. It also means they can build their own Docker to suit their own needs.

“Docker is a citizen of this container ecosystem, and the only way for Docker to succeed is if the ecosystem succeeds,” Hykes said.

The Moby project comprises three core components:

A library of containerized back-end components (e.g., a low-level builder, logging facility, volume management, networking, image management, containerd, SwarmKit, etc.)
A framework for assembling the components into a standalone container platform, and tooling to build, test and deploy artifacts for these assemblies.
A reference assembly called Moby Origin, which is the open base for the Docker container platform, as well as examples of container systems using various components from the Moby library or from other projects.

And because all of the Moby components are containers, according to the project page, creating new components is as easy as building a new OCI-compatible container.

Growth of Docker, the company

Moby solved another problem for Docker: identity crisis. Hykes admitted that there was some confusion between Docker the company, Docker the product, and Docker the project. That confusion has been lifted by the creation of the Moby Project.

“Anything with Docker mark is product land, and anything with the Moby Project name or related to it involves open source specific projects created by the open source community, not Docker itself,” said Chris Aniszczyk, executive director of the Open Container Initiative, an open governance project — formed in 2015 by Docker, CoreOS, and others — for the purpose of creating open industry standards around container formats and runtime.

But the creation of Moby has repercussions beyond Docker. “Moby is allowing other people to take parts of the Moby stack and make their own respective product, which people do,” said Aniszczyk.

“Communities can use these components in their own project. The Mesos community is looking at containerd as the core runtime, Kubernetes is looking at adding support for containerd through its CRI effort. It allows tools to be reused across ecosystems, at the same time allowing Docker to innovate on the product side,” Aniszczyk continued.

Along with the freedom to innovate on the product side, Docker has brought in enterprise veteran Steve Singh as CEO.

“I think With Singh coming in, Docker will have a focus on enterprise sales. With Moby and Docker Enterprise Edition, we will see Docker trying to mimic what Red Hat has done with Fedora and RHEL. We will see them push enterprises toward paid Docker Enterprise Edition,” said Aniszczyk.

Evolution of the platform

Right now, containers are the focus of the discussion but that will change as the platform matures. Aniszczyk compares it with the web. Initially, the discussion was around CSS, HTML, and file formats. W3C standardized what it meant to be CSS and HTML. Now the actual innovation and competition is happening between web browser, between developer tooling, different browser engines… on performance. Once you create a web page, it works everywhere.

The same standardization is happening in the container world, where organizations like OCI are standardizing the container format and runtime, the core components. Just as there are different web frameworks like ReactOS, Angular.js, there will be different components and orchestration platforms in the container world, such as Docker Editions, OpenShift, Kubernetes, Mesos, Cloud Foundry. As long as there are standards, these projects are going to compete on features.

“I think in five years, people will talk less about containers, just the way we don’t talk about CSS and HTML,” said Aniszczyk. “Containers will be just be the plumbing making everything work; people will be competing at a high level, at a product level that will package technologies like Kubernetes and OpenShift and so on.”

Want to learn more about containers? Containers Fundamentals (LFS253) is an online, self-paced course designed for those new to container technologies. The course, which is presented as a series of short videos, gives a high-level overview of what containers are and how they help streamline and manage the application lifecycle. Access all the free sample chapter videos now!

Avoid Using Lazy, Privileged Docker Containers

By

Chris Binnie

-

May 31, 2017

It’s probably a little unfair to call everyone who uses privileged containers “lazy” but, from what I’ve seen, some (even security) vendors deserve to be labeled as such.

Running your container using privileged mode opens up a world of pain if your container is abused. Not only are your host’s resources directly accessed with impunity by code within your container (a little like enabling the omnipotent CAP_SYS_ADMIN capability) but you’re also relinquishing the cgroups resource limitations which were added to the kernel as a level of protection, too.

By enabling this dangerous mode, you might consider it like leaving a window open in your house and going away on holiday. It’s simply an unnecessary risk that you shouldn’t be taking.

Don’t get me wrong, certain system “control” containers need full host access, but you’re much better off spending some time figuring out every single capability that your powerful container requires and then opening each one up. You should always strictly work with a “default deny” approach.

In other words, lock everything down and then only open up precisely what you need. This is the only way that security can truly work.

Opening up a specific system component for access should only happen when a requirement has been identified. Then the access must be carefully considered, analyzed, and tested. Otherwise, it remains closed without exception.

You’ll be glad to know that such tasks needn’t be too onerous. Think of an IPtables rule. You might have a ephemeral, temporary End Point which will be destroyed programatically in seven days time. You could create a new rule, make sure it works and set a scheduled job — e.g., using a cron job or an at job, to remove that rule in seven days. The process is logical; test the access works and then delete the rule. Hopefully, it’s relatively easy.

Back to being lax with your container security. Let’s now look at a quick example which, admittedly, is designed to scare you against using privileged mode on your servers unless you really have to.

Directly on our host we’ll check the setting of a kernel parameter, as so:

$ sysctl -a | grep hostname

kernel.hostname = chrisbinnie

Our host is definitely called “chrisbinnie” in this case.

Next, we’ll create a container and prove that the container’s hostname isn’t the same as the host’s name, as seen in Figure 1.

Figure 1: How I created a simple Debian container.

We can see above that we’ve fired up a vanilla Debian container, entered the container and been offered its hashed hostname as we’d expect (6b898d49131e in this case).

Now from within our container we can try and alter the container’s hostname. Note how directly connected to our host’s kernel that an arbitrary container is by default.

Thankfully, however, our host is rejecting the kernel parameter change as shown below.

root@6b898d49131e /# sysctl kernel.hostname=Jurgen
sysctl: setting key "kernel.hostname": Read-only file system

Next (please ignore the container name-change), I’ll simply fire up another container in exactly the same way.

This time I’m going to use this “ps” command below inside our container as shown in Figure 2.

$ ps -eo uid,gid,args

Figure 2: Inside the container, I’m definitely the superuser, the “root” user with UID 0, but I’m not affecting the container’s hostname or thankfully the host’s.

Still with me? Now we’re going to try the same approach but the lazy way. Yes, correct, by opening up the aforementioned and daunting “–privileged” mode.

$ docker run –privileged -it debian bash

In Figure 3, we can see below that the container and host didn’t complain but instead, frighteningly, we had access to the host’s kernel directly and made a parameter change.

Figure 3: We can affect the host’s kernel from within a container.

As you can imagine, altering hostnames is just the beginning. There’s all kinds of permuations from having access to both the kernel and the pseudo filesystems on the host from within a container.

I’d encourage you to experiment using this simple example and other kernel parameters.

In the meantime, make sure that you avoid elevating privileges within your containers at all costs. It’s simply not worth the risk.

Chris Binnie is a Technical Consultant with 20 years of Linux experience and a writer for Linux Magazine and Admin Magazine. His new book Linux Server Security: Hack and Defend teaches you how to launch sophisticated attacks, make your servers invisible and crack complex passwords.

Advance your career in Linux System Administration! Check out the Essentials of System Administration course from The Linux Foundation.

This article originally appeared on DevSecOps.