Project

General

Profile

How to become an ungleich system engineer » History » Version 4

Nico Schottelius, 03/19/2019 09:40 AM

1 1 Nico Schottelius
h1. How to become an ungleich system engineer
2
3 2 Nico Schottelius
{{toc}}
4
5 1 Nico Schottelius
h2. Status
6
7
This document is *IN PROGRESS*.
8
9
10
h2. Introduction
11
12
If you are interested in the skill set a typical engineer at ungleich needs to have or if you want to improve your skill set for being able to apply at as system engineer, this document is for you.
13 2 Nico Schottelius
This document is structured into topics that you should be able to handle. With one part that describes how to learn that section and one part on how to verify you have learned the right things.
14 1 Nico Schottelius
15
16 3 Nico Schottelius
h2. Operating System Knowledge
17 1 Nico Schottelius
18
If you are fluent in either Linux or BSD, you should easily find your way. If you are not yet, we recommend:
19
20
* Install your own computer with Ubuntu (any version)
21
* Get used to it
22
* Wipe Ubuntu, replace it with Arch Linux
23
* Use it, break it
24
* Switch to Devuan
25
** Understand apt & friends
26
* (optional) Use another machine and install Centos
27
** Observe the differences to all other operating systems you tried before
28
29 3 Nico Schottelius
h2. Networking / IPv6 Knowledge
30 1 Nico Schottelius
31
You know how to separate networks, you are fluent in IPv6 (hint: man sipcalc) and you know some basics of routing ()
32
33 3 Nico Schottelius
h3. Learning IPv6 / Networking
34 1 Nico Schottelius
35 3 Nico Schottelius
* Ensure that your computer has an IPv6 address (read "How to get IPv6":https://ungleich.ch/en-us/cms/blog/2019/02/05/how-to-get-ipv6/)
36
* Ensure that all your computers have GUA (hint: use a VPN, size >= /48 preferred)
37
* Configure a firewall to
38
** all forwarding traffic from your internal network(s)
39
** all traffic to the ssh port of your firewall/router
40
** disallow all other incoming and forwarding traffic
41
42
43
h3. Some questions to check your knowledge:
44
45 1 Nico Schottelius
* Why does the gateway has to be in the same network?
46
* How do IPv6 hosts get their IP addresses?
47
* Why is there an fe80:... default gateway in IPv6?
48 3 Nico Schottelius
* Why is IPv4 NAT not a security feature?
49 1 Nico Schottelius
50
51 3 Nico Schottelius
h2. Ceph Knowledge
52 1 Nico Schottelius
53
You can install, configure and maintain ceph clusters on IPv6 only networks.
54
55
Learning:
56
57
* Take 3 hosts (if you don't have 3 computers, you can get 3 affordable VMs at "IPv6OnlyHosting":https://ipv6onlyhosting.com
58
59
60
Verify questions:
61
62
* Why does ceph need managers?
63
* How to move an OSD to another host?
64
65
66
67
68
69 3 Nico Schottelius
h2. Monitoring Knowledge
70 1 Nico Schottelius
71 3 Nico Schottelius
h3. Learning monitoring
72
73
* Install nagios or icinga, monitor another host
74
* Install collectd and compare what it monitors to icinga and nagios
75 4 Nico Schottelius
* Setup prometheus, node-exporter, grafana and monitor 3+ nodes
76 3 Nico Schottelius
77
78
Verify questions:
79
80
* Why is nagios alone not a good solution?
81
* What is the difference between nagios and icinga?
82
* What is the difference between icinga and check_mk?
83
* Which things do you monitor? Why?