Portainer has published an article titled “GitOps - The Path Forward” that explores the concept of GitOps and how it can be implemented using the Portainer platform. The article begins by discussing the importance of adhering to compliance standards like GDPR and the need for secure cloud environments. GitOps is presented as a recommended operational framework for implementing infrastructure and development methodologies that ensure compliance and effective infrastructure management.

The article goes on to explain the fundamental concepts of GitOps, including automation, version control, continuous integration/continuous delivery, auditing, compliance, version rollback, and collaboration. It highlights the requirements for implementing GitOps, such as Infrastructure as Code (IaC), pull request reviews, CI/CD pipelines, automation, version control, auditability, rollback and forward capabilities, and collaboration.

The article then focuses on how Portainer facilitates the implementation of GitOps. It mentions that Portainer offers a suite of tools designed specifically for GitOps, including RBAC, automation, and visibility. It highlights the role-based access control (RBAC) feature of Portainer, which provides precise access control to Kubernetes platforms and container runtime environments. Portainer also integrates with authentication providers like LDAP and Microsoft AD. The article further explains how Portainer enables GitOps automation by connecting with Git repositories and allowing for automated application deployment to Kubernetes clusters and container environments. It also mentions how Portainer provides updates and monitoring solutions for GitOps operations through container logs, authentication logs, and event lists.

In conclusion, the article emphasizes that GitOps is a contemporary methodology for managing infrastructure and applications, and leveraging GitOps strategies like auditing, rollback, and roll forward can enhance operational agility, reliability, and compliance. The article highlights the benefits of using the Portainer platform for implementing GitOps, including RBAC, automation, and monitoring capabilities.

Distrobox 1.6 has been released, offering an open-source solution for launching Linux distributions within your terminal. This project, which builds upon Podman and Docker, allows users to create containers of their preferred Linux distribution and seamlessly integrate them with the host environment.

Distrobox has continuously added new features with each release, and version 1.6 is no exception. One notable addition is the support for Lilipod, a simple container manager developed by Luca Di Maio, the lead developer of Distrobox. Lilipod enables users to easily download, unpack, and use OCI images from various container repositories.

In addition to this, Distrobox 1.6 also includes improvements in NVIDIA GPU/driver integration, specifically focusing on CUDA support. The update also brings various enhancements to the init process, refining the experience for initful containers. Now, initful containers support OpenRC where available, offer proper systemd user session support, and come with export fixes. The release also includes numerous bug fixes and other refinements.

Source: Phoronix.

Netmaker, a tool that creates networks using WireGuard, has released version v0.21.2. This tool automates the creation of fast, secure, and distributed virtual networks. Netmaker leverages Kernel WireGuard, which provides maximum speed, performance, and security for the virtual networks it creates.

The latest release, v0.21.2, brings several improvements and fixes to Netmaker. Some of the new features include auto relay via enrollment key and improvements in local routing.

In terms of fixes, the release addresses an inconsistency in DNS entries for networks, ensures validation of unique network CIDR, fixes caching discrepancies in extclient, resolves issues with deleted node peer updates when disconnected from the network, and adds a force deletion option for daemon nodes stuck in the removing state.

However, there are a few known issues with this release. The Windows installer does not install WireGuard, and the netclient-gui may continuously display an error dialog if the Netmaker server is offline. Additionally, there are IPv6 address and route issues on Mac, and the network tab in netclient-gui may appear blank after disconnecting.

Overall, Netmaker’s latest release offers improved functionality and fixes for a smoother experience in creating virtual networks with WireGuard.

In this week’s issue of README Highlight (#46, 2023), we are taking a look at the following project: lldap.

The project is a lightweight authentication server that provides a simplified LDAP interface for authentication. It is designed to integrate with various backends, including KeyCloak, Authelia, Nextcloud, and more. The server comes with a user-friendly web interface that makes user management easy. Users can edit their own details and reset their password by email.

It is important to note that lldap is not a full LDAP server. It is a user management system that is simple to set up and manage, with low resource requirements. It is specifically designed for self-hosting servers and integrates well with open-source components like Nextcloud and Airsonic that only support LDAP as a source of external authentication.

The project uses SQLite as the default backend for data storage, but it can be easily swapped with MySQL/MariaDB or PostgreSQL. Installation options include Docker, Kubernetes, and installation from a package repository. The project also provides detailed instructions for cross-compilation.

For client configuration, lldap is compatible with most services that can use LDAP as an authentication provider. The server uses a specific user DN for authentication and stores users in the ou=people directory by default. The project provides sample client configurations for various services, including Airsonic, Apache Guacamole, Authelia, Bookstack, and many more.

Migrating from SQLite to MySQL/MariaDB or PostgreSQL is also supported, and the project provides detailed instructions for this process.

Comparisons with other services are provided as well. lldap is compared to OpenLDAP, FreeIPA, and Kanidm, highlighting the differences in features, complexity, and resource requirements.

In case of any issues or difficulties logging in, the project provides troubleshooting steps and encourages users to join their Discord server for support.

Contributions to the project are welcome, and the project maintains an open and respectful community.

The Banana Pi BPI-M7 is an upcoming single-board computer that offers impressive specifications and expansion options. Powered by a Rockchip RK3588 processor, the BPI-M7 boasts up to 32GB of RAM and up to 128GB of eMMC storage. It also supports WiFi 6 and Bluetooth 5.2.

What sets the BPI-M7 apart is its compact size and extensive expansion capabilities. With dimensions of just 92 x 62mm, it is comparable to a Raspberry Pi Model B. Despite its small size, the BPI-M7 can support up to three displays, has two 2.5 GbE Ethernet ports, and features an M.2 M-Key slot with PCIe 3.0 x4 NVMe SSD support.

The Rockchip processor at the heart of the BPI-M7 offers powerful performance, with four Cortex-A76 CPU cores running at 2.4 GHz, four Cortex-A55 cores running at 1.8 GHz, Mali-G610 MC4 graphics, and a neural processing unit with up to 6 TOPS of AI performance. The system also supports different memory and storage configurations, including 8GB, 16GB, or 32GB of LPDDR4x onboard memory and a 64GB or 128GB eMMC flash storage module.

In terms of connectivity, the BPI-M7 offers a range of ports and connectors, including USB Type-C with DisplayPort Alt Mode for up to 8K/30Hz output, HDMI 2.1 for 8K@60Hz display, and MIPI-DSI for 4K/60Hz display. It also features two 2.5 GbE Ethernet ports, an M.2 M-Key slot for PCIe 3.0 x4 NVMe SSD, a microSD card reader, USB 3.0 Type-A ports, MIPI-CSI camera connectors, a 40-pin GPIO header, a fan connector, and an audio header.

The Banana Pi BPI-M7 supports both Android 12 and Debian 10 “Buster” with Linux kernel 5.10. While mass production and pricing details are yet to be announced, the makers of the BPI-M7 have produced a small number of samples. With its powerful specifications and expansion options, the BPI-M7 looks promising for server enthusiasts, Linux users, DevOps professionals, and home lab enthusiasts.

Source: Liliputing.

Netgate, the provider of pfSense Community Edition (CE) software, has announced the release of version 2.7.1. pfSense CE is an open-source project that has been supported by Netgate since 2008. The source code for the project is available on GitHub under the Apache 2.0 open-source license. pfSense CE can be used on common hardware to build routers and more.

One major change in this release is the upgrade of OpenSSL to version 3.0.12. This upgrade was necessary as OpenSSL 1.1.1 has reached its End of Life and will no longer receive security patches. With the upgrade to OpenSSL 3.0.12, older and weaker encryption and hash algorithms have been removed, and security certificates based on these algorithms have been deprecated. It is highly recommended to review the release notes and Netgate’s blog post on this topic before performing the upgrade.

Another notable feature in version 2.7.1 is the addition of Kea DHCP as an opt-in feature. While basic functionality is present, it is not yet feature-complete. Switching to the Kea DHCP server can be done through the web interface by navigating to System > Advanced and changing the server backend radio button in the DHCP Options section to “Kea DHCP”. It is important to note that switching to Kea DHCP may result in ignored hostnames for devices on the network that were assigned using static leases or rely on dynamic lease registration in DNS.

This release also includes improved support for SCTP (Stream Control Transmission Protocol) in PF for firewall rules, NAT, and logging. Rules can now act on SCTP packets by port number, whereas previously it was only possible to filter on source or destination address. Additionally, the IPv6 Router Advertisement configuration has been relocated to Services > Router Advertisement as part of the ongoing integration of the Kea DHCP server.

Other changes in version 2.7.1 include the upgrade of PHP to version 8.2.11 and the base operating system to a more recent point of FreeBSD 14-CURRENT. The release also addresses various bugs and issues.

Source: pfSense.