Services

Jason Perrin

Live Q&A: on Piazza

Who am I?

Currently a Site Reliability Engineer (SRE) at Yelp

Previous OCF staff and HKN member

What’s a service?

• Essentially a daemon
• (briefly mentioned last lecture)
• Noninteractive background process
• “Noninteractive” here refers to the owner of the service, not the users using it

What’s special about services?

• Can share services with others and keep running for long periods of time (websites for instance)
• More security concerns
• Can be publically accessible, so anyone could potentially exploit it
• Have to manage connected clients
• Centralize common services so they aren’t duplicated on every machine

What services are running?

• If you have systemd, can just list everything:

​

$ systemd | grep service

[...]

cron.service loaded active running Regular background program processing daemon

[...]

networking.service loaded active exited Raise network interfaces

[...]

ssh.service loaded active running OpenBSD Secure Shell server

[...]

What (networked) services are running?

• sudo netstat -l will show all active ports/sockets listening for connections
• netstat -peanut is also a good one, easy to remember, for showing established connections

(This is running on a VM with an IRC server, and as you can see, there are a lot of other services running with network connectivity)

(some) popular service examples

DNS: Domain Name System

• Mentioned already in the networking lecture
• Nice for humans, since we are bad at remembering numbers
• An essential service
• Usually a memorable IPs (8.8.8.8, 1.1.1.1, 9.9.9.9)

SSH: Secure Shell

• What you have all been using to access your VMs!
• Particularly important to keep running because it’s used for debugging

• Can be used as a tunnel to encrypt other kinds of traffic. Can use HTTP by tunneling it over SSH

LDAP: Lightweight Directory Access Protocol

• A relatively simple directory service (like a phonebook) that stores data about users
• For instance, this is my ldap entry at the OCF ->
• Often used for authentication since it has quite widespread support

NFS: Network File System

• Used to share files between multiple servers, created in 1984
• Edit files on one server, and have them stored on another!
• More storage on a host than otherwise possible, because it’s actually located somewhere else! (networks are cool)

Databases

• PostgreSQL, MySQL/MariaDB, MongoDB, Redis, etc.
• Very useful for any kind of dynamic web applications
• Wordpress, Django, Rails, etc.
• Again, centralizing a common service

Web Servers

• NGINX (pronounced engine-x)
• Designed for concurrency, newer. generally faster than Apache, often used a proxy in front of other services
• Apache
• Generally slower than nginx, but has more features and modules

(if you look up Apache, you’ll find lots of these feathers from various years/designs)

NTP

• Wouldn’t typically think that a system’s clock could be a problem

• One of the oldest protocols still in current use (in use since before 1985)
• Critical for security (SSL/TLS certs), knowing what time it actually is

Syslog

• Need somewhere for all the logs from other services to go

• syslog-ng, rsyslog
• Can be sent over the network, or just stored locally
• Kinda being replaced by journald from systemd

Mail Servers

• Lots of choices out there, but Postfix and Dovecot are both popular examples
• Take your mail and deliver it somewhere else (can also store it on the machine so you can view it there whenever)
• SMTP, POP3, IMAP

Load balancers

• Handling requests for a service all in one place doesn’t scale since you can have millions of clients at a time
• HAProxy, Envoy
• Common open-source load balancers
• Accepts connections, and then sends them on to somewhere else to be answered (to another server)
• NGINX is actually starting to do this too

Sign in!

• https://decal.ocf.io/signin
• Magic word will be announced in class, so come to lecture!