We recently interviewed Joe Doss on how he uses Fedora. This is part of a series on the Fedora Magazine. The series profiles Fedora users and how they use Fedora to get things done. Contact us on the feedback form to express your interest in becoming a interviewee.
Who is Joe Doss?
Joe Doss lives in Chicago, Illinois USA and his favorite food is pizza. He is the Director of Engineering Operations and Kenna Security, Inc. Doss describes his employer this way: “Kenna uses data science to help enterprises combine their infrastructure and application vulnerability data with exploit intelligence to measure risk, predict attacks and prioritize remediation.”
His first Linux distribution was Red Hat Linux 5. A friend of his showed him a computer that wasn’t running Windows. Doss thought it was just a program to install on Windows when his friend gave him a Red Hat Linux 5 install disk. “I proceeded to install this Linux ‘program’ on my Father’s PC,” he says. Luckily for Doss, his father supported his interest in computers. “I ended up totally wiping out the Windows 95 install as a result and this was how I got my first computer.”
At Kenna, Doss’ group makes use of Fedora and Ansible: “We run Fedora Cloud in multiple VPC deployments in AWS and Google Compute with over 200 virtual machines. We use Ansible to automate everything we do with Fedora.”
Doss brews beer at home and contributes to open source in his free time. He also has a cat named Tibby. “I rescued Tibby off the street the Hyde Park neighborhood of Chicago when she was 7 months old. She is not very smart, but she makes up for that with cuteness.” His favorite place to visit is his childhood home of Michigan, but Doss says, “anywhere with a warm beach, a cool drink, and the ocean is pretty nice too.”
The Fedora community
Doss became involved with Fedora and the Fedora community through his job at Kenna Security. When he first joined the company they were using Ubuntu and Chef in production. There was a desire to make the infrastructure more reproducible and reliable, and he says, “I was able to greenfield our deployments with Fedora Cloud and Ansible.” This project got him involved in the Fedora Cloud release.
When asked about his first impression of the Fedora community, Doss said, “Overwhelming to be honest. There is so much going on and it is hard to figure out who are the stakeholders of each part of Fedora.” Once he figured out who he needed to talk to he found the community very welcoming and super supportive.
One of the ideas he had to improve the community was to unite the various projects and team under on bug tracking tool and community resource. “Pagure, Bugzilla, Github, Fedora Forums, Discourse Forums, Mailing lists… it is all over the place and hard to navigate at first.” Despite the initial complexity of becoming familiar with the Fedora Project, Doss feels it is amazingly rewarding to be involved. “It feels awesome it to be apart of a Linux distro that impacts so many people in very positive ways. You can make a difference.”
Doss called out Dusty Mabe at Red Hat for helping him become involved, saying Dusty “has been an amazing mentor and resource for enabling me to contribute back to Fedora.”
Doss has an interesting way of explaining to non-technical friends what he does. “Imagine changing the tires on a very large bus while it is going down the highway at 70 MPH and sometimes you need to get involved with the tire manufacturer to help make this process work well.” This metaphor helps people understand what replacing 200-plus VMs across more than five production VPCs in AWS and Google Compute with every Fedora release.
Doss drew my attention to one specific incident with Fedora 29 and Vagrant. “Recently we encountered an issue where Vagrant wouldn’t set the hostname on a Fresh Fedora 29 Beta VM. This was due to Fedora 29 Cloud no longer shipping the network service stub in favor of NetworkManager. This led to me working with a colleague at Kenna Security to send a patch upstream to the Vagrant project to help their developers produce a fix for Fedora 29. Vagrant usage with Fedora is a very large part of our development cycle at Kenna, and having this broken before the Fedora 29 release would have impacted us a lot.” As Doss said, “Sometimes you need to help make the tires before they go on the bus.”
Doss is the COPR Fedora, RHEL, and CentOS package maintainer for WireGuard VPN. “The CentOS repo just went over 60 thousand downloads last month which is pretty awesome.”
What Hardware?
Doss uses Fedora 29 cloud in the over five VPC deployments in AWS and Google computer. At home he has a SuperMicro SYS-5019A-FTN4 1U Server that runs Fedora 29 Server with Openshift OKD installed on it. His laptops are all Lenovo. “For Laptops I use a ThinkPad T460s for work and a ThinkPad 25 at home. Both have Fedora 29 installed. ThinkPads are the best with Fedora.”
What Software?
Doss used GNOME 3 as his preferred desktop on Fedora Workstation. “I use Sublime Text 3 for my text editor on the desktop or vim on servers.” For development and testing he uses Vagrant. “Ansible is what I use for any kind of automation with Fedora. I maintain an Ansible playbook for setting up my workstation.”
Ansible
I asked Doss if he had advice for people trying to learn Ansible.
“Start small. Automate the stuff that makes your life easier, but don’t over complicate it. Ansible Galaxy is a great resource to get things done quickly, but if you truly want to learn how to use Ansible, writing your own roles and playbooks the path I would take.
“I have helped a lot of my coworkers that have joined my Operations team at Kenna get up to speed on using Ansible by buying them a copy of Ansible for Devops by Jeff Geerling. This book will give anyone new to Ansible the foundation they need to start using it everyday. #ansible on Freenode is a great resource as well along with the official Ansible docs.”
Doss also said, “Knowing what to automate is most likely the most difficult thing to master without over complicating things. Debugging complex playbooks and roles is a close second.”
Home lab
He recommended setting up a home lab. “At Kenna and at home I use Vagrant with the Vagrant-libvirt plugin for developing Ansible roles and playbooks. You can iterate quickly to build your roles and playbooks on your laptop with your favorite editor and run vagrant provision to run your playbook. Quick feedback loop and the ability to burn down your Vagrant VM and start over quickly is an amazing workflow. Below is a sample Vagrant file that I keep handy to spin up a Fedora VM to test my playbooks.”
-- mode: ruby --
vi: set ft=ruby :
Vagrant.configure(2) do |config|
config.vm.provision "shell", inline: "dnf install nfs-utils rpcbind @development-tools @ansible-node redhat-rpm-config gcc-c++ -y"
config.ssh.forward_agent = true
config.vm.define "f29", autostart: false do |f29|
f29.vm.box = "fedora/29-cloud-base"
f29.vm.hostname = "f29.example.com"
f29.vm.provider "libvirt" do |vm|
vm.memory = 2048
vm.cpus = 2
vm.driver = "kvm"
vm.nic_model_type = "e1000"
end
config.vm.synced_folder '.', '/vagrant', disabled: true
config.vm.provision "ansible" do |ansible|
ansible.groups = {
}
ansible.playbook = "playbooks/main.yml"
ansible.inventory_path = "inventory/development"
ansible.extra_vars = {
ansible_python_interpreter: "/usr/bin/python3"
}
# ansible.verbose = 'vvv' end
end
end
Abdiel Rosario
Dream job! Congratulations.
Enrico
Interesting to know that Thinkpads are the best with Fedora. I was looking for a Dell with Ubuntu (to be replaced with Fedora) but now I may also consider a Thinkpad
Paul W. Frields
@Enrico: FWIW, I have a Dell XPS 13 (9370) and Fedora rocks on it. But Thinkpads are also good I hear.
Enrico
Thank you. To be honest I prefer Dell than Lenovo. Have you ever tried a cheaper notebook like a Dell Precision? I can imagine it works fine too
Charles Profitt
Enrico:
I have several Thinkpads (T530, X1 Carbon 2015, X1 Carbon 2018) and a Dell XPS 13 9343 and they all work well with Linux. However, the Dell allows for bios updates with out using Windows or having to burn a bootable CD. I also prefer that Dell allows the user to control the battery charge limits in Bios.
Stuart D Gathman
Thank you so much! Thanks to your casual mention, I just discovered the battery management options in Dell BIOS. I’ve been wishing for something like that (although controlling from the OS would be ideal). When was it introduced?
Charles Profitt
I am not sure, but the 9343 is from 2015.
Enrico
Thanks a lot. I’m glad to hear that they all work fine with Fedora.
Joe Doss
You can actually use https://github.com/hughsie/fwupd to update your firmware without a bootable CD with Fedora 30 Beta. I just updated my Thinkpad 25 this morning.
[jdoss@sts133 ~]$ fwupdmgr get-updates
No upgrades for 20K70004US System Firmware, current is 0.1.57: 0.1.52=older, 0.1.53=older, 0.1.54=older, 0.1.55=older, 0.1.56=older, 0.1.57=same
No upgrades for UEFI Device Firmware, current is 184.60.3561: 184.55.3510=older, 184.60.3561=same
Felix Kaechele
My ThinkPad X1 Carbon Gen5 (2018) also updates it’s BIOS through fwupd. No Windows or CDs required.
Sebastiaan Franken
You can do Lenovo (Thinkpad) BIOS/UEFI updates from a USB drive as well. Run geteltorito -o bios.img g2uj18us.iso (where g2uj18us.iso is the ISO you got from the Lenovo support website), dd that to a thumbdrive and reboot from said drive. It’ll update your UEFI for you just fine.
SergMx
The only thing that I did not understand is the use of the vargant. What is bad ordinary KVM and VIRSH ?
Joe Doss
My Systems Engineering team supports not only our production environments, but also three Development teams, a QA team, and a Support Engineering team. Every team uses our Fedora based development Vagrant to build, test, and support the software that powers Kenna Security. Since most of my coworkers are on OS X laptops, using Vagrant provides a consistent, reproducible, and cross platform development environment workflow for those of us on Fedora with Libvirt (about 9 of us) and for those on OS X with Virtualbox.
You definitely can use KVM with Virsh, but Vagrant with the vagrant-libvirt plugin on Fedora works really well for a quick and reproducible development VM workflow. I would check it out! 🙂
SergMx
Sorry, I did not want to offend anyone, and I believe with pleasure that it works well.
I did not know that you still have parallel work with OS X and Virtual box.
THANK.
Joe Doss
No offence taken at all! You had a great question about why we are using Vagrant over KVM with Virsh and I just wanted to clear it up for you.
Tushar
Windows 95 and Red Hat 5, those were good days.
Edit: “Doss brews beer at home and contributes to open source in my free time.”
Correction: “Doss brews beer at home and contributes to open source in his free time.”
svsv sarma
My HP notebook (2015) works fine for Fedora except that it doesn’t readily accept kernel updates. When virtualization is enabled, trouble starts with kernel updates. When secure boot is enabled VirtualBox complaints. Gnome box/VMM are not satisfactory.
Audun Nes
I am using Fedora 29 with Thinkpad T470, and my previous laptop was also a Thinkpad, possibly in the Edge sub series. The only hardware on my T470 which is not working is keyboard backlight and the fingerprint scanner. These are not features I use, so I have not bothered to try to fix it anyway. In particular the keyboard backlight should be fairly easy to fix if I bothered.
Long time Fedora user, all the way since Fedora Core 1, and I love it! Keep up the great work!