Password Security with GPG in Salt on openSUSE Leap 15.0

We are creating a deployment of openSUSE clients with Salt. Kerberos needs password authentication. Therefore, we want to encrypt passwords before using them in Salt. I want to explain how to integrate that all.

At first, you have to install gpg, python-gnupg and python-pip. openSUSE wants to install only the package python-python-gnupg which isn’t enough for Salt. You have to use additionally pip install python-gpg.

After that, you have to create the directory /etc/salt/gpgkeys with mkdir. That will be the home directory for the decryption key of Salt. Then you can create a password less key in this directory. Salt is not able to enter any password for encryption.

# gpg --gen-key --pinentry-mode loopback --homedir /etc/salt/gpgkeys
gpg (GnuPG) 2.2.5; Copyright (C) 2018 Free Software Foundation, Inc.This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.

Note: Use "gpg2 --full-generate-key" for a full featured key generation dialog.

GnuPG needs to construct a user ID to identify your key.

Real name: Salt-Master
Email address:
You selected this USER-ID:"Salt-Master <>"

Change (N)ame, (E)mail, or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key B24D083B4A54DB47 marked as ultimately trusted
gpg: directory '/root/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/6632312B6E178E0031B9C8E8B24D083B4A54DB47.rev'
public and secret key created and signed.

pub   rsa2048 2019-02-05 [SC] [expires: 2021-02-04]
uid   Salt-Master <>
sub   rsa2048 2019-02-05 [E] [expires: 2021-02-04]

After that you have to export and import your public and secret key in an importable format. Salt can not decrypt passwords without the Secret Key.

# gpg --homedir /etc/salt/gpgkeys --export-secret-keys --armor > /etc/salt/gpgkeys/Salt-Master.key
# gpg --homedir /etc/salt/gpgkeys --armor --export > /etc/salt/gpgkeys/Salt-Master.gpg
# gpg --import Salt-Master.key
gpg: key 9BE990C7DBD19726: public key "Salt-Master <>" imported
gpg: key 9BE990C7DBD19726: secret key imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg:       secret keys read: 1
gpg:   secret keys imported: 1

# gpg --import
gpg: key 9BE990C7DBD19726: "Salt-Master <>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

The key has the validity unknown at the moment. We have to trust that. Therefore, we have to edit the key, trust that, enter a 5 for utimately and save that.

# gpg --key-edit Salt-Master
gpg (GnuPG) 2.2.5; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  rsa2048/3580EA8183E8E03E
     created: 2019-02-05  expires: 2021-02-04  usage: SC
     trust: unknown       validity: unknown
ssb  rsa2048/4ABC9E975BD76370
     created: 2019-02-05  expires: 2021-02-04  usage: E
[ unknown] (1). Salt-Master <>

gpg> trust
sec  rsa2048/3580EA8183E8E03E
     created: 2019-02-05  expires: 2021-02-04  usage: SC
     trust: unknown       validity: unknown
ssb  rsa2048/4ABC9E975BD76370
     created: 2019-02-05  expires: 2021-02-04  usage: E
[ unknown] (1). Salt-Master <>

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 5
Do you really want to set this key to ultimate trust? (y/N) y

sec  rsa2048/3580EA8183E8E03E
     created: 2019-03-07  expires: 2021-03-06  usage: SC
     trust: ultimate      validity: unknown
ssb  rsa2048/4ABC9E975BD76370
     created: 2019-03-07  expires: 2021-03-06  usage: E
[ unknown] (1). Salt-Master <>
Please note that the shown key validity is not necessarily correct
unless you restart the program.
gpg> save

So the key is validity and usable. You can see your keys listed with following commands.

# gpg --list-keys
# gpg --homedir /etc/salt/gpgkeys --list-keys

Salt needs access to the key for decryption. Therefore, you have to change permissions on /etc/salt/gpgkeys.

# chmod 0700 /etc/salt/gpgkeys
# chown -R salt /etc/salt/gpgkeys

We can decrypt passwords with the key now. Replace supersecret with your password and Salt-Master with the name of the key.

# echo -n "supersecret" | gpg --armor --batch --trust-model always --encrypt -r "Salt-Master"
    -----BEGIN PGP MESSAGE-----

    -----END PGP MESSAGE-----

The output is a Base64 encoded PGP Message. You can use that in your sls file (in my case kerberos.sls) in the pillar directory.

  principal: X95A
  password: |
    -----BEGIN PGP MESSAGE-----

    -----END PGP MESSAGE-----

Salt is not able to distinguish encrypted from non-encrypted strings at the moment.

You have to uncomment the entry gpg_keydir: and add /etc/salt/gpgkeys in the salt-master configuration of /etc/salt/master. In addition, you can find the part with decrypt_pillar:. In my case, I add – ‚kerberos:password‘: gpg there.

You need a restart of the service salt-master. Afterwards Salt knows, that the special pillar entry has to be decrypted with gpg. Following you can run the sls file on any salt client and Salt can use the password.

At the end you should remove the command with your password for the PGP Message creation in your bash history. Therefore, edit ~/.bash_history and remove the entry with echo. So nobody can figure out the secure encrypted password for the user.

Running for the openSUSE Board again…

One period is more quickly left than you can imagine and I am running for re-election for the openSUSE Board!
My name is Sarah Julia Kriesch and I am a work experienced Student in Computer Science at 2 universities.
I am completing my Study Abroad Semester at the University of Bristol at the moment and I have a running IT project at my home university Nuremberg Institute of Technology Georg Simon Ohm. In addition, I am working as a Student Research Assistant at my home university.

A lot has happened in the last years and I try to combine my studies with openSUSE Contributions as best as possible. I am the Founder of the Working Group Open Source  at the Faculty of Computer Science of the Nuremberg Institute of Technology. We offer workshops in Linux and Open Source bi-weekly. These are open for Students by other Faculties, too. I am the Educator for our Orga Team with Linux Trainers. We have presentations and workshops in cooperation with openSUSE every semester. I want to forward such Open Source education everywhere in Germany.

Our IT project is a migration of our Linux Laboratory from Ubuntu to openSUSE Leap. We automate that with Salt and that all have to work with Kerberos authentication. So our Students are able to use their AD accounts and special sums have to be debited against our student cards for printing with Kerberos tickets then. We are working in cooperation with SUSE here.

I have occupied myself with different units in Bristol. I have HPC, Embedded & Real-Time Systems, Security and Sustainability. I am glad to be allowed to combine a part of my exam in Sustainability with openSUSE. I wanted to create a project plan to improve our Sustainability for my next period in the openSUSE Board. My election pledge is the switch from DVDs to USB flash drives in the marketing material.

My efforts within openSUSE is mainly an education part at our university to receive new openSUSE/ Open Source Contributors and being active as an Advocate at different conferences and expos. I have switched from Germany to the United Kingdom for this semester. This year I will return to Germany. Another role is the Global Coordinator Localization incl. German translations and the Wiki.

Going forward and joining Germany again, I want to concentrate more on the well-being of the openSUSE Community. You don‘t receive new Contributors if you don‘t have the correct climate in the community and some would be unsatisfied. I want to build that on the introduction of the Board publicity by our elected Board Members in the last year. That would improve the collaboration and respect within openSUSE.

I am much obliged to be an elected Board Member for 2 years. I appreciate receiving your votes for a second term.

Thank you in advance!






Die University of Bristol ist „cool“!

This series of articles about Study Abroad is written in German, because Study Abroad Semesters should be planned early and Students with work experience (without Abitur) have to earn those relevant qualifications for abroad during their studies. These articles should be trackable for all interested Computer Science Experts with work experience.

Die Doppelbedeutung von „cool“ sollte man bei der University of Bristol Ernst nehmen!
Wir sitzen im Wintersemester wirklich in warmer Winterkleidung in der Vorlesung, während die Dozenten vorne auch ihre Winterjacken anbehalten. Im Studentenwohnheim ist es nicht besser. Untertags ist die Heizung aus, sodass man abends in ein Zimmer mit 12°C kommt. Bevor man sich an die Hausaufgaben setzt, muss also geheizt werden.

Bristol Suspension Bridge

Parallel dazu wird hier viel Geld in die Forschung und die Infrastruktur im Hintergrund gesteckt!
Ich habe das Fach „An Introduction to High Performance Computing“ belegt und darf dabei per SSH mit dem Blue Crystal Cluster arbeiten. Zuerst haben wir normale Optimierungen in C am stencil-Code durchgeführt. Anschließend haben wir MPI und OpenMP kennengelernt.

Embedded Systems and Real Time Systems


Das schönste Fach ist „Embedded Systems and Real Time Systems“. Das ARM-Lab ist schön geheizt und wir dürfen Roboter programmieren und fahren lassen, während diese „Star Wars“ als Musik abspielen. Im ersten Teil stand auch ein bisschen VHDL mit auf dem Plan. Allgemein ist dieses Labor super ausgestattet, so dass es dort viel zu entdecken gibt.


In Security habe ich einen Dozenten, der ursprünglich aus der Schweiz kommt. Die Faculty of Engineering ist allgemein an Professoren mit Deutschen Hintergrund sehr interessiert. Laut einer Maschinenbau-Professorin sind Deutsche zuverlässiger und schauen auf die Qualität.

Neben der Uni gehe ich aber auch auf Veranstaltungen. Es gibt Konferenzen, wie die Freenode Live, in Bristol, wo ich einen Vortrag halten durfte. So kommt man auch ein bisschen mit Britischen Informatikern in Kontakt. An der Uni habe ich 2 Studenten aus dem Second Year als Parents. Jeder neue Student kriegt Parents, die einen beim Start an der University of Bristol unterstützen. Ich hatte Glück, dass meine Parents in der Fachschaft aktiv sind. Sie waren allgemein sehr an den Situationen und potentiellen Problemen innerhalb der Fakultät interessiert. Als Dankeschön erhielten sie Tipps, wie man den Einstieg in Open-Source-Communities findet.

Als Fachinformatiker mit Beruflicher Qualifikation für ein Auslandssemester nach Großbritannien

This series of articles about Study Abroad is written in German, because Study Abroad Semesters should be planned early and Students with work experience (without Abitur) have to earn those relevant qualifications for abroad during their studies. These articles should be trackable for all interested Computer Science Experts with work experience.

Schon während meiner Ausbildung zur Fachinformatikerin – Systemintegration hatte ich den Wunsch zu studieren, und am Besten noch ein Auslandssemester zu integrieren. In der Firma wurde ich eher ausgelacht, weil ich nur den Realschulabschluß hatte. Allerdings hatten wir von der Berufsschule aus einen Studieninformationstag an der FAU dabei, weil wir mit 3 Jahren Berufserfahrung studieren durften. Am letzten Berufsschultag setzte sich also eine Gruppe an Fachinformatiker-Absolventen zusammen und plante das Studium mit 3 Jahren Berufserfahrung an der Ohm-Hochschule (jetzt TH Nürnberg).

Während meiner Berufserfahrung als Linux-Systemadministratorin habe ich jedes Jahr ein bisschen Geld für das Auslandssemester zurückgelegt. Mit 4 Jahren Berufserfahrung hatte ich genug zusammen und bewarb mich erfolgreich an der TH Nürnberg für Informatik. Außerdem erhielt ich die Zusage für das Aufstiegsstipendium. Schon am ersten Tag informierte ich mich über Hochschulpartnerschaften und Möglichkeiten ins Ausland zu gehen. Genauso waren die Anforderungen wichtig.

Anforderungen an Beruflich Qualifizierte für ein Auslandssemester:

1. ) Komplett bestandenes Grundlagenstudium (1. und 2. Semester)

2. ) Englisch-Zertifikat min. B2 (DAAD-Sprachnachweis, TOEFL, IELTS)

3. ) Noten entsprechend dem NC der jeweiligen Hochschule

4.) Motivation Letter

Über unser Language Center ist es möglich in Englisch bis zum C1-Level zu belegen und sich so neben dem normalen Studium  auf die Sprachzertifikate vorzubereiten. Den DAAD-Sprachnachweis gibt es bei uns umsonst, wenn man Gründe – wie einen Auslandsaufenthalt – mit angibt. In der mündlichen Prüfung war die Prüferin über den Grund „fehlendes Abitur“ etwas erstaunt, weil sie so einen Fall noch nie hatte. Somit habe ich im 3. Semester einen Nachweis für Englisch C1 erworben.

Zuerst wollte ich mich für eine Partnerhochschule in Australien bewerben. Allerdings ging das nicht, weil wir nicht genug Austauschstudenten nach Deutschland bekommen. Dann entschloss ich mich als Freemover (selbst organisiert) ins Ausland zu gehen. Ich habe meine Professoren nach Empfehlungen (neben Oxford und Cambridge) gefragt und 2 Professoren haben mir Bristol empfohlen. Auch in den Hochschul-Rankings ist die University of Bristol sehr weit oben mit dabei. Außerdem hat sie Partnerhochschulen, wie die TUM, FAU und die Uni Heidelberg. Zusätzlich gehört sie zur Russell Group.

Um meine Chancen auf einen Studienplatz ohne Abitur zu erhöhen, bin ich auf einen Professor wegen einem Empfehlungsschreiben zugegangen. Da kamen nicht nur die bestandenen Fächer rein, sondern auch das ehrenamtliche Engagement in der Fachschaft, das Resultat der Gründung der AG Open Source, mein Workshop beim IN Vision Day und zum Schluß noch openSUSE. Damit war das fertige Empfehlungsschreiben 1,5 Seiten lang.

In Deutschland gibt es Organisationen, die Studenten bei den Bewerbungen als Freemover unterstützen. College Contact ist eine davon und hat die University of Bristol sogar in einer Liste an Partnerhochschulen dabei. Also habe ich meine Unterlagen dort eingereicht. Nach 2 Wochen kam die Zusage. 🙂

Als nächstes habe ich mich um die allgemeine Finanzierung gekümmert. Über das Aufstiegsstipendium hätte ich keine Übernahme der Studiengebühren gehabt, sondern nur 200€/Monat zusätzlich zum normalen Stipendium. Mit Beruflicher Qualifikation ist man aber auch noch elternunabhängig Bafög-berechtigt (solange Studienbeginn in Deutschland vor dem 30. Geburtstag). Das Auslands-Bafög übernimmt zusätzlich 4.600€ Studiengebühren (Stand: 2018) für 1 Semester oder ein ganzes Jahr und die Kosten für die Auslands-Krankenversicherung. Das muss auch nicht zurückgezahlt werden! Also setze ich jetzt für ein Semester das Stipendium aus und habe Bafög beantragt. In der Summe kostet das Studium in Großbritannien dann fast genauso wenig wie in Deutschland. Wer als  Student die Kosten per Vorkasse nicht alleine tragen kann, kann einen KfW-Studienkredit, den Festo-Bildungsfonds oder den Bildungsfonds der Deutschen Bildung in Anspruch nehmen.

Als internationaler Student durfte ich mir 2 Studenten-Unterkünfte der Universität aussuchen, wo man dann eine garantierte Zusage erhält. Ich wohne jetzt im Waverley House, was zu Riverside (3 Studentenwohnheime nebeneinander) gehört. In unserer Flat sind wir 3 Deutsche Studenten, 2 Australierinnen und 1 Studentin aus Kanada. Eine der Australierinnen studiert hier Deutsche Geschichte. Eigentlich wollte ich ein bisschen internationaler wohnen. ^^

Die Welcome Week war mittelmäßig organisiert. Am ersten Tag gab es Einführungsveranstaltungen der Student Accommodations und vom International Office für uns. Das war gut organisiert. Man lernte alle neuen internationalen Studenten kennen. Eigentlich sollte man einen Stundenplan für die Welcome Week des entsprechenden Studiengangs erhalten, wo man sich für die meisten Fächer beworben hat. Statt Computer Science erhielten wir Informatiker aber Civil Engineering. Zur Besprechung unserer Wünsche wurden wir dann von einem Fach zum nächsten geschickt, bis sich eine Mechanik-Professorin um uns kümmerte und uns Ratschläge gab, weil wir von unserem Studiengang am Montag abend eine E-Mail erhielten, dass 60% unserer gewählten Fächer wegen Überfüllung internationalen Studenten nicht zur Verfügung stehen würden. An der School of Computer Science wollte man uns mit unseren Problemen nicht direkt an den Director for International Students weiterleiten, sondern wollte uns erst am Mittwoch wiedersehen. In der Zwischenzeit habe ich mich einem Master-Studenten angeschlossen, der die gleichen Fächer belegt hatte, die ich auch haben wollte (3. Jahr Bachelor) und ging auf die Einführungsveranstaltungen für Postgraduate Students. Am Mittwoch sollten wir unsere Alternativfächer abgeben, aber in der ausgelegten Liste gab es nichts, was wir zusätzlich nehmen konnten. Ich habe sofort einen Termin beim Director for International Students erhalten. Er war erstaunt, dass ich nicht schon am Dienstag zu ihm durfte. Er nahm meine Wünsche auf.

Der Postgraduate Student hatte den Professor für Embedded Systems als Program Director und somit eine Einführungsveranstaltung bei ihm. Ich bin anschließend für ein Gespräch auf ihn zugegangen und erhielt einen zusätzlichen Platz in seinem Fach. Machine Learning wurde für uns gestrichen. Als Alternativfach wurde mir dann Sustainability, Technology & Business vorgeschlagen, was auf der Homepage für dieses Semester nicht mit aufgelistet wurde. Nach langem Zögern habe ich zugesagt, als ich ein vergleichbares Fach auch an der TH Nürnberg in der FWPF-Liste sah. Ein weiteres Fach, wo ich eine Zusage erhielt, ist Introduction to High Performance Computing.

Die Uni hat viele grüne Landschaften und Gärten außen rum. Dort verbringe ich viele Mittagspausen.

Die Kurse sind internationaler als gedacht. Ich habe mehr Chinesen als Engländer kennengelernt. Dafür ist das Studium praxisorientierter als an der TH Nürnberg. Jedes Fach hat hier Unterricht in Laboren und 2 meiner Fächer basieren nur auf praktischen Leistungen. Nach 3 Wochen musste ich in Embedded Systems & Real Time Systems ein Quiz abgeben, das zu 30% in die Endnote mit einfließt. Nächste Woche muss ich Code-Optimierungen für HPC abgeben. Die Labore sind super ausgestattet. Dafür sind sie auch fast den ganzen Tag mit Studenten gefüllt (inkl. Mittagspausen).

Genauso werden Gastdozenten eingeladen. In HPC hatten wir Unterricht von einem Principal Software Engineer von Intel und wurden zu einem IBM Meetup eingeladen. In Sustainability haben wir zusätzlichen Unterricht vom Sustainability Manager der Universität, der die Forschungsarbeiten vorstellt. Unser Professor hat früher als Führungskraft für die HP Labs gearbeitet. Unser Embedded-Professor kam mit Praxis bei ARM an die Uni und pflegt dort die Kontakte.

Jede Woche organisiert die Computer Science Society Vorträge für die Studenten. Das Mittagessen mit Pizza wird gesponsort. Mal gibt es Arduino-Workshops, mal git oder „Wie bewibt man sich erfolgreich im Silicon Valley“. Einige Sachen sind richtig interessant und es macht Sinn zu diesen Veranstaltungen zu gehen.

Um Kontakt zu Engländern zu bekommen, bin ich 3 Societies beigetreten. „Women in Engineering“ engagiert sich für mehr Frauen in technischen Fächern und gibt – wie die AG Open Source – Wissen weiter. Die „Computer Science Society“ ist ähnlich aufgebaut wie unsere Fachschaft Informatik und organisiert die oben genannten Veranstaltungen. Zum Schluß bin ich noch bei der „University of Bristol Expedition Society“. Diese Society geht klettern. Anfänger gehen zuerst in Bristol bouldern und anschließend macht man Ausflüge ins Gebirge von England. Es macht Spaß und langweilen tut man sich hier nicht. 🙂





English C1 on a smart way

I received my C1 certificate by the DAAD. That’s easier than thought in Germany…

Most German universities offer language courses parallel to default  studying.

The Nuremberg Institute of Technology has the Language Center  for that. We are allowed to take such courses during  the  semester break, too. So  I took part of the C1 course.  At the end we wrote an essay as the  test. This course  is accepted  as a compulsory optional  subject  in Computer Science and as the written part for the DAAD test. At the end I  had to speak with a native speaker of the Language Center for the speaking part.

I told about my way of life and why I“m studying now. Other topics were staying abroads during conferences and openSUSE. After that I should say something about my favourite countries for studying abroad and Computer Science.

The teacher of the Language Center made some notes and after that she had a list for the university and my certificate. The university has received the list of the speaking test. 2 crosses were made on C2 level and the rest  on C1 level, because I have received a lot of English training in speaking in my free time.

The highest DAAD level is C1. So I have received everywhere a C1 level in English. I can apply for studying abroad now. 🙂

AG Open Source and our responsibilities

Last semester I founded the AG Open Source at our university. We are organizing workshops and hackathons in cooperation with open source projects/ companies. Our students should learn more about open source development and how to contribute. The difference to the Friedrich-Alexander-University and their professorship in open source development is that we want to learn the real practice by professionals.

After 3 months we had a reputation. The AG Open Source should be open for other faculties, too. EFI (electronic – fine mechanics – information technology) has been interested for our events. So students in Computer Science and Electronics are receiving basic courses in Linux and using git. In addition, we create a program which is different every semester. Last semester we had topics like security and the ownCloud hackathon. This semester our focus is on monitoring and docker.

I am the Lead of the AG Open Source. I am educating other students in the student council for different positions in the AG. We need an additional lead. So I have one student as a Junior Lead who is being taught in organization, email writing and publishing by me. Two other students want to become Linux Trainers. They  have to know all about the cooperation with other  AGs in the student council and their processes, too.

Last semester I was the Linux Trainer in all Linux workshops. One (advanced) student supported me with running through the lines and looking for different students. Other students in my semester are interested for this job this semester, too. Last week we received the request for a Linux course for advanced Linux users parallel to the Linux course for beginners. So I am teaching one student to pick up my course for beginners. Next semester we’ll use 2 rooms for this event. I’m planning the course for Advanced Linux Users.


Since this week we are responsible for a new task at our university: Linux

support for students

A EFI student stood in the door of our student council for Computer Science and said: „I’m not from this faculty, but I need Linux support by the AG Open Source. Nobody else can help me. I was in the data center. They want to support only Windows. I can’t find anybody at our faculty, too.“

The data center has reconfigured eduroam. That’s the Wifi for students and professors. We need additional entries for Linux systems and a new certificate now. I configured his Wifi and I know: I have to educate Linux Supporters for our AG. On our internal homepage openSUSE and Android are listed as supported operating systems (Linux) by the data center, but our Sysadmins don’t know what to do there. All students are coming to the student council for Computer Science now, because they are receiving Linux workshops by us.

Our AG Open Source is growing, but our responsibilities are growing, too!



openSUSE release party at FrOSCon

We had a nice weekend at FrOSCon with a lot of fun. This atmosphere has gone over to our neighbours, so some Fedora Ambassadors wanted to change to openSUSE. That was the last time at the Fedora booth for them and their booth became green.

You can see here a Fedora Ambassador who wants to have openSUSE marketing material for students of the university Marburg. He has green glasses as a signal for his change. He’ll give Linux workshops with openSUSE and wants to become a openSUSE Hero.

We had many visitors the first day. Our release party took place at our booth at 5 o’clock. We were surprised about so many people. The cake was away after a quarter hour. It wasn’t enough for all interested guests. All were happy and toasted the new Leap release with the champagne.

After that we had our first tombola with a big chameleon. What for a surprise! Last year a family of LPI won 2 chameleons. This year a small LPI girl won the first one again. That shows us the partnership between LPI and openSUSE. 🙂


Sunday I went to some interesting presentations. We shared our service at the openSUSE booth. Additional to that we spoke about the OpenRheinRuhr organization, what we want to improve and how we can realize all with new German Advocates. Second day we had a second tombola. This chameleon went to invis server.

Debian and Ubuntu didn’t have any booth. Some Debian users asked us for Debian Contributors. I sent them to Open Office. After this visit they came back and talked with us about openSUSE and what is new. They were really interested.

That was a successful weekend for openSUSE with a lot of fun. Thanks for all the sponsoring at FrOSCon!

openSUSE at Chemnitzer LinuxTage 2017

I went to Chemnitzer LinuxTage last weekend. That was a successful open source event.

openSUSE has got a lot of positive feedback. Some people changed from Ubuntu to openSUSE Tumbleweed and are happy.

There was some misunderstanding with the new release development of openSUSE Leap. Some people thought that would be a second rolling release by openSUSE. After explaining that we want to do that only in the development phase for achieving a more stable operating system and we will have a release day every year again, these cusomers have been happy again and like this idea. More stability is a good reason. 🙂

invis server had his meeting about their new project openSUSE SMB. One openSUSE customer was interested for this project and I brought him to Stefan. Some booth visitors want to visit our next oSC in Nuremberg.

We had more customers than in the year before. Somtimes guys asked how to change to us and to contribute. Linux beginners wanted to have live CDs. We burned flash drives with Tumbleweed live images for them.

Sunday we had a raffle at our booth. The award was a big chameleon. You can see the winner on the picture.At the end I took part of the raffle by Thomas Krenn AG. 🙂

They produce server hardware and storage. Their first award was a low energy server which I won. That‘ s ideal for students like me. The best thing is that this server hardware is supported by openSUSE.

Chemnitzer LinuxTage was a fantasic open source event like every year. Thanks for the sponsoring!

tcpdump of a docker container

You create docker containers and many tools are missing. As an example: tcpdump

So I was looking for a solution for sniffing the traffic from outside of the container. It is recommended to setup an additional (tcpdump) container and to use it with following network connection:

docker pull adamoss/docker-tcpdump

docker run -ti –net=container:${id} adamoss/tcpdump port https or port http


You can specify different ports and save the data in a file. The id is the name of the container and the „–net=container:“ is saying that you want to have input/output traffic of the docker container like the command would be executed on the same system.

Running for the openSUSE Board

Hi! I‘m Sarah Julia Kriesch, 29 years old, educated as a Computer Science Expert for System Integration, and currently studying Computer Science at the TH Nürnberg.


Introduction and Biography

I am a Student at the TH Nürnberg, Student Officer for Computer Science (Fachschaft Informatik) and a Working Student (Admin/ DevOps) at ownCloud. I changed from working life to student life this year. I have received the scholarship „Aufstiegsstipendium“ (translated „upgrading scholarship“) for students with work experience by the BMBF.

I have got 4 years of work experience as a Linux System Administrator in the Core System Administration (Monitoring) at 1&1 Internet AG/ United Internet and as a (Managing) Linux Systems Engineer for MRM Systems (SaaS) at BrandMaker. MRM Systems are systems for project management in marketing (Marketing Ressource Management Systems).

I used SLES/ openSUSE during my German education of information technology for the first time in 2009. In the company I learned installations with YaST. I wanted to know more, which was the reason for going to conferences and expos. I tried to educate myself (with community support and vocational school) until the end of my 2nd year. oSC11 was the time stamp for meeting the openSUSE Community.  Marco Michna wanted to become my Mentor in System Administration and gave me private lessons until his death. I got a scholarship for further education (a free Linux training) by Heinlein. Both were a good base for starting in the job after the vocational training act.

I wasn‘t allowed to contribute to openSUSE during my last year of education, because my education company didn‘t want to see that. They filtered Google after all contributions in forums and communities. That‘s the reason why I am using the anonymous nick name „AdaLovelace“ at openSUSE. I had to wait for joining openSUSE again until my first job where I worked together with Contributors/ Members of Debian, FreeBSD and Fedora.

I started with German translations at openSUSE with half a year of work experience. Most of you know me from oSCs (since 2011). I was Member of the Video Team, the Registration Desk and contributed as a Speaker. Since 2013 I am wiki maintainer in the German wiki and admin there. Since 2014 I am an active Advocate in Germany. I give yearly presentations, organize booths and take part in different Open Source Events. As a GUUG Member (German Unix User Group) I asked for a sponsorship for oSC16. I hold my first (English) presentation about performance monitoring there then.

This year I have joined the Heroes Team and the Release Management Team. I founded the Heroes Team with my friends during the oSC16 because of the spam in the wiki. I became the Coordinator for this project. I am Translation Coordinator now, too. I was responsible for the documentation of openSUSE Leap 42.2. So I wrote a lot in the English wiki this year. I was interviewed (as an Advocate) by the Hacker Public Radio at the FOSDEM 2016.

Some of you know me from different mailing lists. That‘s the best way to reach me.

I love openSUSE and pick up tasks, if I see something to do where I can help with my Sysadmin/ Coordination/ Documentation/ BPM skills. Free periods ( Monday & Tuesday) are reserved for openSUSE Contributions. If somebody asks me for technical help (unimportant whether programming, infrastructure or communication), I‘ll try to find a solution.  I learned to work agile (Scrumban in System Administration) which I want to transfer to my teams in open source projects.

Issues I can see

I want to improve the cooperation between openSUSE and universities/ TH Nürnberg as the founder of the Open Source AG there.

openSUSE should be one of the main distributions on AWS (main AMI).

The openSUSE Infrastructure should be easier to achieve for openSUSE admins, so that we can react on escalations very fast.

Role of the Board

My goal is to have happy customers and developers. That‘s what I want to achieve as an Advocate and (perhaps) as a Board Member in the future.

We should live freedom in the community. Everybody should do what he likes. I don‘t like bossing. But I want to help in leadership with coordination and solutions where needed.

Why you should vote me

  •  I am a geek(o).
  •  I like new technologies and learning.
  •  I know most important people in the community.
  •  I learned coordination in my first job, which I can use as a Board Member, too.
  •  I am educated by communities.
  •  I have got an education in information technology.
  •  I contribute to different parts of the project (technical and non-technical).
  •  I have got a big open source network (openSUSE, ownCloud, GUUG, …).
  •  I have got international work experience.
  •  I love openSUSE.


Aims/ Goals

We should improve openSUSE and hold the position of being one of the best Linux distributions.

I want to be open for cooperation with other Linux/ open source projects.