More then a year ago I wrote a small patch for pyOpenSSL. This patch makes it possible to compare the modulus of both the private key and a public key, in order to confirm a cryptographic match between them. As I have not (yet) made some unit tests, this code is not in them main release. But as the code is in use in my companies systems, this blog will make it a bit more findable, and maybe more people are interested in this interface addition....
In the previous post I wrote about an application capable of storing key-value pairs in an hierarchical way. As this application has an rest interface to request the elements I also wrote an puppet hiera backend. This backend does allow one to use the key-value pairs defined in the application to be used in puppet manifests. This plugin can be found on github https://github.com/woutervb/hiera-central_property. The installation is quite simple, using the following steps:...
For a project I needed to have a central server that could hold key-value pairs. These key-value pairs are meant to be defined once in a hierarchie and have to potential to be overruled higher up in the hierarchie. So if we take a simple tree, using reverse dns names we get something like this: 1. nl 2. vanbommelonline 3. hostname At each of these levels I want to be able to define a parameter, which can be overwritten when the tree becomes more host specific....
After a few days of hacking the source-code I am proud to provide you all with a shorewall6 module for webmin. This module (rev 1) is included in the main development stream of webmin. The current version (rev 2) has been submitted moments ago. The development takes place using webmin and can be found here https://github.com/woutervb/webmin. But obviously one can also wait for the next webmin release to appear or use the main development branch from webmin itself (https://github....
Updating a SSD firmware might seem like a big step on linux, as the biggest audience for the ssd manufacturers are windows users. This means that a lot of tooling and documentation is around on the internet explaining on how todo this on a windows based system. In the case of OCZ the tool used to update the firmware is linux based, or at least there is a linux based version available....
Git (http://git-scm.com/) is one of the modern version management systems available at the moment. This tool is still changing a lot in features from version to version, so having an older version available can be a problem for Enterprise environments. One issue I encountered myself was the lack of (or introduction of) the smart-http transport released in version 1.6.6 (http://progit.org/2010/03/04/smart-http.html). Extremely useful in an Enterprise environment as it is simpler to manage usernames and passwords then ssh keys and operating system users....
Some time ago I had to reinstall a deb based system, which meant installing the packages and configure them. During the configuration I had to rethink how the system was originally configured, without having a proper backup of the system. Some of issues where that the backup contained some configuration files, but files referenced where not included. To overcome this problem I started creating a small piece of code (and placed it on github) which implements the following idea:...
Apache can be configured as a reverse proxy, using the mod_proxy and mod_proxy_http modules. Using mod_rewrite it is possible to create a simple method to proxy http requests based on the hostname. This does assume that there is a logical (programmatically) relation between the hostname used on the proxy and the hostname of the system that is intended to be reached. We can create a mapping like the one below:...
With Debian it is relative easy to setup ipv6 using aiccu. This can be done using the following steps (assuming you already have an account at www.sixxs.net): install aiccu sudo apt-get install aiccu edit de /etc/network/interfaces add the following entries: auto sixxs iface sixxs inet6 manual up ip link set mtu 1480 dev $IFACE pre-up invoke-rc.d aiccu start post-down invoke-rc.d aiccu stop disable the automatic start of aiccu sudo update-rc.d aiccu disable bring the interface up using the command...
Some people already found out the hard way that simply changing the /etc/fstab to make the root filesystem use the journal writeback modus will break the system. The trick to enable this feature is relative simple and involves 1 additional step to editing the /etc/fstab Lets use the below /etc/fstab snippet to illustrate the steps involved /dev/sda5 / defaults 0 0 We change this /etc/fstab snippet to: /dev/sda5 / data=writeback 0 0 And we execute the following command:...