Archive for category Sysadmin

Terraform import with AWS profiles other than default

I’ll come back and clean this up, but for now: Undocumented: It will use the default AWS profile – it will pull in your shared credientials, and use the default values if specified. As per code, use AWS_PROFILE=<name> terraform import aws_db_instance.default <id> to import using a AWS profile that isn’t default. ELB holds onto subnets […]

No Comments

Quick and Dirty Shoestring Startup Infra

At the University of Waterloo, we have a Final Year Design Project/Capstone project. My group is working on a conference management suite called Calligre. We’ve been approaching it as kind of a startup – we presented a pitch at a competition and won! While sorting out admin details with the judges after, they were oddly […]

,

No Comments

Notes from various AWS Investigations

AWS CloudWatch Logs storage charge == S3 storage charge. Possibly less, since the logs are gziped level 6 first. CW Logs makes more sense than using AWS Elasticsearch at small scale – prices start at 1.8c an hour + EBS charges vs 50c/GB of log ingestion + storage For pure log storage & bulk retrival, […]

No Comments

Improving my OpenVPN Ansible Playbook

I had a working OpenVPN configuration. But it wasn’t the best it could be. The manpage for OpenVPN 2.3 (community.openvpn.net/openvpn/wiki/Openvpn23ManPage) was used to find particularly interesting options. For most of the changes I had to find examples and more information through Googling, though blog.g3rt.nl/openvpn-security-tips.html is of particular note for popping up very often. Improving TLS […]

, ,

No Comments

Using the Ansible Slurp module

I recently discovered the slurp module within Ansible when I was attempting to find new modules in Ansible 2.0. It is particularly interesting for me since I’ve been doing a bunch of stuff involving the contents of files on remote nodes for my OpenVPN playbook. So I decided to try using it in one of my […]

No Comments

Backing up & restoring Jenkins

I’m moving my jenkins instance to a new server, which means meaning up & restoring it. Backup The nice thing about it is that it’s almost entirely self-contained in /var/lib/jenkins, which means I really only have 1 directory to backup. I’m using duply to back the folder up – but it’s 1.9GB in size. So to […]

, ,

No Comments

Ansible: Using register with with_items

The motivation for this came from trying implement running a command that depended on whether or not a previous command succeeded. In this case, I was trying to make the creation of duply profiles idempotent. Duply will exit with an error if you attempt to create a profile that already exists, and I didn’t want […]

No Comments

Upgrading to Fedora 23 on OpenVZ

TL;DR: Run dnf –releasever 23 distro-sync instead of dnf system-upgrade on OpenVZ systems I run Fedora on my servers almost exclusively. This means I usually fall behind in upgrading to the latest release, leading me to wonder why I don’t just go with the latest version of CentOS. Then I have lovely cases where CentOS gets horribly […]

, ,

No Comments

Let’s not Encrypt on CentOS5

TL;DR – Let’s Encrypt requires a newer version of OpenSSL than CentOS 5 has installed. Unless you want to pass around with compiling OpenSSL yourself, don’t try it.

,

9 Comments

Let’s Encrypt ALL THE THINGS

Got my first domain using a cert from Let’s Encrypt in under ~10 minutes, including setting up Let’s Encrypt itself. Yes, this is rather game changing. Now to write ansible playbooks around it, and figure out how to get it working for proxied domains automatically.

,

No Comments