Archive for category Sysadmin

AWS, IPv6 dual stacking, and Terraform

My server had been running for 2 years, and it was overdue for a rebuild. I decided it was time I revisit AWS, and this time, try setting up dual stacking from the start. Which meant I needed to figure out how to get IPv6 working on AWS, and just to make things more interesting, […]

,

No Comments

Terraform import with AWS profiles other than default

I’ll come back and clean this up, but for now: Undocumented: It will use the default AWS profile – it will pull in your shared credientials, and use the default values if specified. As per code, use AWS_PROFILE=<name> terraform import aws_db_instance.default <id> to import using a AWS profile that isn’t default. ELB holds onto subnets […]

No Comments

Quick and Dirty Shoestring Startup Infra

At the University of Waterloo, we have a Final Year Design Project/Capstone project. My group is working on a conference management suite called Calligre. We’ve been approaching it as kind of a startup – we presented a pitch at a competition and won! While sorting out admin details with the judges after, they were oddly […]

,

No Comments

Notes from various AWS Investigations

AWS CloudWatch Logs storage charge == S3 storage charge. Possibly less, since the logs are gziped level 6 first. CW Logs makes more sense than using AWS Elasticsearch at small scale – prices start at 1.8c an hour + EBS charges vs 50c/GB of log ingestion + storage For pure log storage & bulk retrival, […]

No Comments

Improving my OpenVPN Ansible Playbook

I had a working OpenVPN configuration. But it wasn’t the best it could be. The manpage for OpenVPN 2.3 (community.openvpn.net/openvpn/wiki/Openvpn23ManPage) was used to find particularly interesting options. For most of the changes I had to find examples and more information through Googling, though blog.g3rt.nl/openvpn-security-tips.html is of particular note for popping up very often. Improving TLS […]

, ,

No Comments

Using the Ansible Slurp module

I recently discovered the slurp module within Ansible when I was attempting to find new modules in Ansible 2.0. It is particularly interesting for me since I’ve been doing a bunch of stuff involving the contents of files on remote nodes for my OpenVPN playbook. So I decided to try using it in one of my […]

No Comments

Backing up & restoring Jenkins

I’m moving my jenkins instance to a new server, which means meaning up & restoring it. Backup The nice thing about it is that it’s almost entirely self-contained in /var/lib/jenkins, which means I really only have 1 directory to backup. I’m using duply to back the folder up – but it’s 1.9GB in size. So to […]

, ,

No Comments

Ansible: Using register with with_items

The motivation for this came from trying implement running a command that depended on whether or not a previous command succeeded. In this case, I was trying to make the creation of duply profiles idempotent. Duply will exit with an error if you attempt to create a profile that already exists, and I didn’t want […]

No Comments

Upgrading to Fedora 23 on OpenVZ

TL;DR: Run dnf –releasever 23 distro-sync instead of dnf system-upgrade on OpenVZ systems I run Fedora on my servers almost exclusively. This means I usually fall behind in upgrading to the latest release, leading me to wonder why I don’t just go with the latest version of CentOS. Then I have lovely cases where CentOS gets horribly […]

, ,

No Comments

Let’s not Encrypt on CentOS5

TL;DR – Let’s Encrypt requires a newer version of OpenSSL than CentOS 5 has installed. Unless you want to pass around with compiling OpenSSL yourself, don’t try it.

,

10 Comments