Quick and Dirty Shoestring Startup Infra

At the University of Waterloo, we have a Final Year Design Project/Capstone project. My group is working on a conference management suite called Calligre. We’ve been approaching it as kind of a startup – we presented a pitch at a competition and won! While sorting out admin details with the judges after, they were oddly […]

,

No Comments

Notes from various AWS Investigations

AWS CloudWatch Logs storage charge == S3 storage charge. Possibly less, since the logs are gziped level 6 first. CW Logs makes more sense than using AWS Elasticsearch at small scale – prices start at 1.8c an hour + EBS charges vs 50c/GB of log ingestion + storage For pure log storage & bulk retrival, […]

No Comments

Improving my OpenVPN Ansible Playbook

I had a working OpenVPN configuration. But it wasn’t the best it could be. The manpage for OpenVPN 2.3 (community.openvpn.net/openvpn/wiki/Openvpn23ManPage) was used to find particularly interesting options. For most of the changes I had to find examples and more information through Googling, though blog.g3rt.nl/openvpn-security-tips.html is of particular note for popping up very often. Improving TLS […]

, ,

No Comments

Using Amazon S3 + CloudFront + Certificate Manager to get seamless static HTTPS support

TL;DR: This post documents the process I took to get S3 to return redirect requests over HTTP + HTTPS to a given domain. I’m trying to trim down the number of domains and subdomains that I host on my server, since I’m trying a new policy of moving servers every few months in an attempt […]

No Comments

Using the Ansible Slurp module

I recently discovered the slurp module within Ansible when I was attempting to find new modules in Ansible 2.0. It is particularly interesting for me since I’ve been doing a bunch of stuff involving the contents of files on remote nodes for my OpenVPN playbook. So I decided to try using it in one of my […]

No Comments

Backing up & restoring Jenkins

I’m moving my jenkins instance to a new server, which means meaning up & restoring it. Backup The nice thing about it is that it’s almost entirely self-contained in /var/lib/jenkins, which means I really only have 1 directory to backup. I’m using duply to back the folder up – but it’s 1.9GB in size. So to […]

, ,

No Comments

Ansible: Using register with with_items

The motivation for this came from trying implement running a command that depended on whether or not a previous command succeeded. In this case, I was trying to make the creation of duply profiles idempotent. Duply will exit with an error if you attempt to create a profile that already exists, and I didn’t want […]

No Comments

Checking a SSL certificate’s expiry date with Python

Before I found the –keep-until-expiring option in the Let’s Encrypt command line client, I was thinking I’d have to parse the cert, extract the expiry date, then check it against the current date before returning True or False. Thankfully I found the much easier option, but I decided to post the code I wrote to […]

,

3 Comments

Upgrading to Fedora 23 on OpenVZ

TL;DR: Run dnf –releasever 23 distro-sync instead of dnf system-upgrade on OpenVZ systems I run Fedora on my servers almost exclusively. This means I usually fall behind in upgrading to the latest release, leading me to wonder why I don’t just go with the latest version of CentOS. Then I have lovely cases where CentOS gets horribly […]

, ,

No Comments

Let’s not Encrypt on CentOS5

TL;DR – Let’s Encrypt requires a newer version of OpenSSL than CentOS 5 has installed. Unless you want to pass around with compiling OpenSSL yourself, don’t try it.

,

10 Comments