Posts

Securing communication across untrusted networks in modern infrastructure is a must. Even in cases where the particular traffic is not sensitive in nature, the industry is increasingly demanding trust between parties, if for no other reason than to know with whom you are communicating, but how do you get a valid certificate? Well, LetsEncrypt! I’ve recently found myself with a need to secure traffic for private DNS zones and networks. If you’ve been around and paying attention, skip the background, as I’m sure you are aware. For those who don’t currently use LetsEncrypt, maybe a bit of background is in order. ...

User management can be a bit of a sore subject for some admins, but I’ve found it can really pay off when done correctly, though its not always clear what that means. I’ve been on both sides of that line in the past, sometimes when the line moves, and sometimes not. I’m a believer that managing the users and groups in your organization proficiently and with low overhead is important. It should be done well, if for no other reason, than to be able to state authoritatively who should have access to what and why, ideally requiring as little administrative time as possible once the system is in place. ...

Over the last year, I’ve been slowly moving some of my private Puppet code to use LDAP as a data source. Through this process, a bit of strategy, some tool and some schema has emerged I’ll share here. It’s worth noting that Puppet has had an LDAP Node Classifier for quite some time, probably longer than I’ve been using Puppet. Though looking over the documentation, you wouldn’t know it, but the most useful bit of this whole work is that fact that Puppet supports the configuration variables necessary to make a connection to an LDAP server, and those variables are available for reference. ...

For the past several years, I’ve been running the majority of my lab services out of FreeBSD jails. I don’t have but a handful of services to run and some underpowered hardware to put them on, but jails have grown to become a staple in how I deploy my private infrastructure. One such service that I run is LDAP. I got a wild hare yesterday and though I’d glue the two of them together with a bit of Puppet. ...

I recently had some network trouble that isolated a system I use to host FreeBSD jails to be without network. The bummer of it is, that I used this particular system for hosting most of my primary working system. Things like CI and Puppet and such all lived in neat little jails, and while all the little jails and all the little services are still on disk I have no access. I suspect the hand-me-down Cisco switch is the culprit, but after years of service, meh. ...