Ldap on ZachFi

Database Schema Generation with Protobuf

Sat, 10 Apr 2021 10:53:57 -0600

As I look to reduce the number of touch points that are required to make a change to my personal system, I’m always thinking about how to reduce complexity and leverage existing tooling. In this way, we can continue to leverage an existing foundation to build out further abstractions. One such lever I have worked on over the last year was using my gRPC protobuf definitions to generate LDAP schema files that could be loaded into the server to match the objects that I’d be working with in Go.

Schema troubles

Mon, 17 Feb 2020 14:30:18 -0800

Auth8 has been loosing some custom schema for some reason I haven’t been able to identify. I’m wondering if some upgrade caused some issue when I didn’t handle the upgrade properly, so perhaps loading the database from backup is the right move.

First, create a new jail for auth9 on olaf.

profile::jail::host::jails:
  auth9:
    ip4_addr: "%{hiera('profile::jail::host::default_interface')}|172.16.20.111/27"
    ip6_addr: "%{hiera('profile::jail::host::default_interface')}|2001:111:1111:20::515/120"
    properties:
      host_domainname: "l.znet"

Spin up the jail and sign the cert.

Junos Configuration Management

Sun, 13 Jan 2019 16:20:52 -0800

Its been a year since my last post, and I’m thinking its time to make another.

Lately I’ve been trying to work through some network management solutions to try and define the problem more clearly. This is an interesting problem primary because I’m unable to rely on my previous tool sets to get this done. Namely, Puppet running on the host.

There are a couple interesting Python tools for this purpose that I’d given a spin, but the more I was working in them, the more I was wishing I was writing in Go. Most of my actively maintained code these days is Go, and working in two languages for personal infrastructure tooling means I can’t leverage the libraries of one tool in another.

User Management Patterns

Sat, 26 Mar 2016 00:00:00 +0000

User management can be a bit of a sore subject for some admins, but I’ve found it can really pay off when done correctly, though its not always clear what that means. I’ve been on both sides of that line in the past, sometimes when the line moves, and sometimes not.

I’m a believer that managing the users and groups in your organization proficiently and with low overhead is important. It should be done well, if for no other reason, than to be able to state authoritatively who should have access to what and why, ideally requiring as little administrative time as possible once the system is in place.

Using LDAP for Puppet classification

Mon, 23 Nov 2015 00:00:00 +0000

Over the last year, I’ve been slowly moving some of my private Puppet code to use LDAP as a data source. Through this process, a bit of strategy, some tool and some schema has emerged I’ll share here.

It’s worth noting that Puppet has had an LDAP Node Classifier for quite some time, probably longer than I’ve been using Puppet. Though looking over the documentation, you wouldn’t know it, but the most useful bit of this whole work is that fact that Puppet supports the configuration variables necessary to make a connection to an LDAP server, and those variables are available for reference.

Storing Jail data in LDAP

Sun, 14 Jun 2015 20:17:14 +0000

For the past several years, I’ve been running the majority of my lab services out of FreeBSD jails. I don’t have but a handful of services to run and some underpowered hardware to put them on, but jails have grown to become a staple in how I deploy my private infrastructure. One such service that I run is LDAP. I got a wild hare yesterday and though I’d glue the two of them together with a bit of Puppet.

Using Puppet with Fabric

Fri, 15 Aug 2014 00:00:00 +0000

Fabric describes itself as a “library and command-line tool for streamlining the use of SSH for application deployment or systems administration tasks”. To get this work done, Fabric uses what are called “fabfiles’, which is just some python stored in a file called fabfile.py. In terms of execution, it works a lot like Rake from the Ruby world. You have a base command, in this case fab and each task is read from the fabfile.py and executed on request. Nothing too earth shattering.