Stuff I'm Up To

Technical Ramblings

Docker OpenLDAP — February 15, 2020

Docker OpenLDAP

The LDAP instance in our environment is pretty ancient and has served well for many, many years. But there’s one key feature we’d like to see added to our schema – memberOf.

The current group membership is based on memberUID and is a bit clunky by modern standards. Time to upgrade.

This time we’re going to run it in a container. Making it more mobile and resilient. The image we chose osixia/openldap has a lot of pulls and looks a good candidate to use.

Continue reading
Ansible — February 11, 2020

Ansible

After working with Saltstack I thought I’d do some investigation with Ansible. I’m in the market for automation and want a simple means of delivering configuration onto our physical and virtual estate.

Nothing wrong with Saltstack – but broadening the view to Ansible shows it has one key feature that is very attractive. There is no need to install an agent – it uses ssh and will sudo or su to escalate privileges as required.

Continue reading
Linux HA Cluster — February 6, 2020

Linux HA Cluster

Until recently my exposure to Linux HA has sat firmly on the side of deploying systems that sit on top of highly resilient platforms like VMWare that handle all of the network interface and storage high availability and fail over.

Recently I’ve started looking at physical Linux deployments that require their own high availability solution.

I began looking at resilient storage and discovered that the most prevalent product in use is Linbit’s DRBD – Distributed Redundant Block Device. Getting DRBD installed and working went pretty well and was fairly straight forward, but then what do I do about network interfaces and system services?

Continue reading
Firefox Certificates — February 5, 2020

Firefox Certificates

Now with added Chromium!

Fun and games with Nginx and client authentication certificates means we need to deploy certificates to the user for them to trust our CA and have a trusted personal certificate to validate with our server.

I can see why many just pop up a help page and navigate the user through importing the CA and their certificate in the browser. We need to make this a bit more automated though as the machines will be out with customers.

Continue reading
Tunnelling RDP over SSH — February 4, 2020
Dual Boot Windows 10 and Ubuntu — February 3, 2020

Dual Boot Windows 10 and Ubuntu

EFI, Windows 10 and Ubuntu make for a bumpy road. After installing Ubuntu onto the partition I made available in Windows 10, Ubuntu configured grub and when I rebooted there was a nice menu to let me select which OS I wanted to boot. “Ubuntu” or “Windows 10 Boot Manager”.

It worked great … until I booted into Windows 10 and then at the next boot there was no more menu. Just boot straight back into Windows 10 again.

It appears Windows likes to overwrite your boot manager with it’s own after every startup.

After some Googling it’s a common problem, and many look towards EasyUEFI to help. In my case it was useful as it showed me what boot manager Ubuntu was was using, which meant I could use that to replace the Windows 10 boot manager – I didn’t use EasyUEFI for this.

Windows 10 has a command line utility bcdedit that allows you to change boot settings. Now that EasyUEFI let me find that the Ubuntu boot manager used \EFI\ubuntu\shimx64.efi I was able to change the Windows path for the Ubuntu path using:

c:\> bcdedit /set {bootmgr} "\EFI\ubuntu\shimx64.efi"

Of course I made a copy of the settings before changing it from \EFI\Microsoft\Boot\bootmgfw.efi to \EFI\ubuntu\shimx64.efi.

It looks like the basic principle would be applied to other EFI boots of other Linux distributions too. Find the distributions boot efi file and then change Windows 10 to point at that.

A Happy Linux Desktop — February 2, 2020

A Happy Linux Desktop

We’ve all been through lots of window managers from Gnome, LXDE, Cinnamon etc. but I think I’ve finally come up with a pretty desktop environment that I’m happy with.

Debian or Ubuntu with Gnome shell and some shell extensions, themes and icons.

First off add the gnome-shell-extensions and gnome-tweaks packages. You may have to restart or logout to get the extension and tweeks to work together. You’ll need to enable the extension for User Themes so you can choose themes under “Appearance”

$ sudo apt install gnome-shell-extensions gnome-tweaks

Then go and download the Qogir GTK3 theme from gnome-look.org.

Now we want some Suru++ icons. I spent a while being lead around making and building, then gave up and used a git clone from https://github.com/gusbemacbe/suru-plus/ instead.

$ git clone https://github.com/gusbemacbe/suru-plus.git
$ cd suru-plus
$ ./install.sh

Call up Gnome tweaks and set the theme/shell to Qogir and your icons to Suru++.

ntfs-3g UserMapping — February 1, 2020

ntfs-3g UserMapping

Never done dual boot partitioned a Windows and Linux system before and to be fair never really ever want to again. The idea is good in principle but if you want to share a common data drive between the two you are going to have to get your hands dirty with sharing permissions between Linux and Windows.

ntfs-3g can mount a Windows ntfs partition happily in Linux, but I ran into trouble when I redirected windows documents, pictures and music folders into Linux and tried to use the same folders there.

Originally I mounted the NTFS volume onto /home and learned very quickly that this isn’t a good idea. All sorts of issues cropped up about ownership of the .gnupg folder and keys. I eventually settle on mounting the volume onto /mnt/data and using symbolic links for David’s Document, Pictures, Downloads and Music folders.

$ cd ~
$ ln -s /mnt/data/david/Documents

I mounted the Windows D: drive in Linux using an entry /etc/fstab:

UUID=176D74A26CE8F9F7 /mnt/data ntfs-3g auto 0 1

I wanted a seamless user experience so I could create a document or an image file in Windows and use it from the same folder in Linux. I began taking ownership of folders in Windows and then not being able to create files in Linux or vice versa.

Thankfully this was all done for one user so I set about using UserMapping.

Continue reading
SSH Tunnelling – autossh — January 31, 2020
Lsyncd and Docker — January 29, 2020
Gnome Keyring and ssh-agent —

Gnome Keyring and ssh-agent

Every time I fire up a zsh shell terminal in gnome-shell I can’t add my ssh key to an existing ssh-agent instance.

$ ssh-add
Could not open a connection to your authentication agent.

The gnome-keyring-daemon is running, but it just doesn’t seem to set the environment variable SSH_AUTH_SOCK.

I’d have to run ssh-agent and start one listening on a temporary socket and pass the environment settings around terminal sessions. Turns out this is a known issue and the fix is relatively easy.

For zsh add the environment variable to your ~/.zshrc

export SSH_AUTH_SOCK=/run/user/$(id -u)/keyring/ssh

Now any call to ssh-add in a terminal works as expected.

You might want to do the same for other shells in ~/.profile etc.

Filesystem Synchronisation — January 28, 2020