Stuff I'm Up To

Technical Ramblings

iptables – Part 1 — April 7, 2020

iptables – Part 1

My understanding of iptables is rudimentary and I thought it’s time to improve on it. I have an understanding of firewalls, nat and packet filtering, but putting this into iptables always seems hard work.

There are lots of online resources, but nothing seems to be comprehensive enough to cover everything I wanted and writing these posts also acts as a means of driving the material into my own brain. So I thought I’d document it myself in the way that I would typically use it.

Continue reading
Asterisk PBX v17 Docker — March 14, 2020

Asterisk PBX v17 Docker

In light of the possibility of many people needing to work from home the bss wanted to upgrade the phone system to bring in some fixes and new features for home working.

I’ve no experience of Asterisk and I’m not really a phone person, but he asked me to get a replacement system using the latest v17 release. I noticed there are v16 images available, but he was insistent upon v17. That meant building from source.

It’s a week of firsts as up until now I haven’t built a multi-stage Docker image either.

Continue reading
PostgreSQL and Replication — March 8, 2020
Ansible and Client Certificates — March 4, 2020

Ansible and Client Certificates

Now we know how to inject client certificates into Firefox and Chrome it’s time to automate that process with Ansible.

The goal is to take a client and CA certificate and deliver it to the .pki keystore on the client. The actual generation of the certificate happens using easyrsa and is not part of this process. Let’s assume you already have generated a series of certificates, and converted them to a .pfx (pkcs12) for each client and just need to deliver them – although I may write up that process later.

Further let’s assume you are naming the certificate files with the same inventory hostname you are going to use in Ansible. This is so we can easily identify which file goes to which host, eg.

myclient01.pfx for inventory item myclient01.

Continue reading
PXE Boot and Linux Mint — March 2, 2020
NFS and iptables — March 1, 2020
PXE Booting from a Container — February 29, 2020
Docker and OpenVPN — February 23, 2020

Docker and OpenVPN

I’m using a vpn based on OpenVPN and when I try to fire up a docker-compose set of containers it fails with:

ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network

A quick session of Duck-jitsu and I found: https://github.com/docker/for-linux/issues/418#issuecomment-491323611

A few simple steps sorted it out for me. Create docker network and use an override to tell compose to use it.

$ docker network create localdev --subnet 10.0.1.0/24

docker-compose.override.yml

version: '3'
networks:
  default:
    external:
      name: localdev

This does mean I’ll have to add it into all my local projects that get pushed upstream, but I can add it to .gitignore to prevent it being included.

LAMP Container Set — February 22, 2020
Docker on Ubuntu eoan —

Docker on Ubuntu eoan

The installation on eoan fails with a missing dependency for containerd.io not having an install candidate.

Fix

Edit your /etc/apt/sources.list file and change the eoan version to disco. Or remove the line and re-add it using:

$ sudo add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
   disco \
   stable"

It may still fail to install with an error docker.service Failed with result 'start-limit-hit'. A reboot soon sorted it out followed by a call to apt install.

$ apt install -f

Linux Mint Preseeding — February 21, 2020

Linux Mint Preseeding

Well that was a really tough day. Turns out we have a kinda favouritism for Linux Mint on Desktops. Preseeding for Linux Mint kinda works the same was as Debian, but doesn’t.

Linux Mint uses the Ubuntu flavour of preseeding and uses it’s own ubiquity install process that uses some of the d-i values, but also many of it’s own. Sadly this is nowhere near as documented as the Debian example. When things didn’t work as expected where do I look for help and documentation?

I found some help, from another party, but for installing in German. I figured a few changes to ‘uk’ instead of ‘de’ would be in order – then smiled as the installer turned Cyrillic as it decided ‘uk’ must mean ‘ukraine’!

Continue reading
Debian Preseeding — February 20, 2020

Debian Preseeding

The boss walked in today with a new desktop PC for a new staff member and handed it off saying:

“I hope we aren’t going to be using some antiquated process to install this?”

As a desktop installation hasn’t been a regular thing for me I thought I’d look at automating the delivery and put into practice some of the automation I’ve been working with. Time to look at ‘preseeding’ the Debian install and tidying it all up with a post install process using ansible.

My end goal was to get a desktop installed with authentication using the LDAP client configured for our LAN and to install, and remove some corporate wide applications.

Continue reading