I keep forgetting how to do this, so I’m putting it here for my own edification. Chrome and Firefox browsers require SAN extensions for ssl certificates to be valid. Create / request certificates with the extensions to save yourself a headache. openssl req \ -newkey rsa:2048 \ -x509 \ -nodes \ -keyout server.key \ -new…
Archive to AWS Glacier with File Encryption
There was a need to start archiving things to AWS Glacier as part of a disaster-recovery initiative. I wrote a bash script to take a target directory, archive it with tar and gzip, encrypt it with gpg, split it into 4GiB chunks, and upload it to Glacier. The script can also handle < 4GiB objects;…
Enable 802.1X forwarding for KVM guests
If you are trying to run a virtual machine using libvirt (KVM) with bridged networking on the host, the default configuration for 802.1D MAC bridging doesn’t support forwarding of EAPOL traffic for 802.1X authentication. Running the wpa_supplicant on the VM guest will fail. The following assumes you’ve already configured bridged networking on the VM host…
OpenStack Using a Rados Block Device
Ok, full disclosure: I’m pretty sure I wrote this way back in 2014 or so. I’m not sure if it is still applicable to current versions of Ceph and OpenStack (or even if this procedure was correct at all). I’m going to go step by step through this at some point to vet this. I…