SSL Certificate with SAN Extensions

I keep forgetting how to do this, so I’m putting it here for my own edification.  Chrome and Firefox browsers require SAN extensions for ssl certificates to be valid.  Create / request certificates with the extensions to save yourself a headache. openssl req \ -newkey rsa:2048 \ -x509 \ -nodes \ -keyout server.key \ -new…

Archive to AWS Glacier with File Encryption

There was a need to start archiving things to AWS Glacier as part of a disaster-recovery initiative. I wrote a bash script to take a target directory, archive it with tar and gzip, encrypt it with gpg, split it into 4GiB chunks, and upload it to Glacier.  The script can also handle < 4GiB objects;…

Enable 802.1X forwarding for KVM guests

If you are trying to run a virtual machine using libvirt (KVM) with bridged networking on the host, the default configuration for 802.1D MAC bridging doesn’t support forwarding of EAPOL traffic for 802.1X authentication. Running the wpa_supplicant on the VM guest will fail. The following assumes you’ve already configured bridged networking on the VM host…

OpenStack Using a Rados Block Device

Ok, full disclosure: I’m pretty sure I wrote this way back in 2014 or so.  I’m not sure if it is still applicable to current versions of Ceph and OpenStack (or even if this procedure was correct at all).  I’m going to go step by step through this at some point to vet this.  I…

In-Flight Lessons

I wrote this in March of 2010.  G passed not too much later that year, late May or early June.  I don’t remember, I suck.  We weren’t especially close, certainly not as close as my friend and he were, as well as many others.  But he was a great mentor and I will always remember…