When setting up systems, configuring applications and making changes I prefer to script things rather than follow instructions. Main drawback of scripting is that it takes more time but has (in my view) a number of advantages
- Scripting makes things reproducible
- Allows for checking and validation
- (when needed) can produce change logs
- It can be reused when the same change has
However, frequently these scripts contain sensitive information (e.g. passwords) and must be transferred to someone (or another system) so they should not be stored in clear text. This post explains how to encrypt shell scripts using
Continue reading “Password-Protecting Shell Scripts”
openssl for cross-platform use.
I have been playing for quite a while MQTT to have my Arduino devices communicate with Node-Red for all kinds of automation. Due to the constraints of the Arduino’s, so far I have not been able to effectively secure this as SSL/TLS is not an option on these devices.
Mosquitto supports multiple listeners out of the box though aside from the listener-specific settings all listeners share the same global (e.g. authentication and plugin) settings. To secure my setup and to work on a more permanent solution I needed different settings per listener for which multiple Mosquitto instances are required (i.e. multiple instances of the
Continue reading “Multiple Mosquitto instances on Debian with Systemd”
mosquitto daemon with their configuration and listeners different IP addresses / ports). This was not difficult on my Debian server but as I did not find much documentation on this I will document the necessary steps in this post.
As part of the migration of my MacOS Server to Linux the most tricky service to migrate is Apple’s OpenDirectory service. Although it is based on the open-source OpenLDAP project, Apple did customize things a lot, making it very tricky to move and block a real migration due to these closed-source customizations. Instead of spending a lot of time on trying to figure out how to migrate OpenDirectory, I decided to start with a clean FreeIPA installation and migrate the users to that. Since I have been using MacOS Server’s OpenDirectory handled my authentication for quite some time and ran in to issues before I learned that starting from scratch (and only migrating user information) isn’t that hard and in often the best approach.
As it is already quite long, this post focuses on how to configure FreeIPA on Fedora Core and migrating DNS and users. Integrating MacOS is covered on the FreeIPA WiKi and will be covered in a subsequent post including the integration with Apple’s Profile Server (the main component Apple seems to intend to support in the future). To aid with the configuration / setup I wrote a couple of scripts that are available from my Gitlab instance.
For a few year I have been playing with Raspberry Pi’s. I started off with a 1B, then moved to a a 2B and for some time am heavily using a model 3B as my monitoring (nagios) server while the 2B is being setup for other use (as well as a few Pi Zero’s being used for other things).
Since the switch to the 3B I started to have more and more issues with the SD card getting corrupt. Actually, it wasn’t the card itself but critical files tended to get corrupted, making the system unusable after a while – one of the reasons I scripted the setup of my monitoring server using Ansible). Recently I found this discussion on stackexchange which hinted me on the root cause of my problems – the Raspberry Pi 3B really needs a 2.5A power supply to function correctly.
Continue reading “Raspberry Pi power saving (disable HDMI port and others) – the SystemD way”
As part of the migration of my MacOS Server to Linux the next service to migrate is my PostgreSQL engine. Although PostgreSQL had already been hidden in MacOS Server for some time, it still was included (as internal services like ProfileManager and Calendar and Addressbook Server depend on it. Despite it being hidden, I had still enabled it (manually) and hosted my PostgreSQL databases on my MacOS Server for ages. Despite migrations sometimes being a pain (i.e. not automatic) this worked well so far, including integrating it with the MacOS Server way of using transaction logs for offline backups. (so I will also have to look for a new way to do this). Continue reading “MacOS Server Replacement #2 – Migrating PostgreSQL”
As part of the migration of my MacOS Server to Linux the first service to migrate is my MySQL 5.7 engine. Although MySQL is not part of MacOS Server anymore for a long time (and I had installed it separately), I will cover the migration here as 1) I still had it running on my MacOS Server and 2) the migration wasn’t smooth so decided to share my learnings here. Continue reading “MacOS Server Replacement #1 – Migrating MySQL to MariaDB”