• Yubikey two factor authentication for ssh

    After my successfull sudo test I was interested in 2fa for ssh. As a systemadministrator you are always scared about secure login just for you/your team.

    Also ssh 2fa via yubikey is pretty straight forward. It needs some more work than just the sudo case but here we go.

  • Yubikey for sudo 2 Factor Auth

    Some days ago I thought about testing two factor authentication (2FA) with Yubikey. Yubikey is a hardware security key which can do a lot.

    How to test 2FA on a local machine if you don’t want to log you out or destroy anything important? I decided to implement 2FA for sudo command with yubikeys U2F feature. Be aware: This does not work for ssh.

  • handle kvm static ip adresses

    I did a lot of work with libvirt and kvm and for some hosts I wanted to have a fixed IP address but not configured on the host itself. I wanted to get it from dhcp.

  • Minikube increase disk size

    I did some more research and development with kubernetes and minikube. During some tests where the diskspace of one node got bigger than 16GB and I saw a message about DiskPressure in the logs, I figured out that minikube has a default disksize of something around 16GB.

    But how should I test the kubernetes deployments with that small amount of diskspace?

  • Minikube and an insecure registry

    I played around with minikube and kubernetes. In the end I wanted to use my own insecure registry and was looking around to specify the insecure registry in minikube.

    There are multiple ways. Also one to patch docker in minikube directly, but I don’t like these solution.

  • Network 'minikube-net' is not active

    After the last reboot of my local host according to some debian security patches I got some errors to start minikube afterwards.

  • Check if a file was changed in a bash script

    I’m using letsencrypt for most of my servers. One of these servers is behind a firewall without any direct internet connection. Therefore I’m not able to use letsencrypt or dehydrated directly on that server. I’m copying the certificate to a specific location as a normal ssh user and on that host itself I have to check if the certificate was changed to reload the webserver.

  • Puppet could not retrieve catalog...

    Some days ago I got an error on one of my puppet agents which I can’t really explain. Everytime I executed my puppet agent (puppet agent -t -d) I got the following error:

    Could not retrieve catalog from remote server: \ Could not intern from text/pson: "\xC2" on US-ASCII

  • pm-suspend on Ubuntu

    After upgrade to Ubuntu 16.04 I recognized that pm-utils are not used anymore to suspend/resume my notebook. The change was already done with Ubuntu 15.04, but I haven’t recognized it before, because everything was working like expected. I recognized it these days after I changed my windowmanager to i3wm.

    Since Ubuntu 15.04 they don’t use the pm-utils like pm-suspend any more. They use now systemctl commands to suspend if the lid is closed. Therefore my screenlock was not working any more and I had to adapt some things to get the i3 screenlocker i3lock to work.

  • How to use grafana scripted dashboards

    I’m using prometheus to collect metrics of java applications or unix systems. On top I configured grafana just to have a nice an shiny view and to get the possibility to add dashboards and to save my graphs somehow. Grafana is pretty nice to add graphs in a fast way to new dashboards, but what happens if you have, like I have, a lot of metrics which change or new hosts are getting added. That’ something you don’t want to do by hand. Therefore grafana implemented the “scripted dashboards”. I figured out, that the documentation of these dashboards is more or less not enough to get a full working example.

  • How to disable debian 9 private tmp

    These days I upgraded one of my hosts with debian jessie to the latest debian stretch. After that upgrade I figured out, that some of my nagios checkes were red and also my django wsgi applications were not able to read from system tmp any more. The main reason for that is, that with debian 9, some processes which uses systemd forced the private tmp directories.

  • Export Dropwizard Metrics to Prometheus

    Prometheus, one of the leading open-source monitoring solutions at the moment. It is written in Go, therefore fast and scalable. It is configurable with simple textfiles which makes it easy to be maintained via puppet. It comes with a lot of out of the box clients.

    But in the end, how can we get metrics from a java application. Or more detailed, how can we get metrics from a self written java application which already has some kind of metrics collector like the dropwizard metrics?

  • Disable User to be shown on Startscreen on a MAC

    What if you handover a Macbook to a friend or your girlfriend and he wants you as his/her administrator?! If thats the case it makes sense that you create a seperate account for administration and one for her/him. I did so, but I didn’t want the admin account to be showen on the login screen.

  • YAML syntaxcheck

    Since some years I do a lot of my configuration management of linux hosts with puppet. In puppet itself I use Hiera as a key/value lookup tool. Over the years the amount of keys in hiera are growing and growing. Therefore I was looking for a tool/programm to check all hiera yaml files for doublicate keys and/or syntax errors.

  • How to disable SELinux

    Last week I had multiple times the situation that I had to disable SELinux. Here is what I did just to be sure, I keep it in mind…

  • Read json from File in python

    From time to time I have to read some json data from a file and use it in python. It’s not too often, but everytime I have to take a look at a python script where I already have done it. Maybe with this blog post I can remember that two lines from now on

  • Docker startup fail - conflicts with network

    These days I started with my first steps into Docker. We are using it at the company I work for and also for some private stuff, I thought it is a good idea to have a fast solution for testing. After I installed all necessary components (Docker version 1.11.2) the docker-daemon was not able to start.

  • MongoDB Initial sync failed

    After an upgrade to mongoDB 3.X and the switch from the DB-engine mmapv1 to wiredTiger we had to resync all replica sets from scratch. During that resync I figured out, that there is just on one shard a small collection which has a very large number of documents which are created, updated and deleted. Pretty close to that point, the resync should be done, the log file explodes and the sync crashes.

  • Protect against postfix AUTH DoS attacks

    I have tons of connect from unknown... and lost connection after AUTH from unknown... in my mail.log. Since some weeks this entries are flooding my logcheck notifications and I also want to block that stupid guys who try to enter my postfix authentication.

  • Sqlite dump database

    The last weeks I worked a lot with django the python web framework. And therefore to develope really fast, I normally use sqlite3 for beginning. Therefore I had to do a lot of dump and restore work and from time to time had to look in the history how I did it :)

  • Jnlp - Javaws trusted.certs error

    If you get an error when connecting a remote server with javaws jnlp file like java.io.FileNotFoundExceptiontrusted.certs (No such file or directory) it is quite easy to resolve that error…

  • Systemctl commands

    At my daily work as a sysadmin I already have some hosts which are running on debian 8 (jessie). If they are newly installed, a lot of things have changed. Since the beginning of debian 8, they should all started via systemd. In this blog post I write some commands to make your live with systemd easier.

  • Resize Windows 7 vdi image for VirtualBox

    Some days ago I had the problem, that my windows VM in virtualbox got too small. Therefore I had to resize it. If you have no snapshots created yet for your windows virtualbox, it is quite easy to resize it.

  • Caching git credentials

    During my work as a sysadmin and developer I have to do a lot with git as a vcs. Most of the time I have git repositories which are reachable via ssh. There I don’t have to type (thanks to the ssh key) any password during pull, push and fetch commands. But some repositories are only reachable via https. There I also don’t want to type my password every time.

  • Activate nagios external commands

    At default the external commands for nagios are deactivated. To activate them, we have to adapt the nagios configuration.

    I write just a short command summary. The whole documentation can be found at /usr/share/doc/nagios3/README.Debian.

  • Open winmail.dat files on debian

    winmail.dat is a container file format used by Microsoft Outlook to send attachments in richtext formatted emails.

    From time to time I get such emails with winmail.dat appendix. But how can we open it on linux?

  • Reload nagios3 if generated resources are changed

    I like puppet exported resources to manage nagios and icinga configurations. It’s pretty cool and I never have to care about nagios checks. Are all checks added to that host? What check is missing.

    But if you use puppet 2.7.X like I do, some handy settings are missing.

  • Disable ping answers

    Every admin and unix user knows the command ping. It is a very usefull tool to check network availability. But it makes it easy for bad guys to find targets.

    So, what to do if you are on a unix server and want to stop ping answers?

  • Reverting a commit in subversion

    Some days ago someone commits a revision in svn which has to be rolled back for some reason. In Subversion it is not that easy like in git where you can call a simple git revert ID, because subversion does not have a command revert.

  • Lorem ipsum generator on terminal

    If you search for a lorem ipsum generator at the internet, you find a lot of web browser plugins. But what if you program a webpage like me in a normal texteditor (vi — ok, it is not really a normal editor) and you don’t want to switch between browser and editor every time you need some continous text?

  • Increase disk of kvm client

    What happens if your virtual kvm machine runs out of diskspace and you have no possibility to mount something like a livecd to resize or open a graphical interface like virt-manager?

    You need to do it on bash console. And it is not really complicated.

  • Use garmin gps at linux

    Some weeks ago I bought a Garmin G20 GPS to use it with my mountainbike. Maybe someone of you are familar with a garmin gps. The garmin g20 is offered with just a basic setup like a small map and no routes on it. To manage your garmin they offer a windows software. With this software you can download new cards, configure new tracks and all that stuff which is needed to use your garmin gps device correct.

  • Generate passwords and secret keys from shell

    Everybody who needs to use from time to time some kind of secret keys or passwords with a minimal size and a combination of numbers, letters, lower and upper case and special characters, knows the pain in the ass to generate one.

    But if you use linux like I do, it could be quite easy.

  • My configuration of Google Nexus 5

    Since 5 years already I had a iPhone 4. Now it was time for a new phone, but I didn’t want an iPhone again. Of course it is easy to use and everything works like expected, but I wanted to use my own written apps like the weatherwidget and I wanted the possibility to install a Firewall and control the network traffic and of course encrypt and decrypt emails.

  • Use Foreman API in puppet manifest

    At work we use foreman for system installation and environment management. Sometimes it is necessary to get a list of hosts with a specific puppet class installed. In puppet itself it is not really easy to get the result, because you need to configure and setup your own exported resources to do that.

  • Change puppet environment in foreman

    These days, I wanted to change my puppet environment in foreman. Therefore I thought, I can use the webgui to do that. So started with one hostgroup and just reconfigured the environment and wtf… all configured puppet modules (puppet classes) are gone.

    I’m glad that I dumped my database first I changed something but why is foreman deleting all configured modules?

  • Set default branch in git bare repository

    Sometimes I use a git bare repository without a configured master branch. If you clone a bare repository without a master branch, git will cry all the time that no HEAD is configured on the bare repsitory.

    So we have to setup a different default branch on that bare repository.

  • Open keepassx files

    What todo if you want to open keepassx file (database.kdbx) with keepassx version 0.4.3? It does not really work. If you installed your keepassx through a package maanger, it is not possible to get a new keepassversion to open kdbx files. Because it is only possible with keepassx greater than 2.0.

  • Disable/Enable Touchpad

    At work I use a very new lenovo laptop and I’m really stressed out of the touchpad. It is a really large one and a lot of times I write on the keyboard, I touch the touchpad, even if I don’t want to. So how can it be disabled for that time and enabled if I need it?

  • Debian/Ubuntu Packages

    I do a lot of work with the debian/ubuntu packagemanagement apt and aptitude with all it’s amazing options and subcommands.

    Here I just write some of them, I really often need and use. All commands must run as root. So insert a sudo at the beginning of the command or just run it as user root.

  • Manually remove broken package on ubuntu/debian

    Sometimes I recognized that a Ubuntu or Debian package does not install correctly and can not be uninstalled. The system update is so completely broken that conventional commands, whether apt-get, ability or dpkg, won’t work.

  • Howto set Internal Link in Joomla

    Everytime I have to build up a Website with Joomla I have to search how to add an internal link to a website. For example on Startpage a Link to the contact page without the absolute site url.

    This is quite simple. You just need to know the id of the page you want to link to.

  • How to use JIRA-REST API

    Some years ago I implemented a git hook to manage JIRA Tickets. I used the JIRA SOAP-API.

    Since October 2010 JIRA offers a REST API to handle tickets, but it already had alpha and beta labels until JIRA 5.0. So I decided first to use JIRA SOAP and switch later to JIRA REST.

  • How to convert html to pdf

    Some days ago I had some Webpages to convert to pdf. Every webpage just contained a small table with competition results, but I didn’t want to do on every page the same: Print -> print as file -> choose pdf. So I downloaded all necessary webpages with the Firefox Plugin DownThemAll.

  • Apache2 Permission denied:

    Today at creating a new Apache VHost I recognized following Error in the apache error log (/var/log/apache2/error.log):

  • Configure acpid for openbox

    For some time I use Openbox as a Window Manager. Openbox is a very fast window manager, which is characterized by its high adaptability and low resource requirements. By editing of only three files you can adjust it according to your preferences.

    After setup a default configuration for my simplest needs, I wanted to use the sound-buttons on my keybord and to enter suspend-mode if the lid is closed.

  • Set up ghdl on Ubuntu 13.04

    For a study-lesson I need vhdl. Therefore I don’t want to use wine and modelsim. I like to use console and simple commands.

  • Unlock Android Device using adb commands

    My Android-Phone is locked because I put too many wrong patterns. When a wrong pattern is entered too often, your device is locked and asking to unlock it via google. You are a lucky guy, if it is locked with Wifi or data network on and of course you remember your google username and password. But if not, you have two possible solutions:

  • Creating your own Signed APT-Repository

    Everytime I have a lot of install-steps for things, I create a debian package. I love it just to say apt-get install or apt-get remove and all necessary steps are done. Also the update functions of apt-get or aptitude are pretty nice. However, some months ago, I thought about the posibility to release some packages publicly. I decided that it was high time to organise the repository and sign all my packages plus the repository itself.

  • start virtual network default for kvm

    I recognized a problem with Debian and virtual network ‘default’ running kvm.

    I got a error message like the following:

  • Avoid committing your changes

    If you’re working on a project where you have config files with passwords or a file with specific settings in them, for example a fabfile with different settings on different computers or a mutt config file with a server password. This is a bit risky to rely on always being vigilant and avoiding staging that hunk when building a commit.

  • Samba-Server on Raspberry-Pi

    Today I decided to give my Raspberry Pi something to do. Now it is a samba fileserver for my Macbook Backup. It was not quite easy to setup Time Machine on my Macbook to use a samba share as backup-device, but at least it works.

  • Update Owncloud to Version 5.0

    Yesterday I recognized that a new Version of Owncloud was released. I used it for a long time to synchronize my calendars and contacts between OSX and Linux machines. It was quite simple to install and quite simple to update, but they changed a lot of things in 5.0 so it is not just an rsync to update owncloud, but it is already quite easy. I will explain it to you.

  • Install Git from Source on OSX

    I decided to update my Git-SCM Version on my Macbook. Therfore I tried it by compiling and installing from source. It was a little bit tricky. I give a short description how I did it.

  • VirtualBox convert RAW image to VDI

    How can I convert a kvm RAW image to a VirtualBox VDI image?

    It is quite easy:

    If we have a raw image of the sdb device:

  • Syntax check in Perl and Python

    I work a lot with python and perl scripts. One time I searched a solution to check syntax of written scripts automatical. First of all to check it on console after creating a new one or updating an old one. Second possibility I’m thinking about is to configure it in Jenkins and use it at automatic build calls.

  • Fixing django-admin error on osx

    It’s been some time since I’ve used django. Yesterday I wanted to create a new project.

    So, I entered django-admin.py start-project myProject in a terminal window and got the following error message:

  • iso image to usb stick

    Last week I realized again, that an OSX-System is not allowed to handle simple iso images. I just wanted to create a simple bootable usb-stick to install a new and plain version of debian 7 on my pc tower. Therefore I downloaded the debian iso file from the debian download page.

  • Switch from gitweb to cgit

    I switched my git repository browsing tool from gitweb to cgit.

    I haven’t found any really working option to enable caching in gitweb. I have some repositories which are really large. At the moment, one call to the gitweb main (project) page costs a lot of time because the git call to get the latest commit time

  • Provide gitweb via lighttpd

    How can I host gitweb via lighttpd on OpenSuSE (11.3)? I describe what I have done.

  • Fixing PIL IOError

    I got pil installed (call sudo easy_install pil) on my debian system. After creating some tasks involving JPEGs I got this error:

  • Homepage with hyde

    A new year and new ideas started. I searched a lot to find a tool to generate websites easily. I had a lot of requirements and I found a pretty cool solution.

  • gitit

    I really like the Source Code Management Tool Git. Since 3 months i used MediaWiki as a private wiki.

    MediaWiki can be used like Wikipedia on an own server. After 3 months of using and testing, I recognized that it is pretty overloaded.
    Indeed, MediaWiki is pretty cool, but it is not really designed to be used by a single person.