Open Source

cert-shifter: copying certificates from acme.sh to a fresh directory

Leave a Comment / anvil, Let's Encrypt / By /

I have already described how I use acme.sh to obtain SSL certificates from Let’s Encrypt. Today, I’m going to show you how I use anvil to copy those certificates from the original location to another directory, which is then used for rsync by another jail. Throughout this blog post, it is assumed that the cert-shifter will be run as the anvil user. Please adjust to suit your choices. Why shift certificates? As part […]

cert-shifter: copying certificates from acme.sh to a fresh directory Read More »

Introducing anvil – Tools for distributing ssl certificates

Leave a Comment / anvil, Let's Encrypt / By /

I’m in the end-stages of finishing off my centralized Let’s Encrypt solution and I’ve released my code as an open source project named anvil. I’ve also created a FreeBSD port. In this post, I outline the anvil tools and how I use them. In future posts, I will detail the individual components, some of which have already appeared in my blog. Why centralized After reading about the FreeBSD cluster’s use of Let’s Encrypt,

Introducing anvil – Tools for distributing ssl certificates Read More »

acme.sh: getting free SSL certificates – installation configuration on FreeBSD

Leave a Comment / Let's Encrypt, named, nsupdate, OpenSSL, Security / By /

This blog post describes my Let’s Encrypt solution which uses acme.sh and dns-01 challenges to obtain SSL certificates. If you are using HTTP challenges, this post might still be useful, but your configuration will differ slightly. Let’s Encrypt is a certificate authority which has become wildly popular since it was launched in April 2016 (just a short 14 months ago). Why so popular? It provides a secure way to offer free SSL certificates.

acme.sh: getting free SSL certificates – installation configuration on FreeBSD Read More »

My first big Tarsnap backup

2 Comments / Backups, Open Source, tarsnap / By /

NOTE: I wrote this post nearly two years ago, in May 2015. It has been sitting ignored and unloved in my Drafts. I’ve just published it today. I’m big on backups and I use Bacula. I have about 18 TB on about 350 tapes and about 10 TB of backups on disk. I want more. I last used Tarsnap back in July 2010 (I know that because I found the old Tarsnap registration

My first big Tarsnap backup Read More »

Creating an Apple Time Capsule using FreeBSD & ZFS

Leave a Comment / Backups, ZFS / By /

First, all credit goes to Mark Felder’s blog post upon which this is based. You can buy an Apple Time Capsule (I did) to back up your Mac. Now that I have two MacBook’s, I have run out of space, so now I want to backup to ZFS. By backing up to my ZFS filesystem: I am no longer constrained to the capacity of a single disk I can backup my backups to

Creating an Apple Time Capsule using FreeBSD & ZFS Read More »

x8dtu

Leave a Comment / hardware, ZFS / By /

NOTE: this post has been replaced by a newer version. The older post is still available This is x8dtu (named after the Supermicro motherboard). This will be the new FreshPorts server. In short: FreeBSD 11 booting off a mirrored pair of zfsroot SSDs 4.5TB of mirrored ZFS 196612 MB of RAM (yeah, that’s 196GB of RAM) Supermicro X8TDU motherboard Intel Xeon E5620 @ 2.40GHz (two of those, giving 16 CPUs) NOTE: this post

x8dtu Read More »

Pentabarf email tokens

Leave a Comment / Pentabarf / By /

As found at: http://web.archive.org/web/20160309091535/http://pentabarf.org/Email Variables The following variables may be used in the text and subject of the mail {{name}} The name of the recipient. {{person_id}} The person-id of the recipient. {{conference_acronym}} The acronym of the conference if the recipients are conference specific. {{conference_title}} The title of the current conference if the recipients are conference specific. {{email}} The email address of the recipient {{event_title}} A comma-separated list of the events in question.

Pentabarf email tokens Read More »

Using device.hints to wire physical devices to specific names

Leave a Comment / FreeBSD, Open Source, tape library / By /

I have a system with three tape drives and two tape changers. If one tape library is powered off when the system boots, the device names for the other tape library may be skewed. That is, /dev/sa0 may not be the LTO-4 drive, it will be the SDLT drive. This is not ideal. FreeBSD uses device.hints for this. I have used it before, and for quite some time, however, I learned something new

Using device.hints to wire physical devices to specific names Read More »

ansible: Timeout waiting for privilege escalation prompt

Leave a Comment / ansible, ssh / By /

I was doing some work in a remote location with a laggy connection to home. I was running ansible and kept encountering these errors: fatal: [pg01]: FAILED! => {“failed”: true, “msg”: “Timeout (12s) waiting for privilege escalation prompt: “} Rerunning the script would encounter the same error in a different part of the script. After an error-free run I concluded it was my dodgy connection; ansible was waiting for a reply from my

ansible: Timeout waiting for privilege escalation prompt Read More »

Server freeze – 2014.12.14

Leave a Comment / Server Freeze / By /

The knew server is ‘frozen’ again. This has been happening daily at about O301 UTC each night. See my Twitter feed for background. In this post I will include details as I progress through the data. The server in question is knew (yes, that’s the hostname). dtrace hotkernel I left this running in an ssh session and pressed control-C this morning: [root@knew:/usr/share/dtrace/toolkit] # ./hotkernel >> /var/tmp/hotkernel ^C ssh login loop It was suggested

Server freeze – 2014.12.14 Read More »

Scroll to Top