“An error occurred during a connection to nuzleaf.home.younglogic.net. You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert.”
Many years ago I battled this problem and had different solutions. Today, I got one that worked for Firefox on Fedora 32.
Continue readingThere are many reasons to run a web service in a container. One of the remote services I rely on most heavily is git. While git local operations are fine in a global namespace, running a shared git repository on a remote server is a web-service based use case. There are three protocols used most commonly to remotely access git: git, ssh, and https. I am going to focus on the last one here.
Continue readingWhile I was able to read/clone a git repository self-hosted with HTTPD and git-http-backend, I found that I could not push to it. Here’s how I fixed it.
Continue readingWhile local git is fine for personal development, sometimes you want to make stuff happen on a remote machine, either to share or for backup. SSH works well for this. However, I am going to target hosting my Git repository in an OpenShift instance, and HTTPS will be a much easier protocol to support.
Continue readingI had originally run my container registry using a self signed certificate like this:
podman run --name mirror-registry -p 4000:5000 -v /opt/registry/data:/var/lib/registry:z -v /opt/registry/auth:/auth:z -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -v /opt/registry/certs:/certs:z -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -e REGISTRY_COMPATIBILITY_SCHEMA1_ENABLED=true -d docker.io/library/registry:2 |
But now that I am using FreeIPA for my Bastion host, I want to use the IPA CA cert for signing the HTTPS request. The easiest thing to do is to run the registry in the container still, but then to front it with mod_proxy.
Continue readingMy Lab machines do not have direct access to the internet. This mirrors how my customers tend to run their environments. Instead, I run a single bastion host that can connect to the internet, and use that to perform all operations on my lab machines.
While it is great to be able to use the Install media to add packlages to PXE booted systems, after some time, the set of packages available is older than you want. For example, I hit a bug that required an update of Network Manager. So, I want to make a local yum repo from my RHEL 8 subscription. RHEL 8 makes this fairly easy.
Continue readingM<y local PXE setup only puts the minimal set of RPMS on a machine. If want to install additional, I need to get access to the rest of the Repo. Here is what I did:
Continue readingMr Ed Cabral was My Math Teacher from 1987-9. David Grant, a classmate and friend, wrote these comics about him, and our friends in our class.
Mr Cabral recently passed away. I post these in his memory. All work is Copyright David Grant, 1988 (or maybe 89)
Continue readingThe code that Rich M gave me a while back has bit rotted. At some point, I need to get an updated version, but until then, I can continue to talk to the FreeIPA server using Python and the Requests library. In the future, I can get a session cookie, but for now, python3-request-gssapi will work to authenticate me, provided I have a valid TGT.
I pulled the requests-gssapi library from Koji, as it does not currently ship in any of the RHEL8 repos. Here is the one I installed.
https://koji.fedoraproject.org/koji/buildinfo?buildID=1371255
Note that this quick-and-dirty code runs on the IPA server itself. A better approach would be to read the Server name out of /etc/ipa/default.conf.
#!/bin/python3 import requests from requests_gssapi import HTTPSPNEGOAuth import socket hostname = socket.gethostname() url = "https://%s/ipa/json" % hostname referer = "https://%s/ipa" % hostname body = {"method":"user_find","params":[[""],{}],"id":0} r = requests.post(url, json = body, auth=HTTPSPNEGOAuth(), headers = { 'Content-Type': 'application/json', 'Accept': 'applicaton/json', 'referer': referer}) print(r.status_code) if r.status_code == 200: print(r.text) |
Normal guitar hangers use the flange at the head to hand, but the Backpacker is straight there. So I had to build my own. And improvise.
