Category Archives: Sysadmin

Network setup for a custom Qemu Virtual Machine

Posted on by
Reply

After building a custom Qemu, there are a couple ways to run a VM to get to it. The older approach to VM management is to create a block device, run the VM with a boot device, do a full install and log in to the serial console. However, if you run the Qemu/KVM machine from the command lilne, hitting control C will stop your VM, and this is annoying. I have found it worth while to set up networking and then to SSH in to the machine.

My notes here suck. I am going to try and document what I have here working, and, over time, reverse engineer how I got here.

Edit: here are the steps

Continue reading

Limiting What an Agent can do

Posted on by
Reply

I do not work with AI tools. This is not advice from experience of working with AI. It is advice from working with access controls in general.

Any agent has responsibility and authority. Responsibility is what it is required to produce. Authority is the set of resources that you provide to that agent. This does not change if the agent is human or automation, and AI agents fall in to that later category.

Continue reading

Tools First

Posted on by
Reply

I have wasted a lot of time as a developer waiting for long running processes to complete. Whether it is a Linux Kernel compile, and Ansible Playbook tearing down and recreating a system on a remote server, or a gitlab pipeline building and testing code, the common problem is that my head is in the problem being addressed there, but I cannot do anything to verify hypotheses until the process completes. I often get distracted while waiting, and find that what could have been a 5 minute turn around has become a 2 hour turn around.

Continue reading

vim windows

Posted on by
Reply

I tend to want to work with three windows side by side. Two have the code I am working with, often production code on the left, test code on the right. The third window is the output from running commands to test the code.

I recently have decide to go all-in on vim, and it is progressing nicely. Thank you the Jake Worth for inspiring this. In Vim, the meta key for for doing windows operations is Ctrl-W. Here are a few commands I have gathered up from the internet. I will collect up the links where I get them at the bottom

Continue reading

Converting a Shell Script to Python

Posted on by
Reply

We have a build system that has grown organically. It started as a shell script. We needed to run it from gitlab, so we wrote helper scripts to insulate our code from gitlab. Then we added some helper functions to mimic the gitlab interactions when working with them from the comand line. The helper functions grew until you could not practically run the original shell script without them.

It is a mess.

I want to refactor it.

Refactoring Shell is painful.

I want objects. I want python.

So I am rewriting the gitlab and functions layer in python with an eye to rewriting the whole thing. Here’s what I have learned;

Continue reading

FreeIPA: whoami via curl

Posted on by
Reply

Assuming PRINCIPAL is your Kerberos principal and $IPASERVER is the FQDN of your server, you can query your identity on the IPA server via curl:

kinit $PRINCIPAL
curl -k -H referer:https://$IPASERVER/ipa   -H "Content-Type:application/json"    -H "Accept:applicaton/json"   --negotiate -u :   --cacert /etc/ipa/ca.crt   -d  '{"method":"whoami","params":[[],{"version": "2.220"}],"id":0}'   -X POST    https://$IPASERVER/ipa/json
{"result": {"object": "user", "command": "user_show/1", "arguments": ["ayoung"]}, "version": "4.5.4", "error": null, "id": 0, "principal": "ayoung@YOUNGLOGIC.COM"}

This is handy if your system is not registered as an IPA client.

To fetch by username:

curl -k -H referer:https://$IPASERVER/ipa   -H "Content-Type:application/json"    -H "Accept:applicaton/json" --negotiate -u : --cacert /etc/ipa/ca.crt -d '{"method": "user_show", "params": [[ "ayoung" ], { "all": true, "rights": true }  ]}'  -X POST    https://$IPASERVER/ipa/json