Labs are designed for learning. I learn by doing. While I can read, as they say in the local vernacular in my propinquity “Wicked Fast,” I don’t process read information to the depth that I need in order to retain it. I need to type in the code in order to learn. Here’s a technique I use to do that.
Continue readingSince I have to do this a lot, figured I would write it down here. Follow on to Kerberizing a Service in OpenShift.
Continue readingThe same container image that can run HTTPD using Kerberos to authenticate in Podman can be used to do the same thing in OpenShift. Here’s the changes
Continue readingKerberos is a cryptographically secure authentication mechanism in use in many large organizations. Developers may want to make their applications work with Kerberos while developing inside containers. Here is a quick proof-of-concept that shows how to set up a container to work with mod_auth_gssapi., the Apache module that makes use of Kerberos.
Continue readingRemote services are not You; they do work on your behalf. When a remote service authenticates to another service, it should not impersonate you. If you use a keytab issued to your princial (say yourname@YOUNGLOGIC.INFO) you are not going to be able to log in to things using password; The IdM server only allows on or the other credential to be active at any given time. Even if you do use the Keytab, if you need to have it in two locations, you need to copy it. Which becomes a nightmare if it gets compromised. So, we want to make service accounts to work on our behalf. Here’s what I have so far.
Continue readingWhat does it take to make a call to a Kerberized service from a container running in podman? Here are the steps I am going through to debug and troubleshoot.
Continue readingWhile it is always tempting to run a program as root, we know we should not do it. When developing, you want to make the process as non-root as possible. Here is what I am doing to write mod_wsgi code and run it as a non root user.
Continue readingHaving used Apache HTTPD for a good portion of my professional career, and being responsible for explaining how OpenShift works, I decided to try and build an Apache HTTPD container from scratch. For follow on work, I want to see the environment, so the container is essentially wrapping a mod_wsgi APP that dumps the environment. I took some trial and error to get it to run. Here is the end result:
Continue readingI finally got a right-sized flavor for an OpenShift deployment: 25 GB Disk, 4 VCPU, 16 GB Ram. With that, I tore down the old cluster and tried to redeploy. Right now, the deploy is failing at the stage of the controller nodes querying the API port. What is going on?
Read moreThe OpenShift installer is fairly specific in what it requires, and will not install into a virtual machine that does not have sufficient resources. These limits are: