While local git is fine for personal development, sometimes you want to make stuff happen on a remote machine, either to share or for backup. SSH works well for this. However, I am going to target hosting my Git repository in an OpenShift instance, and HTTPS will be a much easier protocol to support.
Continue readingI had originally run my container registry using a self signed certificate like this:
podman run --name mirror-registry -p 4000:5000 -v /opt/registry/data:/var/lib/registry:z -v /opt/registry/auth:/auth:z -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -v /opt/registry/certs:/certs:z -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -e REGISTRY_COMPATIBILITY_SCHEMA1_ENABLED=true -d docker.io/library/registry:2 |
But now that I am using FreeIPA for my Bastion host, I want to use the IPA CA cert for signing the HTTPS request. The easiest thing to do is to run the registry in the container still, but then to front it with mod_proxy.
Continue readingMy Lab machines do not have direct access to the internet. This mirrors how my customers tend to run their environments. Instead, I run a single bastion host that can connect to the internet, and use that to perform all operations on my lab machines.
While it is great to be able to use the Install media to add packlages to PXE booted systems, after some time, the set of packages available is older than you want. For example, I hit a bug that required an update of Network Manager. So, I want to make a local yum repo from my RHEL 8 subscription. RHEL 8 makes this fairly easy.
Continue readingM<y local PXE setup only puts the minimal set of RPMS on a machine. If want to install additional, I need to get access to the rest of the Repo. Here is what I did:
Continue readingThe Default network policy in OpenShift allows all access from all pods in all namespaces via the cluster IP. However, once you start enforcing policy on a project, all policy decision need to be made explicit. If you want to still allow access from all projects, you can use the following policy file.
kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: allow-all-namespaces spec: ingress: - from: - namespaceSelector: {} |
Well enough to be dangerous. I was able to get the JACK Daemon running on my Lenovo Laptop running Fedora 32, and us it to record MIDI-based music.
Continue readingI seem to have a bad Ethernet port on the NUC. Since I have an external Ethernet adapter as well, this is not a show stopper, but it does change the approach I am going to make to my home network. As always: Simplification is preferred. Here’s the current approach:
Continue readingI am constantly creating and deleting virtual machines. These virtual machines often are RHEL systems, and need to be registered with Red Hat’s CDN. While In the past I had a Role that was wrapped into other provisioning playbooks to perform this task, I find that there are enough one-offs to make it useful to do this as a stand alone playbook. Here is how I set it up, including my rational.
Continue readingWhen provisioning goes wrong, it can eat up a lot of time. I need to install and configure a RHEL 8 machine to act as an HA proxy for an OpenShift install, and it was somewhat resistant to my efforts. I learned a couple things worth recording:
#!/bin/sh function reset_link(){ MACHINE=$1 TARGET=$2 echo --------------------------------------- echo reset $MACHINE rm $MACHINE ln -s $TARGET $MACHINE } r610s='01-00-21-9b-93-d0-90 01-00-21-9b-98-a3-1f 01-00-21-9b-9b-c4-21' kvms='01-52-54-00-2d-74-f1 01-52-54-00-dc-37-cb 01-52-54-00-52-fa-3d' LB=01-52-54-00-b1-5b-16 BOOTSTRAP=01-52-54-00-29-0b-bf for MACHINE in $r610s do reset_link $MACHINE rhel8.2-r610 done for MACHINE in $kvms do reset_link $MACHINE rhcoreos-4.4.3-kvm-control done reset_link $BOOTSTRAP rhcoreos-4.4.3-kvm-bootstrap reset_link $LB rhel8.2-kvm |
This is obviously ripe for a YAML type config file.
To convert a MAC to the appropriate form for pxelinux.cfg use this bash. note that I prepended 01: to the mac address so that it is ends up in the right place in the final file name:
echo 01:52:54:00:e0:f0:fd | sed 's!:!-!g |
I can now PXE Boot both RHEL 7.8 and RHEL 8.1 OS images for virtual machines. Here is what works.
Continue reading