Renewing an expired Puppet master certificate. The Problem It has been 5 years since the Puppet server v5 deployment, and the Puppet master certificate has therefore expired. # puppet cert list --all - "puppet.example.com" (SHA256) 11:36:8F:20:BB:3D:1C:5B:D9:1D:55:68:D9:CC:0D:D4:3A:E6:C4:0E:8B:02:32:E6:72:D4:F6:D1:07:10:47:E1 (certificate has expired) - "ip-10-10-10-18.eu-west-1.compute.internal" (SHA256) 11:39:B9:1E:7B:A3:EC:28:3A:E8:C0:77:58:96:3F:12:C6:39:04:54:DC:CF:56:54:25:63:B2:DA:19:50:D1:90 (certificate has expired) + "ip-10-10-11-70.eu-west-2.compute.internal" (SHA256) 11:F6:EC:D7:6A ..read more

Renewing an expired Puppet CA certificate using Certregen module. The Problem I’ve been involved in a project of migrating ageing infrastructure (e.g. CentOS 7) and legacy applications (e.g. MySQL 5.7) to modern software. One of the first problems was an old installation of Puppet Server v5 where its CA certificate has already expired. $ rpm ..read more

We are going to use a dd command to create a swap file on a Linux system and then add it to fstab. I’ve been using Ansible automation for so long that I forgot how to do trivial things by hand. Create a Swap File with dd Create a 1GB swap file, make the swap ..read more

It has been a decade of blogging! The time of self-reflection is inevitably upon us. And we shall. But first, happy New Year everyone ..read more

We are going to integrate Azure AD as a federated identity provider (IdP) in AWS Cognito user pool that provides a single sign-on (SSO) option for our Grafana users. The Problem We have multiple instances of Grafana deployed for different projects. We want to grant various business users permissions to access Grafana, but we don’t ..read more

Gaining SSH access to TP-Link RE200 device by exploiting the fact that TP-Link encryption keys are store on its firmware. This story started with me getting a TP-Link repeater for my loft so that I could provide wireless coverage to my smart boiler. I wish the boiler came with an RJ45 connector port, but it ..read more

We are going to harden our Kubernetes cluster to use TLS 1.3 only. Before We Begin We are using our Kubernetes homelab in this article. Kubernetes v1.19 added support for TLS 1.3 ciphers. Etcd v3.5.8 added support for TLS 1.3. Do note that Kubernetes 1.27 uses Etcd v3.5.7, therefore you need to be on Kubernetes ..read more

The day has finally come. Mountpoint for Amazon S3 is now generally available. Probably the most anticipated headline since ChatGPT. Mountpoint for AWS S3 Mountpoint for AWS S3 is a high-throughput open source file client for mounting an Amazon S3 bucket as a local file system on Linux. Mountpoint automatically translates read and write operations ..read more

Having fun while upgrading Debian 10 to 11. The Problem The following error is thrown during a Debian upgrade from Buster to Bullseye: /usr/bin/python3: error while loading shared libraries: libcrypt.so.1: cannot open shared object file: No such file or directory The file /lib/x86_64-linux-gnu/libcrypt.so.1 used to be in package libc6 on Stretch and Buster until it ..read more

Kubernetes homelab migration to the latest version of Rocky Linux. The Upgrade Plan We are going to upgrade our Kubernetes homelab nodes from Rocky 8 to Rocky 9. We have a cluster of six nodes, three control planes and three worker nodes, all of which are KVM guests running Rocky 8. We will upgrade the ..read more