-
Fix vault-agent token expiring with auto_auth
I recently discovered a “gotcha” when using vault-agent with auto_auth via approle. You must configure the approle being used for auto-auth to issue periodic tokens. If you don’t, your token will eventually hit the max_ttl and not be allowed to renew itself. Even if you set max_ttl=0 on the approle, it’ll eventually hit the default…
-
Add resolutions in OpenBSD VM (libvirt/qemu)
Wanted to test OpenBSD as a desktop, I spun up a VM using virt-manager (libvirt) and walked through the install process. After getting all setup, I found I could only set a few different resolutions, none of which where all that high. This is due to the fact that by default (unless you passed through…
-
The Little known SSH ForceCommand
There may be times when you want to restrict what commands a user can issue when they attempt to login over an SSH connection. Instead of executing the users shell, you can instead execute a custom script that limits the user to a specific set of commands. This is known as ForceCommand. There are two…
-
Slow iSCSI performance on ZFS Volumes (zvol)
TL;DR: For reasons, don’t use ZVOLs for iSCSI volumes. Instead, just use a generic file. I’ve been reorganizing my lab a bit to consolidate some storage and wanted to experiment with iSCSI. I thought “wow, what a great use-case for ZFS ZVOLS…”. If you recall, ZFS has the ability to create block devices called ZVOLs.…
-
Finding Idle Cloud Desktops (Linux)
Suppose you’re hosting remote Linux desktops in your cloud environment and want to discover which ones could be able to shutdown to save on valuable resources like money, RAM, or CPU. Most Linux remote desktop protocols still utilize Xorg (as opposed to Wayland) for their display server. Prime examples would be tigervnc, tightvnc, or X2go.…
-
Create SSL Cert and Key
Sometimes during development you may find yourself needing an SSL certificate and key to test with. I’ve had to do this so much I went ahead and added the below function to my ~/.bashrc file. Now, I can create certs on-the-fly without having to look it up in my notes. Here’s how it looks in…