Posts

I’ve recently been involved with integration and administration of an OpenLDAP cluster, and was a little dismayed at the state of monitoring of OpenLDAP. You can certainly get good machine metrics using the Prometheus Node Exporter, but there wasn’t really anything good for OpenLDAP-specific metrics aside from an interesting project based on python. This exporter had some really good ideas, but I baulked at installing and running twisted python, irrespective how good it is, on slapd nodes....

I use Jekyll to create this blog, but creating new posts has been a bit of a pain, since you have to create the post files by yourself. To make it easier, here’s my script that generates a skeleton post file: #!/bin/bash set -euo pipefail if [[ $# -eq 0 ]]; then TITLE="-h" else TITLE="$*" fi if [[ "${TITLE}" == "-h" ]]; then echo "Generate a new Jekyll post" echo "Usage: ....

Starting a HTTP server in python to serve files from a directory is a reasonably well-known one-liner. In python 2.x it is: python -m SimpleHTTPServer 8080 In python 3.x it is: python -m http.server 8080 But how do you something similar for HTTPS? Here’s a solution, which unfortunately is larger than one line: #!/usr/bin/python import BaseHTTPServer, SimpleHTTPServer import ssl httpd = BaseHTTPServer.HTTPServer(('0.0.0.0', 8443), SimpleHTTPServer.SimpleHTTPRequestHandler) httpd.socket = ssl.wrap_socket(httpd.socket, certfile='./certs_and_key.pem', server_side=True) httpd.serve_forever() Save that as an executable file, combine your PEM cert chain and key into a single file, and off you go!...

Everyone has a backup script that takes a tarball/zipfile/etc and uploads it somewhere for safe-keeping. In a lot of places where I’ve worked, the “somewhere” winds up being an Amazon S3 bucket (or lately a DigitalOcean Space). These scripts are lovingly crafted and sometimes quite clever, using the aws cli or s3cmd, or something custom. What I wanted was to encode my process for encrypting a backup and sending that backup to an S3 bucket....

SSL/TLS in Java is a pain in the behind. Not only is the setup verbose, but the format for certificates and keys is unique. Nginx/Apache/Go/etc seem to be happy using certifiates and keys encoded as PEM files, but Java has its own special KeyStores, with the JKS format being the default. There are a number of questions on forums, and custom recipes that involve openssl, to convert PEM certificates and keys into formats that can be imported into a Java keystore....

Some things once done can never be undone Some things not done can never be done Some things once said can never be unsaid Some things unsaid can never be said Some things permanent are now broken and scattered Some things temporary still remain solid and fixed Some moments will never come again...

Welcome friend. Here’s something for you to read so that we can have some awesome arguments. The Pragmatic Programmer Design Patterns: Elements of Reusable Object-Oriented Software Refactoring: Improving the Design of Existing Code Domain-Driven Design: Tackling Complexity in the Heart of Software Working Effectively with Legacy Code Growing Object-Oriented Software, Guided by Tests Release It!: Design and Deploy Production-Ready Software Continuous Delivery: Reliable Software Releases through Build, Test, and Deployment Automation Building Microservices Pragmatic Thinking and Learning: Refactor Your Wetware Drift into Failure: From Hunting Broken Components to Understanding Complex Systems Building Evolutionary Architectures ...

git --no-pager log -1 --pretty=%h <filepath> ...

Goodbye self-hosted WordPress. It’s been educational but I’m tired of the maintenance, security risks, and the spam. This blog was created when I was beginning to explore my options and I’ve decided that its future does not require a publishing platform. From now on this blog will be a static site, currently generated by Jekyll. I’ve migrated the posts but not the comments. If you feel the need to get in touch you can find me on Twitter....

The most useful way I’ve seen such contract tests work is that the team that consumes the messages creates and publishes an artifact in their build pipeline for use by the creators of the messages. For this example let’s have it create a tarball with a shell script entry point. The inputs to the shell script can be a URL to the api-server and any other parameters required, like user IDs, oauth tokens, etc....