Showing posts from August, 2021

FreeIPA cluster with containers

Notes on how to install a FreeIPA cluster on Ubuntu. Mostly following the instructions on Start with what would be the primary host. If you install a third replica you would want to review the replica agreements to ensure you have a two-way replication between all pairs of nodes.

Installing Gentoo with full disk encryption

The purpose of this exercise - install Gentoo where all disk partitions are encrypted. Boot from a system rescue disk and partition the disk - use GPT partition table where the first partition is reserved, second is the boot, and the third one is for the rest of the data. Device Start End Sectors Size Type /dev/sda1 2048 32767 30720 15M BIOS boot /dev/sda2 32768 442367 409600 200M Linux filesystem /dev/sda3 442368 375093902 374651535 178.7G Linux filesystem Encrypt partitions number 2 and 3, and open them cryptsetup luksFormat /dev/sda2 cryptsetup luksFormat /dev/sda3 cryptsetup luksOpen /dev/sda2 crypt_boot cryptsetup luksOpen /dev/sda3 crypt_data Format the boot partition mkfs.btrfs /dev/mapper/crypt_boot Prepare LVM for the rest, and format the top level vgcreate vg0 /dev/mapper/crypt_data lvcreate -l 100%FREE -n data vg0 mkfs.btrfs /dev/vg0/data Mount and set up any subvolumes mount /dev/vg0/data /mnt/gentoo btrfs subvol create /mnt/gentoo/@ /mnt/gentoo/@home umount /mnt/gentoo Now

The Short Introduction to TLS Certificates

Why do we need TLS? If you have to ask this question, then you probably do not need TLS at all. TLS is a technology that allows for authenticated and/or encrypted communication. However, I am not going to explain in details what TLS is. If this is the question whose answer you're seeking, then you have better try a search on Google . This HOWTO is aiming at guiding you through the basic steps in creating your own TLS certificates for your own servers. This means that I am assuming that you know enough about *nix like operating systems, and that you also have an idea what TLS certificates are used for. Create the certificate The process of creating an SSL certificates usually goes like this: Create a private key Create a certificate request Send the certificate request to your CA Receive the certificate from your CA Now, we'll cover each step on the way. Create the private key First we need to generate your key. It is also possible to generate it on the fly in the next step, but

Getting rid of the /lib symlink on Gentoo

The /lib and /usr/lib symlink on Gentoo I find quite annoying. These just let software make assumptions about whether they should use /usr/lib or /usr/lib64 , and I personally prefer if things break so they can be fixed. I wanted to follow what RedHat (and Fedora) are doing, which is, 32-bit stuff goes in lib and 64-bit in lib64 . Luckily, Gentoo was also headed this way. So, here is what I did. First I prepare a custom profile. This profile inherits these two: default/linux/amd64/13.0/desktop/gnome/systemd , which I normally use features/multilib In the custom profile I add make.defaults with the single line SYMLINK_LIB="no" . Get rid of the lib symlink, but do it carefully. First copy everything from lib64 to lib (well, I just opted for hard linking everything): sudo rsync -avPAH --link-dest /lib64/{,} / sudo rsync -avPAH --link-dest /usr/lib64/{,} /usr/ sudo bash -x -c 'rm -v /lib && mv / /lib' sudo bash -x -c 'rm -v /usr/

Rooting the Galaxy S4 (DoCoMo model

I dropped my S4 and the screen broke quite badly. I got a replacement (insurance finally paid off!) and that one of course came with the latest firmware. I have heard that rooting this one may not be so easy, but it turned out to be even easier than the experience I had before. I should note, that I don't care about rooting the stock ROM. I am cooking my own CyanogenMod, hence, all I need is to be able to flash my own ROM. And that is so much easier. In one sentence, all I had to do is flash a custom recovery onto my phone, and then I could do whatever I want, including flash a custom ROM, or restore the nandroid backup from the identical broken phone. On Linux, I only needed to install heimdall (the packages is available on Gentoo).

Installing Horde 4

I love my horde installation. Recently I tried upgrading to horde version 4 and here are the few gotchas that I encountered on the way. The sane thing to do is, follow the installation guide . Until now I was always installing Horde from the Gentoo packages. The installation is straightforward, and occasionally I had to bump the version in a local overlay myself. Starting with version 4, Horde now supports installation directly from PEAR , or from git . My first instinct was to install it from git. It should be easy to get the latest version and it is also easy to dig into the code if you have it in a git repository. Unfortunately Horde is an application with multiple components and the development of all is happening concurrently in the same repository . In other words, you always get the latest version, even if you only want the stable versions of the separate components. Installing from PEAR And so I settled for a PEAR installation. I made a "horde-pear" directory outsid

Upside down characters?

I just saw that Facebook are offering a "translation" in English - Upside Down . My first thought was "who would ever design such glyphs?". Then, after looking at the characters I realized that they are not really turned around, just close enough. For example, a lower case U for an upside-down lower-case N . abcdefghijklmnopqrstuvwxyz ɐqɔpəɟᵷɥıɾʞlɯuodbɹsʇnʌʍxʎz

Building Gentoo for Sheevaplug

First of all, I got an IDE <-> USB converter and plugged a spare PATA 80G disk in my plug. Boot the plug and install Gentoo on the SheevaPlug as you normally would. You can even boot from the USB disk (don't forget to add rootwait to the kernel parameters or it will almost surely complain that /dev/sda1 is not there yet). When you have the system the way you like it, I made two directories - /mnt/root-src and /root/root-dst then I did the following (you may want to make it a script): mount -o bind / /mnt/root-src rsync -avPH /mnt/root-src/ /mnt/root-dst/ --delete --delete-excluded \ --exclude-from <( q list -o -s gcc portage paludis app-admin/\* app-portage/\* docbooc man cat <<-'EOF' /.git* *.a *.h /mnt /var/repos /var/cache /usr/share/info /usr/share/man /usr/share/doc /usr/share/locale /usr/share/aclocal* /usr/share/automake* /usr/share/autoconf* /usr/lib/debug /usr/lib/pkgconfig