Puppeteers Blog

Managing OpenVPN-based Azure VPN Gateway certificates with easyrsa3

The Azure VPN Gateway supports the OpenVPN protocol (except the "Basic SKU"). Unlike, for example, the commercial Access Server, the VPN Gateway does not have a built-in certificate authority (CA) tool for managing client certificates. And client certificates are essentially a requirement if you need to support clients other than Windows and Mac, such as […]

Dealing with multiple AWS accounts with one Keycloak client for Single-Sign On

This article assumes that the user backend for Keycloak is FreeIPA. Regardless of that the instructions will apply to any other setup with minor modifications. Here we use two different AWS accounts renamed to 123412341234 and 567856785678 to protect the personal information of the innocent. The Keycloak staging cluster on which this integration was done […]

Allowing external email forwarding in Office 365

We use Zimbra as our main email server. We also have Office 365 subscription to make working with our clients a bit easier. The challenge is that when customers send us, say, Teams meeting invites, they typically use autofill and the email gets sent to our Office 365 mailboxes which nobody really looks at. It […]

Short introduction to Packer and Vagrant

This article is a short introduction to Packer and Vagrant - tools that we often recommend to our customers but which may be a bit hard to understand if you have no previous expose to them. Packer Packer is used to “create identical machine images for multiple platforms from a single source configuration”. Packer works […]

Enabling AWS EC2 instance automatic recovery with Terraform

AWS EC2 instances are subject to two types of status checks (AWS docs): System status check (issues with the underlying hardware/networking: "the AWS side") Instance status check (issues with the OS, e.g. OOM, file system corruption, broken networking, etc: "our side") The official AWS EC2 instance recovery documentation claims that automatically recovering from an EC2 […]

Terraform Azure resource provider registration fails

Terraform has good support for Microsoft Azure through the Terraform Azure provider and the AzureRM backend. However, you may hit a glitch when adding or importing resources if you lack permissions to register Azure resource providers: At first glance this error look cryptic, but it is quite clear once you understand what Azure resource providers […]

OpenVPN server options in Azure

OpenVPN is among the best VPN solutions, especially when you need a cross-platform (Windows, Mac, Linux, Android, iOS) solution that just works. It is best suited for point to site (P2S) or "road warrior" setups where users access internal resources using a VPN client when on the road. When setting up OpenVPN server in Azure […]

Recruiting for a small business - lessons learned, part 2: Tips for job seekers

I previously wrote about takeaways from our first recruitment process as a recruiter in January 2021. This time I’m looking back to the recruitment process in order to gather tips for the other half, job applicants and seekers. Part of the advice are also based on my own experiences as a job seeker and some […]

Poor marketing, part #1

As an entrepreneur you are flooded with attempts to persuade you to buy something. Typically what is sold is services like website development, mobile application development or outsourced developer/devops workforce. Most attempts are mediocre, but only a few can be classified as outright bad. As inbound marketing and sales are dear to our heart, in […]

Software release: net-snmp-systemd-services-status

Puppeteers is proud to release the first version of net-snmp-systemd-services-status. It is a net-snmp pass_persist script written in Python that queries the status of all systemd services on a system, dynamically generating OIDs based on the systemd service names. This gives the services a predictable name. Querying all services on a typical Linux VM takes […]

Extending snmpd with custom scripts

Traditional network monitoring systems tend to get their monitoring data via SNMP. In case of Linux snmpd is usually the system application that's responsible for providing that data. The data consists mostly, but not entirely, of metrics. For example, the data contains strings such as operating system version, administrative contacts and network interface names. It […]

Making modals responsive in Oxygen Builder for WordPress

I always thought that it would be impossible for me to make convincing looking websites. But I did learn it and enjoy it very much. But as soon as I’m ready with a new, beautiful web page on my screen, my joy is cut short by the fact that I still need to make it […]

Two-stage Qemu builds with Packer

In the Building Ubuntu 20.04 qemu images with Packer blog post we briefly touched on the topic of two-stage builds with Packer to save time when working on the provisioning scripts. In that article the setup was ad hoc and was based on having two separate Packerfiles (*.pkr.hcl). It is, however, possible to have a […]

Building Ubuntu 20.04 qemu images with Packer

Introduction We use Packer a lot, but I had not so far generated any Qemu images with it. This was a fun project because it allowed (or forced) me to learn autoinstall, Ubuntu's cloud-init style installation automation, which by the way easier to work with than Debian-style preseeds. For more information on preseeding for pre-20.04 […]

Making wpcal.io work with Zimbra calendars

Scheduling meetings with email is annoying. When everyone is on the same timezone that kind of works, but tends to be slow. When you factor in timezone differences the process becomes really error-prone and slows down even more, often to several days. For this reason we wanted to provide people - including our customers - […]

Creating Puppet Bolt groups based on AWS tags

The Using tags in Puppet Bolt aws_inventory target_mapping showed how to use AWS "Name" tag as the target name for Puppet Bolt. Use of tags can be extended to creating Bolt target groups: All you need to do is add a "filter" section with one filter. The "name" parameter tells Bolt that the filter is […]

Testing Puppet feature environments with Puppet Bolt

Puppet feature environments are an excellent way to test code before deploying it, typically to production. They allow testing Puppet runs on no-operation mode across the whole node population managed by Puppet. There are sometimes cases where your code changes potentially impact many nodes and you're not exactly sure of their scope or effect. In […]

To containerize in AWS or not: the cost perspective

I recently checked the pricing model for Amazon Fargate to see if migrating a fair number of EC2 instance-based workloads to containers would save money. In theory this should have been the case, as a container has less "fat" compared to a full virtual machine. In this case the workload itself was perfectly suited for […]

Using xfreerdp with Vagrant

Vagrant has built-in support for connecting to Windows VMs using the vagrant rdp command. It does basically does the same as vagrant ssh for Linux VMs. There are a few shortcomings, though: vagrant rdp fails to automatically accept the host key of the VM it is connecting to, at least when using it from Linux […]

Installing individual components to Visual Studio 2019 from the command-line

I've been doing lots of Windows automation recently. My goal has been to be able to reproducibly create a Windows Server 2019-based Buildbot workers, first in a Vagrant environment, then later in AWS EC2 using pre-built images created with Packer. This task requires installing Visual Studio 2019 build tools automatically and fetching the project's dependencies […]

Categories

#aad #Access #acl #alertmanager #ansible #ansible module development #Apache #API #augeas #authentication #authorization #automation #automatization #aws #azure #backup #bash #bitbucket #buildbot #cache #centos #cloud #cloud-init #cloudflare #cloudfront #cluster #connectionsJpa #control repo #custom fact #database #debian #devops #digital sovereignty #DNS #docker #domain mode #duplo #edenred #ejabberd #email #encryption #erb #europe #eyaml #fabric #facter #facts #fargate #fedora #file #finnish #foreman #freeipa #git #github #gitlab #gnome #google #grafana #hammer #hiera #IAM #import #infinispan #Infrastructure as Code #ipmi #irc #jboss #jdk #jenkins #JMESPath #json #kanban #keycloak #letsencrypt #librarian-puppet #librenms #linkedin #Linux #Location #loop #marketing #mautic #Mellon #mfa #microsoft #monitoring #mysql #nagios #network-manager #oauth #oauth2 #office365 #oidc #openshift #open source #openvpn #oxygen #packer #paranormal #pdk #people #php #pkcs7 #pomodoro #Powershell #preseed #presentation #profiles #prometheus #provisioning #puppet #puppet-bolt #puppet-litmus #puppetboard #puppetdb #Puppetfile #puppetserver #puppet types and providers #pxeboot #qemu #quality #r10k #rds #recruitment #redirect #Restrict #Reverse Proxy #robotframework #roles #rspec #ruby #SAML #selinux #sem #shell #showsql #snmp #snmpd #software developement #spam #ssh #sso #standardization #systemd #systemd-resolved #teams #terraform #twilio #ubuntu #user-data #vagrant #vanity awards #variable #vim #virtualbox #visualstudio #webdevelopment #wildfly #Windows #wireguard #wordpress #workflow #x11 #xmpp #zimbra
We are
 Puppeteers
menucross-circle