Contact us

Puppeteers Blog

Category: Deep dive

Are Corporate Vision awards fake?

This was a burning question in my head in September 2021 but didn't have much luck googling it. Here's our experience and analysis of Small Business Awards by Corporate Vision. Read on to find out whether the awards handed out by Corporate Vision awards truly are a legit or not. How did we hear about […]

Mautic spam prevention

Mautic is a widely used open source email marketing automation application written in PHP. Email marketing is typically used in conjunction with inbound marketing done by asking people to give their email address in exchange for something, like a free ebook or a newsletter with good content. As you're asking for the email address on […]

Conditional provisioner blocks in Terraform

I'll start with a spoiler: what the title suggests is not possible. It is, however, possible to accomplish this with cloud-init and Terraform templates as described in the Multi-part cloud-init provisioning with Terraform blog post. If you need to use SSH/WinRM provisioning, then there are various workarounds you can apply, and this article explains some […]

Dealing with multiple AWS accounts with one Keycloak client for Single-Sign On

This article assumes that the user backend for Keycloak is FreeIPA. Regardless of that the instructions will apply to any other setup with minor modifications. Here we use two different AWS accounts renamed to 123412341234 and 567856785678 to protect the personal information of the innocent. The Keycloak staging cluster on which this integration was done […]

Allowing external email forwarding in Office 365

We use Zimbra as our main email server. We also have Office 365 subscription to make working with our clients a bit easier. The challenge is that when customers send us, say, Teams meeting invites, they typically use autofill and the email gets sent to our Office 365 mailboxes which nobody really looks at. It […]

Enabling AWS EC2 instance automatic recovery with Terraform

AWS EC2 instances are subject to two types of status checks (AWS docs): System status check (issues with the underlying hardware/networking: "the AWS side") Instance status check (issues with the OS, e.g. OOM, file system corruption, broken networking, etc: "our side") The official AWS EC2 instance recovery documentation claims that automatically recovering from an EC2 […]

Extending snmpd with custom scripts

Traditional network monitoring systems tend to get their monitoring data via SNMP. In case of Linux snmpd is usually the system application that's responsible for providing that data. The data consists mostly, but not entirely, of metrics. For example, the data contains strings such as operating system version, administrative contacts and network interface names. It […]

Building Ubuntu 20.04 qemu images with Packer

Introduction We use Packer a lot, but I had not so far generated any Qemu images with it. This was a fun project because it allowed (or forced) me to learn autoinstall, Ubuntu's cloud-init style installation automation, which by the way easier to work with than Debian-style preseeds. For more information on preseeding for pre-20.04 […]

Making wpcal.io work with Zimbra calendars

Scheduling meetings with email is annoying. When everyone is on the same timezone that kind of works, but tends to be slow. When you factor in timezone differences the process becomes really error-prone and slows down even more, often to several days. For this reason we wanted to provide people - including our customers - […]

Testing Puppet feature environments with Puppet Bolt

Puppet feature environments are an excellent way to test code before deploying it, typically to production. They allow testing Puppet runs on no-operation mode across the whole node population managed by Puppet. There are sometimes cases where your code changes potentially impact many nodes and you're not exactly sure of their scope or effect. In […]

Puppet types and providers development part 6: mysteries of self.prefetch

This blog post is a part of this blog post series: I will open this blog post with a quote from the famous Gary Larizza: After wading the waters of self.prefetch, I’m PRETTY SURE its implementation might have come to uncle Luke after a long night in Reed’s chem lab where he might have accidently […]

Puppet types and providers development part 5: self.instances

This blog post is a part of this blog post series: The self.instances is a provider class method that is used to produce an array containing all resources found from the system. For example, a yum package provider might run "rpm -qa" in self.instances to get a list of packages installed on the system. This […]

Limiting concurrent builds in Buildbot

Buildbot is a continuous integration framework which many open source projects seem to be using. Unlike continuous integration applications or automation servers like Jenkins Buildbot does not make many assumptions about your use-case. In fact, when you build your CI or CD pipeline you're actually writing Python code and hence have all the flexibility of […]

How to Setup a Staging WordPress Server

Having a staging server for WordPress is quite useful for testing new features without the worry of breaking something in production. It is also helpful when you have a multi user environment and need to test something that could impact others. In this article it is assumed that your WordPress instance has SELinux enabled as […]

Dynamic partitioning in Foreman kickstart templates

Foreman's provisioning system allows creating provisioning templates with highly dynamic content. This article describes how to create dynamic content in your Foreman provisioning templates. While the example is related to dynamic partitioning in kickstart, the basic mechanisms for setting this up applies to any kind of template. Foreman provisioning templates are written in ERB format. […]

Fixing foreman-installer "Forward DNS points to " errors

This posting comes strictly from the land of esoteria. We have a Vagrant + Virtualbox environment that sets up Foreman used for PXE booting baremetal servers. The environment work fine on Linux and MacOS. But we needed to make this environment work also on Windows. Easy, right? Vagrant and Virtualbox are supposed to abstract all […]

Solving an Apache Mellon redirect loop mystery

If you’re at all like me, you every now and then find yourself thrown out of your comfort zone, when you should actually be in it. The pattern usually goes something like this: It’s something simple. I’ll fix it in a couple of minutes and document it for others. I know my stuff.  Hmm, this […]

Authenticating and authorizing Grafana users from FreeIPA groups via Keycloak identity and access management solution

Grafana is a common tool to visualize data from multiple datasources. Perhaps the most common datasource is Prometheus. If an organization has a Single-Sign On solution, it makes sense to authenticate users centrally with that solution That will make authentication easier and friendlier for end users (authenticate once and then access multiple services), and also […]

Making sense of JBOSS/Wildfly interfaces in domain mode

In this blog we consider JBoss/Wildfly domain mode in the context of the wonderful Keycloak software. It is not necessarily trivial to understand how the interfaces  should be configured, especially if you want to do something other than the defaults, for example to secure your Wildfly/JBOSS configuration, or if you are dealing with a more […]

High-level and low-level tasks in Kanban

We use Kanban to coordinate our projects and tasks. Kanban is focused on visualizing and improving throughput, that is, making projects (high-level) and tasks (low-level) go through the system as fast as by limiting work in progress, which in turn minimizes waste (time and money). Our field of work is IT operations and we're generally […]

Categories

Tags

#aad #Access #acl #alertmanager #ansible #ansible module development #Apache #API #augeas #authentication #authorization #automation #automatization #aws #azure #backup #bash #bitbucket #buildbot #cache #centos #cloud #cloud-init #cloudflare #cloudfront #cluster #connectionsJpa #control repo #custom fact #database #debian #devops #digital sovereignty #DNS #docker #domain mode #duplo #edenred #ejabberd #email #encryption #erb #europe #eyaml #fabric #facter #facts #fargate #fedora #file #finnish #foreman #freeipa #git #github #gitlab #gnome #google #grafana #hammer #hiera #IAM #import #infinispan #Infrastructure as Code #ipmi #irc #jboss #jdk #jenkins #JMESPath #json #kanban #keycloak #letsencrypt #librarian-puppet #librenms #linkedin #Linux #Location #loop #marketing #mautic #Mellon #mfa #microsoft #monitoring #mysql #nagios #network-manager #oauth #oauth2 #office365 #oidc #openshift #open source #openvpn #oxygen #packer #paranormal #pdk #people #php #pkcs7 #pomodoro #Powershell #preseed #presentation #profiles #prometheus #provisioning #puppet #puppet-bolt #puppet-litmus #puppetboard #puppetdb #Puppetfile #puppetserver #puppet types and providers #pxeboot #qemu #quality #r10k #recruitment #redirect #Restrict #Reverse Proxy #robotframework #roles #rspec #ruby #SAML #sem #shell #showsql #snmp #snmpd #software developement #spam #ssh #sso #standardization #systemd #systemd-resolved #teams #terraform #twilio #ubuntu #user-data #vagrant #vanity awards #variable #vim #virtualbox #visualstudio #webdevelopment #wildfly #Windows #wireguard #wordpress #workflow #x11 #xmpp #zimbra
We are
 Puppeteers
menucross-circle