Puppeteers Blog

Category: Hints and tips

X11 Connection Rejected

When switching to root after the typical SSH with X11 forwarding enabled this error can appear: The workaround seems to include copying the MIT-MAGIC-COOKIE-1 from the user who ssh'd in to the root user using xauth. Here's how: First verify the $DISPLAY being used and list the MIT-MAGIC-COOKIE-1 used for it : Next switch to […]

Enabling system tray on Fedora 35 and 36

System tray is a "legacy" tray where various applications (e.g. Nextcloud, Pidgin and Signal) have an icon with which you can interact with the application without actually opening the main application window. I said "legacy", because phasing it out was the plan in the Gnome 3 project, but it seems like we're not getting rid […]

Terraform Enum data type

In Terraform you have access to basic data types like bool or string. Defining the data type is a good start for starting to improve the quality of your modules. However, you may want to validate that a certain string matches a list of pre-defined options, and if not, fail validation early. Terraform, unlike Puppet, […]

Terraform remote-exec: wait until a webpage is reachable

Terraform's remote-exec provisioner fails immediately if any command in a script exists with a non-zero exit code. This makes building polling loops a bit more involved than it normally is. So, here is an example loop that checks if a URL can be reached: When the URL is unreachable, the "||" will ensure that "sleep" […]

Showing SQL statements with Keycloak

Sometimes you might find yourself wondering whether there is some paranormal activity going on with your keycloak and its database. To check if things are still in the realm of physical reality, and to restore your child's faith in the programmer who never makes mistakes, it might be soothing to check what's actually happening to […]

Multiple Bitbucket Cloud accounts with SSH authentication

In Bitbucket usernames are unique across whole of Bitbucket. Moreover, the same SSH key can only be configured for one user. If you registered your Bitbucket account using a corporate email and used your primary SSH key with it, you're pretty much hosed if you then need to create another corporate Bitbucket account and wanted […]

Managing OpenVPN-based Azure VPN Gateway certificates with easyrsa3

The Azure VPN Gateway supports the OpenVPN protocol (except the "Basic SKU"). Unlike, for example, the commercial Access Server, the VPN Gateway does not have a built-in certificate authority (CA) tool for managing client certificates. And client certificates are essentially a requirement if you need to support clients other than Windows and Mac, such as […]

Terraform Azure resource provider registration fails

Terraform has good support for Microsoft Azure through the Terraform Azure provider and the AzureRM backend. However, you may hit a glitch when adding or importing resources if you lack permissions to register Azure resource providers: At first glance this error look cryptic, but it is quite clear once you understand what Azure resource providers […]

Recruiting for a small business - lessons learned, part 2: Tips for job seekers

I previously wrote about takeaways from our first recruitment process as a recruiter in January 2021. This time I’m looking back to the recruitment process in order to gather tips for the other half, job applicants and seekers. Part of the advice are also based on my own experiences as a job seeker and some […]

Making modals responsive in Oxygen Builder for WordPress

I always thought that it would be impossible for me to make convincing looking websites. But I did learn it and enjoy it very much. But as soon as I’m ready with a new, beautiful web page on my screen, my joy is cut short by the fact that I still need to make it […]

Two-stage Qemu builds with Packer

In the Building Ubuntu 20.04 qemu images with Packer blog post we briefly touched on the topic of two-stage builds with Packer to save time when working on the provisioning scripts. In that article the setup was ad hoc and was based on having two separate Packerfiles (*.pkr.hcl). It is, however, possible to have a […]

Creating Puppet Bolt groups based on AWS tags

The Using tags in Puppet Bolt aws_inventory target_mapping showed how to use AWS "Name" tag as the target name for Puppet Bolt. Use of tags can be extended to creating Bolt target groups: All you need to do is add a "filter" section with one filter. The "name" parameter tells Bolt that the filter is […]

Using xfreerdp with Vagrant

Vagrant has built-in support for connecting to Windows VMs using the vagrant rdp command. It does basically does the same as vagrant ssh for Linux VMs. There are a few shortcomings, though: vagrant rdp fails to automatically accept the host key of the VM it is connecting to, at least when using it from Linux […]

Installing individual components to Visual Studio 2019 from the command-line

I've been doing lots of Windows automation recently. My goal has been to be able to reproducibly create a Windows Server 2019-based Buildbot workers, first in a Vagrant environment, then later in AWS EC2 using pre-built images created with Packer. This task requires installing Visual Studio 2019 build tools automatically and fetching the project's dependencies […]

Using tags in Puppet Bolt aws_inventory target_mapping

We're migrating away from Ansible to Puppet Bolt and the fact that Ansible updates broke the old ec2.py inventory script expedited that process. While that inventory script was quite rudimentary, it was able to automatically add human-readable names to the EC2 instance names. So, for example, you could target a node using "server_example_org" if the […]

Delegating external parties access to Azure

In Microsoft Azure you can grant an external user ("contractor") guest access to your Azure subscription. The approach is quite different from what AWS uses (see Delegating external parties access to AWS). Here we grant access to john.doe@contoso.com using the Azure Portal. Preferably john.doe@contoso.com would already exist as a Microsoft account. Login to your Azure […]

Delegating external parties access to AWS

This blog post shows how to grant access to an AWS account for some external party. For simplicity we will call this external party a "contractor". If you want to do the same for Microsoft Azure look at this blog post instead. This method requires the contractor to have its own AWS account, but it […]

Gitlab SAML to Keycloak Setup

Integrating Keycloak with Gitlab SAML makes it easier to manage users in an organization from a central point. You could manage separate accounts on Gitlab, but for us it makes sense to utilize Keycloak as we are already using it for other applications. The first step is to create a Gitlab SAML client in the […]

Cutting down Azure storage costs for a Marketplace seller

A few days ago I looked at our Azure costs and they were around $8. That's a ridiculously small amount, except for the fact that we don't really use Azure for anything. So I started investigating. After having published the Configuration Manager (Puppet master installer image) and LibreNMS in Azure Marketplace I knew that we […]

Puppet Bolt: taking action based on exit codes

Puppet resources like Package, File or Service are idempotent. In other words, you define the state of the resource and Puppet enforces it. The resources can be used in Bolt plans as well, which frees you from having to do state checks yourself. However, if the thing you're managing is not a Puppet resource you […]
1 2 3