Paul's Blog

The articles below are on various topics, though the majority are focused on some aspect of systems administration.

ami-search: Find latest AWS machine images · January 26, 2018

When I launch AWS EC2 instances for myself or for clients, I typically fall back on just a few OS/Distribution options: Amazon Linux, CentOS, Ubuntu LTS, or FreeBSD. I usually launch these VMs using the AWS Command Line Interface, but doing so requires the unique ID of the Amazon Machine Image (AMI) requested. I like to use the newest AMI available, but the AMI ID for the latest image changes often and the IDs vary by AWS region.


Creating an AWS VPC · November 15, 2017

It’s sometimes the case that you’d like to wrap your Amazon EC2 instances, and perhaps some EFS file stores, up in a nice private environment, as if you had your own little data center. You’d have your own network segments, with perhaps a DMZ or a NAT gateway. You’d be able to define ingress and egress rules for each segment.

AWS bundles those capabilities up in their Virtual Private Cloud (VPC) service.


Using ProxyJump with SSH and SCP · November 2, 2017

It’s somewhat common to have what’s known as a “jump host” serve as an SSH gateway to a remote network. You use ssh to log into the jump host (or “jump server”) and from there use ssh to log into an internal host that’s not directly accessible from the Internet.

With the release of ssh version 7.3, the OpenSSH folks made it easier to do the jump and internal login in one step.


Thinking and Doing in Education · May 25, 2017

Back in late 2013, I had a short but congenial e-mail exchange with John Tierney about his article on the Maine Maritime Academy and a follow-up piece that discusses various responses he received mostly on the theme of career-oriented education vs. a liberal-arts eduction. Many more readers added their thoughts in another follow-up. I was recently cleaning up my e-mail archives and had a chance to revisit my thoughts on the issue.


Expand ZFS in Linux VM · May 16, 2017

Ubuntu 16.04 has native support for ZFS, which means that VMs may start to use ZFS for non-root filesystems. Here’s a cookbook for expanding those filesystems. In OpenStack, the ZFS filesystem must be exported before this can be done, but at AWS it can be done without downtime.


Iterating a Hiera Hash · March 31, 2017

I’m in the process of learning about and porting some rules to Puppet 4.9. One task that had eluded me was integrating custom Hiera data into modules. I used the saz-rsyslog module and discovered that it largely turned off local logging, so it became a good time to discover how to define logging policy.


Repository Refresh · January 4, 2017

Given a directory (e.g., ~/src) with a bunch of git and/or subversion repositories, refreshing them all is a script away.


Create IPv4 hex filenames for PXELINUX · December 16, 2016

The PXE network booting system distributed by the Syslinux Project is widely used for installing operating systems on networks of all sizes. It’s used in conjunction with DHCP and TFTP servers. The PXELINUX bootloader will look for a succession of files. You should read the official documentation to get the full story, but the short version is that their filenames are based on Client UUID (not always present) Client Ethernet MAC IPv4 address in hexadecimal A file named default The part that usually trips me up is converting an IPv4 address to hex.


Basic Command-line AWS Glacier Workflow · September 23, 2016

Glacier is Amazon’s AWS cold-storage service. Its data-center analog is archival tape storage, and it is about as slow as tape. Retrieval times are measured in hours (if not days). Glacier is a disaster-recovery tool, not live storage.

Unlike most AWS offerings, Glacier cannot be usefully controlled from the web console. It must be accessed with command-line tools or custom-built programs. Here’s a quick overview of Glacier operations using the AWS command line interface.


AWS S3 Access Management · September 7, 2016

Access control on Amazon S3 is subtle and complex. Here’s a high-level overview of the access controls that can be placed on S3 buckets and objects.


Red Hat/CentOS Software Collections (SCL) · August 29, 2016

Red Hat promises software compatibility for the life of any given RHEL release. It will not upgrade major applications mid-release. For example, if RHEL 6.0 contains PostgreSQL 8.4, RHEL 6.7 cannot move to PostgreSQL 9.4. Too many applications will break.

Yet some customers require the upgraded software. By way of an answer, Red Hat and the CentOS project have published what are called Software Collections (SCL). Packages provided in the SCL repositories typically provide newer versions of software that play a key role in the Linux world: Python, Apache, PostgreSQL, MySQL, gcc, etc.


Limitations of Hugo's Date Format Templating · August 24, 2016

As I’ve mentioned, I use Hugo to generate the bulk of the content on this site. Its templating system is built on that found in the Go programming language. The time and date formatting routines Hugo inherits from Go are idiosyncratic, to say the least.


ACLs for OpenStack Swift Object Storage · August 11, 2016

An OpenStack Swift object-storage container is usually available only to users in the project in which the container was created, but Swift has an access-control mechanism that allows subtle permission sets to be constructed.


Managing Multiple OpenStack CLI Environments · August 10, 2016

If you’re an OpenStack administrator or power user, there’s a good chance you need to use the OpenStack command-line tools within multiple projects. Here’s a bash script to help you move between projects.


OpenStack Identity API and domain access · July 26, 2016

I was perusing the instructions to setup Heat, the OpenStack orchestration service, and found myself unable to use the openstack domain command.