Paul's Blog

The articles below are on various topics, though the majority are focused on some aspect of systems administration.

OpenStack Identity API and domain access · July 26, 2016

I was perusing the instructions to setup Heat, the OpenStack orchestration service, and found myself unable to use the openstack domain command.


Your First OpenStack VM · July 12, 2016

Congratulations! You’ve setup OpenStack and you can get to its web interface.

Now what?

I found the process of setting up a new VM less than intuitive. I hope this not-so-brief howto will help others who likewise find it difficult to get started.


The Demise of Independent Computer Retailers · May 10, 2016

A recent thread in a local tech mailing list noted the impending closure of Pacific Solutions, an established computer retailer here in Portland. I was never a frequent customer—to get there I typically had to go out of my way—but the store had a knowledgeable staff and stocked industry-standard parts. I was saddened, though not surprised, at the news.

One contributor to the mail thread noted that back in the 1990s, there were quite a few independent computer retailers in and around Portland. “Then,” he wrote, “came Fry’s and Amazon.”

It’s true that small computer retailers have largely disappeared, but I don’t think that Fry’s and Amazon are the main culprits.


Re-index OS X Spotlight · May 4, 2016

Spotlight searches on my Macbook Pro running OS X 10.10.5 (Yosemite) were failing. Worse, the smart mailboxes in Apple Mail weren’t working. Without smart folders, it takes me a lot longer to navigate my inbox every morning.

The solution was to force OS X to re-index my hard drive.


National Weather Service Will Stop Screaming · April 11, 2016

In November 2014, I wondered why the National Weather Services still uses all upper-case letters in its forecasts.

That anachronism remaining from the days of teletype machines is now scheduled to come to an end next month. NWS will only scream in all caps to alert readers to very hazardous conditions.


My Favorite Narrator is a Dog · April 11, 2016

Whether or not it’s true that additional scenes were added to Suicide Squad to provide additional humor, I’m fairly convinced that the commercial success of films like The Martian, Guardians of the Galaxy, Deadpool, and The Avengers was in large part due to their good humor and jaunty tone.


Scripting a Keepalive for Adium · April 4, 2016

Our team at work uses a group chatroom on a daily basis, though sometimes an hour or more will pass between flurries of messages. The chats are hosted on the enterprise-level Skype for Business Server.

During those lulls, and without warning, my Mac instant-message application Adium will silently timeout. One minute I’m connected, the next I’m not—but Adium offers no indication whatsoever of the change.

Once Adium is disconnected, I get no further messages even during the next message flurry. I’d say that ignorance is bliss, but I depend on that chatroom for information. Plus, my colleagues have a reasonable expectation that I’ll respond to their questions in a timely manner.

My temporary fix is a scripted keepalive.


Apache 'Require ldap-group' Limitation · March 17, 2016

The problem, briefly: Apache configured to authenticate via LDAP and authorize access only to members of a certain group, would not authorize a new user account that was clearly a member of that group.

The solution, briefly: The new user account had its primary group identifier (GID) set to the authorized group, while all other users were auxiliary members. The new user account had to be given an explicit memberUid entry within the group’s LDAP definition.


My First Cloud-Init Scripts · March 4, 2016

I’ve been playing with OpenStack at work, getting ready for a pilot project that, if approved, will launch in a couple weeks. I hope to have more entries on OpenStack installation, configuration, and usage later. Today, however, I began experimenting with cloud-init scripting and customizing a stock OpenStack VM image.


Mozilla SSL Configuration Generator · January 15, 2016
The Mozilla SSL Configuration Generator is a very nice tool for anyone who’s responsible for configuring a web server for SSL operations. You simply tell the site what web server and OpenSSL version you have, and what range of client software you need to serve, and it gives you a working configuration snippet. Bravo!
Copying remote files while changing ownership · November 18, 2015

Someone at work encountered an interesting obstacle today. The problem was how to change ownership of files in transit to an NFS filesytem that squashed activity by user root. Solving it required a quirky shell one-liner that you may find interesting.


Site Overhaul · November 1, 2015

I’ve maintained this site since 2002, and it had essentially the same layout from 2004 until recently (November 2015). It was time to redo it.


IPMI tool function · September 28, 2015

In the vein of my post about an SSH login function I’ve added to my bash profile, here’s another profile function, this one for invoking ipmitool.


FQDN SSH login function · September 23, 2015

I don’t use unqualified hostnames for ssh logins. They’re too dependent on local context. The command ssh myhost leaves it up to the local DNS resolver to append a domain name to myhost, and too often the local DNS resolver is influenced by a DHCP server of unknown provenance.

On the other hand, laziness dictates that I reduce the amount of typing I do to login, so the command ssh myhost.mysubdomain.mydomain isn’t a winner for me either.


Ethernet Device Names in CentOS 7 · January 7, 2015

I’ve got quite a few servers currently running CentOS 6 that will over the course of the coming months be upgraded to CentOS 7. One of the allures of Linux distributions in the Red Hat family—including CentOS and Fedora—is the kickstart feature, which allows you to automate highly customized installations.

One problem I’m encountering is the CentOS 7 default of using so-called predictable network interface names. No longer can you assume the presence of eth0; your first interface may be p5p1, eno1, or something wackier like enp4s0f0. This causes issues in kickstart files which refer to a specific interface.