machine A ( provides resource A on port 8888
machine B ( needs to access resource A

without modifying machine B (not allowed), create machine C and have any traffic to machine C on port 8888 forwarded to machine A. Then tell machine B that machine C is machine A and nobody is the wiser. None of the examples I found online had this working properly.

I routinely used to transfer data between systems using rsync. Since I wanted the communication to be secure I used ssh-keys, I noticed that my trick for using a command in the key isn't terribly well documented, so here is how I do it...

Goal: Keep /opt/before on machine B in sync with /opt/after on machine A.

On machine A, create an ssh key for this

I was trying to allow a user to sudo to another account and run a specific command. I'm not a fan of getting them to run through su since it doesn't make much sense to involve a third tool in the equation. I could get it working with the following:

theiruser ALL=(runasuser) NOPASSWD:/usr/local/bin/

Trying to fix an issue with snmp, I started by building an snmp module using audit2allow. It kept failing to load, and the error message is a little cryptic...

[root@host thomas]# semodule -i snmp.pp
libsepol.print_missing_requirements: snmp's global requirements were not met: type/attribute snmpd_t (No such file or directory).

Had an sssd process spinning and using 100% cpu. Did an strace on it and saw that it was complaining about too many open files.

pid accept(24, 0xaddress, [110]) = -1 EMFILE (Too many open files)

getting the number of open files for the process.

# lsof -p $(pidof sssd_pam) |wc -l

Lightening talk I gave at SASAG on Sept 12, 2013.

Quick intro to using netcat and gnutls-cli to interact with HTTP, IMAP and SMTP and debug problems.

Talk I gave at puppetconf2013 on using exported resources to dynamically configure your system. Using augeas and concat the examples build up a working dns implementation that is automatic. The system was simplified a lot for the talk but the principles of using exported resources to configure the system is powerful.

I knew this script looked familiar, I just wrote the same script as I wrote almost a year ago. I guess I didn't do a good job getting it on the google's, cause I couldn't find it until I started posting about

Maybe this time I'll include some of the code in this post.

This has come up 3 times in the last few days so I thought I'd share it. The situation is that there are files at /var/spool/mqueue that are part of the /var filesystem. But there is also another filesystem mounted at /var/spool/mqueue with it's own files. You want to access the files under the mount but you can't. So, there are two ways around this (in this instance).

Option 1

Overview of KVM
Intro to puppet

Thanks everyone who came to the talks, great conference this year. Thanks to puppetlabs for all the support. Getting better every year, looking forward to next year! (just hope it stays smaller than LISA)