chris.collins.is

OBS Studio and Fedora Silverblue

Using OBS Studio with Fedora Silverblue

Chris' Laws of Oncall

I’ve spent almost twenty years in tech, almost all that time in operations of some kind and carrying a pager. I have developed “Chris’ Laws of On-Call”, most of which will overlap with similar laws created consiously or unconsiously by anyone required to carry the weight of the pager.

Movin' to Hawaii; Gonna eat a lot of Pineapples

$ mv chris_and_fam hawaii/

Type Functions in Go

This was not something I’d come across before, and my brain did its best to try to rationalize what I was seeing: “Clearly, someone is missing a bracket here.”

Podman

podman-overlay-is-not-supported-over-xfs

After pulling out all the hair I don’t, as a bald man, have, I tried dnf reinstall podman … with no luck.

Linux

How I Found Linux

The fist time I installed Ubuntu and it booted right to the desktop without prompting me for a license key (which I had been entering five or six times a day with Windows) I said out loud, “Woah!”, and smiled. …I vividly remember that moment.

Fedora

No Flash in Firefox 60 Fedora 28

What decade is this? No, thank you, Google. I am not installing any of Adobe’s products.

Buildah: A new way to build container images

Project Atomic’s new tool, Buildah, facilitates new ways to build container images.

Ansible Role for RHEL Atomic Host

This morning I was asked by a friend if I could share any Ansible roles we use at $WORK for our Red Hat Atomic Host servers. It was a relatively easy task to review and sanitize our configs - Atomic Hosts are so minimal, there’s almost nothing we have to do to configure them.

Three Docker Build Strategies

There are any number of ways to use containers and numerous ways to build container images. The creativity of the community never ceases to amaze me - I am always stumbling across a creative new use case or way of doing things.

Statement of GPG Key Transition

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1,SHA512

Fri Dec 9 11:49:22 EST 2016

Statement of GPG Key Transition
——————————-

In order to replace my older DSA-1024 key, I have set up a new OpenPGP key, and will be transitioning away from my old key.

The old key will continue to be valid until 2017-06-01, but future correspondence should come to the new key. I would like the new key to be integrated into the web of trust.

This message is signed by both keys to certify the transition.

The old key was:

pub dsa1024/B5EE841627F7BF37 2008-08-26 Christopher Collins
Primary key fingerprint: 69E6 0653 A1A3 0600 ADB2 B3AD B5EE 8416 27F7 BF37

And the new key is:

pub rsa2048/F5752BA146234FD4 2016-12-09 Christopher L. Collins
Primary key fingerprint: 923E 0218 77DB 3F70 F614 6F62 F575 2BA1 4623 4FD4

To fetch my key from a public key server, you can do:

gpg –keyserver pgp.mit.edu –recv-key F5752BA146234FD4

If you have my old key, you can verify the new key is signed by the old one:

gpg –check-sigs F5752BA146234FD4

To double-check the fingerprint against the one above:

gpg –fingerprint F5752BA146234FD4

Finally, once you are satisfied this key represents me and the UIDs match what you expect, please sign my key, if you don’t mind:

gpg –sign-key F5752BA146234FD4

Thank you, and sorry for any inconvenience.

-Chris

—–BEGIN PGP SIGNATURE—–
iEYEARECAAYFAlhK+2UACgkQte6EFif3vzcybACg+FO1UuIK3hKA/IUIoR1CsqiM
MvsAoJ4zmeh7JjKyhlfyFDFD95G5U1pDiQEcBAEBCgAGBQJYSvtpAAoJEPV1K6FG
I0/UjM4IAKqifcolct4klHutTD3fcBy3sMoseR7cvA9mpG/TvSUUhBGEK1R+ssKI
/lGjnR2vnJVUltnS6lAUHy0GafloPEdkQhlRFimtBW+3pBKGbqVHzDwYevEqt5Qv
dOvr4UgbOvjIdt2FTl24ht8Sf14LU+znlTF77PTP9CW6hbIcAZatLrSKcWbse4cu
kQRhQQystBHLohGkCYW52IrOz1Vyy5K0NtbQm1sAkbqZqOuAV98z0EkpnMeiP0Vf
A5bJjA+Nu4XIN+OLSxYsg32KpyfFPqPfQbf3zv5i9gr6hl/gdEl2QYRK+A89kAzf
qmT97XAQmNTczFuP/OLbjc0dMALl+zM=
=YUAx
—–END PGP SIGNATURE—–

Docker

When Systemd, Docker and Golang Butt Heads

Systemd vs. Docker vs. Golang - Round 1: FIGHT!

Apache HTTPS configuration – June 2015

HTTPS is HTTP over TLS. It allows you to encrypt traffic to and from your web server, providing privacy and security for your clients. As of this writing, the world is moving ever closer to HTTPS everywhere: thanks to the Snowden documents, there’s been a big push for more privacy and security. Major companies like Google and Mozilla are securing traffic by default for all their applications. Cloudflare is offering free HTTPS encryption between clients and their severs. Let’sEncrypt, a new Certificate Authority offering free, secure certificates is scheduled to open it’s doors in September.

Some Real-World Info on POODLE (CVE-2014-3566)

TL;DR: Remove SSLv3 - the impact is likely very small

We’ve now removed SSLv3 from about 1000 servers in our environment. So far, we’ve only had one issue - a script used to call an API started to fail. The issue was the ruby rest client > 1.7.0. (Yes, that’s greater-than.)

Removing from Apache

SSLv3 is easy to remove in Apache. You probably want this in your ssl.conf (or whatever the equivalent is for your distro):

“Cloud-style” Docker Demo Container

Completed a first pass at a minimal “Cloud-style”#Docker container. It’s sort of like an EC2 instance. You generate an ssh pem file, and pass the public key in as an environmental variable at docker run:

sudo docker run -i -t -d -P \
-e PUBKEY="$(cat ~/.ssh/my.pem.pub)" cloudbase

You end up with a CentOS container, and a user “clouduser” that has sudo w/no password rights.

I think this would be a good way to get some folks interested in Docker - perhaps offering something like this as a playground/sandbox to build interest.

Docker

Quick Bash Script to Update Docker

What decade is this? No, thank you, Google. I am not installing any of Adobe’s products.

Ramble on Docker and Open Source Learning

I’m a HUGE proponent of Open Source learning, and I think technology is going to both inform the way it works (taking it’s cues from the Open Source world) and provide the platform for this new type of learning.

A Dream Of Docker

I can’t think of anything that we do that wouldn’t be improved, that wouldn’t be automated, that wouldn’t be scaled, that wouldn’t be made better in at least ONE way by moving it to Docker.

SSH In a Docker CentOS Container

However, more Google-ing turns up that Docker explicitly drops the audit-related capabilities that are required for this to work, causing an error to be returned to PAM. This means that it’s not ever going to work in a Docker container unless the Docker code is changed. That’s out of my hands, though.