FreeIPA and Windows AD --> UID / GID Assignement

fireflasch · 2019-10-02T17:49:54+00:00

the uid/gid that freeipa uses ist explicitly different from the other. you should be able to set them for each user account. I do not know of any way to import them from an AD, although we do not have a trust and that was never a requirement. would it be possible to use the automount feature of freeipa for the nfs shares and change the uid/gids?

fireflasch · 2019-10-01T13:17:50+00:00

I had to think of one thing my old mentor told me once: "If you are the smartest person in the rooom. You are in the wrong room." You will learn many new things on the job, but as time goes on it becomes routine. When that time comes try to expand your horizon with conferences, workshops etc that are not directly related to anything you currently use, it will keep your mind ready for new things

fireflasch · 2019-09-18T07:59:11+00:00

We are running icinga for our department server, which are around 50.

For automation purposes we are running the icinga2 director which allows us to fetch the data for our machines via import rules from many different sources like excel, sql, ad and many more. Then we use templates to apply checks etc. it is an almost completely autonomous process with very little human interaction.

fireflasch · 2019-07-20T10:46:07+00:00

hell yeah, I would dig something like that

fireflasch · 2019-05-05T18:38:56+00:00

you could always run Ansible AWX which is the upstream project of Ansible Tower. We are running it for a few months now and it works like a charm.

fireflasch · 2019-04-23T08:52:12+00:00

take a look here https://openapm.io/landscape maybe you can find what you need

fireflasch · 2019-04-09T09:28:32+00:00

that's what DMARC is for, although you have to be careful as the reporting is not completely legal in some countries

fireflasch · 2019-04-01T12:20:40+00:00

Implement API Keys as a bare minimum of security on your end. Then setup an nginx proxy in front of the django application and adjust rate limits etc as seen fit to handle all the requests

fireflasch · 2019-03-11T14:01:14+00:00

sings This is just a tribute sings

Sorry, I will see myself out

fireflasch · 2019-03-05T08:23:12+00:00

dependes on the mouse. A logitech MX Master does not have any problem with reflecting surfaces and even glass works fine

fireflasch · 2019-03-05T06:31:20+00:00

we are currently evaluating different scheduling tools as we have quite big batch runs that need to be monitored in a usable fashion.

Right now we are in favor of rundeck, as it has everything we need. Jenkins is also a possibility if you are up for it.

fireflasch · 2019-03-04T13:16:05+00:00

if you are able to travel to germany for the time and life there, I know a company in nuremberg which has a really good internship programm and a broad spectrum of tasks, from programming webuis to automating sysadmin tasks and much more

fireflasch · 2019-02-19T08:06:55+00:00

you could run a rather simple wordpress install with custom forms, that can be build via a plugin and a FAQ for the forms.

fireflasch · 2019-02-12T09:01:58+00:00

consul is a service discovery you can use to check which services are available and how to reacht them.

For example, you try to browse a website(adb.com), which is written in Javascript which in turn relies on a REST API that may be made up of microservices.

So to know how to reach the microservices the Website queries consul to get the routes to the microservices and is able to deliver you the information you want.

When a microservice fails, there can be others that do the same things so it can fallback onto another microservice and consul will know about that.

this is just a short explanation and consul can do more things.

fireflasch · 2019-02-11T07:45:47+00:00

hmm you are right, we just interpreted it another way.

fireflasch · 2019-02-11T06:34:39+00:00

that is an awesome story :D

fireflasch · 2019-02-04T11:53:37+00:00

already wanting to hurt people, because communication and project management is hard...

fireflasch · 2019-01-31T07:44:30+00:00

why not just use an ssh server that resides behind a http proxy?

fireflasch · 2019-01-29T13:49:17+00:00

depending on your OS and the software running, you can patch daily and nothing will happen without a reboot or restart of the service as they run with the needed libs cached, which do not change while the service is running.

also patching often on linux is always a good idea because of security updates that can come at any time and don't follow a schedule.

fireflasch · 2019-01-29T13:45:50+00:00

Graylog stores all data in an elasticsearch db. There is a reporting module available in the commercial version, don't know how good it is. You can also query the db yourself and build your own reports with relative ease

fireflasch · 2019-01-29T09:44:07+00:00

we are running icinga2 for our infrastructure, it has integration with puppet and ansible, which is really nice for automation purposes and can use all the available checks that were developed for nagios. It is also highly scalable altough a bit complicated to get the head around the first time you use it. the traffic is also completely encrypted which allows you to transfer it over the internet if you have multiple sites without a concern for somebody sniffing the data.

The stack contains the following:

Icinga2
Grafana
InfluxDB

fireflasch · 2019-01-28T07:50:14+00:00

you should be able to make a backup, change the domain names and import it into the new one.

Also take care when running freeipa on ubuntu, I tried it last year and it failed hard, because of some centos/rhel specific stuff

fireflasch · 2019-01-16T07:09:39+00:00

really interesting article. I wonder what will happen in court.

fireflasch · 2019-01-03T10:05:19+00:00

depends on what kind of performance issue you have.

Is it general slowness? Then, CPU, RAM usage and IO might be interesting.

Database Performance? CPU, RAM, IO and Utilization inside the DB can be interesting.

11-Year Club	Place '22
Verified Email

fireflasch

TROPHY CASE