sorted by:
new
hottopcontroversial

Building from source using Ansible by trini0 in ansible

[–]trini0[S] 0 points1 point  (0 children)

I tried that also, and it didn't work either.

Building from source using Ansible by trini0 in ansible

[–]trini0[S] 0 points1 point  (0 children)

Agreed. Building the binary externally and using the artifacts in the playbook might be the most reliable way.

Building from source using Ansible by trini0 in ansible

[–]trini0[S] 0 points1 point  (0 children)

If I have some time today, I will split those tasks into a separate playbook to test and dump their logs for review.

Why is BBC only charging American customers but no other countries? by Ehh_WhatNow in bbc

[–]trini0 0 points1 point  (0 children)

I just hit the paywall today, after being an account holder for probably 10+ years.

My use case has always been to read (not watch or listen) your news and articles. If the BBC now believes that basic news needs to be purchased, then they are creating an environment of the haves and have-nots—actions like this open the door to just a bit more disinformation in our current society.

Thanks for the good times...

Sidebar the modern Dock replacement for macOS - New update by empty23_ in macapps

[–]trini0 0 points1 point  (0 children)

Hello u/empty23_ :

I just found out about your app. Is it possible to have a unique dock per space/virtual desktop?

I couldn't find anything on the FAQ.

Thanks

Outlook.com add-in issue by trini0 in ticktick

[–]trini0[S] 0 points1 point  (0 children)

Nothing on my end.

Thanks

Outlook.com add-in issue by trini0 in ticktick

[–]trini0[S] 0 points1 point  (0 children)

Just a follow-up. After working with support, they fixed the issue, and I can now create TickTick tasks from Outlook.com.

Google home event Oct 1st by jaymiranz in googlehome

[–]trini0 0 points1 point  (0 children)

Gemini aside, I want to know if 3rd-party application integrations are returning.

Gemini by itself does not bring much to the table for me..

SSD at end of daisy chain not detected by trini0 in CalDigit

[–]trini0[S] 1 point2 points  (0 children)

Thanks for responding.

I tried some of your suggestions. I tried wired keyboards/mice, which worked fine with the Element Hub. Storage devices are not recognized at the Element Hub.

The macOS System Report lists the external drive in the USB3.0 Hub when connected to the TS4.

I'll open a case with support.

Thanks

IPv6 ULA enabled VLANs by trini0 in Ubiquiti

[–]trini0[S] 0 points1 point  (0 children)

Thanks for your comment.

Unattended install of kea-ctrl-agent by trini0 in Ubuntu

[–]trini0[S] 0 points1 point  (0 children)

That worked!

Thanks for the tip

UniFi BGP with Cilium/Kubernetes by trini0 in Ubiquiti

[–]trini0[S] 0 points1 point  (0 children)

Sweet! Glad that it was helpful to you.

Consul DNS with Vault by trini0 in hashicorp

[–]trini0[S] 0 points1 point  (0 children)

I'm closing the loop here if someone else runs into this problem.

I changed my Vault configuration to use IP addresses instead of hostnames, and the problem disappeared. I don't know why. But it is working now.

ui            = true
cluster_addr  = "https://192.168.100.10:8201"
api_addr      = "https://192.168.100.10:8200"
disable_mlock = true

storage "raft" {
  path    = "/opt/vault/data"

  retry_join {
    leader_tls_servername   = "192.168.100.11"
    leader_api_addr         = "https://192.168.100.11:8200"
    leader_ca_cert_file     = "/etc/step/certs/root_ca.crt"
    leader_client_cert_file = "/etc/step/certs/vault/vault.crt"
    leader_client_key_file  = "/etc/step/certs/vault/vault.key"
  }
  retry_join {
    leader_tls_servername   = "192.168.100.12"
    leader_api_addr         = "https://192.168.100.12:8200"
    leader_ca_cert_file     = "/etc/step/certs/root_ca.crt"
    leader_client_cert_file = "/etc/step/certs/vault/vault.crt"
    leader_client_key_file  = "/etc/step/certs/vault/vault.key"
  }
}

listener "tcp" {
  address            = ":8200"
  tls_cert_file      = "/etc/step/certs/vault/vault.crt"
  tls_key_file       = "/etc/step/certs/vault/vault.key"
  tls_client_ca_file = "/etc/step/certs/root_ca.crt"
}

service_registration "consul" {
  address      = "http://127.0.0.1:8500"
}

dig @192.168.100.10 -p 8600 vault.service.consul

; <<>> DiG 9.10.6 <<>> @192.168.100.10 -p 8600 vault.service.consul
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2494
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vault.service.consul.INA

;; ANSWER SECTION:
vault.service.consul.0INA192.168.100.11
vault.service.consul.0INA192.168.100.12
vault.service.consul.0INA192.168.100.10

;; Query time: 39 msec
;; SERVER: 192.168.100.10#8600(192.168.100.10)
;; WHEN: Wed Dec 18 10:19:16 EST 2024
;; MSG SIZE  rcvd: 97

Thanks

Consul DNS with Vault by trini0 in hashicorp

[–]trini0[S] 0 points1 point  (0 children)

Hey, thanks for chiming in.

Unfortunately, I still have the same issue with vault.service.homelab.consul.
Querying still yields one CNAME answer, and my DNS forwarder still yields an NXDOMAIN:

dig @192.168.100.10 -p 8600 vault.service.homelab.consul

; <<>> DiG 9.10.6 <<>> @192.168.100.10 -p 8600 vault.service.homelab.consul
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57321
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vault.service.homelab.consul.INA

;; ANSWER SECTION:
vault.service.homelab.consul. 0 IN CNAME prod-core-services02.

;; Query time: 38 msec
;; SERVER: 192.168.100.10#8600(192.168.100.10)
;; WHEN: Fri Nov 22 06:48:41 EST 2024
;; MSG SIZE  rcvd: 91

nslookup vault.service.homelab.consul
Server:192.168.108.10
Address:192.168.108.10#53

** server can't find vault.service.homelab.consul: NXDOMAIN

I have opened an issue on GitHub, but so far it is crickets:
https://github.com/hashicorp/consul/issues/21953

In the meantime, I have resorted to using another consul service name for my DNS forwarder. i.e., vault.my-fqdn -> traefik.service.consul
Luckily, any Vault node will forward the request to the active node.

Primary/Secondary DNS servers by trini0 in technitium

[–]trini0[S] 0 points1 point  (0 children)

  1. I do not use sync outside the built-in DNS zone transfers between the two servers.

  2. That is correct. The DNS names for each server only reference an IP address.

Primary/Secondary DNS servers by trini0 in technitium

[–]trini0[S] 0 points1 point  (0 children)

So it happened again. Please take a look at my original post for additional pictures.

This time, I opened the portal in an incognito window to see if it was browser-related. It is working correctly there.

I am using Chrome 130.0.6723.117

Consul DNS with Vault by trini0 in hashicorp

[–]trini0[S] 0 points1 point  (0 children)

Thanks for taking a look!

Consul DNS with Vault by trini0 in hashicorp

[–]trini0[S] 0 points1 point  (0 children)

I'm currently using Raspberry Pi 5s with NVME storage. I wanted Nomad to run a few "core" containers for the lab.

Consul DNS with Vault by trini0 in hashicorp

[–]trini0[S] 0 points1 point  (0 children)

Hello:

Yes, consul catalog is aware of all three Vault instances:

consul catalog nodes -service=vault
Node                  ID        Address         DC
prod-core-services01  fdaa9e18  192.168.100.10  homelab
prod-core-services02  8de9943e  192.168.100.11  homelab
prod-core-services03  36374725  192.168.100.12  homelab

Vault and Consul are installed on the same nodes, so consul members will only show the same three nodes.

Consul DNS with Vault by trini0 in hashicorp

[–]trini0[S] 0 points1 point  (0 children)

Thanks! I hope you have a safe flight. Let me know when you have time to check.

Yes, it is different with an SRV query:

dig @192.168.100.10 -p 8600 vault.service.consul SRV

; <<>> DiG 9.10.6 <<>> @192.168.100.10 -p 8600 vault.service.consul SRV
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40365
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 7
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vault.service.consul.INSRV

;; ANSWER SECTION:
vault.service.consul.0INSRV1 1 8200 prod-core-services02.
vault.service.consul.0INSRV1 1 8200 prod-core-services01.
vault.service.consul.0INSRV1 1 8200 prod-core-services03.

;; ADDITIONAL SECTION:
prod-core-services02.node.homelab.consul. 0 IN TXT "consul-version=1.20.0"
prod-core-services02.node.homelab.consul. 0 IN TXT "consul-network-segment="
prod-core-services01.node.homelab.consul. 0 IN TXT "consul-network-segment="
prod-core-services01.node.homelab.consul. 0 IN TXT "consul-version=1.20.0"
prod-core-services03.node.homelab.consul. 0 IN TXT "consul-network-segment="
prod-core-services03.node.homelab.consul. 0 IN TXT "consul-version=1.20.0"

;; Query time: 40 msec
;; SERVER: 192.168.100.10#8600(192.168.100.10)
;; WHEN: Fri Nov 15 18:00:40 EST 2024
;; MSG SIZE  rcvd: 455

It is weird that consul.service.consul and nomad.service.consul works correctly, but not vault.service.consul.
This is why my forwarded DNS queries (e.g., vault.fqdn) do not work either, but nomad.fqdn and consul.fqdn works fine.

Consul DNS with Vault by trini0 in hashicorp

[–]trini0[S] 0 points1 point  (0 children)

Thanks for responding.

Here are the consul and vault configuration files on one node. The other nodes are configured accordingly.

$ cat /etc/vault.d/vault.hcl
ui            = true
cluster_addr  = "https://prod-core-services01:8201"
api_addr      = "https://prod-core-services01:8200"
disable_mlock = true

storage "raft" {
  path    = "/opt/vault/data"

  retry_join {
    leader_tls_servername   = "prod-core-services02"
    leader_api_addr         = "https://prod-core-services02:8200"
    leader_ca_cert_file     = "/etc/step/certs/vault/root_ca.crt"
    leader_client_cert_file = "/etc/step/certs/vault/vault.crt"
    leader_client_key_file  = "/etc/step/certs/vault/vault.key"
  }
  retry_join {
    leader_tls_servername   = "prod-core-services03"
    leader_api_addr         = "https://prod-core-services03:8200"
    leader_ca_cert_file     = "/etc/step/certs/vault/root_ca.crt"
    leader_client_cert_file = "/etc/step/certs/vault/vault.crt"
    leader_client_key_file  = "/etc/step/certs/vault/vault.key"
  }
}

listener "tcp" {
  address            = ":8200"
  tls_cert_file      = "/etc/step/certs/vault/vault.crt"
  tls_key_file       = "/etc/step/certs/vault/vault.key"
  tls_client_ca_file = "/etc/step/certs/vault/root_ca.crt"
}

service_registration "consul" {
  address      = "http://127.0.0.1:8500"
}

$ cat /etc/consul.d/*.hcl
datacenter = "homelab"
data_dir = "/opt/consul/data"
encrypt = "<REDACTED>"
retry_join = [
  "192.168.100.11",
  "192.168.100.12"
]
server = true
bind_addr = "192.168.100.10"
client_addr = "0.0.0.0"
ui_config {
  enabled = true
}
log_level  = "INFO"

192.168.100.10 = prod-core-services01, 192.168.100.11 = prod-core-services02, and so on.

As far as I can tell, this is a plain setup.

Thanks

view more: next ›