We covered SSH Authentication and Linux user management using OpenLDAP in an article, now wouldn't it be great if you could also manage sudo rules from a central place like an LDAP server? Luckily, sudo has support for this! This article will show you how to set this up within OpenLDAP and the sudo configuration on your Linux machine.
DevOPS is a collection of blog articles related to CI/CD, server management and the likes. It aims to improve the Development lifecycle and ease the burden of managing systems.
Reverse SSH tunneling is a powerful tool that can be used to securely forward ports to or from remote servers to your local machine. It is especially useful when you don’t have direct access to a remote server, such as in a cloud environment. By creating a secure tunnel between the remote server and your local machine, you can access services on the remote server as if they were running on your own machine.
I was thinking about migrating some cloud services into Terraform, but we seemed to have too many domains. So I wrote a small python script that takes a domain, then using doctl (the DigitalOcean command line) it extracts all current records. After that it outputs the file into tf and also gives a import command to import the current state in Terraform state.
Using a GoPro as a stream source over Wi-Fi? What about streaming from SLOBS to two Twitch channels at once? Having a dedicated recording machine? Streaming to multiple platforms? Maybe even host a LAN party with a commentary stream? You can use RTMP and a custom ingest for streaming. This way you are able to accomplish what you want. In this article, I will guide the setup and show examples for the different use cases. It can be a bit technical for most people, but I will be happy to help if you have questions.
The following script takes a Bind9 zonefile, gets all AAAA records from it and generated PTR records based on them.
What you need to do:
- Edit the Zone header in the script.
- Run the script with
This will output the zones on STDOUT. If you want to save this to a zonefile, you can use this example:
./generate_v6_ptr.sh /path/to/zonefile.zone > /etc/bind/ip6.arpa.zone
When you run an LDAP server you want to use it to authenticate as much as possible using this system, either to comply with security policies or make it easier for users to login using one authentication method. If you use the Apache2 webserver you can setup HTTP Basic authentication with LDAP. In this tutorial I will show how I accomplished this.
Thanks to the new VPC functionality in DigitalOcean can be used to provide Kubernetes with a static external IPv4. This can be handy in cases where you need to deal with IP whitelists, for example, if you use your Kubernetes cluster as a CI building tool. However, this requires some config setup and a privileged pod running on each node to automatically update the routes. This article will help guide you through the setup.
So you got an OpenLDAP server running? Great! Now you want to connect it to as many systems as possible to ease the burden of managing users and authorization. However, you also want to allow SSH key authorisation managed via a central place. Can LDAP be used for this? This article will help you get started to set this up in your organisation.