DevOPS

This document will get you step by step through the generation of a GPG smartcard key, with the correct subkeys for use on a smartcard like OpenPGP smartcard or the Yubikey. This will also allow you to use your GPG Authentication subkey for SSH support.

The following script takes a Bind9 zonefile, gets all AAAA records from it and generated PTR records based on them.

What you need to do:

1. Edit the Zone header in the script.
2. Run the script with ./generate_v6_ptr.sh /path/to/zonefile.zone

This will output the zones on STDOUT. If you want to save this to a zonefile, you can use this example: ./generate_v6_ptr.sh /path/to/zonefile.zone > /etc/bind/ip6.arpa.zone

When you run an LDAP server you want to use it to authenticate as much as possible using this system, either to comply with security policies or make it easier for users to login using one authentication method. If you use the Apache2 webserver you can setup HTTP Basic authentication with LDAP. In this tutorial I will show how I accomplished this.

Thanks to the new VPC functionality in DigitalOcean can be used to provide Kubernetes with a static external IPv4. This can be handy in cases where you need to deal with IP whitelists, for example, if you use your Kubernetes cluster as a CI building tool. However, this requires some config setup and a privileged pod running on each node to automatically update the routes. This article will help guide you through the setup.

So you got an OpenLDAP server running? Great! Now you want to connect it to as many systems as possible to ease the burden of managing users and authorization. However, you also want to allow SSH key authorisation managed via a central place. Can LDAP be used for this? This article will help you get started to set this up in your organisation.