Using stunnel to Encrypt Database Connections

Most RDBMS such as PostgreSQL and MySQL support TLS connections to encrypt the data on the wire between the application and the database. However there also seems to be applications here and there that don’t support TLS connections to the database server. ¬†Not the end of the world when your app is on the same server as the database server, but who does that? ūüėČ Read more

SSH – disable StrictHostChecking as well as writing key to known_hosts

I often do a lot of work with temporary Vagrant, Docker, VMs, and I don’t really want those host keys clogging up my ~/.ssh/known_hosts file. So I just add the following alias to my shell “rc” file. In my case, I use zsh so it’s ~/.zshrc :

alias ssh-nocheck="ssh -o 'StrictHostKeyChecking no' -o 'UserKnownHostsFile /dev/null'"

Viola!  Now all I need to is to use something akin to:

ssh-nocheck -p 2222 root@192.168.2.138

Hostname on AWS CentOS 7 EC2

I was setting up a shiny new CentOS 7 EC2 instance, but when I tried to set the hostname using all of the typical Linux-y ways, none of them stuck after a reboot.¬† It just kept going back to the default EC2 naming convention of ‘ip-172.31.x.x’.¬† Since I am still getting used to CentOS 7 and all of the stuff they changed from 6, I figured it was a CentOS 7 thing.¬† Not so…

Read more

Resizing my LVM based virtual disk

So I needed to upgrade my mail server but realized I only had 5GB of space left on the /opt partition and the upgrade complained about needing more than 5GB.¬† Not sure why I didn’t size the whole virtual disk a little bigger in the first place.¬† Also not sure why I didn’t set Zabbix to warn me when the disk space got that low.¬† Hindsight and all of that.¬† So following other’s recipes this is how I resized my LVM based virtual disk, and then subsequently resized the partitions within the VM.

Read more

Changing the MAC address / network name in Ubuntu/Debian

This one always gets me. With Debian & Ubuntu¬† I can never remember the @^!*% file that lists the association between the MAC address and the interface name (eth0, eth1, etc.).¬† If there is only one NIC, then it’s not a big deal, but with my servers with multiple NICs then my OCD kicks in and I like to have my ports in a nice orderly fashion.¬† For example, if I have three NICs in a server where one is the going to be the primary NIC, and then the other two are for LACP for storage, etc. then I like to make eth0 my primary and eth1/2 my bonded interface. Read more

Automagic Bridged Networking Under *Ubuntu (and maybe Debian?)

I use Virtualbox for all of my virtual machining needs.¬† For some of my guest vms I like to use “host” networking, meaning that essentially the vm will share the hosts network adapter using a¬†bridge and a TAP interface on the host computer to perform its virtual networking magic.¬† However, it can be a little more tricky to setup than using Virtualbox’s other type of networking, NAT.

However, with two packages “bridge-utils” and “uml-utilities” the chore of setting up a bridge interface on Ubuntu (and maybe even Debian) is almost pain free. Read more

Ubuntu and mount.cifs

Using SMB/CIFS under Nautilus was too slow. For Windows shares that I use regularly I figured it would be faster and easier to have the share mounted permanently as part of the file system. This also has the benefit of all Linux programs being able to access the files, not just Gnome based apps. Here is how I mounted a R/W Windows share under Linux. Read more