Sometimes you are gonna create a service principal on Azure Cloud that will manage some applications or automate some tasks. For example you might use a service principal to upload backups on Azure Storage. A service principal can be created with either password or a certificate but it has an expiration date by default. This means that in order to ensure that you can use your service principal and perform tasks you have assigned to it you have to change the password of certificate from time to time. I have created a simple script that uses azure-cli to check when the password or certificate expires. It can be executed via cron or a monit check and notify you.
Expanding an unmanaged disk on Azure linux VM
I have been working on a new project where our VMs are hosted on Microsoft Azure cloud. The default OS disk size for most Linux distros in Azure is 30GB. We needed more space so instead of adding a new virtual disk I ‘ve found out that it is possible to expand the OS disk. When the VMs were initially launched they were launched with unmanaged disks.
You should have in mind that if you need to resize the OS disk that:
- You will need to stop the VM in order to resize the disk
- You can not shrink the disk once you had it expand. Disk size reduction is not supported
In the following example the disk of VM will be resized from 30GB to 300GB.
Force SSL on phpMyAdmin for versions greater than 4.6.0
phpMyAdmin is a great tool written in PHP intended to handle the administration of MySQL or MariaDB with the use of a web browser. For security reasons I have been using it over https. Till version 4.6.0 you could force using https instead of http with just configuring the config.inc.php
Executing multiple git post-receive hooks on git/gitolite server
In a past post of mine called Integrate git/gitolite server with slack I have mentioned how you could add a hook to your git/gitolite repository that would notify a slack channel about pushes made on your git server. But what about when you need to have multiple post-receive git hooks?
KVM guests and synhronizing clock
I was launching a couple of Ubuntu 14.04 KVM guests and I ve noticed that time was wrong. OK I thought, a simple ntpdate command and ntp service enabled will fix the issue. Made a reboot of the guest host and show that the time was ok. Then I destroyed the guest and when I checked the time it was wrong. This can’t be right, I thought, and started researching what might be the issue. What I found is that KVM guests should always consider their hardware clock in UTC time while my guests configuration was in local time.
Unset/Remove apache’s X-Powered-By header in ubuntu
When a browser send a request to an apache web server, apache will send back the response data as well as response headers. You can check what kind of headers are send back with curl command.
$ curl -I http://mysite/
or if the site is on https
$ curl -Ik https://mysite/
Date: Mon, 07 Dec 2015 10:12:52 GMT Server: Apache X-Powered-By: Phusion Passenger (mod_rails/mod_rack) X.X.XX Cache-Control: no-cache
How to issue SSL certificate with Subject Alternate Names for private chef server
I was trying to migrate a private chef server from ubuntu 12.04 to ubuntu 14.04 . I thought that it would be great to use Alternate Names in the certificate that I would be issuing. The certificate would be self signed but one of the issues I have faced was that ssl verification failed from the client and as reported by knife ssl check.
Integrate git/gitolite server with slack
In a project I have been working due to lack of funds we have been using our own git central server and not github or bitbucket. Access control is managed by gitolite. Our team is using slack as a collaboration tool. What we would like is when a developer pushes back to our repository/repositories then every developer is notified through slack.
Issue with vagrant-berkshelf plugin and upgrading chefdk
Running test-kitchen with other than .kitchen.yml configuration file
Till now I have been testing my chef cookbooks using kitchen on my laptop, which means that it’s done with vagrant and virtualbox as its provider. One of the things I wanted to try is to add jenkins in the whole process. I can only have a jenkins server as a KVM guest so this means that I can not have virtualbox as vagrant’s provider since VirtualBox can not run inside KVM.