Cleaning up the Systemd journal (The correct way)

With the move from sysvinit to systemd, there were lots of small but important changes to the Linux ecosystem. One of them was the move from traditional syslog daemons to Systemd Journald. Now I’m not going to say this is a good or bad thing, as it entirely depends on your old habits and new optimism. What it does mean is a move to a faster and more flexible system log format but at the cost of some added complexity.

Stop Putting Your SSH Keys on Github!

Hot take: Stop putting your ssh keys on GitHub!!! For that matter, stop putting your keys in any kind of repository. Seriously, your private keys are private for a reason. Okay, let’s back up a little here. This morning some articles made their rounds about Cisco distributing network device firmware with keys and certs embedded in them. Now that happens all the time (ugh) but in this particular case, they were the keys of presumably a Huawei employee.

Scaling out with CephFS and KVM - The Basics

I have, for a long time, been fascinated and terrified by “Virtual SAN” solutions. The idea of combining storage and compute seems on the surface very attractive. It allows us to scale out our storage and compute together or separately in relatively small and affordable units, helping avoid the sticker shock of the upfront cost of storage systems. And as somebody especially prone to capex-phobia, that really is a great solution.

Doing network authentication properly!

I don’t like Microsoft NPS. That’s not to say that it’s a very convenient server role, which it absolutely is, or that it doesn’t have a place, which it sort of does. It’s just that it’s almost always, in my own opinion, a better idea to go with another option. So what’s wrong with using NPS? Requires a full windows license. Personally, I have an aversion to throwing away money, even if it’s somebody else’s money.

Retrieving WPA2 Keys on Windows

Ever wanted pull up the password for a WiFi network your computer remembers but you don’t? If you’re anything like me, the computer remembers far more than I do. Luckily, Windows not only stores these keys in plaintext, but some of them can even be retrieved without administrator access! (Is that good? I think it is but something tells me it might not be…) And of course, let’s go one step further and make a neat little script to pull out all of these keys and present them in a convenient way.

MDT and Linux: It's Free Real Estate

No, I would not like to say hello, Cortana. Nothing is as monotonous, boring, and brain-numbingly automatable as installing Windows, installing applications, joining a domain, and clicking all the right boxes in all the right places. And it’s even worse in the latest versions of Windows 10, where we’re greeted by the condescending robot voice of Halo’s deceptive antagonist artificial intelligence during the OOBE setup phase. I’ve taken a particular liking to MDT, Microsoft’s solution to the absolute eye-glazing snorefest of configuring a new workstation or server.

Orca: Biting Off More Than We Can Chew

Deploying MSI installers with group policy is super neat and super handy…. Most of the time. Sometimes, though, you need a bit more than just the default options when pushing out packages, and for those of us that don’t have a wheelbarrow full of money to burn on System Center there are two ways to do this: Use a GP Preference Item to distribute a configuration file to managed systems Create a transform set to apply to the MSI installer file While the first approach at first seems more straightforward, it does lead to the inevitable “GPO Spaghetti” once packages are added and removed.

The Inflatable Dinghy

Preface: Don’t do this on prod gear. This is a bad idea! I’ve long been a fan of automated deployment. During the fourth semester technical project at Fanshawe, I had a wonderful domain tree with OUs and global groups, group policies and delegated permissions. It was truly a nice domain. It just…. Felt a little lonely. Enter PowerShell. Using a fairly simple script, I was able to cozy up the domains with the right users in the right places.

Configuration Station

Cisco IOS. It’s fun to configure, isn’t it? No? In an effort to learn Python scripting, I decided to take a bit of the monotony of managing and updating IOS config files away and replace it with the monotony of managing and updating spreadsheets! The real goal with this project was to design a ‘gitops’ system for periodically checking configs against baselines and build a stripped down orchestration platform. This turned out to be a little ambitious, but I’m fairly happy with the results regardless.

Homebrew SAN

Everybody and their aunt has a NAS at home, but what about something with a bit more pizzazz? How about if I build a system out of standard, off the shelf, ‘surplus sale’ gear and spin it into a really neat storage appliance? The Gear At Fanshawe College, the ‘Asset Sale’ is a proud tradition. IT students line up around the block to get good deals on retired and scratch-and-dent electronics.

Getting Cloudy

In 2018 I decided to stop worrying and embrace the cloud. Here’s how. Throughout the process, my focus was on low cost and simplicity, and I must say, this was a truly valuable experience. Getting a domain First stop was buying my domain. I opted to buy from Namecheap thanks to the student deals they have. Next stop was moving the domain somewhere better. Not to insult Namecheap, they’re a decent registrar.

Contact

Noah Bailey London, Ontario, Canada Connect with me on LinkedIn See some of my work on GitHub noah@nbailey.ca

About

Education Fanshawe College Computer Systems Technology adavanced diploma (2015-2018) Presidents List - 4.0+ Cumulative GPA Experience Sensory Technologies - Sysadmin & Tier II Support Early 2019 to the present Healthcare industry startup. Linux administration, automation, configuration management. Supporting a widespread and diverse system. Big Blue Bubble - IT Specialist Co-op: Sep-Dec 2017, May-Aug 2018 Server and network administration, system upgrades, user support. Advanced janitorial duties to sysadmin and everything in between.