Managing Jenkins API Tokens

The problem

Api Tokens are like user passwords, except they are always managed by Jenkins (even if you're using an external authentication scheme), and can only be used for "API" actions (e.g. using curl).
The storage scheme of these tokens is a little weird - the stored value is ...

more ...

Managing AWS Security Groups with Piculet

The Problem

One of the first things I noticed when starting to work with AWS is that security groups are very hard to maintain:

  • Name and description are immutable - One can't modify the name/description of a Security Group after it's created
  • Groups contain magical constants - There is ...
more ...

Preparing Certificate files for Nginx

The Story

When installing SSL certificates for nginx, assuming you're using certificate hierarchy (and not a self-signed ceritificate), you're required to concatenate all of the certificate files (*.crt) to a single file, starting from your site's certificate up to the root certificate.
Today I got this bundle ...

more ...

Managing chef users with Chef

I needed to create seperate Chef accounts for some utility program running in my Chef server.
I was finally able to deprecate it today, but I saved those snippets because they're neat. These snippets use chef-server-ctl, which is a utility software included in Chef server's installation

The bits ...

more ...

Locking Down Jenkins' Authentication

Update 19.02.15

After posting my script in the Jenkins mailing list, I was told about a simpler way for implmenting my authorization strategy. I'm leaving this post because the things I learnt from developing the plugin are still valuable and may help someone someday.

The REAL solution ...

more ...

SSH vs OpenVPN for Tunneling

Update 28.01.16

I found some sites referring to this post. Below are the common complaints I saw, and my replies:

  • I'm criminally bad with setting up OpenVPN, meaning the testing is completely off
    I'm not an expert in networking, but I have a working knowledge of ...

more ...


My Pinning Guidelines

In my previous post about pinning I talked about the reasons to configure apt pinning.
This post details my logic about what and how to pin.

Pinning technicalities

How pinning is done

The best way to pin stuff is to add files in /etc/apt/preferences.d/
Those files are ...

more ...

Why Pinning

There are plenty of guides about apt pinning, but no one really explains the motivation to do so. It took me some time to understand that, so I thought I'd write it down.

The Issue

The mainstream method of downloading and installing packages from a repository is via APT ...

more ...