One of our customers uses a piece of software that depends on the MAC address of the running system. Unfortunately this application misbehaves when used on Amazon EC2 cloud computing. Therefore we have written a small piece of software called fakemac.

Today we ran into a problem where the data put in ActiveMQ by the puppetmaster seemed corrupted in some way. When running the puppet queue daemon on the foreground (with –debug –verbose –no-daemonize), we noticed messages like these: info: Loaded queued catalog in 22.16 seconds debug: Searched for resources in 0.31 seconds err: Could not […]

This post is mostly a collection of commands that can help in juggling around SSL certificates and associated files. Check SSL certificates and make sure they are what you think they are. Especially when things do not go as expected, these commands are handy to have around.

In our quest to automate even more, we have further automated our installations. We use Debian and don’t want to answer any (except for IP and hostname) question in the debian installer by hand. We’ve already pre-seeded the installer with a lot of answers, but the partitioning was always hard. Before, we formatted the first […]

As you probably know by now: We have our SSH and PGP-keys on a CryptoStick. But getting it to work used to be somewhat harder than it is now. So without further ado: The (almost) foolproof way to get SSH and PGP working with the CryptoStick in Ubuntu.

noVNC allows you to connect to a VNC server, using only a web browser with WebSockets. Unfortunately, WebSockets does not allow you to create arbitrary raw TCP connections. This is why we have written a rather compact noVNC proxy called wsproxy, which can connect to VNC servers within a whitelisted range of ports.

We are in the process of building the configuration for our monitoring system from exported resources (more on that in the future). To accomplish one of the checks we needed a way to identify the brand of RAID controller in our physical servers. The best way to do this is facter. We’ve written some custom […]

On our systems at Hetzner we only have a single /64 IPv6 range, which we use to assign addresses to virtual systems, running in Xen and KVM. Because we don’t directly bridge the virtual machines to the external interface, we have written a script that synchronizes Neighbor Discovery entries to the external interface.