gitlab ci for puppet control-repo – a test suite

There’s lots of content already out there about puppet CI testing; this is what I initially came up with using GitLab CI, and with various other improvements such blogged about previously in posts tagged gitlab-runner such as:

  • Separate rake files. A lot of examples I found had very long complicated rake files to define different ‘subroutines’ that could then be called. For the beginner, a three line rake file that does one job is easier to understand and maintain.
  • Less litter in root of the git repo.

Running under a shell executor initially, this is my CI setup.

# ci/definition.yml before_script: - /bin/bundle install --gemfile=ci/Gemfile stages: - syntax - lint - git lint: stage: lint script: - BUNDLE_GEMFILE=ci/Gemfile /bin/bundle exec rake --rakefile ci/rakefile_lint lint syntax-manifests: stage: syntax script: - BUNDLE_GEMFILE=ci/Gemfile /bin/bundle exec rake --rakefile ci/rakefile_syntax syntax:manifests syntax-templates: stage: syntax script: - BUNDLE_GEMFILE=ci/Gemfile /bin/bundle exec rake --rakefile ci/rakefile_syntax syntax:templates syntax-hiera: stage:…

View original post 464 more words

Systemd display services as graphic

Systemd have loots of tools to analyses boot performance on your system. If you want this to display graphical then use this command.

We want to display the bluetooth stack.

systemd-analyze dot 'bluetooth*' | dot -Tsvg > blue.svg
Systemd bluetooth overview

If you want to see the complete boot sequence from systemd use this command.

systemd-analyze plot > complete_systemd_boot.svg

Twitch 4000 error on Suse Linux

What a heck. Installed a fresh Suse tumbleweed and Twitch is not running. All Browsers have an error 4000.

You must install some codecs. How it works?

openSUSE Tumbleweed:

sudo zypper addrepo -cfp 90 '' packman

openSUSE Leap:

sudo zypper addrepo -cfp 90 '$releasever/' packman
for all systems the same command

sudo zypper refresh
sudo zypper dist-upgrade --from packman --allow-vendor-change
sudo zypper install --from packman ffmpeg gstreamer-plugins-{good,bad,ugly,libav} libavcodec-full vlc-codecs

thats it

found here

Cisco VPN server alternative

You are tired from openvpn performance issues. You want to use more opensource software? You wan to replace your Cisco ASA but don’t want to give up annyconnect VPN client software?
You want a reliable VPN server for your business? I found a solution for your requirements.

OpenConnect VPN Server called OCSERV

You can use the AnnyConnect client to dial in to OCSERV VPN server or openconnect VPN client.

On Debian/Ubuntu
apt install ocserv

You have installed the VPN Server but in Enterprise enviroments that is not enough for security. You want to use this for hundred or thousand of employees.

I want to show you my configuration of OCSERV and RADIUS integration with Privacyidea a two factor opensource solution.

If you want to use OCSERV with RADIUS please read this first

You have to compile radcli from source first without this you have no RADIUS functionality.

Look at for the latest version

How to compile

Fill the information for your radius server under


nas-identifier fw01
servers /etc/radcli/servers
dictionary /etc/radcli/dictionary
radius_timeout 10
radius_retries 3
bindaddr *

cat /etc/radcli/servers

# Server Name or Client/Server pair            Key             
## ----------------                             ---------------
#                       hardlyasecret                      donttellanyone
## uncomment the following line for simple testing of radlogin
## with freeradius-server
#localhost/localhost                            testing123
# yourradiussecrectkey

After you have compile radcli on the system you can choose to install ocserv from the distribution repository or to compile it from source. I have use the repository from the distribution.

add following to the


auth = “radius[config=/etc/radcli/radiusclient.conf,groupconfig=true]”

Fixing some errors…

custom-header = “X-CSTP-Client-Bypass-Protocol: true”

Add your own certificate for your domain

server-cert =
server-key =

VPN Pool

ipv4-network =
ipv4-netmask =

Add route to network that you want to reach form the vpn server


step by step Windows Server 2019 File Server clustering With powershell or GUI #Cluster #HA #Azure #WindowsAdminCenter #WindowsServer2019

Robert Smit MVP Blog

Next step is adding the File server Role to the Cluster and add the HA File Share.

In this case I have a fail over disk and I use the File Server for general use.

So when adding the Disk it is not showing the disk. This is The disk is added to the cluster but the disk isn’t formatted!

Keep in mind that formating the cluster disk while it is online is not possible. You need to set the disk in maintenance mode else the format will fail.

So after the disk format we will see the Disk appear and can be added to the File server

After this the File server is up and running. As you can see the setup is screen intense, building this with PowerShell is a lot faster.


Next step is adding the file share.

go for the Quick setup

Pick the disk…

View original post 261 more words

Installing Linux into a 286 laptop from the year 1989


Ever wondered what useful things you could do with a 32 year old laptop? Well, this is one option:

In this project I added a Raspberry PI Zero to the insides of the laptop. Both are connected via a serial link and can exchange data via it. You could use this for several applications:

  • Using the 286 with a terminal emulator as an interface to the Linux of the Raspberry PI. This way you can do the typical Linux shell stuff on a retro machine. With this you are quite far up on the hipster level 🙂
  • Connecting the DOS on the 286 to the Internet
  • Transferring files to the DOS filesystem

Terminal emulator

On the 286 side you need to install MS-DOS Kermit:

On the Raspberry side there is nothing to do. So this is really easy to setup.

Connecting DOS to the internet

The setup needed for…

View original post 86 more words

nsx-t password expiration

VMware NSX-T has a preconfigured password expiration policy of 90 days.
Attention you lower your security standards if you never change your password.
Same procedure for nsx-t edge nodes the same.

clear user admin password-expiration
clear user root password-expiration
clear user audit password-expiration

I think it is better you change your password once a year

set user admin password-expiration 365
set user root password-expiration 365
set user audit password-expiration 365

Seafile with Office Online Server

You can use Office Online Server with Seafile. How to install OOS you can read it here.

Config File for Seafile

vim /opt/seafile/conf/

# Enable Office Online Server

# Url of Office Online Server's discovery page
# The discovery page tells Seafile how to interact with Office Online Server when view file online
# You should change `` to your actual Office Online Server server address

# Expiration of WOPI access token
# WOPI access token is a string used by Seafile to determine the file's
# identity and permissions when use Office Online Server view it online
# And for security reason, this token should expire after a set time period

# List of file formats that you want to view through Office Online Server
# You can change this value according to your preferences
# And of course you should make sure your Office Online Server supports to preview
# the files with the specified extensions
OFFICE_WEB_APP_FILE_EXTENSION = ('ods', 'xls', 'xlsb', 'xlsm', 'xlsx',
    'ppsx', 'ppt','pptm', 'pptx', 'doc', 'docm', 'docx')

# Enable edit files through Office Online Server

# types of files should be editable through Office Online Server
# Note, Office Online Server 2016 is needed for editing docx
OFFICE_WEB_APP_EDIT_FILE_EXTENSION = ('xlsx', 'pptx', 'docx')

restart seahub service

found here