About

Hi there! I'm Remy, a Linux/UNIX sysadmin, my primary focus is on building high available cloud environments in OpenStack, Amazon, Microsoft Azure or on premise with Ansible and Terraform (or any other configuration management tool). My keywords are OpenStack, cloud, virtualization, high availability, scaling and clustering, security, (Open)SSL, Python, Powershell, Bash and general linux/UNIX system administration. Besides that I also develop software in Python.

I currently work for VolkerWessels, the largest Dutch civil engineering construction company as an (Azure) cloud specialist.

I've worked as a sysadmin (in a devops role) for the Erasmus University Medical Center (a large hospital and medical university in Rotterdam), Digidentity (a Dutch certificate authority, the company that develops DigiD and other Ruby on Rails applications), CloudVPS (an OpenStack Cloud provider, ISP, managed service provider and datacenter) and a few other smaller companies. I like to design, build, document and manage large, complex and high available systems. I'm a team player that loves to work with configuration management tools and version control systems. If I do something more than three times I automate it. Planning, documentation, monitoring and backups are things I do first, not when the time allows it later. Last but not least I have an interest in legacy systems like the PDP-11, PDP-8 and operating systems like OpenVMS, HP-UX and old UNIX systems.

To contact me, see my resume, get my GPG or S/MIME key see the about page.

This is my personal website, please do note that these articles do not reflect or are based on work, opinions or policies of any of my (previous) employers. Any resemblance to reality is pure coincidence.

This site started in 2006 as my form of (public) documentation. It has grown to include software, tutorials, snippets and articles on linux/UNIX, system administration and everything related with over 10.000 unique visitors a day as of 2018-06. The URL is the phonetic way you say my name (Ray-Mii), since non-Dutch speakers always have trouble with the correct pronunciation.


Latest Items

Syslog configuration for remote logservers for syslog-ng and rsyslog, both client and server

21-06-2018 | Remy van Elst

Syslog is the protocol, format (and software) linux and most networking devices use to log messages. All kinds of messages, system, authentication, login and applications. There are multiple implementations of syslog, like syslog-ng and rsyslog. Syslog has the option to log to a remote server and to act as a remote logserver (that receives logs). With a remote logging server you can archive your logs and keep them secure (when a machine gets hacked, if root is compromised the logs on the machine are no longer trustworthy). This tutorial shows how to set up a syslog server with rsyslog and syslog-ng and shows how to setup servers as a syslog client (that log to a remote server) with syslog-ng and rsyslog.

Read more...

snap install mosaic, the first graphical webbrowser on Ubuntu

14-06-2018 | Remy van Elst

On one of my favorite podcasts from Jupiter Broadcasting, either Linux Action News or Linux unplugged (252 I think, not sure), Allan Pope was talking about Snap packages and how there are now WinePacks, a snap with Wine and a single (Windows) application packaged. During the discussion he dropped that Mosaic, the first graphical web browser, is available as a snap package, for modern distributions. I installed it, after huge download (1.5 MB), playing around with it is quite fun. In this post I'll discuss how to install it, what works and what doens't in the modern age on Ubuntu 18.04

Read more...

Chrome 68 is depcrecating HPKP (HTTP Public Key Pinning)

12-06-2018 | Remy van Elst

In 2014 I published an article on HPKP, http public key pinning. It allows a site operator to send a public key in an http header, forcing the browser to only connect when that header is found. It was ment to redice the risk of a compromised certificate authority (since any CA can create a certificate for any website). Quite secure, but it was often wrongly configured, forgotten until certificates expired and there were some security issues like a false pin. Late 2017 Google announced that HPKP would be removed in Chrome 68 and that version is released now, so HPKP is no longer supported. This post goes into the reasoning behind the removal, the possible replacement (Expect-CT) and how to remove HPKP from your site.

Read more...

That time when one of my HP-UX servers lost half of it's RAM (and how to connect to an HP iLO 2 with modern OpenSSH (7.6+))

06-06-2018 | Remy van Elst

One of my favorite sayings is: 'Hardware is stupid, move everything to the cloud!'. The cloud is just someone elses computer, but at least I'm not responsible for the hardware anymore, since hardware breaks. When a VM breaks, because you use configuration management and version control, just roll out a new one. We all know that's not true, but still, the thought of it is nice. Last week one of the HP-UX machines had a failing disk and this week it's back with a whole new issue. After it was rebooted (due to issues with the services running on it), the Event Monitoring Service (EMS) sent an email regarding RAM issues and after manual checking it seems the machine lost half of it's RAM. It should have 16 GB and now it only has 8 GB. You might imagine my suprise. This post goes into my troubleshooting, since I was not able to go to the machine, shut it down and check if the RAM was still there. I'll cover the use of cstm (Support Tool Manager), how to connect to the HP iLO (out of band access) with modern OpenSSH (7.2) and the steps I took to gather information on what might have happened.

Read more...

GPG noninteractive batch sign, trust and send gnupg keys

01-06-2018 | Remy van Elst

Recently a team I consult for started using a shared password manager, pass. It uses GPG keys and presents itself as the standard unix password manager, but in essence it's nothing more than a wrapper around GPG encrypted files. We all had to generate new keys since the team is new and we were not allowed to use existing keys. Using a new, empty keyring, I generated my key and imported their keys. I wanted to trust, sign and publish all keys to a keyserver, this article shows how to do that noninteractively in batch form. Saves me doing the same thing four times, since now it's just four people, but next time it might be a hundred.

Read more...

HP-UX 11.31 System information & find out part number of a failed disk with sasmgr

18-05-2018 | Remy van Elst

On one of my regular scheduled datacenter visits one of the older HP-UX Itanium machines had an orange light on the front. These systems are not (yet) monitored, but still in use so the disk had to be replaced. Not knowing anything about this system or which parts were used, I managed to find the exact part number and device type so we could order a spare. This small guide uses sasmgr to get the data on HP-UX 11.31.

Read more...

Icinga2 / Nagios / Net::SNMP change the default timeout of 60 seconds

16-05-2018 | Remy van Elst

Recently a rather large amount of new infrastructure was added to one of my monitoring instances. Using SNMP exclusively, but not the fastest network or infrastructure. The SNMP checks in the Icinga2 instance started giving timeouts, which look like false positives and give unclean logs. Raising the SNMP timeout for the checks above 60 seconds was not that easy since the 60 second timeout is hardcoded in the underlying library (NET::SNMP). This article shows you how to raise that timeout on an Ubuntu 16.04 system.

Read more...

Multiple passwords for one user, UIC uniqueness and the system password on OpenVMS

13-05-2018 | Remy van Elst

In the book I bought about OpenVMS for the previous post on filesystems, 'Getting Started with OpenVMS by M. Duffy', I've read a few interesting things in the chapter that introduces user accounts and system login. Namely that a user can have multiple passwords, that user ID's are not unique and that there can be a system password. This article goes in to those three topics.

Read more...

Mount ISO and execute scripts on OpenVMS

08-05-2018 | Remy van Elst

I'm playing around with OpenVMS on Alpha using a trial of AlphaVM Basic, but was not able to copy paste in my Hobbyist License. I suspect Putty pasting too quickly, so I had to get the license script on the OpenVMS, without using the network. In this article you'll learn some OpenVMS filesystem history, how OpenVMS handles line endings and in the end I get my license installed by creating an ISO with the script on it.

Read more...

File locking, grep and process killing on OpenVMS

06-05-2018 | Remy van Elst

On the DECUS OpenVMS system there is no curl or wget installed. I wanted to download a remote `C` file to play around with the compiler and some simple Hello World code, to get a feel of the build system. After a bit of searching around the internet I was not able to find a command like curl or wget to download a remote file. But, the searches led me to the OpenVMS port of curl, which, I hoped, might be able to run on the DECUS system. Just like on a linux system, running the binary under my user account, not install it system wide. This ended up to be another adventure in which I figured out how to trace a locked file to a process, grep the output of a process on OpenVMS and kill a process. I did not get curl to work or compile my code, yet.

Read more...

Site updates, new layout for overview pages

04-05-2018 | Remy van Elst

This site is generated with my self-written open source static site generator named ingsoc (named after 1984). I've updated the overview pages with a new layout so that items are sorted by their publishing date instead of alphabetically. I've also rewritten some internal logic regarding tags and categories. This article shows the difference before and after and includes some old screenshots of raymii.org.

Read more...

The sad state of Alpha emulators (for OpenVMS)

30-04-2018 | Remy van Elst

OpenVMS 7.3 was the last version for the VAX architecture. All later versions (like 8.4) are only available for the Alpha CPU architecture or Intel's Itanium platform. Since I don't want hardware running, which is suprisingly hard to get in The Netherlands, Alpha machines, I want to be able to run it in an emulator. simh is the best open source VAX emulator, but it does not support Alpha. My adventure with es40, the only open source Alpha emulator (development halted 10 years ago) ended prematurely since it crashes all the time. The only other available options are FreeAXP, Charon-AXP, vtAlpha and EmuVM AlphaVM. Only FreeAXP is available as a free (but not open source) download, Charon had a personal version but that is nowhere to be found nowdays, vtAlpha doesn't offer a trial or free version and EmuVM Alphaserver also stopped with their free version. In this article I'll go over my adventure with FreeAXP and EmuVM.

Read more...

Introducing the Yubikey Nano XL Rugged edition

27-04-2018 | Remy van Elst

Last month my Yubikey broke. I had a second one as a backup so there were no problems for me. This second yubikey is a Nano model, that means it is about 1 cm by 1 cm, the normal yubikey is 2 cm by 5. It fits inside the USB port and is meant to be inserted in the computer all the time. Extracting it from the port is hard as well, since it is so small. I use my yubikey on different machines and don't like the idea of it being in a computer when I'm not there, so I wanted to fix this. I did not fix it by buying a regular sized yubikey, but I found a clever workaround, which I name the Yubikey nano XL Rugged. You'll understand when you see the pictures.

Read more...

Installing the es40 AlphaServer emulator 0.18 on Ubuntu 16.04, and trying to install OpenVMS 8.4 on es40

24-04-2018 | Remy van Elst

OpenVMS 7.3 is the latest version of OpenVMS for the VAX architecture. Since the DECUS system uses OpenVMS 8.4 there were some version differences. I could not set my 'BACKSPACE=DELETE' on 7.3. The hobbyist license also covers the Alpha and Itanium versions of OpenVMS so I want to try the Alpha version, which is consequently also 8.4, the latest release. This article describes my attempt to compile and install the es40 open source Alpha emulator on Ubuntu 16.04 and subsequently the installation of OpenVMS Alpha. The emulator is not under active development since 2008, and the installation of OpenVMS fails. OpenVMS does boot however, very very slowly.

Read more...

Small OpenVMS titbits

22-04-2018 | Remy van Elst

Here are some small titbits I found out this week on the DECUServe OpenVMS system. Not enough to write a blogpost on their own, but collected together.

Read more...

Ansible - add apt_key inline

19-04-2018 | Remy van Elst

Using the apt_key module one can add an APT key with ansible. You can get the key from a remote server or from a file, or just a key ID. I got the request to do some stuff on a machine which was quite rescricted (so no HKP protocol) and I was asked not to place to many files on the machine. The apt_key was needed but it could not be a file, so using a YAML Literal Block Scalar I was able to add the key inline in the playbook. Not the best way to do it, but one of the many ways Ansible allows it.

Read more...

OpenVMS 7.3 install log with simh VAX on Ubuntu 16.04

16-04-2018 | Remy van Elst

Using a guide I was able to install OpenVMS 7.3 for VAX on simh on Ubuntu 16.04. This is a copy-paste of my terminal for future reference. This is not one of my usual articles, a guide with comprehensive information an background. Just a log of my terminal.

Read more...

File versioning and deleting on OpenVMS with DELETE and PURGE

15-04-2018 | Remy van Elst

I'm now a few weeks into my OpenVMS adventure and my home folder on the [DECUS](http://decus.org) system is quite cluttered with files. More specifically, with different versions of files, since OpenVMS by default has file versioning built in. This means that when you edit a file, or copy a file over an existing file, the old file is not overwritten but a new file with a new version is written. The old file still is there. This is one of the best things in my humble opinion so far on OpenVMS, but it does require maintenance to not have the disk get filled up fast. This article goes into the PURGE and DELETE commands which help you deal with file versioning and removal.

Read more...

Synergy, no mouse cursor on Ubuntu 17.10

11-04-2018 | Remy van Elst

Synergy is an application to control remote screens with your local mouse and keyboard over the network, cross platform. You could use Linux as your main OS and have a seperate box with Windows next to it, and use your Linux mouse to control windows. On Ubuntu 17.10 the mouse cursor is not visible, but does work. This snippet provides a fix. Hint, wayland is in the way.

Read more...

FreeIPA DNS workaround for DNS zone [...]. already exists in DNS and is handled by server(s):

10-04-2018 | Remy van Elst

Recently I ran into an issue with FreeIPA when trying to add an existing DNS zone. The zone already exists on the internet so, logically, FreeIPA wouldn't allow me to hijack this domain locally. My usecase is special, so I wanted to forcefully add this zone as a forward zone.

Read more...

Backspace and delete key behaviour on OpenVMS

09-04-2018 | Remy van Elst

While working on the DECUServe OpenVMS system I found out quickly that pressing BACKSPACE moves the cursor on the shell to the beginning of the line instead of deleting the character to the left of the cursor. This made me very aware of my typing, since when I made an error I had to retype the entire line (the terminal is in insert mode it seems). After reading through some documentation it seems that is default behaviour but there are terminal options to change it.

Read more...

All Items