Skip to main content


Hi there! I'm Remy, a Linux/UNIX sysadmin, my primary focus is on building high available cloud environments in OpenStack, Amazon, Microsoft Azure or on premise with Ansible and Terraform (or any other configuration management tool). My keywords are OpenStack, cloud, virtualization, high availability, scaling and clustering, security, (Open)SSL, Python, Powershell, Bash and general linux/UNIX system administration. Besides that I also develop software in Python.

I currently work for VolkerWessels, the largest Dutch civil engineering construction company as an (Azure) cloud specialist.

I've worked as a sysadmin (in a devops role) for the Erasmus University Medical Center (a large hospital and medical university in Rotterdam), Digidentity (a Dutch certificate authority, the company that develops DigiD and other Ruby on Rails applications), CloudVPS (an OpenStack Cloud provider, ISP, managed service provider and datacenter) and a few other smaller companies. I like to design, build, document and manage large, complex and high available systems. I'm a team player that loves to work with configuration management tools and version control systems. If I do something more than three times I automate it. Planning, documentation, monitoring and backups are things I do first, not when the time allows it later. Last but not least I have an interest in legacy systems like the PDP-11, PDP-8 and operating systems like OpenVMS, HP-UX and old UNIX systems.

To contact me, see my resume, get my GPG or S/MIME key see the about page.

This is my personal website, please do note that these articles do not reflect or are based on work, opinions or policies of any of my (previous) employers. Any resemblance to reality is pure coincidence.

This site started in 2006 as my form of (public) documentation. It has grown to include software, tutorials, snippets and articles on linux/UNIX, system administration and everything related with over 10.000 unique visitors a day as of 2018-06. The URL is the phonetic way you say my name (Ray-Mii), since non-Dutch speakers always have trouble with the correct pronunciation.

Latest Items

Python script to talk to LibreNMS API and get alerts and hosts

08-08-2018 | Remy van Elst

This script talks to the LibreNMS API to receive a list of down devices and alerts. The LibreNMS dashboard provides widgets for alerts and host statusses, but there is no easy way to access that output via the API. Using Python I was able to get certain information and output it as HTML or text using PrettyTable. It can be included in other systems or be used in a chain of monitoring customizations. z


nginx 1.15.2, ssl_preread_protocol, multiplex HTTPS and SSH on the same port

06-08-2018 | Remy van Elst

The NGINX blog recently had a nice article on a new feature of NGINX 1.15.2, $ssl_preread_protocol. This allows you to multiplex HTTPS and other SSL protocols on the same port, or as their blog states, 'to distinguish between SSL/TLS and other protocols when forwarding traffic using a TCP (stream) proxy'. This can be used to run SSH and HTTPS on the same port (or any other SSL protocol next to HTTPS). By running SSH and HTTPS on the same port, one can circumvent certain firewall restrictions. If the session looks like HTTPS, nginx will handle it, if it looks like something else, it will forward it to the configured other program. I used to use SSHL to get this functionality, but now it's built into the nginx webserver. This small guide will cover the installation of the latest version of nginx on Ubuntu (16.04) and configuring this multiplex feature.


Site updates for accessibility, text only pages and skip to main content

01-08-2018 | Remy van Elst

I've made some new improvements to this website. is generated using my self-written static site generator named ingsoc, the new features are focussed on accessibility. If you are using a screen reader or command-line browser this will benefit you. Or if you like to archive stuff offline. The two main improvements are a text-only version of every content page (article/tutorial etc) and a 'Skip to main content' link.


Send email with multiple inline images via bash with a loop

23-07-2018 | Remy van Elst

Recently I had a request from a user that whished to receive a scheduled email with two screenshots. The screenshots were automated via AutoIt on a network share, the user manually logged in every evening to check the pictures. With bash and postfix/sendmail we can automate this process, the user now doesn't have to login but can just check their email. There are a lot of snippets and guides to attach emails via the shell, but displaying multiple images inline as an HTML mail was something I had to figure out. You cannot embed the image in base64 HTML because Outlook doesn't show that, you must use the Content-ID style embed. Like UUENCODE, but more complicated. (The next step in this process with the user is to automate the reason why they have to check those screenshots every night, that is something for another article)


log_vcs - Ansible callback plugin that creates VCS (git) branches for every Ansible run

10-07-2018 | Remy van Elst

This Ansible callback plugin creates a VCS branch every time you run Ansible. If you ever need to go back to a certain state or environment, check out that branch and be sure nothing has changed. This is useful when you have multiple environments or multiple people deploying and continually develop your Ansible. When you often deploy to test / acceptance and less often to production, you can checkout the last branch that deployed to production if a hotfix or other maintenance is required, without having to search back in your commits and logs. I would recommend to develop infrastructure features in feature branches and have the master branch always deployable to production. However, reality learns that that is not always the case and this is a nice automatic way to have a fallback.


Windows 7 installer on a KVM Linux VPS (Windows on Digital Ocean)

01-07-2018 | Remy van Elst

For fun I wanted to install Windows 7 on a KVM Linux VPS (on [Digital Ocean) but it should work for any KVM or XEN-HVM VPS with console access). I was experimenting with Grub2 and ISO booting, since grub2 can natively boot a linux ISO. For Windows this is not possible, the installer needs to be extracted on a FAT32 partition from which you boot. On a normal system I would repartition the disk using a live CD, but on a VPS where an ISO cannot be booted this is troublesome. If I could boot from an ISO I would use that to install Windows, but where's the fun in that? I had to figure out how to shrink an EXT4 filesystem from a running Ubuntu VPS, which is possible, however very risky, with pivot_root. Next the partiton table can be converted to MBR, the partition can be resized, a FAT32 partiton and filesystem can be created, the Windows Installer files copied onto that, some Grub config and a reboot later, you're in the Windows 7 Installer.


Syslog configuration for remote logservers for syslog-ng and rsyslog, both client and server

21-06-2018 | Remy van Elst

Syslog is the protocol, format (and software) linux and most networking devices use to log messages. All kinds of messages, system, authentication, login and applications. There are multiple implementations of syslog, like syslog-ng and rsyslog. Syslog has the option to log to a remote server and to act as a remote logserver (that receives logs). With a remote logging server you can archive your logs and keep them secure (when a machine gets hacked, if root is compromised the logs on the machine are no longer trustworthy). This tutorial shows how to set up a syslog server with rsyslog and syslog-ng and shows how to setup servers as a syslog client (that log to a remote server) with syslog-ng and rsyslog.


snap install mosaic, the first graphical webbrowser on Ubuntu

14-06-2018 | Remy van Elst

On one of my favorite podcasts from Jupiter Broadcasting, either Linux Action News or Linux unplugged (252 I think, not sure), Allan Pope was talking about Snap packages and how there are now WinePacks, a snap with Wine and a single (Windows) application packaged. During the discussion he dropped that Mosaic, the first graphical web browser, is available as a snap package, for modern distributions. I installed it, after huge download (1.5 MB), playing around with it is quite fun. In this post I'll discuss how to install it, what works and what doens't in the modern age on Ubuntu 18.04


Chrome 68 is depcrecating HPKP (HTTP Public Key Pinning)

12-06-2018 | Remy van Elst

In 2014 I published an article on HPKP, http public key pinning. It allows a site operator to send a public key in an http header, forcing the browser to only connect when that header is found. It was ment to redice the risk of a compromised certificate authority (since any CA can create a certificate for any website). Quite secure, but it was often wrongly configured, forgotten until certificates expired and there were some security issues like a false pin. Late 2017 Google announced that HPKP would be removed in Chrome 68 and that version is released now, so HPKP is no longer supported. This post goes into the reasoning behind the removal, the possible replacement (Expect-CT) and how to remove HPKP from your site.


That time when one of my HP-UX servers lost half of it's RAM (and how to connect to an HP iLO 2 with modern OpenSSH (7.6+))

06-06-2018 | Remy van Elst

One of my favorite sayings is: 'Hardware is stupid, move everything to the cloud!'. The cloud is just someone elses computer, but at least I'm not responsible for the hardware anymore, since hardware breaks. When a VM breaks, because you use configuration management and version control, just roll out a new one. We all know that's not true, but still, the thought of it is nice. Last week one of the HP-UX machines had a failing disk and this week it's back with a whole new issue. After it was rebooted (due to issues with the services running on it), the Event Monitoring Service (EMS) sent an email regarding RAM issues and after manual checking it seems the machine lost half of it's RAM. It should have 16 GB and now it only has 8 GB. You might imagine my suprise. This post goes into my troubleshooting, since I was not able to go to the machine, shut it down and check if the RAM was still there. I'll cover the use of cstm (Support Tool Manager), how to connect to the HP iLO (out of band access) with modern OpenSSH (7.2) and the steps I took to gather information on what might have happened.


GPG noninteractive batch sign, trust and send gnupg keys

01-06-2018 | Remy van Elst

Recently a team I consult for started using a shared password manager, pass. It uses GPG keys and presents itself as the standard unix password manager, but in essence it's nothing more than a wrapper around GPG encrypted files. We all had to generate new keys since the team is new and we were not allowed to use existing keys. Using a new, empty keyring, I generated my key and imported their keys. I wanted to trust, sign and publish all keys to a keyserver, this article shows how to do that noninteractively in batch form. Saves me doing the same thing four times, since now it's just four people, but next time it might be a hundred.


HP-UX 11.31 System information and find out part number of a failed disk with sasmgr

18-05-2018 | Remy van Elst

On one of my regular scheduled datacenter visits one of the older HP-UX Itanium machines had an orange light on the front. These systems are not (yet) monitored, but still in use so the disk had to be replaced. Not knowing anything about this system or which parts were used, I managed to find the exact part number and device type so we could order a spare. This small guide uses sasmgr to get the data on HP-UX 11.31.


Icinga2 / Nagios / Net::SNMP change the default timeout of 60 seconds

16-05-2018 | Remy van Elst

Recently a rather large amount of new infrastructure was added to one of my monitoring instances. Using SNMP exclusively, but not the fastest network or infrastructure. The SNMP checks in the Icinga2 instance started giving timeouts, which look like false positives and give unclean logs. Raising the SNMP timeout for the checks above 60 seconds was not that easy since the 60 second timeout is hardcoded in the underlying library (NET::SNMP). This article shows you how to raise that timeout on an Ubuntu 16.04 system.


Multiple passwords for one user, UIC uniqueness and the system password on OpenVMS

13-05-2018 | Remy van Elst

In the book I bought about OpenVMS for the previous post on filesystems, 'Getting Started with OpenVMS by M. Duffy', I've read a few interesting things in the chapter that introduces user accounts and system login. Namely that a user can have multiple passwords, that user ID's are not unique and that there can be a system password. This article goes in to those three topics.


Mount ISO and execute scripts on OpenVMS

08-05-2018 | Remy van Elst

I'm playing around with OpenVMS on Alpha using a trial of AlphaVM Basic, but was not able to copy paste in my Hobbyist License. I suspect Putty pasting too quickly, so I had to get the license script on the OpenVMS, without using the network. In this article you'll learn some OpenVMS filesystem history, how OpenVMS handles line endings and in the end I get my license installed by creating an ISO with the script on it.


File locking, grep and process killing on OpenVMS

06-05-2018 | Remy van Elst

On the DECUS OpenVMS system there is no curl or wget installed. I wanted to download a remote `C` file to play around with the compiler and some simple Hello World code, to get a feel of the build system. After a bit of searching around the internet I was not able to find a command like curl or wget to download a remote file. But, the searches led me to the OpenVMS port of curl, which, I hoped, might be able to run on the DECUS system. Just like on a linux system, running the binary under my user account, not install it system wide. This ended up to be another adventure in which I figured out how to trace a locked file to a process, grep the output of a process on OpenVMS and kill a process. I did not get curl to work or compile my code, yet.


Site updates, new layout for overview pages

04-05-2018 | Remy van Elst

This site is generated with my self-written open source static site generator named ingsoc (named after 1984). I've updated the overview pages with a new layout so that items are sorted by their publishing date instead of alphabetically. I've also rewritten some internal logic regarding tags and categories. This article shows the difference before and after and includes some old screenshots of


The sad state of Alpha emulators (for OpenVMS)

30-04-2018 | Remy van Elst

OpenVMS 7.3 was the last version for the VAX architecture. All later versions (like 8.4) are only available for the Alpha CPU architecture or Intel's Itanium platform. Since I don't want hardware running, which is suprisingly hard to get in The Netherlands, Alpha machines, I want to be able to run it in an emulator. simh is the best open source VAX emulator, but it does not support Alpha. My adventure with es40, the only open source Alpha emulator (development halted 10 years ago) ended prematurely since it crashes all the time. The only other available options are FreeAXP, Charon-AXP, vtAlpha and EmuVM AlphaVM. Only FreeAXP is available as a free (but not open source) download, Charon had a personal version but that is nowhere to be found nowdays, vtAlpha doesn't offer a trial or free version and EmuVM Alphaserver also stopped with their free version. In this article I'll go over my adventure with FreeAXP and EmuVM.


Introducing the Yubikey Nano XL Rugged edition

27-04-2018 | Remy van Elst

Last month my Yubikey broke. I had a second one as a backup so there were no problems for me. This second yubikey is a Nano model, that means it is about 1 cm by 1 cm, the normal yubikey is 2 cm by 5. It fits inside the USB port and is meant to be inserted in the computer all the time. Extracting it from the port is hard as well, since it is so small. I use my yubikey on different machines and don't like the idea of it being in a computer when I'm not there, so I wanted to fix this. I did not fix it by buying a regular sized yubikey, but I found a clever workaround, which I name the Yubikey nano XL Rugged. You'll understand when you see the pictures.


Installing the es40 AlphaServer emulator 0.18 on Ubuntu 16.04, and trying to install OpenVMS 8.4 on es40

24-04-2018 | Remy van Elst

OpenVMS 7.3 is the latest version of OpenVMS for the VAX architecture. Since the DECUS system uses OpenVMS 8.4 there were some version differences. I could not set my 'BACKSPACE=DELETE' on 7.3. The hobbyist license also covers the Alpha and Itanium versions of OpenVMS so I want to try the Alpha version, which is consequently also 8.4, the latest release. This article describes my attempt to compile and install the es40 open source Alpha emulator on Ubuntu 16.04 and subsequently the installation of OpenVMS Alpha. The emulator is not under active development since 2008, and the installation of OpenVMS fails. OpenVMS does boot however, very very slowly.


Small OpenVMS titbits

22-04-2018 | Remy van Elst

Here are some small titbits I found out this week on the DECUServe OpenVMS system. Not enough to write a blogpost on their own, but collected together.


All Items