Live Average

Surviving Vendor Pitches at Kubecon: a Platform Engineer's Playbook

Sun, 22 Mar 2026 00:00:00 +0000

A practical guide for platform engineers to manage vendor pitches efficiently at KubeCon. Context and Why It Matters KubeCon pitches are inevitable but manageable. Poor handling wastes time, creates decision fatigue, and distracts from technical learning. A structured approach reduces noise and surfaces actionable insights. Actionable Workflow Pre-Event Prep Define Goals: List 2-3 technical pain points (e.g., “improve CI/CD throughput”, “simplify cluster lifecycle”). Filter Targets: Use the KubeCon schedule/app to identify vendors aligned with your goals.

Kubernetes Authorizer Alwaysdeny Behavior Explained and Fixed

Sat, 21 Mar 2026 00:00:00 +0000

The AlwaysDeny authorizer mode in Kubernetes does not deny requests as expected due to its design to return NoOpinion, requiring configuration adjustments. Problem Context The kube-apiserver’s AlwaysDeny authorizer mode returns NoOpinion instead of a direct deny decision. This allows subsequent authorizers in the chain to override the decision, making it unsuitable for production environments where explicit denials are required. Diagnosis Steps Check authorizer configuration: Verify the --authorization-mode flag on the kube-apiserver.

Self-hosted Kubernetes Apps: Hidden Complexity and Practical Fixes

Fri, 20 Mar 2026 00:00:00 +0000

Self-hosted Kubernetes apps often introduce hidden complexity through poor design assumptions, brittle tooling, and operational overhead that negate the benefits of container orchestration. Diagnosing the Pain Points Most self-hosted apps aren’t built with Kubernetes idioms in mind. Common issues include: Cloud-specific assumptions: Hardcoded storage classes, region-specific ingress configs, or dependencies on cloud provider APIs. Brittle upgrades: Breaking changes in Helm charts or CRDs that require manual intervention. Security pitfalls: Containers expecting root privileges or writable /etc/passwd.

Pivoting to Devops at 37: Practical Steps and Tradeoffs in the Ai Era

Thu, 19 Mar 2026 00:00:00 +0000

Transitioning to DevOps at 37 is viable with hands-on cloud/K8s experience, but success depends on adapting to AI-driven workflows and focusing on irreplaceable human skills like troubleshooting and system design. Diagnosis: Why the AI Era Changes (But Doesn’t Eliminate) DevOps AI automates repetitive tasks (e.g., log analysis, basic deployments) but amplifies demand for skills that machines can’t replicate: incident response, complex system design, and cross-team collaboration. DevOps roles are evolving, not disappearing—those who adapt will thrive.

Kro in Production: Managing Interdependent Crds with Resource Graphs

Wed, 18 Mar 2026 00:00:00 +0000

KRO simplifies managing interdependent CRDs through declarative resource graphs, offering sync capabilities beyond Helm, but requires careful design to avoid complexity. What KRO Solves KRO (Kube Resource Orchestrator) addresses lifecycle management for groups of resources tied to custom controllers. If your cluster uses CRDs that depend on each other (e.g., a ServiceMesh CR that provisions VirtualServices, Policies, and Gateways), KRO’s resource graphs define these relationships declaratively. Unlike Helm, which templates resources but doesn’t enforce sync post-install, KRO ensures downstream resources stay in sync with the root definition.

Using Kgateway for API Authentication in Production

Tue, 17 Mar 2026 00:00:00 +0000

KGateway can handle API authentication in production but requires careful setup and integration with existing IAM systems. Actionable Workflow Install KGateway: Deploy the operator via OperatorHub on OpenShift or apply CRDs manually. oc new-project kgateway --display-name="KGateway" oc apply -f https://raw.githubusercontent.com/k6io/k6-main/master/docs/assets/kgateway-operator.yaml Define Authentication Policy: Create a VirtualServer with JWT validation. Example policy below. Bind to Existing IAM: Integrate with Keycloak, Auth0, or OpenID Connect providers. Ensure TLS is enforced.

Scaling GitOps Repositories Across Teams and Projects

Mon, 16 Mar 2026 00:00:00 +0000

Use per-project GitOps repositories with a shared platform repo for cross-cutting concerns to balance ownership and scalability. Scaling GitOps repositories requires balancing autonomy, maintainability, and operational overhead. Monorepos create coordination bottlenecks as teams grow, while per-app repos introduce fragmentation. A hybrid approach—per-project repositories paired with a centralized platform repo—provides the best path forward for most organizations. Diagnosis: When Repositories Become a Problem Monorepo pitfalls: Tight coupling between projects leads to merge conflicts, noisy CI pipelines, and broad blast radius for misconfigurations.

Preventing Crash Loops from Malformed File Parsing in Kubernetes

Sun, 15 Mar 2026 00:00:00 +0000

When a pod crashes due to a malformed file, it enters a restart loop until the root cause is addressed and proper error handling is implemented. Diagnosis Workflow Check pod status: kubectl get pods -n <namespace> Look for CrashLoopBackOff status. Inspect logs: kubectl logs <pod-name> --previous -n <namespace> Identify exceptions (e.g., yauzl errors from malformed ZIP files). Describe the pod: kubectl describe pod <pod-name> -n <namespace> Check events for BackOff restart reasons.

Prepare for Docker and Kubernetes Live Build Interviews with Production-grade Skills

Sat, 14 Mar 2026 00:00:00 +0000

Focus on core container and orchestration workflows, hands-on troubleshooting, and real-world constraints to succeed in live build interviews. Core Preparation Workflow 1. Master Docker Fundamentals Build and push images: docker build -t myapp:1.0 . docker push myregistry/myapp:1.0 Networking: Test custom networks and service discovery: docker network create mynet docker run --network mynet --name db postgres docker run --network mynet --rm alpine nslookup db Volumes: Mount configs and persist data: docker volume create app-data docker run -v app-data:/app/data myapp:1.

Cka Remains Relevant for Production Operators

Fri, 13 Mar 2026 00:00:00 +0000

The CKA remains valuable for validating core Kubernetes skills but should complement hands-on experience and platform-specific knowledge. Why This Matters in Production Certifications like the CKA test foundational knowledge—cluster setup, networking, storage, security—but real-world stability depends on diagnosing failures under pressure. If you’re managing production clusters, the CKA forces you to confront gaps in areas like kubectl troubleshooting, RBAC configuration, or etcd backups. However, it’s not a substitute for platform-specific expertise (e.

Start Chaos Experiments with Known Weaknesses, Not Random Targets

Thu, 12 Mar 2026 00:00:00 +0000

Begin chaos experiments by targeting services with known fragility or recent changes, not random workloads. Why This Matters Kubernetes makes failure injection easy, but chaos without focus wastes time and risks overloading stable systems. Targeting known weaknesses first surfaces actionable issues, builds team confidence, and avoids “chaos for chaos' sake.” Actionable Workflow Identify candidates: Review monitoring/alerting for recurring errors (e.g., kubectl get pods --show-labels | grep -i error).

Infrastructure Deployment in 2026: Practical Scaling and Maintenance

Wed, 11 Mar 2026 00:00:00 +0000

Infrastructure deployment remains critical but evolves with AI, automation, and cost control; focus on maintainable, auditable systems. Context and Diagnosis The “infrastructure wave” isn’t over—it’s shifting. Teams still deploy daily, but priorities have changed: AI assist: Tools like GitHub Copilot speed up repetitive tasks but don’t replace deep platform knowledge. Cost pressure: Cloud spend optimization is now a core requirement, not a nice-to-have. Platform maturity: Organizations prioritize stabilizing existing systems over greenfield deployments.

Building Kubernetes Manifests: a Practical Workflow for Production Teams

Tue, 10 Mar 2026 00:00:00 +0000

We standardize on Helm charts with organizational policies, enforce compliance via Kyverno, and use ArgoCD for GitOps-driven deployments. Workflow: From Template to Deployment Start with a Helm chart Use an internal, versioned Helm chart as the base for all services. Chart includes defaults for: Resource limits/requests Liveness/readiness probes Ingress templates (with TLS enforcement) Common labels (team, env, app) Example: helm create my-service --starter-chart internal-base-chart Customize with Kustomize

Nixos as Kubernetes Node Os: Tradeoffs and Workflow

Mon, 09 Mar 2026 00:00:00 +0000

NixOS can work as a Kubernetes node OS for specific use cases but requires careful management of immutability, hardware diversity, and cluster orchestration. Practical Context Kubernetes nodes typically demand stability, predictable updates, and hardware-agnostic provisioning. NixOS offers immutable infrastructure via declarative configs but introduces friction in dynamic environments. Use cases like homelabs, edge deployments, or GPU-heavy workloads (e.g., ML clusters) may justify its complexity. Actionable Workflow Bootstrap Node Use nixos-anywhere or deploy-rs to provision base OS: nix run github:matthewbrowder/deploy-rs -- deploy --config .

Cilium Network Policies: Granularity in Production

Sat, 07 Mar 2026 00:00:00 +0000

Start with default-deny ingress and refine policies only where necessary to enforce least privilege without overcomplicating maintenance. Default-deny ingress is non-negotiable for production security, but overly granular policies risk operational bloat and human error. Granularity should align with actual risk surfaces: tighten rules for high-value workloads (e.g., databases, auth services) and loosen for ephemeral or low-risk components. Actionable Workflow Baseline with cluster-wide default-deny apiVersion: cilium.io/v2 kind: CiliumClusterwideNetworkPolicy metadata: name: default-deny-ingress spec: description: "Deny all ingress by default" rules: - ingress: - {} Identify allowed sources Monitoring systems (e.

External Secrets Operator: Reconciliation and Auth in Production

Fri, 06 Mar 2026 00:00:00 +0000

The External Secrets Operator simplifies secret management but requires careful handling of reconciliation and authentication tradeoffs to avoid security and stability issues in production. Why This Matters Kubernetes Secrets stored in etcd are often a liability for enterprises due to lack of encryption-at-rest guarantees and broad access risks. External Secrets Operator (ESO) addresses this by syncing secrets from external providers (e.g., AWS Secrets Manager, HashiCorp Vault) while keeping them out of etcd.

Egress Control on Eks: Cilium Vs Istio Ambient Mesh in 2026

Thu, 05 Mar 2026 00:00:00 +0000

Cilium and Istio Ambient Mesh offer different tradeoffs for EKS egress control; choose based on mTLS needs, sidecar overhead, and operational maturity. Egress control matters because default-allow clusters leak data and violate compliance. Both tools solve this, but their approaches differ in complexity, performance, and operational burden. Workflow for Egress Control Implementation Define egress requirements Default deny all egress Whitelist specific domains/IPs (e.g., *.api.provider.com, 8.8.8.8) Decide if mTLS is required for compliance Evaluate tooling

Diagnosing and Resolving GPU Node Failures in Kubernetes Clusters

Wed, 04 Mar 2026 00:00:00 +0000

GPU nodes may appear healthy but fail under load due to hardware, driver, or resource issues; here’s how to diagnose and fix them. Diagnosis Workflow Run hardware diagnostics: Use nvidia-smi --query-gpu=timestamp,temperature.gpu,utilization.gpu --format=csv to check GPU health. Execute Nvidia’s MATS/MODS memory test for faulty hardware. Check node status: kubectl describe node <node-name> | grep -i "gpu\|nvidia" Look for errors in Conditions or Events. Monitor under load: Deploy a test pod with nvidia.

Kubent's Current State and Alternatives for Policy Enforcement

Tue, 03 Mar 2026 00:00:00 +0000

Kubent is effectively unmaintained; consider alternatives like kubepug or ekrup for policy enforcement in Kubernetes 1.33+ environments. Diagnosis: Is Kubent Still Viable? Check Kubent’s maintenance status: Repo activity: Original doitintl/kube-no-trouble is read-only. Last commit: 2023-09. Rule coverage: Forks (e.g., dark0dave/kube-no-trouble) lack rules for Kubernetes 1.33+. Community signals: No recent releases, minimal issue responses post-2023. If you’re on Kubernetes 1.33+, Kubent’s stale rulesets expose you to undetected misconfigurations. Repair Steps: Migrate to Maintained Tools 1.

Prioritizing Kubecon Europe 2026: Security, Ai/ml, and Platform Engineering Sessions

Mon, 02 Mar 2026 00:00:00 +0000

A curated list of essential Kubecon Europe talks focused on security, AI/ML, and platform engineering, with actionable steps for planning your schedule. Actionable Workflow for Session Prioritization Review the schedule grid (https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/schedule/) and filter by Security, AI/ML, and Platform Engineering tracks. Flag sessions with actionable outcomes: Look for talks that include demos, case studies, or tooling you can use immediately (e.g., “Securing Workloads with Kyverno” vs. “The Future of Kubernetes Security”).

Managing Kubernetes in Air-gapped Environments: Tools and Workflows

Sun, 01 Mar 2026 00:00:00 +0000

Here’s how to manage Kubernetes clusters in restricted environments using air-gapping, offline tooling, and policy enforcement. Workflow: From Zero to Operational Plan your offline supply chain Identify all dependencies: base OS images, operator binaries, Helm charts, and CI/CD artifacts. Use skopeo or regctl to mirror images to an internal registry. Example: skopeo copy --all oci:quay.io/cluster-api/provider-aws:v2.30.0 oci:my-registry.local/cluster-api/provider-aws:v2.30.0 For air-gapped clusters, pre-stage Zarf or Hauler bundles on USB drives or physical media.

Vmware Vks On-prem: Tradeoffs and Operational Reality

Sat, 28 Feb 2026 00:00:00 +0000

VMware VKS simplifies on-prem Kubernetes deployment but introduces vendor lock-in and integration friction at scale. Operational Workflow for VKS Deployment Prerequisites: vSphere 7.0+ with compatible NSX/AVI integration. Storage policies aligned with VMware’s recommended profiles. Network segmentation for management, data, and edge traffic. Deployment: Use VMware Cloud Foundation (VCF) for bundled lifecycle management. Deploy via TKGS (Tanzu Kubernetes Grid for SDDC) for tighter vSphere integration.

Building a Raspberry Pi Kubernetes Lab: Practical Steps and Pitfalls

Fri, 27 Feb 2026 00:00:00 +0000

A step-by-step guide to setting up a Raspberry Pi Kubernetes lab with kubeadm, CNI, and CSI, including common pitfalls and maintenance tips. Workflow: From Hardware to Cluster Hardware Setup Use Raspberry Pi 4 (4GB+ RAM) or Pi 5 for control plane and workers. Ensure all Pis are on the same network with static IPs or DNS entries. Flash Raspberry Pi OS Lite (64-bit) to microSD cards. OS and Prerequisites

Setting Resource Requests and Limits in Production Kubernetes

Thu, 26 Feb 2026 00:00:00 +0000

Set resource requests based on observed usage, apply limits cautiously, and validate with real metrics. Practical Workflow Baseline metrics: Use kubectl top or Prometheus to observe historical CPU/memory usage. Set requests: Allocate 20-30% above observed averages to buffer for spikes. Apply limits: Use limits only if you need strict resource isolation (e.g., batch jobs). For long-running apps, omit limits unless throttling is acceptable. Monitor post-deploy: Check for OOM kills, throttling, or performance degradation.

Tiny Bare-metal Kubernetes Cluster Setup

Wed, 25 Feb 2026 00:00:00 +0000

A practical guide to building a low-cost, bare-metal Kubernetes cluster for hands-on learning with real-world tradeoffs and troubleshooting tips. Why This Matters Running Kubernetes on physical hardware teaches cluster lifecycle management, networking quirks, and storage pitfalls that cloud abstracts away. It’s invaluable for certs and debugging production-like failures. Hardware Selection Avoid Raspberry Pis for general learning—ARM compatibility issues (e.g., Fluentbit, some CRDs) and non-standard kernel page sizes waste time. Instead:

Re-architecting Argocd Monorepos for Golden Applications in 2026

Tue, 24 Feb 2026 00:00:00 +0000

Adopt a layered monorepo structure with Kyverno for policy enforcement, ServerSideApply, and clear separation of infrastructure and application workloads to maintain golden state integrity. Golden applications require operational discipline, not just tooling. A monorepo for ArgoCD must balance flexibility for diverse workloads (infra, web apps, custom services) while preventing drift through policy-as-code and declarative automation. Actionable Workflow Define Boundaries Split manifests into infra/ and apps/ directories. Use Kustomize overlays for environment-specific tweaks (e.

Resource Requests and Limits: the Hidden Cost of Misconfiguration

Mon, 23 Feb 2026 00:00:00 +0000

Misconfigured resource requests and limits in Kubernetes can lead to wasted resources and scheduling issues, requiring proactive governance and tooling to mitigate. The Problem in Production Developers often copy VM-era specs to container resource requests/limits, leading to grossly oversized allocations. For example: A pod requesting 4 cores and 8GB memory but idling at 0.2 cores and 500MB Nodes blocked by “reserved” resources while workloads starve Scheduler only honors requests, not actual usage.

Load Balancing in Kubernetes: How It Works in Production

Sun, 22 Feb 2026 00:00:00 +0000

Kubernetes uses Services and Ingress to abstract and manage load balancing, enabling scalable traffic distribution without manual infrastructure coordination. The Problem: Traffic Distribution at Scale In production, applications require traffic to be distributed across multiple pods reliably. Manual LB management doesn’t scale with dynamic pod lifecycles, network policies, and multi-team environments. Kubernetes abstracts this complexity through declarative resources. How Kubernetes Handles Load Balancing Core Components Services: Abstracts pods behind a stable IP and DNS name, using kube-proxy to manage endpoint mappings.

Ubuntu or Debian for Local Kubernetes Clusters

Sat, 21 Feb 2026 00:00:00 +0000

For local k8s clusters with kubeadm, Debian offers stability and simplicity, while Ubuntu provides newer packages and better hardware support, depending on your needs. Why It Matters Local Kubernetes clusters demand minimal overhead and predictable behavior. Both Ubuntu and Debian work, but the choice hinges on hardware compatibility, maintenance preferences, and tolerance for bloat. Actionable Workflow Assess Hardware Requirements Use lshw or dmidecode to check hardware specs. If using cutting-edge NICs or GPUs, Ubuntu’s newer kernel (6.

Common Kubernetes Production Failures and Fixes

Thu, 19 Feb 2026 00:00:00 +0000

Kubernetes production failures often stem from resource exhaustion, misconfigurations, and network bottlenecks, requiring proactive monitoring and remediation. Diagnosis: Where Things Break Resource Starvation IP exhaustion (e.g., subnet limits, ENI allocation issues) CPU/Memory pressure causing evictions Disk full errors from unbounded logs or images Network Misconfigurations Subnet CIDR ranges too small for node/pod growth Firewall rules blocking necessary ports (e.g., 6443, 2379-2380) Incorrect DNS configurations breaking service discovery Node Instability

Building a Terminal-based Kubernetes Game: Practical Steps and Tradeoffs

Wed, 18 Feb 2026 00:00:00 +0000

A terminal-based Kubernetes game can aid learning but requires careful design to balance engagement with operational realism. Why This Matters in Production Learning Kubernetes concepts like deployments, services, and RBAC through gamification can reduce onboarding friction for new engineers. However, poorly designed games risk reinforcing bad habits (e.g., ignoring resource limits) or abstracting away critical operational realities. The goal should be to mirror real-world constraints while maintaining engagement. Actionable Workflow Define Learning Objectives

Choosing an Ingress Controller After Nginx-ingress Deprecation

Tue, 17 Feb 2026 00:00:00 +0000

Migrating from nginx-ingress requires evaluating Traefik, Envoy Gateway, or AWS Load Balancer Controller based on routing complexity, ecosystem integration, and operational overhead. Diagnosis: Current State and Requirements If you’re running complex nginx routing configurations (e.g., Lua scripts, custom rewrites), prioritize solutions with equivalent flexibility. Traefik’s Middleware CRDs or Envoy’s route configuration options are viable. For AWS-native teams, the AWS Load Balancer Controller (ALB) simplifies integration with ACM and VPC resources but has a hard limit of 100 backend targets per ingress.

EKS AL2 to AL2023 memory usage spikes in nginx, anyone else

Mon, 16 Feb 2026 00:00:00 +0000

Diagnosing and Resolving Memory Spikes in Nginx on EKS AL2023 If you’ve migrated from Amazon Linux 2 (AL2) to AL2023 on EKS and noticed memory spikes in Nginx pods, you’re not alone. This post walks through a pragmatic diagnosis and repair workflow, with actionable steps to prevent recurrence. Diagnosis: What’s Changed? AL2023 introduces updates to containerd, kernel versions, and cgroup management. Memory spikes in Nginx often stem from: cgroup v1 vs v2 Reporting Differences

Practical guidance for using yaml over the CLI when managing Kubernetes

Mon, 16 Feb 2026 00:00:00 +0000

YAML Over CLI: Production Reality vs. Tutorial Simplicity As a platform engineer, you’re not alone in preferring YAML over ad-hoc CLI commands. The question isn’t whether it’s uncommon—it’s whether you’re optimizing for tutorial simplicity or production safety. Here’s the breakdown: Why YAML Dominates Production Workflows CLI commands like kubectl create deployment are training wheels. They’re great for learning but dangerous in production: No audit trail: Who created that resource?

Run Only What You Must in Kubernetes

Mon, 16 Feb 2026 00:00:00 +0000

Self-hosting databases and stateful services in Kubernetes reduces costs but demands operational maturity for reliability and recovery. Running everything in your cluster is tempting for cost control, but it shifts undifferentiated operational burden to your team. Decisions should hinge on three factors: criticality, expertise, and total cost of ownership. When to Run in Cluster Self-host stateful workloads like PostgreSQL or RabbitMQ only if: You’ve proven HA/DR workflows (e.g., backups, failover, point-in-time recovery).

What does "config hell" actually look like in the real world

Mon, 16 Feb 2026 00:00:00 +0000

What “Config Hell” Actually Looks Like (And How to Escape It) If you’ve spent any time managing production Kubernetes clusters, you’ve probably heard the term “Config Hell.” It’s the chaotic state where configurations sprawl uncontrollably, drift between environments, and resist consistent management. But what does this look like in practice? And how do you fix it when it happens? Let’s cut through the theory and walk through real-world symptoms, diagnosis steps, and repairs.

How do you resolve CVEs in containers efficiently

Thu, 12 Feb 2026 00:00:00 +0000

Efficient CVE Resolution in Containers: A Practical Approach Resolving CVEs in containers is a necessary but often soul-crushing task. You’re not alone in drowning under a deluge of alerts from tools like BlackDuck. The key is to focus on what matters, automate the rest, and stop playing whack-a-mole. Here’s how to do it. Diagnosis: Triage with Context Not all CVEs are created equal. Start by filtering noise: Prioritize by EPSS Score

Kubernetes Q&A: What to bundle in the Argo CD application and best practices to manage other resources

Thu, 12 Feb 2026 00:00:00 +0000

What to Bundle in Argo CD Applications (And How to Manage the Rest) If you’re deploying apps with Argo CD, you’re already halfway to a solid GitOps workflow. But when it comes to bundling resources like Gateways, HTTPRoutes, and StorageClasses, confusion sets in fast. Let’s cut through the noise with production-tested patterns. Core Principle: Separate Cluster-Scoped and Namespace-Scoped Resources Cluster-scoped resources (e.g., Gateways, StorageClasses, CRDs) belong in dedicated infrastructure apps. Namespace-scoped resources (e.

Selective OpenShift IPI on AWS GovCloud without Route 53

Tue, 27 Apr 2021 00:00:00 +0000

Overview If you’ve deployed OpenShift on AWS using the IPI (Installer Provisioned Infrastructure) deployment method then you’re aware of the hardline requirement for Route 53 public/private zones, depending on the publish method set in your OpenShift install-config.yaml. This typically doesn’t present a problem for most customers, but select companies disallow use of Route 53 in favor of their own managed DNS (e.g. Infoblox). Unfortunately this limitation forces most customers to pursue a UPI (User Provisioned Infrastructure) deployment, which may (read: should) require custom terraform/ansible automation to standup all other prerequisities such as subnets, security groups, load balancers, EC2 instances, S3 buckets, etc.

NVIDIA gpu-operator installation in a Proxied Environment

Thu, 04 Feb 2021 00:00:00 +0000

Overview If you’re running NVIDIA GPU’s & OpenShift/k8s in an unproxied or transparently proxied environment you probably haven’t encountered too many issues deploying NVIDIA’s gpu-operator (lucky you!), but your experience might not be as pleasant if using a traditional proxy with HTTPS/SSL bumping/inspection enabled. In a traditional proxied environment you likely have a rule to bypass HTTPS inspection on cdn.redhat.com due to the limitations of sending a client certificate (e.g. your entitlement cert) to an origin server when bumping connections… communication with Red Hat’s CDN just won’t work if HTTPS inspection is enabled.

Practical OpenShift 4 Installation Troubleshooting

Thu, 04 Feb 2021 00:00:00 +0000

There’s a lot of great documentation on running, administering, consuming, and troubleshooting OpenShift 4, but the installation process is still a bit vague for some admins, and even more obscure if failures are encountered. I recently stepped through general installation troubleshooting for a failed OpenShift 4.6.8 deployment which hit this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1895024 - The core issue relates to low entropy on my VMs, but this bug was repeatable and offered a great exercise to share troubleshooting/diagnostic steps.

Configure Ansible Tower SAML auth using Red Hat SSO (Keycloak)

Wed, 05 Aug 2020 00:00:00 +0000

Overview While there is a great write-up on configuring SAML auth for Ansible Tower pubished on the Red Hat Ansible Blog, it’s pretty dated and there are better ways to work with certificate Deploy Red Hat SSO If you don’t already have a production instance of Red Hat SSO (RHSSO) available, you can quickly stand-up a test instance using the official, Red Hat-provided image. Log-in first, and then pull down a the latest SSO 7.

OpenShift 4 IPI on vSphere in less than 5 minutes

Fri, 24 Jul 2020 00:00:00 +0000

I’ve posted about OpenShift 4 on vSphere before, but with the release of OCP 4.5.z things have gotten much, much easier. While it certainly takes more than 5 mintues to deploy all components, I’ve trimmed an asciinema capture to demonstrate just how easy installation of OpenShift 4.5 on vSphere has become. In the top pane I kick-off openshift-install using IPI, while the lower-right pane is monitoring vCenter for new VM’s matching my cluster identifier.

Automated Bare Metal OpenShift 4 on Packet

Mon, 01 Jun 2020 00:00:00 +0000

Overview When looking to evaluate virtualization nested virt is always a last resort, but unfortunately this becomes a typical requirement when demoing a product feature such as OpenShift Virtualization. Prerequisites Ensure the following requirements are met before deploying: Terraform (version >= ) Environment variables for Packet, CloudFlare, etc. set Deployment Before executing Extra Features

Automate OpenShift 4 UPI deployments on vSphere using Packer

Thu, 23 Apr 2020 00:00:00 +0000

Why? If you’re deploying OpenShift 4.x into vSphere environments without DHCP your deployment options are limited to using Red Hat CoreOS ISOs. This isn’t a big deal, but manually typing the kernel arguments for bootstrap, master, and compute nodes can become a headache, and leads to typos, cursing, and drinking. How? You can reduce UPI deployment time by using Packer and the vsphere-iso provider to create all VM’s, boot from ISO, automatically input appropriate kernel arguments (including proper ignition file references for each node type), install CoreOS, and shutdown each machine.

Tesla Powerwall Dashboard

Mon, 20 Apr 2020 00:00:00 +0000

Tesla Powerwall Dashboard This is based on the work of @rhodesman and his teslaPowerDash repo, but hopefully enables easier ramp up to start obtaining and trending Powerwall 2 API data. Usage If you’re still using docker rather than podman, simply replace all podman calls with docker. Pull the container image: podman pull liveaverage/powerwall-dashboard Start the container, replacing POWERWALL_IP with the assigned IP address of your Powerwall and LOCAL_INFLUXDB_PATH with an appropriate destination to store trend data: export POWERWALL_IP=192.

k3s Cluster on ARM-based Rock64 SoCs

Thu, 22 Aug 2019 00:00:00 +0000

To quickly and easily test k3s for edge use cases I’ve been running a single master + single worker node configuration on a couple Rock64’s purchased from Ameridroid. For less than $130 (shipped) I purchased 2x Rock64 4GB models along with the requisite 5V/3A power adapters. Yes, I would now prefer to run k3s (among other things) on an Nvidia Jetson Nano, but I bought my Rock64’s well before the Nano was released and I also had a second project in mind, similar to Project31’s use of Pine64 SoCs to run OpenShift in a CentOS 7 user space.

Use Cloudflare's Universal SSL for quick & dirty API integrations

Tue, 17 Jul 2018 00:00:00 +0000

Why? If you’re leveraging a development appliance or platform (e.g. ServiceNow Developer Instances, OpenShift Online, etc.) you may not have access (or the time required) to distribute internal/self-signed CA certs and ensure outside systems trust your internet-facing services. This is especially true in lab situations. A concrete example: I’m evaluating Ansible Tower & its API needs to be accesed by a ServiceNow Developer instance provided & hosted by ServiceNow, presumably from AWS I’ve established appropriate port forwarding rules to allow external access to the VM hosting Tower (in my home lab) I’m already leveraging Cloudflare DNS to dynamically update an A Record (“DNS Only” as DDNS updates are incompatible with records set for “DNS and HTTP proxy (CDN)") I’m already leveraging Universal SSL for my primary website How Create a new CNAME record in Cloudflare’s “DNS” Management console Ensure the CNAME record is configured for “DNS and HTTP proxy (CDN)” - An alias will ensure DDNS record(s) continue to receive updates in the event of home IP changes, while the CNAME will enable Universal SSL From Cloudflare’s “Crypto” Management coonsole, ensure “Universal SSL” is enabled for your domain From the same console, ensure “SSL” is set to Flexible or Full, but not Full (Strict) unless you’re leveraging Origin Certificates that have been distributed/installed to your managed services From Cloudflare’s “Firewall” Management console, click the “Web Application Firewall” button.

Integrate ServiceNow and Ansible Tower in 10 minutes

Mon, 16 Jul 2018 00:00:00 +0000

A coworker asked about showcasing Ansible Tower, specifically integration between Ansible Tower and ServiceNow. With minimal exposure to ServiceNow, minus operatione as a requestor, this took a bit of time but far less than expected. Before starting make sure you have all prerequisites. Prerequisities ServiceNow Developer Instance You’ll need to sign-up for a developer account, but ServiceNow is generous enough to provide you with a free ServiceNow instance, with a build of your choosing.

Mermaid + Hugo

Wed, 20 Jun 2018 00:00:00 +0000

mermaidjs I love my Hugo theme from jpescador , but it was missing mermaidjs… I wanted the same shortcode integration available in some other themes, but I also wanted to leverage a CDN for libary loads and make the theme easily swappable from the shortcode calls. So: {{< mermaid align="left" theme="dark" >}} graph LR; A[Hard edge] -->|Link text| B(Round edge) B --> C{Decision} C -->|One| D[Result one] C -->|Two| E[Result two] {{< /mermaid >}} now renders:

CI/CD Hosting on the Cheap: Part I

Tue, 19 Jun 2018 00:00:00 +0000

Why? Hosting costs have come down a lot, but cheap and expensive providers alike require administration using pretty lame cPanel hosting controls. Sure, you could run your own instance on AWS, GCE, or Azure, but then you’re introducing the overhead of patching, monitoring, and cost analysis – that last one is paticularly important if your site starts receiving increased traffic. If you can replace your commercial hosting provider with a combination of free solutions, why wouldn’t you?

Common OpenShift Pitfalls

Tue, 19 Jun 2018 00:00:00 +0000

I recently had a customer inquire about the most common issues I’ve run into with OpenShift deployments, operations, and upgrades. This was a great question and justified a writeup! Overview With so many moving parts, OpenShift can be difficult to monitor and manage. Below are some, but certainly not all, of the common pitfalls associated with deploying & administering the platform at multiple layers. Cluster-level Pitfalls Certificates Certs are used for secure communication/authentication across multiple OpenShift components: etcd, nodes, masters, service serving, tenant routes, etc.

Enumerate Container Images for Disconnected OpenShift Installations

Mon, 07 May 2018 00:00:00 +0000

Why? If you need to enumerate a comprehensive list of images for disconnected OpenShift installations the process can be tedious. It’s easier to programmatically query the Red Hat Container Catalog, filter out unwanted images, and pull down those that are desired. How? Questions? Leave a comment!

Fancy App 4

Thu, 22 Jun 2017 00:00:00 +0000

App 4

Check_MK Environmental Monitoring: Room Alert 4E

Wed, 13 Aug 2014 16:32:32 +0000

One of our Network Engineers needed some monitoring (internal temp, external temp, and external humidity) added for an AVTech Room Alert 4E unit, preferably using a check_MK plugin. Couldn’t find one in any repos or in git, so decided to add this to a growing collection of plugins I’ve been working on. Another request from the same team: MinuteMan UPS units. I’ll be adding to my check_mk_bag git repo periodically with any new, custom check plugins.

Making Cisco Identity Firewall, CDA, and ISE play nice

Thu, 07 Aug 2014 14:03:32 +0000

As of Cisco CDA Patch 2, identity mappings provided via Cisco ISE are natively supported. This means you can authenticate against ISE, which may in turn authenticate against LDAP or Active Directory, and subsequently notify one or more Cisco CDA servers that a new user-to-IP mapping exists. Cisco accomplishes this exchange of authenticated identities via syslog messages. ISE is configured to forward syslog messages to the CDA server(s), and the CDA server(s) have the sending ISE server(s) configured as a syslog “client.

Powershell: Bulk provision DHCP Scopes

Wed, 30 Jul 2014 21:08:10 +0000

Thought I’d share a nice wrapper for netsh and dnscmd calls to allow easy, bulk provisioning of new DHCP scopes. It’s nice being able to provision a ton of these at once by piping the output from Import-CSV! ############################ #AUTHOR: JR Morgan #CREATED: 20120417 #MODIFIED: 20140611 ############################ <# .Synopsis Adds DHCP Scope to ALL specified DHCP servers. If split-scope is desired the script uses IP Math to automatically add the desired exlcude ranges.

Check_MK: Local Checks Grab Bag!

Tue, 29 Jul 2014 15:32:29 +0000

Some local Check_MK checks that were created to execute check_MK local check scripts (Powershell) in 64-bit context, monitor Exchange 2007 health (Storage Group replication status, Log Truncation after backups, etc.), and monitor DNS scavenging on Windows servers: @echo off REM Note that SysNative is available on x86 2008, and on x86 2003 with KB942589 applied set CONSOLE_WIDTH=500 CD %ProgramFiles(x86)%\check_mk\local-64 FOR /R %%X IN ("*") DO ( %WINDIR%\SysNative\windowspowershell\v1.0\powershell.exe -File “%%X”) Execute-Local-64.bat view raw $Host.

EDM Legends: Crystal Method 2014 – Orlando @Firestone Live

Mon, 05 May 2014 11:54:14 +0000

Getting Started with Hugo

Wed, 02 Apr 2014 00:00:00 +0000

Step 1. Install Hugo

Go to hugo releases and download the appropriate version for your os and architecture.

Save it somewhere specific as we will be using it in the next step.

More complete instructions are available at installing hugo

One-person motorcycle loading

Mon, 24 Mar 2014 14:00:27 +0000

My wife is tiny… 5 ft tiny… Suffice it to say I needed a safe and easy way to load (and unload) my motorcycle without assistance. I researched the expensive solutions from LoadAll and deemed it unnecessarily complicated (with far too many moving parts) for my taste. I also didn’t want to sacrifice my truck cargo space. I decided on the 40″ wide, 8 ft. long Black Widow Ramp from DiscountRamps.

Check_MK DFS Backlog Monitoring

Wed, 12 Feb 2014 14:29:23 +0000

[][1]Inventoried replicated folders and their corresponding backlog counts Before you even get started, make sure your Powershell execution policy is set to **RemoteSigned **for your standard AND x86 Powershell console; Check_MK will generally execute PS scripts from the x86 console, so it’s critical to set the policy for both: Start > Accessories > Windows PowerShell Right-click ‘Windows PowerShell (x86)’, select ‘Run As Administrator’ Execute: Set-Execution Policy RemoteSigned Repeat the same steps above, but for the standard ‘Windows PowerShell’ console.

Europe 2013

Tue, 18 Jun 2013 01:31:48 +0000

[nggallery id=4]

Extending Check_MK MySQL Status Output

Mon, 25 Mar 2013 14:44:21 +0000

If you need more output than what the existing Check of MySQL Status Variables includes, such as Seconds_Behind_Master or Relay_Log_Pos, consider adding a quick line to the bash call for mysql_status on the agent. This assumes you’ve installed themysql_status-1.0.1.mkp and deployed the necessary agent files to the servers you’d like to monitor. This also assumes you’ve correctly configured the credentials needed to run the plugin and successfully receive (standard) output from the agent plugin.

Powershell Script: Sync DHCP Reservations (Windows Server 2008)

Wed, 14 Nov 2012 14:11:56 +0000

If you have redundant Windows 2008 DHCP servers (likely with split-scope configurations), you’re familiar with the problem of keeping reservations between the servers synchronized. I figured I’d post a script I created to sync reservations between servers. Synchronization can be 1-to-1 or 1-to-many, depending on your redundant DHCP server configuration. This script can sync with ALL authorized DHCP servers in a domain if needed. Make sure to read the included Powershell help information.

Nagios check_http problems with Microsoft System Center 2012 Endpoint Protection

Wed, 07 Nov 2012 22:25:03 +0000

Someone important suggested this get posted somewhere so that anyone else experiencing** check_http** socket timeout problems with client/servers running Microsoft System Center 2012 Endpoint Protection would have a clue as to what could be causing issues: If you’re receiving strange/unexpected timeouts from the check_http plug-in when running it against a server using Microsoft System Center 2012 Endpoint Protection, the Network Inspection Service may be blocking your check attempt. Don’t bother trying to force an agent string or any other weird options; either switch to header-checks-only [no body] using the -N option with check_http, or disable your Network Inspection service entirely (not recommended).

Powershell Script: Windows Event Log Retention and Compression

Wed, 07 Nov 2012 22:12:34 +0000

Windows Security event logs fill up fast when you have Directory Service Access Auditing enabled, for whatever reason. If I want to retain any useful information, I need at least 7 to 14 days of logs to review, in my case, the DNS scavenging process. The built-in ‘Archive log when full’ option doesn’t really help out as much as you’d think, particularly when I might have 2 or 3 logs (each 300MB) per day.

Fix Hotbodies Slash-cut Megaphone Exhaust and Kickstand Spacing Problem

Thu, 11 Oct 2012 18:25:36 +0000

I recently purchased a set of Hotbodies Slash-cut megaphone exhausts (dual) for my 2012 Suzuki Hayabusa. They sound beautiful, and other drivers are actually aware of my presence, unlike riding with the stock cans. The only issue I’ve experienced is the spacing between the kickstand [in the UP position] and the LH (Driver-side) slip-on exhaust. The kickstand essentially hits the exhaust before it’s in the full UP position. This also prevented the kickstand pressure safety switch from recognizing the kickstand was actually UP, resulting in stall-outs shifting into 1st gear from neutral [by design].

Shout

Tue, 08 May 2012 21:39:11 +0000

**What are you sinking about? **

Nagios Plugin: Windows Server DHCP Scopes Usage Monitoring

Fri, 13 Apr 2012 16:03:59 +0000

I’ve stumbled on a useful plug-in from Lars Michelsen that easily monitors a single Windows Server DHCP scope for usage using SNMPv2, but found this fell short of what I needed for monitoring several scopes at once. I’ve modified Lars’ original plugin/script to accommodate all available DHCP scopes on your monitored Windows server. You no longer need to add separate service definitions to monitor all available scopes. It’s worth noting a couple of important details:

Sharing is Caring

Thu, 19 Jan 2012 22:01:46 +0000

Here we are again. More planning and details to come. Please comment or email questions. Use the Agenda or Posterboard view for printable detail pages.

Managing backup retention… with one line of Powershell

Wed, 30 Nov 2011 18:09:08 +0000

Ok, I used four lines, but my needs for retention might be a bit more complex than most. I also spaced each pipeline command, so it looks longer than it should, but readability is important. Additionally, there’s a good half-page of comments in the script than can safely be ignored, unless you want to know what was going through my mind. Most of these related directly to my desired retention periods.

For testing purposes, the last two “lines” only print out the listing of files that would be deleted.

OpenFiler errors that only I seemed to experience…

Tue, 26 Jul 2011 16:51:03 +0000

Well, I’ve finally deployed some production Openfiler ESA 2.99.1 machines as home-brew iSCSI boxes, primarily used for backups or low-stress virtual storage. Yes, they’re great — my basic write speeds on a Core 2 Duo box (recycled Dell Precision 390 workstation with 2GB of RAM and a single 1TB drive *no* RAID): [shell] administrator@mail:/backup-iscsi$ sudo dd if=/dev/zero of=garbage bs=131072 count=20000 20000+0 records in 20000+0 records out 2621440000 bytes (2.6 GB) copied, 40.

Résumé

Tue, 29 Jun 2010 20:19:35 +0000

How-to: GSX650F & Vortex 41mm Clip-ons

Thu, 08 Apr 2010 21:00:46 +0000

Author Note: I wrote this article when I still owned my GSX650F. I’ve since traded-up for a 2007 GSXR600 (and I couldn’t be happier). I might have some images to post with this tutorial, but I’ll post them when/if I can find them. Hopefully the write-up is enough to help… Good luck, modders.

Prior to my experiences with the Suzuki GSX650F, I was the semi-proud owner of a Hyosung GT250R. I loved the body styling, aggressive riding position, cheap price ($3300 OTD) and gas mileage, but I realized something more powerful was necessary for longer trips (and riding 2-up with the Mrs.). This brought me to my evolving 2008 GSX650F, which has the power, speed, and styling qualities that I was looking for, but still lacked the aggressive riding position I had with the Hyosung.

Vortex Racing had the answer to my commuter bar problem: 41mm clip-ons. They’re available in three different colors: silver (aluminum), black, and gold. Additionally, Vortex manufactures after-market bar ends (weighted or unweighted) for their clip-ons — which are certainly necessary after losing the dampers. The install took less than 45 minutes, but I’ll admit I made the mistake of loosening one of the fork bolts too much while lowering the front-end (required for installation on the GSX650F). This inevitably resulted in a lopsided front after the left fork pushed right through the triple-tree clamp. An extra 10 minutes of jacking the bike up and re-adjustment was required. Here’s a concise set of steps used to complete the project:

Ripping Play.FM or SoundCloud Streams with Firefox and FlashGot

Tue, 09 Feb 2010 14:44:50 +0000

I’ve recently stumbled across Play.FM, a flash-based music streaming service similar to Pandora but exclusively featuring Electronic and Dance Music. Friendly site with sensational tunes, but many of the songs, particularly those uploaded by independent DJs or artists, are not available for sale or download, making it difficult to listen on portable devices or offline. I tried the usual methods of download/capture for Flash-based music, but nothing was saved to my cache directory, and FreeMusicZilla detected no active streams… I gave the popular FlashGot Firefox plug-in a try and found it to work great.

Getting Married Soon…

Thu, 04 Feb 2010 19:39:59 +0000

I’ve recently sent out invites for our [local] wedding ceremony/reception . Along with custom-designed invites (and RSVP cards), we’ve created an informational website for attendees: http://wedding.liveaverage.com It mostly hosts info related to directions, accommodations, registries, etc., but we were pleased with the outcome of the site and invites. In case anyone asks, the invites were printed by Rush Flyers (a great printing outfit from Florida).

Accessing VMare Disks — without VMware Server or Workstation

Thu, 15 Oct 2009 14:23:59 +0000

I spent more time than necessary looking for a VMware disk mount utility to use on a Linux-based distribution. For windows, there’s the VMWare Workstation Disk Mount Utility (5.5) that can installed with the VMWare DiskMount GUI, but I couldn’t find the simple vmware-mount.pl program for Linux distros. Instead, I had to dig it out of a compatible VMWare Server package [for Linux], copy it to /usr/bin/ and create the necessary symlinks for operation.

Lenovo RS110 Review

Wed, 07 Oct 2009 15:34:01 +0000

I recently had the [unfortunate] opportunity of rolling-out (2) Lenovo RS110 servers targeted for SMBs. We seemed to fit the market for this relatively new Lenovo offering, but the product failed to meet the needs and expectations of my environment. The intention was to launch one of these two units with an Ubuntu/Debian-based Linux distribution to host our Zimbra mail server (currently residing virtual Ubuntu 6.06 LTS machine, with a host OS of Ubuntu 8.

Add ‘Submitted Tickets’ Listing Page for Joomla! RSTickets

Fri, 10 Jul 2009 17:15:21 +0000

If you haven’t heard, RSTickets! is an advanced Joomla! Help Desk ticketing system that allows you (or a team of yous) to manage and keep track of your clients’ issues. It’s actually one of the few effective, useful Help Desk systems available for the Joomla! 1.5+ framework that I would personally recommend. Unfortunately, it’s still under development and lacks certain features that one may desire, such as a read-only listing page that displays tickets already submitted to you or your department.

New fun with old toys: Adtran Atlas 550 + Free 411

Wed, 08 Jul 2009 21:10:26 +0000

As a result of my frugality, I got my hands on an Adtran Atlas 550 to be used for partitioning a single PRI into two PRIs at my workplace. In addition to the partitioning, this system provides the added bonus of dynamic number substitution. What’s this mean for me? Substituting costly 411 directory service for free Goog-411 service (which I prefer over traditional 411). I’m also able to create a number rejection list to block those NSFW 900* calls [or variation thereof], but the number substitution templates seem much more interesting…

Altermime, Postfix/Zimbra, and Headaches

Wed, 24 Jun 2009 19:43:11 +0000

EDIT: I have since removed altermime after installing a MailScanner spam relay for our Zimbra server to use. Because, by default, MailScanner appends a default signature to all outbound email, it was very simple to modify the signature rules to accomodate our mandatory disclaimers for different domains.

I had the pleasure of applying mandatory disclaimers to all [outbound] emails at my workplace today… ~Joy~ … I had the assumption it’d be rather easy, but Altermime and Postfix were a bit finicky to work with. After editing the master.cf I ended up customizing my own ‘disclaimer’ shell script.

How-to: GSX650F Chop-shop Job (Cutting down the fender)

Tue, 12 May 2009 16:12:02 +0000

Per another owner’s request, here are some up-close shots of the chop-job for the 2008 GSX650F … Notice the black bolts (attached to the protruding box shapes beneath the fender) in the second image. These are holding the bracket to the bike ‘trunk.’ There’s a lock washer and nut on the inside of the trunk securing the bracket to the bike.

I did not remove the tail before cutting. I used only a razor knife (with new, clean blades) following a hand-drawn [penciled] line. I did have to change the blade out about half-way through, and I did slice the crap out of a finger, but it was still worth the end-result.

My plate is not actually at an angle, but if you purchased the same tail light w/ the integrated signals and plate light, you don’t need it at an angle. It’s clearly visible at night without bending or angled mounting. Also, you may need some additional hardware (2 X bolts, 2 X nuts, 2 X lock-washers) to re-mount the OEM plate bracket to what’s left of the tail after the chop. Depending on how small your hands are, you might have to remove the tail piece (not the rear fender, just the painted tail) to attach lock-washers and nuts on the inside of the ‘trunk’.

HID Ballast Mounting for 2008 Suzuki GSX650F

Tue, 24 Mar 2009 19:57:51 +0000

Figured I’d post a few helpful pictures for any other GSXF enthusiasts looking to install HID lighting on their 2008 Suzuki GSX650F. I chose to use a pre-existing, pre-drilled location for mounting the HID ballasts. To make certain vibration and movement of the ballasts is kept to minimum I secured the mounting brackets directly to frame using heavy-duty zipties (two ties for each ballast bracket). You will need to drill holes in both plastic caps.

Modded GSX650F (Fender Chop)

Wed, 18 Feb 2009 18:47:35 +0000

I posted a quick how-to on installing the LED tail light, which will soon be followed up on a fender chop ‘how-to.’ Here’s some final pics of my bike (post mods). I also added a HID kit for better night-time driving.

How to: GSX650F LED Tail Light Upgrade

Wed, 18 Feb 2009 00:09:36 +0000

I’ve been wanting to upgrade the stock tail light on my Suzuki GSX650F for some time now. I was hoping an upgrade might precede a quick fender chop to rid the bike of that hideous plastic dragging the aesthetics down. The deed has finally been done (both the tail light upgrade AND the fender chop). Here’s how:

UPGRADING THE GSX650F TAIL LIGHT:

Tools involved:

Metric Hex Keys (Allen keys/wrenches)
#2 Phillips Screwdriver
Precision screwdriver (flat or philips) – or other precision tool
(Optional) [Blade] Cable splices X 2
- Used for integrated turn signals
- Allows for use of stock and integrated signals
Pliers or Crimpers

(1) Step one involves removing the seat by unlocking the ‘trunk’. Once it’s off, remove the actual lock mechanism (2 X Philips screws/bolts) so the rear cowling can be separated from the fender without the lock cable tethering it.

(2) Next, remove the two bolts [on each side] keeping the rear handle attached to the frame. Carefully lift the handle up and set it aside.

(3) Using a small, precision screwdriver (or other instrument) press in the black push buttons on each of the 4 X plastic rivots holding the fender to the rear cowling. After pushing each ‘button,’ carefully pull out each plastic rivot and set in a safe place.

(4) The cowling should be free to remove, though you’ll still need to disconnect the modular electrical connector attached to the brake/tail light when you have access to it.

(5) Set the rear cowling on a soft surface (to avoid scratches) and grab a #2 Philips screwdriver to remove the two screws holding the OEM tail light fixture in place. Once removed, set your OEM tail light aside for storage.

(6) Grab your after-market LED tail light and mount it on the rear cowling using the original screws that held your OEM light in place. Take the cowling back over to the bike and connect the modular plug to your after-market light. If you have no intention of wiring your integrated LED turn signals, your finished! Replace the parts in the reverse order described above.

Only wiring left…

Tue, 10 Feb 2009 22:28:38 +0000

[nggallery id=“1”] After lots of tedious taping for the PCB (Printed Circuit Board) patterns on the fairings + tank, Chad @ WetLixx completed a full re-design of my 2008 GSX650F. It got a great reception from other GSX650F riders (as found here: http://www.gsx650f.biz/custom-paint-job-circuit-tech-look-2008-gsx650f-t1085.html). I’ll grab some more pictures of the bike once I finish hard-wiring my brain to the throttle for more instantaneous response times =)

GSX650F Gets a fresh coat

Wed, 04 Feb 2009 14:53:00 +0000

So what’s been going through the booth at WetLixx Custom Design + Paint? Well, my spanking new 2008 GSX650F just got its first coat of yellow, along with a complimenting metallic finish. The image (left) shows the bike with it’s fairings temporarily mounted for a quick design tape-off. No clear coat has been applied, but you can certainly see the pearl/metallic finish. The conceptual sketches are soon to follow, along with images of the design.

WetLixx Custom Design & Paint

Tue, 27 Jan 2009 16:41:29 +0000

My very talented friend at WetLixx (http://www.wetlixx.com) decided to promote his dynamic art work (on a variety of cars, trucks, motorcycles, golf carts, etc.) by collaborating on a new, custom web showcase for his past and current projects. His primary focus is custom designs and paint jobs on motorcycles (cruiser and sportbike varieties) and golf carts, but he’s established himself as an accomplished artist on all mediums. Be sure to check out his site if you’re in the market for some ‘moving art,’ on your vehicle.

Shuttle PC MyKover Template

Tue, 27 Jan 2009 16:34:16 +0000

After deploying a few Shuttle KPC K45 systems for UTM (Unified Threat Management) appliances using Untangle 5.42 and 6.00 I got tired of fussing with Shuttle’s MyKover JPEG template(s) and opted to create my own to-scale Word Document template. Feel free to change the included background image and text, I just left that on there for reference. And yes, the screw hole markings are correctly (or nearly correctly) placed. I enjoyed the coffee cover included with the barebone system, but opted for something customized that would allow remote clients to phone in service-calls with all the important information (Local/WAN IP, MAC, FQDN, etc.

Zimbra flows on the iPhone

Thu, 21 Aug 2008 18:34:46 +0000

Zimbra (FOSS) provides one hellaciously clean, organized web client on Apple’s iPhone Safari Browser, nearly resembling a native application.

2008 CIEE Orientation – Washington D.C.

Thu, 21 Aug 2008 16:39:38 +0000

Just returned from a great orientation held in D.C. for departing American students on the CBYX (Congress Bundestag Youth Exchange) program. CIEE (Council on International Educational Exchanges) manages the exchange program, along with the great orientation(s) in D.C. A few pictures of the event have been posted at AverageAnalogs.com, a sister site.

Bashing MySQL Dumps

Tue, 29 Jul 2008 14:45:14 +0000

A quick set of batch scripts I wrote up (two of the three scripts, anyway) for dumping all of my (specified) MySQL databases into an archive for backup. The log mailing (emailsql.pl)requires Perl and the MIME:Lite module to correctly function. I’ve also utilized a wrapper script so the log outputs to a separate file [to be mailed]. There’s also a ‘dummy’ log file I use in my crontab file, though this isn’t really necessary:

Perl my way to happiness

Fri, 25 Apr 2008 19:00:49 +0000

If only everything was as easy & straight-forward as account provisioning in Zimbra: [shell]!/usr/bin/perl # ZCS IMPORT SCRIPT # Provided by : ZCS Wiki # Modified by : J.R. # Last Change : 2008.04.09 # Lookup the valid COS (Class of Service) ID in the interface or like this my $cosid = `su – zimbra -c ‘zmprov gc apd |grep zimbraId:’`; $cosid =~ s/zimbraId:\s*|\s*$//g; while (<>) { chomp; # CHANGE ME: To the actual fields you use in your CSV file

Who’s we?

Fri, 25 Apr 2008 16:42:48 +0000

I’m a Red Hatter working as a Solutions Architect, formerly a Senior Cloud Success Architect, with a focus on and passion for OpenShift and Ansible. Previous life? Cloud Advanced Technology Lead & Big Data Engineer for Lockheed Martin Space, IT/IS Data Center Manager for Lockheed Martin IS&GS, and Senior Infrastructure Designer/Administrator for the City of Gainesville & City of Alachua. I enjoy working, silence, FOSS & FOSS-integration, mixing vinyl when time permits, sport bikes, and coffee, lots of well-rounded coffee.

Mon, 01 Jan 0001 00:00:00 +0000