With the recent release of Let’s Encrypt’s ACMEv2 protocol implementation, they’ve gained the ability to not only supply SSL certificates for single domains, but also all subdomains. I’ve been interested in switching from our previous CA to Let’s Encrypt when their wildcard support dropped, because it makes renewal of certificates significantly easier due to automation capabilities of the platform. This blog post describes how to generate a wildcard certificate using Certbot....

I encountered an issue booting Ubuntu Server 16.04 when installing it on a SuperMicro server that had been configured with Software RAID 1. The operating system install script would detect that a RAID environment was active and it would install correctly, but when booting into the newly installed system I would be presented with a blank screen and a blinking cursor. Grub wasn’t even loading. To solve this issue I booted into a live CD of Ubuntu 16....

The Issue My first foray into Ceph was at the end of last year. We had a small 72TB cluster that was split across 2 OSD nodes. I was tasked to upgrade the Ceph release running on the cluster from Jewel to Luminous, so that we could try out the new Bluestore storage backend, and add two more OSD nodes to the cluster which brought us up to a humble 183TB....

While upgrading the packages for the Ceph cluster at SANBI, I encountered an issue where the Ceph MDS daemon was causing the CephFS filesystem to become unresponsive and stuck in the active(laggy) state. I decided to strip down the CephFS deployment and reinstall it, since the existing one was for testing (set up before my time) and I wanted to do the process of setting it up from scratch. It was surprisingly difficult to find a simple process for removing an MDS, but after I did some digging I ended up using the following:...

At SANBI we’ve been using an old combination of OpenLDAP + Kerberos and nsswitch to provide LDAP with NFS directories for user accounts for our virtual machines and HPC cluster. This was originally put in place to make authentication into machines easier and to allow users to access and use the cluster without manual setup of directories and user accounts. Over time this set-up has grown to be messy and more effort to maintain than worth while....