Recently, for reasons, I had to generate a self-signed certificate with subject alternative names. As an additional wrinkle, I was trying to do it as part of the userdata script for a machine instance in EC2 running Amazon Linux. This turned out to be more difficult than expected.
After piecing together various blog posts this is what I ended up with.
LOCAL_HOSTNAME=$(GET http://169.254.169.254/latest/meta-data/local-hostname) LOCAL_IPV4=$(GET http://169.254.169.254/latest/meta-data/local-ipv4) openssl req \ -newkey rsa:2048 \ -nodes \ -sha256 \ -x509 \ -days 3650 \ -config <(cat <<EOF [req] distinguished_name = req_distinguished_name x509_extensions = v3_req prompt = no [req_distinguished_name] C = US ST = California L = Los Angeles O = Example.
I’ve spent a lot of time with Amazon’s EC2 Container Service lately. While the service works well for the basic use case of deploying Docker containers in a cluster, there’s quite a few missing features that would make life easier if Amazon implemented.
The lack of IAM instance profiles for containers is probably the biggest issue for us. Without them, we have to go back to embedding access keys inside the application which introduces the whole mess of securely handling secrets.
I was lucky enough to be able to attend DockerCon 2015 in San Francisco this year. With over 2100 attendees it’s one of the biggest tech conferences I’ve been to and the first one outside of Australia. I learned a lot while I was there so I wanted to share my notes from the conference.
NOTE: As of 2015-05-26 This is still somewhat of a draft and may be updated
For various reasons I’ve had to reinstall from scratch all the software on my work MacBook a lot lately. These are some notes on how I get back to usable state from a clean OS X install. I can’t imagine this is super useful to other people, so consider this skippable content.
Set up Homebrew Homebrew is a package manager that makes it significantly easier to get software installed on OS X in a simple way.
One of the things I’ve been experimenting with is Terraform from Hashicorp. It provides a simple configuration language for describing infrastructure that fills in the gap left by configuration tools like Puppet, Salt, and Ansible. Those tools can only describe what happens after a machine is created, not how to create that machine.
I thought I’d try and create the beginnings of a typical production test environment with split public and private networks.
