Archive
Backing up Der Flounder Revisited Once Again
Eleven years ago, I wrote a post on how I back up this blog. Overall, the reasons I’m backing up haven’t changed:
- I like this blog and don’t want to see it or its data disappear because of data loss
- WordPress.com’s free hosting doesn’t provide me with an automated backup method.
Two years ago, I wrote another post on how I needed to switch from hosting on a Mac to now hosting on a Raspberry Pi. The overall methodology hadn’t changed, I was creating a nightly mirror using HTTrack. This worked fine until the latest move to a new host in February 2023, where HTTrack was failing for me because the Raspberry Pi was running headless without a connected display and HTTrack was having problems with trying to launch a headless browser. After an hour of futzing with it, I moved to using wget. The wget tool has a number of handy options for mirroring websites, including the following:
- –mirror: Makes the download recursive, with recursive browsing and infinite recursion depth.
- –convert-links: Convert all the links to relative, so it will be suitable for offline viewing.
- –adjust-extension: Adds suitable filename extensions to filenames, (html, css, etc.) depending on their content-type.
Based on my research, using wget would be a decent replacement for what I had been doing with HTTrack and wouldn’t have the problems I was seeing with HTTrack not being able to launch a headless browser session. For those wanting to know more, please see below the jump.
2021 Holiday Vacation Project
Like a lot of folks, I took some time off around the holidays. Before then, I decided I wanted to accomplish a couple of things while I was off.
- Goal 1: Set up a personal status board for my office, where at a glance I could find useful information.
- Goal 2: Figure out how to be able to play the Star Wars arcade game whenever I wanted to.
I’m happy to say that I was able to accomplish my goal by December 31st, 2021. For more details, please see below the jump.
Setting up an ad-hoc TCP listener for connection testing using Python’s web service
I recently needed to set up a connection test so that an outside vendor could verify that firewall rules had been set up correctly on both ends and that a connection which originated at a specific IP address on the vendor’s end was able to resolve a DNS address on our end and make a connection.
I remembered that Python has a simple way to set up a web server, so I decided to use this to create a script which creates a connection listener by setting up a web server on the desired port. For more details, please see below the jump.
Jamf Pro deprecating the ability to issue a Tomcat certificate from the Jamf Pro built-in certificate authority
As part of the release of Jamf Pro 10.30, the following entry was added to the Deprecations section of the Jamf Pro Release Notes:
Functionality to issue the Tomcat SSL/TLS certificate from Jamf Pro’s built-in certificate authority — Jamf Pro’s functionality to issue the Tomcat SSL/TLS certificate from the JSS built-in certificate authority (CA) will be discontinued in a future release of Jamf Pro. The release version for this change has not been determined.
Before this change occurs, it is recommended that all on-premise Jamf Pro instances leveraging this functionality switch to a publicly trusted third-party CA to issue the Tomcat SSL/TLS certificate. This will prevent the potential loss of MDM communication from Jamf Pro to enrolled devices.
If needed, a Tomcat SSL/TLS server certificate for Jamf Pro may be issued from an internal certificate authority. The JSS built-in CA will maintain its current ability to manually issue server certificates to other servers.
For shops which use Jamf Pro’s built-in certificate authority to create the SSL certificate used by the Tomcat web application, this means that at some point in the near(ish) future, you will need to plan to use a certificate for your Jamf Pro server which is no longer being issued by your Jamf Pro server’s built-in certificate authority.
For more details, please see below the jump.
Connecting to AWS EC2 instances via Session Manager
When folks have needed command line access to instances running in Amazon Web Service’s EC2 service, SSH has been the usual method used. However, in addition to using SSH to connect to EC2 instances in AWS, it is also possible to connect remotely via Session Manager, one of the services provided by AWS’s Systems Manager tool.
Session Manager uses the Systems Manager agent to provide secure remote access to the Mac’s command line interface without needing to change security groups and allow SSH access to the instance. In fact, Session Manager allows remote access to EC2 instances which have security groups configured to allow no inbound access at all. For more details, please see below the jump.
Backing up Der Flounder Revisited
Nine years ago, I wrote a post on how I backup this blog. Overall, the reasons I’m backing up haven’t changed:
- I like this blog and don’t want to see it or its data disappear because of data loss.
- WordPress.com’s free hosting doesn’t provide me with an automated backup method.
To create the backups, I make a nightly mirror using HTTrack. As time has passed and host machines were replaced, I’ve moved the backup host a few times. For the last move, I decided for budgetary reasons to move off of using Macs and onto a Raspberry Pi. For those wanting to know more, please see below the jump.
Backing up a Jamf Pro database hosted in Amazon Web Services’ RDS service to an S3 bucket
For those using Amazon Web Services to host Jamf Pro, one of the issues you may run into is how to get backups of your Jamf Pro database which you can access. AWS’s RDS service makes backups of your database to S3, but you don’t get direct access to the S3 bucket where they’re stored.
In the event that you want a backup that you can access of your RDS-hosted MySQL database, Amazon provides the option for exporting a database snapshot to an S3 bucket in your AWS account. This process will export your data in Apache Parquet format instead of a MySQL database export file.
However, it’s also possible to create and use an EC2 instance to perform the following tasks:
- Connect to your RDS-hosted MySQL database.
- Create a backup of your MySQL database using the mysqldump tool.
- Store the backup in an S3 bucket of your choosing.
For more details, please see below the jump.
Monitoring Jamf Infrastructure Managers on Red Hat Enterprise Linux
A vital component of a Jamf Pro server setup is usually its LDAP connection to a directory service (usually an Active Directory server.) This connection allows the Jamf Pro server to not only leverage the directory service’s users and groups, but also automatically populate information about the owner of the device by doing a lookup in LDAP as part of a computer‘s or mobile device’s inventory update and assist with providing user-specific policies in Self Service.
As more folks move from using self-hosted Jamf Pro servers to now having Jamf host them in Jamf Cloud, this LDAP connection usually requires an LDAP proxy in order to securely connect a Jamf Cloud-hosted Jamf Pro instance to a company’s internally-hosted directory service. Jamf provides an LDAP proxy for this purpose in the form of the Jamf Infrastructure Manager (JIM).
Because the LDAP connection is so vital, it’s just as vital that the JIM stay up and working all the time. To assist with this, I’ve written some scripts to assist with monitoring and reporting for a JIM running on Red Hat Enterprise Linux. For more details, please see below the jump.
Slides from the “Providing the best Mac experience possible, from the Apple CoE team with ♥” session at Jamf Nation User Conference 2018
For those who wanted a copy of my Mac management talk at at Jamf Nation User Conference 2018, here are links to the slides in PDF and Keynote format.
PDF – http://tinyurl.com/JNUC2018SAPPDF
Keynote – http://tinyurl.com/JNUC2018SAPKeynote
Automating Jamf Infrastructure Manager setups on Red Hat Enterprise Linux
As part of a project, I needed to build an automated setup process for a Jamf Infrastructure Manager (JIM). Thanks to the help of some folks at Jamf, I have a process which runs non-interactively and which does the following on Red Hat Enterprise Linux 7.x:
- Installs the JIM software
- Enrolls the JIM with a Jamf Pro server
For more details, please see below the jump.
Der Flounder 
Recent Comments