Java keystore with existing keys

I’m tired of looking this up, so I’m posting it here:

lifted from:

# Create PKCS12 keystore from private key and public certificate.
openssl pkcs12 -export -name myservercert -in selfsigned.crt -inkey server.key -out keystore.p12

# Convert PKCS12 keystore into a JKS keystore
keytool -importkeystore -destkeystore mykeystore.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias myservercert

keytool -list -v -keystore mykeystore.jks

Note on PostgreSQL backups

So, Postgres has a neat feature to backup in parallel by dumping the tables in multiples at a time. This isn’t difficult to find online, in fact here you go:

pg_dump -j num -Fd  out.dir -f dbname

What is IMPOSSIBLE to find is this stupid -j switch for restores. You need it when restore the DB back. Notice that the -j is at the front of the dump. That won’t do when you restore it, you need to put it right before the file you’re restoring from. See below:

pg_restore -h localhost -d dbname -j fileRestoringFrom.tar

Sorry, correction needed. Turns out this won’t do the trick. Here’s what really needs to done:

pg_restore -h localhost -Fd dbname | psql

dbname is what you used on the -f switch above to save the dumpdir for the export. So if at the end of the pg_dump you have dir called mydatabase and it contains the table dumps and the toc.dat file, this is what you’d reference in the “dbname” above. Keep in mind, if you tar this file up to move it, you’ll need to untar it to do the restore.

Best of luck!




a note about tags, aws, and ansible

I had a difficult time finding this information anywhere. I’m sure it exist, but here’s what’s going on.

Assuming you have ansible-playbook -i someplaybook.yml working, (test it with ./ –list) then you may want to address some of your instances by tags.

Here’s the skinny, let’s say create an instance and give it a key pair tag name / webserver-us-east-1a, ansible is looking for “tag_Name_webserver-us-east-1a” not just “webserver-us-east-1a” in the hosts section of your playbook. Here’s an example below:


# webserver deploy

– hosts: “tag_Name_webserver-us-east-1a”
sudo: True
remote_user: ubuntu
gather_facts: True
– nginx
– common

Getting rolling with Ansible on OSX 10.9.5

If you’re trying to leverage Ansible on OSX to control AWS instances with the API extension (and who isn’t these days 😛 ) and you get something like this back:

ansible-playbook -i inventory/ playbook.yml
Traceback (most recent call last):
File “/usr/local/bin/ansible-playbook”, line 28, in
import ansible.playbook
File “/Library/Python/2.7/site-packages/ansible/playbook/”, line 20, in
import ansible.runner
File “/Library/Python/2.7/site-packages/ansible/runner/”, line 32, in
import jinja2
File “/Library/Python/2.7/site-packages/jinja2/”, line 33, in
from jinja2.environment import Environment, Template
File “/Library/Python/2.7/site-packages/jinja2/”, line 13, in
from jinja2 import nodes
File “/Library/Python/2.7/site-packages/jinja2/”, line 18, in
from jinja2.utils import Markup
File “/Library/Python/2.7/site-packages/jinja2/”, line 520, in
from markupsafe import Markup, escape, soft_unicode
ImportError: No module named markupsafe

‘And boom goes the dynamite’

A few things:

Install Xcode from the App Store. This is key, run Xcode. Running if for the first time finished the install process.

Second, install from pip like this: sudo CFLAGS=-Qunused-arguments CPPFLAGS=-Qunused-arguments pip install ansible

Even if you’ve installed it with other method, such as homebrew, run the above command.

Get the and ec2.ini files from here: (note, you can get docker, vmware, nova, etc here too)

I didn’t have issues with ansible and my DigitalOcean vms running on CentOS 6.5, controlling a bunch of CentOS 6.5 machines. And, didn’t have issues with ansible on my Mac Pro (10.9.3) controlling my CentOS DigitalOcean VMs, but when I tried to use the API, things got ugly.

Honorable mention, do these things too because their needed or will save you headache.

put this in your ~/.bash_profile or ~/.bashrc

export AWS_ACCESS_KEY=your-aws-access-key-id
export AWS_SECRET_KEY=your-aws-secret-key

put this in your ~/.boto file (you need to make this file)
export AWS_ACCESS_KEY=your-aws-access-key-id
export AWS_SECRET_KEY=your-aws-secret-key

sudo pip install boto
sudo pip install pycrypto (this will blowup if you haven’t run Xcode at least once. If you plan to use the vault feature with Ansible, then you’ll need to upgrade the pycrpto 10.9.5 ships with)

I personally have lost a lot of time on digging around looking for Ansible OSX related answers. Hopefully this helps someone.

sshuttle a faster way to stunnel

So this post is dedicated to VMware. Vmware, thank you for being so expensive that I’ve decided (against my morals and previous rants) to install Ubuntu MaaS on my lap stack because I refuse to pay your inflated cost for licensing. Have a nice day!


SO, in actuality, this post should be dedicated to Ubuntu, which makes me cringe and shiver because of this, and this and that. While researching MaaS and JuJu, both cloud tools offered from Canonical, ‘the company behind Ubuntu’ (every time I see that slogan I recall ‘my the odds ever be in your favor’ ugh). I’ll give Canonical this, those tools sets are pretty rad. But, this adventure to replace ESXi has lead me here. Sstunnel. Here’s the skinny: data over TCP instead of TCP over TCP. For you non Network wizkids (I’m no wizkid but know enough to be dangerous , TCP is a packet streaming service for lack of better explanation. Basically it incurs a lot of loss, and isn’t well suited for some task (ie mobile data connections) but all the other particulars about it are really awesome (stateful, resends, etc). Sshuttle resolves this by building the tcp stream on the sending side, and just shipping the data over, and having the receiving side unpack the data into a TCP stream.

The doc in github does a better job explaining this. But, this may be a solution to not being able to have edge to edge routing in AWS for me with VPN tunnels instead.


More to come…

Just incase the Canonical sharks are lurking:

Disclaimer: In case you are either 1) a complete idiot; or 2) a lawyer; or 3) both, please be aware that this site is not affiliated with or approved by Canonical Limited. This site criticizes Canonical for sucking, ruining FOSS, and teaming with companies that want to see FOSS die. So, obviously, the site is not approved by Canonical. And our use of the trademarked term Ubuntu is plainly descriptive — it helps the public find this site and understand its message. VMware lawyers, just replace VMware for Canonical. And thanks for not being as evil overtly evil  as Canonical.