Recently I discovered that many of the services I deployed upon my nomad cluster didn't had the SSL A grading I expected them to have. Somehow I asumed the traefik letsencrypt implementation got the A rating by default.

After running the testssl.sh container it turns out they don't;

$ docker run --rm -ti drwetter/testssl.sh domain.org
 Rating specs (not complete)  SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)
 Specification documentation  https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide
 Protocol Support (weighted)  95 (28)
 Key Exchange     (weighted)  100 (30)
 Cipher Strength  (weighted)  90 (36)
 Final Score …

looking for a global repository store which could store maven projects, yum repositories, docker repositories, we bumped into Nexus repository manager. We used the official docker image to see how it can be implemented in the dockerized CI environment.

docker repository

as a first the docker repository feature could be enabled so we can start building and storing docker images for the different jenkins build slaves and the jenkins master so our work is reproducible and stored in a safe central place.

We configured 3 repositories in nexus for our docker images seen as a recommended approach in the nexus …

I started the day with ssl issues using puppet. Last week I cleaned 2 hosts in our tree using the puppet command

# puppet node clean [hostname]

on the puppetmaster. I did this to clean out the stored configs for those nodes.

But I didn't realized this also cleaned out the ssl certificates for those clients. So I started the new week with this uncomfortable issue:

[root@agent ~]# puppet agent --test err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: sslv3 alert certificate revoked warning: Not using cache on failed …