Skip to content

Instantly share code, notes, and snippets.

View mdehling's full-sized avatar

Malte Dehling mdehling

View GitHub Profile
@mdehling
mdehling / migrate-colo07-os-drive.md
Last active March 29, 2026 21:18
Migrate colo-07 OS from 3.5TB NVMe to 894GB NVMe (free drive for ZFS pool)

Migrate colo-07 OS from nvme0n1 (3.5TB) to nvme1n1 (894GB)

Context

agi-colo-07 (10.20.0.66) has its OS installed on nvme0n1, a 3.5TB NVMe drive. All other servers in the cluster use the 894GB NVMe for the OS, leaving all 3.5TB drives available for a 4-drive ZFS RAIDZ1 pool. colo-07 needs the same layout so setup-storage.yaml can create its pool.

The server is accessed via SSH only (no IPMI). If the reboot fails, the old OS

@mdehling
mdehling / ssl-keyusage-report.md
Created March 10, 2026 15:15
Python 3.13+ rejects CA certs missing Key Usage extension (SSL inspection proxy workaround)

Python 3.13+ Rejects CA Certificates Missing the Key Usage Extension

Summary

Python 3.13 enables the VERIFY_X509_STRICT flag by default in ssl.create_default_context(). This enforces RFC 5280, which requires CA certificates to include the Key Usage X.509v3 extension with at least keyCertSign and cRLSign. Any CA certificate that omits this extension is now rejected at the TLS handshake with: