dan is currently certified at Master level.

Name: Daniel Barlow
Member since: 2000-02-13 22:03:36
Last Login: 2010-01-20 09:38:57

FOAF RDF Share This

Homepage: http://ww.telent.net/

Notes:

I like Common Lisp

  • CLiki - the groupware hypertext free CL projects link farm
  • cirCLe - one man's LispOS fantasy

The diary here is updated infrequently. See http://ww.telent.net/diary/ for geeky stuff, or www.coruskate.net for skating

Projects

Articles Posted by dan

Recent blog entries by dan

Syndication: RSS 2.0

If you can see this, it worked

For values of “this” which you don’t care about and can’t see, but my hacky homebrew blogging engine now watches a bare git repo using inotify and runs a checkout/refreshes its content when it sees changes. I’m not sure it wouldn’t have been simpler just to make it die and then use a, y’know, shell script or something to run a git pull before restarting the server, but I did it this way because ZERO DOWNTIME.

Anyway. You don’t see and can’t care, or possibly vice versa. But the previous Heath Robinson stuff with git hooks wasn’t working now that the bare git repo is owned by someone other than the uid that runs the http daemon, so a different Heath was called for.

Syndicated 2014-02-13 22:50:59 from diary at Telent Netowrks

Keeping secrets in public with puppet

I recently stumbled across dotgpg , which is in essence some scripts to make it easy to securely keep secret files in a public git repo, which are protected by means of having been encrypted (usually for multiple recipients). It comes with capistrano glue for decrypting them again and sending them to your production servers, but it doesn’t quite fit my masterless use case where everything happens on the same box and there isn’t the same notion of a ‘target system’

But it set me to thinking: what if there was some kind of gpg agent that let you type in your key once and used it for multiple decryptions (turns out there is) and what if you then wrote some custom puppet function, let’s call it decrypt, so you could then say

  file {'/etc/wpa_supplicant.conf':
    content=>decrypt("templates/etc/wpa_supplicant.conf.gpg"),
    owner=>root,
    mode=>0600
  }

and everything would Just Work. Well, turns out I did and you can and (as far as I can tell) it does. The custom function is as simple as creating the file puppet/parser/functions/decrypt.rb inside /etc/puppet (or wherever) containing

module Puppet::Parser::Functions
  newfunction(:decrypt, :type=>:rvalue) do |args|
    filename = args[0]
    `/usr/bin/gpg --use-agent --decrypt #{filename}`
  end
end

and now at the expense of a slightly more convoluted puppet invocation

$ sudo  make -C/etc/puppet/ GNUPGHOME=$HOME/.gnupg GPG_AGENT_INFO=$GPG_AGENT_INFO

I can put my wpa network configuration (and my jabber passwords, and smtp client passwords, and some other stuff I can’t right now remember what it is but am sure exists) alongside my all my other configuration instead of either having to do something silly with git submodules or rebuilding it by hand. Am now furiously trying to memorise my passphrase.

Better error checking would be nice, so that it doesn’t overwrite a perfectly good config file with an empty one if the gpg stars aren’t all aligned, but that is left as an exercise for next time.

Syndicated 2014-02-10 18:26:14 from diary at Telent Netowrks

MuDDLe, a faster simpler maildir downloader

One of the services running on my old Bytemark VM was the Dovecot IMAP server. When I started thinking about configuring it on the replacement box I realised that I don’t actually need IMAP these days, so, er, why bother? So I didn’t. But what I do need is a way of getting the Maildir on that machine onto other machines, and everything I looked at to do this job (other than rsync) was fearsomely complicated because it also catered for a zillion other file formats and/or transports. Or because it wanted to sync in both directions, which I don’t really care about that much.

So, muddle

In essence, what it does is this: connect to the remote host, find list of files in cur/ and new/, compare with similar list on local host, create tar stream of differences, transfer it, unpack each transferred file into tmp/ and atomically rename into cur/ when done.

This adds up to one transfer of file names and a second transfer of all the file contents. Each of these is one-way and distinctly non-chatty, so it should have reasonably good network performance characteristics and you can use ssh compression if your network bête noire is bandwidth itself and not just latency.

It might not be as simple as possible, but at the same time it might also be simpler. For example, and as alluded to above, the download is one-way only, so it won’t e.g. update the server to mark messages as read. If you care about that stuff, this is not for you.

(Why not rsync? It can’t detect that a rename from new/foo to cur/foo:2, is a rename, so treats the latter as a new file. Which is a teensy bit suboptimal)

Syndicated 2014-02-02 23:27:24 from diary at Telent Netowrks

Debian, runit, chruby, bundler

Pretty much ever since I wrote it the software that powers this blog – a Ruby Sinatra app called “My Way” – has been running on a Bytemark VM inside a tmux session, and every time I’ve rebooted the server I’ve not only had to restart it by hand but first to remember how to restart it by hand.

I’m in the process of migrating the said VM to one of Bytemark’s new BigV VMs (New! Shiny! More RAM! Marginally Cheaper!) and taking the opportunity to clean it up a bit first. After reading Steve Kemp’s article on runit I decided to give that a go. This is notes-to-myself on what I’ve found so far

:; cat /etc/sv/my-way/run 
#!/bin/bash 
exec 2>&1
cd /home/my-way/my-way
. /usr/local/share/chruby/chruby.sh
chruby ruby-2.0.0 
export LANG=en_GB.UTF-8
exec chpst -u my-way -v bundle exec ruby -I lib bin/my-way.rb

:; sudo update-service --add /etc/sv/my-way
Service my-way added.

This is the script that starts the blog server, and the installation procedure thereof

Worthy of note:

  1. per convention, the run scripts (and attendant files) live in directories /etc/sv/someservicename, and these directories are are then symlinked into /etc/service by update-service
  2. chruby doesn’t run in sh, so we run this script under bash
  3. it redirects stderr to stdout so the svlog process (see below) can see it
  4. it runs as root up until the chpst invocation, so the ruby that you specify needs to be in /opt/rubies and not in /home/yourusualuser/.rubies. If you ran ruby-install under sudo it will have put it in the right place.
  5. runing bundle install with the --deployment flag when installing the ruby project will have sidestepped a whole class of “can’t find your gems” issues. So do that.

Next up is

:; cat /etc/sv/my-way/log/run 
#!/bin/sh
exec svlogd /var/log/my-way

This is the script that makes sure logs go somewhere. Specifically, they go to the file /var/log/my-way/current, which svlog is able (though as far as I know not yet configured) to rotate according to some defined criteria, and without needing to restart the server. The log files are owned by root, but maybe that’s changeable using chpst again.

:; sudo sv  status my-way
down: my-way: 94s, normally up; run: log: (pid 13620) 48806s
:; sudo sv  start my-way
ok: run: my-way: (pid 28343) 0s
:; sudo sv  status my-way
run: my-way: (pid 28343) 8s; run: log: (pid 13620) 48818s
:; pkill ruby
:; sudo sv  status my-way
run: my-way: (pid 28379) 31s; run: log: (pid 13620) 48949s
:; sudo sv  stop my-way
ok: down: my-way: 0s, normally up

And here’s how I start and stop it and stuff. Note that it magically restarted after I ran pkill ruby.

If you can read this, it works.

Syndicated 2014-01-19 11:18:31 from diary at Telent Netowrks

Using the HP IP Console Viewer app on Linux

Another success criterion in my current story to get the Machine That Does Everything out of the living room is being able to do things like kernel upgrades without having to go to where it is and plug in a keyboard and screen, and to that end I bidded for and – somewhat unexpectedly – won an HP 1×1×8 IP KVM switch on Ebay.

  1. It appears to be actually made by someone called Avocent, though Avocent seem to change their products in non-trivial ways for different badge engineers
  2. Along with the switch itself, you need an “Interface Adaptor” for each connected server. This is a thingy that has an RJ45 at one end and a set of keyboard/video/mouse connectors at the other, and should cost around £7 or £8
  3. Although you can plug in a keyboard and mouse – and it works just like a local KVM if you do – you will need to connect to the serial port to configure the network settings, there seems to be no way of doing it from a connected keyboard.
  4. Although some variants of these things run web servers on ports 80 and 443 which let you download java applets to connect to the servers plugged into them, mine doesn’t. I know not why.
    Starting Nmap 6.00 ( http://nmap.org ) at 2014-01-08 22:48 GMT
    Nmap scan report for kvm.lan (192.168.0.3)
    Host is up (0.011s latency).
    Not shown: 997 closed ports
    PORT     STATE SERVICE
    2068/tcp open  advocentkvm
    3211/tcp open  avsecuremgmt
    8192/tcp open  sophos
    MAC Address: 00:02:99:03:62:5C (Apex)
    
    None of those responds to HTTP or HTTPS requests
  5. So you need to download the software yourself. HP love to rearrange their web site, judging from the number of dead links in the google seearch results, but as of the time I write this you can get it from here and if that link is out of date when you read this you may find the file you need by googling for SP50317.tar
  6. Having downloaded it, you must untar it and run the setup.bin shell script. Do this with LOCALE=C or it doesn’t work
  7. On a 64 bit platform it may complain about missing libraries that you thought you had. This is because it’s 32 bit. Users of the Universal Operating System (a.k.a Debian) can grab the necessary with
    $ sudo apt-get install  libxext6:i386 libxtst6:i386 
    
  8. Once you’re through the setup process, you can start the actual viewer which is called IPViewer. The warning strings: '/lib/libc.so.6': No such file it emits is non-fatal and as far as I can tell entirely ignorable.
  9. Its keystroke handling is a bit screwy: I found that it has some kind of ‘double echo’ problem on the console, so each key I press emits a character once when I press it and again when I release.
    loaclhost login: ddaann
    There is an autohiding menu at the middle of the top of the screen - mouse around near the titlebar to see if you can find it. From this menu I selected Tools →Session Options, and then the ‘General’ tab. This pops up a dialog box in wich there is a checkbox ‘Keyboard Pass-through’. Selecting this option fixed the ddoouubbllee kkeeyyss problem for me. It’s not all peachy yet, though, because neither Right Arrow nor DEL seem to do anything in Pass-through mode, and the latter of those is key (sorry) to entering the system BIOS Setup interface.
  10. The IPViewer.lax file has some interesting-looking settings, including the path to the JVM it wants (I tried with my system OpenJDK 1.7.0_25 and it kind of worked but the keyboard didn’t work at all) and the jvm max memory size. More as I find it.

Syndicated 2014-01-08 22:40:29 from diary at Telent Netowrks

180 older entries...

 

dan certified others as follows:

  • dan certified mjc as Journeyer
  • dan certified mjs as Journeyer
  • dan certified alex as Journeyer
  • dan certified nwv as Journeyer
  • dan certified argent as Master
  • dan certified ariel as Master
  • dan certified Ward as Master
  • dan certified Sunir as Journeyer
  • dan certified wnewman as Master
  • dan certified pvaneynd as Master
  • dan certified Omnifarious as Journeyer
  • dan certified kira as Journeyer
  • dan certified tbmoore as Master
  • dan certified fufie as Journeyer
  • dan certified ingvar as Journeyer
  • dan certified rjain as Journeyer
  • dan certified walters as Journeyer
  • dan certified crhodes as Master
  • dan certified rvdm as Journeyer
  • dan certified slef as Apprentice
  • dan certified hands as Master
  • dan certified mdanish as Journeyer
  • dan certified bmastenbrook as Journeyer
  • dan certified tagishandy as Journeyer

Others have certified dan as follows:

  • dria certified dan as Master
  • uzi certified dan as Journeyer
  • riel certified dan as Journeyer
  • andrei certified dan as Journeyer
  • dhd certified dan as Journeyer
  • pp certified dan as Journeyer
  • gbritton certified dan as Master
  • lmb certified dan as Journeyer
  • skyhook certified dan as Journeyer
  • mjs certified dan as Journeyer
  • zhp certified dan as Journeyer
  • dick certified dan as Journeyer
  • ajkroll certified dan as Journeyer
  • jes certified dan as Journeyer
  • dwmw2 certified dan as Journeyer
  • mkp certified dan as Journeyer
  • cmm certified dan as Master
  • Simon certified dan as Journeyer
  • phaedrus certified dan as Journeyer
  • asmodai certified dan as Journeyer
  • ariel certified dan as Master
  • mbit certified dan as Master
  • grahamw certified dan as Master
  • mwh certified dan as Master
  • nixnut certified dan as Journeyer
  • Omnifarious certified dan as Journeyer
  • fufie certified dan as Journeyer
  • manu certified dan as Journeyer
  • rjain certified dan as Journeyer
  • crhodes certified dan as Master
  • walters certified dan as Journeyer
  • davej certified dan as Journeyer
  • jf certified dan as Master
  • rvdm certified dan as Journeyer
  • slef certified dan as Master
  • ks certified dan as Journeyer
  • fxn certified dan as Journeyer
  • ricardo certified dan as Master
  • varjag certified dan as Journeyer
  • chalst certified dan as Master
  • redowl certified dan as Master
  • jeroen certified dan as Journeyer
  • lukeg certified dan as Journeyer
  • mdanish certified dan as Master
  • Stevey certified dan as Master
  • sral certified dan as Master
  • water certified dan as Master
  • nikodemus certified dan as Master
  • alexm certified dan as Journeyer
  • bmastenbrook certified dan as Master
  • badger certified dan as Journeyer
  • cyrus certified dan as Master
  • technik certified dan as Master
  • pcburns certified dan as Master
  • dangermaus certified dan as Master

[ Certification disabled because you're not logged in. ]

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!

X
Share this page