Posts

I was using BitBucket the other day for a new client, but I wasn’t able to use my standard BitBucket account (business reasons). I attempted to add my standard SSH key (id_rsa) to the new BitBucket account but SSH keys must be unique to the entire BitBucket system. I don’t understand the reason for this uniqueness but there is a way around it using a rarely used SSH technique. First you need to generate a new SSH key. You will name it something different than the default (id_rsa) because it will be used exclusively for the new BitBucket account. ...

In honour of our friends down South celebrating their independence, let’s look at installing a local version of ruby onto a POSIX machine without requiring wrappers like rvm or rbenv. We want to be free to install things where we want, when we want, and how we want. Now that’s true freedom. Install GNU Stow Okay, you are going to need to install stow system wide for this step. This requires administrative permissions. I promise it’s the only thing. ...

A new framework crossed my radar on HackerNews today called Lotus. It is based on Ruby and attempts to adhere to proper OO principles. It looks simple to learn so I thought I’d give it a try. I ran into a few issues with the first example in the docs provided in the Github project, so I’ll post some fixes. This is running version 0.1.0 of the lotusrb gem. # config.ru require 'lotus' module OneFile class Application < Lotus::Application configure do routes do get '/', to: 'home#index' end end end module Controllers::Home include OneFile::Controller action 'Index' do def call(params) end end end module Views::Home class Index include OneFile::View def render 'Hello' end end end end run OneFile::Application.new If you paste that into a file called config.ru, you can then run it with rack: ...

Tracking down Ansible bugs becomes difficult when you are playing with issues between local and remote systems. For the last couple days I was racking my brains why my database import script, written in Ansible, was not importing the data into the database. I had 3 separate imports, and only 1 was working. I looked at everything, but it wasn’t until I walked away, came back, and realized that I had mistyped one character in the path to the dump. ...

Everyday I pray to Lord Turing that I never see another Production database password in version control again. Unfortunately, I doubt my prayers will be answered because it seems to be an epidemic in Tech to store an application’s production configuration file in version control without any thought to security or privacy. So if developers cannot stop themselves from storing passwords in version control, does anyone honestly think a sysadmin will think twice about storing passwords for their Ansible provisioning in version control? ...

When first starting out writing tasks within a role, write the entire task as you normally would. do not include any variables or things that may change. by doing this, you keep to the simplest form of Ansible provisioning possible. In the software development world, this is a two-part form of YAGNI and premature optimization. Consider this first cut of the role a draft, requiring proofreading before committing to version control. --- # roles/ssh/tasks/main.yml - name: configure sshd daemon template: > src=sshd_config.j2 dest=/etc/ssh/sshd_config owner=root group=root mode=644 sudo: yes notify: Restart ssh Then, once you have finished with the role, re-read each task in the role and look for things that stand out as hard-coded strings. For example, paths to configuration files, owners and groups, or even permissions. Think of each of these as a possible candidate for a variable. Using the above example, I can rewrite the task using variables. ...

Something I’ve encountered while searching for answers to Ansible around the Internet is how to deal with configuration values that are character-delimited. For instance, the fail2ban jail file allows you to specify a set of hostname/IPs to whitelist. ... # /etc/fail2ban/jail.conf # "ignoreip" can be an IP address, a CIDR mask or a DNS host #ignoreip = 127.0.0.1/8 ignoreip = 127.0.0.1/8 1.2.3.4/8 bantime = 600 ... I have commented out the default value for ignoreip so that you can see a before-and-after view of the configuration setting. ...

You’re a software developer or an Operations person that is working with a Java application. Here are some questions for you. Do you have a WAR that you need to deploy? Do you know if it comes to you preconfigured or a blank slate? Do you know what happens if you deploy the WAR to an application server and not realize that it is preconfigured? I’ve now seen this many times and I’m here to get up on my soapbox and say something. Java was originally intended to be write once, run anywhere but I have repeatedly seen where the configuration is embedded within the WAR container. This embedding now renders the WAR file useless to run anywhere but the exact machine/platform/environment where the configuration is for. ...

When copying files, using templates, or creating just about anything on a target machine via Ansible, make sure that you are as explicit as possible. Don’t assume that a file will be created with a specific owner unless you specify that owner in the Ansible task. For example, you are providing your own SSH configuration file, overridding whatever is on the system, your task will look like this: --- # roles/ssh/tasks/main.yml - name: configure ssh client configuration template: src=ssh_config.j2 dest=/etc/ssh/ssh_config sudo: yes notify: Restart ssh In this situation, you are running the task with sudo privileges, so you are assuming that this file will be owned by root:root. Looking at an Ubuntu machine confirms that this file, by default, is also owned by root:root: ...

I’m in the process of automating the provision step for a client’s project in Ansible, from a Vagrant environment through to the Production environment. Along the way, and in previous Ansible projects, I’ve accumulated some tips which I’ll enumerate here in a series of articles. They are meant to be short, yet detailed. I intended to write all of the tips in one article, but then the article became too long and nobody is going to take an hour to read it. Better to chop it up into bite-sized pieces. ...