My Os X Essentials
Starting new job today with an empty Mac. Need to install:
FireFox
Chrome
Opera
Skype
DropBox
JumpCut
RescueTime
Dejal’s TimeOut
iTerm2
XCode
MacVim
CyberDuck
TextMate
Spotify
Firefox Plugins:
* it’s all text
* livehttpheaders
* foxyproxy
How to define multiple Vagrant VMs within one VagrantFile
My colleague Luiz Casey and I were discussing how to configure multiple Vagrant configuration within one Vagrantfile, and he tracked down Mr. Vagrant himself, Mitchell Hashimoto, on IRC. Ends up looking like this:
Vagrant::Config.run do |config|
config.vm.define :centos5 do |centos5_config|
centos5_config.vm.box = "opscode-centos-5"
centos5_config.vm.provision :chef_client do |chef|
chef.chef_server_url = "https://api.opscode.com/organizations/aarp"
chef.validation_key_path = "~/.chef/aarp-validator.pem"
chef.validation_client_name = "aarp-validator"
chef.node_name = "opscode-centos32-5-aarp"
chef.provisioning_path = "/etc/chef"
chef.log_level = :info
end
end
config.vm.define :lucid do |lucid_config|
lucid_config.vm.box = "ubuntu10.04-gems"
lucid_config.vm.provision :chef_client do |chef|
chef.chef_server_url = "https://api.opscode.com/organizations/aarp"
chef.validation_key_path = "~/.chef/aarp-validator.pem"
chef.validation_client_name = "aarp-validator"
chef.node_name = 'opscode-lucid32-aarp'
chef.provisioning_path = "/etc/chef"
chef.log_level = :info
end
end
config.vm.customize do |vm|
vm.memory_size = 2048
end
end
To start a single instance:
vagrant up lucid
Current bug if a node is already provisioned it will try to provision the node. It will still start up just take a bit longer.
http://groups.google.com/group/vagrant-up/browse_thread/thread/67f6a58cc7c89b58
--no-provision flag
DC-Sage Meeting Nov 15: Releasing 9/11 Data to Satisfy FOIA: It’s Just a Simple Web Site, Right?
After a long hiatus, your UMI is back with the first of two meeting announcements. Carolyn Rowland and David Pullman will be giving us a preview of their LISA 2011 talk at 6:30 on Tuesday, Nov 15, at the AARP National Office.
Releasing 9/11 Data to Satisfy FOIA: It’s Just a Simple Web Site, Right?
David Pullman and Carolyn Rowland, NIST
The National Institute of Standards and Technology (NIST) collected photos, videos, and other data from many sources to aid in an investigation of the collapse of the World Trade Center. Just prior to the tenth anniversary of 9/11, NIST released this data on a public Web server to meet FOIA requirements. A team of sysadmins took a winding path to hosting the data, using a combination of open source tools and the cloud. Technical and non-technical challenges threatened this project along the way.
Practical details
The RSVP link is: https://docs.google.com/
Metro: Easy – Gallery Place Metro is one block away.
Certifiable
It’s certification summer for me, thank you very much.
RHCSA and RHCE in the bag.
I have a blog post in the works on using AWS EC2 RHEL instances for test preparation.
Accolades
This came out today in the company newsletter. Here’s the original webpage: InScope InTouch
Peter Burkholder’s hard work is being noticed by AARP. Recently, the Senior Internet Operations Manager wrote to InScope to brag about Peter. He writes,
“I’m writing to give accolades to Peter Burkholder. Peter has continuously taken on more responsibility at AARP, and continues to deliver tremendous value because of his deep technical knowledge, and vast skill set. Recently Peter was involved with a project where the organization was going to potentially spend a good sum of money to acquire software, but Peter analyzed the need and came up with alternatives options that would deliver 90% of the business value at about 10% of the cost. To me, this was a real benefit to AARP.
I look forward to continuing to have Peter as a member of my team here at AARP.”
Thank you Peter, for your hard work at AARP. Not only do you deliver tremendous value to the customer, but to us as well. Well done!
Programmatically setting MySQL user roles with Perl
MySQL 5.0 does not support user roles. Try Googling ‘mysql roles’ and you’ll see what I mean. The permissions available to a user are configured by GRANT statements that apply only to single ‘user’@'host’ combination. There are third party tools too support an overly of roles to MySQL such as Darren Cassar’s Open-source Securich and Google’s MySQL patches. I didn’t actually come across these tools until after I wrote the scripts documented here, but I frankly prefef what I’ve come up with
- No patches to MySQL are required
- Everthing is entirely outside of MySQL
- The definition files are very easy for humans to read
- The definition files can be version-controlled, providing a clear audit trail (provided you only manage perms via this process)
- It’s appropriate in scope for the handful of roles and dozens of users we need to support
Grants are applied to MySQL servers via a script provision_mysql.pl (). and two configuration files.
The two configuration files are roles.yml, and a server-specific users.cfg file. The roles.yml is YAML-formatted file that defines the grants that apply to specific role. The grants are standard MySQL GRANT commands with ‘%s@%s’ being the placeholder for ‘user’@'host’ to be defined later. E.g.:
--- default: - GRANT USAGE ON *.* TO %s@%s WITH MAX_QUERIES_PER_HOUR 100; community: - GRANT SELECT, EXECUTE ON `aarp_main`.* to %s@%s - GRANT SELECT ON `mysql`.`proc` to %s@%s 24x7: - GRANT SELECT on *.* to %s@%s # Root gets no queries per hour limit root: - GRANT ALL PRIVILEGES ON *.* TO %s@%s WITH GRANT OPTION WITH MAX_QUERIES_PER_HOUR 0;
The users.cfg file specifes the user, host, and roles that are required. In the example below, user1 has ‘root’ grants on localhost, but ’24×7′ grants when connecting from a remote host. user2 has only ‘community’ when connecting remotely or on localhost, and no other grants.
user1 : localhost : root user1 : % : 24x7 user2 : % localhost : community
These grants are applied by running ./provision_mysql users.cfg with the following prerequisites:
- The roles.yml file must be in the same directory
- The $HOME/.my.cnf must define ‘root’ level access to the mysql server
- The RPMs/CPAN modules for perl-DBD-MySQL, perl-YAML, and perl-Term-ReadKey
The script then takes the following actions:
- Creates ‘user’@'host’ if that user does not yet exist
- If a password is found for another ‘user’@ anyhost, that password is reused
- Otherwise, you are prompted to enter a new password
- Revokes all privileges for the user
- Applies the list of grants defined for the user’s roles
Shortly after I first set this up, Matt emailed me that he could not list the stored procedures in mysql.proc. Oops, I had set the wrong grants for the ’24×7′ role. I updated the ‘roles.yml’ file, ran./provision_mysql.pl w-x_users.cfg and all the users in the role had their grants corrected.
There are a few features that would be nice to have:
- Support for dropping all users (except root) for which ‘user’@'host’ are not defined
- Generating a ‘.my.cnf’ file for new users with their password
But that’s a job for another day. When I make an update I’ll post a git project for this.
Perl ‘getent hosts’ equivalent for MacOSX
We have a number of Mac users, and from time to time, they’ll play with /etc/hosts for some website testing, then forget that they had made such a change. Weeks later they’ll wonder why www.work.org is showing the contents, of, say qa.work.org.
For Linux users I’m used to asking for the output of ‘getent hosts www.work.org’. For Mac users, I’ll now ask for
perl -mSocket -e 'print Socket::inet_ntoa(scalar gethostbyname("www.aarp.org")), "\n"'
It works, but doesn't lend itself to troubleshooting over the phone.
Graphing Access Log Status with PNP4Nagios, part three
The final piece of graphing the httpd access logs is the template to process the data series in an visually sensible manner. PNP4Nagios will fallback to a default template unless there’s a template matching the name of the Nagios check. The attached file, check_access_log.php needs to be saved to the pnp /etc/templates directory, and you are set.
If not, post a comment I’ll make the corrections.
Happy New Year,
Peter
http://blog.pburkholder.com/wp-content/uploads/2011/01/check_access_log.php_.txt
Succumbing to WordPress
I started this blog four years ago when I was also first learning Ruby on Rails. I had the idea that I would learn something by using a Rails blogging platform, but mostly I learned that running small blogging platforms is not the sort of fish I want to fry.
After updating Typo a year ago, I finally got so fed up that I tried the wp_export.rb script at http://www.slashdotdash.net/2009/01/02/migrating-this-blog-from-typo-to-wordpress/, and, voila, I have a new platform.
It seems to have confused tags with categories, however, and I still need to fix the redirects from the old site, but the responsiveness of WP is enough to help get blogging again (instead of getting frustrated). I’m not a big fan of PHP, but if it gets the job done, then I’ll use it.
Bikes, bikes, bikes
I’m buying a bike.
Which is not a big deal in the scheme of things for most people, but for me is a Big Decision. For the past 30 years I’d primarily been a bike commuter, but last December 28 I was the victim of vehicular assault that left my 1988 Davidson Impulse ruined. For the first few months I made do with my Gary Fisher mountain bike, but it’s just too heavy for my 9 mile commute and lately I’ve just been Metroing in and out of town. Finally, thanks to DC’s pathetic criminal justice system, no compensation is going to be forthcoming, so I have to make do with a bike purchase in the $1000 range.
My Impulse was Fun To Ride. Light, responsive, sprightly. The steel absorbed some road shock, and the whole kit weighed in at ~20.5 lbs. But it wasn’t really meant for commuting; better brakes and some room for fenders and winter tires would have been a good thing. So I’m looking at cyclocross bikes for my day-to-day use.
Which brings me to my short list for a bike, based on what’s up for sale at my local bike shops and Craigslist.
- 2011 Masi Speciale CX, ~$1200 new
- 2010 Redline Conquest, $999 new (clearance)
- 2010 Jami Bossa Nova, ~1050 new (clearance)
- 2010 Specialized Tricross Sport, ~1000 Craigslist
- 2006 Kona Jake, $600 Craigslist
- 2010 Motobecane Fantom, $500 Craiglist
Some impressions:
Redline Conquest: This was fun to ride but the combination of aluminum frame and aluminum forks felt jittery. The owner at LBS was a bit surly when I asked about warranties and the 2010 recall of some Redline forks. He went on about how B-grade bike manufacturer’s have poor customer support, and the warranty issues one can have with dissembling a bike to send a cracked frame in, only to have the company say “Not our problem” and sending it back. But I’ve not seen any chatter on biking forums about Redline offering poor support. I do like the steeper 73 degree head tube angle, the 105 rear/Tiagra front derailleurs, the 2-ring crankset, and lightweight. I don’t like the jittery feel (upgrade to carbon front-fork?), or 20-hole wheels (flimsy?). I’d also a purchase time swap in a smaller inner chainring to bring the gearing down a bit.
Masi Speciale CX: Not as fun on a first ride as the Conquest. Lighter tires would help there, but it does have a slacker head tube (72 degrees), so it’s not going to feel as responsive. At 24.5 lbs, it’s pretty light for steel, but still over 3 lbs heavier than my Impulse (RIP) or the Conquest. I like the idea that steel will last and last, and that it absorbs some of the road.
Jamis Bossa Nova: I haven’t ridden this yet, but it’s been well-reviewed. The steel frame/carbon fork and 72 degree head tube seem like a good combo. But I don’t need the weight of a triple chainring, or the drag of the 48mm rake (as opposed to the 45mm rake on the Masi and Redline). The Jamis site says it weighs in at 28.5 lbs, but if that includes the pedals, fenders and disc brakes, then maybe the core isn’t really that heavy.
Kona Jake: Came through CL. Very slack geometry. Comes kitted with fenders, rack. But not sexy. Would only get to save $$ and resale a few months down the road when I want to buy my long-term bike.
Specialized Tricross Sport: CL. Owner bought for $1500, thinks he can sell for $1200. I wouldn’t buy for anything over $1000. Supposedly weighs in at 25lbs, which seems heavy for aluminum frame/carbon fork. Other dislikes: triple chainring, 47mm rake, 72deg head tube.
Motobecane Fantom CX: CL. Owner wants $500 for what he claims is a $1600 bike. Sells new on BikeDirect for 565. I don’t know whats up with these bikes; gives me a bad feel.
Bianchi Axis/Volpe: New and/or CL. These seem heavy and more geared to slogging about.
Conclusion:
Even before I read Malcolm Gladwell’s ‘Blink’ I’d come to the realization that my gut feelings were something worth attending to. I’m not a bike gearhead. I like to buy a bike and ride it hard. What it comes down to is that I’m lusting for the Redline. I think I just need to ride the Bossa Nova to make sure I’ve done due diligence, then go for the Redline. Once I get in the carbon forks I should be set for a few years.
Update:
Didn’t get the Redline (yet). Went to try the Bossa Nova and ended up on a Kona Honky Inc. instead. Kona saw that a lot of hard-core commuters were trending to cyclocross bikes, so designed a steel frame job that’s still light (23lbs) but has disc brakes, 105 components and mounts for racks and fenders. I’m now leaning that way, but the price is steeper than I anticipated. More to come…
Conclusion:
Bought the 2010 Kona Honky Inc, discounted as clearance from Evans in the U.K. Despite the shipping I still saved hundreds over waiting for the 2011 model to come into a local bike shop. I LOOOVE IT! I love it. I l.o.v.e it. Only issue is that UK bikes are built with the right brake handle operating the front brake, which is non-standard in the USA. I’ll probably switch that and re-wrap the handle bars.
Anyhow, the bike is light for a commuter, about 23 lbs, and the steel frame absorbs road shock much better than aluminum. I can fit it with racks and fenders when I choose to do so. Out-of-the box, it’s fast and responsive, but easy to ride on the 10mi commute to work. It’s so fun to ride that I keep getting to work exhausted ’cause I want to push myself to ride fast it’s so damn fun.
Happy.