In the last 6 months I’ve been diving into Ansible as a part of my daily work. I have to support RedHat (and CentOS) along with Ubuntu in a variety of versions. Coming from a puppet background I was surprised that there was no package management abstraction in Ansible, but after coming across various roles on GitHub and Ansible Galaxy I quickly realised that it’s not necessary.

Here I will describe a multi-os Ansible pattern. It’s all about including the right set of variables.

In this example I’ll be creating a ‘ntp’ role to simply install and configure ntp.

Read the rest of this entry »

I’ve found many tutorials on how to accomplish this on Debian/Ubuntu systems, but not RHEL.

You have to have at least a minimal installation with the EPEL repository enabled.

Install packages

yum install -y git{,web,-daemon,olite} httpd xinetd

Setup Gitolite
Copy your public ssh-key to /tmp and allow gitolite to read it

cp ~/.ssh/id_rsa.pub /tmp/$LOGNAME.pub && chmod 644 /tmp/$LOGNAME.pub

Change to the gitolite user and run gl-setup

sudo -u gitolite -i
gl-setup /tmp/$LOGNAME.pub

Alter the base permissons of the repos and fix what we already have. In /var/lib/gitolite/.gitolite.rc change:
$GL_WILDREPOS to 1; and
$REPO_UMASK to 0027

chmod g+r /var/lib/gitolite/projects.list
chmod g+rx /var/lib/gitolite/repositories

Change the group of the apache user to allow it access to the gitolite repositories

usermod -a -G gitolite apache

Configure git-daemon to only export repositories with a git-daemon-export-ok file inside (created by added R permissions to daemon)
/etc/xinetd.d/git:

# default: off
# description: The git dæmon allows git repositories to be exported using \
# the git:// protocol.
service git {
disable = no
socket_type = stream
wait = no
user = nobody
group = gitolite
server = /usr/libexec/git-core/git-daemon
server_args = --base-path=/var/lib/gitolite/repositories --syslog --inetd --verbose
log_on_failure += USERID }

Configure /etc/gitweb.conf to point to the right projectroot and project_list (the only 2 lines you actually need are here)

our $projectroot = "/var/lib/gitolite/repositories";
our $projects_list = "/var/lib/gitolite/projects.list";

Make the services persistant (survive a reboot):

chkconfig httpd on
chkconfig xinetd on
service httpd start
service xinetd start

To allow access to gitweb or gitdaemon in the config file, do something like this in your gitolite.conf:

repo    webtest
        R       =   daemon gitweb
        RW+     =   admin

If you need to add these perms to a wildcard repo, you can use the setperm admin command:

echo "READERS=gitweb daemon" | ssh gitolite@host setperms path/to/wildrepo

Check it with:

ssh gitolite@host getperms path/to/wildrepo

Posted: February 7, 2013 in Devops, Featured, How To, How To - Linux
Tags: , , ,

JSON from RRD

Posted: March 30, 2012 in Devops
Tags:

Towards the end of January 2012, Tobi Oetiker released rrdtool 1.4.6. This release contained a community submitted patch to allow export of rrd in json.

Here’s an example (based on a collectd rrd file):

$ /opt/rrdtool-1.4.7/bin/rrdtool xport --json -s $(date -d "10 mins ago" +%s) -e $(date +%s) \
    --step 10 DEF:load_1min_avg=/var/lib/collectd/$(hostname -f)/load/load.rrd:shortterm:AVERAGE \
    XPORT:load_1min_avg
{ about: 'RRDtool xport JSON output',
  meta: {
    start: 1333111500,
    step: 10,
    end: 1333111500,
    legend: [
      ''
          ]
     },
  data: [
    [ 8.7720000000e+00 ],
    [ 9.0620000000e+00 ],
    [ 9.0540000000e+00 ],
    [ 8.9620000000e+00 ],
    [ 8.8840000000e+00 ],
    [ 9.0520000000e+00 ],
    [ 8.9760000000e+00 ],
    [ 8.0920000000e+00 ],
    [ 7.8240000000e+00 ],
    [ 7.8620000000e+00 ],
    [ 8.0440000000e+00 ],
    [ 8.4500000000e+00 ],
    [ 8.5720000000e+00 ],
    [ 8.6540000000e+00 ],
    [ 8.9960000000e+00 ],
    [ 9.2200000000e+00 ],
    [ 9.3700000000e+00 ],
    [ null ],
    [ null  ]
  ]
}

Now all you need to do is get this data into jqplot or flot and you can make beautiful dashboards.

Why is it better to use list comprehension instead of map + lambda?

Read the rest of this entry »

Posted: February 21, 2012 in Devops, Featured, Python
Tags: ,

I’ve started using the string formatting dictionaries and never looked back.

As the ‘%’ operator is deprecated in python 3, I’ve added the future version too.

Python 3.2 (r32:88445, Feb 21 2011, 21:11:06) 
[GCC 4.6.0 20110212 (Red Hat 4.6.0-0.7)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> fdict = {'name': 'AJ'}
>>> print('%(name)s is my friend' % fdict)
AJ is my friend
>>> '{name} is my friend'.format(**fdict)
AJ is my friend

Posted: January 2, 2012 in Devops, Python
Tags:

I recently had the problem that I needed to pass a set of generated keyword arguments to a function in python. I took a lot of digging, but I’ve now started using it a lot.

Lets take a simple function that takes 5 keywork arguments (kwards):

def function_with_five_kwargs(first='1st', second='2nd', third='3rd',
fourth='4th', fifth='5th'):
    return '%s, %s, %s, %s, %s' % (first,       second, third, fourth, fifth)

If you run this without kwargs, your output is:

1st, 2nd, 3rd, 4th, 5th

If you now want to change all those args, use a dictionary:

my_dict = {'first': 'first',
               'second': 'second',
               'third': 'third',
               'fourth': 'fourth',
               'fifth': 'fifth'}

print function_with_five_kwargs(**my_dict)

Now your output will be:

first, second, third, fourth, fifth

Posted: September 14, 2011 in Python

Handy Splunk Searches

Posted: June 29, 2011 in How To

The idea of this post is only to keep track of the Splunk searches that I use frequently that are generic enough to just work on other systems without too much tinkering. For example, your sourcetype might be different.

  • Check for SUDO activity
    sourcetype="syslog" sudo | rex field=_raw "sudo: (?<user>.*):" | search user!="pam_unix(sudo:auth)" | table user COMMAND