Archive for the ‘Devops’ Category

I’ve found many tutorials on how to accomplish this on Debian/Ubuntu systems, but not RHEL.

You have to have at least a minimal installation with the EPEL repository enabled.

Install packages

yum install -y git{,web,-daemon,olite} httpd xinetd

Setup Gitolite
Copy your public ssh-key to /tmp and allow gitolite to read it

cp ~/.ssh/ /tmp/$ && chmod 644 /tmp/$

Change to the gitolite user and run gl-setup

sudo -u gitolite -i
gl-setup /tmp/$

Alter the base permissons of the repos and fix what we already have. In /var/lib/gitolite/.gitolite.rc change:
$GL_WILDREPOS to 1; and
$REPO_UMASK to 0027

chmod g+r /var/lib/gitolite/projects.list
chmod g+rx /var/lib/gitolite/repositories

Change the group of the apache user to allow it access to the gitolite repositories

usermod -a -G gitolite apache

Configure git-daemon to only export repositories with a git-daemon-export-ok file inside (created by added R permissions to daemon)

# default: off
# description: The git dæmon allows git repositories to be exported using \
# the git:// protocol.
service git {
disable = no
socket_type = stream
wait = no
user = nobody
group = gitolite
server = /usr/libexec/git-core/git-daemon
server_args = --base-path=/var/lib/gitolite/repositories --syslog --inetd --verbose
log_on_failure += USERID }

Configure /etc/gitweb.conf to point to the right projectroot and project_list (the only 2 lines you actually need are here)

our $projectroot = "/var/lib/gitolite/repositories";
our $projects_list = "/var/lib/gitolite/projects.list";

Make the services persistant (survive a reboot):

chkconfig httpd on
chkconfig xinetd on
service httpd start
service xinetd start

To allow access to gitweb or gitdaemon in the config file, do something like this in your gitolite.conf:

repo    webtest
        R       =   daemon gitweb
        RW+     =   admin

If you need to add these perms to a wildcard repo, you can use the setperm admin command:

echo "READERS gitweb daemon" | ssh gitolite@host setperms path/to/wildrepo

Check it with:

ssh gitolite@host getperms path/to/wildrepo


Posted: March 30, 2012 in Devops

Towards the end of January 2012, Tobi Oetiker released rrdtool 1.4.6. This release contained a community submitted patch to allow export of rrd in json.

Here’s an example (based on a collectd rrd file):

$ /opt/rrdtool-1.4.7/bin/rrdtool xport --json -s $(date -d "10 mins ago" +%s) -e $(date +%s) \
    --step 10 DEF:load_1min_avg=/var/lib/collectd/$(hostname -f)/load/load.rrd:shortterm:AVERAGE \
{ about: 'RRDtool xport JSON output',
  meta: {
    start: 1333111500,
    step: 10,
    end: 1333111500,
    legend: [
  data: [
    [ 8.7720000000e+00 ],
    [ 9.0620000000e+00 ],
    [ 9.0540000000e+00 ],
    [ 8.9620000000e+00 ],
    [ 8.8840000000e+00 ],
    [ 9.0520000000e+00 ],
    [ 8.9760000000e+00 ],
    [ 8.0920000000e+00 ],
    [ 7.8240000000e+00 ],
    [ 7.8620000000e+00 ],
    [ 8.0440000000e+00 ],
    [ 8.4500000000e+00 ],
    [ 8.5720000000e+00 ],
    [ 8.6540000000e+00 ],
    [ 8.9960000000e+00 ],
    [ 9.2200000000e+00 ],
    [ 9.3700000000e+00 ],
    [ null ],
    [ null  ]

Now all you need to do is get this data into jqplot or flot and you can make beautiful dashboards.

List Comprehension

Posted: February 21, 2012 in Devops, Featured, Python
Tags: ,

Why is it better to use list comprehension instead of map + lambda?


I’ve started using the string formatting dictionaries and never looked back.

As the ‘%’ operator is deprecated in python 3, I’ve added the future version too.

Python 3.2 (r32:88445, Feb 21 2011, 21:11:06) 
[GCC 4.6.0 20110212 (Red Hat 4.6.0-0.7)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> fdict = {'name': 'AJ'}
>>> print('%(name)s is my friend' % fdict)
AJ is my friend
>>> '{name} is my friend'.format(**fdict)
AJ is my friend

Using iptables-save

Posted: December 9, 2010 in Devops, System Engineering

I just lost my netfilter persistance file (/etc/sysconfig/iptables) becuase I used /usr/bin/system-config-securitylevel-tui.
I see two options now:

  1. Edit /etc/sysconfig/iptables and then restart, or
  2. Use /sbin/iptables to insert rules then save with /sbin/iptables-save

I’m going for option 2, as I can create a backup of the config at the same time doing this:

example rule to allow port tcp/80:

/sbin/iptables -I RH-Firewall-1-INPUT 10 
    -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
test -d /var/backup/iptables || mkdir -p /var/backup/iptables
/sbin/iptables-save | /usr/bin/tee /etc/sysconfig/iptables 
    /var/backup/iptables/iptables-sysconfig-$(date +%s)