rubysecurity.org

Cloud Architect / DevOps Engineer / SRE / Developer | /root

Home About Books Blog Portfolio Archive

Tag Cloud


Currently Reading

Certified Kubernetes Administrator (CKA) Study Guide
Certified Kubernetes Administrator (CKA) Study Guide
38 / 155 Pages


Latest Book Reviews

Latest Posts


September 12, 2015

Setting up Graphite on CentOS 6.x gotcha

by Alpha01

I installed graphite-web via the EPEL repo, and I was getting an 500 error when accessing the Graphite web interface.

Error

[Sat Sep 12 00:56:27 2015] [error] [client 192.168.1.21] mod_wsgi (pid=17318): Exception occurred processing WSGI script '/usr/share/graphite/graphite-web.wsgi'.
[...]
[Sat Sep 12 00:56:27 2015] [error] [client 192.168.1.21]   File "/usr/lib/python2.6/site-packages/django/db/backends/sqlite3/base.py", line 344, in execute
[Sat Sep 12 00:56:27 2015] [error] [client 192.168.1.21]     return Database.Cursor.execute(self, query, params)
[Sat Sep 12 00:56:27 2015] [error] [client 192.168.1.21] DatabaseError: attempt to write a readonly database

Fix

It turns out the sqlite3 database file Graphite write’s too, was owned by root. So it was simply a matter of updating the ownership to what ever user Apache is running under, in my case it’s apache.

chown -R apache.apache /var/lib/graphite-web/
Tags: [ centos monitoring ]
July 18, 2015

VirtualBox: Increase guest VM CPU count

by Alpha01

Syntax

VBoxManage modifyvm <VMNAME> –cpus <CPUcount>

tony@mini02:~$ VBoxManage showvminfo monitor | grep "Number of CPUs"
Number of CPUs:  1
tony@mini02:~$ VBoxManage modifyvm monitor --cpus 3
tony@mini02:~$ VBoxManage showvminfo monitor | grep "Number of CPUs"
Number of CPUs:  3
Tags: [ virtualbox ]
July 17, 2015

BIND - Typo caused slave zone transfer to stop working

by Alpha01

I was surprised to see a typo had caused all slave transfers to shit themselves. I came across a situation where a new slave zone was specified to a non-existing location in the file system and that caused the rest of the slave zones to get permission denied errors when trying to update.

Error

Jul 12 03:23:27 ns2 named[1184]: dumping master file: etc/zones/tmp-Zbk9acg9uv: open: permission denied
Jul 12 03:27:50 ns2 named[1184]: dumping master file: etc/zenos/tmp-4yxBXaUMTq: open: file not found
Jul 12 03:29:46 ns2 named[1184]: dumping master file: etc/zones/tmp-KPqzHa9ev9: open: permission denied
Jul 12 03:38:02 ns2 named[1184]: dumping master file: etc/zones/tmp-kuhtUPjcAi: open: permission denied
Tags: [ bind ]
July 13, 2015

Running my own Git server: GitList

by Alpha01

For the longest time I’ve been wanting to streamline updates to my sites, ie. implement good software deployment technique and procedures. To be specific, start using Git for source code management, and Jenkins to deploy. No, I’m not drinking the whole Agile Kool-Aid. After all we’re in 2015, and people who still continue to use FTP/SFTP to push out changes to their sites should really need to be practicing more long term sustainable procedures. Setting up a git server is really simple. See https://dev.rubysecurity.org/awesome-applications/git/setting-up-a-git-server-in-centos-6-5.

Git workflow

I prefer to only communicate with Git over ssh and not https. Since I don’t use the default ssh port, the initial repository clone looks like this:

git clone ssh://$GIT-USER@$GIT-SERVER:$SSH-PORT/home/git/$REPO

GitHub has become the defacto Git hosting provider. I think much of it’s success, aside from the fact that Git is an amazing piece of software, is GitHub’s polished web user interface. While Git ships with a daemon that provides a visual look at the repositories, it’s definitely not pretty. I wanted to have a local GitHub like interface on my private git repos, so I decided to use GitList. GitList is fairly minimalistic. Requiring just PHP and mod_rewrite, it allows you to browse your repositories, view files under different revisions, commit history and diffs. Configuring GitList is really easy.

git clone https://github.com/klaussilveira/gitlist.git
cd gitlist
chmod 777 cache
mv config.ini-example config.ini

Then update config.ini to point to the location where the Git repositories are stored in the server. On my server, they’re located in /home/git.

repositories[] = '/home/git/';

Lastly, is just configuring the web server’s virtual host. Since I use Apache mine looks like this.

<VirtualHost 192.168.1.16:443>
        ServerName git.rubyninja.org
        ServerAlias git.rubyninja.org

        DocumentRoot /var/www/gitlist

        <Directory "/var/www/gitlist">
                AllowOverride All
                AuthType Basic
                AuthName "Git Repos"
                AuthUserFile /home/svn/.htpasswd
                Require valid-user
        </Directory>;

        SSLEngine on
        SSLCertificateFile /etc/httpd/certs/svn.rubyninja.org.crt
        SSLCertificateKeyFile /etc/httpd/certs/svn.rubyninja.org.key
        SSLCACertificateFile /etc/httpd/certs/rubyninjaCA.crt

        ErrorLog logs/git_ssl_error_log
        CustomLog logs/git_ssl_request_log \
                "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

GitList

GitList

Tags: [ php git apache ]
July 7, 2015

Git Ansible Playbooks

by Alpha01

One of the reasons I love Ansible over any other config management tool is because of its simplistic design and ease of use. It literally took me less than 15 minutes to write a set of playbooks to manage my local git server.

git_server_setup.yml - configures base server git repository configuration.

---
- hosts: git
  tasks:
  - name: Installing git package
    yum: name=git state=latest

  - name: Creating developers group
    group: name=developers state=present

  - name: Creating git user
    user: name=git group=developers home=/home/git shell=/sbin/nologin

  - name: Updating /home/git permissions
    file: path=/home/git mode=2770

create_git_user.yml - creates local system git user accounts.

---
- hosts: git
  tasks:

  - name: Creating new git user
    user: name={{ user_name }} password={{ user_password }} home=/home/git shell=/usr/bin/git-shell group=developers

  vars_prompt:
  - name: "user_name"
    prompt: "Enter a new git username"
    private: no

  - name: "user_password"
    prompt: "Enter a password for the new git user"
    private: yes
    encrypt: "sha512_crypt"
    confirm: yes
    salt_size: 7

create_git_repo.yml - creates an empty bare git repository.

---
- hosts: git
  vars:
    repo_name: www.alpha01.org

  tasks:
  - file: path=/home/git/{{ repo_name }} state=directory mode=2770

  - name: Creating {{ repo_name }} git repository
    command: git init --bare --shared /home/git/{{ repo_name }}

  - name: Updating repo permissions
    file: path=/home/git/{{ repo_name }} recurse=yes owner=git
Tags: [ ansible git ]