Tag Cloud
Currently Reading
Latest Book Reviews
- Rancher Deep Dive Posted on March 31, 2023
- Leveraging Kustomize for Kubernetes Manifests Posted on March 24, 2023
- Automating Workflows with GitHub Actions Posted on October 13, 2022
- Deep-Dive Terraform on Azure Posted on August 30, 2022
- Effective DevOps Posted on January 5, 2022 All Book Reviews
Latest Posts
- Ubuntu 18.04 LTS + Systemd + Netplan = Annoyance Posted on October 28, 2018
- Log into a Docker Container as root Posted on October 28, 2018
- Homelab Updates! Posted on October 12, 2018
- Annoying Ansible Gotcha Posted on April 14, 2018
- Working with Ruby obfuscated code: Finding all classes available in a module Posted on May 24, 2017
October 28, 2018
Ubuntu 18.04 LTS + Systemd + Netplan = Annoyance
by Alpha01
Unless it’s something that is suppose to help improve workflow, I really hate change; especially if the change involves changing something that worked perfectly fine.
I upgraded (fresh install) from Ubuntu Server LTS 12.04 to 18.04, among the addition of systemd, which I don’t mind to be honest, as I see it as necessary evil. I was shocked to see the old traditional Debian networking configuration does not work anymore. Instead, networking is handled by a new utility called Netplan. Using Netplan for normal static networking configurations is not terrible, however in my use-case, I needed to able to create a new virtual interface for the shared KVM bridge networking config needed for my guest VMs.
After about 30 minutes of trail and error (and wasn’t able to find any useful documentation), I opted to configure the networking config to continue using the old legacy networking config. The only problem is that reverting to my old 12.04 networking config was not quite as easy as simply copying over the old interfaces file. So I had to do the following:
1). Remove all of the configs on /etc/netplan/
rm /etc/netplan/*.yml
2). Install ifupdown utility
sudo apt install ifupdown
Now, populate your /etc/network/interfaces config. This is how mine looks (where eno1 is my physical interface):
# ifupdown has been replaced by netplan(5) on this system. See
# /etc/netplan for current configuration.
# To re-enable ifupdown on this system, you can run:
# sudo apt install ifupdown
#
auto lo
iface lo inet loopback
auto br0
iface br0 inet static
address 192.168.1.25
netmask 255.255.255.0
dns-nameservers 8.8.8.8 192.168.1.10 192.168.1.11
gateway 192.168.1.1
# set static route for LAN
post-up route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.1.1
bridge_ports eno1
bridge_stp off
bridge_fd 0
bridge_maxwait 0
After restarting the network service, my new shared interface was successfully created with the proper IP Address and routing, however DNS was not configured. This is because now DNS configurations seem to have their own dedicated tool called systemd-resolved. So to get my static DNS configured and working on the half-ass networking legacy configuration. Using systemd-resolved is a two step process:
1). Update the file /etc/systemd/resolved.conf with the corresponding DNS configuration, in my case it looks like this:
[Resolve]
DNS=192.168.1.10
DNS=192.168.1.11
DNS=8.8.8.8
Domains=rubyninja.org
2). Then finally restart the systemd-resolved service.
systemctl restart systemd-resolved
You can verify the DNS config using
systemd-resolve --status
It wasn’t easy as I first imagined, but thus said, this was the only inconvenience during my entire 12.04 to 18.04 upgrade.
Tags: [ubuntu systemd networking October 28, 2018
Log into a Docker Container as root
by Alpha01
docker exec -u 0 -it mycontainer bash
docker security October 12, 2018
Homelab Updates!
by Alpha01
It’s been well over a month since I finally decided to retire both of my Apple Mac Minis in favor for a single (for the time being), quieter, and more powerful Intel NUC.
Migrating over my existing KVM and VirtualBox VMs to my new KVM server was a really easy process. If doing the import manually, then it’s just a matter of selecting the existing vdi and qcow2 images as the source disks when creating the guests VMs on the server. In my cause, however I also had to update the new MAC address given that all of my VMs are configured to get their respective fixed IP addresses via my isc-dhcpd server.
This this was somewhat of a fresh start, so I nuked a bunch of unused VMs that I had lingering around for testing purposes, and only kept what I really need for now. Which at the time of this writing these are my current active VMs that I use on my homelab:
proxy- Reverse proxy Varnish and Nginx (SSL termination)dhcp- ISC-dhcpd and PXE serverdatabase- MySQL and PostgreSQL servermonitor- Nagios, Graphite/Grafanaweb- Apachens1- Master BIND serverns2- Slave BIND servergit- GitLab and Subversionansible- Ansible and Puppet Configuration Managementbuild- Jenkinslogs- ELK stack
Future Plans
I have lots of future plans for my homelab. Like upgrading my BIND DNS servers to a new version and rollout out DNSSec on my local network, upgrading dhcp server (running a really old version of Debian), rollout 389 Directory Server (I have a love/hate relationship with openldap). These are just to name a few!
Tags: [ubuntu kvm April 14, 2018
Annoying Ansible Gotcha
by Alpha01
Ansible is by far my favorite Configuration Management tool, however it certainly has it’s own unique quirks and annoyances. To start, I prefer the Ansible’s YAML/Jinja approach instead of Puppet and Chef’s own DSL custom configurations.
Today I ran into an interesting YAML parsing quirk. It turns out if you use colon ‘:’ character inside a string anywhere in your playbooks, Ansible will fail to properly parse it.
Example playbook:
---
- hosts: 127.0.0.1
tasks:
- lineinfile: dest=/etc/sudoers regexp='^testuser ALL=' state=present line="testuser ALL=(ALL) NOPASSWD: TEST_PROGRAM" state=present
Error
When running the playbook, triggers the following error:
ERROR! Syntax Error while loading YAML.
The error appears to have been in '/etc/ansible/one_off_playbooks/example.yml': line 4, column 104, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
tasks:
- lineinfile: dest=/etc/sudoers regexp='^testuser ALL=' state=present line="testuser ALL=(ALL) NOPASSWD: TEST_PROGRAM" state=present
^ here
Fix
This is a known issue https://github.com/ansible/ansible/issues/1341 and the easiest work around for this, is to force the colon ‘:’ character to be evaluated by the Jinja templating engine.
{{':'}}
The hilarious part of this, is that it doesn’t look like this stupid quirk is going to be fixed.
Tags: [ansible May 24, 2017
Working with Ruby obfuscated code: Finding all classes available in a module
by Alpha01
As a follow up to my HashiCorp Rocks! blog post. Up until now, I’ve never directly worked with any obfuscated code. HashiCorp obfuscates their VMware Fusion and Workstation commercial Vagrant plugins.
Like Vagrant, the plugins themselves are written in Ruby.
alpha03:lib tony$ file vagrant-vmware-fusion.rb
vagrant-vmware-fusion.rb: ASCII text, with very long lines, with CRLF, LF line terminators
However, if you try to read the source all you’ll see is a bunch of encoded text. Since my Vagrant plugin has some functionality that only works after a certain action gets executed by the proprietary plugins. This is why I needed to know the exact name of that particular action (class name) exactly how it’s defined inside the VMware Fusion and Workstation plugins. This was a serious problem because I can’t read their source code!
Luckily, this wasn’t as difficult as it seems. Finding the classes (or methods but in the case of mine I didn’t need too) available in Ruby is fairly simple process. To my luck somebody had already asked and answered this question in StackOverflow.
In my case, first step was needing to know the name of the actual module itself. I found the easiest way to get the name of the module that’s obfuscated, is to intentionally have it spit out an exception. In doing that, I found that the module names whose namespace I’ll be searching were HashiCorp::VagrantVMwarefusion and HashiCorp::VagrantVMwareworkstation.
Once I knew the modules’s name, I was able to use Ruby to view what additional modules I have within the particular module namespace. I was able to accomplish that using the following
t = HashiCorp::VagrantVMwareworkstation.constants.select {|c|
HashiCorp::VagrantVMwareworkstation.const_get(c).is_a? Module
}
puts t
The above sample code spit out a bunch of modules inside HashiCorp::VagrantVMwareworkstation, but since I know the Vagrant plugin API and it’s coding standards/practices. I was able to verify that the module I’m searching for is HashiCorp::VagrantVMwareworkstation::Action. Once again, looking at Plugin API and other examples, I knew that this is where the class is I’m looking is stored in. So I used the following to get the corresponding class name within HashiCorp::VagrantVMwareworkstation::Action.
p = HashiCorp::VagrantVMwareworkstation::Action.constants.select { |c|
HashiCorp::VagrantVMwareworkstation::Action.const_get(c).is_a? Class
}
puts p
I repeated the above tests for HashiCorp::VagrantVMwarefusion and I was also able to find the corresponding class name that it’s defined inside the obfuscated Ruby code.
In the end I was able to get the classes HashiCorp::VagrantVMwareworkstation::Action::Suspend and HashiCorp::VagrantVMwarefusion::Action::Suspend, and everything worked as expected.
Tags: [ruby vagrant