Jonas Genannt

MCollective accepted into Debian sid/unstable

nospam@example.com (Jonas Genannt) — 2011-09-14T06:29:32Z

More than one year, after the ITP of MCollective was submitted, MCollective enters Debian unstable. (See #563951)

Thanks to Damien Raude-Morvan who upload ActiveMQ to Debian and applied my patch for running multiple instances of ActiveMQ with one Initscript. (See #634868)

Also thanks to micah anderson from the Puppet Debian PKG team who checked my package and uploaded it into Debian.

If you are running Debian sid you can simple install MCollective:

apt-get install mcollective-client # installes the client stuff

apt-get install mcollective # installes the MCollective Server

You can use debconf to configure the MCollective options. The packages also suppports preseeding - so you can configure your MCollective on installation.

Use Debconf to configure STOMP stuff: dpkg-reconfigure -plow mcollective-common mcollective-client mcollective

Please see default preseed file at /usr/share/doc/mcollective-common/examples/mcollective.preseed included into mcollective-common package.

An example ActiveMQ configuration is also included in the mcollective package. See /usr/share/doc/mcollective/examples/activemq.xml.

For more information, please have a look at /usr/share/doc/mcollective/README.Debian.

3DM2: Etch repository removed

nospam@example.com (Jonas Genannt) — 2011-08-30T12:53:15Z

The repository 3DM2/CLI for Etch was removed from http://jonas.genannt.name.

Thanks to IP Exchange GmbH for sponsoring my Debian packages.

create documentation on-the-fly with puppet stored configuration

nospam@example.com (Jonas Genannt) — 2011-06-23T20:43:39Z

I have an define backup::directory() {} within my puppet catalog.

This define is used to backup an directory with rsnapshot from an production server onto an backup server:

backup::directory { "/home/web/example.com": }

For our internal sysadmin documentation we need to add this to our wiki. This is done via an script that generates an html overview:

server.example.com
/home/web/example.com

server2.example.com
/home/web/foo/bar
/var/www

If we add in our puppet configuration an new directory to backup, the documentation will be updated on-the-fly without any action from us.

That's pretty cool - we also can use this to generate an overview of apache::sites::vhost {}. So every guy knows where an apache vhost is configured.

You can get that code on github.com.

./puppet_documentation.rb --resource Backup::Directory --name "Directory Backup System"

SSH public key distribution with puppet

nospam@example.com (Jonas Genannt) — 2011-05-21T01:51:00Z

The last years I have used several tools to distribute the public ssh keys of my users across the servers but they don't fit anymore. I use puppet for my infrastructure but the build in puppet feature ssh_authorized_key does not fit.

I have different users across my servers and same users on many servers (e.g. web farms).

One public ssh key can be an member of:

an ssh public key group that is mapped to an user on an server

an ssh public key group that is mapped to an user on an sever group

an user mapped to an server

an user mapped to an server group

I have created an Webapp with an ajax interface. You can drag & drop the ssh key groups or ssh keys to an user.

The key will be deployed via an puppet parser function, you need the storeconfig feature in puppet.

The webapp has got an own database (postgres) but you can merge the puppet storeconfig database to the server manager database (via an rake task). If you specify an regular expression on your server groups, an new merged server will be automatically added to the group and on the next run of puppet the keys from the server group will be deployed without any action from you.

Puppet stuff:

puppet module

puppet function to fetch the keys from the webapp

fact to fetch existing users on the servers (not needed, but features auto complete in the app)

drag & drop the ssh keys or the ssh key groups from right to left into the users on the servers or server groups

public ssh key distribution with puppet and ajax interface from Jonas on Vimeo.

Using Nagios for Wordpress Version Checks

nospam@example.com (Jonas Genannt) — 2011-02-23T23:35:49Z

I'm using Nagios to check for Wordpress Version updates and plugin updates - it's really nice. You don't need to login to wp-admin and check for version. An single PHP Cli script, that puppet installs and configures the nagios for every wordpress installation.

Next step: create an all in wonder script that will upgrade wordpress and all plugins

Update: Script: check_wordpress

Updated 3dm2/CLI packages from 3Ware

nospam@example.com (Jonas Genannt) — 2011-02-15T17:35:17Z

I have updated my 3Ware 3dm2 debian packages.

Now version 10.2 is available on jonas.genannt.name.

Since debian squeeze is now stable, I provide also squeeze packages. The debian etch packages will be removed soon.

**UPDATE**

The 10.2 3md2 program on amd64 has got an problem:

3dm2: relocation error: /lib/libnss_files.so.2: symbol __rawmemchr, version GLIBC_2.2.5 not defined in file libc.so.6 with link time reference

An workaround is, to use an IP address for the mailserver name: Bug #574726.

Thanks Mourik!

Nagios parents hosts with Puppet

nospam@example.com (Jonas Genannt) — 2010-11-11T20:51:17Z

I'm using my fact and stored configurations in puppet to get the running Xen domU in my system.

I also maintain my nagios configuration with puppet, with the Xendomains fact, I automatically set in the nagios configuration the parents for an domU system.

The running domU on node1.fra.example.com is web1.fra.example.com.

The nagios configuration will look like:

define host{
use generic-host
host_name web1.fra.example.com
alias web1 - amd64
address 3.3.3.3
parents node1.fra.example.com
hostgroups XXX,XXX
}

Using this puppet parser function to fetch the dom0 for an domU system from the database.

After calling that function I can build the nagios configuration and using virtual resources in puppet to transfer that information to my nagios server.

documentation of running domUs in Xen with puppet

nospam@example.com (Jonas Genannt) — 2010-11-10T17:54:05Z

If you are running some servers with Xen, you have the problem to figure out, where an domU is running.

If you are using puppet with stored configurations you need to install only the xendomains fact, that will be soon available in facter.

With this data, I create the following graph on-the-fly - documentation done!

Script is available on github.

Postfix as backup MX with Postgrey

nospam@example.com (Jonas Genannt) — 2010-09-09T19:42:34Z

For keeping that stuff in my mind:

smtpd_client_restrictions = check_policy_service inet:127.0.0.1:60000
smtpd_recipient_restrictions = permit_mynetworks,permit_mx_backup, reject_unauth_destination
permit_mx_backup_networks = 10.0.0.0/16