Jonas Genannt

Git - pre-receive hook - validate tag names

nospam@example.com (Jonas Genannt) — Sat, 07 Apr 2012 12:11:48 +0200

I have written an git hook to validate tag names. We deploy our software with git tags.

These tags needs to fit our guidelines like "prod/2012-04-01_d1" this could be checked with my pre-receive hook available at github.

After installing it into your hooks/ directory, you need to set the regular expression for the tag names:

git config hooks.receivetagregexp '^prod\/[0-9]{4}-[0-9]{2}-[0-9]{2}_d[0-9]+$'

MCollective accepted into Debian sid/unstable

nospam@example.com (Jonas Genannt) — Wed, 14 Sep 2011 08:29:32 +0200

More than one year, after the ITP of MCollective was submitted, MCollective enters Debian unstable. (See #563951)

Thanks to Damien Raude-Morvan who upload ActiveMQ to Debian and applied my patch for running multiple instances of ActiveMQ with one Initscript. (See #634868)

Also thanks to micah anderson from the Puppet Debian PKG team who checked my package and uploaded it into Debian.

If you are running Debian sid you can simple install MCollective:

apt-get install mcollective-client # installes the client stuff

apt-get install mcollective # installes the MCollective Server

You can use debconf to configure the MCollective options. The packages also suppports preseeding - so you can configure your MCollective on installation.

Use Debconf to configure STOMP stuff: dpkg-reconfigure -plow mcollective-common mcollective-client mcollective

Please see default preseed file at /usr/share/doc/mcollective-common/examples/mcollective.preseed included into mcollective-common package.

An example ActiveMQ configuration is also included in the mcollective package. See /usr/share/doc/mcollective/examples/activemq.xml.

For more information, please have a look at /usr/share/doc/mcollective/README.Debian.

3DM2: Etch repository removed

nospam@example.com (Jonas Genannt) — Tue, 30 Aug 2011 14:53:15 +0200

The repository 3DM2/CLI for Etch was removed from http://jonas.genannt.name.

Thanks to IP Exchange GmbH for sponsoring my Debian packages.

create documentation on-the-fly with puppet stored configuration

nospam@example.com (Jonas Genannt) — Thu, 23 Jun 2011 22:43:39 +0200

I have an define backup::directory() {} within my puppet catalog.

This define is used to backup an directory with rsnapshot from an production server onto an backup server:

backup::directory { "/home/web/example.com": }

For our internal sysadmin documentation we need to add this to our wiki. This is done via an script that generates an html overview:

server.example.com
/home/web/example.com

server2.example.com
/home/web/foo/bar
/var/www

If we add in our puppet configuration an new directory to backup, the documentation will be updated on-the-fly without any action from us.

That's pretty cool - we also can use this to generate an overview of apache::sites::vhost {}. So every guy knows where an apache vhost is configured.

You can get that code on github.com.

./puppet_documentation.rb --resource Backup::Directory --name "Directory Backup System"

SSH public key distribution with puppet

nospam@example.com (Jonas Genannt) — Sat, 21 May 2011 03:51:00 +0200

The last years I have used several tools to distribute the public ssh keys of my users across the servers but they don't fit anymore. I use puppet for my infrastructure but the build in puppet feature ssh_authorized_key does not fit.

I have different users across my servers and same users on many servers (e.g. web farms).

One public ssh key can be an member of:

an ssh public key group that is mapped to an user on an server

an ssh public key group that is mapped to an user on an sever group

an user mapped to an server

an user mapped to an server group

I have created an Webapp with an ajax interface. You can drag & drop the ssh key groups or ssh keys to an user.

The key will be deployed via an puppet parser function, you need the storeconfig feature in puppet.

The webapp has got an own database (postgres) but you can merge the puppet storeconfig database to the server manager database (via an rake task). If you specify an regular expression on your server groups, an new merged server will be automatically added to the group and on the next run of puppet the keys from the server group will be deployed without any action from you.

Puppet stuff:

puppet module

puppet function to fetch the keys from the webapp

fact to fetch existing users on the servers (not needed, but features auto complete in the app)

drag & drop the ssh keys or the ssh key groups from right to left into the users on the servers or server groups

public ssh key distribution with puppet and ajax interface from Jonas on Vimeo.

Using Nagios for Wordpress Version Checks

nospam@example.com (Jonas Genannt) — Thu, 24 Feb 2011 00:35:49 +0100

I'm using Nagios to check for Wordpress Version updates and plugin updates - it's really nice. You don't need to login to wp-admin and check for version. An single PHP Cli script, that puppet installs and configures the nagios for every wordpress installation.

Next step: create an all in wonder script that will upgrade wordpress and all plugins

Update: Script: check_wordpress

Updated 3dm2/CLI packages from 3Ware

nospam@example.com (Jonas Genannt) — Tue, 15 Feb 2011 18:35:17 +0100

I have updated my 3Ware 3dm2 debian packages.

Now version 10.2 is available on jonas.genannt.name.

Since debian squeeze is now stable, I provide also squeeze packages. The debian etch packages will be removed soon.

**UPDATE**

The 10.2 3md2 program on amd64 has got an problem:

3dm2: relocation error: /lib/libnss_files.so.2: symbol __rawmemchr, version GLIBC_2.2.5 not defined in file libc.so.6 with link time reference

An workaround is, to use an IP address for the mailserver name: Bug #574726.

Thanks Mourik!

Nagios parents hosts with Puppet

nospam@example.com (Jonas Genannt) — Thu, 11 Nov 2010 21:51:17 +0100

I'm using my fact and stored configurations in puppet to get the running Xen domU in my system.

I also maintain my nagios configuration with puppet, with the Xendomains fact, I automatically set in the nagios configuration the parents for an domU system.

The running domU on node1.fra.example.com is web1.fra.example.com.

The nagios configuration will look like:

define host{
use generic-host
host_name web1.fra.example.com
alias web1 - amd64
address 3.3.3.3
parents node1.fra.example.com
hostgroups XXX,XXX
}

Using this puppet parser function to fetch the dom0 for an domU system from the database.

After calling that function I can build the nagios configuration and using virtual resources in puppet to transfer that information to my nagios server.

documentation of running domUs in Xen with puppet

nospam@example.com (Jonas Genannt) — Wed, 10 Nov 2010 18:54:05 +0100

If you are running some servers with Xen, you have the problem to figure out, where an domU is running.

If you are using puppet with stored configurations you need to install only the xendomains fact, that will be soon available in facter.

With this data, I create the following graph on-the-fly - documentation done!

Script is available on github.

Postfix as backup MX with Postgrey

nospam@example.com (Jonas Genannt) — Thu, 09 Sep 2010 21:42:34 +0200

For keeping that stuff in my mind:

smtpd_client_restrictions = check_policy_service inet:127.0.0.1:60000
smtpd_recipient_restrictions = permit_mynetworks,permit_mx_backup, reject_unauth_destination
permit_mx_backup_networks = 10.0.0.0/16

Samba: Automatic printer driver download to Windows

nospam@example.com (Jonas Genannt) — Mon, 22 Mar 2010 19:48:17 +0100

There are tons of manuals, howtos and blog posts, but they all depend on old samba versions.

I have get it working with Samba 3.3.7 and CUPS 1.3.8 on an Debian Lenny system.

smb.conf:

[global]
security = user
load printers = yes
printing = CUPS
printcap name = CUPS
printcap = CUPS
force printername = yes
enable privileges = yes

[printers]
comment = All Printers
browseable = no
guest ok = yes
path = /var/spool/samba
public = yes
printable = yes
writable = no
use client driver = no

[print$]
comment = Printer Driver Download Area
path = /var/lib/samba/printers
browseable = no
guest ok = yes
read only = yes
write list = @printeradms root
directory mask = 0775
create mask = 0664

Tasks

create an group named printeradms

add users to the group

/var/lib/samba/printers: writeable for the group printeradms

set printer rights for the group: net rpc rights grant 'DOMAINNAME\printeradms' SePrintOperatorPrivilege

add first printer to cups

restart samba

Login to an Windows computer

connect to the samba server \\servername

go to subfolder printers

right click on you printer

klick on option

there will be an error message about missing driver. CANCEL here!

install new driver in the option dialog

done!

Your printer queue will now blow up, because windows printer queue shows also the completed cups printer jobs. You have to add the following lines to cupsd.conf:

PreserveJobFiles No
PreserveJobHistory No

Server Manager with Puppet

nospam@example.com (Jonas Genannt) — Fri, 19 Mar 2010 22:00:40 +0100

I have added an new feature to my Server Manager. You can now use that manager to maintain the /etc/network/interfaces file on debian.

Server Manager - Debian Interfaces configuration from Jonas on Vimeo.

Updated 3dm2/CLI packages from 3Ware

nospam@example.com (Jonas Genannt) — Fri, 19 Mar 2010 19:31:26 +0100

I have updated my 3Ware 3dm2 debian packages.

Now version 10.0 is available on jonas.genannt.name. The CLI tools 10.0 are also available.

An Debian Repository is also available.

Added DNS Interface to Server Manager

nospam@example.com (Jonas Genannt) — Sun, 14 Mar 2010 17:21:19 +0100

I have added an DNS Interface to my Server Manager. The nameservers pulls the configuration via http.

The nameserver interface can handle:

- primary nameserver only
- secondary nameserver only
- pri/sec nameserver
- hidden primary

Get the Bind configuration:
http://servermgmt.demo.brachium-system.net/nameserver/getconfig/ns1.brachium-system.net/bind/config

Get the Bind zone configuration:
http://servermgmt.demo.brachium-system.net/nameserver/getconfig/ns1.brachium-system.net/bind/zone
The nameserver has to split the zone configuration and save it.

You can test it: http://servermgmt.demo.brachium-system.net/domains

user: admin
pass: admin

Source code is available on github.

Server Manager with Puppet configuration keys

nospam@example.com (Jonas Genannt) — Mon, 15 Feb 2010 21:47:35 +0100

With this post I will explain you the Puppet Configuration Key feature at the server manager.

With the puppet configuration key feature you can store configuration data used in puppet classes at your database. You can also store configuration data on server groups and add servers to that group.

Yes - it's working like ripienaar's great extlookup but with database.

For this example I have got two hosts:

valentina.brachium-system.net

web01.brachium-system.net

Both hosts are saved on the server manager.

We have some puppet configuration keys at server manager:

The first server valentina.brachium-system.net has got the following puppet key configuration:

The second server web01.brachium-system.net has got the following puppet key configuration:

We are using this puppet manifest:

# Configuration for dblookup from servermgmt:
$dblook_host = "localhost"
$dblook_user = "servermgmt"
$dblook_pass = "servermgmt"
$dblook_db = "servermgmt"

class ssh::server {
$ssh_server_password_authentication = dblookup('ssh_server_password_authentication')
$ssh_server_root_login = dblookup('ssh_server_root_login')
notice("ssh_server_password_authentication: $ssh_server_password_authentication")
notice("ssh_server_root_login: $ssh_server_root_login")
file { "/etc/ssh/sshd_config":
content => template("/home/jonas/puppet/templates/sshd_config.erb")
}
}

node default {
$pkg_install_subversion = dblookup('pkg_install_subversion')
notice("We are the server: ${fqdn}")
notice("pkg_install_subversion: $pkg_install_subversion")
include ssh::server
package {"subversion":
ensure => dblookup('pkg_install_subversion')
}
}

We run that manifest on the server valentina:

notice: Scope(Node[default]): We are the server: valentina.brachium-system.net
notice: Scope(Node[default]): pkg_install_subversion: present
notice: Scope(Class[ssh::server]): ssh_server_password_authentication: yes
notice: Scope(Class[ssh::server]): ssh_server_root_login: no

We run that manifest on the server web01:

notice: Scope(Node[default]): We are the server: web01.stg.brachium-system.net
notice: Scope(Node[default]): pkg_install_subversion: absent
notice: Scope(Class[ssh::server]): ssh_server_password_authentication: no
notice: Scope(Class[ssh::server]): ssh_server_root_login: yes

You can see on the verbose output from puppet, the information is fetched from the database - if the server has got no own value for one key, the default value is used.

You can get the source at http://github.com/hggh/servermgmt