You can store more than just your modules at the Forge. 
I just added my types and providers to my collection of modules at the new Puppet Module Forge. I’d love to all those people maintaining types and providers, functions, and facts add theirs to the Forge also. It’s a cool way to share your code (and the site allows you to provide links back to your code repository and ticketing system so user’s can report bugs). In time I hope most people’s environments will consist of the core types and providers bundled with Puppet and a selection of cool code generated by the community and sourced from the Puppet Forge.
Posts Tagged ‘code’
Puppet Module Repository isn’t just for modules
June 1st, 2010Puppet Forge in beta!
May 27th, 2010The Puppet Forge AKA the Puppet Module Repository is live and operational. It’s a store of Puppet modules (and types and providers) that allows you to share your awesome code and modules with others.
It also comes with the puppet-module tool that allows you to build modules for, manage and install modules from the forge. You can install puppet-module via a gem:
$ sudo gem install puppet-module
Both the site and tool are in public beta right now so hammer away at it and tell us what you think!
Git … oh my
June 20th, 2009In recent projects I’ve been using a lot of git and I love it. As a distributed source control tool it’s brilliant. This is particularly true when you need to gather and manage a wide variety of disparate patches and commits. On the projects I work on we get patches via a lot of paths:
- Diffs attached to tickets
- Diffs sent via email
- Git branches and cherry picks
With the former two paths we (mostly me) have been cutting and pasting patch diffs into files or using wget. We then use the patch command to apply the diffs to various branches and then commit the results.
With this approach we often lose track of the patches ownership and author. This is problematic from two perspectives – we can’t allocate credit where it is due and when something goes wrong with a commit it’s often hard to track down the original author.
We obviously don’t have this issue with Git repositories and merging branches or cherry picking specific commits. With the latter it is easy to track patch authors and ownership – even through multiple merges and rebasing. So I like it when people fork the Github repo and provide a commit or feature/ticket branch when supplying code.
But for the others I’m trying to bring our process a little closer to Git by using the git am and git apply commands (also git-am and git-apply – though the git-command syntax is being deprecated) to pull in diffs and patches. The git am command processes mailboxes (mbox and Maildir), mail messages or RFC 2822 formatted messages provided via standard input. The git apply command applies a unified diff file to the current working tree.
Let’s start with the easy to use git apply command. Let’s take one of our use cases: downloading a patch from our tracker and applying it.
First, we wget our patch file:
$ cd /tmp
$ wget http://projects.redmine.com/project/tickets/2222/patch2222.diff
We then change directory into our Git repo and check what branch we’re in.
$ cd ~/src/puppet
$ git branch
* master
We can now feed our patch file into git apply using something like cat and a pipe.
$ cat /tmp/patch2222.diff | git apply
This will add the patch to the current branch and commit it.
Another useful trick is the –amend option. If your current commit is not yet pushed you can amend it. Just make your required edits, git add the updated files:
$ git add filename
And then run:
$ git commit --amend
Git will populate your editor with the last commit message and you can update the commit.
We could also create a separate branch for our new commit.
$ git checkout -b tickets/master/2222
$ git apply < /tmp/patch2222.diff
Here we’ve directed the file straight into git apply rather than piped the output of the cat command.
We can then merge this into the appropriate branch when ready.
$ git merge tickets/master/2222
Don’t forget you can also use the git rebase command to ensure your branch is rebased against the branch you’re merging into, to squash multiple commits or to redo the commits – git rebase (especially the –interactive switch) is the business.
Using our second command, git am, we can also pull patches straight from a mail client. For example, on Thunderbird, I open up the message I want to import then (on OSX – on PC it’s basically the same commands prefixed with Ctrl not Command):
- Command-U to show the full message including headers
- Command-A to select all of the message
- Command-C to copy the selection
I can then go to the command line and do:
$ cat | git am
Followed by a Command-V to paste the content, and then Control-D to end the cat and submit my patch to be committed.
The git am command is quite clever. The author of the commit will be pulled from the From line of the message, the date and time of the commit from the date and time the message was sent and the Subject and Body are used as the title and body of the commit message.
We can also add the -s switch to the git am command. This adds a “Signed-off-by” line to the commit message using your details (usually name and email address).
$ cat | git am -s
It’s not perfect model yet – I probably should be using git am on a Maildir or mbox file which contains our patches but in our small development team I have the luxury of just selecting the patches and emails I want.
Pro Linux System Administration
May 28th, 2009My new book, Pro Linux System Administration, is coming out on June 22nd, 2009. It’s written with my friends Pete and Den. Here’s a little bit of a blurb:
“We can all be Linux experts, provided we invest the time in learning the craft of Linux administration. Pro Linux System Administration makes it easy for small to medium-sized businesses to enter the world of zero-cost software running on Linux and covers all the distros you might want to use, including Red Hat, Ubuntu, Debian, and CentOS. Authors, and systems infrastructure experts James Turnbull, Peter Lieverdink, and Dennis Matotek take a layered, component-based approach to open source business systems, while training system administrators as the builders of business infrastructure.”
Haven’t had a dream in a long time
March 18th, 2009So the latest book, Pro Linux System Administration
Must admit this was a lot of hard work. Incredibly unmotivated on a few occasions and whilst I think I need a little break from writing I’ve got another project to finish this year.
I’ve worked out I’ve written somewhere in the region of a thousand pages in the last five years. Which is quite a bit really – somewhere in the region of 500,000 words. Just thinking about it makes me tired.
Google Chrome
September 13th, 2008I downloaded Google’s new Chrome browser (http://www.google.com/chrome) this morning. I installed it and I played with it for about an hour. I read the release notes and watched several of Google’s videos. Overall, it looks cool, seemed to be snappy and quick to respond. I was particularly taken with the focus on tabs. I also thought the multi-process, multi-tab sandbox idea is a really interesting idea – initially from a useability perspective but potentially also from a security perspective. Though there isn’t anywhere near enough information yet to make a proper assessment. I did try to break some tabs and see how effective the sand-boxing was (it seems to hold up from a very brief look but it’ll take some code review from someone with more code-fu than me to determine actually how secure the concept is – see below).
A few things didn’t inspire me – the border decoration was a little … unintegrated. And I am always loath to pass judgement on an application that by its very nature needs to be examined in a cross-platform context and I would want to see running on all of Microsoft Windows, OSX, and Linux. This is particularly true of OSX where the graphical environment can make an enormous difference to how an application engages you.
But after my play I closed Chrome down with a big sigh to get on with my actual day job. Why the sigh? Did I think the new Chrome browser wasn’t very good? Nope. But my first thought was “I wonder how many people in my enterprise have downloaded and installed Chrome over the last few days”. This was quickly followed by me asking two questions:
1. What is the change in the enterprise’s risk profile of adding this new application?
2. What’s the operational impact of some, many or all of my users downloading and installing this application?
Obviously (and hopefully) it is only an incremental change in risk profile and not much at that. The browser will probably only be downloaded by power users and innovators in the enterprise, initially at least. On the threat landscape in most enterprises however browsers punch well above their weight in terms of attack surface, are a common source of malware infection and browser exploits are a popular target for hackers. Indeed a (the first?) Chrome vulnerability has already been discovered AND exploited (see http://www.readwriteweb.com/archives/security_flaw_in_google_chrome.php) literally hours after Chrome was released. So Chrome’s potential as a source of compromise and attacks needs to be carefully considered.
The answer to the second question is also ambiguous but finding out can add a lot of work for a security team. With any new application, but especially ones like browsers that are such rich sources of malware attack, there is now a potential need to:
• Track bugs and vulnerabilities for the application;
• Add it to software profiles for vulnerability scanning;
• Investigate its behaviour for network behaviour and IDS/IPS;
• Profile it for our Security Event and Incident Management process; and
• Specifically for this application ascertain if its Incognito “stealth” browsing capability impacts our ability to investigate and gather evidence in incidents.
So most important to me right now is not whether Chrome will outshine Firefox or IE or whether it represents the future of the browser. But rather how much work is this new browser going to create for me…
P.S. If you’re interested in look at it you can find Chrome’s source code at http://code.google.com/chromium/. There are also build instructions (for which you will probably need to have some developer skills) for OSX and Linux.
Migrating a Rails database from Sqlite3 to MySQL
August 25th, 2008So when I first looked at Redmine I ran it up and used Sqlite3 as the database back-end. Then when I migrated our Trac data I just left Sqlite3 as the back-end database and migrated our data to that. With that startling lack of forethought aside, I always had the view the database should be MySQL because well:
a) I know it
b) I like it
c) It’s probably more scalable (IMHO)
So today I actually sat down to do the migration piece. I dumped out the sqlite3 database and tried to do some manual/scripted edits to convert it to something MySQL would import. Epic Fail.
So I tried the YAMLdb that abstracts database exports using YAML. A quick installation, some edits to config/database.yml, a rake db:dump and rake db:load and the data was moved:
… Create our database …
$ sudo mysql -p
mysql> create database redmine character set utf8;
… Grant privs to your chosen user …
mysql> GRANT ...
… Configure a test database for our new MySQL database …
$ vim config/database.yml
.. for Rails version 2.1 and later install the plugin …
$ sudo script/plugin install git://github.com/adamwiggins/yaml_db.git
.. for Rails versions less than 2.1 use …
$ sudo script/plugin install http://github.com/adamwiggins/yaml_db.git
… Dump out the current production database …
$ sudo rake db:dump RAILS_ENV=production
… Load the freshly created db/data.yml file into our test database …
$ sudo rake db:load RAILS_ENV=test
… Reconfigure the application to point to the new MySQL database as production …
$ vim config/database.yml
… Start Redmine …
$ sudo /etc/init.d/mongrel_cluster start
Had one bad field I had to do some manual editing too – still not quite sure what was wrong with the field but whatever I did fixed it – but otherwise very smooth.
Started up and now Redmine runs perfectly with MySQL as the back-end!
Puppet’s BuildBot
August 24th, 2008So rather than doing the work I actually should be I’ve been playing with BuildBot. I had intended to get around to setting up BuildBot sometime in the next couple of months but I got hooked.
The reason I wanted to have a look at BuildBot was that Puppet has reached a stage where we simply can’t test every platform it runs on. We are also starting to get patches from a wider variety of sources. Buildbot will allow us to execute our tests on a wider variety of platforms. Hopefully with the cooperation of the community we can gather a really big collection of build platforms to test on.
Here’s the blurb for BuildBot
The BuildBot is a system to automate the compile/test cycle required by most software projects to validate code changes. By automatically rebuilding and testing the tree each time something has changed, build problems are pinpointed quickly, before other developers are inconvenienced by the failure. The guilty developer can be identified and harassed without human intervention. By running the builds on a variety of platforms, developers who do not have the facilities to test their changes everywhere before checkin will at least know shortly afterwards whether they have broken the build or not. Warning counts, lint checks, image size, compile time, and other build parameters can be tracked over time, are more visible, and are therefore easier to improve.
The overall goal is to reduce tree breakage and provide a platform to run tests or code-quality checks that are too annoying or pedantic for any human to waste their time with. Developers get immediate (and potentially public) feedback about their changes, encouraging them to be more careful about testing before checkin.
It’s a very easy tool to deploy. The hardest part has been the slightly broken Git source handling and the assumption that any Git repository is local. I need to have a local Git repository to allow BuildBot to submit the right commits references to the PBChangeSource function.
But I designed a basic process for handling new commits:
1. Commit pushed to GitHub.
2. Commit bot at GitHub picks up commit and sends it to BuildBot Master.
3. BuildBot uses the git_buildbot.py script to calculate the before/after commit and branch references and tell BuildBot about them.
4. BuildBot executes the build and tells each slave to retrieve the commit and runs the tests. Currently we’re running:
a. All the Unit tests
b. All the RSpec tests
5. We then get the results of the tests on the website and in an email to the new Puppet Builds mailing list.
In addition I’ve also enabled BuildBot’s IRC bot and added a new bot, called pinocchio, to the #puppet channel that reports on build status.
At this stage it’s all in test mode and when I’ve ironed out a few issues we should be in a position to do a production installation at ReductiveLabs and start canvassing for build slaves.
UPDATE
After mucking around with Buildbot I just couldn’t get a whole bunch of issues with Git resolved so we changed to Hudson as our CI – which works much better. The message overall is – CI and Git: still a young pair. I’ve included our configuration below for edification:
# -*- python -*-
# ex: set syntax=python:
# This is a sample buildmaster config file. It must be installed as
# ‘master.cfg’ in your buildmaster’s base directory (although the filename
# can be changed with the –basedir option to ‘mktap buildbot master’).
# It has one job: define a dictionary named BuildmasterConfig. This
# dictionary has a variety of keys to control different aspects of the
# buildmaster. They are documented in docs/config.xhtml .
# This is the dictionary that the buildmaster pays attention to. We also use
# a shorter alias to save typing.
c = BuildmasterConfig = {}
####### BUILDSLAVES
# the ‘slaves’ list defines the set of allowable buildslaves. Each element is
# a tuple of bot-name and bot-password. These correspond to values given to
# the buildslave’s mktap invocation.
from buildbot.buildslave import BuildSlave
c['slaves'] = [BuildSlave("debian", "debian"),
BuildSlave("freebsd", "freebsd"),
BuildSlave("redhat", "redhat")
]
# ‘slavePortnum’ defines the TCP port to listen on. This must match the value
# configured into the buildslaves (with their –master option)
c['slavePortnum'] = 9989
####### CHANGESOURCES
# the ‘change_source’ setting tells the buildmaster how it should find out
# about source code changes. Any class which implements IChangeSource can be
# put here: there are several in buildbot/changes/*.py to choose from.
from buildbot.changes.pb import PBChangeSource
c['change_source'] = PBChangeSource()
####### SCHEDULERS
## configure the Schedulers
from buildbot import scheduler
stable = scheduler.Scheduler(name=”stable”, builderNames=["debian_stable", "freebsd_stable", "redhat_stable"], treeStableTimer=60, branch=”0.24.x”)
dev = scheduler.Scheduler(name=”dev”, builderNames=["debian_dev", "freebsd_dev", "redhat_dev"], treeStableTimer=60, branch=”master”)
c['schedulers'] = [stable, dev]
####### BUILDERS
# the ‘builders’ list defines the Builders. Each one is configured with a
# dictionary, using the following keys:
# name (required): the name used to describe this bilder
# slavename (required): which slave to use, must appear in c['bots']
# builddir (required): which subdirectory to run the builder in
# factory (required): a BuildFactory to define how the build is run
# periodicBuildTime (optional): if set, force a build every N seconds
# buildbot/process/factory.py provides several BuildFactory classes you can
# start with, which implement build processes for common targets (GNU
# autoconf projects, CPAN perl modules, etc). The factory.BuildFactory is the
# base class, and is configured with a series of BuildSteps. When the build
# is run, the appropriate buildslave is told to execute each Step in turn.
# the first BuildStep is typically responsible for obtaining a copy of the
# sources. There are source-obtaining Steps in buildbot/steps/source.py for
# CVS, SVN, and others.
from buildbot.process import factory
from buildbot.steps import source, shell
pstable = factory.BuildFactory()
pstable.addStep(source.Git(repourl=’git://github.com/jamtur01/puppet.git’, branch=’0.24.x’))
pstable.addStep(shell.ShellCommand(command=’rake spec’, name=’Spec Tests’))
pstable.addStep(shell.ShellCommand(command=’rake unit’, name=’Unit Tests’))
pdev = factory.BuildFactory()
pdev.addStep(source.Git(repourl=’git://reductivelabs.com/puppet’, branch=’master’))
pdev.addStep(shell.ShellCommand(command=’rake spec’, name=’Spec Tests’))
pdev.addStep(shell.ShellCommand(command=’rake unit’, name=’Unit Tests’))
debian_stable = {‘name’: “debian_stable”,
‘slavename’: “debian”,
‘builddir’: “debian_stable”,
‘factory’: pstable,
}
debian_dev = { ‘name’: “debian_dev”,
‘slavename’: “debian”,
‘builddir’: “debian_dev”,
‘factory’: pdev,
}
redhat_stable = {‘name’: “redhat_stable”,
‘slavename’: “redhat”,
‘builddir’: “redhat_stable”,
‘factory’: pstable,
}
redhat_dev = { ‘name’: “redhat_dev”,
‘slavename’: “redhat”,
‘builddir’: “redhat_dev”,
‘factory’: pdev,
}
freebsd_stable = {‘name’: “freebsd_stable”,
‘slavename’: “freebsd”,
‘builddir’: “freebsd_stable”,
‘factory’: pstable,
}
freebsd_dev = { ‘name’: “freebsd_dev”,
‘slavename’: “freebsd”,
‘builddir’: “freebsd_dev”,
‘factory’: pdev,
}
c['builders'] = [debian_stable, debian_dev, freebsd_stable, freebsd_dev, redhat_stable, redhat_dev]
####### STATUS TARGETS
# ‘status’ is a list of Status Targets. The results of each build will be
# pushed to these targets. buildbot/status/*.py has a variety to choose from,
# including web pages, email senders, and IRC bots.
c['status'] = []
from buildbot.status import html
c['status'].append(html.WebStatus(http_port=8010))
from buildbot.status import mail
c['status'].append(mail.MailNotifier(fromaddr=”buildbot@reductivelabs.com”,
extraRecipients=["puppet-build@googlegroups.com"],
sendToInterestedUsers=False))
from buildbot.status import words
c['status'].append(words.IRC(host=”irc.freenode.net”, nick=”pinocchio”,
channels=["#puppet"],
password=”password”))
# from buildbot.status import client
# c['status'].append(client.PBListener(9988))
####### DEBUGGING OPTIONS
# if you set ‘debugPassword’, then you can connect to the buildmaster with
# the diagnostic tool in contrib/debugclient.py . From this tool, you can
# manually force builds and inject changes, which may be useful for testing
# your buildmaster without actually commiting changes to your repository (or
# before you have a functioning ‘sources’ set up). The debug tool uses the
# same port number as the slaves do: ‘slavePortnum’.
#c['debugPassword'] = “debugpassword”
# if you set ‘manhole’, you can ssh into the buildmaster and get an
# interactive python shell, which may be useful for debugging buildbot
# internals. It is probably only useful for buildbot developers. You can also
# use an authorized_keys file, or plain telnet.
#from buildbot import manhole
#c['manhole'] = manhole.PasswordManhole(“tcp:9999:interface=127.0.0.1″,
# “admin”, “password”)
####### PROJECT IDENTITY
# the ‘projectName’ string will be used to describe the project that this
# buildbot is working on. For example, it is used as the title of the
# waterfall HTML page. The ‘projectURL’ string will be used to provide a link
# from buildbot HTML pages to your project’s home page.
c['projectName'] = “Puppet”
c['projectURL'] = “http://reductivelabs.com/trac/puppet/”
# the ‘buildbotURL’ string should point to the location where the buildbot’s
# internal web server (usually the html.Waterfall page) is visible. This
# typically uses the port number set in the Waterfall ‘status’ entry, but
# with an externally-visible host name which the buildbot cannot figure out
# without some help.
#c['buildbotURL'] = “http://10.0.0.x:8010/”
On Posting
June 10th, 2008I haven’t really done more than lurked in the blogsphere for the last 6-12 months. I don’t think I’ve commented more than a dozen times (excluding today where I went nuts – the recent tit-for-tat bullying revenge movie extravaganza has prompted some comments) on anyone’s blog. Ruth is the same – she has been a infrequent poster of late also – though she has less excuse than me – she camps with laptop on lap on my couch and should post every night. Unless of course she’s not funny anymore. Yep. That’ll be it. Not funny anymore. *Note to self – be on guard for retaliation tonight*.
Instead I do a lot of Twittering and IRC. Oh and work. Work has left little time to blog too. Some paid work but mostly FOSS work. Which I probably shouldn’t call “work” but sometimes feels like it is – truth be told I feel like a walking, talking support centre some days. And I cut a lot less actual code than I’d like but rather shuffle tickets and triage things. But I have recently migrated a ticketing system for Puppet from Trac to Redmine – which I am fairly chuffed about and that is already making life much easier.
All in all I find the Twitter system of 140 characters updates a much smaller morsel to swallow rather than epic blog posts. Not that I wrote an awful lot of those. But I have decided to make some effort and try to blog at least once or twice a week. I don’t particularly care about readership – that was never this blog’s intent – but I do feel like the journaling/diary element of it has been lost lately as I meander along doing other things. A lot of things in my life I’d like to be taking note of for future posterity (my own future posterity – I am sure no one else cares ) have been happening.
So first piece of news – another book in the offing/maybe/possibly – lots of issues around it and not feeling overly motivated but it’s a distinct possibility. A more Linux focussed title this time around – or perhaps more accurately back to my roots.
pMachine becomes EllisLabs
March 15th, 2007I have noted with some pleasure the continued progress of ExpressionEngine (and it’s parent company pMachine) and the expansion of the EE brand. Now pMachine (the company was named for the legacy CMS tool that started it all) have evolved into EllisLabs. The new name is drawn from the surname of company founder, Rick Ellis.
I was one of the early pMachine customers and then later migrated my blog to EE. Whilst not a power user by any stretch I have always been most pleased with three aspects of the now EllisLabs and EE:
- Extensibility
- Flexibility
- Incredible support
The EE product is easily and quickly extensible and even I have delved into the source code on occasion to make tweaks and edits. It also extremely flexible – allowing configuration of EE sites for all sorts of purposes. I merely use the simplest iteration – a weblog. But others use EE to create forums, online catalogues, magazines, pubications, books, a ticketing system!, and a myriad of other esoteric uses.
Lastly, and probably most attractive to me, is the support. The community and the dedicated support team are amazing. Support requests are promptly answered, the community provides enormous numbers of practical examples of how to solve particular problems or achieve particular outcomes, and critically new users are generally treated with respect rather than the newbie derision that occurs in some other projects. Very few other projects I am involved in have a level of enthusiasm and community involvement as EE. Additionally, unlike some other companies, as the organisation has grown and expanded that level of support hasn’t suffered. Finally, EllisLabs have no forgotten that one of their most valuable resources is the community that has adopted, fostered and taken EE into new directions and new places.
I am greatly looking forward to seeing where they go next.
