Snippets on

Unix path too long for domain socket

Mon, 08 Aug 2022 09:42:07 +0200

Solving a pitfall with re-using SSH connections and overly long unix paths.

Container Linux Distributions

Thu, 28 Jul 2022 22:28:06 +0200

A short list of container-specific Linux distributions I researched.

AWS - Forced MFA and the CLI

Wed, 20 Jul 2022 02:53:12 +0200

A helper script incredibly useful if you want to enforce MFA on AWS also for CLI applications.

Mac quick action - edit PDF documents

Sun, 12 Jun 2022 14:22:55 +0200

Edit PDF documents using macOS Automator & shell scripts

"Old" K8S API reference docs

Fri, 08 Apr 2022 10:48:11 +0200

A link collection to “old” kubernetes API docs for reference.

Postgres - restore database with different owner

Thu, 24 Mar 2022 18:12:07 +0100

How to restore a DB backup and changing the owner while doing it.

"Fix" Raindrop addon in Firefox

Wed, 09 Mar 2022 10:15:27 +0100

Fix an annoying Raindrop plugin error in Firefox.

Mac quick action - shrink images

Tue, 08 Feb 2022 11:42:21 +0100

A Quick Action to shrink images using macOS Automator & shell scripts.

Location of Mac "Quick Actions"

Tue, 08 Feb 2022 08:36:41 +0100

Where to click in Automator to create a quick action in macOS.

Excel - convert columns to comments

Fri, 10 Dec 2021 12:30:20 +0100

A weird solution if you want to convert a column containing a lot of text descriptions into cell comments.

Migrating Postgres databases in containers

Thu, 04 Nov 2021 14:49:03 +0100

How to migrate Postgres databases running in Docker containers.

VS Code keymaps in Sublime Text

Thu, 04 Nov 2021 12:56:45 +0100

I ported some key mappings from VS Code to Sublime Text.

Create user and database in postgres

Thu, 04 Nov 2021 09:44:30 +0100

I always forget how to create a DB, a user, and the appropriate permissions in Postgres – so I wrote it down.

Home Assistant behind proxy

Fri, 29 Oct 2021 17:05:40 +0200

Home Assistant needs special configuration to be put behind a reverse proxy – I want to remember how.

Configure static IP address on Debian systems

Fri, 29 Oct 2021 15:21:16 +0200

The title says it all.

AWS - auto-join Windows clients to a managed AD

Mon, 18 Oct 2021 11:44:59 +0200

After the last post, we want Windows hosts that auto-join our managed AD. Here’s how to do this.

AWS - create VPC and a managed AD with terraform

Mon, 18 Oct 2021 11:19:23 +0200

The title says it all.

Home Assistant - human readable Fritz!Box uptime

Fri, 15 Oct 2021 22:44:14 +0200

How to display the Fritz!Box uptime in Home Assistant – in a readable way.

(AWS managed) AD - give local admin rights to domain users

Thu, 14 Oct 2021 13:52:50 +0200

Windows systems are utterly useless (for me) if I don’t have local admin rights. Here’s how to configure those for local users using the managed AWS AD.

Standard AD - auto-map a network drive

Thu, 14 Oct 2021 13:39:19 +0200

… using our managed AWS AD.

AWS managed AD - add user RDP permissions

Thu, 14 Oct 2021 13:16:01 +0200

Windows servers really dislike RDP logins. Yet, in the cloud, that’s really the single thing you want to have. Here’s how to make them accept it.

AWS managed AD - first steps after creation

Thu, 14 Oct 2021 13:16:00 +0200

The most important steps to perform right after we created a managed AWS AD.

Extract parts of a git repo as new one

Sat, 21 Aug 2021 12:15:07 +0200

Sometimes I want to extract a part of an existing repository (e.g. a sub directory), including history, and make a new repo out of it. Here’s how to do this.

jq snippets

Sat, 21 Aug 2021 11:09:38 +0200

The title says it all.

Lexoffice API notes

Wed, 18 Aug 2021 14:41:31 +0200

Some findings after trying to use the LexOffice API for a while.

JavaScript ISO date with local timezone

Wed, 18 Aug 2021 14:07:23 +0200

It’s missing from standard JavaScript, here’s a workaround.

Backup tool evaluation

Tue, 17 Aug 2021 21:04:20 +0200

I need a backup tool, those are the ones I consider.

remark42 comments

Tue, 17 Aug 2021 16:32:16 +0200

This is a test post. There should be a comment box below, powered by the pretty cool and really well documented remark42 commenting engine.

Let’s see … :)

GOPATH and GOROOT

Mon, 16 Aug 2021 11:03:46 +0200

Go confuses me – especially GOPATH and GOROOT. Here is how I (think I) understood it.

Completely delete teams on a Mac

Wed, 04 Aug 2021 21:37:54 +0200

The title says it all.

Auto-rebuild Docker images if base image changes using GitHub actions

Fri, 30 Jul 2021 14:11:51 +0200

The title says it all.

Convert RAW files on a Mac using "sips"

Sun, 25 Jul 2021 17:37:27 +0200

The title says it all.

Unattended upgrades in Debian/Ubuntu

Thu, 15 Jul 2021 18:50:59 +0200

The title says it all.

Set DNS search path on Unifi USG with DHCP

Tue, 13 Jul 2021 00:58:09 +0200

If you want to connect to “HOST” and nothing can be found, you can send a list of domains to clients to attach and try again. Here’s how to configure this in Unify.

Add swap space in Ubuntu

Wed, 23 Jun 2021 12:07:57 +0200

The title says it all.

Pi-Hole in Docker

Sun, 30 May 2021 20:02:26 +0200

Pi-Hole is a DNS adblocker you can also run in Docker.

Proxmox and home assistant

Thu, 27 May 2021 21:51:54 +0200

Proxmox is a virtualization solution, and I run Home Assistant in it.

Install Zalando Postgres operator

Sat, 01 May 2021 18:57:26 +0200

Experiments & findings with the Zalando Postgres K8S operator.

Install Crunchy Data Postgres operator

Sat, 01 May 2021 18:00:43 +0200

Experiments & findings with the Crunchy Data Postgres K8S operator.

Nextcloud cron job

Sat, 03 Apr 2021 15:27:32 +0200

Nextcloud needs a cron job to function. Running docker, “cronjob” does not work. Here’s how to get the same result.

Nextcloud out-of-memory PHP error

Sat, 03 Apr 2021 15:22:41 +0200

… and how to fix it.

Powershell Script Base

Tue, 23 Mar 2021 15:41:20 +0100

A (the standard?) PowerShell function template.

How to try Superset

Mon, 15 Mar 2021 15:25:18 +0100

Three lines from the Apache Superset docs, copied into this blog.

Install “legacy” brew on M1 apple silicon

Sun, 13 Dec 2020 19:43:09 +0000

Not everything works with brew and the new M1 – yet. So you might need the “classical” one.

Azure App Service & Python, Part I

Thu, 19 Nov 2020 22:55:11 +0000

The title says it all.

Install flutter on MacOS

Wed, 08 Jul 2020 21:43:22 +0000

The title says it all.

Rancher 2.4+ installation notes

Sun, 17 May 2020 17:57:53 +0000

The title says it all.

Homebrew, OpenSSL and PowerShell

Wed, 06 May 2020 10:23:54 +0000

How to (badly, insecurely) fix a really annoying bug using homebrew’s OpenSSL on macOS.

Ubuntu update procedure

Sun, 26 Apr 2020 12:24:39 +0000

The title says it all.

Coding fonts

Sun, 26 Apr 2020 09:49:57 +0000

A list of coding fonts I like. (Maybe I’ll even update it from time to time)

nextcloud and Docker and reverse proxies

Sat, 25 Apr 2020 23:18:15 +0000

nextcloud needs some “convincing” to work behind a reverse proxy. All running in Docker, naturally.

FritzBox, Unify Security Gateway, and router replacements

Sun, 19 Apr 2020 20:39:47 +0000

I re-did my home network. It was a lot more work than I expected – here are some notes.

SARS-CoV-2 (“Corona”) Data Sources and APIs

Sun, 29 Mar 2020 19:27:13 +0000

The title says it all. (Last update: 2020-04-01)

Configure Python on Windows

Sun, 22 Mar 2020 08:32:03 +0000

The title says it all.

Use autohotkey for text expansion on Windows

Fri, 13 Mar 2020 12:00:45 +0000

On macOS I use the fantastic Typinator – that doesn’t exist on Windows. Enter autohotkey.

Check MK container/k8s deployment

Sat, 25 Jan 2020 21:28:17 +0000

How to run the CheckML container behind a reverse proxy, a.k.a. “how I found a CheckML bug”.

cert-manager too old …

Sat, 11 Jan 2020 00:28:39 +0000

A.k.a. “my personal cert-manager-upgrade-adventure”, and you may read “adventure” as “Pain In The Ass”.

The 6 ways of returning data from an Azure Function

Sat, 31 Aug 2019 12:22:33 +0000

Yup, really, there are six (!!) ways you can return data. Some are even pretty useful.

Win10 & Veracrypt & systemd-boot

Sun, 25 Aug 2019 10:12:17 +0000

I want encrypted hard drives, yet MS did remove BitLocker. So I used VeraCrypt. Then I wanted to dual-boot. Here’s how to do this.

Windows after 13 years – and nothing changed

Fri, 19 Apr 2019 09:48:35 +0000

A rant.

Powershell, O365 & Teams PSTN calling

Wed, 05 Dec 2018 09:56:29 +0000

(I really don’t remember what this is about – yet I still hate Teams …)

Misc Django I – forms

Wed, 17 Oct 2018 11:06:46 +0000

Adding validation to Django forms is pretty easy, but dynamically filling a form dropdown/… with content from a database? I had to search a while.

Django, psql & “permission denied” on migrate

Tue, 16 Oct 2018 16:34:45 +0000

Django migrations vs. table owners in Postgres.

Firefox close tab buttons on mouse hover

Wed, 26 Sep 2018 18:59:04 +0000

How to get the “close tab” buttons back in Firefox – but only on mouse hover.

Databases with dokku

Sun, 26 Aug 2018 12:18:47 +0000

My dokku adventure continues: Here’s how to add a database to the deployment.

Helm in a kops cluster with RBAC

Fri, 25 May 2018 09:50:56 +0000

Solve a permissions problem with Tiller/Helm and a KOPS cluster in AWS.

Mac three finger gestures in browsers

Wed, 18 Apr 2018 18:55:43 +0000

I keep forgetting how to configure this in the macOS system settings.

Arch followup actions

Wed, 18 Apr 2018 08:26:09 +0000

Useful things to do after installing Arch Linux.

Python & Visual Studio code

Thu, 12 Apr 2018 18:27:39 +0000

Solve an issue with VS code not finding pipenv Python interpreters.

Arch linux + yubikeys

Wed, 28 Mar 2018 13:18:04 +0000

What to install, how to configure.

Ugly ligatures in Linux

Fri, 23 Feb 2018 08:07:29 +0000

The only person ever configuring TRULY great font configs in Linux has gone missing. I still try to replicate his configs. Here’s one more nugget.

crontab and nano

Thu, 01 Feb 2018 08:55:18 +0000

Set the default editor for “crontab -e” to be vim.

Shutter can’t edit images on Arch

Wed, 24 Jan 2018 11:55:36 +0000

Here’s how to solve it.

JIRA and Python

Tue, 17 Oct 2017 18:13:08 +0000

How to use the Python JIRA library to create a ticket.

CUPS is … weird

Thu, 27 Jul 2017 20:11:24 +0000

A small rant on CUPS while getting it to run.

No password prompts for GitHub "hub" client

Mon, 12 Jun 2017 13:47:04 +0000

I’m lazy – if you are too, here’s how to get rid of that annoying prompt :)

jq makes AWS “describe-instances” actually useful

Wed, 26 Apr 2017 12:33:04 +0000

Use jq to parse AWS CLI JSON output.

Linux font rendering sucks, a.k.a “Where is Boohomil”?

Thu, 20 Apr 2017 14:58:05 +0000

How to make Arch Linux fonts more beautiful.

Syntax highlighting with wordpress

Sat, 21 Jan 2017 10:52:33 +0000

The title says it all.

PyCharm, Arch linux & Python 3.6

Tue, 17 Jan 2017 14:45:29 +0000

PyCharm debugging stopped working – here’s how to bring it back.

Logs with docker and logstash

Thu, 12 Jan 2017 13:31:09 +0000

The title says it all.

Logstash, clone filter & add_field mysteries

Mon, 09 Jan 2017 10:49:29 +0000

Some hard-won insights into logstash.

Quick puppet debugging snippet for Atom

Wed, 06 Jul 2016 16:55:47 +0000

The title says it all.

Testing logstash configs with Docker

Tue, 28 Jun 2016 16:22:29 +0000

The title says it all.

Loathing RSpec and Puppet

Tue, 28 Jun 2016 08:07:24 +0000

A rant.

TeamCity LDAP authentication with JumpCloud

Wed, 22 Jun 2016 11:53:05 +0000

The title says it all.

Migrate Rancher database from container to external

Mon, 30 May 2016 15:01:59 +0000

… using Puppet.

Ansible inventory file from Consul

Thu, 17 Mar 2016 16:09:30 +0000

A one-liner.

Host monitoring with Prometheus

Tue, 08 Mar 2016 20:38:13 +0000

Use puppet & consul to monitor “bare metal” (VMs) infrastructure.

CI/CD, the status quo

Fri, 26 Feb 2016 16:49:01 +0000

A summary.

Arch with dm-cryptt on UEFI boot

Mon, 22 Feb 2016 17:49:13 +0000

A link collection.

Really annoying thread properties

Fri, 29 Jan 2016 11:27:29 +0000

A very non-intuitive (but consistent) behavior of Python threads.

Mac software essentials

Fri, 25 Dec 2015 17:32:01 +0000

Well, after the Firefox Essentials, here’s my list of Mac essentials:

LaunchBar
Homebrew
Firefox Beta
Exact Scan Pro (scanner utilities for Mac are still … all bad, this is absolutely good and relatively the best. VueScan might be better for about 0.05% of all scans I do, but the usability could actually not be any worse)
The Unarchiver
Sublime Text, or probably in the future Atom (text editors)
Cubby and Bittorrent Sync (document sync, don’t really like Dropbox)
VLC player
Better Snap Tool (yah, don’t really get the split screen of OS X)
PDF Expert or PDF Pen Pro (both good, the first is way cheaper, and the reason is that Preview can actually make PDF files bigger on edits like remove pages, or rearrange pages)
Amphetamine (keep your Mac awake)
Typinator (text epansion)
Twitter client (I actually use the official one)
Libre Office
Telegram (useful Whatsapp alternative, cause it also has a web interface)
Path Finder
Shimo (VPN client, really expensive, but “use this password for all connections in this folder” is awesome)
Hazel

My essential Firefox addons

Wed, 23 Dec 2015 17:22:52 +0000

… can be seen on the Firefox Addons page as collection 🙂 .

The addon ecosystem of Firefox is what keeps me with it. And the way it’s done. One example: Mouse Gestures are available on Chrome, which seems to be a lot faster and smoother today :’( … but in FF, when I go to the settings page, I can still use mouse gestures, cause it’s just another page.

In Chrome I can’t. I like the Firefox behavior - it’s consistent, which is highly a highly underrated property these days.

jq stuff

Fri, 11 Dec 2015 12:27:41 +0000

Waah. In case I *ever* need this again.

aws ec2 describe-security-groups | \
 jq '.SecurityGroups | \
 map(select(has("Tags"))) | \
 map(select(.Tags[].Key|contains("Name"))) | \
 .[] | \
 [ .Tags , .GroupId ] | \
 [ (.[0]|map(select(.Key=="Name")))[0].Value, .[1] ] | \
 join("=") '

What does it do? It makes a list

$NAME_TAG=$GROUP_ID

… for each security group which has a name tag. Yeah, right.

Shortcut with “ö” (o-umlaut)

Tue, 08 Dec 2015 14:58:31 +0000

I want my clipboard history on CTRL-Ö. Don’t ask why.

Here’s what you can enter in GNOME to get this:

<Ctrl>odiaeresis

Rancher IAM role

Tue, 08 Dec 2015 10:51:53 +0000

Rancher can create instances on EC2. If you want to define a dedicated IAM user for this, refer to the Amazon docs for the a profile template.

Unfortunately the first thing you get when using those permissions in rancher is “You are not authorized”. Great. I’ll update this when I know the correct permissions.

(Source: Rancher docs)

VPC with NAT to internet on AWS

Mon, 07 Dec 2015 13:37:11 +0000

… and other TLAs.

Anyways, as far as I remember OpenStack does not need this, so I thought I document it here. I at least was surprised.

Situation: You want a private network sement in the cloud (in my case an Amazon VPC), and you don’t want all hosts to be accessible from the internet. So you don’t assign public IPs, and you need a router/gateway.

Amazon creates a network internet gateway, but this thing does not do one thing: NATting. If your host does not have a private IP, it can’t connect to “the internet”.

CI / CD solutions

Mon, 07 Dec 2015 10:43:44 +0000

Everyone wants free candy. Or a CI/CD solution, that …

auto-deploys container-based servcies
auto-updates (roll-forward, roll-back) those services on keypress and “triggers”
has one-click-deployment of services.

My definition of “service” here is “A set of containers working together in a certain way, automatically load balanced where needed”. Example: A n worker nodes, loadbalanced from a web endpoint, and a database container. All deployed at the same time. Including one-click-deployment of environments (“Oh, I’d like to test this revision again, let’s deploy it quickly”…). Note that this is mostly CD (continuous deployment), cause CI is being done for a while now with - mostly - Jenins and other tools.

iTerm & keyboard

Sun, 29 Nov 2015 14:46:25 +0000

… cause I remember having searched for this before, with a lot less useful results.

Docker registry, S3 and permissions

Thu, 26 Nov 2015 16:06:57 +0000

There are a couple of bazillion blog posts saying “yah just did my docker registry on S3”.

It’s not so easy, though. Cause what if you want to limit access to a certain IAM user? Yup, you need to go deep (well, a bit) into the policy thing of Amazon. Which sounds simple, but isn’t.

I got “HTTP 500” errors from the docker registry when I first deployed. My configuration, which was wrong, looked like this:

InsufficientCapabilities on AWS

Thu, 19 Nov 2015 09:50:29 +0000

New project. I can play around as much as I want, as long as on day X I am done.

Really frightening, and really cool.

Anyway, first operation: Create a bunch of S3 buckets and IAM roles to interface with them. Which is kinda not-so-easy.

Beacause when you create IAM capabilities with cloudformation, you get this error:

{
    "CapabilitiesReason": "The following resource(s) require capabilities: [AWS::IAM::AccessKey, AWS::IAM::User]",
    "Capabilities": [
        "CAPABILITY_IAM"
    ],
    "Parameters": []
}

… which is a fancy way of saying “do this”:

Git rebase interactive with very first commit visible

Tue, 28 Jul 2015 14:34:08 +0000

Ever wanted to squash the first two commits with a “git rebase -i”? No? Me neither. Until today.

Stackoverflow to the rescue:

git rebase -i --root

Done.

Puppet spec fixtures

Tue, 28 Jul 2015 12:37:10 +0000

That’s how you specify branches in puppetlabs’ spec_helper fixtures.yml:

fixtures:
 forge_modules:
 stdlib:
 repo: "puppetlabs/stdlib"
 ref: "4.6.0"
 symlinks:
 mapr_helpers: "#{source_dir}"
 repositories:
 mapr:
 repo: "http://myurl/puppet-mapr.git"
 # this is a branch. stolen from: don't remember.
 ref: 'remotes/origin/ab/devel'

Docker, http and TLS

Wed, 15 Jul 2015 15:32:12 +0000

Today seems to be “annoyme-day”.

This error message with docker:

$ docker push myrepo.com:5000/name/image
Post http:///var/run/docker.sock/v1.19/images/myrepo.com:5000 \
 /name/image/push?tag=: read unix /var/run/docker.sock: \
 connection reset by peer. Are you trying to connect to \
 a TLS-enabled daemon without TLS?

… does not necessarily mean that we use http:// instead of https://.

It can also mean that the docker service is not running:

$ systemctl status docker.service
 ● docker.service - Docker Application Container Engine
 Loaded: loaded (/etc/systemd/system/docker.service; disabled; vendor preset: disabled)
 Active: failed (Result: start-limit) since Wed 2015-07-15 17:16:48 CEST; 15s ago
 Docs: https://docs.docker.com
 Process: 48587 ExecStart=/usr/bin/docker td -H fd:// $DOCKER_OPTS (code=exited, status=1/FAILURE)
 Main PID: 48587 (code=exited, status=1/FAILURE)

Took me 15 minutes.

Get SSL certificate from endpoint quickly

Wed, 15 Jul 2015 14:17:02 +0000

If you want to download and save it so stops f*cking bugging you, you need to have it.

Here’s a quick way. Shamelessly stolen from here: http://is.gd/A11rNR

openssl s_client -host google.com -port 443 -prexit -showcerts

Docker and proxies

Wed, 15 Jul 2015 13:59:43 +0000

… so I don’t forget.

“docker pull” will not use the HTTP_PROXY variable. Why? Because “docker” is just the cli program which tells the daemon what to do. And the daemon probably does not know about the variable if just set in the terminal.

So, what to do to make docker use it described pretty well here: https://docs.docker.com/articles/systemd/#http-proxy

Next thing: Don’t forget to go “systemctl daemon-reload”, because otherwise this will not be effective, even with “systemctl restart docker”.

Puppet Quiz: What’s wrong here?

Thu, 02 Jul 2015 09:49:23 +0000

The error is: Dependency cycle.

The code is:

class my::own::docker {
 include ::docker
 file { '/var/lib/docker':
 ensure => directory,
 before => Class['docker'],
 }
}

Why? 🙂

It’s rather simple here, in the real class it really took me a while to find it.

OpenStack IPs, part II

Tue, 23 Jun 2015 06:44:10 +0000

Just a short one. Now that I can list IPs (see last post), it might be nice to associate them on the command line, too. First I wanted to extend the little script, but then I remembered there must already be a CLI way for this.

And there is.

$ openstack server list
$ nova floating-ip-associate <server-uuid> <floating-IP>

(Note: The floating-ip is the actual IP, not the UUID of the OpenStack floating IP)

LibreOffice tables

Mon, 22 Jun 2015 16:24:01 +0000

Filed my first LibreOffice bugs. And I must say: A free and open source word processor with an open doucment format is desperately needed, but one that actually works. LibreOffice is really … well, bad looking and playing catch-up with “the other”, and crashing really way too often for my taste.

And while working with a lot of tables (which is a pain in the ass with LO) I found three bugs. And on one bug even the LO team agrees that it’s a major one 🙂 .

OpenStack floating IP convenience

Mon, 22 Jun 2015 10:35:12 +0000

Problem: I am working in a tenant which has a couple of hosts with floating IPs assigned. I always have to look them up either manually using the command line clients (and dealing with all those UUIDs), or manually in the web GUI. Didn’t like.

Solution: Python script, which outputs FLOATING_IP -> HOST_NAME.

Here it is.

#!/usr/bin/env python

from novaclient import client
import novaclient.v2.floating_ips as os_fips
import novaclient.v2.servers as os_servers
import novaclient.v2.networks as os_networks

#from pprint import pprint as pp
import os
from sys import exit


def error(printme):
 print("ERROR: {}".format(printme))
 exit(-1)

def check_env():
 for a in ("OS_TENANT_ID", "OS_TENANT_NAME", "OS_AUTH_URL", "OS_USERNAME", "OS_PASSWORD"):
 if not os.environ.get(a): error("Please set ${}".format(a))

def get_client():
 check_env()
 return client.Client(2,
 os.environ["OS_USERNAME"],
 os.environ["OS_PASSWORD"],
 os.environ["OS_TENANT_NAME"],
 os.environ["OS_AUTH_URL"])


if __name__=="__main__":
 nova = get_client()
 fipman = os_fips.FloatingIPManager(nova)
 servman = os_servers.ServerManager(nova)
 netman = os_networks.NetworkManager(nova)

 ips = fipman.list()
 srs = servman.list()

 id2server = {}
 for a in srs:
 id2server[a.id] = a

 ips = [(ip.ip, ip.instance_id) for ip in ips]
 # filter out unused floating ips (which have as instance id)
 ips = filter(lambda x: x[1], ips)
 # create (IP, SERVER_NAME pairs)
 ips = map(lambda x: (x[0], id2server[x[1]].name), ips)
 # sort for convenience by host instance name
 ips = sorted(ips, key=lambda x: x[1].lower())

 for a in ips:
 print("{:18s} {}".format(a[0], a[1]))

Sample output:

Microsoft Code and Typescript

Fri, 19 Jun 2015 16:36:33 +0000

So being on the enterJS conference I wanted to get started with JavaScript. And TypeScript seems really promising. And once again I stumbled over the DIW pattern - Download, Install, Weird error messages.

So, here’s my take on how to get started.

I wanted …

to try node-hid to see my USB HID devices, using TypeScript, Microsoft Visual Studio Code, and Node.js.

So here’s how to get it to work:

Shared clipboard for Arch Linux as VMWare guest

Mon, 15 Jun 2015 19:33:01 +0000

… aaaand I wanted to have a shared clipboard. It’s again all in the wiki, but again a bit distributed. So here we go.

First: Install open-vm-tools and gtkmm, then add some modules to system bootup

“sudo pacman -S open-vm-tools gtkmm”
“sudo vim /etc/mkinitcpio.conf”
Under “MODULES=…” add the following: “vmxnet3 vmw_vmci vmw_pvscsi vmw_balloon” (You probably don’t need most of them, but this is the config which worked for me. I didn’t try to remove them one-by-one to see which ones are actually needed)
“sudo mkinitcpio -p linux”
reboot

Second, make sure “vmware-user-suid-wrapper” is stared on login:

Install infinality fonts bundle in arch

Mon, 15 Jun 2015 12:09:41 +0000

Installing custom repos in Arch is kind of annoying. But here’s how it goes (especially if you’re behding a firewall which permits only ports 80, 443 and 22):

First. Switch the keyserver to a HTTP based one. To do this:

edit /etc/pacman.d/gnupg/gnupg.conf
replace “keyserver hkp://…” with “keyserver hkp://keyserver.kjsl.com:80”

Second. Get the key ID for the repo (in my case from the wiki):

KEY ID is “962DDE58”

Third. Download key from keyserver and sign it locally:

Fedora, docker and self-signed SSL certs

Wed, 15 Apr 2015 06:48:58 +0000

I am behind a company firewall with a man-in-the-middle SSL certificate for secure connections. Can’t have viruses over SSL, can we?

But apps which actually verify SSL connections (which is all of the apps using standard SSL/TLS/whatnot libs) do not like this. And rightfully so. But then we’re left with the following problem:

$ docker search test
FATA[0000] Error response from daemon: GEt https://index.docker.io/v1/search?q=test: x509: certificate signed by unknown authority
$

Now, to solve this on Fedora we do the following (all as root):

zsh and dot-directory completions

Wed, 27 Aug 2014 18:29:15 +0000

I blog so I don’t forget. At least that’s what I’m telling me right now 🙂 .

So. To make zsh complete - for example - “cd ..” (it should append a “/” on TAB, right?) set the following in the .zshrc:

setopt autocd
zstyle ':completion:*' special-dirs true    # please complete "cd .._/_" ...

Great. Of course from Stackoverflow.

Synology and Git, II

Wed, 27 Aug 2014 17:58:42 +0000

Don’t use the synology git package.

But then Git’s not installed.

I found a compromise:

Install the package
disable it
switch back the shells in /etc/passwd from <something_with_git> to /bin/sh

Be happy.

Sublime Text: Keyboard Shortcut for setting Tab Width

Wed, 20 Aug 2014 17:50:14 +0000

Schwer zu finden … Wer schnell über das Keyboard die Tab Width verändern will, der tue das so:

 {
 "keys": ["super+k", "super+2"],
 "command": "set_setting",
 "args":
 {
 "setting": "tab_size",
 "value": 2
 }
 }

(gefunden hier: http://is.gd/Pz9zE0)

NAS Performance & Mac

Thu, 14 Aug 2014 09:08:31 +0000

Ich bin stolzer Besitzer eines Synology NAS. Das hängt mit meinem Mac an einem Gigabit-Ethernet, und funktioniert ziemlich gut. Große Dateien bekomme ich mit Transferraten von +- 100 MB/sec rüber.

Aber.

Möchte ich von meinem Mac aus eine Netzwerkfreigabe im Finder browsen - dann dauert das listen von Verzeichnissen SEKUNDEN. Anzeigen von JPGs (kleinen!) in der Vorschau auch gerne mal 10-20 davon.

Abhilfe schafften nach langem googlen folgende Erste-Hilfe-Maßnahmen im Terminal:

The limits of puppetDB a.k.a. etcd with puppet

Fri, 09 May 2014 23:15:51 +0000

Okay. Maybe this is the completely wrong way to do this, but I found no other. Comments appreciated.

Situation:

A DNS server cluster, meaning pacemaker managing an IP failover if one of them fails.
The cluster IP (the one switching over) should be the IP used for DNS lookups.

Idea:

Hosts should automatically find ’their’ DNS server using something. The DNS server should register itself somewhere so it is automatically set up during the first puppet run.

So far, so good. Unfortunately there are a few problems with it. My first approach was something like this:

Synology Git Server

Tue, 14 Jan 2014 21:31:36 +0000

Ich besitze ab neulich eine wundervolle Synology DS414. Schönes Teil.

Und da ich aktuell ein wenig programmiere zu Hause wollte ich mir hier ein Git repository server einrichten. Das ist nicht ganz trivial, und wer sich github- oder gitlab-ähnlichen Komfort erhofft … ah, nö. Es ist commandline only, und davon viel. Aber zum Punkt - der schnellstmöglichen Einrichtung eines Git-Repo-Servers auf einer Diskstation.

Der SSH-Zugriff unter Systemsteuerung > Terminal muss aktiviert sein.
Es müssen Benutzer angelegt sein, und diese müssen ein Home-Verzeichnis haben (für die ssh-Schlüssel, ohne die es keinen Spaß macht). Das home-Verzeichnis aktiviert man in der Systemsteuerung > Benutzer, dann oben ein Knopf Benutzerbasis (der 2. von rechts bei mir)
Wenn die Benutzer vorhanden sind legt man eine Freigabe an, das macht die Sache einfacher. Ich nutze /volume1/gitrepos.
Den eigenen ssh-Schlüssel ins home-Verzeichnis kopieren. Das sollte unter /volume1/homes/<Benutzer> erreichbar sein, das Volume hat man vorhin in Schritt (1) ausgewählt. (natürlich muss .ssh/ 0600 und . sein, und .ssh/authorized_keys 0700 und ., aber das muss ich ja nicht extra erwähnen, oder?)
Jetzt den Git-Service aktivieren, dem gewünschten Benutzer den Zugriff erlauben.
Ein repository anlegen ist leider Handarbeit:
- Anmelden als root, dann nach /volume1/gitrepos wechseln, ein Verzeichnis anlegen …
- … git init --bare ausführen, … und
- und jetzt entweder alles word-writable machen (bäh), oder dem entsprechenden Benutzer mittels chown zuweisen (yup).
- Beispiel: /volume1/gitrepos/my_repo
Schließlich auf dem Arbeitsrechner noch git das neue Repo übergeben: git remote add origin <user>@<diskstation>:/volume1/gitrepos/my_repo
… und das wars.

Ganz einfach, oder? Naja.

Oracle virtualization

Mon, 13 Jan 2014 14:22:00 +0000

Ich hatte das zweifelhafte Vergnügen, mich mit OracleVM beschäftigen zu dürfen. Der Xen-basierten Virtualisierungslösung von Oracle. Zu dieser gehört der sog. “Oracle Manager”, eine WebLogic-basierte Anwendung zur Verwaltung aller VM hosts, cluster, VMs, und sonst noch allem. Die Aufgabe, die wir zu erledigen hatten, war prinzipiell einfach: Benutze den vorhandenen Manager, um auf 3 neuen Blades jeweils OracleVM (das Host-System) zu installieren, um dort ein paar virtuelle Maschinen laufen zu lassen. Der Trick: Die Blades waren über Trunk-Ports ans Netzwerk angeschlossen, da die VMs in verschiedenen Netzen operieren sollten.

Augeas und Reihenfolge

Thu, 01 Aug 2013 16:58:13 +0000

Problem: mit HIlfe von Augeas einen Eintrag zur /etc/hosts Datei hinzufügen.

Erste Lösung:

augeas { "${title}" :
 context => '/files/etc/hosts',
 changes => [
 "rm *[canonical = '${host}']",
 "set 02/canonical ${host}",
 "set 02/ipaddr ${ip}",
 ]
}

Funktioniert nicht. Warum? Trotz Aufruf von “save” am Ende einer jeden Sitzung im augtool ist die Reihenfolge der Anweisungen durchaus entscheidend - die Daten werden offenbar nicht erst am Ende zusammengesetzt. Hier z.B. gilt: In der gleichen Reihenfolge vorgehen, wie es auch in die Datei geschrieben werden würde. Und da steht nun mal am Anfang die IP Adresse. Daher also eine einfache kleine Änderung machen und schon gehts:

Nervige Puppet Fehler

Fri, 26 Jul 2013 11:20:02 +0000

Was geht hier nicht?

class { 'whatever' :
 do => 'something',
 before => Class[ 'something_else' ],
} ->

class { 'yeah_yeah' : do => 'even_more', }

Na? Niemand? Gut. Lösung: “before =>” und “->” mischen sich nicht. Das wäre nicht so schlimm, wäre die Fehlermeldung nicht absolut … unzureichend:

err: Could not retrieve catalog from remote server: Error 400 on SERVER: undefined method `<<' for {}:Hash on node bstrap_foreman_v2. ...

Noch sowas dass man nicht mehr vergisst. Glücklicherweise gibts grafische git logs …

Puppet & Augeas & Pulp

Fri, 19 Jul 2013 11:12:58 +0000

Ach Augeas ist schon genial. Wenn nur nicht … (jaja, immer was zu meckern). Anlass diesmal: /etc/pulp/admin/admin.conf. Das ist eine in Augeas nicht vorgesehene Datei, und die Augeas-Doku ist … nun ja. Analyse: Die Datei besteht aus Sektionen ("[blablubb]"), und Einträgen (“hallo = welt”). Da sollte sich doch was finden lassen.

Tut es auch: Die IniFile-Lens. Preisfrage: Wie testet man das? Beim Ausprobieren stieß ich auch auf die Information, dass die IniFile-Lens nicht für direkte Nutzung gedacht ist, sondern nur für die Nutzung in … abgeleiteten Lenses. Wie z.B. der Puppet-Lens. Die angeblich gut passt. Dann testet man das auf der Konsole folgendermaßen:

Puppet, Arrays & Iteratoren

Thu, 18 Jul 2013 16:05:48 +0000

Endlich, endlich, endlich kommt in Puppet 3.2 die Möglichkeit, Schleifen zu bauen. Dann könnte ich eventuell folgende Aufgabenstellung ein klein wenig einfacher realisieren (aktuell arbeite ich bis zur endgültigen Umstellung unserer Systeme mit Puppet 2.7):

Fasse alle im Rechner befindlichen Blockdevices der Form “/dev/sd*” - aber außer /dev/sda - in einer LVM volume group zusammen.

Das Herausfinden der Blockdevices erledigt ein Fact aus Facter … naja, nicht ganz - ein in Facter 2.0 verfügbarer Fact, den ma aber dankenswerterweise zurückportieren kann. Dieser liefert uns $blockdevices - eine Komma-getrennte Liste der gefundenen devices, allerdings ohne “/dev/”, also nur “sda,sdb,sdc”.

Puppet Stages & Notify

Thu, 04 Jul 2013 10:10:39 +0000

Die notify Funktion von Puppet hat eine seltsame Eigenschaft, die ich persönlich wenig nachvollziehbar finde. Sie impliziert einen “before”-Zusammenhang zwischen der Resource, die benachrichtigt, und der benachrichtigten. Das führt zu unpraktischen Komplikationen. Der Versuch einer Herleitung:

service { "tomcat" : ensure => running }
file { "/etc/tomcat.conf" : notify => Service["tomcat"] }

Das funktioniert bestens, und bedeutet, dass zuerst die file-Direktive abgearbeitet wird, und dann der Service. Darauf aufbauend kann ich mir sehr gut folgende Erweiterung vorstellen:

class { "deployment::basic_app_server" : }
file { "/etc/tomcat.conf" : notify => Service["tomcat"] }

Nehmen wir an in “deployment::basic_app_server” werden einige zentrale Dinge geregelt, darunter auch der tomcat-Service. Die Absicht: Ich möchte mich darauf verlassen können, dass spezifische Module auf einem bestimmten Konfigurationsstand aufsetzen. Dafür wurden stages eigentlich erfunden (meines Erachtens nach), also erweitern wir zu:

Sicherheitsmodus

Wed, 03 Jul 2013 12:25:31 +0000

Eben in der Mailbox:

From: […] Betreff: Drucker prntr3131 läuft im Sicherheitsmodus

Hallo, der Etagendrucker im 3. OG “prntr3131” druckt zur Zeit weiße Schrift auf weißem Papier. Die Hotline ist informiert und wird wohl einen Techniker bestellen.

Gruß, […]

🙂