How to use the Python JIRA library to create a ticket.

A small rant on CUPS while getting it to run.

I’m lazy – if you are too, here’s how to get rid of that annoying prompt :)

Use jq to parse AWS CLI JSON output.

How to make Arch Linux fonts more beautiful.

The title says it all.

More opinion I can read myself.

I have an opinion on this. Nobody will care, but I can read it myself at least.

The title says it all.

PyCharm debugging stopped working – here’s how to bring it back.

The title says it all.

Some hard-won insights into logstash.

The title says it all.

The title says it all.

A rant.

The title says it all.

… using Puppet.

A one-liner.

Use puppet & consul to monitor “bare metal” (VMs) infrastructure.

A summary.

A link collection.

A very non-intuitive (but consistent) behavior of Python threads.

Well, after the Firefox Essentials, here’s my list of Mac essentials: LaunchBar Homebrew Firefox Beta Exact Scan Pro (scanner utilities for Mac are still … all bad, this is absolutely good and relatively the best. VueScan might be better for about 0.05% of all scans I do, but the usability could actually not be any worse) The Unarchiver Sublime Text, or probably in the future Atom (text editors) Cubby and Bittorrent Sync (document sync, don’t really like Dropbox) VLC player Better Snap Tool (yah, don’t really get the split screen of OS X) PDF Expert or PDF Pen Pro (both good, the first is way cheaper, and the reason is that Preview can actually make PDF files bigger on edits like remove pages, or rearrange pages) Amphetamine (keep your Mac awake) Typinator (text epansion) Twitter client (I actually use the official one) Libre Office Telegram (useful Whatsapp alternative, cause it also has a web interface) Path Finder Shimo (VPN client, really expensive, but “use this password for all connections in this folder” is awesome) Hazel

… can be seen on the Firefox Addons page as collection 🙂 . The addon ecosystem of Firefox is what keeps me with it. And the way it’s done. One example: Mouse Gestures are available on Chrome, which seems to be a lot faster and smoother today :’( … but in FF, when I go to the settings page, I can still use mouse gestures, cause it’s just another page. In Chrome I can’t. I like the Firefox behavior - it’s consistent, which is highly a highly underrated property these days. ...

Waah. In case I *ever* need this again. aws ec2 describe-security-groups | \ jq '.SecurityGroups | \ map(select(has("Tags"))) | \ map(select(.Tags[].Key|contains("Name"))) | \ .[] | \ [ .Tags , .GroupId ] | \ [ (.[0]|map(select(.Key=="Name")))[0].Value, .[1] ] | \ join("=") 'What does it do? It makes a list $NAME_TAG=$GROUP_ID… for each security group which has a name tag. Yeah, right.

I want my clipboard history on CTRL-Ö. Don’t ask why. Here’s what you can enter in GNOME to get this: odiaeresis

Rancher can create instances on EC2. If you want to define a dedicated IAM user for this, refer to the Amazon docs for the a profile template. Unfortunately the first thing you get when using those permissions in rancher is “You are not authorized”. Great. I’ll update this when I know the correct permissions. (Source: Rancher docs)

… and other TLAs. Anyways, as far as I remember OpenStack does not need this, so I thought I document it here. I at least was surprised. Situation: You want a private network sement in the cloud (in my case an Amazon VPC), and you don’t want all hosts to be accessible from the internet. So you don’t assign public IPs, and you need a router/gateway. Amazon creates a network internet gateway, but this thing does not do one thing: NATting. If your host does not have a private IP, it can’t connect to “the internet”. ...

Everyone wants free candy. Or a CI/CD solution, that … auto-deploys container-based servcies auto-updates (roll-forward, roll-back) those services on keypress and “triggers” has one-click-deployment of services. My definition of “service” here is “A set of containers working together in a certain way, automatically load balanced where needed”. Example: A n worker nodes, loadbalanced from a web endpoint, and a database container. All deployed at the same time. Including one-click-deployment of environments (“Oh, I’d like to test this revision again, let’s deploy it quickly”…). Note that this is mostly CD (continuous deployment), cause CI is being done for a while now with - mostly - Jenins and other tools. ...

make alt-left/right work as cmd-left/right in iTerm Make alt-dot work as cmd-dot in iTerm … cause I remember having searched for this before, with a lot less useful results.

All right, back again. Much text here. Let’s talk about … Containerizing The Binaries We are done with the build, now we have a binary. I went for something simple: Who knows best how to put this into a container? The dev guy. Cause he knows what he needs, where he needs it, and where it can be found after the build. ...

For CI I want the classics - a check in (push) to the repo should be catched by TeamCity, and trigger … a build of the artifact, once running of unit tests containerizing the artifact uploading it to a private Docker registry The question was: How? This post deals with building the code. Building Code When I build code I am faced with a simple question: Which library versions do I use? ...

… so far. It might be crappy, but I’ll share it, cause it’s working. (Well, today it started doing this 😉 ). But enough preamble, let’s jump in. The Situation I am in a new project. Those people have nothing but a deadline, and when I say nothing I mean it. Not even code. They asked me what I would do, and I said “go cloud, use everything you can from other people, so you don’t have to do it, and you stay in tune with the rest of the universe” (read: avoid NIH syndrome). They agreed, and hired me. ...

There are a couple of bazillion blog posts saying “yah just did my docker registry on S3”. It’s not so easy, though. Cause what if you want to limit access to a certain IAM user? Yup, you need to go deep (well, a bit) into the policy thing of Amazon. Which sounds simple, but isn’t. I got “HTTP 500” errors from the docker registry when I first deployed. My configuration, which was wrong, looked like this: ...

New project. I can play around as much as I want, as long as on day X I am done. Really frightening, and really cool. Anyway, first operation: Create a bunch of S3 buckets and IAM roles to interface with them. Which is kinda not-so-easy. Beacause when you create IAM capabilities with cloudformation, you get this error: { "CapabilitiesReason": "The following resource(s) require capabilities: [AWS::IAM::AccessKey, AWS::IAM::User]", "Capabilities": [ "CAPABILITY_IAM" ], "Parameters": [] }… which is a fancy way of saying “do this”: ...

Ever wanted to squash the first two commits with a “git rebase -i”? No? Me neither. Until today. Stackoverflow to the rescue: git rebase -i rootDone.

That’s how you specify branches in puppetlabs’ spec_helper fixtures.yml: fixtures: forge_modules: stdlib: repo: "puppetlabs/stdlib" ref: "4.6.0" symlinks: mapr_helpers: "#{source_dir}" repositories: mapr: repo: "http://myurl/puppet-mapr.git" # this is a branch. stolen from: don't remember. ref: 'remotes/origin/ab/devel'

Today seems to be “annoyme-day”. This error message with docker: $ docker push myrepo.com:5000/name/image Post http:///var/run/docker.sock/v1.19/images/myrepo.com:5000 \ /name/image/push?tag=: read unix /var/run/docker.sock: \ connection reset by peer. Are you trying to connect to \ a TLS-enabled daemon without TLS?… does not necessarily mean that we use http:// instead of https://. It can also mean that the docker service is not running: $ systemctl status docker.service ● docker.service - Docker Application Container Engine Loaded: loaded (/etc/systemd/system/docker.service; disabled; vendor preset: disabled) Active: failed (Result: start-limit) since Wed 2015-07-15 17:16:48 CEST; 15s ago Docs: https://docs.docker.com Process: 48587 ExecStart=/usr/bin/docker td -H fd:// $DOCKER_OPTS (code=exited, status=1/FAILURE) Main PID: 48587 (code=exited, status=1/FAILURE)Took me 15 minutes. ...

If you want to download and save it so stops f*cking bugging you, you need to have it. Here’s a quick way. Shamelessly stolen from here: http://is.gd/A11rNR openssl s_client -host google.com -port 443 -prexit -showcerts

… so I don’t forget. “docker pull” will not use the HTTP_PROXY variable. Why? Because “docker” is just the cli program which tells the daemon what to do. And the daemon probably does not know about the variable if just set in the terminal. So, what to do to make docker use it described pretty well here: https://docs.docker.com/articles/systemd/#http-proxy Next thing: Don’t forget to go “systemctl daemon-reload”, because otherwise this will not be effective, even with “systemctl restart docker”. ...

The error is: Dependency cycle. The code is: class my::own::docker { include ::docker file { '/var/lib/docker': ensure => directory, before => Class['docker'], } }Why? 🙂 It’s rather simple here, in the real class it really took me a while to find it.

Just a short one. Now that I can list IPs (see last post), it might be nice to associate them on the command line, too. First I wanted to extend the little script, but then I remembered there must already be a CLI way for this. And there is. $ openstack server list $ nova floating-ip-associate (Note: The floating-ip is the actual IP, not the UUID of the OpenStack floating IP) ...

Filed my first LibreOffice bugs. And I must say: A free and open source word processor with an open doucment format is desperately needed, but one that actually works. LibreOffice is really … well, bad looking and playing catch-up with “the other”, and crashing really way too often for my taste. And while working with a lot of tables (which is a pain in the ass with LO) I found three bugs. And on one bug even the LO team agrees that it’s a major one 🙂 . ...

Problem: I am working in a tenant which has a couple of hosts with floating IPs assigned. I always have to look them up either manually using the command line clients (and dealing with all those UUIDs), or manually in the web GUI. Didn’t like. Solution: Python script, which outputs FLOATING_IP -> HOST_NAME. Here it is. #!/usr/bin/env python from novaclient import client import novaclient.v2.floating_ips as os_fips import novaclient.v2.servers as os_servers import novaclient.v2.networks as os_networks #from pprint import pprint as pp import os from sys import exit def error(printme): print("ERROR: {}".format(printme)) exit1) def check_env(): for a in ("OS_TENANT_ID", "OS_TENANT_NAME", "OS_AUTH_URL", "OS_USERNAME", "OS_PASSWORD"): if not os.environ.get(a): error("Please set ${}".format(a)) def get_client(): check_env() return client.Client(2, os.environ["OS_USERNAME"], os.environ["OS_PASSWORD"], os.environ["OS_TENANT_NAME"], os.environ["OS_AUTH_URL"]) if __name__=="__main__": nova = get_client() fipman = os_fips.FloatingIPManager(nova) servman = os_servers.ServerManager(nova) netman = os_networks.NetworkManager(nova) ips = fipman.list() srs = servman.list() id2server = {} for a in srs: id2server[a.id] = a ips = [(ip.ip, ip.instance_id) for ip in ips] # filter out unused floating ips (which have as instance id) ips = filter(lambda x: x[1], ips) # create (IP, SERVER_NAME pairs) ips = map(lambda x: (x[0], id2server[x[1]].name), ips) # sort for convenience by host instance name ips = sorted(ips, key=lambda x: x[1].lower()) for a in ips: print("{:18s} {}".format(a[0], a[1]))Sample output: ...

So being on the enterJS conference I wanted to get started with JavaScript. And TypeScript seems really promising. And once again I stumbled over the DIW pattern - Download, Install, Weird error messages. So, here’s my take on how to get started. I wanted … to try node-hid to see my USB HID devices, using TypeScript, Microsoft Visual Studio Code, and Node.js. So here’s how to get it to work: ...

… aaaand I wanted to have a shared clipboard. It’s again all in the wiki, but again a bit distributed. So here we go. First: Install open-vm-tools and gtkmm, then add some modules to system bootup “sudo pacman -S open-vm-tools gtkmm” “sudo vim /etc/mkinitcpio.conf” Under “MODULES=…” add the following: “vmxnet3 vmw_vmci vmw_pvscsi vmw_balloon” (You probably don’t need most of them, but this is the config which worked for me. I didn’t try to remove them one-by-one to see which ones are actually needed) “sudo mkinitcpio -p linux” reboot Second, make sure “vmware-user-suid-wrapper” is stared on login: ...

Installing custom repos in Arch is kind of annoying. But here’s how it goes (especially if you’re behding a firewall which permits only ports 80, 443 and 22): First. Switch the keyserver to a HTTP based one. To do this: edit /etc/pacman.d/gnupg/gnupg.conf replace “keyserver hkp://…” with “keyserver hkp://keyserver.kjsl.com:80” Second. Get the key ID for the repo (in my case from the wiki): KEY ID is “962DDE58” Third. Download key from keyserver and sign it locally: ...

I am behind a company firewall with a man-in-the-middle SSL certificate for secure connections. Can’t have viruses over SSL, can we? But apps which actually verify SSL connections (which is all of the apps using standard SSL/TLS/whatnot libs) do not like this. And rightfully so. But then we’re left with the following problem: $ docker search test FATA[0000] Error response from daemon: GEt https://index.docker.io/v1/search?q=test: x509: certificate signed by unknown authority $Now, to solve this on Fedora we do the following (all as root): ...

I blog so I don’t forget. At least that’s what I’m telling me right now 🙂 . So. To make zsh complete - for example - “cd ..” (it should append a “/” on TAB, right?) set the following in the .zshrc: setopt autocd zstyle ':completion:*' special-dirs true # please complete "cd .._/_" ...Great. Of course from Stackoverflow.

Don’t use the synology git package. But then Git’s not installed. I found a compromise: Install the package disable it switch back the shells in /etc/passwd from to /bin/sh Be happy.