Thursday, July 31, 2014
Ansible and Corporate security
Was admittedly poking my nose in my colleagues' troubles, when they were describing setting up Ansible on a Go "CI Server" which required to SSH to our WebSphere Deployment Managers. Cos as you know, Ansible doesn't use a server-agent topology like Puppet does, but instead uses SSH keys. To put it pictorially:
Trouble is, Ansible must SSH as "root", and Go agent must run as "go", meaning you have to SSH as a different user. This means SSH keys stored in the "root" directory to avoid logging in each time, which is a breach of security! This sparked discussions of actually getting a "root" user accessible by us (which no sane security team is gonna allow). It actually makes sense to get sudo access for "go" or whatever we decide on the CI server, but we've yet to work that out.
Sunday, July 27, 2014
Hackintosh setup!
I thought I'd take a minute to 'document' my experience setting up a Hackintosh on a brand new PC, with existing Windows 7 Professional (64-bit). I was a complete noob at this, and coming out of it I'm just bedazzled how much legacy instructions are out there.
Don't do everything that you find Google tells you to do.
I'll highlight VERY CLEARLY what the pre-requisites are (and critique if not clear enough, let's work together brahs):
1) Knowing what type of partition your OS boots from (MBR or EFI). Here's an example:
2) Depending on the above, choosing a bootloader (Clover for UEFI, Chimera for MBR). Don't follow the TonyMac website if you're using EFI, you'll end up needing to format your PC.
3) BACKING UP your EFI files. Nothing frustrated me more than not knowing what partition these were on, or where they were on the Windows CD.
4) Make sure you buy a USB stick. If you accidentally delete your EFI partition, at least you can still boot into Mac with this.
5) A copy of Mac OS. I had an Apple laptop lying around, so I downloaded the OS from the AppStore. Otherwise ask your friends to get it for you.
6) 2 disk drives is preferable, 1 for each OS. I have Windows on my SSD, and Mac on my HDD.
7) Most importantly, get familiar with extending partitions and creating them with fdisk in Mac OS. Loads of Hackintosh setup sites have the commands you'll need (I deleted and recreated partitions at least 5 times before it worked).
My SSD has a 100MB EFI partition. Hackintosh instructions state to set this to 200MB. PAY NO ATTENTION. Just stick with 100MB and don't mess with the sizes of your partitions or they'll start at address spaces you won't want them to. Again I'll say I used a PC with an existing Windows 7 installed.
Don't do everything that you find Google tells you to do.
I'll highlight VERY CLEARLY what the pre-requisites are (and critique if not clear enough, let's work together brahs):
1) Knowing what type of partition your OS boots from (MBR or EFI). Here's an example:
3) BACKING UP your EFI files. Nothing frustrated me more than not knowing what partition these were on, or where they were on the Windows CD.
4) Make sure you buy a USB stick. If you accidentally delete your EFI partition, at least you can still boot into Mac with this.
5) A copy of Mac OS. I had an Apple laptop lying around, so I downloaded the OS from the AppStore. Otherwise ask your friends to get it for you.
6) 2 disk drives is preferable, 1 for each OS. I have Windows on my SSD, and Mac on my HDD.
7) Most importantly, get familiar with extending partitions and creating them with fdisk in Mac OS. Loads of Hackintosh setup sites have the commands you'll need (I deleted and recreated partitions at least 5 times before it worked).
My SSD has a 100MB EFI partition. Hackintosh instructions state to set this to 200MB. PAY NO ATTENTION. Just stick with 100MB and don't mess with the sizes of your partitions or they'll start at address spaces you won't want them to. Again I'll say I used a PC with an existing Windows 7 installed.
Saturday, July 26, 2014
Vagrant proxy on Cygwin
Cygwin + Ruby + Vagrant = Pain!
Vagrantfile. Simple. I was given this by a colleague running Vagrant on a Mac.
Try to install vagrant-proxyconf, and you get a barrage of errors if your Cygwin doesn't have the required libraries. So I'm gonna take it from the top here.
First thing, getting Ruby. Using Ruby from http://rubyinstaller.org/downloads/ caused headaches with running "gem", where I had to add "gem.bat" to my .bashrc file as an "alias", so I just stuck with the setup.x86_x64.exe Cygwin method.
Next, getting RubyGems. Get it here: https://rubygems.org . Put it in C:/RubyGems
Install RubyGems:
cd C:/RubyGems
ruby setup.rb install
Required Cygwin libraries (setup.86_x64.exe again)
libcrypt-devel
gcc (I had to search gcc then select the whole "Devel" package to make sure I got this, change the dropdown "Devel (Default)" to "Devel (Install)" if not clear)
make
Now, if you run "vagrant plugin install vagrant-proxyconf" now, you'll get this error:
DEBUG [dc362284] Bundler::GemNotFound: Could not find json-1.8.1.gem for installation
DEBUG [dc362284] An error occurred while installing json (1.8.1), and Bundler cannot continue.
DEBUG [dc362284] Make sure that `gem install json -v '1.8.1'` succeeds before bundling.
So run "gem install json -v '1.8.1'. If you get problems with this, it's because you didn't have gcc,make or libcrypt.
Then run "vagrant plugin install vagrant-proxyconf". What I ran into was: Make sure that `gem install json -v '1.8.1'` succeeds before bundling.
Wtf? But my gem installed successfully! After finding out I had another Cygwin installation (though not on any path), I removed that folder and it still didn't work. I reinstalled Vagrant and it FINALLY...progresses.
It gets to the part to download the box, and then spits another error:
C:/HashiCorp/Vagrant/embedded/lib/ruby/2.0.0/uri/common.rb:176:in `split': bad URI(is not URI?): file://C:\cygwin\home\michart\base (URI::InvalidURIError)
Ruby doesn't parse Windows paths! Or maybe it's Cygwin being stupid. You would expect a widely used scripting language to have figured this out by now. So what I did was add this to common.rb:
Voila, it tries to download the box! But then I hit yet another problem...
An error occurred while downloading the remote file. The error
message, if any, is reproduced below. Please fix this error and try
again.
Couldn't open file /cygwin/home/michart/base
Well this one's probably just worded horribly, but my proxy was inaccessible, corporate VPN client looks like it's down over the weekend...blah.
Do note however, when it's just a simple "vagrant up" with a "vagrant init" Vagrantfile, I had no issues. This looked like extra steps I needed for "vagrant plugin install" to work.
Hope this helps anyone trying to get Vagrant working!
Vagrantfile. Simple. I was given this by a colleague running Vagrant on a Mac.
Vagrant.configure("2") do |config|
config.vm.box = "base"
#Ensure proxy plugin is installed - $ vagrant plugin install vagrant-proxyconf
config.proxy.http = "http://XXX"
config.proxy.https = "http://XXX"
config.vm.define :box1 do |box1|
box1.vm.network :private_network, :ip => "XXX"
box1.vm.hostname = "box1"
box1.vm.synced_folder ENV['HOME'], "/home/vagrant/home"
box1.vm.provider "virtualbox" do |v|
v.customize ['modifyvm', :id, '--memory', '4096']
v.customize ['modifyvm', :id, '--cpus', '2']
end
box1.vm.provision :puppet do |puppet|
puppet.manifests_path = "./manifests"
puppet.module_path = "./modules"
puppet.manifest_file = "site.pp"
puppet.options = "--verbose"
end
end
end
Try to install vagrant-proxyconf, and you get a barrage of errors if your Cygwin doesn't have the required libraries. So I'm gonna take it from the top here.
First thing, getting Ruby. Using Ruby from http://rubyinstaller.org/downloads/ caused headaches with running "gem", where I had to add "gem.bat" to my .bashrc file as an "alias", so I just stuck with the setup.x86_x64.exe Cygwin method.
Next, getting RubyGems. Get it here: https://rubygems.org . Put it in C:/RubyGems
Install RubyGems:
cd C:/RubyGems
ruby setup.rb install
Required Cygwin libraries (setup.86_x64.exe again)
libcrypt-devel
gcc (I had to search gcc then select the whole "Devel" package to make sure I got this, change the dropdown "Devel (Default)" to "Devel (Install)" if not clear)
make
Now, if you run "vagrant plugin install vagrant-proxyconf" now, you'll get this error:
DEBUG [dc362284] Bundler::GemNotFound: Could not find json-1.8.1.gem for installation
DEBUG [dc362284] An error occurred while installing json (1.8.1), and Bundler cannot continue.
DEBUG [dc362284] Make sure that `gem install json -v '1.8.1'` succeeds before bundling.
So run "gem install json -v '1.8.1'. If you get problems with this, it's because you didn't have gcc,make or libcrypt.
Then run "vagrant plugin install vagrant-proxyconf". What I ran into was: Make sure that `gem install json -v '1.8.1'` succeeds before bundling.
Wtf? But my gem installed successfully! After finding out I had another Cygwin installation (though not on any path), I removed that folder and it still didn't work. I reinstalled Vagrant and it FINALLY...progresses.
It gets to the part to download the box, and then spits another error:
C:/HashiCorp/Vagrant/embedded/lib/ruby/2.0.0/uri/common.rb:176:in `split': bad URI(is not URI?): file://C:\cygwin\home\michart\base (URI::InvalidURIError)
Ruby doesn't parse Windows paths! Or maybe it's Cygwin being stupid. You would expect a widely used scripting language to have figured this out by now. So what I did was add this to common.rb:
# Returns a split URI against regexp[:ABS_URI]
def split(uri)
uri.gsub!('\\','/')
case uri
when ''
...
Voila, it tries to download the box! But then I hit yet another problem...
An error occurred while downloading the remote file. The error
message, if any, is reproduced below. Please fix this error and try
again.
Couldn't open file /cygwin/home/michart/base
Well this one's probably just worded horribly, but my proxy was inaccessible, corporate VPN client looks like it's down over the weekend...blah.
Do note however, when it's just a simple "vagrant up" with a "vagrant init" Vagrantfile, I had no issues. This looked like extra steps I needed for "vagrant plugin install" to work.
Hope this helps anyone trying to get Vagrant working!
Subscribe to:
Posts (Atom)