Continuing to move a few bits of unimportant code into the public I’ve released a ruby library called passmakr that assists in creating passwords in various useful formats.
Mostly it takes some key bits of code from another password library and re-uses it in a new way that has fewer dependencies etc.
It supports creating phonemic passwords – that humans should find easier to remember than random ones – as well as random ones using Ruby’s random function as well a mode for reading /dev/urandom.
Using it is trivial, the code has rdoc in it as well to show you the other modes.
You can pass it modes of :phonemic, :random and :urandom.
There’s also a little cli tool included that works like this:
% passmakr -p-l88 character phonemic password:
Password: ooHivahn
Crypt: gDxSAc/ewkTzg
MD5: $1$TcwcAexC$nNxMbU5CTQTt4I.JSNRhx0
Rot 13: bbUvinua
NATO: oscar oscar Hotel india victor alfa hotel november
% passmakr -p -l 8
8 character phonemic password:
Password: ooHivahn
Crypt: gDxSAc/ewkTzg
MD5: $1$TcwcAexC$nNxMbU5CTQTt4I.JSNRhx0
Rot 13: bbUvinua
NATO: oscar oscar Hotel india victor alfa hotel november
The various modes printed are some often found in Unix systems, I’ll add other modes if people send me requests. Rot 13 is there just for laughs.
This code also extends the normal String class with a to_nato method that can be used on all strings:
"Foo Bar".to_nato=>"Foxtrot oscar oscar Bravo alfa romeo"
"Foo Bar".to_nato
=> "Foxtrot oscar oscar Bravo alfa romeo"
Puppet supports putting nodes in environments, this maps cleanly to your development, qa and production life cycles and it’s a way to hand out different code to different nodes. Before reading this post you should probably read the Puppet Wiki page first for background.
I’ll present here a simple layout that is both a powerful tool for isolating code changes while developing combined with minimizing the headaches with maintaining multiple branches of the same module for an extended period of time.
As with the other posts I did on puppet recently the focus here is simplicity, this will work for small sites and will hopefully give you enough inspiration to successfully model larger sites using these techniques.
To really use environments well I strongly suggest you use modules, I’ve blogged about them before, if you read this post and think “hey! that’s great” and don’t yet use modules, go fix that first.
The puppetmaster tries to find modules using it’s modulepath setting, typically something like /etc/puppet/modules.ย You usually just set this value once in your puppet.conf and that’s it, all done. Environments expand on this and give you the ability to set different settings for different environments, below a simple example.
This is your basic multi environment setup, if you run a client with the development environment set modules will be served from an alternative path.
This is already a huge win, if you use something like below:
class ntp {
file{"/etc/ntpd.conf":
source => ["puppet:///ntp/ntpd.conf.${environment}",
"puppet:///ntp/ntpd.conf"]
}
}
node dev1 {
include ntp
}
class ntp {
file{"/etc/ntpd.conf":
source => ["puppet:///ntp/ntpd.conf.${environment}",
"puppet:///ntp/ntpd.conf"]
}
}
node dev1 {
include ntp
}
If you put the ntp module in both production and development, the right one will be chosen depending on the nodes environment setting. The file ntp.conf will also be served from the right modules files directory. You could now safely make changes to the development one without affecting the rest of the machines.
The major drawback here is that if you have say 30 modules, you need to duplicate the lot into development if you wish to use them there, this is not great at all as it quickly becomes a maintenance nightmare. If you made a change to ntp module in development, you need to remember to go and do the same change in all your other environments. In cases where you give each sysadmin or developer their own environment this rapidly becomes unmaintainable.
The modulepath option has a trick up it’s sleeve though, you can specify several search paths just like the normal Unix PATH environment variable, we can rework our config like this.
Here we’ve added a few more environments, even one for a developer called John Doe. The big thing we did though is create /etc/puppet/manifests/common/modules as a 2nd search path.
production
`-- modules
development
`-- modules
common
`-- modules
`-- ntp
`-- manifests
`-- init.pp
production
`-- modules
development
`-- modules
common
`-- modules
`-- ntp
`-- manifests
`-- init.pp
The idea here is that you’d strive to keep all your modules in the common directory as their stable location but if you wished to do development on your ntp module that you wish to test, you just copy the ntp module into either development or johndoe directories, with that done only machines in those environments will get the new code.
This works especially well if you use version control, I use SVN and treat common as my trunk, whenever I need to work on a module I simply branch it into development, do my work there and when ready to release I merge my changes back to common and get rid of the branched copy so all environments gets the same version.
With this you can easily come up with a simple release testing strategy, do the weeks code in development and test locally, then put the changes you wish to release to production into your QA environment and do tests. Finally when you’re ready merge all the changes into common and just get rid of the development and QA copies, all environments are now running the same code ready for the next cycle.
This gives you the ability to create branches, do testing, isolate developers from each other – just put their desktops in individual environments – and lots of other nifty things but in the end you have only one copy of the code for your stable released versions.
I hope you find this useful, I’ll reiterate that this is a simple setup, you should use this information and come up with a solution that will work well for your use case and teams.
After years of Movable Type I’ve finally decided I’ve had enough.
Movable Type was great years ago, there was a lot of community around it, lots of themes available, plugins and it was a great little blogging platform.ย Today it seems world and dog has deserted it and moved on, you can find almost no out of the box themes for it even if you wanted to pay, not to mention the situation with few plugins etc.
I went through the considerable pain during the last week to migrate things into WordPress and I think I finally got most of it kind of working.ย There will be the usual pains of RSS feeds showing old content, broken links and so forth and I apologize for this up front.
The move also made a new theme a necessity, I bought a few commercial ones but none of them really worked for me in the end I settled for one of the free ones that’s featured by WordPress, it’s ok I guess, I might change it again in the near future.ย As before when I migrated blogs I’ve kept a screenshot of the old layouts: 2007-12-06 and 2009-10-09
Since I’ve been very happy with Google Code for hosting ruby-pdns I thought I’d start moving some other projects there too, in the process I’ll probably also release some other bits and bobs that I did not previous share the code of.
This was my first major bit of Ruby code and looking back at it now I’m still fairly happy with it but the real proof is in the pudding; my production copy of this code is up over 300 days now, does not leak memory or threads and have served 10s of millions of requests without any problems.
I develop ruby-pdns, so far things have been very static – you give it code and it serves your code, simple stuff.
But this is not what I want, I want a full API enabled DNS server where I can both code the logic for records as well as send environmental data into the DNS server to adjust it’s behavior.
I think there’s a big gap in the various cloud offerings today wrt to DNS, people end up hosting their DNS and make manual config changes, but this is not what clouds are about, you want to code the entire infrastructure, and it should adjust based on demand.ย This does not sit well with todays slow and generally crappy DNS.ย Combined with the fact that clouds don’t let you follow the time tested methods for load balancing etc. we need to get creative.
My end game then is to scratch this itch, you should be able to host DNS servers and interact with them fully both in how they decide how to answer requests but also send data to them and adjust the behaviors on the fly.
Version 1 of Ruby PDNS will hopefully achieve this, here is a video of what you might expect to be able to do – the video sends data to the DNS server telling it to take a machine out of the pool for maintenance.ย ย There will be REST based APIs that will enable any language to do this, if you want to play the code that you’ll see in the video is all in SVN.
I still have some ways to go before version 1, consider this a very early preview after 1 nights hacking on the feature.
