An introduction to Ansible Configuration Management A brief history of Configuration Management =========================================== CFEngine - Released 1993. Written in C Puppet - Released 2005 - Written in Ruby. Domain Specific Language (DSL. SSL Nightmare. Chef - Released 2009 - Written in Ruby, also a DSL, more like pure Ruby Juju - Released 2010, Python, Very ubuntu. Salt - Released 2011, Python, Never got it working right Ansible - Released 2012, Python. Awesome. Why Ansible? It’s agentless. Unlike Puppet, Chef, Salt, etc.. Ansible operates only over SSH (or optionally ZeroMQ), so there’s none of that crap PKI that you have to deal with using Puppet. ...

What does VPN stand for? Virtual Private Network. Moving on… What is a VPN? A VPN is a mechanism to extend a private network (like your LAN [Local Area Network]) across a public network (like the Internet). The upshot of this is, that you can connect two separate computers, each on their own LAN, across a VPN so that they appear to be on the same network; which, in a sense, they are. ...

We live in a dangerous world. It should come as no surprise to anyone who is a Citizen of the Internet, that the risks of interacting with others on the ’net is a somewhat dangerous business. Riskier still, is operating a server, or entire network with direct connection to the internet. The number of denial of service and code execution exploits has risen dramatically in the last decade, unsurprisingly. The number of black-hat hacking attempts (to use “hacking” from the vernacular of the media - rather than it’s true, nobler meaning) has also risen. ...

I’ve been tinkering with Virtualisation quite a bit recently. For a new project, without an allocated budget, I was asked to provide some simple Virtualisation capability, to hold them over until they get budget approval, and can buy their own hardware. I managed to rescue a Dell R510 server from the scrap heap, only to discover that it contains a Dell S300 “FakeRAID” card, that’s not supported by Linux (so KVM, Xen et al are out). It’s also not supported by VMWare ESXi, so that’s out. The only OS that is supported is Windows, and Windows Server. ...

NEVER. That’s got that off my chest. eval() is possibly the most dangerous thing ever. It’s basically a way to execute arbitrary code from a string or variable. Here’s a few reasons why it’s dangerous. It leaves you open to injection attacks. In Javascript, eval() forces the engine to drop into Interpreter mode, which slows down your application, and it will remain slow, as there’s no opportunity for optimisation-level caching to take place. ...

Symptoms: Some clients are unable to connect to the internet. Some clients report a different IP address, subnet mask and default gateway, compared to others. Caveats: Without a managed switch fabric, this is considerably more difficult. Diagnosis: Allow a device to get an IP address from the rogue server. You might need to disable the main DHCP server to allow this to happen, as DHCP is a broadcast protocol, so it’s really a case of the early bird getting the worm. Kyle Gordon pointed out that this initially assumes that the DHCP server is the same as the default gateway. He suggests: Usually /var/lib/dhcpcd/.info or /var/lib/NetworkManager/ will contain the dhcp-server-identifier info on Linux, and something in the Windows Event Logs will show similar :-) ...

I’ve had a Raspberry Pi for ages now.. I got one free courtesy of Paypal at their Charity Hack in late 2012, and our team (see photo, I’m there!) went on to use it to create the (World’s First?) Raspberry Pi based Wifi Hotspot. I’ve wanted to do something potentially useful, definitely interesting, and probably rewarding with it for a while. I’ve also recently acquired an Arduino with Ethernet Shield, so that’s also been on my mind for another hack platform. ...

This is the first in a series of Lightning Posts, short snippets that I don’t really have the time to write up into a full post, but they’re interesting nonetheless. Lightning Post 1: How to export DNS data from Microsoft DNS to a zone file. “Why’d you wanna do that?”, I hear you cry. Well, It’s entirely possible to use BIND (or PowerDNS, for that matter) as a DNS server instead of the integrated MS DNS service that’s bundled with Windows Server. ...

The tech interview process is broken. Fundamentally. About a month ago, I wrote about how I’ve had some terrible interview experiences over the last 6-odd weeks or so. I also just read this, and agree with everything said there. I think there’s more to say. I’m disheartened to find that these aren’t the exceptions, they’re the rule. The thing is, companies seem to have one type of interview, The Developer Challenge. ...

How many times have you found something at work that’s not quite how it should be? Perhaps you’ve got a server with “Green” drives in? Or a cheap unmanaged switch somewhere. Or something with a self-signed SSL certificate. Or a linux box instead of a router. Or a desk fan propped up behind a server, because otherwise it overheats. Or something with a big label above that states in large, unfriendly letters **“Do not unplug. Ever”. ** ...