RTFM

[Read This Fine Material] from Joshua Hoblitt

Preventing git nonfastforward (–force) pushes

2013-02-14 by jhoblitt | 0 comments

Per discussion in the git book and on stackoverflow:

http://stackoverflow.com/questions/1754491/is-there-a-way-to-configure-git-repository-to-reject-git-push-force
http://git-scm.com/book/en/Customizing-Git-An-Example-Git-Enforced-Policy

Set these values on the git repo you want to protect:

git config receive.denyNonFastforwards true
git config receive.denyDeletes true

This may also be set as a system wide default via:

git config --system receive.denyNonFastforwards true
git config --system receive.denyDeletes true

Demonstration that this will indeed prevent forced pushes:

jhoblitt@leo ~/test $ git init --bare testrepo.git
Initialized empty Git repository in /home/jhoblitt/test/testrepo.git/
jhoblitt@leo ~/test $ cd testrepo.git/
jhoblitt@leo ~/test/testrepo.git $ git config receive.denyNonFastforwards true
jhoblitt@leo ~/test/testrepo.git $ git config receive.denyDeletes true
jhoblitt@leo ~/test/testrepo.git $ cd ..
jhoblitt@leo ~/test $ git clone ./testrepo.git/ testclone
Cloning into 'testclone'...
warning: You appear to have cloned an empty repository.
done.
jhoblitt@leo ~/test $ cd testclone/
jhoblitt@leo ~/test/testclone $ echo "1" > foo
jhoblitt@leo ~/test/testclone $ git add foo
jhoblitt@leo ~/test/testclone $ git commit -m"first commit"
[master (root-commit) 98667fc] first commit
 1 file changed, 1 insertion(+)
 create mode 100644 foo
jhoblitt@leo ~/test/testclone $ echo "2" > foo
jhoblitt@leo ~/test/testclone $ git add foo
jhoblitt@leo ~/test/testclone $ git commit -m"second commit"
[master 325237a] second commit
 1 file changed, 1 insertion(+), 1 deletion(-)
jhoblitt@leo ~/test/testclone $ echo "3" > foo
jhoblitt@leo ~/test/testclone $ git add foo
jhoblitt@leo ~/test/testclone $ git commit -m"oops, last commit should have been 3"
[master bb776bd] oops, last commit should have been 3
 1 file changed, 1 insertion(+), 1 deletion(-)
jhoblitt@leo ~/test/testclone $ git push origin master
Counting objects: 8, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (6/6), 460 bytes, done.
Total 6 (delta 0), reused 0 (delta 0)
To /home/jhoblitt/test/testrepo.git/
   98667fc..bb776bd  master -> master
jhoblitt@leo ~/test/testclone $ git rebase -i HEAD~2
[detached HEAD b88ab29] second commit
 1 file changed, 1 insertion(+), 1 deletion(-)
Successfully rebased and updated refs/heads/master.
jhoblitt@leo ~/test/testclone $ git push origin master
To /home/jhoblitt/test/testrepo.git/
 ! [rejected]        master -> master (non-fast-forward)
error: failed to push some refs to '/home/jhoblitt/test/testrepo.git/'
hint: Updates were rejected because the tip of your current branch is behind
hint: its remote counterpart. Merge the remote changes (e.g. 'git pull')
hint: before pushing again.
hint: See the 'Note about fast-forwards' in 'git push --help' for details.
jhoblitt@leo ~/test/testclone $ git push --force origin master
Counting objects: 5, done.
Writing objects: 100% (3/3), 243 bytes, done.
Total 3 (delta 0), reused 0 (delta 0)
remote: error: denying non-fast-forward refs/heads/master (you should pull first)
To /home/jhoblitt/test/testrepo.git/
 ! [remote rejected] master -> master (non-fast-forward)
error: failed to push some refs to '/home/jhoblitt/test/testrepo.git/'

the best traceroute ever

2013-02-10 by jhoblitt | 0 comments

I’m just speechless.

[jhoblitt@leonid ~]$ traceroute 216.81.59.173
traceroute to 216.81.59.173 (216.81.59.173), 30 hops max, 60 byte packets
 1  192.168.255.1 (192.168.255.1)  3.096 ms  2.852 ms  2.618 ms
 2  10.34.180.1 (10.34.180.1)  20.496 ms  26.311 ms  26.090 ms
 3  70.169.76.142 (70.169.76.142)  25.857 ms  24.638 ms  24.368 ms
 4  70.169.73.26 (70.169.73.26)  27.426 ms  27.193 ms  28.410 ms
 5  70.169.75.157 (70.169.75.157)  26.560 ms  26.195 ms  26.084 ms
 6  68.1.5.137 (68.1.5.137)  40.030 ms  31.045 ms  37.808 ms
 7  10gigabitethernet1-3.core1.lax1.he.net (206.223.123.37)  37.702 ms  30.696 ms  29.914 ms
 8  10gigabitethernet1-3.core1.lax2.he.net (72.52.92.122)  48.588 ms  48.352 ms  55.627 ms
 9  10gigabitethernet2-3.core1.phx2.he.net (184.105.222.85)  64.685 ms  60.887 ms  60.696 ms
10  10gigabitethernet5-3.core1.dal1.he.net (184.105.222.78)  50.897 ms  48.361 ms  63.149 ms
11  10gigabitethernet5-4.core1.atl1.he.net (184.105.213.114)  83.338 ms  72.830 ms  73.422 ms
12  * * *
13  * * *
14  Episode.IV (206.214.251.1)  125.952 ms  123.565 ms  116.824 ms
15  A.NEW.HOPE (206.214.251.6)  132.104 ms  128.477 ms  122.906 ms
16  It.is.a.period.of.civil.war (206.214.251.9)  124.955 ms  119.639 ms  116.051 ms
17  Rebel.spaceships (206.214.251.14)  119.139 ms  114.348 ms  115.800 ms
18  striking.from.a.hidden.base (206.214.251.17)  136.127 ms  134.140 ms  137.316 ms
19  have.won.their.first.victory (206.214.251.22)  134.212 ms  137.342 ms  218.457 ms
20  against.the.evil.Galactic.Empire (206.214.251.25)  141.494 ms  141.246 ms  129.871 ms
21  During.the.battle (206.214.251.30)  182.283 ms  178.606 ms  178.346 ms
22  Rebel.spies.managed (206.214.251.33)  128.580 ms  128.394 ms  121.688 ms
23  to.steal.secret.plans (206.214.251.38)  144.656 ms  144.282 ms  140.899 ms
24  to.the.Empires.ultimate.weapon (206.214.251.41)  128.370 ms  132.851 ms  132.696 ms
25  the.DEATH.STAR (206.214.251.46)  125.548 ms  125.421 ms  122.193 ms
26  an.armored.space.station (206.214.251.49)  121.978 ms  129.368 ms  131.233 ms
27  with.enough.power.to (206.214.251.54)  132.792 ms  124.691 ms  122.466 ms
28  destroy.an.entire.planet (206.214.251.57)  125.385 ms  117.394 ms  117.207 ms
29  Pursued.by.the.Empires (206.214.251.62)  118.299 ms  118.057 ms  115.577 ms
30  sinister.agents (206.214.251.65)  113.561 ms  117.472 ms  117.811 ms

hack to work around the puppet package type pip provider being broken on RHEL6

2013-01-24 by jhoblitt | 0 comments

It appears that the pip provider for the package type on RHEL6 / $::osfamily = redhat seems to think that the pip utility (provided by the python-pip rpm) should be, and logically it would be, named pip. It’s actually installed as /usr/bin/pip-python, likely due to some sort of concerns over a naming collision with another package. A quick scan of the puppet redmine doesn’t show any open tickets on this issue.

Error: bundle install --without development test postgres --deployment returned 1 instead of one of [0]
Error: /Stage[main]/Gitlab::Server/Exec[Install gitlab]/returns: change from notrun to 0 failed: bundle install --without development test postgres --deployment returned 1 instead of one of [0]
Error: Could not set 'present' on ensure: Could not locate the pip command. at 26:/home/jhoblitt/github/gitlab/manifests/server.pp
Error: Could not set 'present' on ensure: Could not locate the pip command. at 26:/home/jhoblitt/github/gitlab/manifests/server.pp
Wrapped exception:
Could not locate the pip command.
Error: /Stage[main]/Gitlab::Server/Package[pygments]/ensure: change from absent to present failed: Could not set 'present' on ensure: Could not locate the pip command. at 26:/home/jhoblitt/github/gitlab/manifests/server.pp

A quick and not as dirty as just installing a global shell alias or a manully created symlink is to use the alternatives utility.

alternatives --install /usr/bin/pip pip /usr/bin/pip-python 1

Puppet megaraid_sm Module version 0.0.1 released to Puppet Forge

2012-11-19 by jhoblitt | 0 comments

Puppet megaraid_sm Module
=========================

Description
-----------

Installs the LSI MegaRAID Storage Manager and MegaCLI RAID controller
management software.

It has been tested on:

 - el6.x

This module is intended to directly install the RPMs LSI packages up with their
own Linux installer, without using the provided install scripts.  It is assumed
that these RPMs have been extracted and made available as a Yum repo.


Obtaining the RPMs
------------------

The Storage Manager and CLI packages are provided via the [LSI](http://www.lsi.com/) website.


Here is a guided example starting at the [9285-8e](http://www.lsi.com/products/storagecomponents/Pages/MegaRAIDSAS9285-8e.aspx) product page.

  * click on the SUPPORT & DOWNLOADS tab
  * expand the MANAGEMENT SOFTWARE AND TOOLS section
  * download [MegaRAID Storage Manager - Linux 64 bit - 5.4](http://www.lsi.com/downloads/Public/MegaRAID%20Common%20Files/12.08.03.03_Linux_x64_MSM.tar.gz)
  * download [MegaCLI - 5.3 ](http://www.lsi.com/downloads/Public/MegaRAID%20Common%20Files/8.04.07_MegaCLI.zip)

Note that both of those direct links redirect to a page that requires you to
accept an EULA.

    $ tar -xf 12.08.03.03_Linux_x64_MSM.tar.gz 
    $ ls
    12.08.03.03_Linux_x64_MSM.tar.gz  disk
    $ cd disk
    $ ls *.rpm
    Lib_Utils-1.00-09.noarch.rpm
    Lib_Utils2-1.00-04.noarch.rpm
    MegaRAID_Storage_Manager-12.08.03-03.noarch.rpm
    sas_ir_snmp-12.08-0303.x86_64.rpm
    sas_snmp-12.08-0303.x86_64.rpm

    $ unzip 8.04.07_MegaCLI.zip 
    Archive:  8.04.07_MegaCLI.zip
     extracting: Win_CliKL_8.04.07.zip   
      inflating: 8.04.07_MegaCLI.txt     
     extracting: CLI_DOS_8.04.07.zip     
     extracting: CLI_FreeBSD_8.04.07.zip  
     extracting: CLI_Lin_8.04.07.zip     
     extracting: CLI_Solaris_8.04.07.zip  
     extracting: CLI_VMWare_8.04.07.zip  
     extracting: CLI_VMWare_MN_8.04.07.zip  
     extracting: CLI_Win_8.04.07.zip     
     extracting: Lin_CliKL_8.04.07.zip   
    $ unzip CLI_Lin_8.04.07.zip
    Archive:  CLI_Lin_8.04.07.zip
     extracting: MegaCliLin.zip          
      inflating: readme.txt              
    $ unzip MegaCliLin.zip 
    Archive:  MegaCliLin.zip
      inflating: Lib_Utils-1.00-09.noarch.rpm  
      inflating: MegaCli-8.04.07-1.noarch.rpm  
    $ ls *.rpm
    Lib_Utils-1.00-09.noarch.rpm  MegaCli-8.04.07-1.noarch.rpm

All of those RPMs should be copied into a repo and that yum is configured to
install from.  Here is an example [Yum repo
skeleton](https://github.com/jhoblitt/yum-repo-skel) on github.

Examples
--------

    class{ 'megaraid_sm': }


Support
-------

Please log tickets and issues at [github](https://github.com/jhoblitt/puppet-megaraid_sm/issues)


Copyright
---------

Copyright (C) 2012 Joshua Hoblitt

Puppet ganglia Module version 0.0.1 released to Puppet Forge

2012-11-16 by jhoblitt | 0 comments

This is the fourth and, thus far, largest module I’ve released on the forge.

Puppet ganglia Module
=====================

Description
-----------

This puppet module will install and configure the
[ganglia](http://ganglia.sourceforge.net/) gmond & gmetad daemons + web front
end.

It has been tested on:

 - el5.x
 - el6.x

Examples
--------

### ganglia::gmond

    # unicast
    $udp_recv_channel = [
      { port => 8649, bind => 'localhost' },
      { port => 8649, bind => '0.0.0.0' },
    ]
    $udp_send_channel = [
      { port => 8649, host => 'test1.example.org', ttl => 2 },
      { port => 8649, host => 'test2.example.org', ttl => 2 },
    ]
    $tcp_accept_channel = [
      { port => 8649 },
    ]

    # multicast
    $udp_recv_channel = [
      { mcast_join => '239.2.11.71', port => 8649, ttl => 1 } 
    ]
    $udp_send_channel = [
      { mcast_join => '239.2.11.71', port => 8649, bind => '239.2.11.71' } 
    ]
    $tcp_accept_channel = [
      { port => 8649 },
    ]

    class{ 'ganglia::gmond':
      cluster_name       => 'example grid',
      cluster_owner      => 'ACME, Inc.',
      cluster_latlong    => 'N32.2332147 W110.9481163',
      cluster_url        => 'www.example.org',
      host_location      => 'example computer room',
      udp_recv_channel   => $udp_recv_channel,
      udp_send_channel   => $udp_send_channel,
      tcp_accept_channel => $tcp_accept_channel,
    }

### ganglia::gmetad

    $clusters = [
      { 
        name     => 'test', 
        address  => ['test1.example.org', 'test2.example.org'],
      },
    ]

    class{ 'ganglia::gmetad':
      clusters => $clusters,   
      gridname => 'my grid',   
    }

### ganglia::web

    class{ 'ganglia::web': }

    class{ 'ganglia::web':
      $ganglia_ip = '192.168.0.1',
      $ganglia_port = 8652,
    }

$::osfamily = RedHat and EPEL packages
--------------------------------------

As of 2012-11-16, the stable EPEL repos for el5 and el6 contain, respectively,
packages for ganglia 3.0.7 and 3.1.7.  The ganglia UDP protocol for
communication between gmond daemons changed incompatibly between 3.0.x and
3.1.x.  However, the TCP based protocol gmetad uses to poll gmond agents has
remained compatible.

If it's desirable to stick with the EPEL packages, a possible way of dealing
with this is divide a group of hosts into two clusters based on
$::lsbmajdistrelease (which should imply gmond version without having to
install a custom fact).  The example below divides the previous "mycluster"
into "mycluster_el5" and "mycluster_el6".  Note that you will also have to
configure gmetad to pull a gmond agent from each of these new clusters.

    $udp_recv_channel = [
      { port => 8649, bind => 'localhost' },
      { port => 8649, bind => '0.0.0.0' },
    ]
    case $::lsbmajdistrelease {
      5: {
        # epel for el5.x has 3.0.x, which will not work with gmond in 3.1.x
        $udp_send_channel = [
          { port => 8649, host => 'gmond-3-0_host1.example.org', ttl => 2 },
          { port => 8649, host => 'gmond-3-0_host2.example.org', ttl => 2 },
        ]
        $cluster_name = 'mycluster_el5'
      }
      6, default: {
        # epel for el6.x has 3.1.x
        $udp_send_channel = [
          { port => 8649, host => 'gmond-3-1_host1.example.org', ttl => 2 },
          { port => 8649, host => 'gmond-3-1_host2.example.org', ttl => 2 },
        ]
        $cluster_name = 'mycluster_el6'
      }
    }
    $tcp_accept_channel = [
      {port => 8649},
    ]

    class{ 'ganglia::gmond':
      cluster_name       => 'example grid',
      cluster_owner      => 'ACME, Inc.',
      cluster_latlong    => 'N32.2332147 W110.9481163',
      cluster_url        => 'www.example.org',
      host_location      => 'example computer room',
      udp_recv_channel   => $udp_recv_channel,
      udp_send_channel   => $udp_send_channel,
      tcp_accept_channel => $tcp_accept_channel,
    }


Support
-------

Please log tickets and issues at [github](https://github.com/jhoblitt/puppet-ganglia/issues)

Copyright
---------

Copyright (C) 2012 Joshua Hoblitt