Recent Updates Toggle Comment Threads | Keyboard Shortcuts

  • duncanbowring 12:25 on December 18, 2019 Permalink | Reply
    Tags: , atari st, fpga, mist,   

    MiST 1.3 Atari ST and Amiga 

    What is it?

    The MIST board was designed to implement classic 16 bit computers like the Amiga, Atari ST(E) or the Apple Macintosh (and even early 32 bit computers like the Acorn Archimedes) as a System-on-a-Chip using modern hardware. But it equally well supports 8 bit systems like the Atari 800/XL, ZX81, ZX Spectrum, C64, Atari VCS, Atari 5200, Colecovision, Apple II, Sega Master System, Nintendo Gameboy, Nintendo NES, Odyssey2 plus others and 16 bit consoles SNES, Genesis/Megadrive, PC Engine. It also supports over 100 Arcade games!

    See the main site here – https://github.com/mist-devel/mist-board/wiki/WhatIsThis

    Hardware

    Adding a DC Power Jack

    My micro-usb power input broke off. It looks like this is fairly common, but you are not dead in the water if you can do a little soldering.

    You need to move an SMD resistor, and add a DC power jack.

    The how to: https://github.com/mist-devel/mist-board/wiki/PwrDcJack 

    63067F0E-278D-488C-886C-BE2D3B24272B

    Adding Networking (Amiga)

    adding networking hardware for Amiga. Note, this won’t work with 1.4 of the device, as they removed the UART/SERIAL holes.

    Atari ST

    Setting up the SD Card

    adding the core, and files, and rom images

    Setting up and using Hardfiles on the SD Card

    creating and adding hardfiles, then setting them up in the ST for software

    Useful Downloads

    • HDDSETUP.st – Atari ST Floppy Image that contains the AHDI 6061 HDD setup files, to enable you to format/use an SD card as a HDD, or hardfiles as HDDs with the MiST. I cannot seem to find this anywhere else. Hard drive setup floppy disk image.
    • Empty Hardfiles here

     

    Commodore Amiga

    Setting up the SD card

    adding the core, files, and rom images

    Setting up and using Hardfiles on the SD Card

    creating and adding hardfiles, then setting them up in the Amiga for software

     
  • duncanbowring 19:01 on November 19, 2019 Permalink | Reply
    Tags: HP T5730,   

    HP T5730 Thin Client Retro Gaming 

    Using the T5730 as a small retro gaming machine is possible, but not without caveats. It also performs best with early XP era games, but it requires a storage upgrade. It would benefit from a CPU and RAM upgrade too.

    Introduction

    What is it?

    It’s an AMD Sempron (K8) 1GHz processor on an AMD 690G chipset, with 512MB RAM and 1GB IDE (44 pin) flash storage, in a small form factor. AKA a Thin Client.

    • The processor is removable/upgradable and is running without a fan.
    • The RAM is a DDR2 800MHz SO-DIMM but is under-clocked due to the RAM speed being a divisible of the CPU clock multiplier.
    • The storage is a 1GB 44 pin IDE flash/DOM module.

    It’s well loaded with ports:

    • USB 2.0
      • 2 front
      • 2 ‘secure’ internal (need screwdriver to access, thus ‘secure’)
      • 4 rear
    • PS/2 keyboard
    • PS/2 mouse
    • Video – dual monitor
      • VGA
      • DVI-I (analogue DVI, so you can use a VGA to DVI adapter)
    • DC input (19V ** double check this **)
    • Gigabit ethernet
    • It actually has an internal speaker, that the digital audio (not just PC speaker) defaults out from
    • Headphone jack on the back
    • 9 pin serial port!!! Handy for you console cable users.

    Useful manuals

    Hardware Reference Guide – HP Compaq t5730/t5735 Thin Clients

    Troubleshooting Guide – HP t5730/t5730w and t5735 Thin Client

    Quick Reference Guide for Microsoft Windows XPe-based Thin Clients – t5720 & t5730

    All other T5730 manuals at HP.com

     

    Caveats and Issues

    Windows XP Embedded

    It comes factory baked with an XP Embedded install, with customizations from HP. This works pretty good, especially when you hit log-off holding the left SHIFT key, then logging in as Administrator (password Administrator).

    Windows XP SP3

    A ‘lite’ or netbook version installs into the 1GB flash no issue, but you’re only left with 75MB of storage after installing all drivers. Not really much use, except, well, as a thin client.

    Windows 98 and DOS

    It’s no good for Windows 98SE simply because the X1250 (possibly workable) and the AMD 690G chipset do not have 9x/ME drivers. Pity, as the hardware is not bad, and the default RAM and storage would fit a 98SE/DOS rig well.

    Pure DOS isn’t really a viable option due to the lack of compatible drivers for the infamous AC97 sound-card issues.

     

    Hardware Upgrade

    upgrading the storage

    upgrading the cpu & ram

     

    OS Installation

    Installing the HP Restore/Factory Image

    If you go to install the HP XP Embedded image from the HP website (or below) and get the error – ***ERROR*** The system does not have license for the image OS! it is a simple fix.

    At the error, just rerun with:

    IBRPE\IBRPE.EXE -dok -xb -buffer:127 \flash.ibr hd0

    It will run!

     

    Installing Windows XP SP3 (Lite – ~185MB)

    installing xp

    Gaming

    gaming

     

    Software Downloads

     
  • duncanbowring 18:39 on November 18, 2019 Permalink | Reply
    Tags: BigTable, GCP   

    Google Cloud BigTable Performance Observations 

    I was handling a project that involved a migration from HDD cluster to SSD cluster, with a multi-terabyte sequential backup file in GCS. My basic conclusion is that ROI dropped drastically beyond around 70 nodes in the BT cluster, during this type of activity.

    • Bigtable node vertical CPU maxes out at around 5.6 million row writes per second (~550MB/sec), therefore there was little to no difference in the hot node CPU from 70-90 nodes, even with 90 import workers.
    • Dropping to 70 nodes from 90 only resulted in a dip of around 20MB/sec (300k row writes per sec), and $58.74 ph to $45.74 ph. Sure adds up over the course of a month.

    • As you can see from the following graph, there is an upper limit on sequential import CPU, presumably because partitioning isn’t helping here? I’m unsure why, since there are supposed to be 90 workers operating. I’m guessing there is an upper CPU limit on whatever is orchestrating/managing the inbound flow. Perhaps a load balancer that we cannot see. You can see that increasing node count does affect the overall processing CPU, but has little impact on the hottest node. I’m not really sure where the bottleneck is.

     

     

     
  • duncanbowring 10:41 on February 6, 2019 Permalink | Reply
    Tags: containers, , ,   

    PiHole LXC Container Proxmox CentOS7 

    Deploy an LXC container with the CentOS7 image.. 2G RAM, 8G storage, 2 CPU cores.
    I added a DHCP reservation for a static IP.

    When at the console for the CentOS7 LXC instance:
    Install pihole..
    curl -sSL https://install.pi-hole.net | bash

    PiHole

    Defaults are pretty good, just pick a good forwarding upstream DNS server. Google, Cloudflare, etc. The installer will install prerequisites. EPEL, REMI, bunch of packages, and run through everything.

    When the install completes, it will display the admin password ONCE. Take note of this.
    Reboot the container and run the installer again:
    curl -sSL https://install.pi-hole.net | bash

    It may ask you to upgrade PHP, go for it.
    It will then ask you if you want to update or reconfigure. If you were happy with the settings from last time, just hit update.

    When this has completed, you should be able to access pihole from http:///admin

    Remember to add in conditional forwarder for your internal domain name into the Settings under PiHole admin, and possibly add more upstream DNS servers (including your own router, perhaps?)

    When done, you can test it by going to your computer and trying to resolve a name against it..
    $ nslookup http://www.bbc.com 192.168.1.25
    Server: 192.168.1.25
    Address: 192.168.1.25#53

    Non-authoritative answer:
    http://www.bbc.com canonical name = www-bbc-com.bbc.net.uk.
    www-bbc-com.bbc.net.uk canonical name = bbc.map.fastly.net.
    Name: bbc.map.fastly.net
    Address: 151.101.52.81

    Now update your DHCP server to issue this IP as the primary DNS, then grab a new lease on the client (restart/toggle wifi/ipconfig release etc).

    I personally convert the container to a template within proxmox at this point.

     
  • duncanbowring 20:40 on January 31, 2019 Permalink | Reply  

    Download VMWARE vSPHERE Clients DIRECT LINKS 

    No more messing about trying to find these clients, if you can’t grab them from a hypervisor. Here are the direct links to vmware.com for the executable downloads:

    vSphere 4.1

    VMware vSphere Client v4.1 : VMware-viclient-all-4.1.0-258902.exe
    VMware vSphere Client v4.1 Update 1 : VMware-viclient-all-4.1.0-345043.exe
    VMware vSphere Client v4.1 Update 2 : VMware-viclient-all-4.1.0-491557.exe
    VMware vSphere Client v4.1 Update 3 : VMware-viclient-all-4.1.0-799345.exe

    vSphere 5.0

    VMware vSphere Client v5.0 : VMware-viclient-all-5.0.0-455964.exe
    VMware vSphere Client v5.0 Update 1 : VMware-viclient-all-5.0.0-623373.exe
    VMware vSphere Client v5.0 Update 1b : VMware-viclient-all-5.0.0-804277.exe
    VMware vSphere Client v5.0 Update 2 : VMware-viclient-all-5.0.0-913577.exe

    vSphere 5.1

    VMware vSphere Client v5.1 : VMware-viclient-all-5.1.0-786111.exe
    VMware vSphere Client 5.1.0a : VMware-viclient-all-5.1.0-860230.exe
    VMware vSphere Client 5.1.0b : VMware-viclient-all-5.1.0-941893.exe
    VMware vSphere Client 5.1 Update 1 : VMware-viclient-all-5.1.0-1064113.exe
    VMware vSphere Client 5.1 Update 1b : VMware-viclient-all-5.1.0-1235233.exe

    vSphere 5.5

    VMware vSphere Client v5.5 : VMware-viclient-all-5.5.0-1281650.exe
    VMware vSphere Client 5.5 Update 3: VMware-viclient-all-5.5.0-3024345.exe

    vSphere 6

    VMware vSphere Client 6.0: VMware-viclient-all-6.0.0-2502222.exe
    VMware vSphere Client 6.0 Update 3: VMware-viclient-all-6.0.0-5112508.exe

     
  • duncanbowring 22:48 on January 30, 2019 Permalink | Reply
    Tags: cygwin, , rsync,   

    Cygwin Rsync Windows Permissions 

    ARGHGHGHGHGHHGHGHGHHGHGHGHGH!!!

    OK, stop this happening:

    Open /etc/fstab and add noacl to the entry:

    none /cygdrive cygdrive binary,noacl,posix=0,user 0 0

    Save it. Close all cygwin terminals and start new terminal.

    Fix the bad stuff that already exists at the destination:

    Change Owner to local Administrator. Save and Apply to Children.
    Edit permissions, fix them up.. then advanced, Advanced.. apply to children (inherit from the new top level one you added).
    After this.. disable read only, apply to children.
    You will be able to delete this mess now.

    permission-screenshot-min

     
    • psychocod3r 13:44 on February 27, 2019 Permalink | Reply

      I don’t think administrative programs like that are meant to run in Cygwin. The security models used by Linux and Windows are so fundamentally different that it can be near impossible to translate between the two. You’re probably better off just running stuff like this natively in Linux. I tried running pro-ftpd in Cygwin once and it was a nightmare, mostly because there was no documentation available to indicate what specific accounts I needed to create for running the server within Cygwin. Programs that run in Cygwin are not actually Linux programs; they’re Windows programs with a few extra layers of abstraction on top. You have to remember that even though a Cygwin program may feel like it’s running on a Unix system (since that’s what an emulator does after all), it’s really running entirely in the context of Windows and its security model.

      • duncanbowring 13:54 on February 27, 2019 Permalink | Reply

        Hi there. There were a couple of scenarios where I had to do this on Windows. I agree with you, fundamentally.

  • duncanbowring 10:58 on January 12, 2019 Permalink | Reply  

    Dell R210 II BIOS Update Bricked – Fixed 

    Broke my old Dell R210 II doing a BIOS update. Managed to fix it by flashing the chip directly.

    In the case of the R210 II, I used:

    CH341A USB Programmer (https://www.amazon.com/gp/product/B01I1EU9LG)

    SOIC8 Chip Clip (https://www.amazon.com/gp/product/B00V9QNAC4)

    CH341A Programmer software (free)

    The toughest part was finding the 8MB flash binary within the Dell downloads.

    The flash image start header is: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5AA5F00F .. searching for that [using a hex editor] and then selecting 0x800000 (8MB) length (which is the end of file here). I dumped it to a new file, then flashed that new .bin to the BIOS. First I tried to use the OEM EXE, but it was a weird length. I ended up extracting the installer and using the file that was in the payload directory.

    Result! Back in business.

     
  • duncanbowring 03:52 on December 28, 2018 Permalink | Reply  

    Vizio soundbars and TVs 

    i had both my Vizio 70” p702ui-b3 tv and soundbar stop powering on. The TV had 4 bulging capacitors on the power board, and the soundbar 1 (C21 I think it was). Replacing them is a beginners soldering job, and only costs a few dollars. It’s about $90 for a multimeter that works with capacitors for testing electronically. You can eyeball it, but the capacitance on the dead ones are off and the V rails are all inaccurate.

     
  • duncanbowring 13:17 on March 23, 2017 Permalink | Reply
    Tags: fragment identifier, javascript, web   

    How to redirect a URL fragment – hashtag in the URL 

    If you have address similar to http://host/#/blah, only ‘host’ is sent to the webserver – #/blah is only handled in the browser. This is called a fragment identifier.

    You can get around it by adding javascript to the page(s) you want to redirect as follows, changing up the catch-all for specifics:

    var redirectFragment = window.location.hash.replace(/^#/,”);
    if ( ” !== redirectFragment ) {
    window.location = ‘http://www.google.com’;
    }

     
  • duncanbowring 22:20 on March 8, 2017 Permalink | Reply
    Tags: ios10, jailbreak, yalu   

    iOS 10(.1) Yalu B3 Jailbreak Workarounds 

    Semi-Tethered Reboot Steps

    1. Hard reboot (vol down + power) or any reboot event happens
    2. Relaunch mach_portal
    3. Cydia should work again now!

    No LTE/Mobile Data

    1. Ensure that mTerminal is installed
    2. su <enter> your password (default is alpine)
    3. Type following commands:
      1. chmod 777 /var
      2. chmod 777 /var/mobile
      3. chmod 777 /var/mobile/Library
      4. chmod 777 /var/mobile/Library/Preferences
    4. Reboot and then perform Semi-Tethered Reboot Steps again to activate jailbreak.

    Installing TetherMe

    Cydia tries to restart SpringBoard and will crash. It’s a known bug with Substrate and this version of iOS/Yalu jailbreak

    1. Install TetherMe via Cydia (this will require a SpringBoard reboot)
    2. Since the Cydia SpringBoard reboot isn’t working with this jailbreak, restart springboard the following way:
      1. Launch mTerminal (install via Cydia if needed)
      2. su <enter> your password (default is alpine)
      3. killall SpringBoard (this will cause a reboot)
      4. Run through the Semi-Tethered Reboot steps above to activate jailbreak again. Remember that you MUST do this EVERY time you crash or reboot.
    3. You will need to TEMPORARILY activate substrate to use TetherMe
      1. su <enter> your password (default is alpine)
      2. /etc/rc.d/substrate
      3. Close terminal
    4. Reinstall TetherMe via Cydia but DO NOT RESTART SPRINGBOARD, EXIT OUT OF CYDIA
    5. In Settings, you should see TetherMe in your list and will be able to enable Personal Hotspot now.
    6. You’ll likely have to do this every time you hard reboot. It sucks, but it works..

    Screen Shot 2017-03-09 at 6.18.22 AM

     

     
  • duncanbowring 04:51 on December 5, 2016 Permalink | Reply
    Tags: , terminator   

    Terminator Keyboard Shortcuts 

    Shortcuts:
    Ctrl-Shift-E: will split the view vertically.

    Ctrl-Shift-O: will split the view horizontally.

    Ctrl-Shift-P: will focus be active on the previous view.

    Ctrl-Shift-N: will focus be active on the next view.

    Ctrl-Shift-W: will close the view where the focus is on.

    Ctrl-Shift-Q: will exit terminator.

    Update:
    Ctrl-Shift-X: will focus active window and  enlarge it

     
  • duncanbowring 04:21 on December 1, 2016 Permalink | Reply  

    MySQL Query Table Sizes 

    Return a table with the table sizes in descending order of the selected database. Run this from mysql console. It will let you compare actual table size versus disk size (before you optimize table to reclaim space).

    SELECT 
         table_schema as `Database`, 
         table_name AS `Table`, 
         round(((data_length + index_length) / 1024 / 1024), 2) `Size in MB` 
    FROM information_schema.TABLES 
    ORDER BY (data_length + index_length) DESC;
     
    • hasforkvadorni 01:45 on March 16, 2017 Permalink | Reply

      Excellent site. Plenty of useful info here. I’m sending it to several pals ans also sharing in delicious. And obviously, thank you to your effort!

  • duncanbowring 17:44 on June 8, 2016 Permalink | Reply
    Tags: , cluster, glusterfs, kernel, , Storage   

    GlusterFS Fuse Hanging on CentOS 7 

    Having strange GlusterFS hanging when using the native FUSE client on CentOS? This was a bit of a bitch, actually. It was hard to reproduce. Eventually, the only semi-regular way to repro it was to create lots of small files from multiple servers at the same time.

    The Behavior

    It would still be mounted but hang. The only indication of things being a problem would be a console hang when trying to df or use the filesystem.

    The kern.log also shows that there’s long waits waiting for either the application running on top, or the fuse client itself.

    Note: I was actually able to make the NFS client hang, but we don’t want to use the NFS client due to losing the graceful failover features etc. Performance has been reported to be an issue with the fuse client, but I was able to tune this pretty well. I don’t want to go into that here.

    The Solution

    The base CentOS 7 kernel is pretty old. I mean, it’s still updated, but it’s still 3.10.0-327.10.1 as of June 2016. Instead of compiling our own kernel, I grabbed the RPMs from Elrepo (http://elrepo.org/tiki/tiki-index.php).

    Installed this, after many days of troubleshooting, testing, and tuning, this solved the issue. No more lock-ups or fop STAT / LOCK issues.

    I didn’t want to go main-line 4.6 kernel, so I opted for the 4.5.4-1 stable kernel. You should also be aware these are VMs running under VMware.

    Here’s a quick hacked together Ansible playbook to handle the upgrade and verification for you via yum.

    Versions

    • Glusterfs Server – 3.7.11-1 (April 18 2016)
    • Glusterfs Fuse Client – 3.7.11-1
    • Old kernel 3.1.0-327.10.1.el7
    • New kernel 4.5.4-1.el7.elrepo

    – hosts: all
    sudo: true
    vars:
    kernel_version: “4.5.4-1.el7.elrepo”

    tasks:

    • name: Read Kernel Version

    command: ‘uname -r’
    register: result

    • name: Has kernel upgrade already completed

    fail: msg=”Kernel version already {{ kernel_version }}”
    when: “‘{{ kernel_version }}’ in result.stdout”

    • name: Uninstall Existing Kernel Packages

    yum: pkg={{item}} state=absent disable_gpg_check=yes
    with_items:

    • kernel-headers
    • kernel-tools
    • kernel-tools-libs
    • name: Install Existing Kernel Packages

    yum: pkg={{item}} update_cache=yes state=installed disable_gpg_check=yes
    with_items:

    • kernel-ml-{{ kernel_version }}
    • kernel-ml-devel-{{ kernel_version }}
    • kernel-ml-headers-{{ kernel_version }}
    • kernel-ml-tools-{{ kernel_version }}
    • kernel-ml-tools-libs-{{ kernel_version }}
    • kernel-ml-tools-libs-devel-{{ kernel_version }}
    • name: Set Boot Time Option for Kernel

    command: “grub2-set-default 0”

    • name: Change grub2 configs

    command: “grub2-mkconfig -o /boot/grub2/grub.cfg”

    • name: Read Kernel Version

    command: ‘uname -r’
    register: result
    ignore_errors: True

    • name: Print Kernel Version

    debug: var=result.stdout_lines

    • name: Restart server

    sudo: true
    command: “{{ item }}”
    async: 0
    poll: 0
    with_items:

    • “shutdown -r +1”

    ignore_errors: true

    • name: Wait for server to reboot

    wait_for: >
    host={{ inventory_hostname }}
    port=20848
    state=started
    delay=90
    timeout={{ 5 * 60 }}
    delegate_to: localhost

    • name: Read Kernel Version

    command: ‘uname -r’
    register: result
    ignore_errors: True

    • name: Print Kernel Version

    debug: var=result.stdout_lines

    • name: Did kernel upgrade fail

    fail: msg=”Kernel does not match {{ kernel_version }} actual kernel is result.stdout”
    when: “‘{{ kernel_version }}’ not in result.stdout”

     
  • duncanbowring 08:59 on May 10, 2016 Permalink | Reply
    Tags: firewalld   

    Add persistant rich firewalld rules (CentOS7) 

    This assumes CentOS 7 firewalld:

    firewall-cmd –permanent –add-rich-rule=’rule family=”ipv4″ source address=”5.5.5.5/32″ destination address=”1.2.3.4/32″ port port=”2000″ protocol=”tcp” accept’
    firewall-cmd —reload

     
  • duncanbowring 16:01 on April 29, 2016 Permalink | Reply
    Tags: Dovecot, iRedmail, , Mailing, Postfix, ,   

    SIMPLFIED: Your own mail server (Postfix, Dovecot, SpamAssasin, ClamAV, Roundcube, SSL, Admin Panel) 

    The Stack

    I was about to do the usual dance of setting up a mail system comprising of:

    • Postfix (outbound)
    • Dovecot (inbound – pop and imap)
    • MySQL (MariaDB for mailboxes etc.)
    • SpamAssassin (anti-spam)
    • ClamAV (anti-virus)
    • Roundcube (webmail)
    • Nginx (for the webmail)
    • SSL keys for everything
    • DNS – DKIM/SPF/etc
    • Fail2ban
    • IPTables firewall additions

    It’s pretty intense setting all this up, so it’s recommended that you build using a configuration management tool like Ansible.

    I took a look to see if there was a more modern way to do all this..

    Enter iRedmail

    iRedmail is an open source package that installs/configures all of the above and an administration panel iRedAdmin! The panel allows for user and domain administration but the pro version is what handles aliases and so on. It’s very expensive an unnecessary. You can make the same changes via the DB with one liners. If you have a server like Jenkins, you could easily push-button automate this. If/when I do, I’ll update this post.

    You still need to add all the DNS entries (SPF, DKIM, etc) and sort out your SSL certs, plus integration with a smarthost (like Sendgrid).

    Go here: http://www.iredmail.org/ and follow the instructions for your OS. It’s really *that* easy. It will even install the database server for you. 🙂

    Add SendGrid (or another smart host / relay service) support

    Postfix: /etc/postfix/main.cf

    However, the local AV instance expects an unencrypted connection, so you need to account for this. Remember to restart the service after the config change with (debian/ubuntu) /etc/init.d/postfix restart.

    # Sendgrid smarthost
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = static:USERNAME:PASSWORD
    smtp_sasl_security_options = noanonymous
    smtp_tls_security_level = encrypt
    header_size_limit = 4096000
    relayhost = [smtp.sendgrid.net]:587

    Postfix: /etc/postfix/master.cf

    Amavisd integration.
    smtp-amavis unix – – – – 2 smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20
    -o smtp_tls_security_level=none

    127.0.0.1:10025 inet n – – – – smtpd
    -o content_filter=
    -o mynetworks_style=host
    -o mynetworks=127.0.0.0/8
    -o local_recipient_maps=
    -o relay_recipient_maps=

    < snip >

     
  • duncanbowring 16:09 on April 22, 2016 Permalink | Reply
    Tags: ASCII, Diagrams, DITAA, Dokuwiki, Visio, Wiki   

    ASCII Flowcharts 

    You can generate this:

    Screen Shot 2016-04-22 at 11.59.58 PM

    From this:

    Screen Shot 2016-04-22 at 11.59.18 PM.png

    But create it visually, by using this (http://asciiflow.com):

    Screen Shot 2016-04-23 at 12.03.03 AM.png

    The Java based tool that generates the bitmap image from the ASCII graph is called DITAA (DIagrams Through Ascii Art) (http://ditaa.sourceforge.net/).

    I personally use the ditaa plugin for Dokuwiki this to embed flowchart diagrams into my Dokuwiki hosted documentation. Dokuwiki is a decently powerful wiki software similar to Mediawiki, etc. One major difference is that it uses flat files instead of an RDBMS. You can use either the flat file standard setup or the Git Backed plugin to have it as part of the SCM. Makes for much easier management and automatic documentation generation!

    Screen Shot 2016-04-23 at 12.07.01 AM.png

     

     
  • duncanbowring 18:52 on April 21, 2016 Permalink | Reply
    Tags: , gpg, yum   

    Disable GPG Key Check Yum CentOS 

    From yum -h:

    --nogpgcheck          disable gpg signature checking
     
  • duncanbowring 17:10 on April 21, 2016 Permalink | Reply
    Tags: Database, PGSQL, Postgres, SQL   

    PostgreSQL Tuner 

    Came across this super handy ‘rule of thumb’ quick PGSQL performance tuner..

    http://pgtune.leopard.in.ua/

     

     
  • duncanbowring 17:38 on April 12, 2016 Permalink | Reply
    Tags: , audit compliance, ci, jenkins, LDAP   

    Jenkins – Matrix access control, Active Directory, and Audit Compliance Logging 

    For Jenkins 1.x (tested with 1.656)

    Jenkins and plugins provide a pretty good way to have granular access control to the system and individual projects.

    This setup will allow you to:

    • Log in via an Active Directory user (individual or member of an AD group)
    • Granular access and visibility control to projects, Jenkins system, and more
    • ISO27k/ITHC compliant audit logging to syslog server
      • A copy of every change made and of the system configuration will be logged with the job config history plugin

    You can download Jenkins from here: https://jenkins.io/

    I recommend adding the Yum/Apt repository entries to the OS, this will help with keeping Jenkins updated.

    Install the following plugins:

    You can install them via the UI via the Manage Jenkins -> Manage Plugins option, or copy the downloaded hpi files into the Jenkins plugins directory and restart the service.

    Configuration

    Active Directory

    Manage Jenkins -> Configure Global Security -> Access Control -> Security Realm -> Active Directory -> Domain Name

    Configure the base domain name. For example – directlyops.com. Hitting Test should result in a Success message. If it doesn’t, you may have to configure more settings under Advanced.

    Manage Jenkins -> Configure Global Security -> Access Control -> Authorization -> Project-based Matrix Authorization Strategy

    Under user/group to add, enter the name of the AD user or group you want to control access for. The domain prefix is not required.

    From here, you can also assign permissions to specific items such as the ability to Run, and View a job. Anyone with the Administer permission will have the ability to see all jobs and do anything in the environment. It’s recommended you have a user in here with this permission that is tested before you remove the anonymous access rights.

    That’s it! You should be able to log into Jenkins with the domain username and password (no prefix or SPN form required).

    Within a Jenkins job, you can now enable Project-based security and then add the AD group or usernames to limit visibility/control to specific groups or users.

    Audit Trail

    If you’re in an environment where you need or want to have a reliable audit trail for compliance reasons, then you’re likely using Redhat or Centos (selinux!). The audit trail plugin can provide a similar audit trail output to a file or syslog server.

    Manage Jenkins -> Configure System -> Audit Trail

    Here is where to add logger. If you want to test it, add a Syslog server logger and write to localhost port 514. The audit trail will likely show up in /var/log/messages. If you’re using rsyslog server, adding in a config to /etc/rsyslog.d/jenkins_audit.conf will provide advanced capabilities to separate out the log from the main log.

    I prefer using the syslog server output, and then chaining syslog out to Logstash for ElasticSearch logging.

    Job Config History

    This plugin adds exact tracking of what the config changes are. It will maintain version control for system config and job configs. The audit trail is good to tell you what was modified and who modified it, this will keep track of what the changes were.

    System configuration tracking is not enabled by default, and you can only restore previous Job configuration, not system (however you can see system changes).

     

     
  • duncanbowring 22:30 on April 9, 2016 Permalink | Reply
    Tags: galera, , mariadb, MySQL, ubuntu   

    How to restore debian-sys-maint MySQL Maria user 

    I had an issue where I wiped this user out accidentally in a galera cluster on Ubuntu 14.04. This is how to add ‘debian-sys-maint’@’localhost’ user back into your MySQL server and then enjoy all the ‘benefits’ once more..

    You can then verify the user with SELECT * from mysql.user\G

    Make sure that the password in /etc/mysql/debian.conf matches the password below as THE_PASSWORD.

    use mysql;
    INSERT INTO `user` (
    	`Host`,
    	`User`,
    	`Password`,
    	`Select_priv`,
    	`Insert_priv`,
    	`Update_priv`,
    	`Delete_priv`,
    	`Create_priv`,
    	`Drop_priv`,
    	`Reload_priv`,
    	`Shutdown_priv`,
    	`Process_priv`,
    	`File_priv`,
    	`Grant_priv`,
    	`References_priv`,
    	`Index_priv`,
    	`Alter_priv`,
    	`Show_db_priv`,
    	`Super_priv`,
    	`Create_tmp_table_priv`,
    	`Lock_tables_priv`,
    	`Execute_priv`,
    	`Repl_slave_priv`,
    	`Repl_client_priv`,
    	`Create_view_priv`,
    	`Show_view_priv`,
    	`Create_routine_priv`,
    	`Alter_routine_priv`,
    	`Create_user_priv`,
    	`ssl_type`,
    	`ssl_cipher`,
    	`x509_issuer`,
    	`x509_subject`,
    	`max_questions`,
    	`max_updates`,
    	`max_connections`,
    	`max_user_connections`
    )
    VALUES (
    	'localhost',
    	'debian-sys-maint',
    	password('THE_PASSWORD'),
    	'Y',
    	'Y',
    	'Y',
    	'Y',
    	'Y',
    	'Y',
    	'Y',
    	'Y',
    	'Y',
    	'Y',
    	'Y',
    	'Y',
    	'Y',
    	'Y',
    	'Y',
    	'Y',
    	'Y',
    	'Y',
    	'Y',
    	'Y',
    	'Y',
    	'N',
    	'N',
    	'N',
    	'N',
    	'N',
    	'',
    	'',
    	'',
    	'',
    	0,
    	0,
    	0,
    	0
    );
    FLUSH PRIVILEGES;
     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel
%d bloggers like this: