Tuesday, June 4, 2013

Using GitHub with Saltstack

Salt Master with GitHub

I have started using a better work flow with my salt. Mainly integrating GitHub as my file backend. This isn't a new feature as the git backend in salt has been available for a while now but I finally started using it. It simplifies making changes when I am not at my desk as I can just clone the project make the changes and push it back out. Not to mention having a record of what was changed when is great for when things break.

The Setup

Setting up the salt master is easy only a few lines are needed to enable it. In your salt master config file (typically /etc/salt/master) add the following lines.

fileserver_backend:
  - git
gitfs_remotes:
  - git+ssh://git@github.com/kaptk2/gitfs.git

Replace the git+ssh:// line with your repository information.

Make sure you add a deploy key to your repository and test the key. Information on setting up deploy keys can be found on GitHub's site. After the key is tested restart the salt master and check your logs to make sure no errors pop up.

Conclustion

Salt is now powered by a GitHub repository, giving you all the nice stuff that git provides and the ability to work with others easily through GitHub.

References:

Wednesday, February 6, 2013

Enable Nested KVM Machines with Fedora 18


KVM on top of KVM

Nested KVM allows you to run a KVM virtual machine on top of an already virtualized machine (yo dawg). Why would you want to do this? Well for me it is simple I want to test some KVM tools out without using actual hardware. Another use case might be for somebody who purchases a beefy "cloud" machine and wants to split that up into smaller pieces.

How To Do It?

Some configuration needs to happen on the Fedora 18 physical host. You need to enable kvm nested if you are using an Intel processor (AMD has it enabled by default). To do that create or edit /etc/modprobe.d/kvm-intel.conf. Add the line "options kvm-intel nested=1" (without quotes) and reboot your machine. Once the machine has rebooted check to make sure the change took by "cat /sys/module/kvm_intel/parameters/nested". That should return "Y", once you see that you are good to go. Edit your KVM machine and add "vmx" to your CPU features. Bam! virtual machines inside your virtual machines.

Tuesday, February 5, 2013

My New Way to Manage Passwords

Keeping Passwords Secure

So like most everybody I have a bunch of passwords. Unlike most everybody I use unique passwords per site as much as possible to limit the damage if one gets compromised. Since I am not good at remembering crazy long passwords I use a tool called Keepass to keep everything organized. Keepass is available for Linux, Windows, Mac, iPad/iPod and Android. It stores everything in a encrypted database.

The Setup

I use Fedora on my desktop computers and Android on my mobile devices. I also use Dropbox to store files. You can probably guess where I am going with this... store your Keepass database on your Dropbox share. Now that allows you to get to your passwords anywhere you have internet access. However that wasn't quite what I was looking for. There is one more piece of magic that makes this system just awesome. A program called Dropsync for Android. This program automatically downloads your password database from Dropbox and keeps it synced on your mobile device. This allows for offline access to your passwords as well as the ability to add stuff from your mobile device and have it sync to your desktop devices.

One Last Hint

Dropbox offers the ability to share folders with other Dropbox users. A password database can be put in a folder and shared with somebody. That allows for a password database to be used by multiple people. A way to use feature is to keep your root passwords in the database and have the folder shared across the administrators in your organization. This allows other people to get to the root passwords if the world is crashing down and normal login methods in no longer work.

Conclusion

This system works really well for me. Even if the password database were to get released Keepass has done a lot to prevent it from being decrypted by an attacker. Disagree with me? Let me know in the comments.

Friday, December 21, 2012

Raspberry PI and GPIO Quick Start

Simple Start to Using the GPIO Pins

The Raspberry Pi is a small single board computer aimed at the hobby and education markets. It comes in two flavours, model A and model B. Model A has only one USB port and no Ethernet jack, it retails at $25. Model B is the more popular board includes 2 USB ports and an Ethernet connection. It retails at $35. Both include the GPIO pins so this post will apply to them both, although you will need to do additional work to get the required libraries installed on the model A since you can't download them from the Internet.

Getting Started

I will be using Arch as my distribution of choice and will be programming in Python 3. If you are using Raspbian most of this will still apply, just some translation of the install commands will have to happen. After installing Arch and booting up your Pi you will need to install some software. To do that we will be using pacman.

As root:
pacman -S gcc python python-pip
pip install RPi.GPIO
Once that completes you can then write your test program. Create a new file named button.py and type in the program below.
#!/usr/bin/python

import time
import RPi.GPIO as GPIO

GPIO.setmode(GPIO.BOARD)

GPIO.setup(11, GPIO.IN)
count = 0

while True:
        if not GPIO.input(11):
                count += 1
                print ("button pushed", count)
                time.sleep(.2)
Let's walk through exactly what this program is doing. We import the needed libraries at the top, then we set the GPIO mode. The mode allows use to choose whether to  use the Raspberry Pi GPIO number scheme (GPIO.BOARD) or the BCM chip GPIO numbering scheme (GPIO.BCM). I have chosen to use the Raspberry Pi's scheme as it will hopefully be more future compatible. Traditionally when working with microprocessors the microchips numbering scheme is used. In this case we are using GPIO 17 so if we wanted to go that route we could just change the mode to be BCM and line 12 to look like:
 if not GPIO.input(17):
The rest of the program is simple. We set our pin to input mode and initialize a counter. It then goes to an infinite loop checking if the button is pushed. If it is it increments a counter and displays that count then it sleeps for a short time and does it again. The sleep is there to provide for some rudimentary button de-bounce and also to give you a chance to get your finger off the button before the counter is incremented another time.

Circuit Layout

The circuit we are going to build is simple when the button is pushed the LED will light and if the button.py program is running you should see the counter increment. When you get tired of this just hit control C to end the program.

Parts List:
  1. 10K Resistor
  2. 1K Resistor
  3. SPST NO momentary switch
  4. LED of some kind
The circuit should look like what is pictured below.

Remember to use the 3.3v output of the GPIO as the Pi is not 5v tolerant. To test your circuit turn on the Pi and push the button, if everything goes right you should see the LED light up.

Putting it all together

Once you have the LED lighting up it is time to test your program. To do this simply run button.py as root. Every time you push the button you should see the counter increment. This simple example should hopefully give you a good idea on how to get started using the GPIO pins on your Raspberry Pi.

Thursday, December 20, 2012

The $8 Web Server

Control Your World

In my last post I showed how to take an ATMEGA328 chip and add the necessary parts to make something that is Arduino compatible. The next building block is to interface your project to internet.

The heart of this project is the ENC28J60 chip by Microchip. It is a pretty much self contained Ethernet interface device, very few supporting components needed to add Ethernet to almost any project. While you can build the circuit from scratch on a breadboard a more economical way is to buy it pre-assembled from eBay.

Assembly of the parts

Once all of the parts are gathered up you will need to connect everything together.

ENC28J60 ModuleArduino Clone
CSD10
SID11
SOD12
SCKD13
RESETRESET
INTD2
VCC3V3
GNDGND

Loading the Library

The definitive source for the library is maintained on github, it is located at https://github.com/jcw/ethercard. Simply download the code and place it in your libraries directory and then restart the IDE so the files show up. Once that is done fire up one of the examples to check your work.

Wednesday, December 19, 2012

The $4 Arduino Clone

Along Comes Arduino

I have been tinkering with electronics ever since I was little. I got my first taste of micro-controllers using the PIC16C84. At the time the hobbyist electronics market was small and while programming the PIC was easy the learning curve was fairly steep. Along comes the Arduino and suddenly the barrier to entry is gone. Fast forward to present day, I got tired of leaving $30 worth of electronic parts for each project I wanted to do. So I decided to strip down the Arduino to only the most essential parts, so that I could harness the power of Arduino in my projects without feeling like I was throwing money away.

Parts List

PartQtyPrice
ATMEGA328-PU1$3.50
22pF Capacitor2$0.02
100nF Capacitor4$0.04
10µF Capacitor1$0.01
10KΩ Resistor1$0.01
1N4148 Diode1$0.01
16MHz Quartz Crystal1$0.10
6mm Tactile Switch1$0.04
Total:$3.73
CP21021$2.34
Grand Total:$6.07

This is all that is needed to build and program your own Arduino clone. The CP2102 is a USB to TTL converter it is used to program the chip. You only need one of these to program as many chips as you want. The CP2102 however does not work out of the box. You need to solder a male header pin to the DTR pin on the CP2102. More details can be found at http://blog.tarn-vedra.de/2011/09/using-cp2102-on-arduino.html

Assembly

Assembly is best done on a breadboard to start following the schematic below.
You will need to procure a USB A to A cable in order to program this.

Closing Thoughts

The CP2102 is an optional part if you already have an Arduino or some other means of programming the ATMEGA chip. This brings the cost down $3.73 per clone. There are cheaper ways using the ATtiny85 ($1.29) but sometimes you need a little more horsepower. Or maybe you want to build the $8 web server.

References:

  1. http://shrimping.it/blog/
  2. CP2102 Infomation

Tuesday, December 18, 2012

Using ZFS under CentOS

Using ZFS

In my last post I showed how to get ZFS installed on CentOS 6.3. This post will serve as a quick start guide.

Creating a ZFS file system

The first thing you will want to do is to create a zfs file system. The syntax is simple and straight forward.
zpool create store mirror /dev/sda /dev/sdb
The above command creates a mirrored ZFS file system and mounts it at /store. That is the simplest use case you have a mirrored device that provides some hardware failure resilience.

Getting more complex

Creating a simple mirror is fine and good but lets show a little more complex example.
zpool create store raidz /dev/sdc /dev/sdd /dev/sde spare /dev/sdf
The above command create a RAID5 like ZFS file system and mounts it at /store. It also includes a hot spare drive. Other options other than raidz include raidz2 and raidz3 giving you even more redundancy.

You may want to create other ZFS file systems under your /store to give additional control  (for example setting quota's).
zfs create store/user1
zfs set quota=10G store/user1
Some of the other cool things you can do is turn on NFS sharing, enable compression or enable deduplication. To learn more about the more advanced stuff you can do with ZFS I recommend reading the ZFS Administrators Guide.