Tuesday, January 24, 2017

Migrating Proxmox VMs with Python

Using the Proxmox API with Python to Migrate Virtual Machines

I hate doing repetitive tasks, and am always on the lookout for a way to save myself time.

I noticed the other day how much time it was taking me to move virtual machines around using the Proxmox web interface. When doing updates I like to move all the virtual machines off of the machine being updated in the cluster. This is easy to do with the "migrate all" option inside of the web interface. However moving those machines back to the original host was a pain and required a lot of clicking. So I spent an hour and whipped up a quick and dirty python script to do the migrations for me. It only works with KVM based virtual machines right now but it would be simple to adapt to move container based virtual machines. It also only authenticates against PAM right now, again it would be a fairly trivial change to fix that.

Usage

To use the script edit the PROXMOX_HOST global variable and put in the host, FQDN or IP address of your proxmox cluster and adjust the Proxmox port if necessary. Then just call:
./proxmoxMigrate.py -n <node where vms currently reside> -t <node where you want them to end up> <space seperated list of VM ids>

For example:
./proxmoxMigrate.py -n proxmox1 -t proxmox2 100 101 103 104


The Script


Thursday, January 12, 2017

Monitoring the Network

Network Monitoring with collectd

Scattered around campus is a few thousand network ports. Most of the ports I don't care what they are doing so no alerting needed but, occasionally when there is an issue and it is nice to have an idea of what the network looked like historically. Enter the SNMP plugin for collectd. I chose collectd because of the vast number of plugins available for it, the fact that its config is file based and that it can be scaled horizontally. Having a file based configuration allows me to check my changes into version control allowing easier auditing and disaster recovery.

Installing collectd and related tools is as simple as enabling the EPEL repository and doing a:
yum install collectd-rrdtool collectd-snmp httpd php git

That  installs everything you need to start graphing your network ports. We will use Collectd Graph Panel to view the pretty graphs that collectd makes.

Simple collectd Configuration

FQDNLookup true

LoadPlugin rrdtool
<plugin rrdtool>
       DataDir "/var/lib/collectd/rrd"
       CacheTimeout 120
       CacheFlush   900
</plugin>

LoadPlugin snmp
<plugin snmp>
   <data std_traffic>
       Type "if_octets"
       Table true
       Instance "IF-MIB::ifDescr"
       Values "IF-MIB::ifInOctets" "IF-MIB::ifOutOctets"
   </data>
   <host "my.host.name">
       Address "192.168.1.40"
       Version 2
       Community "public"
       Collect "std_traffic"
   </host>
</plugin>

Collectd Graph Panel Installation

To install the Collectd Graph Panel just clone the git repository into your web root and it works pretty much out of the box.
git clone https://github.com/pommi/CGP.git

Conclusion

That's it! Really that is all that is needed to start graphing your network ports. This provides a basic system that can easily be expanded and tweaked based on your needs.

Monday, April 6, 2015

Stupid Yo! tricks with Spark Core

Intro

Yo made a huge splash when it first came out. It was all over the tech news sites and of course I had to download the app and see what the hype was. Like all the tech news sites said it was dead simple to use push a button and send a Yo. After a while I found some services via the Yo store. A Yo would be sent when a new post was made or something happened that you cared about (a package delivered, your favorite instagramer uploads a new photo, etc.).

My local ski mountain Yo's whenever 6" of new snow falls, this was pretty much the only reason I kept Yo. It was my killer app for Yo but I wanted more, enter Spark. I have a Spark Core and it is perfect for internet of things (IoT) projects. I wanted a light to turn on whenever 6" of snow fell on the moutain, so I would know even if I didn't have my phone close to me.

Yo provides a simple callback to a webpage whenever a Yo is received which is pretty awesome. The callback includes the username and location if it was included as a GET variable. The setup is fairly simple and straight forward, Yo calls back to a webpage that does some basic checks and then uses the Spark cloud to activate the light on the Spark Core.

Code

Wednesday, July 30, 2014

Android Studio on Fedora 20 x86_64

Android Studio is an IDE made by Google for developing Android applications. It is an alternative to Eclipse with the Andriod plugin installed. It works quite well under Fedora 20 as long as you install the required dependencies. Android studio requires some i386 libs to be installed that aren't on x86_64 systems by default. To install them:

yum install glibc.i686 zlib.i686 libstdc++-devel.i686

Once that is completed finish installing Android Studio using Google's directions.

Tuesday, June 4, 2013

Using GitHub with Saltstack

Salt Master with GitHub

I have started using a better work flow with my salt. Mainly integrating GitHub as my file backend. This isn't a new feature as the git backend in salt has been available for a while now but I finally started using it. It simplifies making changes when I am not at my desk as I can just clone the project make the changes and push it back out. Not to mention having a record of what was changed when is great for when things break.

The Setup

Setting up the salt master is easy only a few lines are needed to enable it. In your salt master config file (typically /etc/salt/master) add the following lines.

fileserver_backend:
  - git
gitfs_remotes:
  - git+ssh://git@github.com/kaptk2/gitfs.git

Replace the git+ssh:// line with your repository information.

Make sure you add a deploy key to your repository and test the key. Information on setting up deploy keys can be found on GitHub's site. After the key is tested restart the salt master and check your logs to make sure no errors pop up.

Conclustion

Salt is now powered by a GitHub repository, giving you all the nice stuff that git provides and the ability to work with others easily through GitHub.

References:

Wednesday, February 6, 2013

Enable Nested KVM Machines with Fedora 18


KVM on top of KVM

Nested KVM allows you to run a KVM virtual machine on top of an already virtualized machine (yo dawg). Why would you want to do this? Well for me it is simple I want to test some KVM tools out without using actual hardware. Another use case might be for somebody who purchases a beefy "cloud" machine and wants to split that up into smaller pieces.

How To Do It?

Some configuration needs to happen on the Fedora 18 physical host. You need to enable kvm nested if you are using an Intel processor (AMD has it enabled by default). To do that create or edit /etc/modprobe.d/kvm-intel.conf. Add the line "options kvm-intel nested=1" (without quotes) and reboot your machine. Once the machine has rebooted check to make sure the change took by "cat /sys/module/kvm_intel/parameters/nested". That should return "Y", once you see that you are good to go. Edit your KVM machine and add "vmx" to your CPU features. Bam! virtual machines inside your virtual machines.

Tuesday, February 5, 2013

My New Way to Manage Passwords

Keeping Passwords Secure

So like most everybody I have a bunch of passwords. Unlike most everybody I use unique passwords per site as much as possible to limit the damage if one gets compromised. Since I am not good at remembering crazy long passwords I use a tool called Keepass to keep everything organized. Keepass is available for Linux, Windows, Mac, iPad/iPod and Android. It stores everything in a encrypted database.

The Setup

I use Fedora on my desktop computers and Android on my mobile devices. I also use Dropbox to store files. You can probably guess where I am going with this... store your Keepass database on your Dropbox share. Now that allows you to get to your passwords anywhere you have internet access. However that wasn't quite what I was looking for. There is one more piece of magic that makes this system just awesome. A program called Dropsync for Android. This program automatically downloads your password database from Dropbox and keeps it synced on your mobile device. This allows for offline access to your passwords as well as the ability to add stuff from your mobile device and have it sync to your desktop devices.

One Last Hint

Dropbox offers the ability to share folders with other Dropbox users. A password database can be put in a folder and shared with somebody. That allows for a password database to be used by multiple people. A way to use feature is to keep your root passwords in the database and have the folder shared across the administrators in your organization. This allows other people to get to the root passwords if the world is crashing down and normal login methods in no longer work.

Conclusion

This system works really well for me. Even if the password database were to get released Keepass has done a lot to prevent it from being decrypted by an attacker. Disagree with me? Let me know in the comments.