Tuesday, June 4, 2013

Using GitHub with Saltstack

Salt Master with GitHub

I have started using a better work flow with my salt. Mainly integrating GitHub as my file backend. This isn't a new feature as the git backend in salt has been available for a while now but I finally started using it. It simplifies making changes when I am not at my desk as I can just clone the project make the changes and push it back out. Not to mention having a record of what was changed when is great for when things break.

The Setup

Setting up the salt master is easy only a few lines are needed to enable it. In your salt master config file (typically /etc/salt/master) add the following lines.

fileserver_backend:
  - git
gitfs_remotes:
  - git+ssh://git@github.com/kaptk2/gitfs.git

Replace the git+ssh:// line with your repository information.

Make sure you add a deploy key to your repository and test the key. Information on setting up deploy keys can be found on GitHub's site. After the key is tested restart the salt master and check your logs to make sure no errors pop up.

Conclustion

Salt is now powered by a GitHub repository, giving you all the nice stuff that git provides and the ability to work with others easily through GitHub.

References:

Wednesday, February 6, 2013

Enable Nested KVM Machines with Fedora 18


KVM on top of KVM

Nested KVM allows you to run a KVM virtual machine on top of an already virtualized machine (yo dawg). Why would you want to do this? Well for me it is simple I want to test some KVM tools out without using actual hardware. Another use case might be for somebody who purchases a beefy "cloud" machine and wants to split that up into smaller pieces.

How To Do It?

Some configuration needs to happen on the Fedora 18 physical host. You need to enable kvm nested if you are using an Intel processor (AMD has it enabled by default). To do that create or edit /etc/modprobe.d/kvm-intel.conf. Add the line "options kvm-intel nested=1" (without quotes) and reboot your machine. Once the machine has rebooted check to make sure the change took by "cat /sys/module/kvm_intel/parameters/nested". That should return "Y", once you see that you are good to go. Edit your KVM machine and add "vmx" to your CPU features. Bam! virtual machines inside your virtual machines.

Tuesday, February 5, 2013

My New Way to Manage Passwords

Keeping Passwords Secure

So like most everybody I have a bunch of passwords. Unlike most everybody I use unique passwords per site as much as possible to limit the damage if one gets compromised. Since I am not good at remembering crazy long passwords I use a tool called Keepass to keep everything organized. Keepass is available for Linux, Windows, Mac, iPad/iPod and Android. It stores everything in a encrypted database.

The Setup

I use Fedora on my desktop computers and Android on my mobile devices. I also use Dropbox to store files. You can probably guess where I am going with this... store your Keepass database on your Dropbox share. Now that allows you to get to your passwords anywhere you have internet access. However that wasn't quite what I was looking for. There is one more piece of magic that makes this system just awesome. A program called Dropsync for Android. This program automatically downloads your password database from Dropbox and keeps it synced on your mobile device. This allows for offline access to your passwords as well as the ability to add stuff from your mobile device and have it sync to your desktop devices.

One Last Hint

Dropbox offers the ability to share folders with other Dropbox users. A password database can be put in a folder and shared with somebody. That allows for a password database to be used by multiple people. A way to use feature is to keep your root passwords in the database and have the folder shared across the administrators in your organization. This allows other people to get to the root passwords if the world is crashing down and normal login methods in no longer work.

Conclusion

This system works really well for me. Even if the password database were to get released Keepass has done a lot to prevent it from being decrypted by an attacker. Disagree with me? Let me know in the comments.