13 March 2015
by Deimos
0 comments

Nousmotards: mon nouveau projet pour les motards

0.00 avg. rating (0% score) - 0 votes

logo_nm

Un blog post en français cette fois ci, car ça ne concerne que les Français (pour l’instant) pour vous expliquer le nouveau projet que j’entreprends avec 2 amis. L’idée est simple, vous êtes motards, vous aimez les balades à moto…l’application est faites pour vous !

Aucune application n’est à l’heure actuelle disponible sur Smartphone qui fait ce que nous proposons. Il s’agit d’une application à la Facebook like, ou vous pouvez inviter des amis, créer des clubs de moto, proposer et planifier des itinéraires, partager vos parcours effectués et beaucoup d’autres choses. Nous prévoyons un grand nombre de fonctionnalités pratiques et sécuritaires, tel que la détection de chutes, un bouton “motard en galère”, etc…

Un forum est à votre disposition pour discuter des fonctionnalités que vous aimeriez voir apparaitre ou les soucis que vous pouvez rencontrer. Nous n’en n’avons activé qu’une partie pour le moment et en avons encore beaucoup sous le pied ;-). Si vous êtes tenté de tester, allez faire un tour sur le site et demandez l’accès à la bêta privée !

Venez essayer notre application, c’est gratuit, communautaire et avec un esprit de motard 🙂

N’hésitez pas à faire de la pub, nous avons besoin de monde pour cette beta privée

27 February 2015
by Deimos
1 Comment

Ansible: Neo4j role available on Ansible Galaxy

0.00 avg. rating (0% score) - 0 votes

no4j_logo

For a new project (will talk about it later), I needed to use Neo4J (graph database if you don’t know it yet).

I tried to cover more features than the current existing Ansible roles available on Ansible Galaxy. More will come in the next weeks. I also tried to make it simple to install it and do not force dependencies at maximum. Here are parameters you can set:

You can find the Ansible role for Neo4j here, it manages all versions (community, enterprise…) and you can install Spatial plugin as well easilly.

Hope it will help

25 February 2015
by Deimos
0 comments

Ansible: LXC role updated for Jessie

0.00 avg. rating (0% score) - 0 votes

lxc_logo

Since several weeks, I’m playing a lot with Debian Jessie as a server. I discovered some bugs, reported them to Debian, they’ve been fixed etc…good news! I also wanted to test the new version of LXC.

So I decided to upgrade my 2 personal servers to Jessie. But that wasn’t so easy with Systemd. I still encounter non critical issues and going to prepare report bugs for Debian (cgroups issues with systemd).
The new version of LXC inside Debian is better integrated than the previous was (which was really younger), so I updated the ANsible LXC role for Jessie.

Hope you’ll enjoy.

11 February 2015
by Deimos
2 Comments

Generate changelog from git commits and integrate with Sphinxdoc

0.00 avg. rating (0% score) - 0 votes

Git logo

For another personal project (that I can’t talk about for the moment ;-)), I wanted to have a Changelog file to get a better following of the infrastructure evolution (configuration management, scripts…all under git). Of course the documentation is very important, but when you do not write it at the same time you’re building the infrastructure, it may be complex to remember each little things you’ve done. That’s why a Changelog can help to understand how the infrastructure has been built step by step.

I’m going to show you how I achieved it. This is not a generic system, but brings you the keys to adapt for your needs.

The goal

That’s why I wanted to have a Changelog up to date. But…have you ever tried to maintain by hand a Changelog? I pretty sure yes and you know this is boring! That’s why I wanted something automatic. More than that, I wanted to have direct links to my ticketing system on hashtags detection.
A few weeks ago, I watched a video on a Meetup about how to level up with git (one of the best practices and why). After adopting and adapting a bit this, I decided to have commits comments format like that:

With this kind of comments, I was able to generate something to help me to build the Changelog. In the same video, they were talking about a custom Ruby script which cloud do the job. However a big part of my tools and infrastructure are written in Python and wanted to have a maintained tool in Python to do it.

The tool

After a little bit of research, I’ve found gitchangelog tool. This is a light Python script installable via pip which will generate a markdown file from git logs. That was exactly what I was searching for. But as you know, it doesn’t work out of the box because I already have decided of the format I wanted.

So I adapted the configuration (.gitchangelog.rc) to make it work with the wished log format. The configuration looks like this:

As you can see, it’s only regex. You can read the full commented lines in the configuration file (shrinked here) for a better understanding of what you can do. Subject is separated from the body, they both have their own regex and a link to the ticketing system is automatically generated with ‘#INF-‘ prefix. I do not wanted the body information appearing in the Changelog, so I substituted the content with nothing.

I was now able to generate markdown by using gitchangelog command. There, I achieved the first step.

Integration with sphinxdoc

To make it better, I wanted to have an integration with Sphinxdoc as I’m using it for the project. I updated so the Makefile to generate the changelog before making the documentation like that:

The result

The result looks like this:

sphinx_changelog

Cool isn’t it? No more manual Changelog to do and it’s nicely integrated in Sphinxdoc 🙂

Avoid mistakes with hook

To get a good Changelog without issues, I also needed to have a hook on the server side to check and validate the subject. The git server I’m using for the project is Stash and I’m using an already existing hook to do the job. This is not perfect but it works with this regex:

You may need to develop a custom hook on other git server.

Hope you’ve enjoyed reading

29 January 2015
by Deimos
2 Comments

WordPress: how I almost lost my blog and want to switch

0.00 avg. rating (0% score) - 0 votes

epic_fail_cry

A few days ago I wanted to play with HAProxy SSL offloading. It was a good experience and alternative to Nginx SSL offloading (I already talked about in this blog). But this is not the topic here…

When I was trying to make the offload working on the blog, I modified WordPress options which switched my blog into an infinite loop mode. As it was late and I was tired (bad idea), I just wanted to rollback my changes and needed to recover a SQL backup to do it fast. So I first restored a compressed backup on the host, uncompressed it, didn’t checked the size of the backup, dropped the database, created a new one and restored a 0k database! At this time my head wanted to throw against the wall.

When I was searching for a previous backup, I didn’t find any correct one, because of an option I changed a few months ago in MariaDB, this is also called a big fail ;-),. At this time I thought having totally lost my blog. My backup script didn’t catch the issue I had :-(.

So on the road to find an impossible dump, I decided to deploy a Vagrant Debian box running MariaDB and restored the MySQL data folder with tables files (complete /var/lib/mysql) inside this VM. I started MariaDB without any problems and launched a forced repair of all the tables (Thanks MariaDB). That was quite fast because I do not have a big database (only a few hundreds of Mb). Once done I dumped it without errors and could restore the database on my server.

This is how I recovered it. The funniest thing in that story is I was searching for a WordPress alternative a few hours before. I’m a little bit fed up having a database just for blogs with so less interaction. That’s why I’d like to switch to another one.

My goal is to have a blog:

  • Faster (ideally static)
  • Without database
  • Git-able
  • Writable in Markup
  • With social integration
  • With social publish
  • With code syntax color

I’ve found Jekyll or Octopress as the best alternative. A colleague also talked to me about GetGrave. It seems that all of those points can be covered. I would like feedbacks from my readers please :-).

Now the first thing I’m going to add in my todo top list, is the implementation of a Jenkins to replay backups and monitoring integration. I can’t lost my data because of a such silly thing. The other thing I once again observe is to stop doing things like this when tired.

27 January 2015
by Deimos
5 Comments

Offload SSL with HAProxy

0.00 avg. rating (0% score) - 0 votes

A few months ago, I already talked about offloading SSL with Nginx. I also wanted to try it with HAProxy which can be more interesting in some cases.

The good

On HAProxy, the good thing is the simplicity to do it. First of all you need to have at least the version 1.5 of HAProxy so to get SSL support. Then you only need those lines to offload SSL:

This is simple, powerful and works quickly.

The other good point is you don’t have to update all your vhosts for it on the web server side. You can only run on the 80 port and HAProxy will automatically redirect to the web server.
Theses are the good points.

The bad

The bad ones are :

  • The server-unified.pem file needs to include all the certificates (ca, crt…). So if you have multiple domains with multiple certificates, you have to concatenate them all in one file. This could quickly be a nightmare to manage when you have one of those which is going to expire (or you need to script the generation of the server-unified on each update).
  • If you don’t want to concatenate, you can define a directory and put all of them inside. But this is not a good solution if you have a lot of certs to manage.
  • The flexibility. Of course, the main role of HAProxy is to load balance properly. So if you’re expecting as flexibility as Nginx, simply forget about it. On the Layer 7, HAProxy adds some great features, but not as many as Nginx. So depending on what is you goal, it may not fit your requirements on that part.

A bad situation would be with URL specifics that need to be passed to the web server and then looping to the HAProxy, etc… That’s why you need to consider where the intelligence should be placed (on top on HAProxy or on top on Nginx).

Conclusion

Nginx and HAProxy are both able to offload SSL. HAProxy setup is lighter than Nginx which permit a faster setup but with less features. Both have their pros and cons, I do not recommend one especially because they both do correctly the job. But you need to think about the complexity of what you are requesting to them.

For example, if you have multiple vhosts to handle, the a good way to address it, would be to have a dedicated HAProxy instance for each domain (things that can be done in Cloud environment with load balancer as a service like on OpenStack). It will be easier to manage and with less risks in problem case.

To finish, I made a documentation on how to setup the SSL offload on HAProxy. Hope it will help.