Wednesday, July 22, 2015

Guerrilla Fix-It: Hotel Lamp Edition

This brand of lamp normally has both plugs facing "forward" like the one on the left.  Most power adapters can't fit, because of the black square piece right there.  Now, if it's loose -- and they frequently are -- you can twist it about 30° to one side and wedge your power adapter in there.  But there's no way to twist it to face a full 90° like the one on the right.

Someone "fixed" it.  I've been to this hotel dozens of times, and none of the other rooms have it like this.  I guess it's just a matter of having a screwdriver with you ... but who took the time?  Some sort of Robin Hood electrician is on the loose.

Wednesday, July 15, 2015

Going "Off the Graph"

That's not a typo, I'm curious about getting off the graph, not off the grid.  I love the grid.  It streams movies at me, and lets me get cash from a machine, and lets me send text messages, and lets me look up words I read in my digital book right there on the same tablet.
Königsberg's Troublesome Bridges

It's the graph that spooks me.  It's the connection of every digital transaction (money, tweet, border crossing, phone call) you ever make into one big fat map that suggests ("profiles?") who you are.

You don't have to be paranoid about the NSA watching every single thing you do.  (Ding! Just added a node to their graph.)  You could be paranoid about stores watching your buying habits to target you with marketing.  For instance, as my brother explains, when you purchase felt pads to keep your furniture from scratching the floor, you get added to a marketing list of new homeowners.  It's presumed that your sudden care for floors stems from presently owning them, instead of renting them.

Is it possible to reduce the number of nodes you're adding to your graph, in this day and age?  I'm curious.  Drug dealers have been doing it for ages with "burner phones."  Executives count on the fact that their hotel pay-per-view purchases will be "discreetly charged."  You can't surprise your partner on Valentines' Day if they saw the hotel room deposit on your joint credit card statement.

So.  How far off the graph can a fully functional, modern-day, employed, human get?

Wednesday, July 8, 2015

Changing VMware Fusion DHCP Lease Times

At any one time, I've got a dozen or so virtual machines that I might want to boot a subset of.  Monday and Tuesday I might need one bunch, but Wednesday through Friday another.  VMware Fusion's default lease time is a day, which means frequently those early-week machines are assigned IPs that the later-in-the-week machines were previously using.  Flip-flop batches and they collide.

Well, you can change the default and maximum lease times that Fusion gives out to guests by using the `vmnet-cfgcli` command.  It's pretty easy, and you do it on a per-vmnet basis.  To query the current values, for example on the NAT vmnet8 device, goes like this:


  sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cfgcli getdhcpparam vmnet8 defleasetime
  sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cfgcli getdhcpparam vmnet8 maxleasetime

And you set the values, again with an example on the NAT network, like this:

  sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cfgcli setdhcpparam vmnet8 defleasetime <seconds>
  sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cfgcli setdhcpparam vmnet8 maxleasetime <seconds>

Restart VMware Fusion and you're all set.  Machines requesting a new lease will now receive one with the updated settings.  By the way, a week is 604800 seconds.

Thursday, April 9, 2015

Build a Puppet Master on CentOS 7 -- Hella Quick-Style

I build Puppet environments all the time, which means I need to set up Puppet Masters all the time.  Here's what I do to get a Master (with PuppetDB) running on CentOS 7 "hella quick-style."

Build a CentOS 7 machine and set its hostname. I'm going to call mine "kermit.localdomain."

hostnamectl set-hostname kermit.localdomain

Then add the official PuppetLabs yum repo to the system's sources.

rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm

Now yum can install the Puppet Master for you.

yum -y install puppet-server

The easiest way to generate the Master's SSL keypair and self-sign its certificate is to just start up the Master in the foreground and then control-C out of it once it's done the SSL bits. (There must be a more elegant way to do this.)

puppet master --verbose --no-daemonize
[Ctrl-C]

Aim the Master's own Agent at itself. The last stanza in a stock Puppet install's puppet.conf is the [agent] section, so we can get away with just appending to it. (Again, using "kermit" in this example.)

echo 'server = kermit.localdomain' >> /etc/puppet/puppet.conf

Add a [master] stanza to the puppet.conf file. On a stock install, it's safe to just append to the file.

cat >> /etc/puppet/puppet.conf <<EOF
[master]
    environmentpath = \$confdir/environments
    basemodulepath = /etc/puppet/modules
    reports = store,log,puppetdb
    storeconfigs = true
    storeconfigs_backend = puppetdb
EOF


The Master won't start without a production environment, so make an empty one.

mkdir -p /etc/puppet/environments/production/{modules,manifests}
echo 'node default {}' > /etc/puppet/environments/production/manifests/site.pp

Install PuppetDB.

yum -y install puppetdb puppetdb-terminus openssl

Configure PuppetDB. (Calling the machine "kermit," like before.)

cat > /etc/puppet/puppetdb.conf <<EOF
[main]
    server = kermit.localdomain
    port = 8081
EOF

And set up PuppetDB as a terminus.

cat > /etc/puppet/routes.yaml <<EOF
---
master:
  facts:
    terminus: puppetdb
    cache: yaml
EOF

Copy the package-supplied Hiera configuration file to a place where the Master can find it. You'll likely need to update the 'datadir' and your hierarchy later, but for now the stock one is fine.

cp /etc/hiera.yaml /etc/puppet/hiera.yaml

Set up firewalld with a rule for Puppet traffic on port 8140.

cat > /etc/firewalld/services/puppetmaster.xml <<EOF
<?xml version="1.0" encoding="utf-8"?>
  <service>
    <short>puppetmaster</short>
    <description>Puppet Master</description>
    <port protocol="tcp" port="8140"/>
  </service>
EOF

Tell firewalld to use the rule.

firewall-cmd --permanent --add-service=puppetmaster   # may take two tries
firewall-cmd --reload

And finally, start up all the pieces.

puppet resource service puppetdb ensure=running enable=true
puppet resource service puppetmaster ensure=running enable=true
puppet resource service puppet ensure=running enable=true

That's it! If you have to troubleshoot, tail /var/log/messages for clues. Remember, you can kick off Puppet runs manually with `puppet agent -t` to see what's going on during a run.