Posts in the code category
This post is part of a series.
- Docker Swarm with Ceph for cross-server files
- Upgrading Ceph in Docker Swarm
- Docker Swarm Cluster Improvements (This Post)
Since my previous posts about running docker-swarm with ceph, I’ve been using this fairly extensively in production and made some changes to the setup that follows on from the previous posts.
This post is part of a series.
- Docker Swarm with Ceph for cross-server files
- Upgrading Ceph in Docker Swarm (This Post)
- Docker Swarm Cluster Improvements
This post is a followup to an earlier blog bost regarding setting up a docker-swarm cluster with ceph.
I’ve been running this cluster for a while now quite happily however since setting it up, a new version of ceph has been released - nautilus - so now it’s time for some upgrades.
Note: This post is out of date now.
I would suggest looking at this post and using the docker-compose based upgrade workflow instead, up to the housekeeping part.
I’ve mostly followed https://docs.ceph.com/docs/master/releases/nautilus/#upgrading-from-mimic-or-luminous but adapted it for the fact we’re running everything in docker. I recommend that you have a read though this yourself first to have an idea of what we are doing and why.
(It’s worth noting at this point that this guide was mostly written after the fact based on command history so I may have missed something. It’s always a good idea to do this on a test cluster first, or in a maintenance window!)
This all started with a comment I overheard at work from a colleague talking about a 2FA implementation on a service they were using.
“It works fine on everything except Google Authenticator on iPhone.”
… What? This comment alone immediately piqued my interest, I stopped what I was doing, turned round, and asked him to explain.
He explained that a service he was using provided 2FA support using TOTP codes. As is normal, they provided a QR Code, you scanned it with your TOTP application (Google Authenticator or Authy or so), then you typed in the verification code - and it worked for both Google Authenticator and Authy on his Android phone, but only with Authy and not Google Authenticator on another colleagues iPhone.
This totally nerd sniped me, and I just had to take a look.
This post is part of a series.
- Docker Swarm with Ceph for cross-server files (This Post)
- Upgrading Ceph in Docker Swarm
- Docker Swarm Cluster Improvements
I’ve been wanting to play with Docker Swarm for a while now for hosting containers, and finally sat down this weekend to do it.
Something that has always stopped me before now was that I wanted to have some kind of cross-site storage but I don’t have any kind of SAN storage available to me just standalone hosts. I’ve been able to work around this using ceph on the nodes.
Note: I’ve never used ceph before, I don’t really know what I’m doing with ceph, so this is all a bit of guesswork. I used Funky Penguin’s Geek Cookbook as a basis for some of this, though some things have changed since then, and I’m using base-centOS not AtomicHost (I tried AtomicHost, but wanted a newer-version of docker so switched away).
All my physical servers run Proxmox, and this is no exception. On 3 of these host nodes I created a new VM (1 per node) to be part of the cluster. These all have 3 disks, 1 for the base OS, 1 for Ceph, 1 for cloud-init (The non-cloud-init disks are all SCSI with individual iothreads).
For a few years now I’ve been enjoying Eric Wastl’s Advent of Code. For those unaware, each year since 2015 Advent of Code provides a 2-part coding challenge every day from December 1st to December 25th.
In previous years, Myself and Chris have been fairly informally trying to
see who was able to produce the fastest code (Me in PHP, Chris in Python). In the final week of last year to
assist with this, we both made our repos
run in Docker and produce time output for each day.
This allowed us to run each other’s code locally to compare fairly without needing to install the other’s dev environment, and made the testing a bit fairer as it was no longer dependant on who had the faster CPU when running their own solution. For the rest of the year this was fine and we carried on as normal. As we got to the end I remarked it would be fun to have a web interface that automatically dealt with it and showed us the scores, but there was obviously no point in doing that once the year was over. Maybe in a future year…
Fast forward to this year. Myself and Chris (and ChrisN) coded up our Day 1 solutions as normal and then some other friends started doing it for the first time. I remembered my plans from the previous year and suggested everyone should also docker-ify their repos… and so they agreed…
This post is part of a series.
- DNS Hosting - Part 1: History
- DNS Hosting - Part 2: The rewrite
- DNS Hosting - Part 3: Putting it all together (This Post)
In my previous posts I discussed the history leading up to, and the eventual rewrite of my DNS hosting solution. So this post will (finally) talk briefly about how it all runs in production on MyDNSHost.
Shortly before the whole rewrite I’d found myself playing around a bit with Docker for another
project, so I decided early on that I was going to make use of Docker for the main bulk of the setup to allow
me to not need to worry about incompatibilities between different parts of the stack that needed different
versions of things, and to update different bits at different times.
The system is split up into a number of containers (and could probably be split up into more).
This post is part of a series.
- DNS Hosting - Part 1: History
- DNS Hosting - Part 2: The rewrite (This Post)
- DNS Hosting - Part 3: Putting it all together
In my previous post about DNS Hosting I discussed the history leading up to when I decided I needed a better personal DNS hosting solution. I decided to code one myself to replace what I had been using previously.
I decided there was a few things that were needed:
These were the basic criteria and what I started off with when I designed MyDNSHost.
A while ago I posted a python script that allowed automatically adding labels to GMail messages based on contact groups.
Unfortunately, a side effect of this script was that Google occasionally would lock an account out for “suspicious activity”, and for this reason I stopped using the script.
However recently I looked at Google Apps Scripts to see if this would allow me to recreate this using Google-Approved APIs, and the good news is, yes it does.
The following script implements the same behaviour as the old python script. It checks every thread from the past 2 dates (so today, and yesterday) and then for each message in the thread gets the list of groups the sender is in (if the sender is a contact, and in any groups) and then checks to see if there are labels that match the same name, if so it applies them to the message.
To get this running, create a new project on the Google Apps script page, then paste the code in.
Modify scheduledProcessInbox and processInboxAll to include a label prefix if
desired (eg contacts/) and then enable the desired schedule (click on the clock icon in the
toolbar). Once this has been scheduled you can run an initial pass over the inbox using
processInboxAll() - however this is limited to the last 500 threads.
The code can now be found here on github
Any questions/comments/bugs please leave them here or on github.
First post in over a year! Oops.
For a while now, my home ADSL provider (EntaNET) has provided me with an IPv6 allocation, but I’ve never really used it (Its been on my to-do list for some time) primarily due to the fact that it is unsupported by Endian which I use for my home router/firewall.
However the other day after being asked about IPv6 at my day job, I decided I wanted to get this working, and decided to document it here in case it can assist anyone else in future. (I also finally got round to completing the Hurricane Electric IPv6 Certification up to sage level)
There’s a few things worth noting before we continue here.
With this in mind, we continue to the actual important stuff!
I recently encountered a problem on a server that I manage where by the oidentd server didn’t seem to be working.
Manual tests worked, but connecting to IRC Servers didn’t.
I tried switching oidentd with ident2 and the same problem.
After switching back, and a bit of debugging later it appeared that the problem was that the IRC Servers were expecting spaces in the ident reply, whereas oidentd wasn’t giving them.
I then quickly threw together an xinet.d-powered ident server with support for spoofing.