October 23, 2013
Recently the ansible apt module got fnmatch (shell) style wildcard support for installing packages. Aparently this broke the workflow for some users who passed a “*” via a variable to apt to get the candidate version installed.
A more descriptive way of achiving this is to use the one of the special words “candidate”, “installed”, “newest” in the version tag or in the release tag.
For example you can write:
# apt-get install ansible/newest
# apt-get install 2vcard=candidate
As in the ansible case, this can be a useful default for script that calcuclate a version and need to fallback to a default.
October 12, 2013
The recently released apt 0.9.12 contains a bunch of good stuff, bugfixes and cleanups. But there are two new feature I particularly like.
The first is the new parameter “–with-new-pkgs” for the upgrade
# apt-get upgrade --with-new-pkgs
that will install new dependencies on the upgrade but never remove
packages. A typical use-case is a stable system that gets a kernel
with a new kernel ABI package.
The second is “–show-progress” for
install/remove/upgrade/dist-upgrade which will show inline progress
when dpkg is running to indicate the global progress.
# apt-get install --show-progress tea
Selecting previously unselected package tea-data.
(Reading database ... 380116 files and directories currently installed.)
Unpacking tea-data (from .../tea-data_33.1.0-1_all.deb) ...
Progress: [ 10%]
Progress: [ 20%]
Progress: [ 30%]
Selecting previously unselected package tea.
Unpacking tea (from .../tea_33.1.0-1_amd64.deb) ...
Progress: [ 40%]
Progress: [ 50%]
Progress: [ 60%]
Processing triggers for doc-base ...
Processing 2 added doc-base files...
Registering documents with scrollkeeper...
Processing triggers for man-db ...
Setting up tea-data (33.1.0-1) ...
Progress: [ 70%]
Progress: [ 80%]
Setting up tea (33.1.0-1) ...
Progress: [ 90%]
For the install progress, there is also a new experimental option
“Dpkg::Progress-Fancy”. It will display a persistent progress status bar in the last terminal line. This works like this:
# apt-get -o Dpkg::Progress-Fancy=true install tea
This kind of information is obviously most useful on complex operations like big installs or (release) upgrades.
September 24, 2013
My friend Peter (Kiwinote) has a very interessting new project called AppGrid. Its a replacement for the ubuntu software center written from scratch. Peter contributed a lot to the original software-center so he knows the problem domain quite well. You should give it a try, it can be added via:
$ sudo add-apt-repository -y ppa:appgrid/stable
$ sudo apt-get update && sudo apt-get install -y appgrid
Then it can be found in the dash as “App Grid”. I hope you like it!
July 19, 2013
I like django and the more I work with it, the more I like it
For a unittest I needed to simulate requests coming from different remote addresses. And the django.test.client.Client makes this pretty easy:
def request(self, **request):
request["REMOTE_ADDR"] = "192.168.%i.%i" % (random.randint(1,254), random.randint(1,254))
return super(DistributedTestClient, self).request(**request)
client_class = DistributedTestClient
July 7, 2013
I implemented sha512crypt in nodejs here.
$ ./demo.js pass salt
$ python -c 'import crypt; crypt.crypt("pass", "$6$salt")
With that, I plan to extend the PassHash firefox plugin to use that as the default algorithm for the password generation.
June 26, 2013
One of the projects I created a while ago is called “rapt (restricted apt)“. As I was asked about it on irc about recently I thought I should mention it here as well
It is a python-apt app that will allow regular users to install/update software or install build-depends via sudo without giving them full root access. rapt will ensure that there is no interaction (like conffile prompts or debconf) that might allow the user to get a rootshell. It allows blacklisting and with a suiteable sources.list it is a easy way to give limited access to more trusted users. One use-case is to allow developers to install build dependencies on a staging machine.
You can install it via
$ bzr branch lp:rapt
and just run the binary via sudo (and a sudoers file that allows to run it). All it needs is python and python-apt (which is installed on most system anyway).
June 9, 2013
I added sha512 support to the PassHash firefox extension here (and added pull request to get it into the upstream branch). I felt its important to do this after reading this article.
June 1, 2013
When using ansible and its “setup” module to gather ad-hoc facts-data about multiple hosts, remember that it runs the jobs in parallel which may result in out-of-order output. With “ansible -f1″ the number of parallel processes can be limited to one to ensure this won’t happen. E.g.:
$ ansible all -f1 -m setup -a filter=ansible_mounts
(the filter argument for the facts module is also a nice feature).
May 30, 2013
I recently started using ansible to automate some server administration tasks.
Its very cool and easy to learn/extend. One nice feature is the “facts” gathering. It will collect information about the host(s) and stores them in its internal variables. This is useful for conditional execution of tasks (see below) but also as a ad-hoc way to gather information like DMI information or the running kernel.
To see all “facts” known to ansible about the hosts, run:
$ ansible all -m setup
To execute tasks conditionally you can do something like this:
- name: install vmware packages
action: apt pkg=open-vm-tools
only_if: "'$ansible_virtualization_type' == 'VMware'"
Note that ansible 1.2+ has a different (and simpler) conditional called “when”.
Ansible is available in Ubuntu 12.04+ via:
$ sudo apt-get install ansible
It is also available in Debian unstable and testing.
May 16, 2013
Due to popular demand I moved debian apt and python-apt from bzr to git today. Moving was pretty painless:
$ git init
$ bzr fast-export --export-marks=marks.bzr -b debian/sid /path/to/debian-sid | git fast-import --export-marks=marks.git
And then a fast-import for the debian-wheezy and debian-experimental branches too. Then a
$ git gc --aggressive
(thanks to Guillem Jover for pointing this out) and that was it.
The branches are available at: