Sunday, December 30, 2012

Review: Cisco Secure Firewall Services Module


Cisco Secure Firewall Services Module
Cisco Secure Firewall Services Module by Ray Blair

My rating: 5 of 5 stars



Reading one chapter in this book on the configuration took me 1/2 hour to configure the FWSM in single context routed mode vs all the documentation online from Cisco and everywhere else. 5 stars for that!



View all my reviews

Thursday, December 27, 2012

Review: MongoDB: The Definitive Guide


MongoDB: The Definitive Guide
MongoDB: The Definitive Guide by Kristina Chodorow

My rating: 4 of 5 stars



Great book and introduction to MongoDB - a must read if you are journeying into the land of NOSQL databases. I love Mongodb but coming from a relational background there are many things to learn about this JSON / BSON document based datastore. Great overview but you will need other books to get in much deeper with this product.



View all my reviews

Tuesday, December 25, 2012

Merry Christmas! - My Contribution to Github and Chef today - chef-nsupdate


DESCRIPTION

Chef's Cookbook to Add a DNS Record / Update a DNS Record to a specified DNS server.

Direct Link to the project on Github:

REQUIREMENTS

Platform:

The cookbook aims to be platform independent, but is tested on Ubuntu 12.04.

USAGE:

Add your cookbook to the chef server. Make sure you have the following setup.
1) The chef fqdn attribute must be set since the recipe uses the fqdn attribute of the node.
2) This recipe assumes that you have nameservers in the /etc/resolv.conf file and grabs the first DNS server and attempts to write a dns A record to the zone your current server is in. If you don't have nameservers in this file the recipe will not work.

Notes

This will work with any DNS Server but you must have a DNS Server that allows NON-Secured Updates - (We have a zone that we run internally that allows you to write to the DNS Server zone). If you need authentication you will need to modify the nsupdate command in this cookbook to support authentication.
We used a Windows 2003 / 2008 Active Directory DNS Server

LICENSE

chef-nsupdate - Allows you to update the FQDN on the node you are provisioning or using with a dns server you have access to (Authoritative).
Author:Harry Yeh (devops@cometcomputing.com)
Copyright:Copyright (c) 2008-2012 Comet Computing.
License:Apache License, Version 2.0
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Review: The Rails Way


The Rails Way
The Rails Way by Obie Fernandez

My rating: 4 of 5 stars



This is the original version of the book, there is a newer one that has come out. Great reference for the Rails framework but tougher to read if you are looking for a tutorial.



View all my reviews

Review: Learning Ruby


Learning Ruby
Learning Ruby by Michael Fitzgerald

My rating: 4 of 5 stars



A great introduction to Ruby the programming Language. I would say that you should learn Ruby before Jumping into Rails since much of the web framework makes more sense once you understand the architecture of how Ruby is.

Great introduction to the Language and Programming if you haven't done much before.



View all my reviews

Review: Introduction to Algorithms


Introduction to Algorithms
Introduction to Algorithms by Thomas H. Cormen

My rating: 4 of 5 stars



Good book to read if you are interested in learning some good computer algorithms or are new to the algorithm space. I read this book when I was doing my computer science course at Stanford and it helped when I was going through the Algorithms section of the course. Provides a great overview if you want to understand how computers sort.

I still refer to this every now and then I need to implement algorithms at a lower level.



View all my reviews

Monday, December 24, 2012

Review: The 4 Hour Workweek, Expanded And Updated: Expanded And Updated, With Over 100 New Pages Of Cutting Edge Content.


The 4 Hour Workweek, Expanded And Updated: Expanded And Updated, With Over 100 New Pages Of Cutting Edge Content.
The 4 Hour Workweek, Expanded And Updated: Expanded And Updated, With Over 100 New Pages Of Cutting Edge Content. by Timothy Ferriss

My rating: 5 of 5 stars



This book is a bible for any one who is an Entrepreneur.

A must read if you plan on running your own business or doing anything on your own.

If there was a list of top 5 books that any entrepreneur must read it is this one, and this book would be #1 on that list. It is not only inspiring but the knowledge in the book is applicable to real life. This is my personal all time favourite book and I always look forward to the updates Tim provides in the book.

I frequently refer to this book every now and then, re-read and often recommend it to established entrepreneurs, business folks, the 9 to 5 er's that want to get out of the rat race and new comers to the business world.



View all my reviews

Review: An American Hedge Fund


An American Hedge Fund
An American Hedge Fund by Timothy Sykes

My rating: 5 of 5 stars



Great book, read the whole thing in 1 sitting, very inspiring book and a great read if you are looking at getting a feel of how the real stock market really is and how the odds are stacked again the general population. Also a great story about how Tim got to where he is now as a very successful Pennystock trader.



View all my reviews

Review: The C Programming Language


The  C Programming Language
The C Programming Language by Brian W. Kernighan

My rating: 5 of 5 stars



Probably the best book out there on C and a great introduction even though it' super old. A great reference and introduciton. Makes me happy that I don't have to code in C that often anymore, however whenever I do need to reference some C code, this book comes in handy. This book, though it does help you build a great foundation for being one of the lower level (high level languages) like c++.



View all my reviews

Opscode Chef Cookbook chef-ipaddress for static ip address changes for nodes

DESCRIPTION

Chef's Cookbook to change an ip address on a node server and set it to static based on attributes defined in a JSON file. This has been tested and verified working on Ubuntu 12.04. All the receipe does is set a static ip by overwriting the /etc/network/interfaces file in Ubuntu.

Direct Link to the project on Github:

REQUIREMENTS

Platform:

The cookbook aims to be platform independant, but is tested on Ubuntu 12.04.

USAGE:

Add your cookbook to the chef server. Make sure you have the following data bag setup.
knife cookbook upload chef-ipaddress
You will need a databag in chef named "servers" the following is a sample data bag
{
    "id": "server1",
    "interfaces": [
        {
                    "name":"eth0",
                "address": "192.168.1.2",
                "netmask": "255.255.255.0",
                "gateway": "192.168.1.1",
                "dns-nameservers": "192.168.1.1 192.168.1.2",
                "dns-search": "test-domain.com"

        },
                {
                                "name":"eth1",
                "address": "192.168.2.2",
                "netmask": "255.255.255.0"
                }
    ]
}
Assume you have a file called server1.json use the knife command to add this databag to chef before you add this to the run list. The json file name must match the name of the nodename in chef or this will not work. Or you have to set the attribute set_hostname below when you add it to the run list.
knife data bag from file servers server1.json

Notes

Right now if you put this in your run-list and execute chef-client on the node you want this to happen on, you will have to reboot the server manually for the changes to occur. I've commented out Line #23 in default.rb. If you uncomment this it will automatically restart the network connection when you run it.

ATTRIBUTES

set_hostname - this parameter only needs to be set if you are doing a bootstrap

LICENSE

chef-ipaddress - Changing the ip address on a linux system using chef.
Author:Harry Yeh (devops@cometcomputing.com)
Copyright:Copyright (c) 2008-2012 Comet Computing.
License:Apache License, Version 2.0
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Sunday, December 23, 2012

Review: Machine Learning for Hackers


Machine Learning for Hackers
Machine Learning for Hackers by Drew Conway

My rating: 4 of 5 stars



A great read on the Plane and an introduction to Machine Learning if you are a developer. You hear the term thrown around a lot today especially with programming, big data and algorithms.



View all my reviews

Review: Steve Jobs


Steve Jobs
Steve Jobs by Walter Isaacson

My rating: 5 of 5 stars



Great book I read this whole thing in 2 sittings sold 8 hours or reading. A must read if you are to read any autobiography.



View all my reviews

Review: The RSpec Book: Behaviour Driven Development with Rspec, Cucumber, and Friends


The RSpec Book: Behaviour Driven Development with Rspec, Cucumber, and Friends
The RSpec Book: Behaviour Driven Development with Rspec, Cucumber, and Friends by David Chelimsky

My rating: 4 of 5 stars



Good Introduction and uses on RSPEC instead of using the default Test::Unit - We use RSPEC a lot in our projects



View all my reviews

Saturday, December 22, 2012

Gitolite Server / Git Client setup on Ubuntu 12.04 LTS

This Blog Post will go through at a high level how to setup your own git server. Why would you want to do this? Well there are a number of reasons


  1. GitHub.com goes down (Which it did today) 12/22/2012 - It's not the end of the world but it might as well be if all your developer code is on github.com!github down 730x554 GitHub confirms major service outage across all its services following scheduled maintenance
  2. Local Performance - will always be better with your own hosted server
  3. Better Control and security.
GitHub.com is great for social coding, but I was never a fan of having our own developer code or our client's code out there on the public internet. Even with security, I find that the local or self hosted servers give you more control (like anything that's not cloud based).

We will be using gitolite and Ubuntu 12.04 and I've also include gitweb so there is a browser based version of the tool to work with gitolite server.

Git Server Setup and Install
apt-get -y install git-core git-doc apache2

gitolite setup

sudo addgroup gitolite
sudo adduser --disabled-password --home /home/gitolite --ingroup gitolite gitolite
passwd gitolite

{gitolite password}

sudo apt-get -y install gitolite

usermod -a -G gitolite www-data
su - gitolite

ssh-keygen -t rsa
(choose no passphrase)


cd ~
cd .ssh
cp id_rsa.pub /tmp
gl-setup /tmp/id_rsa.pub


Change the following variable to below

$REPO_UMASK = 0027;


On your local machine

You should now be able to clone the gitolite-admin.git repository that’s created automatically by the gitolite setup script:

git clone gitolite@{git.server.ip}:gitolite-admin.git


Edit gitolite.conf to enable gitweb and git-daemon export for testing:

# FROM YOUR LOCAL MACHINE
cd gitolite-admin
vim conf/gitolite.conf
# change to:
repo    testing
    RW+     =   @all
    R       =   daemon
testing "Owner" = "Test repo"

exit the file

git add conf/gitolite.conf
git commit -m "Enabled gitweb and git-daemon export for testing repo"
git push
cd ..


Setting the repo owner and description automatically gives read access to gitweb so you don’t have to specify it explicitly.
Clone testing and add a file (so it’s not empty):

git clone gitolite@{git.server.ip}:testing.git
cd testing
echo "README" > README
git add README
git commit -m "Added README"
git push origin master

gitweb setup
Install gitweb:

sudo apt-get -y install highlight gitweb
Change the gitweb configuration to use the gitolite repo paths:

vim /etc/gitweb.conf
# change $projectroot to "/home/gitolite/repositories";
# change $projects_list to "/home/gitolite/projects.list";


Git Daemon Setup

apt-get install git-daemon-run

vim /etc/sv/git-daemon/run
Change:

#!/bin/sh
exec 2>&1
echo 'git-daemon starting.'
exec chpst -ugitdaemon \
"$(git --exec-path)"/git-daemon --verbose --base-path=/var/cache /var/cache/git
to:

IMPORTANT: notice the change from -ugitdaemon to -ugitdaemon:gitolite

#!/bin/sh
exec 2>&1
echo 'git-daemon starting.'
exec chpst -ugitdaemon:gitolite \
"$(git --exec-path)"/git-daemon --verbose --base-path=/home/gitolite/repositories /home/gitolite/repositories



Pretty Ur’ls

Comment out everything in this file

vim /etc/apache2/conf.d/gitweb

Add the Following to the file
vim /etc/apache2/sites-available/git

<VirtualHost *:80>
  ServerName git.server
  ServerAdmin webmaster@git.server
  DocumentRoot /usr/share/gitweb

  <Directory /usr/share/gitweb>
      Options FollowSymLinks ExecCGI
      AddHandler cgi-script cgi
      RewriteEngine On
      RewriteCond %{REQUEST_FILENAME} !-f
      RewriteCond %{REQUEST_FILENAME} !-d
      RewriteRule ^.* /index.cgi/$0 [L,PT]
  </Directory>
</VirtualHost>


a2enmod rewrite
apache2ctl restart

Add the Following to the file

vim /etc/gitweb.conf


# Enable PATH_INFO so the server can produce URLs of the
# form: http://git.cdwilson.us/project.git/xxx/xxx
# This allows for pretty URLs *within* the Git repository, where
# my Apache rewrite rules are not active.
$feature{'pathinfo'}{'default'} = [1];



Enable Other options

$feature{'blame'}{'default'} = [1];
$feature{'blame'}{'override'} = 1;

$feature{'pickaxe'}{'default'} = [1];
$feature{'pickaxe'}{'override'} = 1;

$feature{'snapshot'}{'default'} = [1];
$feature{'snapshot'}{'override'} = 1;

$feature{'search'}{'default'} = [1];

$feature{'grep'}{'default'} = [1];
$feature{'grep'}{'override'} = 1;

$feature{'show-sizes'}{'default'} = [1];
$feature{'show-sizes'}{'override'} = 1;

$feature{'avatar'}{'default'} = ['gravatar'];
$feature{'avatar'}{'override'} = 1;

$feature{'highlight'}{'default'} = [1];
$feature{'highlight'}{'override'} = 1;


Custom Theme

sudo mv /usr/share/gitweb/static/gitweb.js /usr/share/gitweb/static/gitweb.js.orig
sudo mv /usr/share/gitweb/static/gitweb.css /usr/share/gitweb/static/gitweb.css.orig
cd /tmp
git clone git://github.com/kogakure/gitweb-theme.git
cd gitweb-theme
sudo cp gitweb.css gitweb.js /usr/share/gitweb/static/





Authorized Keys for new users - be sure to add the bolded part
scp ~/.ssh/id_rsa.pub {git.server.ip}:/tmp/id_rsa.pub


# gitolite start
command="/usr/share/gitolite/gl-auth-command username",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AXYZAAAB3NzaC1yc2EAAAADAQABAAABAQDh5pv2q85zDaL0qNTZ4DaPKRar5zPiBprXDEBxKJLkHtFZ9hrc4/BCKflixOCwljRM/UqLMNEOfTyaWynBJbBGxttWtgxFf0R4XEfWwpGNqdU2A3aAx09r6Y+TB0sVXI4aCXk7QJME46K8j3FhAfAA3PfW77DELSoW/9t2nZjv50KpmJS7SbDLn85ncua0w6zhGW7c7hSCy/EObTNY7FhLR1qd4uYFuD6wA1n2UG98UbHzFJoBv8Q2Tfb4gBk4DoYliOKOH6NBTObKDLnNTJ90Jgcr7MGdZHPIrCroUZGlK6R username@computername


Adding SSH Keys to the repository server

cat id_rsa.pub >> .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
rm id_rsa_gitolite.pub




Adding a repository

Now we can create our repositories:
mkdir myrepo.git
cd !$
git --bare init



git init
git remote rm origin
Now we can add our new remote:

git remote add origin gitolite@git.servername.com:myrepo.git
git push origin master



Adding Users
you will need to add local users on the gitolite server in order for them to SCP their private keys over
adduser {username}

Git Software
Resources and Reading (Highly Recommended)

http://git-scm.com/book

I Also wrote another article about Git Branching check it out!

http://www.harryyeh.com/2012/08/git-version-control-quick-reference.html


Git Client on Windows
Download and install

http://code.google.com/p/msysgit/downloads/detail?name=Git-1.7.10-preview20120409.exe&can=2&q=

Install choosing the git bash option

Git Bash is the program we are using. Git gui is good for Browsing

http://nathanj.github.com/gitguide/tour.html

example: Setup Username

git config --global user.name {First Name Last Name}

git config --global user.email {email}

ssh-keygen -t rsa
cd ~
notepad .ssh/id_rsa.pub  (this will show the key in notepad)

Git Client on Linux
On your local machine type the following commands - we assume the user name is ubuntu
gitolite uses ssh keys to manage access to the git repositories. In the following steps, we set up gitolite to initialize its admin repository with your public key.

apt-get -y install git-core git-doc
ssh-keygen -t rsa -f id_rsa_gitolite
scp ~/.ssh/id_rsa.pub {git server}:/tmp/id_rsa.pub

example: Setup Username

git config --global user.name {First Name Last Name}
git config --global user.email {email}

Friday, December 07, 2012

Ubuntu 12.04 Building your Own Local Ruby Gem Server using RBENV / NGINX Unicorn

There are times you would like to run your own gem server. You may want to share gems with colleagues when you are both without internet connectivity. You may have private code, internal to your organization, that you’d like to distribute and manage as gems without making the source publicly available. In this blog post, I've configured Ubuntu 12.04, RBENV, Nginx and Unicorn to serve Ruby Gems locally.

Install RBENV


git clone git://github.com/sstephenson/rbenv.git /usr/local/rbenv

# Add rbenv to the path:
echo '# rbenv setup' > /etc/profile.d/rbenv.sh
echo 'export RBENV_ROOT=/usr/local/rbenv' >> /etc/profile.d/rbenv.sh
echo 'export PATH="$RBENV_ROOT/bin:$PATH"' >> /etc/profile.d/rbenv.sh
echo 'eval "$(rbenv init -)"' >> /etc/profile.d/rbenv.sh

chmod +x /etc/profile.d/rbenv.sh
source /etc/profile.d/rbenv.sh

# Install ruby-build:
pushd /tmp
git clone git://github.com/sstephenson/ruby-build.git
cd ruby-build
./install.sh
popd

# Install Ruby 1.9.3-p125:
rbenv install 1.9.3-p194
rbenv global 1.9.3-p194

# Rehash:
rbenv rehash

Nginx / Unicorn

add-apt-repository ppa:nginx/stable
apt-get update
apt-get -y install nginx git-core build-essential

gem install unicorn --no-rdoc --no-ri
rbenv rehash


Add the following environment config variables to a file at

/etc/unicorn/geminabox
RAILS_ROOT=/var/www/geminabox
RAILS_ENV=production

create app-specific unicorn init file here and make it executable

vim /etc/init.d/geminabox


chmod +x /etc/init.d/geminabox


/etc/init.d/geminabox start

sample init.d script

#! /bin/bash

### BEGIN INIT INFO
# Provides:          unicorn
# Required-Start:    $local_fs $remote_fs $network $syslog
# Required-Stop:     $local_fs $remote_fs $network $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: starts the unicorn web server
# Description:       starts unicorn
### END INIT INFO
APP=/var/www/geminabox/
USER=root
PATH=/usr/local/rbenv/bin:/usr/local/rbenv/shims:$PATH
DAEMON=unicorn
DAEMON_OPTS="-c $APP/config/unicorn.rb -E production -D"
NAME=unicorn
DESC="Unicorn app for $USER"
PID=/var/www/pids/unicorn.pid

case "$1" in
start)
     CD_TO_APP_DIR="cd $APP"
     START_DAEMON_PROCESS="bundle exec $DAEMON $DAEMON_OPTS"

     echo -n "Starting $DESC: "
     if [ `whoami` = root ]; then
       su - $USER -c "$CD_TO_APP_DIR > /dev/null 2>&1 && $START_DAEMON_PROCESS"
     else
       $CD_TO_APP_DIR > /dev/null 2>&1 && $START_DAEMON_PROCESS
     fi
     echo "$NAME."
     ;;
stop)
     echo -n "Stopping $DESC: "
     kill -QUIT `cat $PID`
     echo "$NAME."
     ;;
restart)
     echo -n "Restarting $DESC: "
     kill -USR2 `cat $PID`
     echo "$NAME."
     ;;
reload)
     echo -n "Reloading $DESC configuration: "
     kill -HUP `cat $PID`
     echo "$NAME."
     ;;
*)
     echo "Usage: $NAME {start|stop|restart|reload}" >&2
     exit 1
     ;;
esac

exit 0

Gemfile



gem "unicorn"

sample /var/www/geminabox/app/unicorn.rb


# See http://unicorn.bogomips.org/Unicorn/Configurator.html for complete documentation
#
# This file should go in the config directory of your Rails app e.g. config/unicorn.rb

app_dir = "/var/www/geminabox/"
worker_processes 10
working_directory app_dir

# Load app into the master before forking workers for super-fast
# worker spawn times
preload_app true

# nuke workers after 60 seconds (the default)
timeout 60

# listen on a Unix domain socket and/or a TCP port,

listen 8080 # listen to port 8080 on all TCP interfaces
#listen "127.0.0.1:8080"  # listen to port 8080 on the loopback interface
listen "/tmp/geminabox.socket"

# Don't set user if you are already running as the user (will cause a massive chown loop of death)
# This is for if you execute as root and become user.
#user 'example.co.uk', 'example.co.uk'

pid "/var/www/pids/unicorn.pid"
stderr_path "#{app_dir}/log/unicorn.stderr.log"
stdout_path "#{app_dir}/log/unicorn.stdout.log"

# http://www.rubyenterpriseedition.com/faq.html#adapt_apps_for_cow
if GC.respond_to?(:copy_on_write_friendly=)
GC.copy_on_write_friendly = true
end


before_fork do |server, worker|
# the following is highly recomended for Rails + "preload_app true"
# as there's no need for the master process to hold a connection
defined?(ActiveRecord::Base) and ActiveRecord::Base.connection.disconnect!

##
# When sent a USR2, Unicorn will suffix its pidfile with .oldbin and
# immediately start loading up a new version of itself (loaded with a new
# version of our app). When this new Unicorn is completely loaded
# it will begin spawning workers. The first worker spawned will check to
# see if an .oldbin pidfile exists. If so, this means we've just booted up
# a new Unicorn and need to tell the old one that it can now die. To do so
# we send it a QUIT.
#
# Using this method we get 0 downtime deploys.

old_pid = "#{server.config[:pid]}.oldbin"

if File.exists?(old_pid) && server.pid != old_pid
 begin
   sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
   Process.kill(sig, File.read(old_pid).to_i)
 rescue Errno::ENOENT, Errno::ESRCH
   # someone else did our job for us
 end
end
end

after_fork do |server, worker|
# Unicorn master loads the app then forks off workers - because of the way
# Unix forking works, we need to make sure we aren't using any of the parent's
# sockets, e.g. db connection

defined?(ActiveRecord::Base) and ActiveRecord::Base.establish_connection
# Redis and Memcached would go here but their connections are established
# on demand, so the master never opens a socket
end

sample /etc/nginx/sites-available/geminabox


upstream example-workers {
 # fail_timeout=0 means we always retry an upstream even if it failed
 # to return a good HTTP response (in case the Unicorn master nukes a single worker for timing out).
 server unix:/tmp/geminabox.socket fail_timeout=0;
}

server {
listen                80; # default;
server_name           www.testserver.com;
root                  /var/www/geminabox/;
client_max_body_size 10m;
location / {
 access_log          off;

 include proxy_params;
 proxy_redirect off;

 if (-f $request_filename) {
   access_log          off;
   expires             max;
   break;
 }

 if (-f $request_filename.html) {
   rewrite (.*) $1.html break;
 }

 if (!-f $request_filename) {
   proxy_pass          http://example-workers;
   break;
 }
}
}


Link the files in NGINX

ln -s /etc/nginx/sites-available/geminabox /etc/nginx/sites-enabled/geminabox


Start on Boot
update-rc.d geminabox defaults

Gem in a Box

https://github.com/cwninja/geminabox

cd /var
mkdir www
cd www
mkdir geminabox
cd geminabox
mkdir data


vim config.ru

require "rubygems"
require "geminabox"

Geminabox.data = "/var/www/geminabox/data" # ... or wherever
run Geminabox


vim Gemfile

gem "unicorn"
gem "geminabox"