Posts
Docker Compose
I use Traefik as my reverse proxy. Here is a snippet of my Docker Compose file for Mastodon:
######################
# Mastodon #
######################
mastodon-db:
image: postgres:14-alpine
container_name: mastodon-db
shm_size: 256mb
environment:
- UID=${PUID}
- GID=${PGID}
- TZ=${TZ}
- POSTGRES_HOST_AUTH_METHOD=trust
volumes:
- /root/docker/appdata/mastodon/dbdata:/var/lib/postgresql/data
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped
mastodon-redis:
image: redis:7-alpine
container_name: mastodon-redis
environment:
- UID=${PUID}
- GID=${PGID}
- TZ=${TZ}
volumes:
- /root/docker/appdata/mastodon/redis:/data
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped
mastodon-web:
image: tootsuite/mastodon
container_name: mastodon-web
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
env_file:
- .mastodon.env
environment:
- UID=${PUID}
- GID=${PGID}
- TZ=${TZ}
volumes:
- /root/docker/appdata/mastodon/public/system:/mastodon/public/system
labels:
- "traefik.enable=true"
- "traefik.http.routers.mastodon-web.rule=Host(`toot.onitato.com`)"
- "traefik.http.routers.mastodon-web.entrypoints=https"
- "traefik.http.routers.mastodon-web.tls=true"
- "traefik.http.routers.mastodon-web.tls.certresolver=letsencrypt"
- "traefik.http.routers.mastodon-web.middlewares=authelia@docker"
- "com.centurylinklabs.watchtower.enable=true"
ports:
- "3000:3000"
restart: unless-stopped
depends_on:
- traefik
- mastodon-redis
- mastodon-db
mastodon-streaming:
image: tootsuite/mastodon
container_name: mastodon-streaming
command: node ./streaming
env_file:
- .mastodon.env
environment:
- UID=${PUID}
- GID=${PGID}
- TZ=${TZ}
labels:
- "traefik.enable=true"
- "traefik.http.services.mastodon-web.loadbalancer.server.port=4000"
- "traefik.http.routers.mastodon-streaming.rule=(Host(`toot.onitato.com`) && PathPrefix(`/api/v1/streaming`))"
- "traefik.http.routers.mastodon-streaming.entrypoints=https"
- "traefik.http.routers.mastodon-streaming.tls=true"
- "traefik.http.routers.mastodon-streaming.tls.certresolver=letsencrypt"
- "traefik.http.routers.mastodon-streaming.middlewares=authelia@docker"
- "com.centurylinklabs.watchtower.enable=true"
ports:
- "4000:4000"
restart: unless-stopped
depends_on:
- traefik
- mastodon-redis
- mastodon-db
mastodon-sidekiq:
image: tootsuite/mastodon
container_name: mastodon-sidekiq
command: bundle exec sidekiq
env_file:
- .mastodon.env
environment:
- UID=${PUID}
- GID=${PGID}
- TZ=${TZ}
volumes:
- /root/docker/appdata/mastodon/public/system:/mastodon/public/system
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped
depends_on:
- mastodon-redis
- mastodon-db
mastodon.env
mastodon.env was generated using these instructions:
What is Extra Life?
Donate
I’ve pledged to play games and raise funds for kids at my local children’s hospital. Please visit my Extra Life Page to make a donation. Your donation is tax-deductible and will make miracles happen for families who desperately need them.
Watch
Visit my Twitch Stream and Follow my channel so you are notified when I go live on Game Day, November 5th, 2022.
I was invited to the Ford F-150 Lightning event here in Denver, CO. I got to ride along in the new Lightning and get an up close and personal look. They also had an E-Transit on site as well.
Test Ride
Let’s start with the most exciting part. After registration, I walked straight over to the test ride tent. Unfortunately, I was prohibited from recording anything inside the vehicle during the test ride. Here’s the video of the others taking a test ride:
I had an article published on the Netflix Tech Blog.
My own special version of Hush Little Baby.
Hush little baby, don’t say a word.
Daddy’s gonna buy you a mockingbird.If that mockingbird doesn’t sing,
daddy’s gonna buy you a golden ring.If that golden ring turns brass,
daddy’s gonna buy you a looking glass.If that looking glass does break,
daddy’s gonna buy you some roller skates.If those roller skates make you fall,
daddy’s gonna buy you a bouncy ball.
Update: This docker image is now available on the Docker Hub as linuturk/mono-choco.
Do you want to create Chocolatey packages but don’t want to run a Windows server? Use this Dockerfile to build Chocolatey and do your package development without a Windows system.
FROM mono:3.12.1
MAINTAINER Justin Phelps
RUN apt-get update && apt-get install -y wget unzip
WORKDIR /usr/local/src/choco
RUN wget https://github.com/chocolatey/choco/archive/stable.zip
RUN unzip stable.zip
RUN rm stable.zip
WORKDIR /usr/local/src/choco/choco-stable
RUN chmod +x build.sh
RUN chmod +x zip.sh
RUN ./build.sh
WORKDIR /usr/local/bin
RUN ln -s /usr/local/src/choco/choco-stable/build_output/chocolatey
COPY choco /usr/local/bin/choco
WORKDIR /root
In the same directory as the Dockerfile, place a file called choco with executable permissions. The content of this file should be:
A common problem with building multiple servers in the cloud is an intermittent failure in one build that can stop your entire deployment process. With the right retry logic you can avoid this problem with Ansible.
I’m using until to check the output from the rax module. Using the length Jinja2 filter, I can check if the correct number of instances have been created. This should retry the task 3 times with a delay of 5 seconds between attempts.
I was fortunate to receive a review copy of The Go Programming Language by Alan A. A. Donovan and Brian W. Kernighan. The following is my review of this book based on my limited experience with Golang.
I’m new to Go. I’ve only been through the excellent Tour of Go. This Tour gives you a great hands on trial of Go but leaves out some of the more complex topics that are covered by Donovan and Kernighan’s book. I’ve made it through Chapter 5 which covers functions in detail. The book is well written and fairly easy to read but the subject matter can get quite dense at times. It takes dedication to read and may require you to look up concepts or terminology.
I’ve done a search and there seem to be a large number of issues related to salt-ssh usability with non-root users. I’d like to understand more about the perceived use case from Salt’s perspective and give some feedback.
Perceived use case
salt-ssh seems to be an answer to Ansible and Fabric where the ssh transport from a single laptop is useful for a system administrator to maintain a smaller set of infrastructure. My use case would be running from a virtualenv after pip installing salt-ssh. I would typically create a folder for a set of infrastructure and states. If I was executing the command from this directory I expect salt-ssh to look in this working directory for things like rosters and configuration files. The next place would be a folder ~/.salt-ssh folder in my home directory. I would expect cache directories to be automatically created in that location. The final location would be the system wide settings in /etc/salt.
There are many variations and combinations of AWS products and services that lend the platform to great flexibility and customization. We work hard to evaluate these combinations and put forth a collection of best practices for our customers to follow. One of these best practices is the use of CloudFormation templates. My team maintains a series of standard CloudFormation templates for our customers to use. Part of that maintenance includes updating those templates and testing them for functionality.
I will be speaking at Texas Linux Fest this year. My talk will be about Consul, the service discovery tool from HashiCorp. I’m scheduled for Saturday, August 22nd at 1:30 PM in Room 3.
Talk Materials:
Here is the full schedule for the conference. Looking forward to seeing you there!
My ISP is less than reliable so I decided to automate my modem restarts. I’m using a Motorola SB6141 and I can access a web based interface at 192.168.100.1.
Using a combination of curl, grep, and sed, I was able to scrape the necessary pages to get information about the modem’s status. The script then checks the status and restarts the modem if it detects a fault. The script uses curl to GET a specific URL with the necessary parameters. This GET request triggers the modem’s restart.
Today I was a guest on Rackspace Cloud Office Hours talking about my recent Ansible Certified Engineer certification. There is a great article on the Rackspace Blog with a Recap.
Here is the recording of the Hangout:
My talk will be in the Audubon room on Wednesday, at 3:45 PM.
Materials:
- Salt States in this GitHub repository.
- Slides can be found at this location.
Here is the recording of my talk:
In this third installment of my No Hassle Blog Automation series, I remove the necessity for running any infrastructure of my own. Drone has been replaced with a hosted solution at CircleCI. Their support is amazing, and their circle.yml format made configuration easy. Take a look at the first and second installments of this series.
Requirements
There are a few requirements for this setup:
- Rackspace Cloud Account
- Cloud Files Container*
- Existing Pelican Blog
- GitHub Account
* This container should be configured to serve a static site.
My talk has been accepted to SaltConf 2015 this year. I will be in Salt Lake City March 3rd through March 5th. I’ll be speaking about my experience deploying WebPageTest with SaltStack. We’ll talk about the benefits and gotchas of WebPageTest and SaltStack during this presentation. You’ll also see copious amounts of stateful PowerShell being used. If you have ever tried using Salt to managed Windows machines, this talk is certainly a must see!
Due to the difficulty in maintaining a full Jenkins instance, I have revisited the blog automation issue and have replaced Jenkins with Drone. Making use of a tool like Drone greatly simplifies the setup process and lowers the barrier of entry for this type of project.
Requirements
There are a few requirements for this setup:
- Rackspace Cloud Account
- Existing Pelican Blog
- GitHub Account
- Linux Administration Knowledge
You should also read my original article.
Deploying Ansible Tower isn’t hard, but automating a server build and triggering the installation lowers the barrier of entry for trying out Tower. This article will describe the HEAT Template I’ve created to automate this process.
Anatomy of a HEAT Template
Templates are broken into several main sections. I’m going to describe each one of them so you fully understand the process. Follow along here: Ansible Tower HEAT Template
Description and Version
It is important that the Version information you specify matches the HEAT version in use. The description should describe the overall goal of the template.
Installing
Installing inventory plugins isn’t intuitive, and the documentation available on this process isn’t immediately clear. The instructions found on this page Ansible Documentation can be adapted for the Rackspace plugin.
It boils down to this for the Rackspace plugin:
- Grab the latest version of rax.py from the plugins/inventory folder on GitHub. Raw GitHub Link
- Place this file on your Ansible master. The location doesn’t matter that much, but convention says to put it in /etc/ansible/rax.py.
- Make this script executable by issuing chmod +x /etc/ansible/rax.py.
- As the user that runs Ansible, create the following file at ~/.rackspace_cloud_credentials: (Be sure to replace the appropriate values with your Rackspace username and apikey.)
[rackspace_cloud]
username = my_username
api_key = 01234567890abcdef
Target the rax.py script in your ansible run: ansible -i /etc/ansible/rax.py webserver -m ping
These instructions should be a nice and easy start to deploying Rackspace Cloud servers using the salt-cloud tool. Just follow along exactly, and at the end you should have a fully functional salt-cloud deployment tool.
Dependencies
I’m performing my installation on a Debian 7 (Wheezy) server, where my salt-master already exists. The following two commands should install salt-cloud, and all the necessary dependencies. This assumes you are already using the Python tool pip.
This article is in response to a request by Ryan Jung. Request your own article.
One of the disadvantages of using IRC over another chat medium is the lack of logging while you aren’t connected to the server. In this article, I will describe the process I used to implement logging for my favorite IRC channels.
The Environment
Pierc is my choice of logging bot for this article. It logs the contents of IRC channels to a MySQL instance, and presents an easy to use web interface.
This article is in response to a request by Shawn Laasch and Jordan Rinke. Request your topic today! This article will focus on Rackspace Cloud Load Balancers.
Cloud Load Balancers
Load balancing is performed by a device or service acting as a single endpoint to your application or site. This device then spreads the requests it receives across multiple back end nodes. There are benefits to using a load balancer in your configuration:
Following proper coding standards is important to ensure others can read and modify your code. I make use of the following tools when writing Python to ensure I am formatting my code properly.
Install Dependencies
Let’s start by installing a dependency of the Vim plugin we are going to use. The Flake8 module will be needed for our vim-flake8 setup. As root (or using sudo), run the following commands:
easy_install pip
pip install flake8
The first command installs the latest version of pip, a tool for installing and managing Python packages. The second command uses pip to install the flake8 package. Now let’s configure vim.
My initial draft of the cf_pyrax.py script used in my automation deleted all the contents of a Cloud Files container, and then re-uploaded this content. This process was inefficient and also caused issues loading the site while this process was running.
I have now updated this script to use the new sync_folder_to_container method from pyrax. This method was introduced to pyrax in this commit. Make sure you update your pyrax modules before using this new script.
When using yum-cron, you might want to receive email notifications when updates are applied. Here is how you enable these notifications for CentOS. This article assumes a properly configured mail service.
Installing yum-cron
Install yum-cron using the yum package manager:
yum install yum-cron
Configure yum-cron
Modify the /etc/sysconfig/yum-cron file and add your email address to the MAILTO line.
MAILTO=email@address.com
Be sure to read up on the other settings in this file. You can disable automatic updates and only have the system send the notification.
I’ve been using a tablet as a laptop replacement for the past week. These are my thoughts concerning my experiences with the current state of Android on a ThinkPad Tablet.
The feature of my typical Linux laptop I missed the most on Android were floating windows. Android makes you focus on a single task, for better or worse when considering your work flow. I often reference documentation and articles when I’m working on a new project or a complex issue. This work flow doesn’t carry over well to Android.
Managing a blog can be a hassle. Operating system updates, blog software updates, and server security take up tons of time. Don’t forget about scaling your blog if you get popular. Inspired by the Rackspace DevOps post on their new blog format, I’ve setup my own version using Pelican instead of Octopress.
Resources
This tutorial will assume you have two systems to manage your blog.
- Local Workstation
- Remote Server
The local workstation will be used to manage your blog posts, as well as uploading the content. This system will need git and Pelican installed.
I ran into an interesting problem today when installing the newly released Fedora 18. It was quite annoying, so I wanted to document it here.
Using the new installer, I configured my computer’s host name to subdomain.domain.com on the network setup page. After I finished the installation, I noticed my host name was still the default localhost.localdomain. I tried the usual tricks to set the host name, but all the following tactics failed:
The Battle for Wesnoth is a turn based strategy game that has unique and fun campaigns and great multiplayer maps. Playing on the official server is fun, but sometimes you’ll want a private server on which you and your close friends can play.
Installing the Server Software
Most popular Linux distributions have the wesnoth-server package available in their repositories. For this example, I’ll be installing this service on a machine running Fedora 17. To install the Wesnoth multiplayer service, run the following command as root on your machine.
Strong passwords are important, today more than ever. Clever passwords like “Password123”, “hunter2”, and just the letter “a” just won’t cut it anymore. How can someone create strong passwords, use a different one for every account they have, and still remember them all? KeePassX is the answer.
KeePassX
KeePassX is a password database. It allows you to create an encrypted database file to hold all of your passwords. You unlock this database with a single master password. Since you choose where to save this database file, this tool has an edge over cloud based password tools like LastPass. It also has tools that allow you to generate really secure and random passwords.
Everyone has a collection of documents and pictures that are important to them. Don’t make the mistake of not backing up these files.
I keep all of my music, pictures, and important files in Dropbox. You receive 2 GB of storage free (plus a small bump of free space if you use my referral link.) Once you install Dropbox and choose your folder location, make sure you put all of your important files in the Dropbox Folder.
IRC stands for Internet Relay Chat. Here is the first paragraph from the Wikipedia article on IRC:
Internet Relay Chat (IRC) is a protocol for real-time Internet text messaging (chat) or synchronous conferencing. It is mainly designed for group communication in discussion forums, called channels, but also allows one-to-one communication via private message as well as chat and data transfer, including file sharing.
Connecting to an IRC server isn’t hard. You just need the right IRC client, and a little bit of information.
I wrote this haiku as part of my Rookie Orientation at Rackspace:
Burning desire grows.
Smoldering embers ignite.
Show them your passion.