Tech
Docker Compose
I use Traefik as my reverse proxy. Here is a snippet of my Docker Compose file for Mastodon:
######################
# Mastodon #
######################
mastodon-db:
image: postgres:14-alpine
container_name: mastodon-db
shm_size: 256mb
environment:
- UID=${PUID}
- GID=${PGID}
- TZ=${TZ}
- POSTGRES_HOST_AUTH_METHOD=trust
volumes:
- /root/docker/appdata/mastodon/dbdata:/var/lib/postgresql/data
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped
mastodon-redis:
image: redis:7-alpine
container_name: mastodon-redis
environment:
- UID=${PUID}
- GID=${PGID}
- TZ=${TZ}
volumes:
- /root/docker/appdata/mastodon/redis:/data
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped
mastodon-web:
image: tootsuite/mastodon
container_name: mastodon-web
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
env_file:
- .mastodon.env
environment:
- UID=${PUID}
- GID=${PGID}
- TZ=${TZ}
volumes:
- /root/docker/appdata/mastodon/public/system:/mastodon/public/system
labels:
- "traefik.enable=true"
- "traefik.http.routers.mastodon-web.rule=Host(`toot.onitato.com`)"
- "traefik.http.routers.mastodon-web.entrypoints=https"
- "traefik.http.routers.mastodon-web.tls=true"
- "traefik.http.routers.mastodon-web.tls.certresolver=letsencrypt"
- "traefik.http.routers.mastodon-web.middlewares=authelia@docker"
- "com.centurylinklabs.watchtower.enable=true"
ports:
- "3000:3000"
restart: unless-stopped
depends_on:
- traefik
- mastodon-redis
- mastodon-db
mastodon-streaming:
image: tootsuite/mastodon
container_name: mastodon-streaming
command: node ./streaming
env_file:
- .mastodon.env
environment:
- UID=${PUID}
- GID=${PGID}
- TZ=${TZ}
labels:
- "traefik.enable=true"
- "traefik.http.services.mastodon-web.loadbalancer.server.port=4000"
- "traefik.http.routers.mastodon-streaming.rule=(Host(`toot.onitato.com`) && PathPrefix(`/api/v1/streaming`))"
- "traefik.http.routers.mastodon-streaming.entrypoints=https"
- "traefik.http.routers.mastodon-streaming.tls=true"
- "traefik.http.routers.mastodon-streaming.tls.certresolver=letsencrypt"
- "traefik.http.routers.mastodon-streaming.middlewares=authelia@docker"
- "com.centurylinklabs.watchtower.enable=true"
ports:
- "4000:4000"
restart: unless-stopped
depends_on:
- traefik
- mastodon-redis
- mastodon-db
mastodon-sidekiq:
image: tootsuite/mastodon
container_name: mastodon-sidekiq
command: bundle exec sidekiq
env_file:
- .mastodon.env
environment:
- UID=${PUID}
- GID=${PGID}
- TZ=${TZ}
volumes:
- /root/docker/appdata/mastodon/public/system:/mastodon/public/system
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: unless-stopped
depends_on:
- mastodon-redis
- mastodon-db
mastodon.env
mastodon.env was generated using these instructions:
I had an article published on the Netflix Tech Blog.
Update: This docker image is now available on the Docker Hub as linuturk/mono-choco.
Do you want to create Chocolatey packages but don’t want to run a Windows server? Use this Dockerfile to build Chocolatey and do your package development without a Windows system.
FROM mono:3.12.1
MAINTAINER Justin Phelps
RUN apt-get update && apt-get install -y wget unzip
WORKDIR /usr/local/src/choco
RUN wget https://github.com/chocolatey/choco/archive/stable.zip
RUN unzip stable.zip
RUN rm stable.zip
WORKDIR /usr/local/src/choco/choco-stable
RUN chmod +x build.sh
RUN chmod +x zip.sh
RUN ./build.sh
WORKDIR /usr/local/bin
RUN ln -s /usr/local/src/choco/choco-stable/build_output/chocolatey
COPY choco /usr/local/bin/choco
WORKDIR /root
In the same directory as the Dockerfile, place a file called choco with executable permissions. The content of this file should be:
A common problem with building multiple servers in the cloud is an intermittent failure in one build that can stop your entire deployment process. With the right retry logic you can avoid this problem with Ansible.
I’m using until to check the output from the rax module. Using the length Jinja2 filter, I can check if the correct number of instances have been created. This should retry the task 3 times with a delay of 5 seconds between attempts.
There are many variations and combinations of AWS products and services that lend the platform to great flexibility and customization. We work hard to evaluate these combinations and put forth a collection of best practices for our customers to follow. One of these best practices is the use of CloudFormation templates. My team maintains a series of standard CloudFormation templates for our customers to use. Part of that maintenance includes updating those templates and testing them for functionality.
My ISP is less than reliable so I decided to automate my modem restarts. I’m using a Motorola SB6141 and I can access a web based interface at 192.168.100.1.
Using a combination of curl, grep, and sed, I was able to scrape the necessary pages to get information about the modem’s status. The script then checks the status and restarts the modem if it detects a fault. The script uses curl to GET a specific URL with the necessary parameters. This GET request triggers the modem’s restart.
In this third installment of my No Hassle Blog Automation series, I remove the necessity for running any infrastructure of my own. Drone has been replaced with a hosted solution at CircleCI. Their support is amazing, and their circle.yml format made configuration easy. Take a look at the first and second installments of this series.
Requirements
There are a few requirements for this setup:
- Rackspace Cloud Account
- Cloud Files Container*
- Existing Pelican Blog
- GitHub Account
* This container should be configured to serve a static site.
Due to the difficulty in maintaining a full Jenkins instance, I have revisited the blog automation issue and have replaced Jenkins with Drone. Making use of a tool like Drone greatly simplifies the setup process and lowers the barrier of entry for this type of project.
Requirements
There are a few requirements for this setup:
- Rackspace Cloud Account
- Existing Pelican Blog
- GitHub Account
- Linux Administration Knowledge
You should also read my original article.
Deploying Ansible Tower isn’t hard, but automating a server build and triggering the installation lowers the barrier of entry for trying out Tower. This article will describe the HEAT Template I’ve created to automate this process.
Anatomy of a HEAT Template
Templates are broken into several main sections. I’m going to describe each one of them so you fully understand the process. Follow along here: Ansible Tower HEAT Template
Description and Version
It is important that the Version information you specify matches the HEAT version in use. The description should describe the overall goal of the template.
Installing
Installing inventory plugins isn’t intuitive, and the documentation available on this process isn’t immediately clear. The instructions found on this page Ansible Documentation can be adapted for the Rackspace plugin.
It boils down to this for the Rackspace plugin:
- Grab the latest version of rax.py from the plugins/inventory folder on GitHub. Raw GitHub Link
- Place this file on your Ansible master. The location doesn’t matter that much, but convention says to put it in /etc/ansible/rax.py.
- Make this script executable by issuing chmod +x /etc/ansible/rax.py.
- As the user that runs Ansible, create the following file at ~/.rackspace_cloud_credentials: (Be sure to replace the appropriate values with your Rackspace username and apikey.)
[rackspace_cloud]
username = my_username
api_key = 01234567890abcdef
Target the rax.py script in your ansible run: ansible -i /etc/ansible/rax.py webserver -m ping
These instructions should be a nice and easy start to deploying Rackspace Cloud servers using the salt-cloud tool. Just follow along exactly, and at the end you should have a fully functional salt-cloud deployment tool.
Dependencies
I’m performing my installation on a Debian 7 (Wheezy) server, where my salt-master already exists. The following two commands should install salt-cloud, and all the necessary dependencies. This assumes you are already using the Python tool pip.
This article is in response to a request by Ryan Jung. Request your own article.
One of the disadvantages of using IRC over another chat medium is the lack of logging while you aren’t connected to the server. In this article, I will describe the process I used to implement logging for my favorite IRC channels.
The Environment
Pierc is my choice of logging bot for this article. It logs the contents of IRC channels to a MySQL instance, and presents an easy to use web interface.
This article is in response to a request by Shawn Laasch and Jordan Rinke. Request your topic today! This article will focus on Rackspace Cloud Load Balancers.
Cloud Load Balancers
Load balancing is performed by a device or service acting as a single endpoint to your application or site. This device then spreads the requests it receives across multiple back end nodes. There are benefits to using a load balancer in your configuration:
Following proper coding standards is important to ensure others can read and modify your code. I make use of the following tools when writing Python to ensure I am formatting my code properly.
Install Dependencies
Let’s start by installing a dependency of the Vim plugin we are going to use. The Flake8 module will be needed for our vim-flake8 setup. As root (or using sudo), run the following commands:
easy_install pip
pip install flake8
The first command installs the latest version of pip, a tool for installing and managing Python packages. The second command uses pip to install the flake8 package. Now let’s configure vim.
My initial draft of the cf_pyrax.py script used in my automation deleted all the contents of a Cloud Files container, and then re-uploaded this content. This process was inefficient and also caused issues loading the site while this process was running.
I have now updated this script to use the new sync_folder_to_container method from pyrax. This method was introduced to pyrax in this commit. Make sure you update your pyrax modules before using this new script.
When using yum-cron, you might want to receive email notifications when updates are applied. Here is how you enable these notifications for CentOS. This article assumes a properly configured mail service.
Installing yum-cron
Install yum-cron using the yum package manager:
yum install yum-cron
Configure yum-cron
Modify the /etc/sysconfig/yum-cron file and add your email address to the MAILTO line.
MAILTO=email@address.com
Be sure to read up on the other settings in this file. You can disable automatic updates and only have the system send the notification.
Managing a blog can be a hassle. Operating system updates, blog software updates, and server security take up tons of time. Don’t forget about scaling your blog if you get popular. Inspired by the Rackspace DevOps post on their new blog format, I’ve setup my own version using Pelican instead of Octopress.
Resources
This tutorial will assume you have two systems to manage your blog.
- Local Workstation
- Remote Server
The local workstation will be used to manage your blog posts, as well as uploading the content. This system will need git and Pelican installed.
The Battle for Wesnoth is a turn based strategy game that has unique and fun campaigns and great multiplayer maps. Playing on the official server is fun, but sometimes you’ll want a private server on which you and your close friends can play.
Installing the Server Software
Most popular Linux distributions have the wesnoth-server package available in their repositories. For this example, I’ll be installing this service on a machine running Fedora 17. To install the Wesnoth multiplayer service, run the following command as root on your machine.
Strong passwords are important, today more than ever. Clever passwords like “Password123”, “hunter2”, and just the letter “a” just won’t cut it anymore. How can someone create strong passwords, use a different one for every account they have, and still remember them all? KeePassX is the answer.
KeePassX
KeePassX is a password database. It allows you to create an encrypted database file to hold all of your passwords. You unlock this database with a single master password. Since you choose where to save this database file, this tool has an edge over cloud based password tools like LastPass. It also has tools that allow you to generate really secure and random passwords.
Everyone has a collection of documents and pictures that are important to them. Don’t make the mistake of not backing up these files.
I keep all of my music, pictures, and important files in Dropbox. You receive 2 GB of storage free (plus a small bump of free space if you use my referral link.) Once you install Dropbox and choose your folder location, make sure you put all of your important files in the Dropbox Folder.
IRC stands for Internet Relay Chat. Here is the first paragraph from the Wikipedia article on IRC:
Internet Relay Chat (IRC) is a protocol for real-time Internet text messaging (chat) or synchronous conferencing. It is mainly designed for group communication in discussion forums, called channels, but also allows one-to-one communication via private message as well as chat and data transfer, including file sharing.
Connecting to an IRC server isn’t hard. You just need the right IRC client, and a little bit of information.