Tuesday, July 30, 2013

How to identify Python variable data types?

Here is a quick way to tell what type of variable you are working with in Python by using the type() function:

jemurray@dsg:~ $ python
Python 2.7.2 (default, Oct 11 2012, 20:14:37)
[GCC 4.2.1 Compatible Apple Clang 4.0 (tags/Apple/clang-418.0.60)] on darwin
Type "help", "copyright", "credits" or "license" for more information. 
>>> a = {}
>>> type(a)
>>> a = []
>>> type(a)
>>> a = ()
>>> type(a)
>>> a = ''
>>> type(a)

In many Python examples, the output is displayed something like this:

>>> print a
(1, 2, 3, 4)
If you didn't know what the () around the output meant, you can use the above example to figure it out.  

Tuesday, July 16, 2013

Puppet module to manage iptables?

I am looking for feedback on creating a module to manage iptables files on various Linux distributions with puppet.

I have a base design setup and working at: https://github.com/duxklr/iptables

The basics of the system so far is to:
  1. Use file templates to create a base iptables configuration that automatically gets pushed to all systems.   This will be contain the most basic rules that all servers should have.   
  2. Use an array to store additional host specific rules that will get processed by the template file.
    1. I selected a template/array style because our systems are all very one-off specific.   There is no good "grouping", service, module, etc way to categorize them.   

In the GIT repository above: 

You will find the .../templates/iptables-common-v4.erb which is the base file that all the iptables rules are built off of.  

In the .../manifests directory you will find a init.pp which is the heavy lifter in this case.   You will also find a file servers.pp.   This is the file that contains the host specific rules.   

The question I propose....  Is there a better way to manage the host specific rules?

I have looked into concat, but I don't see a elegant way to manage the very host specific rules that we have using this module.    If we have large amounts of servers that all preformed a similar function I can see this working very nicely.  

I have looked at all the other iptables modules in Puppet Forge, and none of them meet my individual needs.    


Friday, July 12, 2013

Puppet error: Error 400 on SERVER: Could not find class

After building a puppet module, I was receiving the following error:

jemurray@ubuntu:~$ puppet agent --test
err: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find class copyFile for ubuntu.example.com at /etc/puppet/manifests/site.pp:1 on node ubuntu.example.com
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run

The problem was the module directory name.   You can't have upper case.   Change the module name 'copyFile' from upper case to lower case 'copyfile' and try again:

jemurray@ubuntu:~$ sudo puppet agent --test
[sudo] password for jemurray:
info: Caching catalog for ubuntu.example.com
info: Applying configuration version '1373689458'
notice: Finished catalog run in 0.03 seconds

Reference site here

Thursday, July 11, 2013

The July Technology for a Good Cause Donation

This is the first post of my monthly series, "Donations for a good technology cause".

For years, I have donated monthly to the OpenBSD foundation.   Specifically to fund the OpenSSH project.   SSH is is a tool I use every single day for work and play.   Probably one of the most useful pieces of software ever written.   I had a automatic monthly donation setup and everything was well.   Until, someone stole my credit card.   All my automatic payments got messed up.  When I tried to renew my OpenBSD subscription it didn't work.   At this point I figured other projects could use my help.   So now instead of only helping one organization, I am going to help a new project per month.  

This months donation goes to the Tor project.   I have been using Tor for many years.   I run a Tor exit node on the spare bandwidth from my Linode.

With all the media press about Internet privacy lately, I figured this was a good month to highlight this cause.  I think Bruce Schneier summed it up nicely, read the article (it is sort)...

If you are feeling generous don't a few bucks, or better yet run a Tor exit node.